WGU Course C845 - Information Systems Security (SSCP) Quizlet by Brian MacFarlane

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What does it mean to say that sensitivity labels are "incomparable"? A. The number of classification in the two labels is different. B. Neither label contains all the classifications of the other. C. the number of categories in the two labels are different. D. Neither label contains all the categories of the other.

D

What does the (star) integrity axiom mean in the Biba model? A. No read up B. No write down C. No read down D. No write up

D

What form of alternate processing site may allow for testing prior to a disaster without significant expense or hassle and can be used to support organizations with needs for on-site space for workers and housing of equipment? A Cloud services B Cold site C Reciprocal agreement D Warm site

D

What form of social engineering tricks a victim into contacting the attacker to ask for technical support? A Impersonation B MAC spoofing C Scarcity D Reverse social engineering

D

What is a decrease in amplitude as a signal propagates along a transmission medium best known as? A. Crosstalk B. Noise C. Delay distortion D. Attenuation

D

What is a packet sniffer? A. It tracks network connections to off-site locations. B. It monitors network traffic for illegal packets. C. It scans network segments for cabling faults. D. It captures network traffic for later analysis.

D

What is a primary goal of security in an organization? A Mitigate the possibility of the use of malware B Eliminate risk C Maintain the organizations network operations D Enforce and maintain the AIC objectives

D

What is a typical commercial or business information classification scheme? A Unclassified, business casual, confidential B Unclassified, sensitive but unclassified, secret, and top secret C Public, sensitive but unclassified, confidential, secret, and top secret D Public, confidential, sensitive

D

What is called an event or activity that has the potential to cause harm to the information systems or networks? A. Vulnerability B. Threat agent C. Weakness D. Threat

D

What is defined as inference of information from other, intermediate, relevant facts? A. Secondary evidence B. Conclusive evidence C. Hearsay evidence D. Circumstantial evidence

D

What is electronic vaulting? A. Information is backed up to tape on a hourly basis and is stored in a on-site vault. B. Information is backed up to tape on a daily basis and is stored in a on-site vault. C. Transferring electronic journals or transaction logs to an off-site storage facility D. A transfer of bulk information to a remote central backup facility.

D

What is the Maximum Tolerable Downtime (MTD)? A. Maximum elapsed time required to complete recovery of application data B. Minimum elapsed time required to complete recovery of application data C. Maximum elapsed time required to move back to primary site after a major disruption D. It is maximum delay businesses can tolerate and still remain viable

D

What is the PRIMARY goal of incident handling? A. Successfully retrieve all evidence that can be used to prosecute B. Improve the company's ability to be prepared for threats and disasters C. Improve the company's disaster recovery plan D. Contain and repair any damage caused by an event.

D

What is the correct description of a certificate? A A certificate contains the owner's symmetric key. B A certificate always contains a user's key. C A certificate contains the owner's private key. D A certificate contains the owner's public key.

D

What is the default port for TLS encrypted SMTP? A 80 B 25 C 443 D 465

D

What is the fourth layer of the OSI model? A Session B Host-to-host C Network D Transport

D

What is the main distinction between an incident response plan and a disaster response plan? A One is used to recover from intrusions, while the other is used to recover from malicious code infections. B One prevents harm, while the other deters harm. C One seeks to detect attacks, while the other seeks to record details of an attack. D One focuses on protecting assets from being harmed, while the other focuses on restoring assets after harm has occurred.

D

What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles? A Weekly B Monthly C Semiannually D Annually

D

What is the name of a physical security mechanism that is used to eliminate piggybacking and tailgating and includes two locked doorways? A Turnstile B Bollard C Access badge checkpoint D Mantrap

D

What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A. Clark and Wilson Model B. Harrison-Ruzzo-Ullman Model C. Rivest and Shamir Model D. Bell-LaPadula Model

D

What is the primary goal of setting up a honeypot? A. To lure hackers into attacking unused systems B. To entrap and track down possible hackers C. To set up a sacrificial lamb on the network D. To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.

D

What is the purpose of the lessons learned step of an incident handling process? A to ensure senior management is aware of the incident B to bring in more personnel to handle an incident C to prove that an event is an incident D to help personnel learn from incidents

D

What is the type of access control in the default access control method found in Microsoft Windows which allows users to share files? A Mandatory access control B Rule-based access control C Sensitivity-based access control D Discretionary access control

D

What is user entitlement? A The level of privilege assigned to administrative accounts B The default level of access given to users by the operating system C The privileges inherited by a user D The rights and privileges assigned to a user

D

What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits

D

What layer of the ISO/OSI model do routers normally operate at? A. Data link layer B. Session layer C. Transport layer D. Network layer

D

What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm

D

What must every policy possess in order to be successfully implemented? A Scope and statements from stakeholders B An enforcement provision C Controls and procedures statement D Senior executive endorsement

D

What type of access control is typically the first line of defense? A Logical B Technical C Administrative D Physical

D

What type of access controls allow the owner of a file to grant other users access to it using an access control list? A Role-based B Nondiscretionary C Rule-based D Discretionary

D

What type of attack involves IP spoofing, ICMP ECHO and a bounce site? A. IP spoofing attack B. Teardrop attack C. SYN attack D. Smurf attack

D

What type of log file is shown in this figure? A A Application B Web server C System D Firewall

D

What version of AES is used by WPA-2? A DHCP B TLS C RSA D CCMP

D

When an application or system allows a logged-in user to perform specific actions, it is an example of what? A Roles B Group management C Logins D Authorization

D

When considering a disaster which of the following is not a commonly accepted definition? A A suddenly occurring event that has a long-term negative impact on major IT infrastructure B An emergency that is beyond the normal response resources of the enterprise C An occurrence or imminent threat to the enterprise of widespread or severe damage, injury, loss of life, or loss of property D An occurrence that is outside the normal functional baselines

D

When designing end-user training to teach employees about using cryptography within business tasks, which of the following is an important element to include? A The electricity cost of encryption B The means of adding additional entropy to the randomness seeds C Key destruction D The consequences of failing to encrypt

D

When network access control (NAC) determines that a system lacks specific configuration settings or is missing a required update, what should occur? A Promotion B Restoration C Revocation D Quarantine

D

Which OSI/ISO layers are TCP and UDP implemented at? A. Application layer B. Presentation layer C. Session layer D. Transport layer

D

Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged? A. Full backup method B. Incremental backup method C. Fast backup method D. Differential backup method

D

Which best describes a multiple-person technique for use to recover a corrupted key? A Separation of duties B Multiple-key agent rule C Staged multiple interaction D M of N

D

Which cable technology refers to the CAT3 and CAT5 categories? A. Coaxial cables B. Fiber Optic cables C. Axial cables D. Twisted Pair cables

D

Which choice is not a common means of gathering information when performing a risk analysis? A Reviewing existing policy documents B Distributing a multi-page form C Utilizing automated risk poling tools D Interviewing fired employees

D

Which concept or technology can be used to improve the security of password hashes? A Breaking up the password into blocks B Using an initialization vector C Using longer key lengths with fewer rounds D Salting before crafting the hash digest

D

Which cryptography concept is based on trap-door, one-way functions? A Hashing B Steganography C Symmetric D Asymmetric

D

Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model? A. Bridge B. Repeater C. Router D. Gateway

D

Which disaster recovery plan test involves functional representatives meeting to review the plan in detail? A. Simulation test B. Checklist test C. Parallel test D. Structured walk-through test

D

Which expert system operating mode allows determining if a given hypothesis is valid? A. Blackboard B. Lateral chaining C. Forward chaining D. Backward chaining

D

Which layer of the TCP/IP protocol model would best correspond to the OSI/ISO model's network layer? A. Network access layer B. Application layer C. Host-to-host transport layer D. Internet layer

D

Which most accurately describes a safeguard? A Weakness in internal controls that could be exploited by a threat or a threat agent B A control designed to warn of an attack C Potential for a source to exploit a categorized vulnerability D Controls put in place to provide some amount of protection for an asset

D

Which most closely depicts the difference between qualitative and quantitative risk analysis? A A quantitative risk analysis results in subjective high, medium, or low results. B A quantitative risk analysis cannot be automated. C A quantitative risk analysis does not use the hard cost of losses; a qualitative risk analysis does. D A quantitative risk analysis makes use of real numbers.

D

Which of the following BCP tests is discussion-based? A functional exercise B test to restore a database server C test to restore a backup D tabletop exercise

D

Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality? A. Network redundancy translation B. Load balancing translation C. Dynamic translation D. Static translation

D

Which of the following access control models introduces user security clearance and data classification? A. Role-based access control B. Discretionary access control C. Non-discretionary access control D. Mandatory access control

D

Which of the following access control models requires security clearance for subjects? A. Identity-based access control B. Role-based access control C. Discretionary access control D. Mandatory access control

D

Which of the following are not Remote Access concerns? A. Justification for remote access B. Auditing of activities C. Regular review of access privileges D. Access badges

D

Which of the following are the two MOST common implementations of Intrusion DetectionSystems? A. Server-based and Host-based. B. Network-based and Guest-based. C. Network-based and Client-based. D. Network-based and Host-based.

D

Which of the following best defines add-on security? A. Physical security complementing logical security measures. B. Protection mechanisms implemented as an integral part of an information system. C. Layer security. D. Protection mechanisms implemented after an information system has become operational.

D

Which of the following best describes a federated relationship? A HIPAA patient privacy requirements for healthcare providers B The airline industry C Numerous franchises in a geographical area D Third-party companies and their networks share customer data based upon a single sign-on to a primary organization

D

Which of the following best describes an endpoint device? A Switch B Bridge C Router D Computer printer

D

Which of the following best describes remote journaling? A. Send hourly tapes containing transactions off-site. B. Send daily tapes containing transactions off-site. C. Real-time capture of transactions to multiple storage devices. D. Real time transmission of copies of the entries in the journal of transactions to an alternate site.

D

Which of the following biometric characteristics cannot be used to uniquely authenticate an individual's identity? A. Retina scans B. Iris scans C. Palm scans D. Skin scans

D

Which of the following can best define the "revocation request grace period"? A. The period of time allotted within which the user must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation request and the publication of the revocation information

D

Which of the following clearance levels or classification labels is not generally used in a government- or military-based MAC scheme? A Unclassified B Confidential C Top Secret D Proprietary

D

Which of the following computer recovery sites is the least expensive and the most difficult to test? A. non-mobile hot site B. mobile hot site C. warm site D. cold site

D

Which of the following describes a technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind? A. Multitasking B. Multiprogramming C. Pipelining D. Multiprocessing

D

Which of the following does NOT use token-passing? A. ARCnet B. FDDI C. Token-ring D. IEEE 802.3

D

Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)

D

Which of the following elements of telecommunications is not used in assuring confidentiality? A. Network security protocols B. Network authentication services C. Data encryption services D. Passwords

D

Which of the following groups represents the leading source of computer crime losses? A. Hackers B. Industrial saboteurs C. Foreign intelligence officers D. Employees

D

Which of the following identifies the encryption algorithm selected by NIST for the newAdvanced Encryption Standard? A. Twofish B. Serpent C. RC6 D. Rijndael

D

Which of the following is NOT a characteristic or shortcoming of packet filtering gateways? A. The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network. B. They don't protect against IP or DNS address spoofing. C. They do not support strong user authentication. D. They are appropriate for medium-risk environment.

D

Which of the following is NOT a common category/classification of threat to an IT system? A. Human B. Natural C. Technological D. Hackers

D

Which of the following is NOT a common integrity goal? A. Prevent unauthorized users from making modifications. B. Maintain internal and external consistency. C. Prevent authorized users from making improper modifications. D. Prevent paths that could lead to inappropriate disclosure.

D

Which of the following is NOT a defined ISO basic task related to network management? A. Fault management B. Accounting resources C. Security management D. Communications management

D

Which of the following is NOT a fundamental component of an alarm in an intrusion detection system? A. Communications B. Enunciator C. Sensor D. Response

D

Which of the following is NOT a means to implement a Denial of Service (DoS) attack? A Initiate a firmware update, and then interrupt the process. B Make numerous repeated requests for bulky resources. C Transmit significant volumes of random traffic to a target. D Send dozens of email solicitation messages to an organization.

D

Which of the following is NOT a method by which devices are assigned to VLAN network segments? A MAC address B Switch port configuration C Mimicking IP subnet configuration D Transport-layer port assignment

D

Which of the following is NOT a part of a risk analysis? A. Identify risks B. Quantify the impact of potential threats C. Provide an economic balance between the impact of the risk and the cost of the associated countermeasure D. Choose the best countermeasure

D

Which of the following is NOT an asymmetric key algorithm? A. RSA B. Elliptic Curve Cryptosystem (ECC) C. El Gamal D. Data Encryption System (DES)

D

Which of the following is NOT part of the Kerberos authentication protocol? A. Symmetric key cryptography B. Authentication service (AS) C. Principals D. Public Key

D

Which of the following is NOT true concerning Application Control? A. It limits end users use of applications in such a way that only particular screens are visible. B. Only specific records can be requested through the application controls C. Particular usage of the application can be recorded for audit purposes D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved

D

Which of the following is a poor choice for secure password management? A Use auditing tools to test password strength. B Create long and complex passwords. C Never share passwords. D Use the default password.

D

Which of the following is a tenant of the (ISC)2 Code Of Ethics? A Security is constrained by societal factors. B Do not waste resources. C Do not bear false witness. D Act honorably, honestly, justly, responsibly, and legally.

D

Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards? A. Certification B. Declaration C. Audit D. Accreditation

D

Which of the following is covered under Crime Insurance Policy Coverage? A. Inscribed, printed and Written documents B. Manuscripts C. Accounts Receivable D. Money and Securities

D

Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY

D

Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product? A. Estimating the cost of the changes requested B. Recreating and analyzing the problem C. Determining the interface that is presented to the user D. Establishing the priorities of requests

D

Which of the following is most affected by denial-of-service (DOS) attacks? A. Confidentiality B. Integrity C. Accountability D. Availability

D

Which of the following is most appropriate to notify an internal user that session monitoring is being conducted? A. Logon Banners B. Wall poster C. Employee Handbook D. Written agreement

D

Which of the following is not a component of a Operations Security "triples"? A. Asset B. Threat C. Vulnerability D. Risk

D

Which of the following is not a preventive operational control? A. Protecting laptops, personal computers and workstations. B. Controlling software viruses. C. Controlling data media access and disposal. D. Conducting security awareness and technical training.

D

Which of the following is not a responsibility of an information (data) owner? A. Determine what level of classification the information requires. B. Periodically review the classification assignments against business needs. C. Delegate the responsibility of data protection to data custodians. D. Running regular backups and periodically testing the validity of the backup data.

D

Which of the following is not a security goal for remote access? A. Reliable authentication of users and systems B. Protection of confidential data C. Easy to manage access control to systems and network resources D. Automated login for remote users

D

Which of the following is not a two-factor authentication mechanism? A. Something you have and something you know. B. Something you do and a password. C. A smartcard and something you are. D. Something you know and a password.

D

Which of the following is not an example of a block cipher? A. Skipjack B. IDEA C. Blowfish D. RC4

D

Which of the following is related to physical security and is not considered a technical control? A. Access control Mechanisms B. Intrusion Detection Systems C. Firewalls D. Locks

D

Which of the following is required in order to provide accountability? A. Authentication B. Integrity C. Confidentiality D. Audit trails

D

Which of the following is the BEST way to detect software license violations? A. Implementing a corporate policy on copyright infringements and software use. B. Requiring that all PCs be diskless workstations. C. Installing metering software on the LAN so applications can be accessed through the metered software. D. Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.

D

Which of the following is the best example of a threat agent? A A poor configuration in the authentication system B A zero-day attack C A flaw in the source code of a firewall D A disgruntled employee

D

Which of the following is the best reason for the use of an automated risk analysis tool? A. Much of the data gathered during the review cannot be reused for subsequent analysis. B. Automated methodologies require minimal training and knowledge of risk analysis. C. Most software tools have user interfaces that are easy to use and does not require any training. D. Information gathering would be minimized and expedited due to the amount of information already built into the tool.

D

Which of the following is the most correct in a digitally signed message transmission using a hash function? A The hash and the message are encrypted by the receiver's private key. B The hash and the message are encrypted by the receiver's public key. C The sender's public key encrypts the message. D The sender's private key encrypts the hash.

D

Which of the following is the primary reason why a user would choose a dial-up modem connection to the Internet when they have a faster, secure Internet connection through the organization's network? A. To access web sites that blocked by the organization's proxy server. B. To set up public services using the organization's resources. C. To check their personal e-mail. D. To circumvent the organization's security policy.

D

Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes? A. Carrier sense multiple access with collision avoidance (CSMA/CA) B. Carrier sense multiple access with collision detection (CSMA/CD) C. Polling D. Token-passing

D

Which of the following offers the highest bandwidth and fiber-optic transmissions? A Plastic optical fiber B Single-mode C Dual-mode D Multimode

D

Which of the following phases of a software development life cycle normally addresses DueCare and Due Diligence? A. Implementation B. System feasibility C. Product design D. Software plans and requirements

D

Which of the following provides one-way encryption? A Steganography B RSA C RC4 D SHA-3

D

Which of the following provides the best definition of a network-based firewall? A provides protection for systems by blocking malicious traffic from reaching individual hosts B uses both packet filtering and application filtering C provides only packet filtering D provides protection for a network by filtering and blocking malicious traffic from coming from the internet

D

Which of the following provides the best definition of risk? A vulnerability that can result in the loss B threat that can result in the loss C the probability or likelihood of a vulnerability exploding a threat and resulting in the loss D the probability or likelihood of a threat exploiting a vulnerability and resulting in the loss

D

Which of the following security models does NOT concern itself with the flow of data? A. The information flow model B. The Biba model C. The Bell-LaPadula model D. The noninterference model

D

Which of the following statements best describes Kerberos? A A federation of third-party suppliers that use a single sign-on B A method of sharing information between network resources C A method of maintaining network usage integrity D An authentication, single sign-on protocol

D

Which of the following statements is not accurate? A Risk is managed by periodically reviewing the risk and taking responsible actions based on the risk. B Risk is controlled through the application of safeguards and countermeasures. C Risk is identified and measured by performing a risk analysis. D All risks can be totally eliminated through risk management.

D

Which of the following statements is true about data encryption as a method of protecting data? A. It should sometimes be used for password files B. It is usually easily administered C. It makes few demands on system resources D. It requires careful key management

D

Which of the following statements pertaining to RADIUS is incorrect: A. A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains. B. Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy. C. Most RADIUS servers have built-in database connectivity for billing and reporting purposes. D. Most RADIUS servers can work with DIAMETER servers.

D

Which of the following statements pertaining to disaster recovery is incorrect? A. A recovery team's primary task is to get the pre-defined critical business functions at the alternate backup processing site. B. A salvage team's task is to ensure that the primary site returns to normal processing conditions. C. The disaster recovery plan should include how the company will return from the alternate site to the primary site. D. When returning to the primary site, the most critical applications should be brought back first.

D

Which of the following statements pertaining to packet filtering is incorrect? A. It is based on ACLs. B. It is not application dependant. C. It operates at the network layer. D. It keeps track of the state of a connection.

D

Which of the following statements pertaining to protection rings is false? A. They provide strict boundaries and definitions on what the processes that work within each ring can access. B. Programs operating in inner rings are usually referred to as existing in a privileged mode. C. They support the CIA triad requirements of multitasking operating systems. D. They provide users with a direct access to peripherals

D

Which of the following statements pertaining to quantitative risk analysis is false? A. Portion of it can be automated B. It involves complex calculations C. It requires a high volume of information D. It requires little experience to apply

D

Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property? A. It allows "read up." B. It addresses covert channels. C. It addresses management of access controls. D. It allows "write up."

D

Which of the following statements pertaining to the security kernel is incorrect? A. The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept. B. The security kernel must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof. C. The security kernel must be small enough to be able to be tested and verified in a complete and comprehensive manner. D. The security kernel is an access control concept, not an actual physical component.

D

Which of the following steps should be one of the first step performed in a Business ImpactAnalysis (BIA)? A. Identify all CRITICAL business units within the organization. B. Evaluate the impact of disruptive events. C. Estimate the Recovery Time Objectives (RTO). D. Identify and Prioritize Critical Organization Functions

D

Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses? A. Digital Video Tape (DVT). B. Digital Analog Tape (DAT). C. Digital Voice Tape (DVT). D. Digital Audio Tape (DAT).

D

Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)? A. Calculate the risk for each different business function. B. Identify the company's critical business functions. C. Calculate how long these functions can survive without these resources. D. Develop a mission statement.

D

Which of the following transmission media would NOT be affected by cross talk or interference? A. Copper cable B. Radio System C. Satellite radiolink D. Fiber optic cables

D

Which of the following virus types changes some of its characteristics as it spreads? A. Boot Sector B. Parasitic C. Stealth D. Polymorphic

D

Which of the following would NOT violate the Due Diligence concept? A. Security policy being outdated B. Data owners not laying out the foundation of data protection C. Network administrator not taking mandatory two-week vacation as planned D. Latest security patches for servers being installed as per the Patch Management process

D

Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court? A. It must prove a fact that is immaterial to the case. B. Its reliability must be proven. C. The process for producing it must be documented and repeatable. D. The chain of custody of the evidence must show who collected, secured, controlled, handled, transported the evidence, and that it was not tampered with.

D

Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate? A. The project will be completed late. B. The project will exceed the cost estimates. C. The project will be incompatible with existing systems. D. The project will fail to meet business and user needs.

D

Which of the following would be used to detect and correct errors so that integrity and confidentiality of transactions over networks may be maintained while preventing unauthorize interception of the traffic? A. Information security B. Server security C. Client security D. Communications security

D

Which of the following would constitute the best example of a password to use for access to a system by a network administrator? A. holiday B. Christmas12 C. Jenny D. GyN19Za!

D

Which one of the following factors is NOT one on which Authentication is based? A. Type 1. Something you know, such as a PIN or password B. Type 2. Something you have, such as an ATM card or smart card C. Type 3. Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan D. Type 4. Something you are, such as a system administrator or security administrator

D

Which one of the following is NOT one of the canons of the (ISC)2 Code of Ethics? A Protect society, the common good, necessary public trust and confidence, and the infrastructure. B Act honorably, honestly, justly, responsibly, and legally. C Provide diligent and competent service to principals. D Maintain competent records of all investigations and assessments

D

Which one of the following is not a mode of operation for the Data Encryption Standard? A CBC B CFB C OFB D AES

D

Which one of the following refers to high-level documents used to provide direction with an organization? A procedures B guidelines C rules D policies

D

Which one of the following statements about the advantages and disadvantages of network-based Intrusion detection systems is true A. Network-based IDSs are not vulnerable to attacks. B. Network-based IDSs are well suited for modern switch-based networks. C. Most network-based IDSs can automatically indicate whether or not an attack was successful. D. The deployment of network-based IDSs has little impact upon an existing network.

D

Which option is not part of the prevention primary security category? A Placing a padlock on a fence B Using guard dogs instead of security guards C Using virus protection software on all users' machines D Using an alternate site after a disaster

D

Which protocol is used to send email? A. File Transfer Protocol (FTP). B. Post Office Protocol (POP). C. Network File System (NFS). D. Simple Mail Transfer Protocol (SMTP).

D

Which routing protocol makes routing and forwarding decisions based on a metric derived from the number of other routes that than must be crossed to reach a destination? A OSPF B BGP C ISIS D RIP

D

Which statement is not correct about safeguard selection in the risk analysis process? A It is most common to consider the cost effectiveness of the safeguard. B Total cost of ownership (TCO) needs to be included in determining the total cost of the safeguard. C Several criteria should be considered when determining the total cost of the safeguard. D The most effective safeguard should always be implemented regardless of cost.

D

Which term is used to describe the role of the person who takes physical control of a crime scene in order to preserve evidence and prevent tampering before the full forensics team arrives? A CIRT B Senior management C BCP team D First responder

D

Which type of network segment is created by a switch, but requires a routing function to be present to interact between network segments? A Community B Domain C Subnet D VLAN

D

Who is responsible for providing reports to the senior management on the effectiveness of the security controls? A. Information systems security professionals B. Data owners C. Data custodians D. Information systems auditors

D

Why is account or identity proofing necessary? A It allows for hiring of individuals with criminal records or sealed histories. B It ensures that privileged accounts are never used across network links. C It checks that users are logging into the assigned workstation at their desk. D It verifies that only the authorized person is able to use a specific user account.

D

Why is it important to evaluate intangible assets while performing a risk assessment? A Only tangible assets have value. B Intangible assets cannot be harmed by threats. C They can be sold for operating funds. D Not all assets are tangible.

D

Why would anomaly detection IDSs often generate a large number of false positives? A. Because they can only identify correctly attacks they already know about. B. Because they are application-based are more subject to attacks. C. Because they can't identify abnormal behavior. D. Because normal patterns of user and system behavior can vary wildly.

D

Wireless security can be increased by adding authentication. Which of the following choices provide strong wireless security with authentication? A WPA Personal B WPA with CCMP C WPA2 Personal D WPA2 Enterprise

D

You are a member of a group of people that want to exchange emails with each other securely. However, members don't want to purchase certificates from a public CA. Instead, they want to use privately created certificates. Which of the following best supports this? A PKI B PGP C DKIM D A WOT

D

You are assisting a security expert in a computer forensic investigation. The expert tells you to take steps to prove that forensic evidence has been protected since it was collected. What would you use? A a drive-imaging tool B COFEE C DECAF D a chain-of-custody document

D

You are evaluating different cryptography concepts. Which of the following does SHA-3 create? A symmetric key B asymmetric key C 28-bit hash D 256-bit hash

D

You are running a packet sniffer on a network and see a packet containing a long string of"0x90 0x90 0x90 0x90...." in the middle of it traveling to an x86-based machine as a target.This could be indicative of what activity being attempted? A. Over-subscription of the traffic on a backbone. B. A source quench packet. C. A FIN scan. D. A buffer overflow attack.

D

You are working hard to complete a major project before the deadline, which is next Monday. Three days before the deadline, you discover that the final task of the project requires a specific software product which you do not have. After searching for a version to purchase either from a local store or over the Internet, you discover that there are no copies of the software available for immediate access and use. The only version you can locate for purchase is through an overseas retailer. However, even with expedited shipping, it will not arrive until next Wednesday. During your search, you notice that there is a pirated copy available for download available immediately. How should you handle this situation according to (ISC)2 guidance? A Install the pirated version in a virtual machine, and destroy the evidence once the project is complete. B Use the pirated version, but go ahead and purchase the legitimate version. C Use the pirated version. D Purchase the legitimate product, and ask for a deadline extension.

D

You have been tasked to develop an effective information classification program. Which one of the following steps should be performed first? A. Establish procedures for periodically reviewing the classification and ownership B. Specify the security controls required for each classification level C. Identify the data custodian who will be responsible for maintaining the security level of data D. Specify the criteria that will determine how data is classified

D

Your organization experienced an impersonation attack recently that compromised the network administrator's user account. In response, new security measures are being implemented throughout the organization. You have been assigned the task of improving authentication. You want a new authentication system that ensures the following: -Eavesdropped passwords cannot be used by an attacker. -Passwords are only able to be used once. -Password predication must be prevented. -Passwords are only valid for a short period of time. How can you accomplish these goals? A Implement a rotating, 30-character password authentication system. B Implement a PIN-based authentication system where each PIN is incremented by three each time a user logs in. C Implement an authentication system using wallet cards with a table of password options. D Implement a synchronized, one-time password token-based authentication system.

D

Your organization has hired a security consultant to perform a risk assessment. Which of the following are valid expectations when the consultant finishes the job? A risk assessment identifies all threats B risk assessment identifies all vulnerabilities C risk assessment is an ongoing practice D risk assessment provides an assessment at a point in time

D

Which of the following statements pertaining to biometrics is false? A. Increased system sensitivity can cause a higher false rejection rate B. The crossover error rate is the point at which false rejection rate equals the false acceptance rate. C. False acceptance rate is also known as Type II error. D. Biometrics are based on the Type 2 authentication mechanism.

D; Authentication is based on three factor types: type 1 is something you know, type 2 is something you have and type 3 is something you are. Biometrics are based on theType 3 authentication mechanism.

Which TCSEC class specifies discretionary protection? A. B2 B. B1 C. C2 D. C1

D; C1 involves discretionary protection, C2 involves controlled access protection, B1 involves labeled security protection and B2 involves structured protection.

Logical or technical controls involve the restriction of access to systems and the protection of information. Which of the following statements pertaining to these types of controls is correct? A. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks but do not include a review of vacation history, and also do not include increased supervision. B. Examples of these types of controls do not include encryption, smart cards, access lists, and transmission protocols. C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. D. Examples of these types of controls include policies and procedures, security awareness training, background checks, work habit checks, a review of vacation history, and increased supervision.

c

A Wide Area Network (WAN) is basically everything outside of: A. a Local Area Network (LAN). B. a Campus Area Network (CAN). C. a Metropolitan Area Network (MAN). D. the Internet.

A

A backup site is best described by which of the following options? A A computer facility with power and HVAC and all servers and communications. All applications are ready to be installed and configured, and recent data is available to be restored to the site. B A computer facility with electrical power and HVAC but with no applications or installed data on the workstations or servers prior to the event C A computer facility with available electrical power and HVAC and some print/file servers. No equipment has been installed at the site. D An alternate computing location with little power and air-conditioning is but no telecommunications capability

A

A business asset is best described by which of the following? A Competitive advantage, capability, credibility, or goodwill B Controls put in place that reduce the effects of threats C An asset loss that could cause a financial or operational impact to the organization D Personnel, compensation, and retirement programs

A

A business continuity plan is an example of which of the following? A. Corrective control B. Detective control C. Preventive control D. Compensating control

A

A circuit level proxy is ___________________ when compared to an application level proxy. A. lower in processing overhead. B. more difficult to maintain. C. more secure. D. slower.

A

A computer is periodically checking in with an attacker's command-and-control Center, accepting directions, and then launching attacks on other systems. What is directing the computers activity? A botnet B zombie C firewall D proxy server

A

A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A database security mechanism that enforces this policy would typically be said to provide which of the following? A. Content-dependent access control B. Context-dependent access control C. Least privileges access control D. Ownership-based access control

A

A department manager has read access to the salaries of the employees in his/her department but not to the salaries of employees in other departments. A database security mechanism that enforces this policy would typically be said to provide which of the following? A. Content-dependent access control B. Context-dependent access control C. Least privileges access control D. Ownership-based access control

A

A deviation from an organization-wide security policy requires which of the following? A. Risk Acceptance B. Risk Assignment C. Risk Reduction D. Risk Containment

A

A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is: A. server cluster B. client cluster C. guest cluster D. host cluster

A

A host-based IDS is resident on which of the following? A. On each of the critical hosts B. decentralized hosts C. central hosts D. bastion hosts

A

A prolonged power supply that is below normal voltage is a: A. brownout B. blackout C. surge D. fault

A

A proxy can control which services (FTP and so on) are used by a workstation , and also aids in protecting the network from outsiders who may be trying to get information about the: A. network's design B. user base C. operating system design D. net BIOS' design

A

A public key algorithm that does both encryption and digital signature is which of the following? A. RSA B. DES C. IDEA D. Diffie-Hellman

A

A server cluster looks like a: A. single server from the user's point of view B. dual server from the user's point of view C. triple server from the user's point of view D. quardle server from the user's point of view

A

A system is currently being attacked and it's apparent that the attackers are accessing data on the system. A computer forensic team is on the way to examine the computer. Which of the following is a valid action at this time? A disconnect cable from the NIC B power down the system C access logs to view activity D change permissions on valuable files

A

A user creates a secure HTTP session with a server using a web browser. How is a symmetric key transferred over the Internet when using TLS? A in encrypted form after being encrypted with a public key B in encrypted form after being encrypted with a private key C in unencrypted form in a separate transmission D in unencrypted form separated into multiple packets

A

A vulnerability assessment reported a vulnerability, but investigation shows that the vulnerability does not actually exist. What is this called? A false positive B false negative C penetration test failure D penetration test success

A

A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called a ? A. Vulnerability B. Risk C. Threat D. Overflow

A

A web server was recently attacked, but the attack wasn't noticed until Weeks Later. Management wants to implement a method that will continuously monitor the server for intrusions. What should be used? A HIDS B NIDS C antivirus software D host-based firewall

A

Access Control techniques do not include which of the following choices? A. Relevant Access Controls B. Discretionary Access Control C. Mandatory Access Control D. Lattice Based Access Control

A

Address Resolution Protocol (ARP) interrogates the network by sending out a? A. broadcast. B. multicast. C. unicast. D. semicast.

A

All hosts on an IP network have a logical ID called a(n): A. IP address. B. MAC address. C. TCP address. D. Datagram address.

A

An Acceptable Use Policy (AUP) is what type of control? A Administrative B Corrective C Detective D Compensating

A

An Architecture where there are more than two execution domains or privilege levels is called: A. Ring Architecture. B. Ring Layering C. Network Environment. D. Security Models

A

An access control system can apply different attributes to an object to restrict access. Of the following choices, which ones are valid after abuse to restrict user access? (select three) 1 time or temporal 2 password strength 3 location 4 remote access A 1,3,4 B 1,2,4

A

An administrator is preparing to deploy an anomaly-based IDS. What must be created before the age can accurately detect potential intrusions? A baseline B signature database C reporting subsystem D email server

A

An anti-virus program is using a database of known malware to detect malware on a system. What method of detection is this? A signature-based B heuristics-based C via a sandbox D behavior-based

A

An application layer firewall is also called a: A. Proxy B. A Presentation Layer Gateway. C. A Session Layer Gateway. D. A Transport Layer Gateway.

A

An employee has summary data from a database and uses this to learn details that the employee would not normally be able to access. What technique is the employee using to gain this information? A data inference B Brute Force C Tuple analysis D data indifference

A

An organization has a DMZ using two firewalls of the same brand and model. A security professional is strongly recommending that the DMZ be upgraded using firewalls from different vendors. What is the goal? A to provide defense diversity B to increase administrative tasks C to reduce administrative tasks D to reduce cost

A

An organization has the responsibility to take steps to protect the integrity and confidentiality of data. What is this responsibility called? A due care B due diligence C due process D due privilege

A

An organization is designing a technical password policy. Which of the following choices would be included to ensure the creation and maintenance of strong passwords? (Select three) 1 minimum length 2 maximum age 3 password audit 4 mix of characters A 1,2,4 B 1,3,4

A

An organization is developing a security policy and wants to ensure that all employees are aware of the contents. Which of the following items should be considered to meet this goal? (Select three) 1 it should be easy to read 2 it should remind users of the contents with warning banners 3 it should include elements and training session 4 it should be no more than a single page long A 1,2,3 B 2,3,4

A

An organization is evaluating potential alternate locations. It wants to create a site that gives the most flexibility. What should it select? A Mobile site B Hot site C Warm site D Cold site

A

An organization is performing a risk assessment. It is using a numerical-based analysis method to evaluate the risk. What type of analysis is this? A quantitative analysis B qualitative analysis C total cost of ownership analysis D return-on-investment analysis

A

An organization needs to continue operations at an alternate location if a hurricane threatens its primary location. The organization expects to have several days' notice of impending hurricanes. When necessary, the organization will move equipment and data to the alternate location. What type of site should the organization use? A cold site B warm site C hot site beat D BIA site

A

An organization recently suffered a serious data breach on one of its valuable e-commerce web servers. Which of the following is a likely response to the data breach? A implement countermeasures B eliminate threats C eliminate vulnerabilities D stop using the e-commerce web server

A

Angie is configuring egress monitoring on her network to provide added security. Which one of the following packet types should Angie allow to leave the network headed for the Internet? A Packets with a source address from Angie's public IP address block B Packets with a destination address from Angie's public IP address block C Packets with a source address outside Angie's address block D Packets with a source address from Angie's private address block

A

Another name for a VPN is a: A. tunnel B. one-time password C. pipeline D. bypass

A

Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied? A. The pair of elements is the subject and object, and the subject has an upper bound equal or higher than the upper bound of the object being accessed. B. The pair of elements is the subject and object, and the subject has an upper bound lower then the upper bound of the object being accessed. C. The pair of elements is the subject and object, and the subject has no special upper or lower bound needed within the lattice. D. The pair of elements is the subject and object, and the subject has no access rights in relation to an object.

