Certified In Cybersecurity
4. Which type of key can be used to both encrypt and decrypt the same message? A private key An asymmetric key A public key A symmetric key
Symmetric-key algorithms are a class of cryptographic algorithms that use a single key for both encrypting and decrypting of data. Asymmetric cryptography uses pairs of related keys: the public and the corresponding private keys. A message encrypted with the public key can only be decrypted by its corresponding private key, and vice versa. The term 'asymmetric key' is not applicable here.
3. If there is no time constraint, which protocol should be employed to establish a reliable connection between two devices? SNMP DHCP TCP UDP
TCP TCP is used for connection-oriented communication, verifies data delivery, and is known to favor reliability. In a congested network, TCP delays data transmission, and thus cannot guarantee delivery under time constraints. UDP favors speed and efficiency over reliability, and thus cannot ensure a reliable connection. DHCP and SNMP are (respectively) a device configuration and a device management protocol, which means that neither aims to establish connections between devices.
14. Which are the three packets used on the TCP connection handshake? (★) Offer → Request → ACK Discover → Offer → Request SYN → ACK → FIN SYN → SYN/ACK → ACK
TCP uses a three-way handshake to establish a reliable connection by exchanging three packets with the SYN, SYN/ACK and ACK flags. Although SYN, ACK and FIN are valid TCP packet flags, the sequence SYN → ACK → FIN is not the TCP handshake. Both the sequences Discover → Offer → Request and Offer → Request → ACK are used in DHCP (but are still incomplete, since DHCP is a four-way handshake).
The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______. (D5.3, L5.3.1) A) The user who signed it B) The regulators overseeing that industry C) Lawmakers D) The Public Relations office
The AUP is an agreement between the user and the organization, so both parties need to keep a copy of it. A is the correct answer.
12. Which of the following is a public IP? 172.16.123.1 192.168.123.1 10.221.123.1 13.16.123.1
The ranges of IP addresses 10.0.0.0 to 10.255.255.254, 172.16.0.0 to 172.31.255.254, and 192.168.0.0 to 192.168.255.254 are reserved for private use (see ISC2 Study Guide, chapter 4, module 1, under Internet Protocol - IPv4 and IPv6). Therefore, the IP address 13.16.123.1 is the only address in a public range.
Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a ________. (D3, L3.2.1) A) Turnstile B) Fence C) Vacuum D) Firewall
A firewall is a solution used to filter traffic between networks, including between the internal environment and the outside world.
The cloud deployment model where a company has resources on-premise and in the cloud is known as: Multi-tenant Community cloud Private cloud Hybrid cloud
A hybrid cloud is a model that combines (i.e. orchestrates) on-premise infrastructure, private cloud services, and a public cloud to handle storage and service. A community cloud is an infrastructure where multiple organizations share resources and services based on common technological and regulatory necessities. Multi-tenancy refers to a context where several of a cloud vendor's customers share the same computing resources. A private cloud is a cloud computing model where the cloud infrastructure is dedicated to a single organization.
Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi's account? (D3, L3.1.1) A) Privileged B) Internal C) External D) User
A is Correct. This is the description of a privileged account; an account that typically needs greater permissions than a basic user
Which type of fire-suppression system is typically the safest for humans? (D4.3 L4.3.1) A) Water B) Dirt C) Oxygen-depletion D) Gaseous
A is correct as it is the safest fire-suppression system listed that is typically used
Which of the following probably poses the most risk? (D1, L1.2.1) A) A high-likelihood, high-impact event B) A high-likelihood, low-impact event C) A low-likelihood, high-impact event D) A low-likelihood, low-impact event
A is correct. An event that is has a significant probability of occurring ("high-likelihood") and also has a severe negative consequence ("high-impact") poses the most risk. The other answers all pose less risk, because either the likelihood or impact is described as "low." This is not to say that these risks can be dismissed, only that they are less significant than the risk posed by answer A.
All of the following are typically perceived as drawbacks to biometric systems, except: (D3, L3.2.1) A) Lack of accuracy B) Potential privacy concerns C) Retention of physiological data past the point of employment D) Legality
A is correct. Biometric systems can be extremely accurate, especially when compared with other types of access controls
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1) A) Administrative B) Finite C) Physical D) Technica
A is correct. Both the policy and the instruction are administrative controls; rules and governance are administrative.
A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. (D1, L1.1.1) A) Non-repudiation B) Multifactor authentication C) Biometrics D) Privacy
A is correct. Non-repudiation is the concept that users cannot deny they have performed transactions that they did, in fact, conduct. A system that keeps a record of user transactions provides nonrepudiation.
Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________. (D1, L1.2.2) A) Risk tolerance B) Risk inversion C) Threat D) Vulnerability
A is correct. Phrenal has decided there is an acceptable level of risk associated with the online sale of the laptop; this is within Phrenal's risk tolerance
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database? (D3, L3.1.1) A) The object B) The rule C) The subject D) The site
A is correct. Prachi is manipulating the database, so the database is the object in the subject-object-rule relationship in this case.
Which of the following is likely to be included in the business continuity plan? (D2, L2.2.1) A) Alternate work areas for personnel affected by a natural disaster B) The organization's strategic security approach C) Last year's budget information D) Log data from all systems
A is correct. The business continuity plan should include provisions for alternate work sites, if the primary site is affected by an interruption, such as a natural disaster.
The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this? (D1, L1.4.1) A) Policy B) Procedure C) Standard D) Law
A is correct. This is an internal, strategic document, and is therefore a policy.
Triffid, Inc., wants to host streaming video files for the company's remote users, but wants to ensure the data is protected while it's streaming. Which of the following methods are probably best for this purpose? (D5.1, L5.1.3) A) Symmetric encryption B) Hashing C) Asymmetric encryption D) VLANs
A is the correct answer; symmetric encryption offers confidentiality of data with the least amount of processing overhead, which makes it the preferred means of protecting streaming data.
A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. (D4.1 L4.1.1) A) Router B) Switch C) Server D) Laptop
A server typically offers a specific service, such as hosting web pages or managing email, and is often accessed by multiple users
9. With respect to risk management, which of the following options should be prioritized? - The frequency of occurrence is low, and the expected impact value is high - The expected probability of occurrence is low, and the potential impact is low - The expected probability of occurrence is high, and the potential impact is - The frequency of occurrence is high, and the expected impact value is low
A. The frequency of occurrence is low, and the expected impact value is high. The highest priority should be given to risks estimated to high impact and low probability over high probability and low impact value (ISC2 Study Guide, Chapter 1, Module 2). In qualitative risk analysis, the 'expected probability of occurrence' and the 'frequency of occurrence' refer to the same thing. The same goes for the concepts of expected impact value (NIST SP 800-30 Rev. 1 under Impact Value) and potential impact (NIST SP 800-60 Vol. 1 Rev. 1 under Potential Impact).
Garfield is a security analyst at Triffid, Inc. Garfield notices that a particular application in the production environment is being copied very quickly, across systems and devices utilized by many users. What kind of attack could this be? (D4.2 L4.2.1) A) Spoofing B) Side channel C) Trojan D) Worm
Activity of this type, where an application or file is replicating rapidly across an entire environment, is often indicative of a worm. D is correct
Data retention periods apply to ____ data. (D5.1, L5.1.1) A) Medical B) Sensitive C) All D) Secret
All data should have specific retention periods (even though retention periods may differ for various types of data). C is the correct answer
Which port is used to secure communication over the web (HTTPS)? 25 69 443 80
All options show examples of logical communication ports. Port 80 is reserved for plain HTTP connections, port 69 for TFTP protocol; and port 25 for SMTP protocol. Port 443 is the one reserved for HTTPS connections.
You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday. This is an example of a(n) _______. (D2, L2.1.1) incide A) Incident B) Event C) Attack D) Threat
An event is any observable occurrence within the IT environment. (Any observable occurrence in a network or system. (Source: NIST SP 800-61 Rev 2) While an event might be part of an incident, attack, or threat, no other information about the event was given in the question, so B is the correct answer.