A

Application Layer Firewalls operate at the: A. OSI protocol Layer seven, the Application Layer. B. OSI protocol Layer six, the Presentation Layer. C. OSI protocol Layer five, the Session Layer. D. OSI protocol Layer four, the Transport Layer.

A

Attackers are attempting a known-plaintext attack. Which of the following terms best describes this attack? A cryptanalysis attack B weak key attack C week algorithm attack D brute-force attack

A

Attributable data should be: A. always traced to individuals responsible for observing and recording the data B. sometimes traced to individuals responsible for observing and recording the data C. never traced to individuals responsible for observing and recording the data D. often traced to individuals responsible for observing and recording the data

A

Attributes that characterize an attack are stored for reference using which of the followingIntrusion Detection System (IDS) ? A. signature-based IDS B. statistical anomaly-based IDS C. event-based IDS D. inferent-based IDS

A

Authorization for multiple applications using one set of credentials is best described by which of the following? A Single Sign-on B Multi-factor C Enrollment D Authorization

A

Ben is concerned about password cracking attacks against his system. He would like to implement controls that prevent an attacker who has obtained those hashes from easily cracking them. What two controls would best meet this objective? A Longer passwords and salting B Over-the-wire encryption and use of SHA1 instead of MD5 C Salting and use of MD5 D Using shadow passwords and salting

A

Ben is selecting an encryption algorithm for use in an organization with 10,000 employees. He must facilitate communication between any two employees within the organization. Which one of the following algorithms would allow him to meet this goal with the least time dedicated to key management? A RSA B IDEA C 3DES D Skipjack

A

Bert is considering the use of an infrastructure as a service cloud computing partner to provide virtual servers. Which one of the following would be a vendor responsibility in this scenario? A Maintaining the hypervisor B Managing operating system security settings C Maintaining the host firewall D Configuring server access control

A

Business Continuity and Disaster Recovery Planning (Primarily) addresses the: A. Availability of the CIA triad B. Confidentiality of the CIA triad C. Integrity of the CIA triad D. Availability, Confidentiality and Integrity of the CIA triad

A

Crime Prevention Through Environmental Design (CPTED) is a discipline that: A. Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. B. Outlines how the proper design of the logical environment can reduce crime by directly affecting human behavior. C. Outlines how the proper design of the detective control environment can reduce crime by directly affecting human behavior. D. Outlines how the proper design of the administrative control environment can reduce crime by directly affecting human behavior.

A

Detective/Technical measures: A. include intrusion detection systems and automatically-generated violation reports from audit trail information. B. do not include intrusion detection systems and automatically-generated violation reports from audit trail information. C. include intrusion detection systems but do not include automatically-generated violation reports from audit trail information. D. include intrusion detection systems and customised-generated violation reports from audit trail information.

A

Domain Name Service is a distributed database system that is used to map: A. Domain Name to IP addresses. B. MAC addresses to domain names. C. MAC Address to IP addresses. D. IP addresses to MAC Addresses.

A

Don's company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use? A IaaS B PaaS C CaaS D SaaS

A

Each data packet is assigned the IP address of the sender and the IP address of the: A. recipient. B. host. C. node. D. network.

A

Encapsulating Security Payload (ESP) provides some of the services of AuthenticationHeaders (AH), but it is primarily designed to provide: A. Confidentiality B. Cryptography C. Digital signatures D. Access Control

A

Encapsulation provides what type of action? A Places one type of packet inside another B Ensures perfect forward secrecy with IPsec C Provides encryption and VPNs D Provides for data integrity

A

How can a vulnerability be reduced or eliminated? A By improving the asset B Through monitoring C By crafting a response strategy D Through delegation

A

How can an IT environment be configured in order to limit user access to use resources exclusively on a server, prevent local processing and storage, but still offer mouse-based control of applications? A Implement thin clients. B Use a VPN. C Use Remote Desktop. D Employ a Telnet system.

A

How can integrity be enforced or assessed across an entire computer system? A Compare a baseline of hardware settings and software configuration against a live system. B View the available free space. C Take a hash calculation of all system files. D Check that the latest version of software updates has been applied.

A

How can skilled IT workers evaluate new software without exposing their systems to infection or malware compromise? A Test using a sandbox. B Implement an IDS. C Use anti-malware scanners. D Use an administrator account.

A

How does IPSec verify that data arrived at the destination without intentional or accidental corruption? A By using a randomized hashing operation B With the use of a compression technology C By exchanging symmetric keys D Through the use of public key encryption

A

How does PGP provide e-mail confidentiality? A Through random symmetric keys and the use of public keys B By encrypting the body of a message and sending it as an attachment C Through adopting e-mail standards D Through digital signatures

A

How does a network access control (NAC) system ensure that only systems with current configurations and the most recently approved updates are allowed to access the production network? A By checking for compliance each time a system attempts to access the production network B Through the use of spyware tools to monitor keyboard use C By sending updates to systems on a specific time schedule D Through resetting the system to a fixed image at the start of each boot session

A

How is a baseline used in compliance management? A By comparing the current configuration of a system with the required configuration B By protecting user privacy C By defining the hardware and software to be present on a new system D By reducing risk

A

How is a digital certificate created? A A subject's public key is signed by a CA's private key. B A random key is encrypted by a recipient's public key. C A communication exchange of discover, offer, request, and acknowledge occurs. D A Diffie-Hellman key exchange is performed.

A

How is confidentiality different from privacy? A Confidentiality relates to the control of information in order to prevent disclosure to unauthorized entities. B Confidentiality relates to people and being in control of access to information about ourselves. C Privacy is not legally protected. D Privacy is only provided when inside your own home or using your own devices.

A

How long should event logs be retained? A as defined by company policy B indefinitely C 1 year D 30-60 days

A

How many rounds are used by DES? A. 16 B. 32 C. 64 D. 48

A

How would an IP spoofing attack be best classified? A. Session hijacking attack B. Passive attack C. Fragmentation attack D. Sniffing attack

A

How would nonrepudiation be best classified as? A. A preventive control B. A logical control C. A corrective control D. A compensating control

A

Identification and authentication are the keystones of most access control systems.Identification establishes: A. User accountability for the actions on the system. B. Top management accountability for the actions on the system. C. EDP department accountability for the actions of users on the system. D. Authentication for actions on the system

A

If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Data leakage through covert channels. D. Denial of service through a deadly embrace.

A

If an organization were to monitor their employees' e-mail, it should not: A. Monitor only a limited number of employees. B. Inform all employees that e-mail is being monitored. C. Explain who can read the e-mail and how long it is backed up. D. Explain what is considered an acceptable use of the e-mail system.

A

If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a: A. server farm B. client farm C. cluster farm D. host farm

A

If subjects receive a clearance, what do objects receive? A Classification B Data Tag C Mandatory Access Control label D Access point

A

If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on: A. Value of item on the date of loss B. Replacement with a new item for the old one regardless of condition of lost item C. Value of item one month before the loss D. Value of item on the date of loss plus 10 percent

A

In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the: A. Network or Transport Layer. B. Application Layer. C. Inspection Layer. D. Data Link Layer.

A

In addition to having at least one year of relevant experience in a domain of SSCP, what is another requirement to be qualified to take the SSCP exam? A Agreeing to abide by the (ISC)2 Code Of Ethics B Employment in a security position for three years C Earning a minimum of $75,000 per year in a security career D Having a four-year college degree in information technology or computer science

A

In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected? A. Human Resources B. Industrial Security C. Public Relations D. External Audit Group

A

In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In general, the device that have the lowest value would be the most accurate.Which of the following would be used to compare accuracy of devices? A. the CER is used. B. the FRR is used C. the FAR is used D. the FER is used

A

In the context of network enumeration by an outside attacker and possible DistributedDenial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network? A. Allow echo reply outbound B. Allow echo request outbound C. Drop echo request inbound D. Allow echo reply inbound

A

In this diagram of the TCP three-way handshake, what should system A send to system B in step 3? A ACK B SYN C FIN D RST

A

In what way can violation clipping levels assist in violation tracking and analysis? A. Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred. B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. C. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status. D. Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations.

A

In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity? A Public cloud B Private cloud C Community cloud D Shared cloud

A

In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified. Such a model can be used to quickly summarize what permissions a subject has for various system objects. A. Access Control Matrix model B. Take-Grant model C. Bell-LaPadula model D. Biba model

A

In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. Initiation B. Development/acquisition C. Implementation D. Operation/maintenance

A

Making sure that only those who are supposed to access the data can access is which of the following? A. confidentiality. B. capability. C. integrity. D. availability.

A

Making sure that the data has not been changed unintentionally, due to an accident or malice is: A. Integrity. B. Confidentiality. C. Availability. D. Auditability.

A

Management within an organization wants to determine whether there are any vulnerabilities in the organization's processes and procedures. Of the following choices, what can the organization use to identify vulnerabilities? A security audit B password audit C penetration test D clipping level audit

A

Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean? A. System functions are layered, and none of the functions in a given layer can access data outside that layer. B. Auditing processes and their memory addresses cannot be accessed by user processes. C. Only security processes are allowed to write to ring zero memory. D. It is a form of strong encryption cipher.

A

Most access violations are: A. Accidental B. Caused by internal hackers C. Caused by external hackers D. Related to Internet

A

Network cabling comes in three flavors, they are: A. twisted pair, coaxial, and fiber optic. B. tagged pair, coaxial, and fiber optic. C. trusted pair, coaxial, and fiber optic. D. twisted pair, control, and fiber optic.

A

Of the following choices, what actions does a content-filtering appliance provide? (Select three) 1 filtering spam going into a network 2 filtering malware going into a network 3 providing proxy server services 4 acting as a Honeypot A 1,2,3 B 2,3,4

A

Of the following choices, which are examples of corrective controls? (Select two) 1 disaster recovery plan 2 backup and restore procedures 3 intrusion prevention system 4 forensic analysis A 1,2 B 3,4

A

Packet Filtering Firewalls can also enable access for: A. only authorized application port or service numbers. B. only unauthorized application port or service numbers. C. only authorized application port or ex-service numbers. D. only authorized application port or service integers.

A

Performing essential business processes in a cloud solution is an attractive concept for many organizations. What needs to be crafted and reviewed carefully to ensure that a cloud service provides the necessarily level of service and security demanded by your organization and which is legally enforceable? A SLA B MOU C AUP D CPS

A

Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the: A. Operations Security Domain. B. Operations Security Domain Analysis. C. Telecommunications and Network Security Domain. D. Business Continuity Planning and Disater Recovery Planning.

A

Properly managing user accounts is an essential element in maintaining security. How should the process of identity management be implemented? A Policies and procedures - privileged accounts have significant access capability; define the parameters of use with authorized use policies, nondisclosure agreements, and confidentiality agreements to reduce risk. B Account creation - create all potentially needed privileged accounts during the initial phase of network installation, then assign those accounts as needed over time. C Account provisioning - create privileged accounts that have equal access and capability throughout the network. D Account monitoring - configure user account auditing and monitoring to focus on end users only, as privileged users are highly trusted entities.

A

Qualitative loss resulting from the business interruption does NOT usually include: A. Loss of revenue B. Loss of competitive advantage or market share C. Loss of public confidence and credibility D. Loss of market leadership

A

Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following? A. integrity B. confidentiality C. availability D. identity

A

Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following? A. Confidentiality B. Integrity C. Availability D. capability

A

Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower? A Likelihood B RTO C MTO D Impact

A

Risk analysis is MOST useful when applied during which phase of the system development process? A. Project initiation and Planning B. Functional Requirements definition C. System Design Specification D. Development and Implementation

A

SMTP can best be described as: A. a host-to-host email protocol. B. an email retrieval protocol. C. a web-based e-mail reading protocol. D. a standard defining the format of e-mail messages.

A

Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model? A. Application Layer. B. Transport Layer. C. Session Layer. D. Network Layer.

A

Secure Shell (SSH) is a strong method of performing: A. client authentication B. server authentication C. host authentication D. guest authentication

A

Secure Sockets Layer (SSL) is very heavily used for protecting which of the following? A. Web transactions. B. EDI transactions. C. Telnet transactions. D. Electronic Payment transactions.

A

Sensitivity labels are an example of what application control type? A. Preventive security controls B. Detective security controls C. Compensating administrative controls D. Preventive accuracy controls

A

Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for: A. Peer Authentication B. Peer Identification C. Server Authentication D. Name Resolution

A

The Computer Security Policy Model the Orange Book is based on is which of the following? A. Bell-LaPadula B. Data Encryption Standard C. Kerberos D. Tempest

A

The DES algorithm is an example of what type of cryptography? A. Secret Key B. Two-key C. Asymmetric Key D. Public Key

A

The IP header contains a protocol field. If this field contains the value of 6, what type of data is contained within the ip datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

A

The RSA algorithm is an example of what type of cryptography? A. Asymmetric Key. B. Symmetric Key. C. Secret Key. D. Private Key.

A

The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept: A. The reference monitor. B. Discretionary Access Control. C. The Security Kernel. D. Mandatory Access Control.

A

The Terminal Access Controller Access Control System (TACACS) employs which of the following? A. a user ID and static password for network access B. a user ID and dynamic password for network access C. a user ID and symmetric password for network access D. a user ID and asymmetric password for network access

A

The basic language of modems and dial-up remote access systems is: A. Asynchronous Communication. B. Synchronous Communication. C. Asynchronous Interaction. D. Synchronous Interaction.

A

The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields

A

The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of the corresponding vulnerability. Therefore, a legal liability may exists when: A. (C < L) or C is less than L B. (C < L - (residual risk)) or C is less than L minus residual risk C. (C > L) or C is greather than L D. (C > L - (residual risk)) or C is greather than L minus residual risk

A

The end result of implementing the principle of least privilege means which of the following? A. Users would get access to only the info for which they have a need to know B. Users can access all systems. C. Users get new privileges added when they change positions. D. Authorization creep.

A

The fact that a network-based IDS reviews packets payload and headers enable which of the following? A. Detection of denial of service B. Detection of all viruses C. Detection of data corruption D. Detection of all password guessing attacks

A

The general philosophy for DMZ's is that: A. any system on the DMZ can be compromized because it's accessible from the Internet. B. any system on the DMZ cannot be compromized because it's not accessible from the Internet. C. some systems on the DMZ can be compromized because they are accessible from the Internet. D. any system on the DMZ cannot be compromized because it's by definition 100 percent safe and not accessible from the Internet.

A

The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? A. clipping level B. acceptance level C. forgiveness level D. logging level

A

The session layer provides a logical persistent connection between peer hosts. Which of the following is one of the modes used in the session layer to establish this connection? A. Full duplex B. Synchronous C. Asynchronous D. Half simplex

A

The threat evaluation process performed when designing a business continuity plan (BCP) or disaster recovery plan (DRP) evaluates risk in light of work process and is similar in nature to the technique used when designing security policies. What is this threat evaluation process called? A Business impact analysis B Quantitative analysis C Qualitative analysis D Threat modeling

A

The type of discretionary access control (DAC) that is based on an individual's identity is also called: A. Identity-based Access control B. Rule-based Access control C. Non-Discretionary Access Control D. Lattice-based Access control

A

This type of backup management provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs (Write Once, Read Many): A. Hierarchical Storage Management (HSM). B. Hierarchical Resource Management (HRM). C. Hierarchical Access Management (HAM). D. Hierarchical Instance Management (HIM).

A

To be admissible in court, computer evidence must be which of the following? A. Relevant B. Decrypted C. Edited D. Incriminating

A

To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up: A. Access Rules B. Access Matrix C. Identification controls D. Access terminal

A

Under which condition should a security practitioner of your organization sit out of a security audit? A When an outside consultant is evaluating compliance B When senior management is dissatisfied with the results from previous audits C When the operating budget is running low D When it involves the handling of proprietary information

A

Unshielded Twisted Pair (UTP) cables comes in several categories. The categories are based on: A. The level of performance B. How thick the shielding is. C. The length of the cable D. The diameter of the copper.

A

What IDS approach relies on a database of known attacks? A. Signature-based intrusion detection B. Statistical anomaly-based intrusion detection C. Behavior-based intrusion detection D. Network-based intrusion detection

A

What are called user interfaces that limit the functions that can be selected by a user? A. Constrained user interfaces B. Limited user interfaces C. Mini user interfaces D. Unlimited user interfaces

A

What attribute is included in a X.509-certificate? A. Distinguished name of the subject B. Telephone number of the department C. secret key of the issuing CA D. the key pair of the certificate holder

A

What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access? A. The Reference Monitor B. The Security Kernel C. The Trusted Computing Base D. The Security Domain

A

What can best be defined as a strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall? A. A bastion host B. A screened subnet C. A dual-homed host D. A proxy server

A

What channel is defined as part of the original IEEE 802.11 in the 2.4 GHz range and is restricted from use within the United States? A 14 B 11 C 6 D 1

A

What does "residual risk" mean? A. The security risk that remains after controls have been implemented B. Weakness of an assets which can be exploited by a threat C. Risk that remains after risk assessment has has been performed D. A security risk intrinsic to an asset being audited, where no mitigation has taken place.

A

What enables a workstation to boot without requiring a hard or floppy disk drive? A. Bootstrap Protocol (BootP). B. Reverse Address Resolution Protocol (RARP). C. Address Resolution Protocol (ARP). D. Classless Inter-Domain Routing (CIDR).

A

What is a TFTP server most useful for? A. Transferring configurations to and from network devices. B. Transferring files to web servers. C. Terminal access to network devices. D. Terminal access to file servers.

A

What is a characteristic of using the Electronic Code Book mode of DES encryption? A. A given block of plaintext and a given key will always produce the same ciphertext. B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. C. Individual characters are encoded by combining output from earlier encryption routines with plaintext. D. The previous DES output is used as input.

A

What is a common problem when using vibration detection devices for perimeter control? A. They are vulnerable to non-adversarial disturbances. B. They can be defeated by electronic means. C. Signal amplitude is affected by weather conditions. D. They must be buried below the frost line.

A

What is a hot-site facility? A. A site with pre-installed computers, raised flooring, air conditioning, telecommunications and networking equipment, and UPS. B. A site in which space is reserved with pre-installed wiring and raised floors. C. A site with raised flooring, air conditioning, telecommunications, and networking equipment, and UPS. D. A site with ready made work space with telecommunications equipment, LANs, PCs, and terminals for work groups.

A

What is a limitation of TCP Wrappers? A. It cannot control access to running UDP services. B. It stops packets before they reach the application layer, thus confusing some proxy servers. C. The hosts. access control system requires a complicated directory tree. D. They are too expensive.

A

What is a primary goal of a forensic investigator while collecting evidence? A Preserve evidence integrity. B Locate evidence to support a pre-determined outcome. C Collect sufficient evidence. D Prove that a specific suspect committed the crime.

A

What is called a sequence of characters that is usually longer than the allotted number for a password? A. passphrase B. cognitive phrase C. anticipated phrase D. Real phrase

A

What is one disadvantage of content-dependent protection of information? A. It increases processing overhead. B. It requires additional password entry. C. It exposes the system to data locking. D. It limits the user's individual address space.

A

What is the IEEE standard known as port-based network access control which is used to leverage authentication already present in a network to validate clients connecting over hardware devices, such as wireless access points or VPN concentrators? A IEEE 802.1x B IEEE 802.15 C IEEE 802.3 D IEEE 802.11

A

What is the certificate standard used by PKI? A X.509 v3 B IEEE 802.1q C X.500 D IEEE 802.11n

A

What is the company security policy that allows workers to use their own personal equipment to interact with company resources? A BYOD B MOU C AUP D CPS

A

What is the cost benefit equation? A [ALE1 - ALE2] - CCM B AES - CCMP C total initial risk - countermeasure benefit D AV x EF x ARO

A

What is the effective key size of DES? A. 56 bits B. 64 bits C. 128 bits D. 1024 bits

A

What is the first step in the incident lifecycle? A preparation B detection C verification D containment

A

What is the foundational premise of risk management? A There is always some level of risk. B Computers can be completely secured. C As security increases, costs decrease. D Security and performance are cooperative measurements.

A

What is the goal of the Maintenance phase in a common development process of a security policy? A. to review the document on the specified review date B. publication within the organization C. to write a proposal to management that states the objectives of the policy D. to present the document to an approving body

A

What is the greatest danger from DHCP? A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients. B. Having multiple clients on the same LAN having the same IP address. C. Having the wrong router used as the default gateway. D. Having the organization's mail server unreachable.

A

What is the length of an MD5 message digest? A. 128 bits B. 160 bits C. 256 bits D. varies depending upon the message size.

A

What is the logical network topology of Ethernet when deployed in a physical star wiring layout? A Bus B Ring C Mesh D Star

A

What is the longest encryption key supported by the Advanced Encryption Standard (AES) algorithm? A 256 bits B 512 bits C 1,024 bits D 2,048 bits

A

What is the main advantage of using a qualitative impact analysis? A A qualitative impact analysis identifies areas that require immediate improvement. B A qualitative impact analysis considers monetary facts and figures. C A qualitative impact analysis makes a cost benefit analysis simple. D A qualitative impact analysis provides specific measurements of attack impacts.

A

What is the main benefit or distinction of symmetric encryption? A A single shared key can perform both encryption and decryption operations. B A key pair set is used to provide confidentiality. C It can provide secure key exchange over an insecure medium. D It is a fully scalable encryption scheme.

A

What is the main concern with single sign-on? A. Maximum unauthorized access would be possible if a password is disclosed. B. The security administrator's workload would increase. C. The users' password would be too hard to remember. D. User access rights would be increased.

A

What is the main difference between a Smurf and a Fraggle attack? A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based. B. A Smurf attack is UDP-based and a Fraggle attack is TCP-based. C. Smurf attack packets cannot be spoofed. D. A Smurf attack is UDP-based and a Fraggle attack is ICMP-based.

A

What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed? A. One-way hash B. DES C. Transposition D. Substitution

A

What is the name of the protocol use to set up and manage Security Associations (SA) forIP Security (IPSec)? A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol

A

What is the primary benefit of a security camera for physical security? A Detective B Preventative C Directive D Corrective

A

What is the primary role of cross certification? A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certificates by CA certificate revocation

A

What is the purpose of a Security Information and Event Management (SIEM) product? A To provide real-time logging and analysis of security events B To define the requirements of security procedures C To provide event planning guidance for holding industry conferences D To improve employee security training

A

What is the purpose of a business continuity plan (BCP)? A To maintain the ability to perform mission critical work tasks while dealing with harmful events B To define performance requirements and consequences if providers fail to meet quality expectations C To restore mission critical tasks D To train replacement personnel in the event of a senior executive leaving the organization

A

What is the purpose of a source system? A Anything that records or maintains data of interest B The first computer C The original gold version of a computer which is cloned for enterprise deployment D The data warehouse were open source code is saved

A

What is the purpose or benefit of an after-action report in an incident response strategy? A To learn from events in order to improve future incident handling B To have law enforcement provide guidance on handling security breaches C To increase the sensitivity of incident detectors D To gain sufficient support from senior management

A

What is the term used to describe a relationship between two entities where resources from either side can be accessed by users from either side? A Two-way trust B One-way trust C Transitive trust D Web of trust

A

What is the term used to describe the risk management strategy of an organization altering a business task to work around a specific event or activity in order to prevent compromise? A Avoidance B Deterrence C Transferrence D Acceptance

A

What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at? A. Data link layer B. Transport layer C. Session layer D. Network layer

A

What protocol is used on the Local Area Network (LAN) to obtain an IP address from it's known MAC address? A. Reverse address resolution protocol (RARP) B. Address resolution protocol (ARP) C. Data link layer D. Network address translation (NAT)

A

What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Denial of service through a deadly embrace. D. Data leakage through covert channels.

A

What size is an MD5 message digest (hash)? A. 128 bits B. 160 bits C. 256 bits D. 128 bytes

A

What type of key does AES use? A secret key B public key C private key D both public and private keys

A

What type of technical control can be used in the process of assessing compliance? A Auditing B Security camera C Multifactor authentication D Encryption

A

What works as an E-mail message transfer agent? A. SMTP B. SNMP C. S-RPC D. S/MIME

A

What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)? A. It can be very invasive to the host operating system B. Monitors all processes and activities on the host system only C. Virtually eliminates limits associated with encryption D. They have an increased level of visibility and control compared to NIDS

A

What would the most successful means of attacking an environment relying upon guest OSes that would result in the destruction or loss of use of the guest OSes be? A Compromise the host OS. B Perform a full port scan against both TCP and UDP across all guest OSes. C Implement a man-in-the-middle attack. D Infect the guest OSes with spyware.

A

When a client is located behind a firewall that does not allow inbound initiated contact, which of the following will need to be used to support file transfer? A Passive FTP B Active FTP C Server-initiated FTP D Client-hosted FTP

A

When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation? A. Due care B. Due concern C. Due diligence D. Due practice

A

When hashing a message, which of the following security goals is being provided? A Integrity B Confidentiality C Encryption D Availability

A

When is it appropriate to contact law enforcement when an organization experiences a security breach? A If a violation is more severe than just breaking company policy rules B If a breach of security occurs C If a tolerable or accepted risk is realized D If an insider uses another employee's credentials

A

When submitting a passphrase for authentication, the passphrase is converted into ... A. a virtual password by the system B. a new passphrase by the system C. a new passphrase by the encryption technology D. a real password by the system which can be used forever

A

When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as? A. Dual Control B. Need to know C. Separation of duties D. Segragation of duties

A

When using a cloud solution as a component of a backup strategy, what is the most important concern? A Encryption of transfer and storage B Speed of communication C Effort involved in recovery D Ownership

A

When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this:0101 0001 Plain text0111 0011 Key stream0010 0010 OutputWhat is this cryptographic operation called? A. Exclusive-OR B. Bit Swapping C. Logical-NOR D. Decryption

A

When working with big data, the storage location where all of the raw data is housed until it is needed for mining or processing is known as? A Data lake B Data warehouse C Database D Data mart

A

When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as? A. Shadowing B. Data mirroring C. Backup D. Archiving

A

Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use HybridEncryption Methods. What does this mean? A. Use of public key encryption to secure a secret key, and message encryption using the secret key. B. Use of the recipient's public key for encryption and decryption based on the recipient's private key. C. Use of software encryption assisted by a hardware encryption accelerator. D. Use of elliptic curve encryption.

A

Which OSI/ISO layer does a SOCKS server operate at? A. Session layer B. Transport layer C. Network layer D. Data link layer

A

Which access control model achieves data integrity through well-formed transactions and separation of duties? A. Clark-Wilson model B. Biba model C. Non-interference model D. Sutherland model

A

Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity? A. Discretionary Access Control B. Mandatory Access Control C. Sensitive Access Control D. Role-based Access Control

A

Which access control model would a lattice-based access control model be an example of? A. Mandatory access control. B. Discretionary access control. C. Non-discretionary access control. D. Rule-based access control.

A

Which access model is most appropriate for companies with a high employee turnover? A. Role-based access control B. Mandatory access control C. Lattice-based access control D. Discretionary access control

A

Which answer is most accurate regarding a wireless intrusion prevention system? A Rogue access points are detected. B It broadcasts a jamming tone at a potential intruder. C It monitors all traffic arriving at a wireless access point for proper ID fields. D It is used to fine-tune the traffic on a wireless network.

A

Which backup method copies only files that have changed since the last full backup, but does not clear the archive bit? A. Differential backup method. B. Full backup method. C. Incremental backup method. D. Tape backup method.

A

Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup? A. differential backup method B. full backup method C. incremental backup method D. tape backup method.

A

Which backup method is used if backup time is critical and tape space is at an extreme premium? A. Incremental backup method. B. Differential backup method. C. Full backup method. D. Tape backup method.

A

Which backup method usually resets the archive bit on the files after they have been backed up? A. Incremental backup method. B. Differential backup method. C. Partial backup method. D. Tape backup method.

A

Which element must computer evidence have to be admissible in court? A. It must be relevant. B. It must be annotated. C. It must be printed. D. It must contain source code.

A

Which encryption algorithm is BEST suited for communication with handheld wireless devices? A. ECC (Elliptic Curve Cryptosystem) B. RSA C. SHA D. RC4

A

Which is the last line of defense in a physical security sense? A. people B. interior barriers C. exterior barriers D. perimeter barriers

A

Which item is not part of the primary security categories? A Encryption B Detection C Recovery D Prevention

A

Which level of risk is associated with repeated attempts from a remote unknown entity to guess a user's password which result in the account being locked? A Elevated B Substantial C Severe D Normal

A

Which malware attempts to embed itself deeply into a system in order to hide itself and other items, such as files, folders, or even executable processes? A Rootkit B Trojan horse C Worm D Virus

A

Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender? A. Message Authentication Code - MAC B. PAM - Pluggable Authentication Module C. NAM - Negative Acknowledgement Message D. Digital Signature Certificate

A

Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found? A. Knowledge-Based ID System B. Application-Based ID System C. Host-Based ID System D. Network-Based ID System

A

Which of the following OSI layers provides routing and related services? A. Network Layer B. Presentation Layer C. Session Layer D. Physical Layer

A

Which of the following access methods is used by Ethernet? A. CSMA/CD. B. CSU/DSU. C. TCP/IP. D. FIFO.

A

Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location? A. direct addressing B. Indirect addressing C. implied addressing D. indexed addressing

A

Which of the following answers is described as a random value used in cryptographic algorithms to ensure that patterns are not created during the encryption process? A. IV - Initialization Vector B. Stream Cipher C. OTP - One Time Pad D. Ciphertext

A

Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS? A. signature-based IDS and statistical anomaly-based IDS, respectively B. signature-based IDS and dynamic anomaly-based IDS, respectively C. anomaly-based IDS and statistical-based IDS, respectively D. signature-based IDS and motion anomaly-based IDS, respectively.

A

Which of the following backup method must be made regardless of whether Differential orIncremental methods are used? A. Full Backup Method. B. Incremental backup method. C. Supplemental backup method. D. Tape backup method.

A

Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.

A

Which of the following backup methods makes a complete backup of every file on the server every time it is run? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.

A

Which of the following best defines source routing? A. The packets hold the forwarding information so they don't need to let bridges and routers decide what is the best route or way to get to the destination. B. The packets hold source information in a fashion that source address cannot be forged. C. The packets are encapsulated to conceal source information. D. The packets hold information about redundant paths in order to provide a higher reliability.

A

Which of the following best describes a disaster recovery plan? A Documents procedures to restore equipment and facilities to the condition they were in prior to the disaster B Uses the Business Information Plan to determine procedures C Makes use of probability analysis D Specifies time required to restore data with different backup schemes

A

Which of the following best describes a security policy? A Completely aligns with the mission, objectives, culture, and nature of the business B It describes the requirement for shareholder satisfaction C Lists potential risk targets within the organization D Makes extensive use of baselines and guidelines

A

Which of the following best describes a technical control? A control that uses technical means within computer systems to reduce risk B control that uses training and written documents such as security policies to reduce risk C control that is highly complex and requires technical details to explain D a control that is preventative in nature

A

Which of the following best describes a threat event? A any activity or event that can result in a loss of confidentiality, integrity, or availability to a system B any activity or event that protects a system from a loss of confidentiality, integrity, or availability C a weakness D the potential for an attacker to attack

A

Which of the following best describes converged network communications? A Transmission of voice and media files over a network B The use of Ethernet when communicating on a wireless network C The combination of two types of media such as copper and fiber-optic D The combination of SMS and chat capability on business networks

A

Which of the following best describes privileged users? A They are super-users or administrators B They all must work in the IT department C By default have access to everything on the network D They are anonymous users

A

Which of the following best describes what would be expected at a "hot site"? A. Computers, climate control, cables and peripherals B. Computers and peripherals C. Computers and dedicated climate control systems. D. Dedicated climate control systems

A

Which of the following binds a subject name to a public key value? A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate

A

Which of the following biometric devices has the lowest user acceptance level? A. Retina Scan B. Fingerprint scan C. Hand geometry D. Signature recognition

A

Which of the following biometric parameters are better suited for authentication use over a long period of time? A. Iris pattern B. Voice pattern C. Signature dynamics D. Retina pattern

A

Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences? A. Extensible Authentication Protocol B. Challenge Handshake Authentication Protocol C. Remote Authentication Dial-In User Service D. Multilevel Authentication Protocol.

A

Which of the following can be defined as an Internet protocol by which a client workstation can dynamically access a mailbox on a server host to manipulate and retrieve mail messages that the server has received and is holding for the client? A. IMAP4 B. SMTP C. MIME D. PEM

A

Which of the following can be used as a covert channel? A. Storage and timing. B. Storage and low bits. C. Storage and permissions. D. Storage and classification.

A

Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs? A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack

A

Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing? A. System development activity B. Help-desk function C. System Imaging D. Risk management process

A

Which of the following categories of hackers poses the greatest threat? A. Disgruntled employees B. Student hackers C. Criminal hackers D. Corporate spies

A

Which of the following category of UTP cables is specified to be able to handle gigabitEthernet (1 Gbps) according to the EIA/TIA-568-B standards? A. Category 5e UTP B. Category 2 UTP C. Category 3 UTP D. Category 1e UTP

A

Which of the following choices are effective malicious activity countermeasures? (Select three) 1 virtualizing systems 2 hardening systems 3 increasing user awareness 4 patching systems A 2,3,4 B 1,2,3

A

Which of the following choices describe a Challenge-response tokens generation? A. A workstation or system that generates a random challenge string that the user enters into the token when prompted along with the proper PIN. B. A workstation or system that generates a random login id that the user enters when prompted along with the proper PIN. C. A special hardware device that is used to generate ramdom text in a cryptography system. D. The authentication mechanism in the workstation or system does not determine if the owner should be authenticated.

A

Which of the following choices provide non-repudiation? (Select two) 1 salt 2 digital signature 3 audit trail 4 rainbow table A 2,3 B 1,4

A

Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on? A. Caesar B. The Jefferson disks C. Enigma D. SIGABA

A

Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection? A. C B. B C. A D. D

A

Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection? A. B B. A C. C D. D

A

Which of the following control pairings include: organizational policies and procedures, pre- employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks? A. Preventive/Administrative Pairing B. Preventive/Technical Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing

A

Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability? A. A risk B. A residual risk C. An exposure D. A countermeasure

A

Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext? A. known plaintext B. brute force C. ciphertext only D. chosen plaintext

A

Which of the following describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time? A. Very-Long Instruction-Word Processor (VLIW) B. Complex-Instruction-Set-Computer (CISC) C. Reduced-Instruction-Set-Computer (RISC) D. Super Scalar Processor Architecture (SCPA)

A

Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations? A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to. B. The initial logon process is cumbersome to discourage potential intruders. C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications. D. Once a user obtains access to the system through the initial log-on, he has to logout from all other systems

A

Which of the following division is defined in the TCSEC (Orange Book) as minimal protection? A. Division D B. Division C C. Division B D. Division A

A

Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks? A. Risk assessment B. Residual risks C. Security controls D. Business units

A

Which of the following equations is sometimes used to express risk? A Risk = Threat x Vulnerability B Risk = Mitigated Risk - Total Risk C Risk = Likelihood + Impact D Risk = Threat - Vulnerability

A

Which of the following exemplifies proper separation of duties? A. Operators are not permitted modify the system time. B. Programmers are permitted to use the system console. C. Console operators are permitted to mount tapes and disks. D. Tape operators are permitted to use the system console.