In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. (D1, L1.2.1 A) Fear B) Threat C) Control D) Asset
B is correct. A threat is something or someone that poses risk to the organization; this is the definition of a threat.
What is the risk associated with delaying resumption of full normal operations after a disaster? (D2, L2.3.1) A) People might be put in danger B) The impact of running alternate operations for extended periods C) A new disaster might emerge D) Competition
B is correct. Alternate operations are typically more costly than normal operations, in terms of impact to the organization; extended alternate operations could harm the organization as much as a disaster.
In risk management concepts, a(n) _________ is something a security practitioner might need to protect. (D1, L1.2.1) A) Vulnerability B) Asset C) Threat D) Likelihood
B is correct. An asset is anything with value, and a security practitioner may need to protect assets
What is the overall objective of a disaster recovery (DR) effort? (D2, L2.3.1) A) Save money B) Return to normal, full operations C) Preserve critical business functions during a disaster D) Enhance public perception of the organization
B is correct. DR efforts are intended to return the organization to normal, full operations
Which of the following roles does not typically require privileged account access? (D3, L3.1.1) A) Security administrator B) Data entry professional C) System administrator D) Help Desk technician
B is correct. Data entry professionals do not usually need privileged access.
Which of the following will have the most impact on determining the duration of log retention? (D3, L3.2.1) A) Personal preference B) Applicable laws C) Industry standards D) Type of storage media
B is correct. Laws will have the most impact on policies, including log retention periods, because laws cannot be contravened. All the other answers may have some impact on retention periods, but they will never have as much impact as applicable laws.
Chad is a security practitioner tasked with ensuring that the information on the organization's public website is not changed by anyone outside the organization. This task is an example of ensuring _________. (D1, L1.1.1) A) Confidentiality B) Integrity C) Availability D) Confirmation
B is correct. Preventing unauthorized modification is the definition of integrity
Proper alignment of security policy and business goals within the organization is important because: (D5.3, L5.3.1) A) Security should always be as strict as possible B) Security policy that conflicts with business goals can inhibit productivity C) Bad security policy can be illegal D) Security is more important than business
B is correct. Security is a support function in most organizations, not a business function; therefore, security policy must conform to business needs to avoid inhibiting productivity
Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of: (D3, L3.1.1) A) Two-person integrity B) Segregation of duties C) Software D) Defense in depth
B is correct. Segregation of duties, also called separation of duties, is used to reduce the potential for corruption or fraud within the organization. More than one person must be involved in a given process in order to complete that process.
A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a ________. (D1, L1.4.2) A) Law B) Procedure C) Standard D) Policy
B is correct. This is a set of instructions to perform a particular task, so it is a procedure (several procedures, actually—one for each platform).
The European Union (EU) law that grants legal protections to individual human privacy. (D1, L1.1.1) A) The Privacy Human Rights Act B) The General Data Protection Regulation C) The Magna Carta D) The Constitution
B is correct: The GDPR is the EU law that treats privacy as a human right.
By far, the most crucial element of any security instruction program. (D5.4, L5.4.1) A) Protect assets B) Preserve health and human safety C) Ensure availability of IT systems D) Preserve shareholder value
B is correct: This is the paramount rule in all security efforts
Which common cloud service model offers the customer the most control of the cloud environment? (D4.3 L4.3.2) A) Lunch as a service (LaaS) B) Infrastructure as a service (IaaS) C) Platform as a service (PaaS) D) Software as a service (SaaS)
B is correct; IaaS offers the customer the most control of the cloud environment, in terms of common cloud service models
Which common cloud deployment model typically features only a single customer's data/functionality stored on specific systems/hardware? (D4.3 L4.3.2) A) Public B) Private C) Community D) Hybrid
B is correct; this is the defining feature of private cloud
A tool that monitors local devices to reduce potential threats from hostile software. (D4.2 L4.2.3) A) NIDS (network-based intrusion-detection systems) B) Anti-malware C) DLP (data loss prevention) D) Firewall
B is correct; this is the purpose of anti-malware solutions.