A

Which of the following focuses on sustaining an organization's business functions during and after a disruption? A. Business continuity plan B. Business recovery plan C. Continuity of operations plan D. Disaster recovery plan

A

Which of the following is NOT a basic component of security architecture? A. Motherboard B. Central Processing Unit (CPU C. Storage Devices D. Peripherals (input/output devices)

A

Which of the following is NOT a characteristic of a host-based intrusion detection system? A. A HIDS does not consume large amounts of system resources B. A HIDS can analyse system logs, processes and resources C. A HIDS looks for unauthorized changes to the system D. A HIDS can notify system administrators when unusual events are identified

A

Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message.

A

Which of the following is NOT a system-sensing wireless proximity card? A. magnetically striped card B. passive device C. field-powered device D. transponder

A

Which of the following is NOT a task normally performed by a Computer Incident ResponseTeam (CIRT)? A. Develop an information security policy. B. Coordinate the distribution of information pertaining to the incident to the appropriate parties. C. Mitigate risk to the enterprise. D. Assemble teams to investigate the potential vulnerabilities.

A

Which of the following is NOT a technique used to perform a penetration test? A. traffic padding B. scanning and probing C. war dialing D. sniffing

A

Which of the following is NOT a transaction redundancy implementation? A. on-site mirroring B. Electronic Vaulting C. Remote Journaling D. Database Shadowing

A

Which of the following is NOT a true statement regarding the implementaton of the 3DES modes? A. DES-EEE1 uses one key B. DES-EEE2 uses two keys C. DES-EEE3 uses three keys D. DES-EDE2 uses two keys

A

Which of the following is NOT a type of motion detector? A. Photoelectric sensor B. Passive infrared sensors C. Microwave Sensor. D. Ultrasonic Sensor.

A

Which of the following is NOT an administrative control? A. Logical access control mechanisms B. Screening of personnel C. Development of policies, standards, procedures and guidelines D. Change control procedures

A

Which of the following is NOT an advantage that TACACS+ has over TACACS? A. Event logging B. Use of two-factor password authentication C. User has the ability to change his password D. Ability for security tokens to be resynchronized

A

Which of the following is TRUE regarding Transmission Control Protocol (TCP) and UserDatagram Protocol (UDP)? A. TCP is connection-oriented, UDP is not. B. UDP provides for Error Correction, TCP does not. C. UDP is useful for longer messages, rather than TCP. D. TCP does not guarantee delivery of data, while UDP does guarantee data delivery.

A

Which of the following is a LAN transmission method? A. Broadcast B. Carrier-sense multiple access with collision detection (CSMA/CD) C. Token ring D. Fiber Distributed Data Interface (FDDI)

A

Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet? A. Secure Electronic Transaction (SET) B. MONDEX C. Secure Shell (SSH-2) D. Secure Hypertext Transfer Protocol (S-HTTP)

A

Which of the following is a large hardware/software backup system that uses the RAID technology? A. Tape Array. B. Scale Array. C. Crimson Array D. Table Array.

A

Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions? A. pipelining B. complex-instruction-set-computer (CISC) C. reduced-instruction-set-computer (RISC) D. multitasking

A

Which of the following is a term used for a rogue Wi-Fi access point that appears to be legitimate but actually has been set up to intercept wireless communications? A Evil twin B Deception twin C Hidden access point D Captive access point

A

Which of the following is a token-passing scheme like token ring that also has a second ring that remains dormant until an error condition is detected on the primary ring? A. Fiber Distributed Data Interface (FDDI). B. Ethernet C. Fast Ethernet D. Broadband

A

Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic? A. a firewall. B. dial-up. C. passwords. D. fiber optics.

A

Which of the following is a trusted, third party authentication protocol that was developed under Project Athena at MIT? A. Kerberos B. SESAME C. KryptoKnight D. NetSP

A

Which of the following is addressed by Kerberos? A. Confidentiality and Integrity B. Authentication and Availability C. Validation and Integrity D. Auditability and Integrity

A

Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host? A. Statistical Anomaly-Based ID B. Signature-Based ID C. dynamical anomaly-based ID D. inferential anomaly-based ID

A

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 10.0.42.5 B. 11.0.42.5 C. 12.0.42.5 D. 13.0.42.5

A

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 192.168.42.5 B. 192.166.42.5 C. 192.175.42.5 D. 192.1.42.5

A

Which of the following is an advantage of a qualitative over a quantitative risk analysis? A. It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities. B. It provides specific quantifiable measurements of the magnitude of the impacts. C. It makes a cost-benefit analysis of recommended controls easier. D. It can easily be automated.

A

Which of the following is an advantage of prototyping? A. Prototype systems can provide significant time and cost savings. B. Change control is often less complicated with prototype systems. C. It ensures that functions or extras are not added to the intended system. D. Strong internal controls are easier to implement.

A

Which of the following is an example of a connectionless communication protocol? A. UDP B. X.25 C. Packet switching D. TCP

A

Which of the following is an example of a single-factor authentication being used to gain access to a computer system? A Using a username and a 16-character password B Using a smart card and entering a secret password C Using an RSA SecureID token device and entering a private code D Using a biometric scan of a fingerprint and entering a PIN

A

Which of the following is an example of discretionary access control? A. Identity-based access control B. Task-based access control C. Role-based access control D. Rule-based access control

A

Which of the following is an issue with signature-based intrusion detection systems? A. Only previously identified attack signatures are detected. B. Signature databases must be augmented with inferential elements. C. It runs only on the windows operating system D. Hackers can circumvent signature evaluations.

A

Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? A. The Software Capability Maturity Model (CMM) B. The Spiral Model C. The Waterfall Model D. Expert Systems Model

A

Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it? A. Aggregation B. Inference C. Clustering D. Collision

A

Which of the following is best provided by symmetric cryptography? A. Confidentiality B. Integrity C. Availability D. Non-repudiation

A

Which of the following is commonly used for retrofitting multilevel security to a database management system? A. trusted front-end. B. trusted back-end. C. controller. D. kernel.

A

Which of the following is considered the weakest link in a security system? A. People B. Software C. Communications D. Hardware

A

Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations? A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)

A

Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)? A. Recovery Point Objective B. Recovery Time Objective C. Point of Time Objective D. Critical Time Objective

A

Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? A. Fiber Optic cable B. Coaxial cable C. Twisted Pair cable D. Axial cable

A

Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services? A. Single Sign-On B. Dynamic Sign-On C. Smart cards D. Kerberos

A

Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix? A. Contact information for all personnel. B. Vendor contact information, including offsite storage and alternate site. C. Equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations. D. The Business Impact Analysis.

A

Which of the following is more suitable for a hardware implementation? A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book

A

Which of the following is most relevant to determining the maximum effective cost of access control? A. the value of information that is protected B. management's perceptions regarding data importance C. budget planning related to base versus incremental spending. D. the cost to replace lost data

A

Which of the following is needed for System Accountability? A. Audit mechanisms. B. Documented design as laid out in the Common Criteria. C. Authorization. D. Formal verification of system design.

A

Which of the following is not a preventive login control? A. Last login message B. Password aging C. Minimum password length D. Account expiration

A

Which of the following is not a security category? A Remuneration B Detection C Recovery D Prevention

A

Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model? A. Prevention of the modification of information by unauthorized users. B. Prevention of the unauthorized or unintentional modification of information by authorized users. C. Preservation of the internal and external consistency. D. Prevention of the modification of information by authorized users.

A

Which of the following is the best security mechanism to minimize risk when browsing the Internet? A Minimize support of mobile code. B Enable the Do-Not-Track feature, and use private-browsing mode. C Keep Java and Flash updated. D Block access to known phishing URLs.

A

Which of the following is the most accurate statement? A The European Union's General Data Protection Regulation provides a single set of rules for all member states. B The United States leads the world in privacy legislation. C Argentina and Brazil are members of the Asia-Pacific Privacy Pact. D Any corporation that has done business in the European Union in excess of five years may apply for the Safe Harbor amendment.

A

Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test? A. Full Interruption test B. Checklist test C. Simulation test D. Structured walk-through test

A

Which of the following is the most critical item from a disaster recovery point of view? A. Data B. Hardware/Software C. Communication Links D. Software Applications

A

Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan? A. It is unlikely to be affected by the same disaster. B. It is close enough to become operational quickly. C. It is close enough to serve its users. D. It is convenient to airports and hotels.

A

Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette? A. Degaussing B. Parity Bit Manipulation C. Zeroization D. Buffer overflow

A

Which of the following is the most secure form of triple-DES encryption? A. DES-EDE3 B. DES-EDE1 C. DES-EEE4 D. DES-EDE2

A

Which of the following is true about biometric scan technology? A A number of points extracted from the item scanned are stored. B Scan data is always stored in the cloud for rapid retrieval. C It is always used with a second method of authentication. D The full palm print is stored in memory.

A

Which of the following is true related to network sniffing? A. Sniffers allow an attacker to monitor data passing across a network. B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. C. Sniffers take over network connections. D. Sniffers send IP fragments to a system that overlap with each other.

A

Which of the following is unlike the other three choices presented? A. El Gamal B. Teardrop C. Buffer Overflow D. Smurf

A

Which of the following is used only to encrypt data in transit over a network and cannot be used to encrypt data at rest? A TKIP B AES C 3DES D RSA

A

Which of the following is used to find the Media Access Control address (MAC) that matches with a known Internet Protocol (IP) address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).

A

Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place? A. Intrusion Detection System B. Compliance Validation System C. Intrusion Management System (IMS) D. Compliance Monitoring System

A

Which of the following is valid regarding change management and the need for interoperability? A You should be able to exchange data based on common formats, day types, file formats, and/or protocols. B You should be able to manage a system remotely from any Internet connection. C You should be able to run the same binary code on any platform. D You should be able to run the same program on multiple systems simultaneously.

A

Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer? A. Data diddling B. Salami techniques C. Trojan horses D. Viruses

A

Which of the following methods of providing telecommunications continuity involves the use of an alternative media? A. Alternative routing B. Diverse routing C. Long haul network diversity D. Last mile circuit protection

A

Which of the following monitors network traffic in real time? A. network-based IDS B. host-based IDS C. application-based IDS D. firewall-based IDS

A

Which of the following most accurately describes eDiscovery? A A legal tool used to request suspected evidentiary information that may be used in litigation B Any information put on legal hold C Any information owned by an organization with the exception of trade secrets. D All information obtained through proper service of the search warrant

A

Which of the following options is not a standard cloud service model? A Help Desk as a Service B Infrastructure as a service C Platform as a service D Software as a Service

A

Which of the following prevents, detects, and corrects errors so that the integrity, availability, and confidentiality of transactions over networks may be maintained? A. Communications security management and techniques B. Information security management and techniques C. Client security management and techniques D. Server security management and techniques

A

Which of the following protects a password from eavesdroppers and supports the encryption of communication? A. Challenge Handshake Authentication Protocol (CHAP) B. Challenge Handshake Identification Protocol (CHIP) C. Challenge Handshake Encryption Protocol (CHEP) D. Challenge Handshake Substitution Protocol (CHSP)

A

Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model? A. User datagram protocol (UDP) B. Internet protocol (IP) C. Internet Group Management Protocol (IGMP) D. Internet control message protocol (ICMP)

A

Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec? A. Authentication Header (AH) B. Encapsulating Security Payload (ESP) C. Secure Sockets Layer (SSL) D. Secure Shell (SSH-2)

A

Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses? A. Direct evidence. B. Circumstantial evidence. C. Conclusive evidence. D. Corroborative evidence.

A

Which of the following questions is less likely to help in assessing an organization's contingency planning controls? A. Is damaged media stored and/or destroyed? B. Are the backup storage site and alternate site geographically far enough from the primary site? C. Is there an up-to-date copy of the plan stored securely off-site? D. Is the location of stored backups identified?

A

Which of the following refers to the data left on the media after the media has been erased? A. remanence B. recovery C. sticky bits D. semi-hidden

A

Which of the following remote access authentication systems is the most robust? A. TACACS+ B. RADIUS C. PAP D. TACACS

A

Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful? A. host-based IDS B. firewall-based IDS C. bastion-based IDS D. server-based IDS

A

Which of the following rules pertaining to a Business Continuity Plan/Disaster RecoveryPlan is incorrect? A. In order to facilitate recovery, a single plan should cover all locations. B. There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan. C. In its procedures and tasks, the plan should refer to functions, not specific individuals. D. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.

A

Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? A. Limiting the local access of operations personnel B. Job rotation of operations personnel C. Management monitoring of audit logs D. Enforcing regular password changes

A

Which of the following security-focused protocols has confidentiality services operating at a layer different from the others? A. Secure HTTP (S-HTTP) B. FTP Secure (FTPS) C. Secure socket layer (SSL) D. Sequenced Packet Exchange (SPX)

A

Which of the following service is a distributed database that translate host name to IP address to IP address to host name? A. DNS B. FTP C. SSH D. SMTP

A

Which of the following services is NOT provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signature D. Authentication

A

Which of the following should NOT normally be allowed through a firewall? A. SNMP B. SMTP C. HTTP D. SSH

A

Which of the following should be included in every policy that states possible penalties or restrictions for individuals? A An enforcement statement B A statement from the author C A preamble of rights D A copyright notice

A

Which of the following standards is concerned with message handling? A. X.400 B. X.500 C. X.509 D. X.800

A

Which of the following statements about FTP, tftp, TCP, and UDP is true? A FTP uses TCP and TFTP uses UDP B FTP uses UDP and TFTP uses TCP C both FTP and TFTP use TCP D both FTP and TFTP use UDP

A

Which of the following statements best defines total risk? A The combined risk to all of the organization's assets, including all the threats and vulnerabilities B The risk that has been reduced through controls C The risk that remains after steps have been taken to mitigate risk D the processes of identifying, assessing, and mitigating risks to an acceptable level for the organization

A

Which of the following statements is NOT true of IPSec Transport mode? A. It is required for gateways providing access to internal systems B. Set-up when end-point is host or communications terminates at end-points C. If used in gateway-to-host communication, gateway must act as host D. When ESP is used for the security protocol, the hash is only applied to the upper layer protocols contained in the packet

A

Which of the following statements is not true of an organizations incident response policy? A It should require the retaliation against repeat attackers. B It can require the repair of damage done from an incident. C It should require the ability to respond quickly and effectively to an incident. D It should require the prevention of future damage from an incident.

A

Which of the following statements pertaining to Kerberos is TRUE? A. Kerberos does not address availability B. Kerberos does not address integrity C. Kerberos does not make use of Symmetric Keys D. Kerberos cannot address confidentiality of information

A

Which of the following statements pertaining to a Criticality Survey is incorrect? A. It is implemented to gather input from all personnel that is going to be part of the recovery teams. B. The purpose of the survey must be clearly stated. C. Management's approval should be obtained before distributing the survey. D. Its intent is to find out what services and systems are critical to keeping the organization in business.

A

Which of the following statements pertaining to disaster recovery planning is incorrect? A. Every organization must have a disaster recovery plan B. A disaster recovery plan contains actions to be taken before, during and after a disruptive event. C. The major goal of disaster recovery planning is to provide an organized way to make decisions if a disruptive event occurs. D. A disaster recovery plan should cover return from alternate facilities to primary facilities.

A

Which of the following statements regarding an off-site information processing facility isTRUE? A. It should have the same amount of physical access restrictions as the primary processing site. B. It should be located in proximity to the originating site so that it can quickly be made operational. C. It should be easily identified from the outside so in the event of an emergency it can be easily found. D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.

A

Which of the following steps is NOT one of the eight detailed steps of a Business ImpactAssessment (BIA): A. Notifying senior management of the start of the assessment. B. Creating data gathering techniques. C. Identifying critical business functions. D. Calculating the risk for each different business function.

A

Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks? A. Web Applications B. Intrusion Detection Systems C. Firewalls D. DNS Servers

A

Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? A. Steganography B. ADS - Alternate Data Streams C. Encryption D. NTFS ADS

A

Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? A. Symmetric Key Cryptography B. PKI - Public Key Infrastructure C. Diffie-Hellman D. DSS - Digital Signature Standard

A

Which of the following types of activities is NOT commonly performed in preparation for a security assessment? A Apply patches. B Analyze the change management procedures. C Review the security policies. D Collect host configuration documentation.

A

Which of the following usually provides reliable, real-time information without consuming network or host resources? A. network-based IDS B. host-based IDS C. application-based IDS D. firewall-based IDS

A

Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense ? A. TCSEC B. ITSEC C. DIACAP D. NIACAP

A

Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support? A. SESAME B. RADIUS C. KryptoKnight D. TACACS+

A

Which of the following would assist the most in Host Based intrusion detection? A. audit trails. B. access control lists. C. security clearances D. host-based authentication

A

Which of the following would assist the most in Host Based intrusion detection? A. audit trails. B. access control lists. C. security clearances. D. host-based authentication.

A

Which of the following would be the best criterion to consider in determining the classification of an information asset? A. Value B. Age C. Useful life D. Personal association

A

Which of the following would be true about Static password tokens? A. The owner identity is authenticated by the token B. The owner will never be authenticated by the token. C. The owner will authenticate himself to the system. D. The token does not authenticates the token owner but the system.

A

Which of the following would best classify as a management control? A. Review of security controls B. Personnel security C. Physical and environmental protection D. Documentation

A

Which of the following would best describe certificate path validation? A. Verification of the validity of all certificates of the certificate chain to the root certificate B. Verification of the integrity of the associated root certificate C. Verification of the integrity of the concerned private key D. Verification of the revocation status of the concerned certificate

A

Which one of the following authentication mechanisms creates a problem for mobile users? A. Mechanisms based on IP addresses B. Mechanism with reusable passwords C. one-time password mechanism. D. challenge-response mechanism.

A

Which one of the following components should be included in an organization's emergency response guidelines? A Immediate response procedures B Long-term business continuity protocols C Activation procedures for the organization's cold sites D Contact information for ordering equipment

A

Which one of the following is normally used as an authorization tool? A ACL B Token C Username D Password

A

Which one of the following is typically considered a business continuity task? A Business impact assessment B Alternate facility selection C Activation of cold sites D Restoration of data from backup

A

Which one of the following represents an ALE calculation? A. single loss expectancy x annualized rate of occurrence. B. gross loss expectancy x loss frequency. C. actual replacement cost - proceeds of salvage. D. asset value x loss expectancy.

A

Which one of the following technologies is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture? A Load balancing B Dual-power supplies C IPS D RAID

A

Which option best describes the encryption technique of a Caesar cipher? A Substitution B Diffusion C Confusion D Transportation

A

Which option is most accurate regarding a recovery point objective? A The point at which the most accurate data is available for restoration B The point at which the least accurate data is available for restoration C The target time full operations should be restored after disaster D The time after which the viability of the enterprise is in question

A

Which option is not a cloud deployment model? A Corporate cloud B Community cloud restoration C Public cloud D Private cloud

A

Which port does the Post Office Protocol Version 3 (POP3) make use of? A. 110 B. 109 C. 139 D. 119

A

Which procedure is NOT a valid mechanism for performing account proofing when users are attempting to log into their account? A Have the user type in the username and password a second time. B Send a text message to the user's phone. C Ask the user three security questions based upon facts that only the user is likely to know. D Have the user click a hyperlink in an email message.

A

Which property ensures that only the intended recipient can access the data and nobody else? A. Confidentiality B. Capability C. Integrity D. Availability

A

Which protocol is NOT implemented in the Network layer of the OSI Protocol Stack? A. hyper text transport protocol B. Open Shortest Path First C. Internet Protocol D. Routing Information Protocol

A

Which protocol of the TCP/IP suite addresses reliable data transport? A. Transmission control protocol (TCP) B. User datagram protocol (UDP) C. Internet protocol (IP) D. Internet control message protocol (ICMP)

A

Which security plan is used to restore normal operations in the event of the full interruption of mission critical business functions? A Disaster recovery plan B Acceptable use policy C Preventative policy D Incident response plan

A

Which statement best describes an advanced persistent threat (APT)? A A malware attack by a nation state B An advanced threat that continuously causes havoc C Malware that persistently moves from one place to another D An advanced malware attack by a persistent hacker

A

Which term is used when an event triggers an IDS alert, but the event was not malicious? A False positive B True negative C False negative D True positive

A

Which trust architecture or model is based on the concept of an individual top level entity that all other entities trust and with entities organized in levels or layers below the top level? A Hierarchical trust B Transitive trust C Web trust D Peer trust

A

Which type of attack consists of modifying the length and fragmentation offset fields in sequential IP packets? A. Teardrop attack B. Smurf attack C. SYN attack D. Buffer overflow attack

A

Which type of attack would a competitive intelligence attack best classify as? A. Business attack B. Intelligence attack C. Financial attack D. Grudge attack

A

Which type of client-side program always runs in a sandbox? A Java applet B Active X control C HTML4 control D Visual Basic script

A

Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part? A. One Time Pad (OTP) B. One time Cryptopad (OTC) C. Cryptanalysis D. Pretty Good Privacy (PGP)

A

Which type of firewall can be used to track connectionless protocols such as UDP andRPC? A. Stateful inspection firewalls B. Packet filtering firewalls C. Application level firewalls D. Circuit level firewalls

A

Which type of password provides maximum security because a new password is required for each new log-on? A. One-time or dynamic password B. Congnitive password C. Static password D. Passphrase

A

Which type of secure implementation of client devices has brought back a concept from the mainframe era where systems on a worker's desk have minimal storage and computational capacity? A Thin clients B Mobile devices C All-in-one PCs D Distributed architecture

A

Which wireless configuration protocol can use either RC4 or TKIP for communication encryption? A WPA B SKA C OSA D WEP

A

Which xDSL flavour can deliver up to 52 Mbps downstream over a single copper twisted pair? A. VDSL B. SDSL C. HDSL D. ADSL

A

Which xDSL flavour delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs? A. HDSL B. SDSL C. ADSL D. VDSL

A

While Lauren is monitoring traffic on two ends of a network connection, she sees traffic that is inbound to a public IP address show up inside the production network bound for an internal host that uses an RFC 1918 reserved address. What technology should she expect is in use at the network border? A NAT B VLANs C S/NAT D BGP

A

Who first described the DoD multilevel military security policy in abstract, formal terms? A. David Bell and Leonard LaPadula B. Rivest, Shamir and Adleman C. Whitfield Diffie and Martin Hellman D. David Clark and David Wilson

A

Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating ? A. Security administrators B. Operators C. Data owners D. Data custodians

A

Who should DECIDE how a company should approach security and what security measures should be implemented? A. Senior management B. Data owner C. Auditor D. The information security specialist

A

Why does compiled code pose more of a security risk than interpreted code? A. Because malicious code can be embedded in compiled code and be difficult to detect. B. If the executed compiled code fails, there is a chance it will fail insecurely. C. Because compilers are not reliable. D. There is no risk difference between interpreted code and compiled code.

A

Why is Network File System (NFS) used? A. It enables two different types of file systems to interoperate. B. It enables two different types of file systems to share Sun applications. C. It enables two different types of file systems to use IP/IPX. D. It enables two different types of file systems to emulate each other.

A

Why is an enterprise risk management (ERM) program implemented? A To establish a proactive risk response strategy B To promote decision makers from any sector of the organization C To reduce costs associated with security assessments D To provide public transparency to security operations

A

Why is multifactor authentication considered more secure than single-factor authentication? A Multifactor authentication requires multiple distinct attacks to perform impersonation. B Multifactor authentication solutions cost more. C Single-factor authentication is less compatible with operating systems. D Multifactor authentication is available on the Internet.

A

Why is mutual authentication preferred over single-sided authentication? A Mutual authentication requires both entities to prove themselves to each other simultaneously. B Mutual authentication does not use open source solutions. C Single-sided authentication does not support multifactor authentication. D Impersonation is impossible when using mutual authentication.

A

Why should forensic investigators give collection priority to the most volatile evidence? A Volatile evidence has the highest risk of being lost or changes due to the passing of time B Volatile evidence is considered hearsay evidence in US courts. C Volatile evidence is stored as binary information. D Volatile evidence is the most persuasive evidence in a court of law.

A

Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided? A. Data Link B. Transport C. Presentation D. Application

A

Within the context of the CBK, which of the following provides a MINIMUM level of securityACCEPTABLE for an environment ? A. A baseline B. A standard C. A procedure D. A guideline

A

Within the legal domain what rule is concerned with the legality of how the evidence was gathered ? A. Exclusionary rule B. Best evidence rule C. Hearsay rule D. Investigation rule

A

You are comparing different MAC-based architecture models. What is the primary goal of the Biba model? A integrity B confidentiality C availability D authentication

A

You are comparing the different access control models. Which access control model provides users with ownership of data and gives them full control over their data? A DAC B MAC C Role-BAC D SSO

A

You are configuring a new web server that will be used in your intranet. Which of the following steps are valid system hardening steps? (Select three) 1 removing unneeded protocols 2 disabling unneeded services 3 disabling the firewall 4 keeping the system up-to-date A 1,2,4 B 1,3,4

A

You are evaluating different access control models. Which of the following Access Control models allows users to assign permissions at the granular level? A DAC B MAC C Role-BACBAC D Kerberos

A

You are evaluating the performance of a biometric system for authentication what identifies the percentage of times that a biometric system will falsely reject a known user and instead indicate that the user is unknown? A FRR B FAR C CER D MAC

A

You are reviewing security policies in your organization to ensure the organization is complying with various laws. Of the following choices, what must be protected to comply with legislation? A PII B internal procedures C sensitive data D internal policies

A

You are starting a new website. You want to quickly allow users to begin using your site without having the hassle of creating a new user account. You set up a one-way trust federated access link from your website to the three major social networks. Why should you use a one-way trust in this configuration rather than a two-way trust in this scenario? A A one-way trust allows your website to trust the user accounts of the social networks without requiring the social networks to trust your website. B Two-way trusts are only valid in private networks and cannot be used across the Internet. C A one-way trust allows your website to access the file storage of the social networks. D A two-way trust would grant the social network administrators full access to your backend database.

A

You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals.One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch.What critical step in forensic evidence have you forgotten? A. Chain of custody B. Locking the laptop in your desk C. Making a disk image for examination D. Cracking the admin password with chntpw

A

Your company has recently acquired a small startup company, Metroil. Metroil has a single Microsoft Active Directory domain named Metroil-HQ. Your company has three existing domains: BaseStar1, RemoteOf2, and RemoteOf3. Your company's three existing domains are configured in a standard domain tree, with BaseStar1 linked to RemoteOf2, which is then linked to RemoteOf3. How can users from Metroil be able to access resources in BaseStar1 with the least amount of network reconfiguration? A Establish a trust between RemoteOf3 and Metroil-HQ. B No new configuration is required. All domains automatically have two-way trusts between them. C Remove each device from Metroil-HQ, and then join each device as a new member of BaseStar1. D Break the tree trusts between BaseStar1 and RemoteOf2 and the trust between RemoteOf2 and RemoteOf3. Then establish a trust between BastStar1 and Metroil-HQ.

A

Your company is partnering with Verigon to produce a new suite of services for the financial industry. To create and support these new services, both organizations will need to share content and perform collaborative work. The new services are to be offered only to pre-selected and invited clients, rather than being sold openly. How can this new service be configured without significantly increasing the risk to either company's private networks? A Set up the new service in an extranet and provide VPN credentials to Verigon and invited clients. B Host the new service in a public SaaS cloud. C Create a DMZ to host the service, and provide company interaction. D Configure the service on an internal server, and configure port forwarding.

A

Your organization completes full backups on Sunday but only partial backups on other days of the week. The backups done on the other days of the week backup only the day that has changed since the last full back-up. What type of backups are done throughout the week? A differential B incremental C full D failover

A

Which access control model was proposed for enforcing access control in government and military applications? A. Bell-LaPadula model B. Biba model C. Sutherland model D. Brewer-Nash model

A; The Bell-LaPadula model, mostly concerned with confidentiality, was proposed for enforcing access control in government and military applications. It supports mandatory access control by determining the access rights from the security levels associated with subjects and objects. It also supports discretionary access control by checking access rights from an access matrix. The Biba model, introduced in 1977, theSutherland model, published in 1986, and the Brewer-Nash model, published in 1989, are concerned with integrity.

A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed: A. at one end of the connection. B. at both ends of the connection. C. somewhere between both end points. D. in the middle of the connection.

B

A company is concerned about unauthorized entities attacking their wireless network. The company has chosen to disable SSID broadcast in order to hide their base station and prevent unauthorized connections. Which of the following statements are correct of this scenario? A It does not resolve the issue because the wireless signal is still present and detectable. B It does not resolve the issue because the SSID is still present in most other management frames. C It resolves the issue does because it prevents the SSID from being discovered by unauthorized entities. D It resolves the issue because without the SSID, connections to the base station are not possible.

B

A critical database server is hosting data for a web Farm. A recent outage on the database server resulted in substantial losses for the organization. You're asked what can be done to prevent a similar incident in the future. What do you suggest? A use a RAID implementation on the server B create a failover cluster C create redundant connections D identify an alternate location

B

A disaster recovery plan (DRP) should focus on restoring mission critical services. Part of the DRP is to ensure that recent data is available for processing once mission critical services are restored. How is data loss addressed in DRP? A By minimizing recovery time with a small RTO B Through understanding the RPO C By avoiding failure with RAID D By implementing redundancies

B

A packet-filtering firewall includes a "deny any" rule. Where should this rule be placed? A at the beginning of the ACL B at the end of the ACL C before any allow rules D the placement of this rule does not matter

B

A prolonged complete loss of electric power is a: A. brownout B. blackout C. surge D. fault

B

A system was recently attacked remotely and you've been called to the scene. A computer forensic team is on the way to examine the computer. Which of the following is the most important action you can take? A power down the system B preserve the scene C disable accounts on the system D copy log files to an external system

B

A type of wireless network attack monitors wireless signals for clients making requests to connect to wireless base stations. It then takes the details from those requests to spoof the identity of the requested base station in order to fool the client devices into connecting to the false version of their trusted network. Which attack is this describing? A MAC spoofing B Evil twin C Shared key guessing D War driving

B

A user receives a happy birthday greeting card via email. After clicking the link and watching the greeting, the user notices specific vicious activity. What is the likely reason? A the greeting card was hiding a worm B the greeting card was hiding a trojan horse C the greeting card was using heuristics D the greeting card was not digitally signed

B

A username Sally logs on with her username of Sally and a password of password. What provides the identification and what proves the authentication? A It's not possible to tell from the information given B Sally is the identification and P@ssw0rd is the authentication C P@ssw0rd is the identification and Sally is the authentication D Sally and P@ssw0rd provide the authentication, and identification occurs when Sally is granted access to resources

B

A vulnerability assessment scan done on a system did not report any vulnerabilities. However, you know that the system is vulnerable because it does not have a specific patch installed. What is it called? A false positive B false negative C penetration test failure D penetration test success

B

Access control is best described as which of the following? A The use of federated identities B The use of identification and authorization techniques C The elimination of risk when allowing users on a network D Reduction of social networking

B

Alan is considering the use of new identification cards in his organization that will be used for physical access control. He comes across a sample card and is unsure of the technology. He breaks it open and sees the following internal construction. What type of card is this? A Smart card B Proximity card C Magnetic stripe D Phase-two card

B

Alex is preparing to solicit bids for a penetration test of his company's network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process? A Black box B Crystal box C Gray box D Zero box

B

Almost all types of detection permit a system's sensitivity to be increased or decreased during an inspection process. If the system's sensitivity is increased, such as in a biometric authentication system, the system becomes increasingly selective and has the possibility of generating: A. Lower False Rejection Rate (FRR) B. Higher False Rejection Rate (FRR) C. Higher False Acceptance Rate (FAR) D. It will not affect either FAR or FRR

B

An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? A. Discretionary Access B. Least Privilege C. Mandatory Access D. Separation of Duties

B

An alternative to using passwords for authentication in logical or technical access control is: A. manage without passwords B. biometrics C. not there D. use of them for physical access control

B

An anti-virus program is attempting to detect previously unknown malware. What method of detection is this? A signature-based B heuristics-based C characteristics-based D pattern recognition-based

B

An area of the Telecommunications and Network Security domain that directly affects theInformation Systems Security tenet of Availability can be defined as: A. Netware availability B. Network availability C. Network acceptability D. Network accountability

B

An effective information security policy should not have which of the following characteristic? A. Include separation of duties B. Be designed with a short- to mid-term focus C. Be understandable and supported by all stakeholders D. Specify areas of responsibility and authority

B

An organization has considered the risks associated with selling products via a website on the internet. After determining that the games don't outweigh the risks, the organization has decided that it will not sell products on the website. What is this called? A mitigating the risk B avoiding the risk C transferring the risk D recasting the risk

B

An organization has divided job tasks among different job titles to prevent any single person from having control over an entire process. What security principle is the organization enforcing? A job rotation B separation of duties C least privilege D nonrepudiation

B

An organization is taking steps to reduce risks by implementing controls are safeguards. What is this called? A risk elimination B risk mitigation C residual risk D reducing threats

B

An organization needs to continue operations at an alternate location if a disaster hits. It can't afford to keep the location man and up-to-date continuously but once the location to have much of the hardware needed to support the mission. What type of site should the organization use? A cold site B warm site C hot site D BCP site

B

An organization wants to prevent the risk of someone guessing a password. It has implemented a policy that disables an account after three incorrect passwords are entered within a 30-minute period. What is this? A clipping level B account lockout policy C password policy D audit trail

B

An organization youth uses configuration management to ensure that servers are deployed with similar settings. What can be done to determine whether a server has been modified? A reimage the server B compare it to the baseline C check the change management logs D ask the administrators

B

As per RFC 1122, which of the following is not a defined layer in the DoD TCP/IP protocol model? A. Application layer B. Session layer C. Internet layer D. Link/Network Access Layer

B

Asynchronous Communication transfers data by sending: A. bits of data sequentially B. bits of data sequentially in irregular timing patterns C. bits of data in sync with a heartbeat or clock D. bits of data simultaneously

B

Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of: A. a class A network. B. a class B network. C. a class C network. D. a class D network.

B

Bill implemented RAID level 5 on a server that he operates using a total of three disks. How many disks may fail without the loss of data? A 0 B 1 C 2 D 3

B

Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack? A. The use of good key generators. B. The use of session keys. C. Nothing can defend you against a brute force crypto key attack. D. Algorithms that are immune to brute force key attacks.

B

Callback to a landline phone number is an example of what type of factor? A Something you know B Somewhere you are C Something you have D Something you are

B

Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified? A ALE B SLE C ARO D AV

B

Communications devices must operate: A. at different speeds to communicate. B. at the same speed to communicate. C. at varying speeds to interact. D. at high speed to interact.

B

Computer security should be first and foremost which of the following: A. Cover all identified risks B. Be cost-effective. C. Be examined in both monetary and non-monetary terms. D. Be proportionate to the value of IT systems.

B

Computer-generated evidence is considered: A. Best evidence B. Second hand evidence C. Demonstrative evidence D. Direct evidence

B

Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following? A. Accountability of biometrics systems B. Acceptability of biometrics systems C. Availability of biometrics systems D. Adaptability of biometrics systems

B

Controlling access to information systems and associated networks is necessary for the preservation of their: A. Authenticity, confidentiality and availability B. Confidentiality, integrity, and availability. C. integrity and availability. D. authenticity,confidentiality, integrity and availability.

B

Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to defend his organization against the use of rainbow tables. Which one of the following techniques is specifically designed to frustrate the use of rainbow tables? A Password expiration policies B Salting C User education D Password complexity policies

B

Degaussing is used to clear data from all of the following medias except: A. Floppy Disks B. Read-Only Media C. Video Tapes D. Magnetic Hard Disks

B

Devices that supply power when the commercial utility power system fails are called which of the following? A. power conditioners B. uninterruptible power supplies C. power filters D. power dividers

B

During what phase of the electronic discovery reference model does an organization ensure that potentially discoverable information is protected against alteration or deletion? A Identification B Preservation C Collection D Production

B

Ensuring least privilege does not require: A. Identifying what the user's job is. B. Ensuring that the user alone does not have sufficient rights to subvert an important process. C. Determining the minimum set of privileges required for a user to perform their duties. D. Restricting the user to required privileges and nothing more.

B

Failure of a contingency plan is usually: A. A technical failure. B. A management failure. C. Because of a lack of awareness. D. Because of a lack of training.

B

For optimal signal quality, which of the following is correct concerning wireless antenna placement? A Place the antenna near a doorway facing into a room. B Place the antenna as high as possible in the center of the service area. C Wireless antennas must always be placed in the line of sight. D Always use a Yagi antenna for 360° broadcasts.

B

Good security is built on which of the following concept? A. The concept of a pass-through device that only allows certain traffic in and out B. The Concept of defense in depth C. The Concept of Preventative controls D. The Concept of Defensive Controls

B

Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it should take to restore a particular IT service after an outage. What variable is Greg calculating? A MTD B RTO C RPO D SLA

B

How can Ben provide access control for his customers without having to provision user IDs before they connect while also gathering useful contact information for his business purposes? A WPA2 PSK B Use a captive portal C Require customers to use a publicly posted password like "BensCoffee." D Port security

B

How can Jack best ensure accountability for actions taken on systems in his environment? A Log review and require digital signatures for each log. B Require authentication for all actions taken and capture logs centrally. C Log the use of administrative credentials and encrypt log data in transit. D Require authorization and capture logs centrally

B

How can a company ensure protection against eavesdropping and session hijacking for its workers connecting to a public cloud? A Access resources with a Web browser. B Use a VPN. C Implement multi-factor authentication. D Use standard PPTP.

B

How can a risk be mitigated? A Accept a risk as is. B Implement safeguards. C Alter business processes to avoid them. D Purchase insurance.

B

How can a user be given the power to set privileges on an object for other users when within a DAC operating system? A Remove special permissions for the user on the object. B Grant the user full control over the object. C Give the user the modify privilege on the object. D Issue an administrative job label to the user.

B

How can an organization protect itself from compromise by accounts that were used by previous employees? A Account provisioning B Account deactivation C Account lockout D Account audit

B

How can the burden of handling a specific security risk be transferred to the shoulders of another organization? A More thorough user training B Outsourcing C Decommissioning equipment D Implementing market leading countermeasure

B

How can you provide defense diversity when implementing a DMZ? A ensure that you use at least two firewalls B ensure that use at least two firewalls from different vendors C ensure that you use at least two firewalls from the same vendor D and sure that you use at least two packet filtering firewalls

B

How does a typical SIEM or systems management console retrieve event details from a source system? A SMTP B SNMP C OVAL D IPSec

B

How does hardware asset management affect security? A Through assessing the purpose of hardware before it is acquired B By reducing the likelihood of hardware-focused attacks C By replacing hardware as it becomes three years old D By preventing the use of cheap equipment through minimal cost vs. performance metrics

B

How does mandatory access control determine which objects a subject can access? A By checking ACLs B Through the use of classification labels C By referencing the physical location of the workstation D Based on the job role of the user

B

How is Annualized Loss Expectancy (ALE) derived from a threat? A. ARO x (SLE - EF) B. SLE x ARO C. SLE/EF D. AV x EF

B

How is a backup strategy tested to verify that it is a viable tool for recovery after a disaster? A Create an encrypted backup. B Restore files from backup media. C Review the backup policy. D Perform a verification pass immediately after the backup completes.

B

How is role-based access control implemented? A Through the use of time restrictions B By assigning a job name label to subjects C On the basis of ACLs D By assigning sensitivity labels to all objects

B

How many accounts should a typical administrative user have and why? A One account to minimize credential management B Two accounts: one for general tasks and one for special privileged tasks C One account to simplify auditing and reduce risk D One account per managed device to ensure the same credentials are not used on multiple devices in the same environment

B

How many firewalls require the placement of a "deny any" rule in the firewall to block all traffic that is not explicitly allowed. However, many firewalls use this rule even if it isn't defined. What is it called? A defense diversity B implicit deny C explicit deny D defense in depth

B

How should a doorway of a manned facility with automatic locks be configured? A. It should be configured to be fail-secure. B. It should be configured to be fail-safe. C. It should have a door delay cipher lock. D. It should not allow piggybacking.

B

ICMP and IGMP belong to which layer of the OSI model? A. Datagram Layer. B. Network Layer. C. Transport Layer. D. Data Link Layer.

B

IT security measures should: A. Be complex B. Be tailored to meet organizational security goals. C. Make sure that every asset of the organization is well protected. D. Not be developed in a layered fashion.

B

If a security assessment determines that a specific employee has been performing numerous and repeated security violations, what action should be taken? A Ask the employee to sign the NDA. B Perform an exit interview. C Increase monitoring of this user's activity. D Have the employee repeat the security awareness training.

B

If an organization experiences a disaster level event that damages its ability to perform mission critical operations, what form of emergency response plan will provide a reliable means to ensure the least amount of downtime? A Cold site B Multi-site C Warm site D Reciprocal agreement

B

If information being protected is critical, which is the best course of action? A The data should be used less frequently B The encryption password should be changed more frequently C Users should be provided public encryption keys D The data should be hidden from other processes

B

If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated: A. Based on the value of item on the date of loss B. Based on new, comparable, or identical item for old regardless of condition of lost item C. Based on value of item one month before the loss D. Based on the value listed on the Ebay auction web site

B

In Discretionary Access Control the subject has authority, within certain limitations, A. but he is not permitted to specify what objects can be accessible and so we need to get an independent third party to specify what objects can be accessible. B. to specify what objects can be accessible. C. to specify on a aggregate basis without understanding what objects can be accessible. D. to specify in full detail what objects can be accessible.

B

In Mandatory Access Control, sensitivity labels attached to object contain what information? A The item's classification B The item's classification and category set C The item's category D The items's need to know

B

In a Public Key Infrastructure, how are public keys published? A. They are sent via e-mail. B. Through digital certificates. C. They are sent by owners. D. They are not published.

B

In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server

B

In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term? A. Subordinate CA B. Top Level CA C. Big CA D. Master CA

B

In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because: A. people need not use discretion B. the access controls are based on the individual's role or title within the organization. C. the access controls are not based on the individual's role or title within the organization D. the access controls are often based on the individual's role or title within the organization

B

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on : A. sex of a person B. physical attributes of a person C. age of a person D. voice of a person

B

In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering 2 questions : A. what was the sex of a person and his age B. what part of body to be used and how to accomplish identification that is viable C. what was the age of a person and his income level D. what was the tone of the voice of a person and his habits

B

In biometrics, "one-to-many" search against database of stored biometric images is done in: A. Authentication B. Identification C. Identities D. Identity-based access control

B

In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on: A. The societies role in the organization B. The individual's role in the organization C. The group-dynamics as they relate to the individual's role in the organization D. The group-dynamics as they relate to the master-slave role in the organization

B

In order to be able to successfully prosecute an intruder: A. A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies. B. A proper chain of custody of evidence has to be preserved. C. Collection of evidence has to be done following predefined procedures. D. Whenever possible, analyze a replica of the compromised resource, not the original, thereby avoiding inadvertently tamping with evidence.

B

In stateful inspection firewalls, packets are: A. Inspected at only one layer of the Open System Interconnection (OSI) model B. Inspected at all Open System Interconnection (OSI) layers C. Decapsulated at all Open Systems Interconnect (OSI) layers. D. Encapsulated at all Open Systems Interconnect (OSI) layers.

B

In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices? A. new loop B. local loop C. loopback D. indigenous loop

B

In the Bell-LaPadula model, the Star-property is also called: A. The simple security property B. The confidentiality property C. The confinement property D. The tranquility property

B

In the context of a database, what is used to create relationships between two tables? A tuple B foreign Key C virtual table D view

B

In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the best choice below. A. Network Address Translation B. Network Address Hijacking C. Network Address Supernetting D. Network Address Sniffing

B

In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process? A. Known-plaintext attack B. Ciphertext-only attack C. Chosen-Ciphertext attack D. Plaintext-only attack

B

In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? A. Pre Initialization Phase B. Phase 1 C. Phase 2 D. No peer authentication is performed

B

John works in an organization. He is trying to insert a password to log in his account on the organization's login website. Which of the following best describes the use of passwords for access control? A Authorization B Authentication C Identification D Auditing

B

Kerberos can prevent which one of the following attacks? A. tunneling attack. B. playback (replay) attack. C. destructive attack. D. process attack.

B

Kerberos depends upon what encryption method? A. Public Key cryptography. B. Secret Key cryptography. C. El Gamal cryptography. D. Blowfish cryptography.

B

Layer 4 of the OSI stack is known as: A. the data link layer B. the transport layer C. the network layer D. the presentation layer

B

Like the Kerberos protocol, SESAME is also subject to which of the following? A. timeslot replay B. password guessing C. symmetric key guessing D. asymmetric key guessing

B

Management at your organization wants to break up its large Network into smaller interconnected networks. Which of the following choices will provide logical segmentation? A router B VLAN C switch D ACL

B

Management warns to ensure that users can be held accountable for any actions they take while logged on with their account. The organization's security policy mandates the use of strong authentication and identification methods. What is the difference between authentication and identification? A identification occurs when the user provides a password, and authentication occurs when the password is verified B identification occurs when a user claims an identity, and authentication occurs when the user proves the identity C authentication occurs when a user professors and identity, and identity occurs when the user is granted access to resources D identification and authentication are the same thing

B

Management within your organization wants to ensure that personnel can encrypt and digitally sign all emails. What key is used when users encrypt email? A the recipient's private key B the recipient's public key C the sender's private key D the sender's public key

B

Many Web sites use a digital certificate to prove their identity to visitors. Why is the use of digital certificates considered a reliable form of authentication? A It complies with 802.1x. B It is a form of trusted third-party authentication. C It uses symmetric encryption keys. D It is a web of trust.

B

Many businesses craft an ethical guidance policy as part of their overall security policy. In the event that there is a conflict between your employer's ethical policy and your own personal ethical views, how should you handle this conflict? A Contact a lawyer to have the company policy changed. B Discuss the issue internally with your manager and IT security administrator. C Post your disagreements with the issue on your social network account. D Protest the concern by picketing outside of your employer's building.

B

Michelle is in charge of her organization's mobile device management efforts and handles lost and stolen devices. Which of the following recommendations will provide the most assurance to her organization that data will not be lost if a device is stolen? A Mandatory passcodes and application management B Full device encryption and mandatory passcodes C Remote wipe and GPS tracking D Enabling GPS tracking and full device encryption

B

Of the following choices, what is the primary purpose of a digital signature? A repudiation B authentication C encryption D hashing

B

Once evidence is seized, a law enforcement officer should emphasize which of the following? A. Chain of command B. Chain of custody C. Chain of control D. Chain of communications

B

One employee is restricted from accessing the corporate network remotely while another user is allowed to use remote access. What would an administrator use to apply the restrictions of the first user? A object attributes B subject attributes C A password policy D synchronous tokens

B

Organization policies are generally created in response to the requirement to meet certain criteria. Which of the following best details these requirements? A Procedures B Standards C Baselines D Policy Requirements Document (PRD)

B

Organizations should not view disaster recovery as which of the following? A. Committed expense. B. Discretionary expense. C. Enforcement of legal statutes. D. Compliance with regulations.

B

Organizations that handle any type of PHI must protect that data. What U.S. law mandates the protection of this information? A PCI DSS B HIPAA C SOX D Common Criteria

B

Other than implementing preventative measures and planning out response and recovery strategies, what is another important element that will help minimize data loss in the event of a harmful event that would trigger a disaster recovery policy (DRP)? A End user training B Prior warning of impending harm C Significant expenditure on avoiding single points of failure D Performing full interruption testing

B

PGP uses which of the following to encrypt data? A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate

B

Passwords can be required to change monthly, quarterly, or at other intervals: A. depending on the criticality of the information needing protection B. depending on the criticality of the information needing protection and the password's frequency of use C. depending on the password's frequency of use D. not depending on the criticality of the information needing protection but depending on the password's frequency of use

B

Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is not a component that achieves this type of security? A. Administrative control mechanisms B. Integrity control mechanisms C. Technical control mechanisms D. Physical control mechanisms

B

Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following? A. Multi-party authentication B. Two-factor authentication C. Mandatory authentication D. Discretionary authentication

B

Preservation of confidentiality within information systems requires that the information is not disclosed to: A. Authorized person B. Unauthorized persons or processes. C. Unauthorized persons. D. Authorized persons and processes

B

Related to information security, confidentiality is the opposite of which of the following? A. closure B. disclosure C. disposal D. disaster

B

Related to information security, integrity is the opposite of which of the following? A. abstraction B. alteration C. accreditation D. application

B

Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered.There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive? A. Pattern Matching (also called signature analysis) B. Anomaly Detection C. Host-based intrusion detection D. Network-based intrusion detection

B

Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing? A. Preventive/Administrative Pairing B. Preventive/Technical Pairing C. Preventive/Physical Pairing D. Detective/Technical Pairing

B

The Clipper Chip utilizes which concept in public key cryptography? A. Substitution B. Key Escrow C. An undefined algorithm D. Super strong encryption

B

The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. 4 B. 16 C. 54 D. 64

B

The Diffie-Hellman algorithm is primarily used to provide which of the following? A. Confidentiality B. Key Agreement C. Integrity D. Non-repudiation

B

The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

B

The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram? A. Transmission Control Protocol (TCP) B. Authentication Header (AH) C. User datagram protocol (UDP) D. Internet Control Message Protocol (ICMP)

B

The International Standards Organization / Open Systems Interconnection (ISO/OSI)Layers does NOT have which of the following characteristics? A. Standard model for network communications B. Used to gain information from network devices such as count of packets received and routing tables C. Enables dissimilar networks to communicate D. Defines 7 protocol layers (a.k.a. protocol stack)

B

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? A. Illiminated at nine feet high with at least three foot-candles B. Illiminated at eight feet high with at least three foot-candles C. Illiminated at eight feet high with at least two foot-candles D. Illuminated at nine feet high with at least two foot-candles

B

The Orange Book is founded upon which security policy model? A. The Biba Model B. The Bell LaPadula Model C. Clark-Wilson Model D. TEMPEST

B

The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to: A. Netware Architecture. B. Network Architecture. C. WAN Architecture. D. Multiprotocol Architecture.

B

The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative

B

The control of communications test equipment should be clearly addressed by security policy for which of the following reasons? A. Test equipment is easily damaged. B. Test equipment can be used to browse information passing on a network. C. Test equipment is difficult to replace if lost or stolen. D. Test equipment must always be available for the maintenance personnel.

B

The first step in the implementation of the contingency plan is to perform: A. A firmware backup B. A data backup C. An operating systems software backup D. An application software backup

B

The following is NOT a security characteristic we need to consider while choosing a biometric identification systems: A. data acquisition process B. cost C. enrollment process D. speed and user interface

B

The major objective of system configuration management is which of the following? A. system maintenance. B. system stability. C. system operations. D. system tracking.

B

The primary purpose for using one-way hashing of user passwords within a password file is which of the following? A. It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords.

B

The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as? A. Confidentiality B. Availability C. Integrity D. Reliability

B

The scope and focus of the Business continuity plan development depends most on: A. Directives of Senior Management B. Business Impact Analysis (BIA) C. Scope and Plan Initiation D. Skills of BCP committee

B

The standard server port number for HTTP is which of the following? A. 81 B. 80 C. 8080 D. 8180

B

The viewing of recorded events after the fact using a closed-circuit TV camera is considered a A. Preventative control. B. Detective control C. Compensating control D. Corrective control

B

This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence? A. Circumstantial evidence B. Corroborative evidence C. Opinion evidence D. Secondary evidence

B

To prevent any one person from having too much control or power, or performing fraudulent acts, which of the following solutions should not be implemented? A Multiple key pairs B Job rotation C M of N control D Separation of duties

B

To understand the 'whys' in crime, many times it is necessary to understand MOM. Which of the following is not a component of MOM? A. Opportunities B. Methods C. Motivation D. Means

B

Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions would have no bearing on the inadmissibility of audit logs and audit trails in a court of law? A. Records are collected during the regular conduct of business. B. Records are collected by senior or executive management. C. Records are collected at or near the time of occurrence of the act being investigated to generate automated reports. D. You can prove no one could have changed the records/data/logs that were collected.

B

Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if: A. The company is not a multi-national company. B. They have not exercised due care protecting computing resources. C. They have failed to properly insure computer resources against loss. D. The company does not prosecute the hacker that caused the breach.

B

Users in your organization regularly use USB drives, and occasionally a USB device has introduced a virus into the organization. What is the best method of protecting against malware distributed via USB without affecting the users? A scan all spam for viruses B use antivirus software C prevent the usage of USB devices D use write-only USB devices

B

What RADIUS alternative is commonly used for Cisco network gear and supports two-factor authentication? A RADIUS+ B TACACS+ C XTACACS D Kerberos

B

What are the three FUNDAMENTAL principles of security? A. Accountability, confidentiality and integrity B. Confidentiality, integrity and availability C. Integrity, availability and accountability D. Availability, accountability and confidentiality

B

What are the three most important functions that Digital Signatures perform? A. Integrity, Confidentiality and Authorization B. Integrity, Authentication and Nonrepudiation C. Authorization, Authentication and Nonrepudiation D. Authorization, Detection and Accountability

B

What assesses potential loss that could be caused by a disaster? A. The Business Assessment (BA) B. The Business Impact Analysis (BIA) C. The Risk Assessment (RA) D. The Business Continuity Plan (BCP)

B

What attack involves the perpetrator sending spoofed packet(s) wich contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host? A. Boink attack B. Land attack C. Teardrop attack D. Smurf attack

B

What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location? A. Remote journaling B. Electronic vaulting C. Data clustering D. Database shadowing

B

What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate

B

What can be defined as a list of subjects along with their access rights that are authorized to access a specific object? A. A capability table B. An access control list C. An access control matrix D. A role-based matrix

B

What can be defined as an event that could cause harm to the information systems? A. A risk B. A threat C. A vulnerability D. A weakness

B

What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? A. Key collision B. Key clustering C. Hashing D. Ciphertext collision

B

What can be defined as secret communications where the very existence of the message is hidden? A. Clustering B. Steganography C. Cryptology D. Vernam cipher

B

What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization? A. Recovery Point Objectives (RPO) B. Recovery Time Objectives (RTO) C. Recovery Time Period (RTP) D. Critical Recovery Time (CRT)

B

What can be described as a measure of the magnitude of loss or impact on the value of an asset? A. Probability B. Exposure factor C. Vulnerability D. Threat

B

What can best be defined as high-level statements, beliefs, goals and objectives? A. Standards B. Policies C. Guidelines D. Procedures

B

What can best be defined as the detailed examination and testing of the security features of an IT system or product to ensure that they work correctly and effectively and do not show any logical vulnerabilities, such as evaluation criteria? A. Acceptance testing B. Evaluation C. Certification D. Accreditation

B

What can best be described as a domain of trust that shares a single security policy and single management? A. The reference monitor B. A security domain C. The security kernel D. The security perimeter

B

What can best be described as an abstract machine which must mediate all access to subjects to objects? A. A security domain B. The reference monitor C. The security kernel D. The security perimeter

B

What does a failure of the BCP usually indicate? A failure by administrators B failure at the senior management level C failure by IT management D failure by third party vendor

B

What does the Clark-Wilson security model focus on? A. Confidentiality B. Integrity C. Accountability D. Availability

B

What does the simple integrity axiom mean in the Biba model? A. No write down B. No read down C. No read up D. No write up

B

What form of wireless configuration uses AES? A WPA B WPA-2 C WEP D OSA

B

What is Kerberos? A. A three-headed dog from the egyptian mythology. B. A trusted third-party authentication protocol. C. A security model. D. A remote authentication dial in user server.

B

What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol.

B

What is a primary element that makes RSA strong? A keys are changed often B keys are created from large prime numbers C keys are always over 2048 bits D keys are kept private

B

What is a risk of creating a big data collection of information sets from a wide range of online services which can be easily data minded by outsiders? A Improved throughput of Internet services B Privacy violations C Implementation of monolithic operating systems D Reduction in authentication complexity

B

What is a service pack? A A piece of software intended to update an application B An executable program that loads a number of fixes and system upgrades C A piece of software intended to inform users of a software vulnerability D A piece of software written by user group intended to fix a problem

B

What is also known as 10Base5? A. Thinnet B. Thicknet C. ARCnet D. UTP

B

What is an IP routing table? A. A list of IP addresses and corresponding MAC addresses. B. A list of station and network addresses with corresponding gateway IP address. C. A list of host names and corresponding IP addresses. D. A list of current network interfaces on which IP routing is enabled.

B

What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests? A. Ping of death attack B. SYN attack C. Smurf attack D. Buffer overflow attack

B

What is called an attack where the attacker spoofs the source IP address in an ICMPECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets? A. SYN Flood attack B. Smurf attack C. Ping of Death attack D. Denial of Service (DOS) attack

B

What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent? A. Evidence Circumstance Doctrine B. Exigent Circumstance Doctrine C. Evidence of Admissibility Doctrine D. Exigent Probable Doctrine

B

What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? A. Authentication B. Identification C. Authorization D. Confidentiality

B

What is called the probability that a threat to an information system will materialize? A. Threat B. Risk C. Vulnerability D. Hole

B

What is defined as the manner in which the network devices are organized to facilitate communications? A. LAN transmission methods B. LAN topologies C. LAN transmission protocols D. LAN media access methods

B

What is the 802.11 standard related to? A. Public Key Infrastructure (PKI) B. Wireless network communications C. Packet-switching technology D. The OSI/ISO model

B

What is the MOST critical piece to disaster recovery and continuity planning? A. Security policy B. Management support C. Availability of backup information processing facilities D. Staff training

B

What is the appropriate role of the security analyst in the application system development or acquisition project? A. policeman B. control evaluator & consultant C. data owner D. application user

B

What is the condition of an IDS security assessment reporting that an event of concern has taken place, but when later analyzed it is determined that the event was benign and should not have caused an IDS alert? A True negative B False positive C True positive D False negative

B

What is the difference between Access Control Lists (ACLs) and Capability Tables? A. Access control lists are related/attached to a subject whereas capability tables are related/attached to an object. B. Access control lists are related/attached to an object whereas capability tables are related/attached to a subject. C. Capability tables are used for objects whereas access control lists are used for users. D. They are basically the same.

B

What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility? A. DS-0 B. DS-1 C. DS-2 D. DS-3

B

What is the goal of event data analysis? A Locate new exploitations. B Interpret collected events, and take appropriate action. C Discover the identity of perpetrators. D Reduce the vulnerabilities of an organization.

B

What is the key size of the International Data Encryption Algorithm (IDEA)? A. 64 bits B. 128 bits C. 160 bits D. 192 bits

B

What is the legal process by which law enforcement officials, including attorneys, can make formal requests to obtain digital information in relation to a legal action, investigation, or court proceeding? A Ownership B eDiscovery C Abandonment D Encryption

B

What is the main characteristic of a bastion host? A. It is located on the internal network. B. It is a hardened computer implementation C. It is a firewall. D. It does packet filtering.

B

What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging

B

What is the main problem of the renewal of a root CA certificate? A. It requires key recovery of all end user keys B. It requires the authentic distribution of the new root CA certificate to all PKI participants C. It requires the collection of the old root CA certificates from all the users D. It requires issuance of the new root CA certificate

B

What is the main purpose of Corporate Security Policy? A. To transfer the responsibility for the information security to all users of the organization B. To communicate management's intentions in regards to information security C. To provide detailed steps for performing specific actions D. To provide a common framework for all development activities

B

What is the maximum length of cable that can be used for a twisted-pair, Category 510Base-T cable? A. 80 meters B. 100 meters C. 185 meters D. 500 meters

B

What is the minimum number of cryptographic keys necessary to achieve strong security when using the 3DES algorithm? A 1 B 2 C 3 D 4

B

What is the most important consideration in regards to communicating findings from a security monitoring system? A Informing the public of each security violation B Speed of presentation C Linking each violation to a standard vulnerability reference, such as the CVE D Having the presentation include all details related to an event

B

What is the most important foundational security concept upon which most other security ideas and solutions are based? A Non-repudiation B Implicit deny C Availability D Revocation

B

What is the name of a cryptographic attack based on a database of pre-computed hash values and the original plaintext values? A Brute force attack B Rainbow table attack C Frequency analysis D Chosen plaintext attack

B

What is the name of the third party authority that vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority

B

What is the primary difference between FTP and TFTP? A. Speed of negotiation B. Authentication C. Ability to automate D. TFTP is used to transfer configuration files to and from network equipment.

B

What is the primary goal of change management? A to slow down the process of making changes B to reduce unintended outages C to ensure that changes are implemented as quickly as possible D to ensure that changes do not modify system configurations

B

What is the primary method of authentication used in a typical PKI deployment? A Biometrics B Digital certificates C Smart cards D Passwords

B

What is the primary reason why some sites choose not to implement Trivial File TransferProtocol (TFTP)? A. It is too complex to manage user access restrictions under TFTP B. Due to the inherent security risks C. It does not offer high level encryption like FTP D. It cannot support the Lightwight Directory Access Protocol (LDAP)

B

What is the proper term to refer to a single unit of IP data? A. IP segment. B. IP datagram. C. IP frame. D. IP fragment.

B

What is the purpose of a baseline in relation to security monitoring? A Evaluates purchasing requirements B Notices trends away from normal C Keeps configurations consistent D Defines job task procedures

B

What is the purpose of sharing threat intelligence? A Remove all private ownership of intellectual property. B Equip other organizations to handle a looming security concern. C Prevent lawsuits based on retaining proprietary information. D Misdirect attackers into thinking their exploit is universally blocked.

B

What is the term used for the range of values that can be used to control the symmetric encryption function while converting plaintext into ciphertext? A Block size B Key space C Key length D Rounds

B

What is the term used to describe the event of a certificate authority canceling an issued digital certificate? A Destruction B Revocation C Expiration D Termination

B

What kind of Encryption technology does SSL utilize? A. Secret or Symmetric key B. Hybrid (both Symmetric and Asymmetric) C. Public Key D. Private key

B

What mechanism does a system use to compare the security labels of a subject and an object? A. Validation Module. B. Reference Monitor. C. Clearance Check. D. Security Module.

B

What prevents a process from accessing another process' data? A. Memory segmentation B. Process isolation C. The reference monitor D. Data hiding

B

What protocol is used to match an IP address to the appropriate hardware address of the packet's destination so it can be sent? A. Routing tables B. Address resolution protocol (ARP) C. Reverse address resolution protocol (RARP) D. Internet Control Message Protocol (ICMP)

B

What type of DNS record allows a DNS server to resolve IP addresses to hostnames? A A B PTR C MX D CNAME

B

What type of event is more likely to trigger the business continuity plan (BCP) rather than the disaster recovery plan (DRP)? A A port-scanning event against your public servers in the DMZ B A security breach of an administrator account C Several users failing to remember their logon credentials D A level 5 hurricane

B

What type of fire extinguisher is useful against liquid-based fires? A Class A B Class B C Class C D Class D

B

What type of firewall uses multiple proxy servers that filter traffic based on analysis of the protocols used for each service? A A static packet filtering firewall B An application-level gateway firewall C A circuit-level gateway firewall D A stateful inspection firewall

B

What type of information or data is the basis of most forms of modern cryptography, making modern cryptography possible and encryption cracking significantly more difficult? A Static keys B Randomness C 128-bit block sizes D Key triplet usage

B

What type of network deployment is the most fault tolerant? A Ring B Mesh C Star D Bus

B

What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition? A. Running key cipher B. One-time pad C. Steganography D. Cipher block chaining

B

What virtual environment tool allows for testing and experimentation within a guest OS while providing a means to roll-back to a previous stable state in just seconds? A File-by-file backup B Snapshots C Hard drive image D Bit-stream image backups

B

What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database? A. Database Management system B. Database views C. Database security D. Database shadowing

B

When Chris verifies an individual's identity and adds a unique identifier like a user ID to an identity system, what process has occurred? A Identity proofing B Registration C Directory management D Session management

B

When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature? A Matthew's public key B Matthew's private key C Richard's public key D Richard's private key

B

When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED? A. Type I error B. Type II error C. Type III error D. Crossover error

B

When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).

B

When an organization has limited visibility of their risk, in addition to how risk affects daily operations, in what state or condition is the organization? A Proactive state B Reactive state C Processing state D Preventative state

B

When an organization is unable to lose more than a few hours of data without experiencing severe consequences, what means or method of backup is most appropriate? A Tape storage of backup B Real-time backup C Incremental backup D Online backup

B

When implementing LAN-based security like traffic management in a software-defined network, where are decisions about where traffic is to be sent made? A Data plane B Control plane C Kernel mode D User mode

B

When it comes to magnetic media sanitization, what difference can be made between clearing and purging information? A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files. B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack. C. They both involve rewriting the media. D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.

B

When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems? A. Executive management staff B. Senior business unit management C. BCP committee D. Functional business units

B

When should security be implemented or included in the asset life cycle? A During the maintaining phase B As early as possible C Once the asset is being used in daily operations D Before implementation

B

Where should backups be stored? A In encrypted form and in plain text format B Onsite and offsite C On tape and in the cloud D Online and offline

B

Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet? A. Authentication mode B. Tunnel mode C. Transport mode D. Safe mode

B

Which Network Address Translation (NAT) is the most convenient and secure solution? A. Hiding Network Address Translation B. Port Address Translation C. Dedicated Address Translation D. Static Address Translation

B

Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control? A. DAC B. MAC C. Access control matrix D. TACACS

B

Which access control model provides upper and lower bounds of access capabilities for a subject? A. Role-based access control B. Lattice-based access control C. Biba access control D. Content-dependent access control

B

Which action should be avoided when collecting evidence of a cybercrime? A Taking photographs of information displayed on screen B Rebooting the suspect's computer C Removing power from a storage device D Preserving contents of RAM

B

Which answer is most accurate regarding firewalls? A They switch packets based upon inspecting packets. B They filter traffic based upon inspecting packets. C They route traffic based upon inspecting packets. D They forward packets to the Internet based upon inspecting packets.

B

Which approach to a security program ensures people responsible for protecting the company's assets are DRIVING the program? A. The Delphi approach B. The top-down approach C. The bottom-up approach D. The technology approach

B

Which authentication technique best protects against hijacking? A. Static authentication B. Continuous authentication C. Robust authentication D. Strong authentication

B

Which choice best describes Bluetooth? A A transmission tool used to back up hard disks B A method of data synchronization between devices C A method of converting data from one type of media to another D A secure transmission methodology

B

Which choice describes the path of an attack? A A threat source location B A threat vector C A threat vehicle D The threat action effect

B

Which choice is an attack on a senior executive? A Watercooler attack B Whaling attack C Phishing attack D Golf course attack

B

Which choice is not a description of a control? A Detective controls uncover attacks and prompt the action of preventative or corrective controls. B Corrective controls always reduce the likelihood of a premeditated attack. C Controls reduce the effect of an attack. D Controls perform as the countermeasures for threats.

B

Which choice is not a proper method of managing keys? A Memory locations of keys should be overwritten seven times. B Keys may be sent to and reused by a different department. C Keys frequently in use should be replaced frequently. D Key expiration dates should be carefully monitored.

B

Which common backup method is the fastest on a daily basis? A. Full backup method B. Incremental backup method C. Fast backup method D. Differential backup method

B

Which communication method is characterized by very high speed transmission rates that are governed by electronic clock timing signals? A. Asynchronous Communication. B. Synchronous Communication. C. Automatic Communication. D. Full duplex Communication.

B

Which conceptual approach to intrusion detection system is the most common? A. Behavior-based intrusion detection B. Knowledge-based intrusion detection C. Statistical anomaly-based intrusion detection D. Host-based intrusion detection

B

Which converged network communications concept includes support for real-time chat, video conferencing, voice and video mail, and file exchange? A Multi-play B VoIP C Multicast D TLS

B

Which group represents the most likely source of an asset being lost through inappropriate computer use? A Hackers B Employees C Crackers D Flood

B

Which item within an organization makes the determination as to which attributes of a subject or object determine whether access is granted or denied? A Job descriptions B Authorization policy C Security baseline D Acceptable use policy

B

Which layer of the DoD TCP/IP model controls the communication flow between hosts? A. Internet layer B. Host-to-host transport layer C. Application layer D. Network access layer

B

Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control? A. Physical B. Data link C. Network D. Session

B

Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer3)? A. Host-to-host layer B. Internet layer C. Network access layer D. Session layer

B

Which malicious activity countermeasure is most effective at removing vulnerable elements from an organization's IT infrastructure? A Encryption of storage and communications B Patch management C User training D IDS and IPS deployment

B

Which must bear the primary responsibility for determining the level of protection needed for information systems resources? A. IS security specialists B. Senior Management C. Senior security analysts D. systems Auditors

B

Which of following is not a service provided by AAA servers (Radius, TACACS andDIAMETER)? A. Authentication B. Administration C. Accounting D. Authorization

B

Which of the five disaster recovery testing types creates the most risk for an enterprise? A Structured walk-through B Full interruption C Simulation D Parallel

B

Which of the following DoD Model layer provides non-repudiation services? A. network layer. B. application layer. C. transport layer. D. data link layer.