Which of the following is probably most useful at the perimeter of a property? (D3, L3.2.1) A) A safe B) A fence C) A data center D) A centralized log storage facility
B is the best answer. Of the options listed, a fence would be most useful at the perimeter of a property
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly? (D4.2 L4.2.3) A) Pay all employees a bonus for allowing anti-malware solutions to be run on their systems B) Update the anti-malware solution regularly C) Install a monitoring solution to check the anti-malware solution D) Alert the public that this protective measure has been taken
B is the correct answer. Anti-malware solutions typically work with signatures for known malware; without continual updates, these tools lose their efficacy.
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2) A) Law, policy B) Policy, standard C) Policy, law D) Procedure, procedure
B is the correct answer. The Triffid document is a strategic, internal rule published by senior management; this is a policy. The SANS documents are industry best practices recognized globally; these are standards.
Carol is browsing the Web. Which of the following ports is she probably using? (D4, L4.1.2) A) 12 B) 80 C) 247 D) 999
B is the correct answer; port 80 is used for HTTP traffic, and HTTP is a Web-browsing protocol.
1. Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? (D1, L1.5.1) q A) Inform (ISC)² B) Pay the parking ticket C) Inform supervisors at Triffid D) Resign employment from Triffid
B) Pay the parking ticket
Bert wants to add a flashlight capability to a smartphone. Bert searches the internet for a free flashlight app, and downloads it to the phone. The app allows Bert to use the phone as a flashlight, but also steals Bert's contacts list. What kind of app is this? (D4.2 L4.2.1) A) DDOS B) Trojan C) Side channel D) On-path
B) Trojan This is a textbook example of a Trojan horse application. Bert has intentionally downloaded the application with the intent to get a desired service, but the app also includes a hostile component Bert is unaware of
When should a business continuity plan (BCP) be activated? (D2, L2.2.1) A) As soon as possible B) At the very beginning of a disaster C) When senior management decides D) When instructed to do so by regulators
C is correct. A senior manager with the proper authority must initiate the BCP.
At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1) This is an example of: A) Two-person integrity B) Segregation of duties C) Defense in depth D) Penetration testing
C is correct. Defense in depth is the use of multiple different (and different types of) overlapping controls to provide sufficient security
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? (D1, L1.3.1) A)Administrative B) Technical C) Physical D) Nuanced
C is correct. Physical controls, such as fences, walls and bollards, will be most likely to ensure cars cannot collide with pedestrians by creating actual barriers between cars and pedestrians.
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the ACL? (D3, L3.1.1) A) The subject B) The object C) The rule D) The firmware
C is correct. The ACL, in this case, acts as the rule in the subjectobject-rule relationship. It determines what Prachi is allowed to do, and what Prachi is not permitted to do.
A _____ is a record of something that has occurred. (D3, L3.2.1) A) Biometric B) Law C) Log D) Firewall
C is correct. This is a description of a log.
Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks? (D4.2 L4.2.3) A) Annual budgeting B) Conferences with senior leadership C) Updating and patching systems D) The annual shareholders' meeting
C is the correct answer. Keeping systems up to date is typically part of both the configuration management process and enacting best security practices
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitt A) Administrative B) Entrenched C) Physical D) Technical
D is correct. A GPS unit is part of the IT environment, so this is a technical control.
Which of the following is an example of a "something you are" authentication factor? (D1, L1.1.1) A) A credit card presented to a cash machine B) Your password and PIN C) A user ID D) A photograph of your face
D is correct. A facial photograph is something you are—your appearance.
Which of the following is a biometric access control mechanism? (D3, L3.2.1) A) A badge reader B) A copper key C) A fence with razor tape on it D) A door locked by a voiceprint identifier
D is correct. A lock that opens according to a person's voice is a type of biometric access control
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control. (D1, L1.3.1) A) Physical B) Administrative C) Passive D) Technical
D is correct. A software firewall is a technical control, because it is a part of the IT environment.
Within the organization, who can identify risk? (D1, L1.2.2) A)The security manager B) Any security team member C) Senior management D) Anyone
D is correct. Anyone within the organization can identify risk.
What is the goal of Business Continuity efforts? (D2, L2.2.1) A) Save money B) Impress customers C) Ensure all IT systems continue to operate D) Keep critical business functions operational
D is correct. Business Continuity efforts are about sustaining critical business functions during periods of potential interruption, such as emergencies, incidents, and disasters
For which of the following systems would the security concept of availability probably be most important? (D1, L1.1.1) A) Medical systems that store patient data B) Retail records of past transactions C) Online streaming of camera feeds that display historical works of art in museums around the world D) Medical systems that monitor patient condition in an intensive care unit
D is correct. Information that reflects patient condition is data that necessarily must be kept available in real time, because that data is directly linked to the patients' well-being (and possibly their life). This is, by far, the most important of the options listed.
The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1) A) Policy B) Procedure C) Standard D) Law
D is correct. The city council is a governmental body making a legal mandate; this is a law.
Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation? (D3, L3.1.1) A) Defense in depth B) Segregation of duties C) Least privilege D) Dual control
D is correct. This is an example of dual control, where two people, each with distinct authentication factors, must be present to perform a function.
Which of the following are not typically involved in incident detection? (D2, L2.1.1) A) Users B) Security analysts C) Automated tools D) Regulators
D is correct. Typically, regulators do not detect incidents, nor alert organizations to the existence of incidents.
The concept that the deployment of multiple types of controls provides better security than using a single type of control. (D4.3 L4.3.3) A) VPN B) Least privilege C) Internet D) Defense in depth
D is correct; defense in depth involves multiple types of controls to provide better security.
Hoshi is an (ISC) 2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? (D1, L1.5.1) A) recommend a different vendor/product B) recommend the cousin's product C) Hoshi should ask to be recused from the task D) disclose the relationship, but recommend the vendor/product
D is the best answer. According to the third Canon of the ISC2 Code of Ethics, members are required to "provide diligent and competent service to principals." Hoshi's principal here is Triffid, Hoshi's employer. It would be inappropriate for Hoshi to select the cousin's product solely based upon the family relationship; however, if the cousin's product is, in fact, the best choice for Triffid, then Hoshi should recommend that product. In order to avoid any appearance of impropriety or favoritism, Hoshi needs to declare the relationship when making the recommendation
Which common cloud service model only offers the customer access to a given application? (D4.3 L4.3.2) A) Lunch as a service (LaaS) B) Infrastructure as a service (IaaS) C) Platform as a service (PaaS) D) Software as a service (SaaS)
D is the correct answer. This is a description of how SaaS works.
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that operational managers have the utmost personal choice in determining which employees get access to which systems/data. Which method should Handel select? (D3, L3.3.1) A) Role-based access controls (RBAC) B) Mandatory access controls (MAC) C) Discretionary access controls (DAC) D) Security policy
DAC gives managers the most choice in determining which employees get access to which assets. C is the correct answer
Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack designed to affect the availability of the environment. Which of the following might be the attack Ludwig sees? (D4.2 L4.2.1 A) DDOS (distributed denial of service) B) Spoofing C) Exfiltrating stolen data D) An insider sabotaging the power supply
DDOS is an availability attack, often typified by recognizable network traffic; either too much traffic to be processed normally, or malformed traffic. A is the correct answer.
7. Which devices have the PRIMARY objective of collecting and analyzing security events? Hubs Routers Firewalls SIEM
Explanation A Security Information and Event Management (SIEM) system is an application that gathers security data from information system components and presents actionable information through a unified interface. Routers and Hubs aim to receive and forward traffic. Firewalls filter incoming traffic. Neither of these last three options aims at collecting and analyzing security events
2. Which of the following types of devices inspect packet header information to either allow or deny network traffic? Hubs Firewalls Routers Switches
Firewalls -Standard firewalls examine IP packet headers and flags in order to block or allow traffic from predefined rules. More recently, firewalls with Intrusion Detection Capability (IDC) also analyze each individual packet, looking for specific patterns known to be malicious, and then blocking traffic whenever such patterns are found. Routers, Switches, and Hubs have limited packet filtering capabilities, or none at all. A Router is a device that acts as a gateway between two or more networks by relaying and directing data packets between them. Hubs broadcast (i.e. copy) packets between ports so that all segments of a LAN can see all packets. A Switch is "smarter" than a Hub and can forward packets between network segments instead of copying them.