B

Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system? A. Detective Controls B. Preventative Controls C. Corrective Controls D. Directive Controls

B

Which of the following access control models is based on sensitivity labels? A. Discretionary access control B. Mandatory access control C. Rule-based access control D. Role-based access control

B

Which of the following actions will have the LEAST benefit in relation to securing a wireless network? A Enabling WPA-2 B Disabling DHCP C Changing the base station's default SSID and MAC addresses D Changing the default management password on the base station

B

Which of the following algorithms is a stream cipher? A. RC2 B. RC4 C. RC5 D. RC6

B

Which of the following algorithms is used today for encryption in PGP? A. RSA B. IDEA C. Blowfish D. RC5

B

Which of the following are NOT a countermeasure to traffic analysis? A. Padding messages. B. Eavesdropping. C. Sending noise. D. Faraday Cage

B

Which of the following are REGISTERED PORTS as defined by IANA ? A. Ports 128 to 255 B. Ports 1024 to 49151 C. Ports 1025 to 65535 D. Ports 1024 to 32767

B

Which of the following are additional access control objectives? A. Consistency and utility B. Reliability and utility C. Usefulness and utility D. Convenience and utility

B

Which of the following attacks could capture network user passwords? A. Data diddling B. Sniffing C. IP Spoofing D. Smurfing

B

Which of the following backup sites is the most effective for disaster recovery? A. Time brokers B. Hot sites C. Cold sites D. Reciprocal Agreement

B

Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location? A. Direct addressing B. Indirect addressing C. Indexed addressing D. Program addressing

B

Which of the following best describes a botnet? A internet resource used to track malware activity B group of computers called zombies controlled by an attacker via of the man in control center C robot Network used to launch physical attacks against organizations D server hosted by an organization to attract attack or so that the organization can observe their methods

B

Which of the following best describes a one-way function? A Message Authentication Code B hash function C symmetric function D asymmetric function

B

Which of the following best describes a threat exploiting a vulnerability? A Brute force B Risk C A hurricane D Power supply brownout

B

Which of the following best describes an environment to test a patch or a service pack? A As they are received from the manufacturer B In a sandbox C In a production environment D In a simulator

B

Which of the following best describes the purpose of debugging programs? A. To generate random data that can be used to test programs before implementing them. B. To ensure that program coding flaws are detected and corrected. C. To protect, during the programming phase, valid changes from being overwritten by other changes. D. To compare source code versions before transferring to the test environment

B

Which of the following best describes the time that it takes to register with a biometric system, by providing samples of a personal characteristic? A Throughput time B Enrollment time C Login time D Setup time

B

Which of the following best ensures accountability of users for the actions taken within a system or domain? A. Identification B. Authentication C. Authorization D. Credentials

B

Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature

B

Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session- by-session basis? A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)

B

Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using a TACACS+ server. B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5. D. Only attaching modems to non-networked hosts.

B

Which of the following centralized access control mechanisms is the least appropriate for mobile workers accessing the corporate network over analog lines? A. TACACS B. Call-back C. CHAP D. RADIUS

B

Which of the following choices is an open standard that helps an organization assess the severity of computer system security vulnerabilities? A NIST B CVSS C ISO D BIA

B

Which of the following control pairing places emphasis on "soft" mechanisms that support the access control objectives? A. Preventive/Technical Pairing B. Preventive/Administrative Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing

B

Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks? A. Monitoring and auditing for such activity B. Require user authentication C. Making sure only necessary phone numbers are made public D. Using completely different numbers for voice and data accesses

B

Which of the following describes a logical form of separation used by secure computing systems? A. Processes use different levels of security for input and output devices. B. Processes are constrained so that each cannot access objects outside its permitted domain. C. Processes conceal data and computations to inhibit access by outside processes. D. Processes are granted access based on granularity of controlled objects.

B

Which of the following determines that the product developed meets the projects goals? A. verification B. validation C. concurrence D. accuracy

B

Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit? A. Router B. Multiplexer C. Channel service unit/Data service unit (CSU/DSU) D. Wan switch

B

Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier? A. Dynamic authentication B. Continuous authentication C. Encrypted authentication D. Robust authentication

B

Which of the following is BEST defined as a physical control? A. Monitoring of system activity B. Fencing C. Identification and authentication methods D. Logical access control mechanisms

B

Which of the following is NOT a VPN communications protocol standard? A. Point-to-point tunnelling protocol (PPTP) B. Challenge Handshake Authentication Protocol (CHAP) C. Layer 2 tunnelling protocol (L2TP) D. IP Security

B

Which of the following is NOT a common backup method? A. Full backup method B. Daily backup method C. Incremental backup method D. Differential backup method

B

Which of the following is NOT a factor related to Access Control? A. integrity B. authenticity C. confidentiality D. availability

B

Which of the following is NOT a proper component of Media Viability Controls? A. Storage B. Writing C. Handling D. Marking

B

Which of the following is NOT a symmetric key algorithm? A. Blowfish B. Digital Signature Standard (DSS) C. Triple DES (3DES) D. RC5

B

Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis? A. DSS is aimed at solving highly structured problems. B. DSS emphasizes flexibility in the decision making approach of users. C. DSS supports only structured decision-making tasks. D. DSS combines the use of models with non-traditional data access and retrieval functions.

B

Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)

B

Which of the following is an added benefit of audit logs placed on proxy servers? A it prevents users from accessing specific websites B it deters users from engaging in unacceptable or undesirable behavior C it increases the performance of internet access D it decreases the internet bandwidth usage

B

Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing? A. Interface errors are detected earlier. B. Errors in critical modules are detected earlier. C. Confidence in the system is achieved earlier. D. Major functions and processing are tested earlier.

B

Which of the following is given the responsibility of the maintenance and protection of the data? A. Data owner B. Data custodian C. User D. Security administrator

B

Which of the following is most concerned with personnel security? A. Management controls B. Operational controls C. Technical controls D. Human resources controls

B

Which of the following is not a control category? A Technical B Preventative C Physical D Administrative

B

Which of the following is not a form of passive attack? A. Scavenging B. Data diddling C. Shoulder surfing D. Sniffing

B

Which of the following is not a method to protect objects and the data within the objects? A. Layering B. Data mining C. Abstraction D. Data hiding

B

Which of the following is not a one-way hashing algorithm? A. MD2 B. RC4 C. SHA-1 D. HAVAL

B

Which of the following is not a part of a business continuity plan? A The maximum tolerable downtime B Annualized Loss Expectancy C The recovery point objective D The recovery time objective

B

Which of the following is not an encryption algorithm? A. Skipjack B. SHA-1 C. Twofish D. DEA

B

Which of the following is not appropriate in addressing object reuse? A. Degaussing magnetic tapes when they're no longer needed. B. Deleting files on disk before reusing the space. C. Clearing memory blocks before they are allocated to a program or data. D. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.

B

Which of the following is not considered an example of a non-discretionary access control system? A MAC B ACL C ABAC D RBAC

B

Which of the following is often the greatest challenge of distributed computing solutions? A. scalability B. security C. heterogeneity D. usability

B

Which of the following is the WEAKEST authentication mechanism? A. Passphrases B. Passwords C. One-time passwords D. Token devices

B

Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements? A. Validation B. Verification C. Assessment D. Accuracy

B

Which of the following is the best choice to identify a system that requires a database to detect attacks? A anomaly-based IDS B signature-based IDS C HIPS D NIPS

B

Which of the following is the biggest concern with firewall security? A. Internal hackers B. Complex configuration rules leading to misconfiguration C. Buffer overflows D. Distributed denial of service (DDOS) attacks

B

Which of the following is the most likely to attack using an advanced persistent threat? A Hacker B Nation state C Cracker D Script kiddie

B

Which of the following is the most reliable authentication method for remote access? A. Variable callback system B. Synchronous token C. Fixed callback system D. Combination of callback and caller ID

B

Which of the following is the most secure firewall implementation? A. Dual-homed host firewalls B. Screened-subnet firewalls C. Screened-host firewalls D. Packet-filtering firewalls

B

Which of the following is the simplest type of firewall ? A. Stateful packet filtering firewall B. Packet filtering firewall C. Dual-homed host firewall D. Application gateway

B

Which of the following is true about digital certificate? A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.

B

Which of the following is true of network security? A. A firewall is a not a necessity in today's connected world. B. A firewall is a necessity in today's connected world. C. A whitewall is a necessity in today's connected world. D. A black firewall is a necessity in today's connected world.

B

Which of the following is used in database information security to hide information? A. Inheritance B. Polyinstantiation C. Polymorphism D. Delegation

B

Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes? A. Key escrow B. Rotation of duties C. Principle of need-to-know D. Principle of least privilege

B

Which of the following items is NOT a benefit of cold sites? A. No resource contention with other organisation B. Quick Recovery C. A secondary location is available to reconstruct the environment D. Low Cost

B

Which of the following media is MOST resistant to EMI interference? A. microwave B. fiber optic C. twisted pair D. coaxial cable

B

Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access? A. Smart cards B. Single Sign-On (SSO) C. Symmetric Ciphers D. Public Key Infrastructure (PKI)

B

Which of the following offers security to wireless communications? A. S-WAP B. WTLS C. WSP D. WDP

B

Which of the following outcomes is most likely to occur if forensic experts do not maintain a chain of custody document? A the evidence will be modified B the court will likely question the validity of the evidence and disallow its use C the evidence will be authenticated D experts will no longer be able to analyze the evidence

B

Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations? A. The Computer Security Act of 1987. B. The Federal Sentencing Guidelines of 1991. C. The Economic Espionage Act of 1996. D. The Computer Fraud and Abuse Act of 1986.

B

Which of the following provides the best description of data at rest? A Data that is no longer being used by the organization B Data that is in computer storage, such as on system hard drives, USB drives, flash drives, storage area networks, or backup tapes C Data being transmitted over a network D Data encrypted with AES

B

Which of the following provides the best description of risk reduction? A Pays all costs associated with risks with internal budgets B Alters elements of the enterprise in response to a risk analysis C Mitigates risk to the enterprise at any cost D Allows a third party to assume all risk for the enterprise

B

Which of the following recovery plan test results would be most useful to management? A. elapsed time to perform various activities. B. list of successful and unsuccessful activities. C. amount of work completed. D. description of each activity.

B

Which of the following results in the most devastating business interruptions? A. Loss of Hardware/Software B. Loss of Data C. Loss of Communication Links D. Loss of Applications

B

Which of the following rules appearing in an Internet firewall policy is inappropriate? A. Source routing shall be disabled on all firewalls and external routers. B. Firewalls shall be configured to transparently allow all outbound and inbound services. C. Firewalls should fail to a configuration that denies all services, and require a firewall administrator to re-enable services after a firewall has failed. D. Firewalls shall not accept traffic on its external interfaces that appear to be coming from internal network addresses.

B

Which of the following security mode of operation does NOT require all users to have the clearance for all information processed on the system? A. Compartmented security mode B. Multilevel security mode C. System-high security mode D. Dedicated security mode

B

Which of the following statements pertaining to Secure Sockets Layer (SSL) is false? A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols.

B

Which of the following statements pertaining to a security policy is incorrect? A. Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. B. It specifies how hardware and software should be used throughout the organization. C. It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. D. It must be flexible to the changing environment.

B

Which of the following statements pertaining to stream ciphers is correct? A. A stream cipher is a type of asymmetric encryption algorithm. B. A stream cipher generates what is called a keystream. C. A stream cipher is slower than a block cipher. D. A stream cipher is not appropriate for hardware-based encryption.

B

Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect? A. The plan should be reviewed at least once a year for accuracy and completeness. B. The Contingency Planning Coordinator should make sure that every employee gets an up-to-date copy of the plan. C. Strict version control should be maintained. D. Copies of the plan should be provided to recovery personnel for storage offline at home and office.

B

Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces? A. ISDN B. SLIP C. xDSL D. T1

B

Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems? A. Recovery testing B. Security testing C. Stress/volume testing D. Interface testing

B

Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request? A. ICMP B. TCP C. UDP D. IP

B

Which of the following types of Intrusion Detection Systems uses behavioral characteristics of a systems operation or network traffic to draw conclusions on whether the traffic represents a risk to the network or host? A. Network-based ID systems. B. Anomaly Detection. C. Host-based ID systems. D. Signature Analysis.

B

Which of the following types of access control is preferred for its ease of administration when there are a large number of personnel with the same job in an organization? A Mandatory Access Control B Role-based Access Control C Rule-Based Access Control D Label-based Access Control

B

Which of the following uses a digital signature to prevent forged email? A SPF B DKIM C S/MIME D PGP

B

Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN? A. DHCP B. BootP C. DNS D. ARP

B

Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)

B

Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited? A. A threat B. A vulnerability C. A risk D. An exposure

B

Which of the following would MOST likely ensure that a system development project meets business objectives? A. Development and tests are run by different individuals B. User involvement in system specification and acceptance C. Development of a project plan identifying all development activities D. Strict deadlines and budgets

B

Which of the following would be LESS likely to prevent an employee from reporting an incident? A. They are afraid of being pulled into something they don't want to be involved with. B. The process of reporting incidents is centralized. C. They are afraid of being accused of something they didn't do. D. They are unaware of the company's security policies and procedures.

B

Which of the following would best describe a Concealment cipher? A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed.

B

Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data? A. Test environment using test data. B. Test environment using sanitized live workloads data. C. Production environment using test data. D. Production environment using sanitized live workloads data.

B

Which one of the following is used to provide authentication and confidentiality for e-mail messages? A. Digital signature B. PGP C. IPSEC AH D. MD4

B

Which one of the following is usually not a benefit resulting from the use of firewalls? A. reduces the risks of external threats from malicious hackers. B. prevents the spread of viruses. C. reduces the threat level on internal system. D. allows centralized management and control of services.

B

Which one of the following statements identifies the primary goal of confidentiality? A ensures that data is encrypted B prevents unauthorized disclosure of data C ensures that adequate access controls are in place D prevents unauthorized modification of data

B

Which one of the following technologies is not normally a capability of mobile device management (MDM) solutions? A Remotely wiping the contents of a mobile device B Assuming control of a nonregistered BYOD mobile device C Enforcing the use of device encryption D Managing device backups

B

Which option is not a commonly accepted definition for a script kiddie? A A hacker that uses scripts or tools to create a text B A highly skilled attacker C A young unskilled hacker D A young inexperienced hacker

B

Which option provides the best description of the first action to take during incident response? A Disconnect the affected computers. B Follow the procedures in the incident response plan. C Determine the source and vector of the threat. D Alert the third-party incident response team.

B

Which pair of the following factors is key for user acceptance of biometric identification systems? A The FAR and FRR B The throughput rate and the time required to enroll C The CER and the ERR D How often users must reenroll and the reference profile requirements

B

Which security rule should be implemented to minimize risk of malware infection of endpoint systems? A Configure a software firewall. B Disable the use of USB storage devices. C Encrypt all file storage. D Audit user activity.

B

Which security service or benefit is NOT provided by a digital signature? A Non-repudiation B Confidentiality C Integrity D Authentication

B

Which term is used to indicate the function of access control or defining which subjects can perform various tasks on specific objects? A Authentication B Authorization C Availability D Accessibility

B

Which term refers to the security concept that proves a specific individual performed a task and prevents that individual from being able to claim that they did not perform that task? A Authentication B Non-repudiation C Revocation D Authorization

B

Which term refers to the virtualization of networking which grants more control and flexibility over networking than using the traditional hardware-only means of network management? A iSCSI B Software-defined network C Bridging D Hypervisor

B

Which type of attack involves impersonating a user or a system? A. Smurfing attack B. Spoofing attack C. Spamming attack D. Sniffing attack

B

Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system? A. TCP sequence number attack B. IP spoofing attack C. Piggybacking attack D. Teardrop attack

B

Which type of control is concerned with restoring controls? A. Compensating controls B. Corrective controls C. Detective controls D. Preventive controls

B

Which type of password token involves time synchronization? A. Static password tokens B. Synchronous dynamic password tokens C. Asynchronous dynamic password tokens D. Challenge-response tokens

B

Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software? A. Stealth viruses B. Polymorphic viruses C. Trojan horses D. Logic bombs

B

While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and itsIntegrity Check Value (ICV) the most? A. Key session exchange B. Packet Header Source or Destination address C. VPN cryptographic key size D. Crypotographic algorithm used

B

Who can best decide what are the adequate technical security controls in a computer- based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ? A. System Auditor B. Data or Information Owner C. System Manager D. Data or Information user

B

Why are coaxial cables called "coaxial"? A. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. B. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis C. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channels, both running along the same axis. D. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis

B

Why are initialization vectors used as common components of encryption algorithms? A They determine the range of values into which a block can resolve. B They increase the chaos in encrypted output. C They set the speed of the encryption process. D They start the encryption process at a common point.

B

Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit D. Because of insufficient system memory

B

Why do employees have to read and sign an Authorized Use Policy (AUP) before they are granted access to the IT network? A To define the laws that can be broken within this network B To remind users of their responsibilities and that they will be held accountable for their activities C To show proof that the company has a business license and is authorized to use computer equipment in the furtherance of their business processes D To indicate which individuals can and cannot access specific network resources

B

Why does fiber optic communication technology have significant security advantage over other transmission technology? A. Higher data rates can be transmitted. B. Interception of data traffic is more difficult. C. Traffic analysis is prevented by multiplexing. D. Single and double-bit errors are correctable.

B

Why is a continuous monitoring scheme implemented in a typical organization? A To improve social engineering resistance B To take notice of events of interest C To deflect denial of service attacks D To reduce employee resource waste

B

Why is data declassification an essential element of data asset management? A To disclose sensitive documentation to the public B To prevent the wasting of higher level security efforts C To allow subjects with lower classifications to access previously highly classified information D To enable peer reviews and supervisory checks of the security solution

B

Why is it important to perform a physical security assessment after a fire, chemical release, or bomb false alarm? A The assessment might reveal the identity of the perpetrator. B The event could have been triggered as a distraction to alter physical security mechanisms. C It gives your organization the opportunity to further train your personnel. D It is a legal requirement to do so after emergency response personnel have been contacted.

B

Why would a memory dump be admissible as evidence in court? A. Because it is used to demonstrate the truth of the contents. B. Because it is used to identify the state of the system. C. Because the state of the memory cannot be used as evidence. D. Because of the exclusionary rule.

B

Your company is about to launch a new Web site offering services and features that are commonly requested but rarely offered by other existing sites. The market research shows that the new site will be very popular and will have significant user growth for years. You have been given the responsibility to set up user authentication. Your requirements are the following: -Each user must be uniquely identified. -Multifactor authentication should be supported. -Authentication should provide protection of a user's identity even if your Web site's servers are compromised by hackers. How would you implement the authentication for this Web site? A Ask your boss to alter the requirements as it is not possible to use multifactor authentication and unique identification at the same time. B Set up a one-way federated access with an existing major social network site. C Deploy a solution using code taken directly from an open source programming community repository site. D Create shared group accounts requiring two, 10-character minimum passwords.

B

What is considered the most important type of error to avoid for a biometric access control system? A. Type I Error B. Type II Error C. Combined Error Rate D. Crossover Error Rate

B; When a biometric system is used for access control, the most important error is the false accept or false acceptance rate, or Type II error, where the system would accept an impostor.

A BCP determined that the maximum amount of data that an organization can afford to lose from an online database is most recent 60 Minutes of online transactions. Which of the following is a valid Choice based on the BCP conclusion? A the recovery time objective needs to be less than 1 hour B the recovery time needs to be more than one hour C the recovery Point objective needs to be less than 1 hour D the recovery Point objective needs to be more than one hour

C

A Business Continuity Plan should be tested: A. Once a month. B. At least twice a year. C. At least once a year. D. At least once every two years.

C

A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following? A. encrypting messages B. signing messages C. verifying signed messages D. decrypt encrypted messages

C

A business is preparing to create an e-commerce website. It wants to make sure that the business's website is trusted when an HTTP session is established. What should the business do? A Use SSL in all sessions B Ensure that the checkout process is encrypted C Purchase a certificate from a public CA D Publish a certificate from a private CA

C

A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: A. Mandatory Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Rule-based Access control

C

A clipping level does which of the following? A Reduces noise signals on the IT infrastructure B Provides real-time monitoring C Defines a threshold of activity that, after crossed, sets off an operator alarm or alert D Removes unwanted packets

C

A code, as is pertains to cryptography: A. Is a generic term for encryption. B. Is specific to substitution ciphers. C. Deals with linguistic units. D. Is specific to transposition ciphers.

C

A firewall administrator wants to ensure that all traffic going through a packet filtering firewall is using IPsec ESP. What should the administrator use in the ACL to identify the IPsec traffic? A Protocol number 1 B Protocol number 6 C Protocol number 50 D Protocol number 51

C

A momentary low voltage, from 1 cycle to a few seconds, is a: A. spike B. blackout C. sag D. fault

C

A one-way hash provides which of the following? A. Confidentiality B. Availability C. Integrity D. Authentication

C

A packet containing a long string of NOP's followed by a command is usually indicative of what? A. A syn scan. B. A half-port scan. C. A buffer overflow attack. D. A packet destined for the network's broadcast address.

C

A periodic review of user account management should not determine: A. Conformity with the concept of least privilege. B. Whether active accounts are still being used. C. Strength of user-chosen passwords. D. Whether management authorizations are up-to-date.

C

A prolonged high voltage is a: A. spike B. blackout C. surge D. fault

C

A proxy is considered a: A. first generation firewall. B. third generation firewall. C. second generation firewall. D. fourth generation firewall.

C

A security professional is performing a penetration test on a system. When should a penetration test stop? A At the completion of the vulnerability assessment B When the test system fails C Before causing damage to a live system or network D after fully exploiting the vulnerability

C

A trusted system does NOT involve which of the following? A. Enforcement of a security policy. B. Sufficiency and effectiveness of mechanisms to be able to enforce a security policy. C. Assurance that the security policy can be enforced in an efficient and reliable manner. D. Independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective.

C

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to: A. specify what users can do B. specify which resources they can access C. specify how to restrain hackers D. specify what operations they can perform on a system.

C

Administrators are creating a private CA within your network to manage certificates. Of the following choices, what would they most likely use to create public and private keys for the certificates? A user password B username C prime numbers D hash of messages

C

After a recent security incident, Security Professionals began collecting digital evidence. Management wants this evidence to be preserved and protected. Which one of the following methods would the Security Professionals use to authenticate digital evidence? A encryption B bit-copy C hashing D labeling

C

All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan: A. IT Network Support B. Accounting C. Public Relations D. Purchasing

C

An Administrator noticed some suspicious connections from an intern Internet host to one of the servers on the internal Network. After investigating further, he discovers that the server has some unauthorized accounts with administrative privileges. What most likely allowed this to occur? A backdoor B virus C RAT D sandbox

C

An administrator wants to allow SSH traffic through a firewall. What port should be opened? A 20 B 21 C 22 D 25

C

An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n): A. active attack B. outside attack C. inside attack D. passive attack

C

An employee has just been terminated. Prior to leaving, he installed a malicious group that is scheduled to execute on a specific day after he is no longer employed at the organization. What is this script called? A hoax B rootkit C logic bomb D Trojan Horse

C

Attackers recently attacked a web server hosted within a DMZ. The network was protected with firewalls and intrusion detection systems, with each component logging events in forwarding some of the logs to remote systems. What logs are the most valuable to recreate the events during and prior to the attack? A firewall logs on the web server B system logs on the web server C logs on remote systems D application logs on the web server

C

Because all the secret keys are held and authentication is performed on the Kerberos TGS and the authentication servers, these servers are vulnerable to: A. neither physical attacks nor attacks from malicious code. B. physical attacks only C. both physical attacks and attacks from malicious code. D. physical attacks but not attacks from malicious code.

C

Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air- conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. This area is referred to as the: A. smoke boundry area B. fire detection area C. Plenum area D. Intergen area

C

Business Continuity Planning (BCP) is not defined as a preparation that facilitates: A. the rapid recovery of mission-critical business operations B. the continuation of critical business functions C. the monitoring of threat activity for adjustment of technical controls D. the reduction of the impact of a disaster

C

Controls are implemented to: A. eliminate risk and reduce the potential for loss B. mitigate risk and eliminate the potential for loss C. mitigate risk and reduce the potential for loss D. eliminate risk and eliminate the potential for loss

C

Controls to keep password sniffing attacks from compromising computer systems include which of the following? A. static and recurring passwords. B. encryption and recurring passwords. C. one-time passwords and encryption. D. static and one-time passwords.

C

Denise is preparing for a trial relating to a contract dispute between her company and a software vendor. The vendor is claiming that Denise made a verbal agreement that amended their written contract. What rule of evidence should Denise raise in her defense? A Real evidence rule B Best evidence rule C Parol evidence rule D Testimonial evidence rule

C

During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first? A. Damage mitigation B. Install LAN communications network and servers C. Assess damage to LAN and servers D. Recover equipment

C

During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable? A. Measurement of accuracy B. Elapsed time for completion of critical tasks C. Quantitatively measuring the results of the test D. Evaluation of the observed test results

C

During which phase of an IT system life cycle are security requirements developed? A. Operation B. Initiation C. Functional design analysis and Planning D. Implementation

C

Frame relay uses a public switched network to provide: A. Local Area Network (LAN) connectivity. B. Metropolitan Area Network (MAN) connectivity. C. Wide Area Network (WAN) connectivity. D. World Area Network (WAN) connectivity.

C

Gordon is developing a business continuity plan for a manufacturing company's IT operations. The company is located in North Dakota and currently evaluating the risk of earthquake. They choose to pursue a risk acceptance strategy. Which one of the following actions is consistent with that strategy? A Purchasing earthquake insurance B Relocating the data center to a safer area C Documenting the decision-making process D Reengineering the facility to withstand the shock of an earthquake

C

Greg would like to implement application control technology in his organization. He would like to limit users to installing only approved software on their systems. What type of application control would be appropriate in this situation? A Blacklisting B Graylisting C Whitelisting D Bluelisting

C

How are alterations to mission critical servers approved before implementation when a change management process is involved? A By providing a rollback option B By showing a less than 10% chance of failure C By being assessed by a Change Control Board D By documenting all changes that will take place

C

How are memory cards and smart cards different? A. Memory cards normally hold more memory than smart cards B. Smart cards provide a two-factor authentication whereas memory cards don't C. Memory cards have no processing power D. Only smart cards can be used for ATM cards

C

How can Jack detect issues like this using his organization's new centralized logging? A Deploy and use an IDS. B Send logs to a central logging server. C Deploy and use a SIEM. D Use syslog.

C

How can a user be assured that a file downloaded from a vendor's Web site is free from malicious code? A Check for system compatibility. B Read reviews about the product. C Check the file's signature and hash calculation. D Check the file size.

C

How can account provisioning be configured so that the assignment of rights and privileges is nearly automatic once the account is created? A Trigger a random number generator to assign privileges on various resources. B Enable new users to set their own privileges. C Use an RBAC mechanism where a new user's role is set by an HR admin. D Follow a strict procedure where granular access is set on a per-object basis for each user by an administrator.

C

How can files be easily exchanged between systems whether local or remote, when various operating systems are involved, and when all systems support the TCP/IP protocol stack? A SMB B NFS C FTP D Telnet

C

How can multiple distinct physical network topologies be combined into a single network structure? A Deploy a star topology. B Deploy a ring topology. C Deploy a tree topology. D Deploy a bus topology.

C

How can non-repudiation be achieved by the typical user when communicating over e-mail? A Employ encryption and a digital envelope. B Obtain a digital certificate. C Use a digital signature. D Ask for proof of receipt.

C

How can operational controls be used to improve security compliance? A Track activities with auditing and review the audit logs. B Implement encryption and multifactor authentication. C Set procedures for work tasks and provide training. D Require M-of-N controls and place administrators into compartmented areas.

C

How does a Trojan horse get past security mechanisms to harm a victim? A By attaching itself to an existing file B By displaying advertisements for intriguing applications C By seeming to be a benign item D By using system resources to distribute itself to other networked devices

C

How is non-repudiation often implemented? A Hash calculations B Baselining of security configurations C Digital signatures D M-of-N control

C

How is quantitative risk analysis performed? A Through the Delphi technique B With scenario-based assessments C Using calculations D Via employee interviews

C

How is separation of duties typically implemented? A Verify that a sender sent a message and prevent that sender from denying having sent the message. B Assign users the minimal privileges necessary to complete work tasks. C Segment administrative tasks into compartments, and then assign one or more distinct administrators into each compartment. D Assign each user a unique user account and require multifactor authentication.

C

How is the total amount of potential risk calculated for a single asset and a specific threat? A SLE x EF B Accumulate residual risk C AV x EF x ARO D AV x CCM - EF

C

How many bits is the effective length of the key of the Data Encryption Standard algorithm? A. 168 B. 128 C. 56 D. 64

C

How many layers are defined within the US Department of Defense (DoD) TCP/IP Model? A. 7 B. 5 C. 4 D. 3

C

How many possible keys exist when using a cryptographic algorithm that has an 8-bit binary encryption key? A 16 B 128 C 256 D 512

C

How often should a Business Continuity Plan be reviewed? A. At least once a month B. At least every six months C. At least once a year D. At least Quarterly

C

How often should tests and disaster recovery drills be performed? A. At least once a quarter B. At least once every 6 months C. At least once a year D. At least once every 2 years

C

How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of the risk? A. Reject the risk B. Perform another risk analysis C. Accept the risk D. Reduce the risk

C

If an organization is able to process credit card transactions because they have entered into an arrangement to comply with the Payment Card Industry Data Security Standard (PCI-DSS), how is this arrangement integrated into the organization's incident handling scheme? A The PCI-DSS document is used instead of the Policy Charter. B A specific sub-section of the Objectives of the Policy is crafted. C Contractual obligations are included in the Standards policy. D It removes the need for a Terms and Definitions component.

C

In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server? A. Peer-to-peer authentication B. Only server authentication (optional) C. Server authentication (mandatory) and client authentication (optional) D. Role based authentication scheme

C

In a known plaintext attack, the cryptanalyst has knowledge of which of the following? A. the ciphertext and the key B. the plaintext and the secret key C. both the plaintext and the associated ciphertext of several messages D. the plaintext and the algorithm

C

In addition to the accuracy of the biometric systems, there are other factors that must also be considered: A. These factors include the enrollment time and the throughput rate, but not acceptability. B. These factors do not include the enrollment time, the throughput rate, and acceptability. C. These factors include the enrollment time, the throughput rate, and acceptability. D. These factors include the enrollment time, but not the throughput rate, neither the acceptability.

C

In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? A. The transactions should be dropped from processing. B. The transactions should be processed after the program makes adjustments. C. The transactions should be written to a report and reviewed. D. The transactions should be corrected and reprocessed.

C

In an organization, an Information Technology security function should: A. Be a function within the information systems function of an organization. B. Report directly to a specialized business unit such as legal, corporate security or insurance. C. Be lead by a Chief Security Officer and report directly to the CEO. D. Be independent but report to the Information Systems function.

C

In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm. A. virus B. worm C. Trojan horse. D. trapdoor

C

In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of? A. Complexity B. Non-transparency C. Transparency D. Simplicity

C

In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use: A. Screened subnets B. Digital certificates C. An encrypted Virtual Private Network D. Encryption

C

In response to Access-request from a client such as a Network Access Server (NAS), which of the following is not one of the response from a RADIUS Server? A. Access-Accept B. Access-Reject C. Access-Granted D. Access-Challenge

C

In the CIA triad, what does the letter A stand for? A. Auditability B. Accountability C. Availability D. Authentication

C

In the context of a database, what is a view? A row within a table B column within the table C virtual table D primary key

C

In the context of access control, locks, gates, guards are examples of which of the following? A. Administrative controls B. Technical controls C. Physical controls D. Logical controls

C

In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class B network? A. The first bit of the IP address would be set to zero. B. The first bit of the IP address would be set to one and the second bit set to zero. C. The first two bits of the IP address would be set to one, and the third bit set to zero. D. The first three bits of the IP address would be set to one.

C

In the realm of incident response, what is the purpose of the recovery phase? A To remove the offending element from the environment B To prevent the spread of an infection or harm caused by an intrusion C To restore the environment back to normal operating conditions D To assemble an incident response team

C

In what phase of incident response are new countermeasures implemented? A Containment B Detection C Recovery D Eradication

C

In what way could Java applets pose a security threat? A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system. C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.

C

Information about an individual like their name, Social Security number, date and place of birth, or their mother's maiden name is an example of what type of protected information? A PHI B Proprietary data C PII D EDI

C

Java is not: A. Object-oriented. B. Distributed. C. Architecture Specific. D. Multithreaded.

C

Joe starts his computer and she's a message indicating all of his data files have been encrypted. The message gives Joe instructions on how to pay a fee and states that if he pays the fee within 3 days, he will receive a key that he can use to decrypt the files. What best describes this? A Malware B RAT C Ransomware D Scareware

C

Kerberos is vulnerable to replay in which of the following circumstances? A. When a private key is compromised within an allotted time window. B. When a public key is compromised within an allotted time window. C. When a ticket is compromised within an allotted time window. D. When the KSD is compromised within an allotted time window.

C

Knowledge-based Intrusion Detection Systems (IDS) are more common than: A. Network-based IDS B. Host-based IDS C. Behavior-based IDS D. Application-Based IDS

C

Management within your company decided to implement a data solution that stores data in the cloud. IT personnel have implemented a solution that allows employees of the company to access data from any location with internet access. Which of the following accurately describes this deployment model? A public cloud model B community cloud model C private cloud model D hybrid cloud model

C

Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose? A Full interruption test B Checklist review C Parallel test D Tabletop exercise

C

Of the following choices, what best identifies key characteristics of a NIPS? A always monitor traffic with agents and can prevent attacks before they reach a network B always monitors traffic with agents and can prevent attacks on a single system C placed in-line with the traffic and can prevent attacks before they reach a network D placed in-line with the traffic and can prevent attacks on a single system

C

Of the following choices, what represents a single Factor authentication technique? A smart card and PIN B smart card and fingerprint C password and PIN D password and fingerprint

C

Of the following choices, what would not be found in a certificate given by a server to establish an HTTP session? A expiration date B name of the issuing CA C private key D name of server or website

C

Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true? A. Personnel turnover B. Large plans can take a lot of work to maintain C. Continous auditing makes a Disaster Recovery plan irrelevant D. Infrastructure and environment changes

C

One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec) A. Data cannot be read by unauthorized parties B. The identity of all IPsec endpoints are confirmed by other endpoints C. Data is delivered in the exact order in which it is sent D. The number of packets being exchanged can be counted.

C

One of the following statements about the differences between PPTP and L2TP is NOT true A. PPTP can run only on top of IP networks. B. PPTP is an encryption protocol and L2TP is not. C. L2TP works well with all firewalls and network devices that perform NAT. D. L2TP supports AAA servers

C

One of these statements about the key elements of a good configuration process is NOT true A. Accommodate the reuse of proven standards and best practices B. Ensure that all requirements remain clear, concise, and valid C. Control modifications to system hardware in order to prevent resource changes D. Ensure changes, standards, and requirements are communicated promptly and precisely

C

Password management falls into which control category? A. Compensating B. Detective C. Preventive D. Technical

C

Personnel within your organization had been using simple passwords that are susceptible to Brute Force attacks. Management wants to ensure that users create strong passwords. Which of the following would best meet this need? A written security policy B user education C technical password policy D written password policy

C

Prior to analysis, data should be copied from a hard disk utilizing which of the following? A Write protect tool B Block data copy software C Bit-by-bit copy software D Memory dump tool

C

Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that: A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use. B. The channels through which the information flows are secure. C. The recipient's identity can be positively verified by the sender. D. The sender of the message is the only other person with access to the recipient's private key.

C

Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications? A. External Hot site B. Warm Site C. Internal Hot Site D. Dual Data Center

C

Remote control malware was found on a client device, and an unknown attacker was manipulating the network from afar. The attack resulted in the network switches reverting to flooding mode, thereby enabling the attacker to eavesdrop on a significant portion of network communications. After reviewing IDS and traffic logs, you determine that this was accomplished by an attack utility which generated a constant Ethernet frames with random source MAC addresses. What can be done to prevent this attack from occurring in the future? A Restrict access to DHCP. B Use a static HOSTS file. C Use MAC limiting on the switch ports. D Implement an ARP monitor.

C

Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used? A. preventive, corrective, and administrative B. detective, corrective, and physical C. Physical, technical, and administrative D. Administrative, operational, and logical

C

Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control ? A. Discretionary Access Control (DAC) B. Mandatory Access control (MAC) C. Non-Discretionary Access Control (NDAC) D. Lattice-based Access control

C

SYN floods rely on implementations of what protocol to cause denial-of-service conditions? A IGMP B UDP C TCP D ICMP

C

Sally's organization needs to be able to prove that certain staff members sent emails, and she wants to adopt a technology that will provide that capability without changing their existing email system. What is the technical term for the capability Sally needs to implement as the owner of the email system, and what tool could she use to do it? A Integrity; IMAP B Repudiation; encryption C Nonrepudiation; digital signatures D Authentication; DKIM

C

Smart cards are an example of which type of control? A. Detective control B. Administrative control C. Technical control D. Physical control

C

Susan has discovered that the smart card-based locks used to keep the facility she works at secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place? A Physical B Administrative C Compensation D Recovery

C

Telnet and rlogin use which protocol? A. UDP. B. SNMP. C. TCP. D. IGP.