A device that is commonly useful to have on the perimeter between two networks. (D4.3 L4.3.3) A) User laptop B) IoT C) Camera D) Firewall
Firewalls are often useful to monitor/filter traffic between two networks
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk? (D4.2 L4.2.2) A) Firewall B) Turnstile C) Anti-malware D) Badge system
Firewalls can often identify hostile inbound traffic, and potentially counter it. A is the correct answer
19. Which of these is NOT a change management component? Approval Governance RFC Rollback
Governance All significant change management practices address typical core activities: Request For Change (RFC), Approval, and Rollback (see ISC2 Study Guide, chapter 5, module 3). Governance is not one of these practices.
The common term for systems that ensure proper temperature and humidity in the data center. (D4.3 L4.3.1) A) RBAC B) HVAC C) MAC
HVAC stands for "heating, ventilation and air conditioning," and is a common industry term. B is correct
Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort? (D5.1, L5.1.3) A) Hashing B) Clockwise rotation C) Symmetric encryption D) Asymmetric encryption
Hashing is a means to provide an integrity check. A is the correct answer.
Triffid, Inc., has many remote workers who use their own IT devices to process Triffid's information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues. Which of the following is probably most appropriate for this specific purpose? (D4.2 L4.2.2) A) HIDS (host-based intrusion-detection systems) B) NIDS (network-based intrusion-detection systems) C) LIDS (logistical intrusion-detection systems) D) Firewall
Host-based intrusion-detection systems are expressly designed for this purpose; each HIDS is installed on each endpoint machine. A is the correct answer
24. Which of the following is LESS likely to be part of an Incident Response Team (IRT)? Representatives of senior management Information security professionals Legal representatives Human Resources (Correct)
Human Resources The incident response team carries out the post-incident analysis phase of an incident response plan. They are a cross-functional group of individuals representing the management, technical and functional areas of responsibility most directly impacted by a security incident. In the incident response team, we typically find (i) representatives of senior management, (ii) information security professionals, (iii) legal representatives, (iv) public affairs/communications representatives, (v) engineering representatives (both system and network); however, we don't typically find human resource representatives (see the ISC2 Study Guide Chapter 2, Module 1, under Incident Response Team).
Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina's credentials, so that Doug can get some work done. What is the problem with this? (D3, L3.3.1) A) Doug is a bad person B) If Trina logs in for Doug, then Doug will never be encouraged to remember credentials without assistance C) Anything either of them do will be attributed to Trina D) It is against the law
If two users are sharing one set of credentials, then the actions of both users will be attributed to that single account; the organization will be unable to discern exactly who performed which action, which can be troublesome if either user does something negligent or wrong. C is the correct answer
20. The magnitude of the harm expected as a result of the consequences of an unauthorized disclosure, modification, destruction, or loss of information, is known as the: Impact Vulnerability Threat Likelihood
Impact. The sentence matches the definition of the concept of impact (see NIST SP 800-60 Vol. 1 Rev. 1 under Impact). Furthermore, the ISC2 Study Guide, chapter 1, defines likelihood as the probability that a potential vulnerability may be exploited. A threat is defined as a circumstance or event that can adversely impact organizational operations. A vulnerability is a weakness that a threat can exploit.
A web server that accepts requests from external clients should be placed in which network? Internal Network Intranet VPN DMZ
In Cybersecurity, a DMZ (demilitarized zone) is a physical or logical subnetwork that contains and exposes external-facing services (such as web services). An Internal Network is an organization-controlled network that is isolated from external access. An Intranet is itself an internal network that supports similar protocols and services to the Internet, but only for the organization's internal use. A Virtual Private Network (VPN) creates a secure tunnel between endpoints (whether between networks, or between networks and devices), allowing traffic to travel through a public network and creating the illusion that endpoints are connected through a dedicated private connection.
If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need? (D5.1, L5.1.2) A) 1 B) 4 C) 8 D) 11
In asymmetric encryption, each party needs their own key pair (a public key and a private key) to engage in confidential communication. B is the correct answer
If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need? (D5.1, L5.1.3) A) 1 B) 3 C) 8 D) none
In symmetric cryptography, confidential communication is achieved through the use of one, shared key. A is the correct answer
23. Which of the following cloud models allows access to fundamental computer resources? (★) FaaS SaaS PaaS IaaS
Infrastructure as a Service (IaaS) provides the capability to provision processing, storage, networks, and other fundamental computing resources. Platform as a Service (PaaS) enables the provisioning of applications, programming libraries, services, and tools that the provider supports. Unlike IaaS, consumers do not control their underlying cloud infrastructure (including operating systems and storage). Both Software as a Service (SaaS) and Function as a Service (FaaS) models abstract away from underlying computing infrastructure, thereby allowing providers to focus on providing end users with applications, rather than worrying about how their underlying infrastructure functions.
5. Which of the following is NOT a protocol of the OSI Level 3? IP ICMP IGMP SNMP
Internet Protocol (IP) is known to be a level 3 protocol. Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) are also level 3 protocols. Simple Network Management Protocol (SNMP) is a protocol used to configure and monitor devices attached to networks. It is an application-level protocol (level 7), and therefore the only option that is not from level 3.
Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: "Sensitive," "Proprietary" and "Public." This is an example of _____. (D5.1, L5.1.1) A) Secrecy B) Privacy C) Inverting D) Labeling
Labeling is the practice of annotating assets with classification markings. D is the correct answe
Logs should be reviewed ______. (D5.1, L5.1.2) A) Every Thursday B) Continually C) Once per calendar year D) Once per fiscal year
Log review should happen continually, in order to ensure detection efforts are optimized. B is the correct answer.
17. What is an effective way of hardening a system? - Create a DMZ for web application services - Have an IDS in place - Patch the system - Run a vulnerability scan
Patch the system According to NIST SP 800-152, hardening is defined as the process of eliminating the means of an attack by simultaneously patching vulnerabilities and turning off nonessential services. The ISC2 Study Guide, chapter 5, module 2, under Configuration Management Overview, reads "One of the best ways to achieve a hardened system is to have updates, patches, and service packs installed automatically". Vulnerability scans and IDS do not eliminate the means of an attack. The DMZ does not eliminate vulnerabilities in a system.
An organization must always be prepared to ______ when applying a patch. (D5.2, L5.2.1) A) Pay for the updated content B) Buy a new system C) Settle lawsuits D) Rollback
Patches can sometimes cause unintended problems in the environment, so an organization must always be prepared to rollback the environment to the last known good state prior to when the patch was applied. D is the correct answer
22. A best practice of patch management is to: - Apply patches according to the vendor's reputation - Apply patches every Wednesday - Test patches before applying them - Apply all patches as quickly as possible
Patches sometimes disrupt a system's configurations and stability. One of the main challenges for security professionals is to ensure that patches are deployed as quickly as possible, while simultaneously ensuring the stability of running systems. To prevent flawed patches from negatively affecting running systems, it is good practice to test patches in a designated qualification environment before applying them to production systems (see ISC2 Study Guide, chapter 5, module 2 under Configuration Management Overview). Applying patches as quickly as possible is not a good practice. The vendor's reputation can be useful to know, but is not in itself sufficient to qualify the patch. Applying patches on fixed days also does not guarantee the stability of functioning systems after the patch is applied.
13. Which type of attack attempts to trick the user into revealing personal information by sending a fraudulent message? Phishing Trojans Cross-Site Scripting Denials of Service
Phishing A phishing attack emails a fraudulent message to trick the recipient into disclosing sensitive information to the attacker. A Cross-Site Scripting attack tries to execute code on another website. Trojans are software that appear legitimate, but that have hidden malicious functions. Trojans may be sent in a message, but are not the message themselves. A denial of service attack (DoS) consists in compromising the availability of a system or service through a malicious overload of requests, which causes the activation of safety mechanisms that delay or limit the availability of that system or service.