C

The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics? A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output

C

The Diffie-Hellman algorithm is used for: A. Encryption B. Digital signature C. Key agreement D. Non-repudiation

C

The IP header contains a protocol field. If this field contains the value of 17, what type of data is contained within the ip datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

C

The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address? A. integrity and confidentiality. B. confidentiality and availability. C. integrity and availability. D. none of the above.

C

The OSI model features how many layers? A Five B Six C Seven D Four

C

The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for: A. Security Testing. B. Design Verification. C. System Integrity. D. System Architecture Specification.

C

The Secure Hash Algorithm (SHA-1) creates: A. a fixed length message digest from a fixed length input message B. a variable length message digest from a variable length input message C. a fixed length message digest from a variable length input message D. a variable length message digest from a fixed length input message

C

The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of: A. Confidentiality, Integrity, and Entity (C.I.E.). B. Confidentiality, Integrity, and Authenticity (C.I.A.). C. Confidentiality, Integrity, and Availability (C.I.A.). D. Confidentiality, Integrity, and Liability (C.I.L.).

C

The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)? A. Threat B. Exposure C. Vulnerability D. Risk

C

The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative

C

The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? A. Black hats B. White hats C. Script kiddies D. Phreakers

C

The preliminary steps to security planning include all of the following EXCEPT which of the following? A. Establish objectives. B. List planning assumptions. C. Establish a security audit function. D. Determine alternate courses of action

C

The primary service provided by Kerberos is which of the following? A. non-repudiation B. confidentiality C. authentication D. authorization

C

The sensitivity adjustment on a biometric authentication device affects which of the following? A Requirement for continuous adjustment B Limitation of the enrollment database C False acceptance rate and false rejection rate D Cost of the device

C

The separation of network infrastructure from the control layer, combined with the ability to centrally program a network design in a vendor-neutral, standards-based implementation, is an example of what important concept? A MPLS, a way to replace long network addresses with shorter labels and support a wide range of protocols B FCoE, a converged protocol that allows common applications over Ethernet C SDN, a converged protocol that allows network virtualization D CDN, a converged protocol that makes common network designs accessible

C

The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something: A. you need. B. non-trivial C. you are. D. you can get.

C

The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something: A. you need. B. you read. C. you are. D. you do.

C

The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or authenticated by a biometric system. Acceptable throughput rates are in the range of: A. 100 subjects per minute. B. 25 subjects per minute. C. 10 subjects per minute. D. 50 subjects per minute.

C

The typical computer fraudsters are usually persons with which of the following characteristics? A. They have had previous contact with law enforcement B. They conspire with others C. They hold a position of trust D. They deviate from the accepted norms of society

C

There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? A. public keys B. private keys C. public-key certificates D. private-key certificates

C

This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? A. Checkpoint level B. Ceiling level C. Clipping level D. Threshold level

C

To avoid downtime and the need to trigger a business continuity plan (BCP), what preventative technique can be used to avoid single points of failure? A Thorough security policy B Performance monitoring C Redundancy D Update repair documentation

C

To protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and availability is the purpose of: A. Remote journaling. B. Database shadowing. C. A tape backup method. D. Mirroring.

C

Tommy handles access control requests for his organization. A user approaches him and explains that he needs access to the human resources database to complete a headcount analysis requested by the CFO. What has the user demonstrated successfully to Tommy? A Clearance B Separation of duties C Need to know D Isolation

C

Under United States law, an investigator's notebook may be used in court in which of the following scenarios? A. When the investigator is unwilling to testify. B. When other forms of physical evidence are not available. C. To refresh the investigators memory while testifying. D. If the defense has no objections.

C

Upon arriving at an incident scene, the incident response team should do which of the following? A Take photographs of the crime scene before it can be disturbed. B Quickly unplug the Ethernet plug. C Follow the procedures specified in the incident response plan. D Turn off the affected machine to stop the attack.

C

Vivian works for a chain of retail stores and would like to use a software product that restricts the software used on point-of-sale terminals to those packages on a preapproved list. What approach should Vivian use? A Antivirus B Heuristic C Whitelist D Blacklist

C

Voice pattern recognition is what type of authentication factor? A Something you know B Something you have C Something you are D Somewhere you are

C

What ISO/OSI layer do switches primarily operate at?Do take note that this question makes reference to a plain vanilla switch and not one of the smart switches that is available on the market today. A. Physical layer B. Network layer C. Data link layer D. Session layer

C

What algorithm has been selected as the AES algorithm, replacing the DES algorithm? A. RC6 B. Twofish C. Rijndael D. Blowfish

C

What are the four primary components of a public key infrastructure implementation? A Confidentiality, Integrity, Availability, and Non-repudiation B Public key encryption, split-key encryption, initialization vectors, biometrics C Symmetric encryption, asymmetric encryption, hashing, and digital certificates D Authentication, Authorization, Accounting, and Availability

C

What are the three categories of controls? A Administrative, physical, and preventative B Physical, detective, and logical (technical) C Physical, logical (technical), and administrative D Administrative, logical (technical), and digital

C

What are the three main components of a smart lock or an electronic access control (EAC) lock? A Thick metal plating, time based lock, security cameras B Biometric reader, timer, fire suppression system C Credential reader, locking mechanism, door closed sensor D Proximity reader, light sensor, locking mechanism

C

What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? A. Data fiddling B. Data diddling C. Salami techniques D. Trojan horses

C

What business process typically requires sign-off from a manager before modifications are made to a system? A SDN B Release management C Change management D Versioning

C

What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment? A. Risk management B. Risk analysis C. Threat analysis D. Due diligence

C

What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list

C

What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects? A. A capacity table B. An access control list C. An access control matrix D. A capability table

C

What can be described as an imaginary line that separates the trusted components of theTCB from those elements that are NOT trusted? A. The security kernel B. The reference monitor C. The security perimeter D. The reference perimeter

C

What can best be defined as the sum of protection mechanisms inside the computer, including hardware, firmware and software? A. Trusted system B. Security kernel C. Trusted computing base D. Security perimeter

C

What component of IPSec provides for the support of multiple simultaneous VPNs? A IPComp B SKEME C ISAKMP D ESP

C

What do the ILOVEYOU and Melissa virus attacks have in common? A. They are both denial-of-service (DOS) attacks. B. They have nothing in common. C. They are both masquerading attacks. D. They are both social engineering attacks.

C

What do the following concepts have in common: weather, utilities and services, human actions, business processes, information technology, and reputation? A They are elements in a qualitative risk analysis approach. B They are examples of assets. C They are all potential sources of threats. D They are levels of classification.

C

What does "System Integrity" mean? A. The software of the system has been implemented as designed. B. Users can't tamper with processes they do not own. C. Hardware and firmware have undergone periodic testing to verify that they are functioning properly. D. Design specifications have been verified against the formal top-level specification.

C

What does the (star) property mean in the Bell-LaPadula model? A. No write up B. No read up C. No write down D. No read down

C

What does the directive of the European Union on Electronic Signatures deal with? A. Encryption of classified data B. Encryption of secret data C. Non repudiation D. Authentication of web servers

C

What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system? A. Accountability controls B. Mandatory access controls C. Assurance procedures D. Administrative controls

C

What is a benefit of a host-based firewall? A Prevent the installation of malware. B Prevent users from accessing unauthorized files stored on network shares. C Block attacks originating from the local network. D Stop attacks from the keyboard.

C

What is a means to ensure that endpoint devices can interact with the Internet while minimizing risk of system compromise? A Only use encrypted communication protocols. B Use strong authentication. C Use a virtualized OS. D Implement a weekly backup.

C

What is a restriction placed on users that denies them access to resources on the weekends? A Temporal differential B Time of week restriction C Time of day restriction D Time-based accounting

C

What is a security procedure? A Specific criteria that must be met by implementation B Minimum hardware and software requirements C Detailed steps for performing specific tasks D Suggested practices

C

What is a simple example of device authentication that is comprised of a text file used by Web sites? A CGI B CRC C Cookies D Javascript

C

What is called a password that is the same for each log-on session? A. "one-time password" B. "two-time password" C. static password D. dynamic password

C

What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it? A. A fail safe system B. A fail soft system C. A fault-tolerant system D. A failover system

C

What is called the access protection system that limits connections by calling back the number of a previously authorized location? A. Sendback systems B. Callback forward systems C. Callback systems D. Sendback forward systems

C

What is called the formal acceptance of the adequacy of a system's overall security by the management? A. Certification B. Acceptance C. Accreditation D. Evaluation

C

What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources? A. Micrometrics B. Macrometrics C. Biometrics D. MicroBiometrics

C

What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected? A. To ensure that no evidence is lost. B. To ensure that all possible evidence is gathered. C. To ensure that it will be admissible in court D. To ensure that incidents were handled with due care and due diligence.

C

What is the PRIMARY use of a password? A. Allow access to files. B. Identify the user. C. Authenticate the user. D. Segregate various user's accesses.

C

What is the RESULT of a hash algorithm being applied to a message ? A. A digital signature B. A ciphertext C. A message digest D. A plaintext

C

What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity? A. Polyinstantiation B. Inference C. Aggregation D. Data mining

C

What is the benefit of endpoint device encryption for communications? A It prevents denial of service attacks. B It checks for data integrity. C It provides confidentiality of network traffic. D It avoids system flaw exploitation.

C

What is the bit-length, hash-digest output of the SHA-1 hashing algorithm? A 128 B 64 C 160 D 224

C

What is the component of IPSec that handles key generation and distribution? A IP Compression B Encapsulating Security Payload C Internet Key Exchange D Authentication Header

C

What is the composition of a cryptographic key, whether symmetric or asymmetric? A A signed object B A complex mathematical formula C A binary value D A prime number

C

What is the definition of the principle of least privilege? A Allowing all users full control over a network to keep administrative responsibilities to a minimum B Keeping the number of system users with access to a minimum C Granting users only the minimum privileges needed to accomplish assigned work tasks D Designing applications that do not have high levels of privilege

C

What is the difference between Advisory and Regulatory security policies? A. there is no difference between them B. regulatory policies are high level policy, while advisory policies are very detailed C. Advisory policies are not mandated. Regulatory policies must be implemented. D. Advisory policies are mandated while Regulatory policies are not

C

What is the difference between the functions of an IDS and an IPS? A An IDS will stop attacks, while an IPS will record details about violations. B An IDS will interrupt a communication, while an IPS will notify an administrator. C An IDS notice violations once they are occurring, while an IPS attempts to stop a violation from being successful. D An IDS is a software solution, while an IPS is a hardware appliance.

C

What is the essential difference between a self-audit and an independent audit? A. Tools used B. Results C. Objectivity D. Competence

C

What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%? A. $300,000 B. $150,000 C. $60,000 D. $1,500

C

What is the main characteristic of a multi-homed host? A. It is placed between two routers or firewalls. B. It allows IP routing. C. It has multiple network interfaces, each connected to separate networks. D. It operates at multiple layers.

C

What is the main focus of the Bell-LaPadula security model? A. Accountability B. Integrity C. Confidentiality D. Availability

C

What is the main objective of proper separation of duties? A. To prevent employees from disclosing sensitive information. B. To ensure access controls are in place. C. To ensure that no single individual can compromise a system. D. To ensure that audit trails are not tampered with.

C

What is the maximum allowable key size of the Rijndael encryption algorithm? A. 128 bits B. 192 bits C. 256 bits D. 512 bits

C

What is the maximum number of different keys that can be used when encrypting with Triple DES? A. 1 B. 2 C. 3 D. 4

C

What is the most appropriate use of IPSec? A Processing encryption B Storage encryption C Data transmission protection D Database protection

C

What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team? A. The most critical operations are moved from alternate site to primary site before others B. Operation may be carried by a completely different team than disaster recovery team C. The least critical functions should be moved back first D. You moves items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site

C

What is the most critical characteristic of a biometric identifying system? A. Perceived intrusiveness B. Storage requirements C. Accuracy D. Scalability

C

What is the name for a substitution cipher that shifts the alphabet by 13 places? A. Caesar cipher B. Polyalphabetic cipher C. ROT13 cipher D. Transposition cipher

C

What is the name of the process used to replace an old asymmetric key pair set with a new key pair set? A Key generation B Key escrow C Key rotation D Key exchange

C

What is the only viable method a determined attacker can attempt to compromise an encrypted file, assuming a publicly available cryptography standard was used? A Analyze the hash value B Reverse the encryption formula C Brute force guess the key D Examine the algorithms

C

What is the primary concern for any situation involving the triggering of a disaster recovery plan (DRP)? A Avoiding downtime B Reducing asset loss C Preservation of human life D Minimizing costs

C

What is the process that occurs when the Session layer removes the header from data sent by the Transport layer? A Encapsulation B Packet unwrapping C De-encapsulation D Payloading

C

What is the proper term to refer to a single unit of Ethernet data at the link layer of the DoDTCP model ? A. Ethernet Segment. B. Ethernet Datagram. C. Ethernet Frame. D. Ethernet Packet.

C

What is the result of an access control management process that adds new capabilities to users as their job tasks change over time, but does not perform a regular reassessment of the assigned authorization? A Collusion B Collision C Privilege creep D Fraud and abuse

C

What is the term used to describe an entry in a database describing a violation or exploit which is used to match real-time events in order to detect and record attacks by the continuous monitoring solution? A Countermeasure B Threat C Signature D Vulnerability

C

What is the term used to refer to anything that can potentially cause harm to an asset? A Exploit B Vulnerability C Threat D Risk

C

What is used to bind a document to its creation at a particular time? A. Network Time Protocol (NTP) B. Digital Signature C. Digital Timestamp D. Certification Authority (CA)

C

What is used to identify the impact to the organization if any business functions are lost due to any type of incident? A DRP B BCP C BIA D ALE

C

What kind of encryption is realized in the S/MIME-standard? A. Asymmetric encryption scheme B. Password based encryption scheme C. Public key based, hybrid encryption scheme D. Elliptic curve based encryption

C

What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database? A. Level 1/Class 1 B. Level 2/Class 2 C. Level 3/Class 3 D. Level 4/Class 4

C

What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as what each must bring and joined together when getting access or decrypting a file. Each of which does not reveal the other? A. Dual control B. Separation of duties C. Split knowledge D. Need to know

C

What security model is dependent on security labels? A. Discretionary access control B. Label-based access control C. Mandatory access control D. Non-discretionary access control

C

What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used.

C

What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred? A Preventive B Corrective C Detective D Directive

C

What type of cable is used with 100Base-TX Fast Ethernet? A. Fiber-optic cable B. Category 3 or 4 unshielded twisted-pair (UTP). C. Category 5 unshielded twisted-pair (UTP). D. RG-58 cable.

C

What type of motion detector senses changes in the electromagnetic fields in monitored areas? A Infrared B Wave pattern C Capacitance D Photoelectric

C

What type of motion detector uses high microwave frequency signal transmissions to identify potential intruders? A Infrared B Heat-based C Wave pattern D Capacitance

C

What type of virus is characterized by the use of two or more different propagation mechanisms to improve its likelihood of spreading between systems? A Stealth virus B Polymorphic virus C Multipartite virus D Encrypted virus

C

What would BEST define a covert channel? A. An undocumented backdoor that has been left by a programmer in an operating system B. An open system port that should be closed. C. A communication channel that allows transfer of information in a manner that violates the system's security policy. D. A trojan horse.

C

What would BEST define risk management? A. The process of eliminating the risk B. The process of assessing the risks C. The process of reducing risk to an acceptable level D. The process of transferring risk

C

When Matthew sends Richard a message, what key should he use to encrypt the message? A Matthew's public key B Matthew's private key C Richard's public key D Richard's private key

C

When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first? A. Eliminate all means of intruder access. B. Contain the intrusion. C. Determine to what extent systems and data are compromised. D. Communicate with relevant parties.

C

When a storage device is taken in as evidence, what is the first step performed by the forensic personnel after starting the chain of custody form and writing out the evidence collection form? A Write an evidence header file to the storage device. B Make a hash calculation of the contents. C Connect the device to a write blocker. D Create a bit-stream image copy.

C

When referring to a computer crime investigation, which of the following would be theMOST important step required in order to preserve and maintain a proper chain of custody of evidence: A. Evidence has to be collected in accordance with all laws and all legal regulations. B. Law enforcement officials should be contacted for advice on how and when to collect critical information. C. Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available. D. Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.

C

When using asymmetric cryptography, what is the purpose of using the recipient's public key to perform an encryption function on a data set before sending it to the recipient? A To prove the identity of the sender B To verify integrity C To restrict delivery D To support non-repudiation

C

Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel? A. Transport layer B. Network layer C. Data link layer D. Physical layer

C

Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of? A. Transport layer B. Network layer C. Data link layer D. Physical layer

C

Which SSL version offers client-side authentication? A. SSL v1 B. SSL v2 C. SSL v3 D. SSL v4

C

Which attack attempts to steal information from victims by tricking them into visiting false or fake Web sites using a spoofed email communication that seems to originate from a legitimate source? A Botnet B Pharming C Phishing D Hijacking

C

Which backup method does not reset the archive bit on files that are backed up? A. Full backup method B. Incremental backup method C. Differential backup method D. Additive backup method

C

Which backup type run at regular intervals would take the least time to complete? A. Full Backup B. Differential Backup C. Incremental Backup D. Disk Mirroring

C

Which best describes actions in asymmetric cryptography? A Only the public key can encrypt, and only the private key can decrypt. B Only the private key can encrypt, and only the public key can decrypt. C If the public key encrypts, only the private key can decrypt. D The public key is used to encrypt and decrypt, but only the private key can decrypt.

C

Which choice best describes a federation? A A single sign-on technique that allows nonrelated third-party organizations access to network resources B Organizations that may rely on each other in the event of a disaster event C An association of nonrelated third-party organizations that share information based upon a single sign-on D Group organizations that share immediate information concerning zero day attacks

C

Which choice is the most accurate description of a retrovirus? A mobile virus that attacks older phones B virus that uses tried-and-true older techniques to achieve a purpose C virus that attacks anti-malware software D virus designed several years ago

C

Which choice least describes a cloud implementation? A Rapid elasticity B Broadly assessable by numerous networking platforms C Inexpensive D On-demand self-service

C

Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? A. The Take-Grant model B. The Biba integrity model C. The Clark Wilson integrity model D. The Bell-LaPadula integrity model

C

Which layer defines how packets are routed between end systems? A. Session layer B. Transport layer C. Network layer D. Data link layer

C

Which layer of the DoD TCP/IP Model ensures error-free delivery and packet sequencing? A. Internet layer B. Network access layer C. Host-to-host D. Application layer

C

Which of the following ASYMMETRIC encryption algorithms is based on the difficulty ofFACTORING LARGE NUMBERS? A. El Gamal B. Elliptic Curve Cryptosystems (ECCs) C. RSA D. International Data Encryption Algorithm (IDEA)

C

Which of the following Access Control models determines access for users based on their jobs within the organization? A DAC B MAC C Role-BAC D CER

C

Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users? A. Inadequate quality assurance (QA) tools. B. Constantly changing user needs. C. Inadequate user participation in defining the system's requirements. D. Inadequate project management.

C

Which of the following Kerberos components holds all users' and services' cryptographic keys? A. The Key Distribution Service B. The Authentication Service C. The Key Distribution Center D. The Key Granting Service

C

Which of the following LAN topologies offers the highest availability? A. Bus topology B. Tree topology C. Full mesh topology D. Partial mesh topology

C

Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure? A. Access control lists B. Discretionary access control C. Role-based access control D. Non-mandatory access control

C

Which of the following are required for Life-Cycle Assurance? A. System Architecture and Design specification. B. Security Testing and Covert Channel Analysis. C. Security Testing and Trusted distribution. D. Configuration Management and Trusted Facility Management.

C

Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. S/MIME and SSH B. TLS and SSL C. IPsec and L2TP D. PKCS#10 and X.509

C

Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures? A. design, development, publication, coding, and testing. B. design, evaluation, approval, publication, and implementation. C. initiation, evaluation, development, approval, publication, implementation, and maintenance. D. feasibility, development, approval, implementation, and integration.

C

Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection? A. Anomaly detection tends to produce more data B. A pattern matching IDS can only identify known attacks C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams D. An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines

C

Which of the following backup methods is most appropriate for off-site archiving? A. Incremental backup method B. Off-site backup method C. Full backup method D. Differential backup method

C

Which of the following best allows risk management results to be used knowledgeably? A. A vulnerability analysis B. A likelihood assessment C. An uncertainty analysis D. A threat identification

C

Which of the following best defines a Computer Security Incident Response Team(CSIRT)? A. An organization that provides a secure channel for receiving reports about suspected security incidents. B. An organization that ensures that security incidents are reported to the authorities. C. An organization that coordinates and supports the response to security incidents. D. An organization that disseminates incident-related information to its constituency and other involved parties.

C

Which of the following best describes a password that changes on each logon? A Session level password B Self assigned password C Dynamic password D Variable password

C

Which of the following best describes a vulnerability? A Any activity or event that can result in a loss of confidentiality, Integrity, or availability to a system B Any activity or event that protects the system from a loss of confidentiality, Integrity, or availability C A weakness in the system, Network, or infrastructure D The potential for an attacker to attack

C

Which of the following best describes maximum tolerable downtime? A The amount of time between RPO and RTO B The time required to restore data from a backup C The amount of time a business process may be off-line before the viability of the organization is in severe jeopardy D The point at which data recovery should begin

C

Which of the following best describes session level controls? A Identification and integrity control B Role-based logon controls C Log-off due to the user inactivity D Mandatory access controls

C

Which of the following best describes signature-based detection? A. Compare source code, looking for events or sets of events that could cause damage to a system or network. B. Compare system activity for the behaviour patterns of new attacks. C. Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack. D. Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack.

C

Which of the following biometric devices offers the LOWEST CER? A. Keystroke dynamics B. Voice verification C. Iris scan D. Fingerprint

C

Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors? A. Unit testing B. Pilot testing C. Regression testing D. Parallel testing

C

Which of the following can prevent hijacking of a web session? A. RSA B. SET C. SSL D. PPP

C

Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy? A. Who is involved in establishing the security policy? B. Where is the organization's security policy defined? C. What are the actions that need to be performed in case of a disaster? D. Who is responsible for monitoring compliance to the organization's security policy?

C

Which of the following choices describe a condition when RAM and Secondary storage are used together? A. Primary storage B. Secondary storage C. Virtual storage D. Real storage

C

Which of the following choices is the most accurate description of a countermeasure? A The company resource that could be lost due to an accident B Any event with the potential to harm an information system through unauthorized access C Controls put in place as a result of a risk analysis D The annualized rate of occurrence multiplied by the single lost exposure

C

Which of the following computer crime is MORE often associated with INSIDERS? A. IP spoofing B. Password sniffing C. Data diddling D. Denial of service (DOS)

C

Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle? A. Pipelining B. Reduced Instruction Set Computers (RISC) C. Complex Instruction Set Computers (CISC) D. Scalar processors

C

Which of the following computer recovery sites is only partially equipped with processing equipment? A. hot site B. rolling hot site C. warm site D. cold site

C

Which of the following concerning the Rijndael block cipher algorithm is false? A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.

C

Which of the following does NOT concern itself with key management? A. Internet Security Association Key Management Protocol (ISAKMP) B. Diffie-Hellman (DH) C. Cryptology (CRYPTO) D. Key Exchange Algorithm (KEA)

C

Which of the following does not address Database Management Systems (DBMS)Security? A. Perturbation B. Cell suppression C. Padded cells D. Partitioning

C

Which of the following does not apply to system-generated passwords? A. Passwords are harder to remember for users. B. If the password-generating algorithm gets to be known, the entire system is in jeopardy. C. Passwords are more vulnerable to brute force and dictionary attacks. D. Passwords are harder to guess for attackers.

C

Which of the following embodies all the detailed actions that personnel are required to follow? A. Standards B. Guidelines C. Procedures D. Baselines

C

Which of the following encryption algorithms does not deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve

C

Which of the following encryption methods is known to be unbreakable? A. Symmetric ciphers. B. DES codebooks. C. One-time pads. D. Elliptic Curve Cryptography.

C

Which of the following firewall rules found on a firewall installed between an organization's internal network and the Internet would present the greatest danger to the internal network? A. Permit all traffic between local hosts. B. Permit all inbound ssh traffic. C. Permit all inbound tcp connections. D. Permit all syslog traffic to log-server.abc.org.

C

Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor

C

Which of the following is NOT a form of detective administrative control? A. Rotation of duties B. Required vacations C. Separation of duties D. Security reviews and audits

C

Which of the following is NOT a known type of Message Authentication Code (MAC)? A. Keyed-hash message authentication code (HMAC) B. DES-CBC C. Signature-based MAC (SMAC) D. Universal Hashing Based MAC (UMAC)

C

Which of the following is NOT a property of the Rijndael block cipher algorithm? A. The key sizes must be a multiple of 32 bits B. Maximum block size is 256 bits C. Maximum key size is 512 bits D. The key size does not have to match the block size

C

Which of the following is NOT a technical control? A. Password and resource management B. Identification and authentication methods C. Monitoring for physical intrusion D. Intrusion Detection Systems

C

Which of the following is NOT a type of attack used against access controls? A. Dictionary attack B. Brute-force attack C. Teardrop D. Man-in-the-middle attack

C

Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources? A. They are more cost-effective B. They offer a lack of corporate bias C. They use highly talented ex-hackers D. They ensure a more complete reporting

C

Which of the following is a device that is used to regenerate or replicate the received signals? A. Bridge B. Router C. Repeater D. Brouter

C

Which of the following is a goal of integrity? A Any changes to applications for equipment must be approved B All data should be encrypted in transit C Data should not change between sender and receiver D All systems and data should be available

C

Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit? A. Time-division multiplexing B. Asynchronous time-division multiplexing C. Statistical multiplexing D. Frequency division multiplexing

C

Which of the following is a nontechnical means of enforcing security? A Development of a disaster response plan B Business continuity plan C User training D Disaster recovery plan

C

Which of the following is a not a preventative control? A. Deny programmer access to production data. B. Require change requests to include information about dates, descriptions, cost analysis and anticipated effects. C. Run a source comparison program between control and current source periodically. D. Establish procedures for emergency changes.

C

Which of the following is a problem regarding computer investigation issues? A. Information is tangible. B. Evidence is easy to gather. C. Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence. D. In many instances, an expert or specialist is not required.

C

Which of the following is a symmetric encryption algorithm? A. RSA B. Elliptic Curve C. RC5 D. El Gamal

C

Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 172.12.42.5 B. 172.140.42.5 C. 172.31.42.5 D. 172.15.42.5

C

Which of the following is an advantage that UDP has over TCP? A. UDP is connection-oriented whereas TCP is not. B. UDP is more reliable than TCP. C. UDP is faster than TCP. D. UDP makes a better effort to deliver packets.

C

Which of the following is an example of compensating control? A An insurance policy B A padlock on a gate C A chain on the hotel room door D A red bucket of sand with the word, "Fire"

C

Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single publicIP address? A. IP Spoofing B. IP subnetting C. Port address translation D. IP Distribution

C

Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms? A. A trusted path B. A protection domain C. A covert channel D. A maintenance hook

C

Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system? A. Fail proof B. Fail soft C. Fail safe D. Fail Over

C

Which of the following is most accurate concerning virtualization security? A Only hypervisors can be secured, not the underlying virtual machine. B Virtual machines by nature are always insecure. C Virtual machine is developed under a hypervisor and utilizes the underlying physical hardware. D Virtual machines are only secured by securing the underlying hardware infrastructure.

C

Which of the following is most likely to be useful in detecting intrusions? A. Access control lists B. Security labels C. Audit trails D. Information security policies

C

Which of the following is not a DES mode of operation? A. Cipher block chaining B. Electronic code book C. Input feedback D. Cipher feedback

C

Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers? A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed

C

Which of the following is not a logical control when implementing logical access security? A. access profiles. B. userids. C. employee badges. D. passwords.

C

Which of the following is not a physical control for physical security? A. lighting B. fences C. training D. facility construction materials

C

Which of the following is not a property of the Rijndael block cipher algorithm? A. It employs a round transformation that is comprised of three layers of distinct and invertible transformations. B. It is suited for high speed chips with no area restrictions. C. It operates on 64-bit plaintext blocks and uses a 128 bit key. D. It could be used on a smart card.

C

Which of the following is not a symmetric encryption algorithm? A Twofish B DES C RSA D AES

C

Which of the following is responsible for MOST of the security issues? A. Outside espionage B. Hackers C. Personnel D. Equipment failure

C

Which of the following is the FIRST step in protecting data's confidentiality? A. Install a firewall B. Implement encryption C. Identify which information is sensitive D. Review all user access rights

C

Which of the following is the LEAST user accepted biometric device? A. Fingerprint B. Iris scan C. Retina scan D. Voice verification

C

Which of the following is the third canon of the (ISC)2 Code of Ethics? A Ensure the safety of society B Act honorably C Provide competent and diligent service D Meet all CEU requirements for this certification

C

Which of the following is true about Kerberos? A. It utilizes public key cryptography. B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. C. It depends upon symmetric ciphers. D. It is a second party authentication system.

C

Which of the following is true about link encryption? A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.

C

Which of the following is used by RADIUS for communication between clients and servers? A. TCP B. SSL C. UDP D. SSH

C

Which of the following keys has the SHORTEST lifespan? A. Secret key B. Public key C. Session key D. Private key

C

Which of the following layers provides end-to-end data transfer service? A. Network Layer. B. Data Link Layer. C. Transport Layer. D. Presentation Layer.

C

Which of the following media access methods features a node broadcasting a tone prior to transmitting? A CSMA/CT B CSMA/CS C CSMA/CA D CSMA/CD

C

Which of the following models does NOT include data integrity or conflict of interest? A. Biba B. Clark-Wilson C. Bell-LaPadula D. Brewer-Nash

C

Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design? A. Development/acquisition B. Implementation C. Initiation D. Maintenance

C

Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. Development/acquisition B. Implementation C. Operation/Maintenance D. Initiation

C

Which of the following ports does NOT normally need to be open for a mail server to operate? A. Port 110 B. Port 25 C. Port 119 D. Port 143

C

Which of the following protocol was used by the INITIAL version of the Terminal AccessController Access Control System TACACS for communication between clients and servers? A. TCP B. SSL C. UDP D. SSH

C

Which of the following protocols suite does the Internet use? A. IP/UDP/TCP B. IP/UDP/ICMP/TCP C. TCP/IP D. IMAP/SMTP/POP3

C

Which of the following provides a catchall and prevents an action from being taken after everything else has allowed through on a network? A Explicit deny B Deny any C Implicit deny D Global deny

C

Which of the following provides the strongest authentication? A one-factor authentication B two-factor authentication C three-factor authentication D single sign-on

C

Which of the following questions is less likely to help in assessing physical and environmental protection? A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled?

C

Which of the following should NOT be performed by an operator? A. Implementing the initial program load B. Monitoring execution of the system C. Data entry D. Controlling job flow

C

Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes? A. Composition B. Priorities C. Dependencies D. Service levels

C

Which of the following specifically addresses cyber attacks against an organization's IT systems? A. Continuity of support plan B. Business continuity plan C. Incident response plan D. Continuity of operations plan

C

Which of the following statement is accurate about a security policy? A security policies are static and should not be changed once they are created B security policy should be a minimum of 10 pages long C security policy should be updated regularly, such as once a year D security policy should not be accessible to regular employees

C

Which of the following statements do not apply to a hot site? A. It is expensive. B. There are cases of common overselling of processing capabilities by the service provider. C. It provides a false sense of security. D. It is accessible on a first come first serve basis. In case of large disaster it might not be accessible.

C

Which of the following statements is most accurate regarding a digital signature? A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.

C

Which of the following statements is true about heuristic-based anti-malware software? A It has a lower false positive rate than signature detection. B It requires frequent definition updates to detect new malware. C It has a higher likelihood of detecting zero-day exploits than signature detection. D It monitors systems for files with content known to be viruses

C

Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false? A. It can be used for voice B. it can be used for data C. It carries various sizes of packets D. It can be used for video

C

Which of the following statements pertaining to Kerberos is false? A. The Key Distribution Center represents a single point of failure. B. Kerberos manages access permissions. C. Kerberos uses a database to keep a copy of all users' public keys. D. Kerberos uses symmetric key cryptography.

C

Which of the following statements pertaining to VPN protocol standards is false? A. L2TP is a combination of PPTP and L2F. B. L2TP and PPTP were designed for single point-to-point client to server communication. C. L2TP operates at the network layer. D. PPTP uses native PPP authentication and encryption services.

C

Which of the following statements pertaining to biometrics is FALSE? A. User can be authenticated based on behavior. B. User can be authenticated based on unique physical attributes. C. User can be authenticated by what he knows. D. A biometric system's accuracy is determined by its crossover error rate (CER).

C

Which of the following statements pertaining to block ciphers is incorrect? A. It operates on fixed-size blocks of plaintext. B. It is more suitable for software than hardware implementations. C. Plain text is encrypted with a public key and decrypted with a private key. D. Some Block ciphers can operate internally as a stream.

C

Which of the following statements pertaining to firewalls is incorrect? A. Firewalls create bottlenecks between the internal and external network. B. Firewalls allow for centralization of security services in machines optimized and dedicated to the task. C. Firewalls protect a network at all layers of the OSI models. D. Firewalls are used to create security checkpoints at the boundaries of private networks.

C

Which of the following statements pertaining to link encryption is false? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.

C

Which of the following statements pertaining to message digests is incorrect? A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Messages digests are usually of fixed size.

C

Which of the following statements pertaining to packet switching is incorrect? A. Most data sent today uses digital signals over network employing packet switching. B. Messages are divided into packets. C. All packets from a message travel through the same route. D. Each network node or point examines each packet for routing.

C

Which of the following statements pertaining to software testing approaches is correct? A. A bottom-up approach allows interface errors to be detected earlier. B. A top-down approach allows errors in critical modules to be detected earlier. C. The test plan and results should be retained as part of the system's permanent documentation. D. Black box testing is predicated on a close examination of procedural detail.

C

Which of the following statements pertaining to software testing is incorrect? A. Unit testing should be addressed and considered when the modules are being designed. B. Test data should be part of the specifications. C. Testing should be performed with live data to cover all possible situations. D. Test data generators can be used to systematically generate random test data that can be used to test programs.

C

Which of the following statements pertaining to using Kerberos without any extension is false? A. A client can be impersonated by password-guessing. B. Kerberos is mostly a third-party authentication protocol. C. Kerberos uses public key cryptography. D. Kerberos provides robust authentication.

C

Which of the following statements relating to the Bell-LaPadula security model is FALSE(assuming the Strong Star property is not being used) ? A. A subject is not allowed to read up. B. The property restriction can be escaped by temporarily downgrading a high level subject. C. A subject is not allowed to read down. D. It is restricted to confidentiality.

C

Which of the following teams should NOT be included in an organization's contingency plan? A. Damage assessment team B. Hardware salvage team C. Tiger team D. Legal affairs teamC

C

Which of the following tools is NOT likely to be used by a hacker? A. Nessus B. Saint C. Tripwire D. Nmap

C

Which of the following tools is best suited to testing known exploits against a system? A Nikto B Ettercap C Metasploit D THC Hydra

C

Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient when properly implemented? A. Token Link. B. Token system. C. Token Ring. D. Duplicate ring.

C

Which of the following was designed to support multiple network types over the same serial link? A. Ethernet B. SLIP C. PPP D. PPTP

C

Which of the following was not designed to be a proprietary encryption algorithm? A. RC2 B. RC4 C. Blowfish D. Skipjack

C

Which of the following will a Business Impact Analysis NOT identify? A. Areas that would suffer the greatest financial or operational loss in the event of a disaster. B. Systems critical to the survival of the enterprise. C. The names of individuals to be contacted during a disaster. D. The outage time that can be tolerated by the enterprise as a result of a disaster.

C

Which of the following would be an example of the best password? A. golf001 B. Elizabeth C. T1me4g0lF D. password

C

Which of the following would be best suited to oversee the development of an information security policy? A. System Administrators B. End User C. Security Officers D. Security administrators

C

Which of the following would best describe secondary evidence? A. Oral testimony by a non-expert witness B. Oral testimony by an expert witness C. A copy of a piece of evidence D. Evidence that proves a specific act

C

Which of the following would best describe the difference between white-box testing and black-box testing? A. White-box testing is performed by an independent programmer team. B. Black-box testing uses the bottom-up approach. C. White-box testing examines the program internal logical structure. D. Black-box testing involves the business units

C

Which of the following would best describe the purpose of a trusted platform module? A A module that verifies the authenticity of a guest host B A computer facility with cryptographic processing power C A dedicated microprocessor that offloads cryptographic processing from the CPU while storing cryptographic keys D The part of the operating system that must be invoked all the time and is referred to as a security kernel

C

Which one of the following disaster recovery test types involves the actual activation of the disaster recovery facility? A Simulation test B Tabletop exercise C Parallel test D Checklist review

C

Which one of the following is NOT one of the outcomes of a vulnerability assessment? A. Quantative loss assessment B. Qualitative loss assessment C. Formal approval of BCP scope and initiation document D. Defining critical support areas

C

Which one of the following protocols translates IP addresses to Mac addresses for delivery on a subnet? A DNS B NAT C ARP D HTTP

C

Which one of the following types of firewalls does not have the ability to track connection status between different packets? A Stateful inspection B Application proxy C Packet filter D Next generation

C

Which option most accurately defines a threat? A Protective controls B Any vulnerability in an information technology system C Possibility for a source to exploit a specific vulnerability D Multilayered controls

C

Which option most accurately describes continuity of operations after a disaster event? A Controlling risk to the organization B Planned procedures that are performed when a security-related incident occurs C Planned activities that enable the organizations critical business functions to return to operations D Transferring risk to a third-party insurance carrier

C

Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank? A. SSH ( Secure Shell) B. S/MIME (Secure MIME) C. SET (Secure Electronic Transaction) D. SSL (Secure Sockets Layer)

C

Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? A. The Bell-LaPadula model B. The information flow model C. The noninterference model D. The Clark-Wilson model

C

Which security model introduces access to objects only through programs? A. The Biba model B. The Bell-LaPadula model C. The Clark-Wilson model D. The information flow model

C

Which security model is based on the military classification of data and people with clearances? A. Brewer-Nash model B. Clark-Wilson model C. Bell-LaPadula model D. Biba model

C

Which software development model is actually a meta-model that incorporates a number of the software development models? A. The Waterfall model B. The modified Waterfall model C. The Spiral model D. The Critical Path Model (CPM)

C

Which statement most accurately describes a virus? A It divides itself into many small pieces inside a PC. B It replicates without assistance. C It requires an outside action in order to replicate. D It always attacks an email contacts list.

C

Which team is made up of members from across the enterprise? A Expert incident response team B Third-party incident response team C Functional incident response team D Dedicated full-time incident response team

C

Which technique best describes a one-to-one search to verify an individual's claim of identity? A Authorization B Accounting review C Authentication D Availability

C

Which term is used when limiting the amount of network traffic a specific protocol or application is allowed to generate or consume, with the goal of keeping the remainder of the network's capacity free for other communications? A Load balancing B Quality of service management C Bandwidth throttling D Utilization tracking

C

Which term refers to an in-house or third-party provided location where ongoing monitoring of the logical and physical security mechanisms of an organization is performed to provide a real-time situational awareness of the state of security? A Continuity of Operations Plan (COOP) B Registration Authority (RA) C Security Operations Center (SOC) D Intrusion Prevention System (IPS)

C

Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms? A. Rivest, Shamir, Adleman (RSA) B. El Gamal C. Elliptic Curve Cryptography (ECC) D. Advanced Encryption Standard (AES)

C

Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number? A. IP spoofing attack B. SYN flood attack C. TCP sequence number attack D. Smurf attack

C

Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack

C

Which type of cloud deployment involves several businesses working together to create a cloud system which they can each use? A Public B Private C Community D Hybrid

C

Which type of control is concerned with avoiding occurrences of risks? A. Deterrent controls B. Detective controls C. Preventive controls D. Compensating controls

C

Which type of network device is used to create a virtual local area network? A A router B A network concentrator C A switch D NIC cards in promiscuous mode

C

Which xDSL flavour, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance? A. VDSL B. SDSL C. ADSL D. HDSL

C

Who developed one of the first mathematical models of a multilevel-security computer system? A. Diffie and Hellman. B. Clark and Wilson. C. Bell and LaPadula. D. Gasser and Lipner.

C

Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? A. Business and functional managers B. IT Security practitioners C. System and information owners D. Chief information officer

C

Who should measure the effectiveness of Information System security related controls in an organization? A. The local security specialist B. The business manager C. The systems auditor D. The central security manager

C

Whose role is it to assign classification level to information? A. Security Administrator B. User C. Owner D. Auditor

C

Why are the audit findings presented to senior management? A No one else in the organization has the expertise to read the report. B The bottom-up business structure approach requires it. C Only with approval can a response plan be implemented. D RFC1918 requires it.

C

Why do many security monitoring systems produce a visualization of the collected results? A Security tools do not support spreadsheet presentations. B The lists of text and numbers takes up too much screen space. C It represents complex or bulky data in an easy to understand format. D It is the only way to represent passively monitored systems.

C

Why is a security impact assessment performed as part of a change management process? A To find out if sufficient funds have been allocated to the security function B To review the level of security against the efforts involved in testing change C To determine the likelihood of downtime or security reduction caused by a potential change D To assess compliance with regulations

C

Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions? A. Because infrared eavesdropping requires more sophisticated equipment. B. Because infrared operates only over short distances. C. Because infrared requires direct line-of-sight paths. D. Because infrared operates at extra-low frequencies (ELF).

C

Why is interpretation of a security assessment required before action is taken on the findings? A Because quantitative analysis is based on opinions rather than numbers B Because senior management is not IT savvy and need thing explained in more generic terms C Because not all findings are obvious nor point to specific causes or reasons D Because people do not typically read binary and hex results

C

Why is traffic across a packet switched network difficult to monitor? A. Packets are link encrypted by the carrier B. Government regulations forbids monitoring C. Packets can take multiple paths when transmitted D. The network factor is too high

C

Why should batch files and scripts be stored in a protected area? A. Because of the least privilege concept. B. Because they cannot be accessed by operators. C. Because they may contain credentials. D. Because of the need-to-know concept.

C

Why should escalation requirements be considered as part of an incident response strategy? A Because all exploits take advantage of software flaws B Because some hackers are smarter than others C Because not all violations represent the same threat to an organization D Because some countermeasures are more expensive than others

C

Why should the risks of an organization be reported as defined by enterprise risk management (ERM)? A It is a means to predict loss, select countermeasures, and reduce downtime. B It is a government regulation. C It helps with internal transparency, risk assessment, risk response, and risk monitoring. D It assists with strategic planning, compliance, and training.

C

You are comparing various security controls in your organization. What type of security control is an IDS? A Administrative B Corrective C Detective D Preventative

C

You are evaluating a risk with a quantitative analysis. The SLE is $3,500 and the ARO is 7. You can reduce the ARO to 2 by implementing a control at a cost of $10,000. Based on the financial analysis, should you recommend implementing this control? A yes because the ALE is reduced by $24,500 B no because the ARO is not reduced to 0 C yes because the cost of the control is less than the savings provided by the control D no because the cost of control is greater than the savings provided by the control

C

You are preparing to download a file from a secure website. Your supervisor tells you to verify the hash before you use the downloaded file. Of the following choices, what best describes a hash? A key used in symmetric encryption B key used in asymmetric encryption C a number D an algorithm

C

You must select the biometric devices to add multifactor authentication to the company's workstations. Every user will be required to use a biometric as an element in his authentication process to gain access to the company's IT resources. How can you determine which device will provide your organization with the most accurate results? A Choose the device with the lowest rate of Type II errors. B Consult a Zephyr analysis chart. C Select the device with the lowest CER. D Evaluate the FRR of several devices.

C

You suspect that several systems in your network may be joined to a botnet. What could you check to identify network activity? A Antivirus software tracking activity in and out of the network B The antivirus software on each individual system C The firewall logs on a network firewall D the firewall logs on each individual system

C

Your organization recently implemented a CYOD policy. IT personnel added an MDM solution to monitor the devices. What should be done with approved devices that do not meet minimum security requirements? A admit them B block them C quarantine them D erase them

C

A Security Kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy. To be secure, the kernel must meet three basic conditions, what are they? A. Confidentiality, Integrity, and Availability B. Policy, mechanism, and assurance C. Isolation, layering, and abstraction D. Completeness, Isolation, and Verifiability

D

A company recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. When the breach was discovered and the logs were reviewed, it was discovered that the attacker had purged the logs on the system that they compromised. How can this be prevented in the future? A Encrypt local logs. B Require administrative access to change logs. C Enable log rotation. D Send logs to a bastion host

D

A contingency plan should address: A. Potential risks. B. Residual risks. C. Identified risks. D. All answers are correct.

D

A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence? A. Direct evidence B. Circumstantial evidence C. Hearsay evidence D. Secondary evidence

D

A momentary power outage is a: A. spike B. blackout C. surge D. fault

D

A packet-filtering firewall can filter traffic going into or out of the network. What does a packet-filtering firewall use to identify what traffic is filtered? A SFTP B TLS C SSH D ACL

D

A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is: A concern that the laser beam may cause eye damage B the iris pattern changes as a person grows older. C there is a relatively high rate of false accepts. D the optical unit must be positioned so that the sun does not shine into the aperture.

D

A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle? A. project initiation and planning phase B. system design specification phase C. development & documentation phase D. acceptance phase

D

A security professional is asked to perform a vulnerability assessment. What should the professional do before starting the assessment? A obtain documentation B perform discovery C document known vulnerabilities D obtain permission from management

D

A timely review of system access audit records would be an example of which of the basic security functions? A. avoidance B. deterrence C. prevention D. detection

D

A timely review of system access audit records would be an example of which of the basic security functions? A. avoidance. B. deterrence. C. prevention. D. detection.

D

A user has attempted to log in twice with the wrong password, and on the third attempt, the user logs and successfully. However, these two failures were not logged in in a security log. What is preventing the first two attempts from being logged? A account lockout B audit trail exception C password exception D the clipping level

D

A user has clicked the link provided in an email to visit a website. Afterward, the system starts to act erratically. What has likely occurred? A the website was not trusted B the email link was masked C the email had a virus attachment D a drive-by download has occurred

D

A user visits an Internet site and is warned that his computer is infected with malware. It offers free software that will scan your system for infections. He downloads and installs the scanner and it reports several infections. However, it won't remove them unless he pays for the full version. What is this scenario describe? A ransomware B trapdoor C remote access trojan D scareware

D

A variation of the application layer firewall is called a: A. Current Level Firewall. B. Cache Level Firewall. C. Session Level Firewall. D. Circuit Level Firewall.

D

Access Control techniques do not include which of the following? A. Rule-Based Access Controls B. Role-Based Access Control C. Mandatory Access Control D. Random Number Based Access Control

D

According to NIST SP 800-30 Revision 1, what is the first major step in risk assessment? A Conduct B Communicate C Maintain D Preparation

D

According to private sector data classification levels, how would salary levels and medical information be classified? A. Public. B. Internal Use Only. C. Restricted. D. Confidential.

D

According to the TCP/IP model, which layer is responsible for end-to-end communication and error-free delivery of data? A Link B Application C Internet D Transport

D

After implementing the solution from the first question, Ben receives a complaint about users in his cafe hijacking other customers' web traffic, including using their usernames and passwords. How is this possible? A The password is shared by all users, making traffic vulnerable. B A malicious user has installed a Trojan on the router. C A user has ARP spoofed the router, making all traffic broadcast to all users. D Open networks are unencrypted, making traffic easily sniffable

D

Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower? A Likelihood B RTO C RPO D Impact

D

Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve? A Confidentiality B Nonrepudiation C Authentication D Integrity

D

All following observations about IPSec are correct except: A. Default Hashing protocols are HMAC-MD5 or HMAC-SHA-1 B. Default Encryption protocol is Cipher Block Chaining mode DES, but other algorithms like ECC (Elliptic curve cryptosystem) can be used C. Support two communication modes - Tunnel mode and Transport mode D. Works only with Secret Key Cryptography

D

An IDS has provided notification of a potential adverse event. When is an event considered an incident? A immediately B when the report reaches the log C when the report reaches an administrator D after analysis and verification

D

An IT security manager is struggling to keep the organization's computers in working order. He is testing updates and configuring them to be installed onto systems and making tweaks to the configuration settings to various systems as business tasks require. However, he often discovers systems which do not have the necessary updates or which are using out-of-date settings. This may be caused by systems being disconnected from the company network when taken into the field or when used for special offline projects. What technology should the IT security manager implement to help handle this complex issue? A NTP synchronization B OCSP C IEEE 802.1x D NAC

D

An Intrusion Detection System (IDS) is what type of control? A. A preventive control. B. A detective control. C. A recovery control. D. A directive control.

D

An administrator needs to allow trivial file transfer protocol TFTP traffic through a router. What port should be opened? A 20 A 21 C 20 and 21 D 69

D

An organization has recently completed a vulnerability assessment. Of the following choices, what is the last step in this process? A obtain permission from management B identify methods to reduce vulnerabilities C recommend feasible methods to reduce vulnerabilities D remediate vulnerabilities

D

An organization operating in a private environment, wants to save its generated keys. Which of the following is the most secure way of key management? A Decentralized key management B Distributed key management C Individual key management D Centralized key management

D

An organization wants to host a web server that will be available to users in a partner company via the Internet. However, the organization wants to ensure that Anonymous internet users cannot access resources on the server. Where should this server be located? A DMZ B Intranet C The Internet D Extranet

D

Another example of Computer Incident Response Team (CIRT) activities is: A. Management of the netware logs, including collection, retention, review, and analysis of data B. Management of the network logs, including collection and analysis of data C. Management of the network logs, including review and analysis of data D. Management of the network logs, including collection, retention, review, and analysis of data

D

As a result of a risk assessment, your security manager has determined that your organization needs to implement an intrusion detection system that can detect unknown attacks and can watch for unusual traffic behavior, such as a new service appearing on the network. What type of intrusion detection system would you select? A. Protocol anomaly based B. Pattern matching C. Stateful matching D. Traffic anomaly-based

D

As per the Orange Book, what are two types of system assurance? A. Operational Assurance and Architectural Assurance. B. Design Assurance and Implementation Assurance. C. Architectural Assurance and Implementation Assurance. D. Operational Assurance and Life-Cycle Assurance.

D

At what stage of the applications development process should the security department become involved? A. Prior to the implementation B. Prior to systems testing C. During unit testing D. During requirements development

D

At which layer of ISO/OSI does the fiber optics work? A. Network layer B. Transport layer C. Data link layer D. Physical layer

D

Audit logs combined with strong authentication and authorization practices provide an important security element. What is this? A confidentiality B separation of duties C availability D nonrepudiation

D

Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except: A. Authentication B. Integrity C. Replay resistance and non-repudiations D. Confidentiality

D

Buffer overflow and boundary condition errors are subsets of which of the following? A. Race condition errors. B. Access validation errors. C. Exceptional condition handling errors. D. Input validation errors.

D

Chris is troubleshooting an issue with his organization's SIEM reporting. After analyzing the issue, he believes that the timestamps on log entries from different systems are inconsistent. What protocol can he use to resolve this issue? A SSH B FTP C TLS D NTP

D

Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)? A. It has been mathematically proved to be more secure. B. It has been mathematically proved to be less secure. C. It is believed to require longer key for equivalent security. D. It is believed to require shorter keys for equivalent security.

D

Configuration Management controls what? A. Auditing of changes to the Trusted Computing Base. B. Control of changes to the Trusted Computing Base. C. Changes in the configuration access to the Trusted Computing Base. D. Auditing and controlling any changes to the Trusted Computing Base.

D

Continuous monitoring is best defined by which of the following? A A manual system for monitoring a hot site in the event of a requirement immediate use B An automated system that regulates the flow of traffic on a network C An automated system used to detect humidity and condensation in a data center D A method of monitoring that is used to detect risk issues within an organization

D

Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement? A. hot site B. warm site C. cold site D. reciprocal agreement

D

Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of: A. Administrative controls B. Logical controls C. Technical controls D. Physical controls

D

Crackers today are MOST often motivated by their desire to: A. Help the community in securing their networks. B. Seeing how far their skills will take them. C. Getting recognition for their actions. D. Gaining Money or Financial Gains.

D

Crossover error rate (CER) refers to which of the following graphical intersections? A Symmetric and asymmetric rate B Employee opt-out rate C Database usage rate D False rejection rate and false acceptance rate

D

Cryptography does NOT help in: A. Detecting fraudulent insertion. B. Detecting fraudulent deletion. C. Detecting fraudulent modification. D. Detecting fraudulent disclosure.

D

Cryptography does not concern itself with which of the following choices? A. Availability B. Integrity C. Confidentiality D. Validation

D

Developers in your organization need to create a web application. However, instead of IT personnel managing the server, the developers want to use a cloud computing model. The model should include the hardware and operating system managed by the cloud provider. Which one of the following accurately describes this deployment model? A SaaS B IaaS C SLA D PaaS

D

During an access system audit, a number of active accounts were discovered from employees who had left the company over the past two years. What are these accounts called? A Long-term accounts B Ghost accounts C Pseudo-active accounts D Orphaned accounts

D

During which phase of the incident response process would an organization determine whether it is required to notify law enforcement officials or other regulators of the incident? A Detection B Recovery C Remediation D Reporting

D

Evidence should be tracked utilizing which of the following methods? A Evidence recovery tag B Investigators evidence notebook C Record of evidence D Chain of custody

D

Examples of types of physical access controls include all EXCEPT which of the following? A. badges B. locks C. guards D. passwords

D

External consistency ensures that the data stored in the database is: A. in-consistent with the real world. B. remains consistant when sent from one system to another. C. consistent with the logical world. D. consistent with the real world.

D

For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)? A. 3' to 4' high B. 6' to 7' high C. 8' high and above with strands of barbed wire D. Double fencing

D

George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George's company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George's testimony? A. Testimonial evidence rule B. Parol evidence rule C. Best evidence rule D. Hearsay rule

D

Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request? A Harry B Sally C File server D Document

D

How are the access control schemes of MAC and RBAC distinguished from DAC? A They are based on user identity. B They are not based on assigned labels. C They are based on object hosted ACLs. D They are not based on user decisions.

D

How can an equivalent to RBAC be implemented in a DAC operating system? A Assign users job labels. B Use filter lists to control access, set time restrictions, and block access based on logical address. C Assign users classification labels. D Create groups with the names of jobs, assign privileges to the groups, and place users into named groups.

D

How can an individual/person best be identified or authenticated to prevent local masquarading attacks? A. UserId and password B. Smart card and PIN code C. Two-factor authentication D. Biometrics

D

How do you distinguish between a bridge and a router? A. A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to. B. "Bridge" and "router" are synonyms for equipment used to join two networks. C. The bridge is a specific type of router used to connect a LAN to the global Internet. D. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.

D

How does a change management system ensure that updates to software do not cause unexpected downtime or reduction of security? A By scheduling changes to be implemented over a weekend B By aggregating updates from multiple vendors to be applied simultaneously C By only rolling out updates on the third Thursday of each month D By testing patches thoroughly before deployment

D

How does discretionary access control determine whether a subject has valid permission to access an object? A Evaluate the attributes of the subject and object. B Assess the user's role. C Compare the classification labels of the subject and object. D Check for the user identity in the object's ACL.

D

How does salting passwords reduce the likelihood that a password cracking attack will be successful? A It prevents automated attacks. B It forces the attacker to focus on one account at a time. C It triggers an account lockout after a fixed number of false attempts. D It increases the work load required to become successful.

D

How is a hybrid cloud implemented? A Two or more companies work together to establish a cloud solution. B Both public and private users can access resources in the cloud. C It uses two or more different operating systems as the platforms within the cloud. D Part of the resources is hosted by a third-party, while the rest is hosted within the company environment.

D

How is account provisioning commonly accomplished? A Assign all users a random number-based name. B Grant each user full spectrum privileges. C Compartmentalize users into their own individual area of assignment. D Create user groups based on assigned company department or job responsibility.

D

How is accountability typically enforced? A With smart cards B Through the use of asymmetric encryption C By checking the hash of all files accessed by a user account D Through AAA services

D

How is an incident response strategy triggered? A By displaying a user warning B By recording the baseline C By defining a clipping level D By an event

D

How is the chosen risk response strategy of risk acceptance proven and supported in a court of law? A Through the results of a qualitative analysis B By not applying countermeasures C Through storyboarding D With a document signed by senior management

D

How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE? A. 6 bits B. 12 bits C. 16 bits D. 24 bits

D

How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys? A 12 B 16 C 32 D 64

D

How should countermeasures be implemented as part of the recovery phase of incident response? A During next year's security review B Based on the lowest cost among available options C As defined by the current security policy D As determined by the violation that occurred

D

How should notification of a detected incident occur? A Contact law enforcement immediately. B Communicate with a journalist to provide the organization's perspective on the violation. C Always contact legal, HR, and sales. D Follow the notification escalation path as defined in the incident response policy.

D

If Tara made the change from differential to incremental backups and we assume that the same amount of information changes each day, which one of the following files would be the largest? A Monday's incremental backup B Tuesday's incremental backup C Wednesday's incremental backup D All three will be the same size.

D

If an employee's computer has been used by a fraudulent employee to commit a crime, the hard disk may be seized as evidence and once the investigation is complete it would follow the normal steps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which of the following steps listed below? A. Acquisition collection and identification B. Analysis C. Storage, preservation, and transportation D. Destruction

D

In discretionary access environments, which of the following entities is authorized to grant information access to other people? A. Manager B. Group Leader C. Security Manager D. Data Owner

D

In discretionary access environments, which of the following entities is authorized to grant information access to other people? A. Manager B. Group Leader C. Security Manager D. Data Owner

D

In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in? A. Recovery B. Containment C. Triage D. Analysis and tracking

D

In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process? A. Using a write blocker B. Made a full-disk image C. Created a message digest for log files D. Displayed the contents of a folder

D

In the statement below, fill in the blank:Law enforcement agencies must get a warrant to search and seize an individual's property, as stated in the _____ Amendment. A. First. B. Second. C. Third. D. Fourth.

D

In which of the following attacks does an attacker use a previously unknown attack technique or exploit a previously unknown vulnerability? A Whaling attack B Phishing attack C Replay attack D Zero-day attack

D

It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security? A. security administrator B. security analyst C. systems auditor D. systems programmer

D

James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. What variable is James determining? A SLA B RTO C MTD D RPO

D

Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD policy. The devices will not be joined to a central management system like Active Directory, but he still needs to uniquely identify the systems. Which of the following options will provide Jim with the best means of reliably identifying each unique device? A Record the MAC address of each system. B Require users to fill out a form to register each system. C Scan each system using a port scanner. D Use device fingerprinting via a web-based registration system

D

Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. What type of trust does she need to create? A A shortcut trust B A forest trust C An external trust D A realm trust

D

Making sure that the data is accessible when and where it is needed is which of the following? A. confidentiality B. integrity C. acceptability D. availability

D

Management in your organization has decided to implement a BYOD policy. IT Security Personnel are looking for an automated method of ensuring these devices meet basic security requirements. Which of the following choices would best meet this need? A COPE B CYOD C TPM D MDM

D

Management within your organization wants to increase security related to internet emails. One goal is to provide nonrepudiation. Which of the following provides nonrepudiation for email? A Symmetric encryption B Asymmetric encryption C Hashing of the message D Digital signature

D

Marty discovers that the access restrictions in his organization allow any user to log into the workstation assigned to any other user, even if they are from completely different departments. This type of access most directly violates which information security principle? A Separation of duties B Two-person control C Need to know D Least privilege

D

Matthew would like to enhance the security of his communication by adding a digital signature to the message. What goal of cryptography are digital signatures intended to enforce? A Secrecy B Availability C Confidentiality D Nonrepudiation

D

Nonrepudiation ensures which of the following? A The confidentiality of the database B That strong passwords are always used C The accounting of the user actions D That the sender cannot deny their actions

D

Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of: A. Incident Evaluation B. Incident Recognition C. Incident Protection D. Incident Response

D

Of the following choices, what indicates a primary responsibility of the First Responders for a security incident? A Investigate evidence B Remove evidence C Analyze evidence D Preserve evidence

D

Of the following choices, what is a method used by malware developers to protect a virus from reverse engineering? A adding heuristics B removing signature C deploying via spam D adding armor

D

One of the security challenges for big data is controlling access to the data stored within the massive data structure. Efforts to apply traditional access control and authorization settings to individual options within the data store have produced lack-luster results or unsatisfactory performance. A new technique being applied which shows promise. What is the new technique of controlling access to the content of big data information collections? A Reset all permissions on all data objects to group access. B Set all data objects as being owned by the IT manager. C Implement only physical security restrictions. D Apply security controls to the output of data-mining operations.

D

Organizations should consider which of the following first before allowing external access to their LANs via the Internet? A. plan for implementing workstation locking mechanisms. B. plan for protecting the modem pool. C. plan for providing the user with his account usage information. D. plan for considering proper authentication options.

D

Organizations should consider which of the following first before allowing external access to their LANs via the Internet? A. plan for implementing workstation locking mechanisms. B. plan for protecting the modem pool. C. plan for providing the user with his account usage information. D. plan for considering proper authentication options.

D

Prior to a live disaster test also called a Full Interruption test, which of the following is most important? A. Restore all files in preparation for the test. B. Document expected findings. C. Arrange physical security for the test site. D. Conduct of a successful Parallel Test

D

Proper security administration policies, controls, and procedures enforce which of the following? A The total reduction of malware B The elimination of risk C Separation of duties D The AIC objectives

D

Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the: A. data's payload B. data's details C. data's owner D. data's origin

D

RADIUS incorporates which of the following services? A. Authentication server and PIN codes. B. Authentication of clients and static passwords generation. C. Authentication of clients and dynamic passwords generation. D. Authentication server as well as support for Static and Dynamic passwords.

D

Related to information security, availability is the opposite of which of the following? A. delegation B. distribution C. documentation D. destruction

D

Risk reduction in a system development life-cycle should be applied: A. Mostly to the initiation phase. B. Mostly to the development phase. C. Mostly to the disposal phase. D. Equally to all phases.

D

Secure Shell (SSH-2) provides all the following services except: A. secure remote login B. command execution C. port forwarding D. user authentication

D

Secure Shell (SSH-2) supports authentication, compression, confidentiality, and integrity,SSH is commonly used as a secure alternative to all of the following protocols below except: A. telnet B. rlogin C. RSH D. HTTPS

D

Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. message non-repudiation. B. message confidentiality. C. message interleave checking. D. message integrity.

D

Selecting a cloud provider can be a challenge. Often, it is not possible to determine whether a provider's services are sufficient for your needs until you have started using its service. If you determine that an initial cloud system is insufficient and you need to move your data and custom code to a different cloud provider, what is needed as a feature of the initial cloud provider that did not work out for you? A Storage encryption B VPN connectivity C Activity auditing D Data portability

D

Step-by-step instructions used to satisfy control requirements is called a: A. policy B. standard C. guideline D. procedure

D

Susan is configuring her network devices to use syslog. What should she set to ensure that she is notified about issues but does not receive normal operational issue messages? A The facility code B The log priority C The security level D The severity level

D

Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization's backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups If Tara followed the same schedule but switched the differential backups to incremental backups, how many backups in total would she need to apply to the system to make the data it contains as current as possible? A 1 B 2 C 3 D 4

D

Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization's backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups In this backup approach, some data may be irretrievably lost. How long is the time period where any changes made will have been lost? A 3 hours B 5 hours C 8 hours D No data will be lost

D

The "vulnerability of a facility" to damage or attack may be assessed by all of the following except: A. Inspection B. History of losses C. Security controls D. security budget

D

The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

D

The RSA Algorithm uses which mathematical concept as the basis of its encryption? A. Geometry B. 16-round ciphers C. PI (3.14159...) D. Two large prime numbers

D

The company Chris works for has notifications posted at each door reminding employees to be careful to not allow people to enter when they do. Which type of controls best describes this? A Detective B Physical C Preventive D Directive

D

The concept of best effort delivery is best associated with? A. TCP B. HTTP C. RSVP D. IP

D

The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called: A. alteration B. investigation C. entrapment D. enticement.

D

The disaster recovery plan (DRP) is used to guide the re-creation of mission critical processes in the event of a disaster. Which of the following is a key element that is required as part of restoration planning to ensure that the most current version of the IT infrastructure is restored? A Service level agreements with contractors B Troubleshooting guidelines C Qualitative analysis risk report D Updated configuration documentation

D

The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization? A. project initiation and planning phase B. system design specifications phase C. development and documentation phase D. in parallel with every phase throughout the project

D

The security of a computer application is most effective and economical in which of the following cases? A. The system is optimized prior to the addition of security. B. The system is procured off-the-shelf. C. The system is customized to meet the specific security threat. D. The system is originally designed to provide the necessary security.

D

This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario? A. Excessive Rights B. Excessive Access C. Excessive Permissions D. Excessive Privileges

D

Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the:: A. Transport Layer Security (TLS) Internet Protocol. B. Transport Layer Security (TLS) Data Protocol. C. Transport Layer Security (TLS) Link Protocol. D. Transport Layer Security (TLS) Handshake Protocol.

D

Upon which of the following ISO/OSI layers does network address translation operate? A. Transport layer B. Session layer C. Data link layer D. Network layer

D

Valuable paper insurance coverage does not cover damage to which of the following? A. Inscribed, printed and Written documents B. Manuscripts C. Records D. Money and Securities

D

WAN optimization is the collection of technologies used to maximize efficiency of network communications across long distance links. WAN optimization can include data deduplication, compression, and what other technology? A Account lockout B Periodic mid-stream re-authentication C Encryption D Traffic shaping

D

What algorithm was DES derived from? A. Twofish. B. Skipjack. C. Brooks-Aldeman. D. Lucifer.

D

What are the components of an object's sensitivity label? A. A Classification Set and a single Compartment. B. A single classification and a single compartment. C. A Classification Set and user credentials. D. A single classification and a Compartment Set.

D

What can a packet filtering firewall also be called? A. a scanning router B. a shielding router C. a sniffing router D. a screening router

D

What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature

D

What can be defined as: It confirms that users needs have been met by the supplied solution ? A. Accreditation B. Certification C. Assurance D. Acceptance

D

What does an acceptable use policy AUP state? A That users may not visit shopping sites during work B That the organization assets may not be used on weekends C That USB drives may not be used D The acceptable and unacceptable uses for organizational resources

D

A 'Pseudo flaw' is which of the following? A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders. B. An omission when generating Psuedo-code. C. Used for testing for bounds violations in application programming. D. A normally generated page fault causing the system to halt.

A

A DMZ is also known as a - A. screened subnet B. three legged firewall C. a place to attract hackers D. bastion host

A

A DMZ is located: A. right behind your first Internet facing firewall B. right in front of your first Internet facing firewall C. right behind your first network active firewall D. right behind your first network passive Internet http firewall

A

A Packet Filtering Firewall system is considered a: A. first generation firewall. B. second generation firewall. C. third generation firewall. D. fourth generation firewall.

A

A common attack against converged network communications is eavesdropping. How can this attack be prevented? A Use a VPN. B Deploy multi-factor authentication. C Use strict sequencing rules. D Implement DHCP.

A

A common attack against wireless networks is to guess the static password needed to authenticate to the base station. Which technology can be used to minimize this risk? A IEEE 802.1x B IEEE 802.15 C IEEE 802.11n D IEEE 802.1q

A

A confidential number used as an authentication factor to verify a user's identity is called a: A. PIN B. User ID C. Password D. Challenge

A

A momentary high voltage is a: A. spike B. blackout C. surge D. fault

A

A network-based vulnerability assessment is a type of test also referred to as: A. An active vulnerability assessment. B. A routing vulnerability assessment. C. A host-based vulnerability assessment. D. A passive vulnerability assessment.

A

Colleen is conducting a business impact assessment for her organization. What metric provides important information about the amount of time that the organization may be without a service before causing irreparable harm? A MTD B ALE C RPO D RTO

A

Complete the blanks. When using PKI, I digitally sign a message using my ______ key.The recipient verifies my signature using my ______ key. A. Private / Public B. Public / Private C. Symmetric / Asymmetric D. Private / Symmetric

A

Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished: A. through access control mechanisms that require identification and authentication and through the audit function. B. through logical or technical controls involving the restriction of access to systems and the protection of information. C. through logical or technical controls but not involving the restriction of access to systems and the protection of information. D. through access control mechanisms that do not require identification and authentication and do not operate through the audit function.

A

FTP, TFTP, SNMP, and SMTP are provided at what level of the Open SystemsInterconnect (OSI) Reference Model? A. Application B. Network C. Presentation D. Transport

A

For which areas of the enterprise are business continuity plans required? A. All areas of the enterprise. B. The financial and information processing areas of the enterprise. C. The operating areas of the enterprise. D. The marketing, finance, and information processing areas.

A

Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusually high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place? A Denial-of-service B Reconnaissance C Compromise D Malicious insider

A

Gina recently took the SSCP certification exam and then wrote a blog post that included the text of many of the exam questions that she experienced. What aspect of the (ISC)2 code of ethics is most directly violated in this situation? A Advance and protect the profession. B Act honorably, honestly, justly, responsibly, and legally. C Protect society, the common good, necessary public trust and confidence, and the infrastructure. D Provide diligent and competent service to principals

A

Gordon is conducting a risk assessment for his organization and determined the amount of damage that flooding is expected to cause to his facilities each year. What metric has Gordon identified? A ALE B ARO C SLE D EF

A

Guards are appropriate whenever the function required by the security program involves which of the following? A. The use of discriminating judgment B. The use of physical force C. The operation of access control devices D. The need to detect unauthorized access

A

Hierarchical Storage Management (HSM) is commonly employed in: A. very large data retrieval systems B. very small data retrieval systems C. shorter data retrieval systems D. most data retrieval systems

A

How can a symmetric key be securely exchanged over an insecure communication medium when both sides of the communication do not have key pair sets? A Diffie-Hellmann B RSA C Digital envelopes D Digital signatures

A

How can a user avoid being seriously harmed by ransomware? A Have an offline backup. B Avoid becoming infected. C Use Linux. D Pay the required ransom fee.