6. In order to find out whether personal tablet devices are allowed in the office, which of the following policies would be helpful to read? BYOD Change Management Policy AUP Privacy Policy
Privacy Policy The Bring Your Own Device (BYOD) policy establishes rules for using personal devices for work-related activities. The Acceptable Use Policy (AUP) defines the permissions and limitations that users must agree to while accessing the network and using computer systems or any other organizational resources. The Privacy Policy (PP) outlines the data security mechanisms that protect customer data. In the context of Cybersecurity, a Change Management Policy (CMP) establishes the use of standardized methods to enable IT and process change while minimizing the disruption of services, reducing back-out, and ensuring clear communication with all of the stakeholders in the organization.
Question 38 1 / 1 point Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? (D3, L3.3.1) A) Role-based access controls (RBAC) B) Mandatory access controls (MAC) C) Discretionary access controls (DAC) D) Logging
RBAC can aid in reducing "privilege creep," where employees who stay with the company for a long period of time might get excess permissions within the environment
18. Which type of attack has the PRIMARY objective of encrypting devices and their data, and then demanding a ransom payment for the decryption key? Trojan Cross-Site Scripting Ransomware Phishing
Ransomware is malware designed to deny a user or organization access to files on their computer, by encrypting them and demanding a ransom payment for the decryption key. Trojans and phishing can be used to install ransomware on a system or device, but are not themselves the ransomware attack.
Gary unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? (D3, L3.3.1) A) Gary is being punished B) The network is tired C) Users remember their credentials if they are given time to think about it D) Gary's actions look like an attack
Repeated login attempts can resemble an attack on the network; attackers might try to log in to a user's account multiple times, using different credentials, in a short time period, in an attempt to determine the proper credentials. D is correct
When a company hires an insurance company to mitigate risk, which risk management technique is being applied? Risk mitigation Risk avoidance Risk transfer Risk tolerance
Risk transfer is a risk management strategy that contractually shifts a pure risk from one party to another (in this case, to an insurance company). Risk avoidance consists in stopping activities and exposures that can negatively affect an organization and its assets. Risk mitigation consists of mechanisms to reduce the risk. Finally, risk tolerance is the degree of risk that an investor is willing to endure.
A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential threats. (D4.2 L4.2.2) A) HIDS B) Anti-malware C) Router D) SIEM
SIEM/SEM/SIM solutions are typically designed specifically for this purpose. D is the correct answer
8. Which of the following are NOT types of security controls? Hybrid controls System-specific controls Storage controls Common controls
Storage controls are not a type of security control. Security controls are safeguards or countermeasures that an organization can employ to avoid, counteract or minimize security risks. System-specific controls are security controls that provide security capability for only one specific information system. Common controls are security controls that provide security capability for multiple information systems. Hybrid controls have characteristics of both system-specific and common controls.
Which of these is the most important reason to conduct security instruction for all employees. (D5.4, L5.4.1) A) Reduce liability B) Provide due diligence C) It is a moral imperative D) An informed user is a more secure user
While all the answers are true, D is the single most important reason to conduct security instruction, because it leads to all the others.
Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use? (D5.1, L5.1.3) A) Symmetric encryption B) Asymmetric encryption C) Small-scale encryption D) Hashing
With asymmetric encryption, Bluga can provide proof-of-origin for the message, for multiple recipients. B is the correct answer.
21. Sensitivity is a measure of the ...: ... urgency and protection assigned to information by its owner ... importance assigned to information by its owner, or the purpose of representing its need for protection ... protection and timeliness assigned to information by its owner, or the purpose of representing its need for urgency ... pertinence assigned to information by its owner, or the purpose of representing its need for urgency
importance assigned to information by its owner, or the purpose of representing its need for protection Sensitivity is also defined as the measure of the importance assigned to information by its owner, or the purpose of representing its need for protection (see the ISC2 study guide, module 1, under CIA Deep Dive).
1. Which of the following is an example of 2FA? - Bages - Passwords - one-time passwords (OTA) - keys
one-time passwords (OTA) One-time passwords are typically generated by a device (i.e. "something you have") and are required in addition to the actual main password (i.e. "something you know"). Badges, keys and passwords with no other overlapping authentication controls are considered single-factor (and thus are not 2FA).