A

How is granular control of objects and resources implemented within a mandatory access control environment? A Need to know B ACLs on objects C Job label D Logical location assessment

A

How long are IPv4 addresses? A. 32 bits long. B. 64 bits long. C. 128 bits long. D. 16 bits long.

A

In Synchronous dynamic password tokens: A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). C. The unique password is not entered into a system or workstation along with an owner's PIN. D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.

A

In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered: A. Authentication B. Identification C. Auditing D. Authorization

A

In regards to information classification what is the main responsibility of information (data) owner? A. determining the data sensitivity or classification level B. running regular data backups C. audit the data users D. periodically check the validity and accuracy of the data

A

In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided? A. Transport B. Network C. Presentation D. Application

A

In the UTP category rating, the tighter the wind: A. the higher the rating and its resistance against interference and crosstalk. B. the slower the rating and its resistance against interference and attenuation. C. the shorter the rating and its resistance against interference and attenuation. D. the longer the rating and its resistance against interference and attenuation.

A

In the context of a database, what is a tuple? A a row within a table B a column within a table C a virtual table D a primary key

A

In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols? A. Transport layer B. Application layer C. Physical layer D. Network layer

A

In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place? A. Bell-LaPadula model B. Biba model C. Access Matrix model D. Take-Grant model

A

Jack works as an investigating officer in Private Corporate Investigation Agency Services. He wants to save an evidence, that he collected from the location where an incident happened, for future use so that he can have that information whenever needed. Which is the most volatile memory that he needs to save the collected evidence? A CPU cache B Hard disk C USB drive D RAM

A

Management within your organization wants to ensure that certificates are validated before they are used. They especially want to ensure that revoked certificates are not used. Of the following choices, what is used to determine whether a certificate has been revoked? A CRL B certificate expiration date C The ROT13 key D The public key length

A

Network-based Intrusion Detection systems: A. Commonly reside on a discrete network segment and monitor the traffic on that network segment. B. Commonly will not reside on a discrete network segment and monitor the traffic on that network segment. C. Commonly reside on a discrete network segment and does not monitor the traffic on that network segment. D. Commonly reside on a host and and monitor the traffic on that specific host.

A

Of the following choices, which ones are considered objects in Access Control? (Select three) 1 data 2 hardware 3 applications 4 user A 1,2,3 B 2,3,4

A

Of the following, which is NOT a specific loss criteria that should be considered while developing a BIA? A. Loss of skilled workers knowledge B. Loss in revenue C. Loss in profits D. Loss in reputation

A

Of these choices, which are examples of preventive controls? (Select three) 1 written policies and procedures 2 employee background checks 3 intrusion detection systems 4 encryption of data A 1,2,4 B 1,3,4

A

Once an attacker gains remote control access over a system, they want to retain this illicit access. Some attackers will block the system update service to prevent new updates from fixing vulnerabilities that are needed to maintain remote control over the compromised system. To prevent such a compromised system from allowing the attacker to access resources on the network, what security mechanism should be implemented? A Network access control B A Web security gateway C Complex password authentication D Intrusion detection system

A

One of the servers in your DMZ has been experiencing a protracted attack from multiple internet sources, impacting its operability which of the following best describes this malicious activity? A DDOS B Botnet C Insider threat D Data Theft

A

One purpose of a security awareness program is to modify: A. employee's attitudes and behaviors towards enterprise's security posture B. management's approach towards enterprise's security posture C. attitudes of employees with sensitive data D. corporate attitudes about safeguarding data

A

Out of the steps listed below, which one is not one of the steps conducted during theBusiness Impact Analysis (BIA)? A. Alternate site selection B. Create data-gathering techniques C. Identify the company's critical business functions D. Select individuals to interview for data gathering

A

Packet Filtering Firewalls examines both the source and destination address of the: A. incoming and outgoing data packets B. outgoing data packets only C. Incoming Data packets only D. user data packet

A

Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network. Within which OSI/ISO layer isRPC implemented? A. Session layer B. Transport layer C. Data link layer D. Network layer

A

Tara works in the Concho Controls IT department and is responsible for designing and implementing the organization's backup strategy, among other tasks. She currently conducts full backups every Sunday evening at 8 p.m. and differential backups on Monday through Friday at noon. Concho experiences a server failure at 3 p.m. on Wednesday. Tara rebuilds the server and wants to restore data from the backups How many backups in total must Tara apply to the system to make the data it contains as current as possible? A 1 B 2 C 3 D 4

A

The Logical Link Control sub-layer is a part of which of the following? A. The ISO/OSI Data Link layer B. The Reference monitor C. The Transport layer of the TCP/IP stack model D. Change management control

A

The MOST common threat that impacts a business's ability to function normally is: A. Power Outage B. Water Damage C. Severe Weather D. Labor Strike

A

The address space for IPv6 is how many bits? A 128 bits B 32 bits C 132 bits D 144 bits

A

This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I ? A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack

A

Unshielded Twisted Pair cabling is a: A. four-pair wire medium that is used in a variety of networks. B. three-pair wire medium that is used in a variety of networks. C. two-pair wire medium that is used in a variety of networks. D. one-pair wire medium that is used in a variety of networks.

A

Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is: A. Not possible B. Only possible with key recovery scheme of all user keys C. It is possible only if X509 Version 3 certificates are used D. It is possible only by "brute force" decryption

A

What does the simple security (ss) property mean in the Bell-LaPadula model? A. No read up B. No write down C. No read down D. No write up

A

What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities

A

What form of VPN is based on a Transport-layer standard for encryption that is commonly used for Application-layer protocol protection? A SSL VPN B IPSec VPN C PPTP VPN D L2TP VPN

A

What form of monitoring involves the injection of packets into communications in order to measure performance of various elements in the network? A Active monitoring B Post mortem monitoring C Collaborative monitoring D Passive monitoring

A

What is NOT an authentication method within IKE and IPsec? A. CHAP B. Pre shared key C. certificate based authentication D. Public key authentication

A

What is NOT true about a one-way hashing function? A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message

A

What is RAD? A. A development methodology B. A project management technique C. A measure of system complexity D. Risk-assessment diagramming

A

What is a common means to discover a violating event? A Intrusion detection system (IDS) B Multi-factor authentication C Asymmetric encryption D Certificate revocation

A

What is called an automated means of identifying or authenticating the identity of a living person based on physiological or behavioral characteristics? A. Biometrics B. Micrometrics C. Macrometrics D. MicroBiometrics

A

What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system? A. False Rejection Rate (FRR) or Type I Error B. False Acceptance Rate (FAR) or Type II Error C. Crossover Error Rate (CER) D. True Rejection Rate (TRR) or Type III Error

A

What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time? A. Authentication B. Identification C. Integrity D. Confidentiality

A

What is defined as the rules for communicating between computers on a Local AreaNetwork (LAN)? A. LAN Media Access methods B. LAN topologies C. LAN transmission methods D. Contention Access Control

A

What is it called when a computer uses more than one CPU in parallel to execute instructions? A. Multiprocessing B. Multitasking C. Multithreading D. Parallel running

A

What is malware that can spread itself over open network connections? A. Worm B. Rootkit C. Adware D. Logic Bomb

A

What is the activity called where hackers travel around an area in search for wireless network signals? A War driving B War dialing C Banner grabbing D Footprinting

A

What is the best means to restore the most current form of data when a backup strategy is based on starting each week off with a full backup followed by a daily differential? A Restore the initial week's full backup and then the last differential backup before the failure. B Restore only the last differential backup. C Restore the initial week's full backup and then each differential backup up to the failure. D Restore the last differential backup and then the week's full backup.

A

What is the definition of the principle of least privilege? A Users are assigned minimal privileges sufficient to accomplish job responsibilities. B All users are assigned the same privilege level. C Users determine their own privilege level. D No users are assigned sufficient privilege.

A

What is the role of IKE within the IPsec protocol? A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service

A

What is the technology that enables a user to authenticate to a company network from their assigned workstation and then be able to interact with resources throughout the private network without needing to enter additional credentials? A Single sign-on B CHAP C Multifactor authentication D AAA services

A

What is the term used to refer to an activity, occurrence, or event which could cause damage or harm to an organization? A Incident B Alarm C Baseline D Clipping level

A

What is used to protect programs from all unauthorized modification or executional interference? A. A protection domain B. A security perimeter C. Security labels D. Abstraction

A

What kind of certificate is used to validate a user identity? A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate

A

Which disaster recovery/emergency management plan testing type is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting a more demanding training exercise? A Structured walk-through test B Full failover test C Simulation test D Tabletop exercise

A

Which is NOT a suitable method for distributing certificate revocation information? A. CA revocation mailing list B. Delta CRL C. OCSP (online certificate status protocol) D. Distribution point CRL

A

Which of the following is most accurate concerning data warehousing and big data architecture? A Big data is so large that standard relational database management systems do not work. Data must be processed by parallel processors. B Data is processed using auto-synthesis to enhance processing speed. C Data warehouses are used for long-term storage of archive data. D Data can never be processed in real time.

A

Which of the following is most appropriate to notify an external user that session monitoring is being conducted? A. Logon Banners B. Wall poster C. Employee Handbook D. Written agreement

A

Which of the following options best describes a hacker with an agenda? A Hacktivist B Cracker C Nation state D Anarchist

A

Which of the following protocols operates at the session layer (layer 5)? A. RPC B. IGMP C. LPD D. SPX

A

Which one of the following choices can be used to hide data within a graphic posted on a website? A Steganography B AES C TLS D IPsec

A

Which one of the following components is used to assign classifications to objects in a mandatory access control system? A Security label B Security token C Security descriptor D Security capability

A

Your organization is evaluating several authentication scenarios. Management wants to implement a solution that provides SSO. Of the following choices, which provides SSO capabilities? A Kerberos B MAC C DAC D Role-BAC

A

Your organization is implementing stronger authentication mechanisms. Management wants to ensure that users are connecting remotely to the network are using one time passwords. Which of the following uses a one-time password? A synchronous token B ABAC model C Kerberos ticket-granting ticket D Brewer-Nash architecture

A

A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include? A. Marketing/Public relations B. Data/Telecomm/IS facilities C. IS Operations D. Facilities security

B

A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)? A. Covert channel B. Overt channel C. Opened channel D. Closed channel

B

After a company is out of an emergency state, what should be moved back to the original site first? A. Executives B. Least critical components C. IT support staff D. Most critical components

B

Communications and network security relates to transmission of which of the following? A. voice B. voice and multimedia C. data and multimedia D. voice, data and multimedia

B

In biometric identification systems, the parts of the body conveniently available for identification are: A. neck and mouth B. hands, face, and eyes C. feet and hair D. voice and neck

B

Which of the following is NOT an example of an operational control? A. backup and recovery B. Auditing C. contingency planning D. operations procedures

B

Which of the following is NOT true about IPSec Tunnel mode? A. Fundamentally an IP tunnel with encryption and authentication B. Works at the Transport layer of the OSI model C. Have two sets of IP headers D. Established for gateway service

B

Which of the following is NOT true of the Kerberos protocol? A. Only a single login is required per session. B. The initial authentication steps are done using public key algorithm. C. The KDC is aware of all systems in the network and is trusted by all of them D. It performs mutual authentication

B

Which of the following is a disadvantage of a statistical anomaly-based intrusion detection system? A. it may truly detect a non-attack event that had caused a momentary anomaly in the system. B. it may falsely detect a non-attack event that had caused a momentary anomaly in the system. C. it may correctly detect a non-attack event that had caused a momentary anomaly in the system. D. it may loosely detect a non-attack event that had caused a momentary anomaly in the system.

B

Which of the following is a security program used in many banks to verify the ethics and job performance of a bank manager? A Ethical investigation B Mandatory vacation C Mandatory cruise D M of N

B

Which of the following is a telecommunication device that translates data from digital to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator

B

Which of the following is a typical method of communicating a policy or policy change? A Phone e-mailed blast B Intranet announcement C Handouts D Instagram announcement

B

Which of the following is an example of a passive attack? A. Denying services to legitimate users B. Shoulder surfing C. Brute-force password cracking D. Smurfing

B

Which of the following is an example of an active attack? A. Traffic analysis B. Scanning C. Eavesdropping D. Wiretapping

B

Which of the following is an inaccurate statement about an organization's encryption policy? A Private keys should be protected at all times. B Local data should always be encrypted with the user's public key. C The longer the storage, the longer the key. D Important keys should be kept in a storage location or key escrow.

B

Which of the following is best at defeating frequency analysis? A. Substitution cipher B. Polyalphabetic cipher C. Transposition cipher D. Ceasar Cipher

B

Which of the following is biggest factor that makes Computer Crimes possible? A. The fraudster obtaining advanced training & special knowledge. B. Victim carelessness. C. Collusion with others in information processing. D. System design flaws.

B

Which of the following is commonly used as an asymmetric solution in mobile devices because it requires less processing power than the other solutions? A RSA B ECC C AES D 3DES

B

Which of the following is commonly used to secure email? A SHA-3 B S/MIME C IPSec D AES

B

Which of the following is the core of fiber optic cables made of? A. PVC B. Glass fibers C. Kevlar D. Teflon

B

Which of the following pairings uses technology to enforce access control policies? A. Preventive/Administrative B. Preventive/Technical C. Preventive/Physical D. Detective/Administrative

B

Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors

B

Which of the following protocols is referred to as connection oriented? A NAT B TCP C UDP D SYN

B

Which of the following protocols translate private IP addresses to public IP addresses? A DNS B NAT C ARP D HTTP

B

Which of the following questions are least likely to help in assessing controls covering audit trails? A. Does the audit trail provide a trace of user actions? B. Are incidents monitored and tracked until resolved? C. Is access to online logs strictly controlled? D. Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

B

Which of the following questions is less likely to help in assessing physical access controls? A. Does management regularly review the list of persons with physical access to sensitive facilities? B. Is the operating system configured to prevent circumvention of the security software and application controls? C. Are keys or other access devices needed to enter the computer room and media library? D. Are visitors to sensitive areas signed in and escorted?

B

Which of the following security modes of operation involves the highest risk? A. Compartmented Security Mode B. Multilevel Security Mode C. System-High Security Mode D. Dedicated Security Mode

B

Which of the following statements pertaining to IPSec is incorrect? A. IPSec can help in protecting networks from some of the IP network attacks. B. IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication. C. IPSec protects against man-in-the-middle attacks. D. IPSec protects against spoofing.

B

Which of the following statements pertaining to access control is false? A. Users should only access data on a need-to-know basis. B. If access is not explicitly denied, it should be implicitly allowed. C. Access rights should be granted based on the level of trust a company has on a subject. D. Roles can be an efficient way to assign rights to a type of user who performs certain tasks.

B

Which of the following statements pertaining to disk mirroring is incorrect? A. Mirroring offers better performance in read operations but writing hinders system performance. B. Mirroring is a hardware-based solution only. C. Mirroring offers a higher fault tolerance than parity. D. Mirroring is usually the less cost-effective solution.

B

Which of the following statements pertaining to key management is incorrect? A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.

B

Which of the following would be the best reason for separating the test and development environments? A. To restrict access to systems under test. B. To control the stability of the test environment. C. To segregate user and development staff. D. To secure access to systems under development.

B

Which one of the following is considered a strong hashing algorithm? A MD5 B SHA-3 C AES D TLS

B

Within the realm of IT security, which of the following combinations best defines risk? A. Threat coupled with a breach B. Threat coupled with a vulnerability C. Vulnerability coupled with an attack D. Threat coupled with a breach of security

B

You are comparing MAC-based architectures. Which of the following choices best describes the goal of the Clark-Wilson Model? A integrity by preventing a conflict of interest B integrity through the enforcement of separation of duties C confidentiality by preventing a conflict of interest D confidentiality through the enforcement of separation of duties

B

You are comparing different MAC-based architecture models. What is the primary goal of the Brewer-Nash Model? A confidentiality B prevention of conflict of interest C enforcement of separation of Duties D integrity

B

You are comparing the rules used by the Bell-Lapadula model and the Biba model. What is the primary goal of the Bell-Lapadula model? A integrity B confidentiality C availability D authentication

B

You are designing a backup strategy for several key servers. You have time to do a full backup on Sunday, but not enough time to do a full backup daily. Additionally, you must reduce the amount of time needed to complete a restore if needed. What strategy should you use? A full backups daily B full/differential C full/incremental D daily copies

B

You are evaluating antivirus software for your organization. One brand indicates that it includes heuristics to detect malware. How does a heuristics base can detect malware? A by checking the file against a list of known signatures B by using a sandboxing technique C by first running the virus in a honeypot D by preventing unknown software from running

B

You are reviewing very security controls implemented in your organization. Which of the following best describes an administrative control? A a control that uses technical means within computer systems to reduce risk B a control that uses training and written documents such as security policies to reduce risk C a control that you can touch D a control that is preventative in nature

B

You have completed a risk assessment and determined that you can purchase a control to eliminate a specific risk for $20,000. The SLE is $2,000 and the ARO is five. Is this cost justified? A yes the cost of the control is less than the savings B no the cost of control exceeds the savings C yes the cost of control exceeds the ARO D no the cost of the control is less than the ARO

B

Your company adopts a new end-user security awareness program. This training includes malware introduction, social media issues, password guidelines, data exposure, and lost devices. How often should end users receive this training? A once a year and upon termination B upon new hire and once a year thereafter C upon termination D twice a year E upon new hire F once a year

B

Which of the following tools is LEAST likely to be used by a hacker? A. l0phtcrack B. Tripwire C. OphCrack D. John the Ripper

B; Tripwire is an integrity checking product, triggering alarms when important files (e.g. system or configuration files) are modified.This is a tool that is not likely to be used by hackers, other than for studying its workings in order to circumvent it.

What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions? A. A B. D C. E D. F

B; "minimal protection" is reserved for systems that were evaluated under the TCSEC but did not meet the requirements for a higher trust level.

Which TCSEC level is labeled Controlled Access Protection? A. C1 B. C2 C. C3 D. B1

B; C2 is labeled Controlled Access Protection.The TCSEC defines four divisions: D, C, B and A where division A has the highest security.Each division represents a significant difference in the trust an individual or organization can place on the evaluated system. Additionally divisions C, B and A are broken into a series of hierarchical subdivisions called classes: C1, C2, B1, B2, B3 and A1.

Which division of the Orange Book deals with discretionary protection (need-to-know)? A. D B. C C. B D. A

B; D is incorrect. D deals with minimal security.B is incorrect. B deals with mandatory protection.A is incorrect. A deals with verified protection.Reference(s) used for this question:

An initialization vector (IV) when used in a cipher block mode serves what purpose? A Ensures that the code is repetitive B Increases the speed of computations C Adds to the encryption power of a password or key D Enhances the strength of an owner's public key

C

An intrusion prevention system (IPS) is considered a more active security product than that of an intrusion detection system (IDS). Which of the following is an active response? A Notify administrators B Launch analysis engines C Disconnect a session D Trigger additional logging

C

An organization has considered the risk associated with a potential fire at its business location. The organization has decided to purchase fire insurance to cover its losses of a fire occurring. What is this called? A risk mitigation B risk avoidance C risk transference D risk acceptance

C

An organization has created an acceptable use policy how should this be communicated to users? A warning banner B email C by requiring users to review and acknowledge the policy D post on an intranet website

C

An organization has implemented access controls to ensure that only authorized personnel are able to access systems and data within an organization system. What risk management strategy is the organization using to prevent the risk of a loss of confidentiality? A acceptance B avoidance C mitigation D transference

C

An organization has recently completed a security audit that has identified different vulnerabilities and its processes and procedures. What needs to be done to mitigate these vulnerabilities? A remove the threats B schedule an additional security audit C Implement fixes D identify the risk

C

An organization has taken several steps to mitigate risk. Who is responsible for the risk that remains? A security professionals B administrators C senior management D supervisors

C

An organization wants to ensure that users are aware of what they can and cannot do with IT systems owned and controlled by the organization. What should be used to document these guidelines? A security policy B configuration control policy C acceptable use policy D backup policy

C

An organizational security policy defines the requirements of implementing and managing security. Many of the elements of a security policy are dictated to the organization by many entities, while others are adopted based on other factors. The document type known as a standard clarifies and prioritizes these elements. Which of the following is UNLIKELY to be used as a source for a company's standards? A Government regulations B Industry best practices C Monetary expediency evaluations D Contractual obligations

C

An owner of an online service needs to shut down his Internet operation for about three months in order to focus on family issues. He has recently purchased a three-year extended validation certificate from a certificate authority. He is concerned that during his absence from the Internet, an attack may attempt to impersonate his site using his certificate. How can this owner temporarily prevent use of his certificates while maintaining his ability to use it again once he brings his Web site back online? A Obfuscation B Termination C Suspension D Revocation

C

At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed? A. Network layer B. Session layer C. Transport layer D. Data link layer

C

Controls to keep password sniffing attacks from compromising computer systems include which of the following? A. static and recurring passwords. B. encryption and recurring passwords. C. one-time passwords and encryption. D. static and one-time passwords.

C

Due care is NOT related to: A. Good faith B. Prudent man C. Profit D. Best interest

C

How does hashing detect integrity violations? A The bit length of the hash must be divisible by three. B The content of the hash is verified against the standard. C A before and after hash value is compared. D The length of the hash is checked.

C

What is a significant difference between the secure protocols of TLS-encrypted SMTP and the use of S/MIME for the protection of e-mail communications? A One is used to create digital signatures, while the other creates digital envelopes. B One uses symmetric encryption, while the other uses asymmetric encryption. C One provides end-to-end protection of messages, while the other only secures a local link. D One uses digital certificates, while the other only uses password authentications.

C

What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate? A. False Rejection Rate (FRR) or Type I Error B. False Acceptance Rate (FAR) or Type II Error C. Crossover Error Rate (CER) D. Failure to enroll rate (FTE or FER)

C

What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values? A. Mandatory model B. Discretionary model C. Lattice model D. Rule model

C

What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept? A. The reference monitor B. Protection rings C. A security kernel D. A protection domain

C

What is one of the more complicated legal concerns related to cloud computing when a legal investigation needs to obtain evidence, but the evidence may be stored on systems in a borderless cloud solution spread across multiple countries? A Ownership B Privacy C Jurisdiction D eDiscovery

C

What special component on a motherboard can be used to securely store the encryption key for whole drive encryption? A CMOS B RAM C TPM D CPU

C

When an organization has a properly implemented enterprise risk management (ERM), what is the tool used to list and categorize each discovered or encountered risk? A Cost/benefit equation B Delphi technique C Risk register D Threat model

C

When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass: A. packet filtering B. CIrcuit level proxy C. Dynamic packet filtering D. Application level proxy

C

When backing up an applications system's data, which of the following is a key question to be answered first? A. When to make backups B. Where to keep backups C. What records to backup D. How to store backups

C

When considering an IT System Development Life-cycle, security should be: A. Mostly considered during the initiation phase. B. Mostly considered during the development phase. C. Treated as an integral part of the overall system design. D. Added once the design is completed.

C

When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court? A. Back up the compromised systems. B. Identify the attacks used to gain access. C. Capture and record system information. D. Isolate the compromised systems.

C

When is a search warrant required? A When evidence is in the possession of an authority that is willing to give consent B When evidence is collected in connection with a lawful arrest C When evidence is located within a private location D When evidence is in plain sight of a law enforcement officer

C

When performing system hardening, what are the two primary phases or operations to be performed? A Use a cable lock for portable devices, and define complex authentication factors. B Update to current version, and encrypt all communications. C Remove what is unnecessary, and lock down whatever remains. D Lock down access control, and implement monitoring.

C

Which OSI/ISO layer is responsible for determining the best route for data to be transferred? A. Session layer B. Physical layer C. Network layer D. Transport layer

C

Which access control model is also called Non Discretionary Access Control (NDAC)? A. Lattice based access control B. Mandatory access control C. Role-based access control D. Label-based access control

C

Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy? A. Mandatory Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Rule-based Access control

C

Which answer is most accurate regarding IEEE 802.11i? A Provides both 5 GHz and 2.4 GHz compatibility B Provides 54 Mbit/s using the 2.4 GHz frequency spectrum C Provides security enhancements using WPA2 D Provides security enhancements using WEP

C

Which of the following algorithms does NOT provide hashing? A. SHA-1 B. MD2 C. RC4 D. MD5

C

Which of the following are WELL KNOWN PORTS assigned by the IANA? A. Ports 0 to 255 B. Ports 0 to 1024 C. Ports 0 to 1023 D. Ports 0 to 127

C

Which of the following is a symmetric algorithm? A Diffie-Hellman B RSA C AES D HMAC

C

Which of the following networking devices allows the connection of two or more homogeneous LANs in a simple way where they forward the traffic based on the MAC address ? A. Gateways B. Routers C. Bridges D. Firewalls

C

Which of the following offers confidentiality to an e-mail message? A. The sender encrypting it with its private key. B. The sender encrypting it with its public key. C. The sender encrypting it with the receiver's public key. D. The sender encrypting it with the receiver's private key.

C

Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options? A. Detailed design B. Implementation C. Product design D. Software plans and requirements

C

Which of the following services relies on UDP? A. FTP B. Telnet C. DNS D. SMTP

C

Which of the following standards concerns digital certificates? A. X.400 B. X.25 C. X.509 D. X.75

C

Which of the following would be used to implement Mandatory Access Control (MAC)? A. Clark-Wilson Access Control B. Role-based access control C. Lattice-based access control D. User dictated access control

C

Which of the following would best define a digital envelope? A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's private key.

C

Who is responsible for initiating corrective measures and capabilities used when there are security violations? A. Information systems auditor B. Security administrator C. Management D. Data owners

C

Who is ultimately responsible for the security of computer based information systems within an organization? A. The tech support team B. The Operation Team. C. The management team. D. The training team.

C

Who should direct short-term recovery actions immediately following a disaster? A. Chief Information Officer. B. Chief Operating Officer. C. Disaster Recovery Manager. D. Chief Executive Officer.

C

Why are locks used on doors in secured areas? A To detect access attempts B To prevent all intrusions C To keep people honest D To direct intruders to open areas

C

Why is change control and management used as a component of software asset management? A To stop changes from being implemented into an environment B To oversee the asset procurement process C To prevent or reduce unintended reduction in security D To restrict the privileges assigned to compartmentalized administrators

C

You are comparing elements of the CIA Triad. Of the following choices, what represents the best choice to ensure Confidentiality of data? A hashing B failover cluster C encryption D RAID drives

C

Which security model uses division of operations into different parts and requires different users to perform each part? A. Bell-LaPadula model B. Biba model C. Clark-Wilson model D. Non-interference model

C; The Clark-Wilson model uses separation of duties, which divides an operation into different parts and requires different users to perform each part. This prevents authorized users from making unauthorized modifications to data, thereby protecting its integrity.The Clark-Wilson integrity model provides a foundation for specifying and analyzing an integrity policy for a computing system.

A company has classified its data using a common classification scheme used within private organizations. Of the following choices, what is most likely represents the most valuable data deserving the highest level of protection? A public B internal C unrestricted D confidential

D

Data is sent as bits at what layer of the OSI model? A Transport B Network C Data Link D Physical

D

Dogs, guards, and fences are all common examples of what type of control? A Detective B Recovery C Administrative D Physical

D

What is the Biba security model concerned with? A. Confidentiality B. Reliability C. Availability D. Integrity

D

What is the maximum key size for the RC5 algorithm? A. 128 bits B. 256 bits C. 1024 bits D. 2040 bits

D

What is the means of incident or violation detection which is based on a collected sample of the unwanted activity? A Heuristic B Behavioral C Anomaly D Signature

D

What is the most critical document of the computer forensic process to ensure that evidence is admissible in court? A Evidence collection sheet B Consent form C Search warrant D Chain of custody

D

What is the most secure way to dispose of information on a CD-ROM? A. Sanitizing B. Physical damage C. Degaussing D. Physical destruction

D

What is the primary role of smartcards in a PKI? A. Transparent renewal of user keys B. Easy distribution of the certificates between the users C. Fast hardware encryption of the raw data D. Tamper resistant, mobile storage and application of private keys of the users

D

What is the prime objective of code signing? A To verify the author and integrity of downloadable code that is signed using a public key B To verify the author and integrity of downloadable code that is signed using a symmetric key C To verify the author and integrity of downloadable code that is signed using a master key D To verify the author and integrity of downloadable code that is signed using a private key

D

What is the term used to describe the process of a certificate authority extending the expiration date of a digital certificate? A Suspension B Revocation C Reissue D Renewal

D

What physical characteristic does a retinal scan biometric device measure? A. The amount of light reaching the retina B. The amount of light reflected by the retina C. The pattern of light receptors at the back of the eye D. The pattern of blood vessels at the back of the eye

D

What refers to legitimate users accessing networked services that would normally be restricted to them? A. Spoofing B. Piggybacking C. Eavesdropping D. Logon abuse

D

What security model implies a central authority that define rules and sometimes global rules, dictating what subjects can have access to what objects? A. Flow Model B. Discretionary access control C. Mandatory access control D. Non-discretionary access control

D

What standards-based technology is supported on most platforms and is used as a remote authentication service? A Kerberos B NTLM C TACACS+ D RADIUS

D

What type of attack cannot be blocked or resolved with a software fix or a hardware upgrade? A Spoofing B Data theft C Botnet D Social engineering

D

What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month? A. 100 B. 120 C. 1 D. 1200

D

When Richard receives the message from Matthew, what key should he use to decrypt the message? A Matthew's public key B Matthew's private key C Richard's public key D Richard's private key

D

When crafting a digital signature, what are the initial steps in the process performed by the sender? A Encrypt the message with a symmetric key. B Sign the message with the recipient's public key. C Hash the message, and then encrypt the message with the private key. D Hash the message, and then encrypt the digest with the private key.

D

When should a post-mortem review meeting be held after an intrusion has been properly taken care of? A. Within the first three months after the investigation of the intrusion is completed. B. Within the first week after prosecution of intruders have taken place, whether successful or not. C. Within the first month after the investigation of the intrusion is completed. D. Within the first week of completing the investigation of the intrusion.

D

Which choice best describes a zombie? A Malware that logs keystrokes B A type of root kit C A tool used to achieve privilege escalation D A member of a botnet

D

Which means of authentication is NOT supported by IPSec? A NTLM B Digital certificate C Static password D Biometrics

D

Which of the following IEEE standards defines the token ring media access method? A. 802.3 B. 802.11 C. 802.5 D. 802.2

D

Which of the following is NOT a compensating measure for access violations? A. Backups B. Business continuity planning C. Insurance D. Security awareness

D

Which of the following is NOT a correct notation for an IPv6 address? A. 2001:0db8:0:0:0:0:1428:57ab B. ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 C. ::1 D. 2001:DB8::8:800::417A

D

Which of the following is less likely to be used today in creating a Virtual Private Network? A. L2TP B. PPTP C. IPSec D. L2F

D

Which of the following is not a single sign-on implementation? A Kerberos B ADFS C CAS D RADIUS

D

Which of the following is the MOST important aspect relating to employee termination? A. The details of employee have been removed from active payroll files. B. Company property provided to the employee has been returned. C. User ID and passwords of the employee have been deleted. D. The appropriate company staff are notified about the termination.

D

Which of the following is the least effective means to share files between multiple guest OSes? A Storage area networking B Shared virtual hard disk C Network attached storage D USB drive

D

Which of the following is the primary security feature of a proxy server? A. Virus Detection B. URL blocking C. Route blocking D. Content filtering

D

Which of the following is true of two-factor authentication? A. It uses the RSA public-key signature based on integers with large prime factors. B. It requires two measurements of hand geometry. C. It does not use single sign-on technology. D. It relies on two independent proofs of identity.

D

Which of the following is used as a framework to evaluate systems? It provides assurances that the specification, implementation, and evaluation of a system's security have gone through a rigorous and standardized process. A HIPAA B SOX C TCSEC D Common Criteria

D

Which of the following issues is not addressed by digital signatures? A. nonrepudiation B. authentication C. data integrity D. denial-of-service

D

Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival? A. A risk assessment B. A business assessment C. A disaster recovery plan D. A business impact analysis

D

Which of the following media is MOST resistant to tapping? A. microwave. B. twisted pair. C. coaxial cable. D. fiber optic.

D

Which of the following options best describes a cold site? A An alternate processing facility with most data processing hardware and software installed, which can be operational within a matter of hours to a few days B An alternate processing facility that has all hardware and software installed and is mirrored with the original site and can be operational within a very short period of time C A mobile trailer with portable generators and air-conditioning D An alternate processing facility with established electrical wiring and HVAC but no data processing hardware

D

Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network? A. Inbound packets with Source Routing option set B. Router information exchange protocols C. Inbound packets with an internal address as the source IP address D. Outbound packets with an external destination IP address

D

Which of the following protects Kerberos against replay attacks? A. Tokens B. Passwords C. Cryptography D. Time stamps

D

Which of the following protocols does not operate at the data link layer (layer 2)? A. PPP B. RARP C. L2F D. ICMP

D

Which of the following protocols is designed to send individual messages securely? A. Kerberos B. Secure Electronic Transaction (SET). C. Secure Sockets Layer (SSL). D. Secure HTTP (S-HTTP).

D

Which of the following protocols' primary function is to send messages between network devices regarding the health of the network? A. Reverse Address Resolution Protocol (RARP). B. Address Resolution Protocol (ARP). C. Internet Protocol (IP). D. Internet Control Message protocol (ICMP).

D

Which of the following questions is less likely to help in assessing identification and authentication controls? A. Is a current list maintained and approved of authorized users and their access? B. Are passwords changed at least every ninety days or earlier if needed? C. Are inactive user identifications disabled after a specified period of time? D. Is there a process for reporting incidents?

D

Which of the following rules is least likely to support the concept of least privilege? A. The number of administrative accounts should be kept to a minimum. B. Administrators should use regular accounts when performing routine operations like reading mail. C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible. D. Only data to and from critical systems and applications should be allowed through the firewall.

D

Which of the following server contingency solutions offers the highest availability? A. System backups B. Electronic vaulting/remote journaling C. Redundant arrays of independent disks (RAID) D. Load balancing/disk replication

D

Which of the following service is not provided by a public key infrastructure (PKI)? A. Access control B. Integrity C. Authentication D. Reliability

D

Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect? A. PPTP allow the tunnelling of any protocols that can be carried within PPP. B. PPTP does not provide strong encryption. C. PPTP does not support any token-based authentication method for users. D. PPTP is derived from L2TP.

D

Which of the following statements pertaining to ethical hacking is incorrect? A. An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. B. Testing should be done remotely to simulate external threats. C. Ethical hacking should not involve writing to or modifying the target systems negatively. D. Ethical hackers never use tools that have the potential of affecting servers or services.

D

Your organization host a web server that is accessible via the Internet and used for e-commerce. Administrators recently learned that an attack is compromised the certificates private key on this server. Which of the following is the most likely appropriate response? A set the expiration date to expire the certificate B cancel the certificate C recall the certificate D revoke the certificate

D

Your organization is using Kerberos for private network authentication. How does Kerberos demonstrate to a resource host that the identity of a user is valid? A A shared credential is issued to each principle in the realm. B A unique session key is used to encrypt the authentication communications. C A TGT is issued to the resource host. D An ST is issued to the user, which is then sent to the resource host.

D


Ensembles d'études connexes

MH: Foundations and Practice of MH Nursing

View Set

PM - 127 Generating product ideas

View Set

Biology EOC study guide: Inquiry, Basica of Life, and cell structure and function (pages 3-6)

View Set

Biology 523-Test 1 Quiz Questions

View Set

Personal and Community Health - CH 3

View Set

NURS4000 Unit 5 Practice questions w/ rationales

View Set