Chapter 4 security Practice Exams

You have conducted a risk analysis to protect a key company asset. You identify following values: *Asset value = 400 *Exposure factor = 75 * Annualized Rate of Occurrence =.25 What is the Single Loss Expectancy (SLE)? (av times ef) 100 300 475 30000

300

You have conducted a risk analysis to protect a key company asset. You identify following values: *Asset value = 400 *Exposure factor = 75 * Annualized Rate of Occurrence =.25 What is the Annualized Loss Expectancy (ALE)? (av times ef times aro) 25 75 100 175

75

You have conducted a risk analysis to protect a key company asset. You identify following values: *Asset value = 400 *Exposure factor = 75 * Annualized Rate of Occurrence (ARO) =.25 Countermeasure A has a cost of 320 and will protect the asset for four years. Countermeasure B has an annual cost of 85. An insurance policy to protect the asset has an annual premium of 90. What should you do? Accept the risk or find another countermeasure. Implement countermeasure A. Implement countermeasure B. Purchase the insurance policy.

Accept the risk or find another countermeasure. The cost of either countermeasure or the insurance policy exceeds the Annualized Loss Expectancy (ALE) of the asset. The ALE = the asset value (400) x the exposure factor (.75) x the ARO (.25) = 75.

A process performed in a controlled environment by a third-party which verifies that an IS meets a specific set of security standards before being granted the approval to operate is known as? External auditing Accreditation Perturbation

Accreditation

Which of the following defines system high mode? Multiple levels of classified data reside within the same system. All users must have formal, needtoknow clearance to access all of the information which exists within a system. All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.

All systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.

Which of the following defines an acceptable use agreement? An agreement which outlines the company's monitoring activities An agreement which identifies the employee's right to use company property such as internet access and computer equipment for personal use

An agreement which identifies the employee's right to use company property such as Internet access and computer equipment for personal use.

What is the average number of times that a specific risk is likely to be realized? Exposure factor Annualized Loss Expectancy Estimated Maximum Downtime Annualized Rate of Occurrence

Annualized Rate of Occurrence

Which of the following statement is true regards to risk analysis? (Select two) The value of an asset is the worth of a resource to the organization excluding qualitative values. Don't implement a countermeasure if the cost is greater than loss. Annualized Rate of Occurrence (ARO) identifies how often in a single year the successful threat attack will occur.

Annualized Rate of Occurrence (ARO) identifies how often in a single year the successful threat attack will occur. Don't implement a countermeasure if the cost is greater than loss

How often should change control management be implemented? Any time a production system is altered. At regular intervals throughout the year. Only when a production system is altered greatly. Only when changes are made which affect senior management

Any time a production system is altered.

Which of the following is a term used to describe a level of confidence that the evaluation methods were thorough and complete so that the security designation can be trusted? Effectiveness Assurance Functionality Evaluation

Assurance

What is the primary means by which supervisors can determine whether or not employees are complying with the organization's security policy? Auditing Job action warnings Awareness sessions Keystroke logging

Auditing

The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack? Commitment Social validation Persuasive Authority

Authority

What is the primary countermeasure to social engineering? A written security policy Awareness Heavy management oversight Traffic filters

Awareness

Which of the following is an important aspect of evidence gathering? Purging transaction logs Restoring damaged data from backup media Monitoring user access to compromised systems Backing up all log files and audit trails

Back up all log files and audit trails

After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take? Update the security policy Restore and repair any damage Deploy new countermeasures Back up all logs and audits regarding the incident

Back up all logs and audits regarding the incident

In business continuity planning, what is the primary focus of the scope? Business processes Recovery time objective Company assets Human life and safety

Business processes

Arrange the computer components listed on the left in the order they should be addressed when conducting a forensic evaluation (decreasing data volatility) on the right. Hard Disk CPU registers and caches System RAM File system backup on an external USB drive Paging file

CPU registers and caches System RAM Paging file Hard Disk File system backup on an external USB drive

You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this? Rules of evidence FIPS140 Chain of custody CPS (certificate practice statement)

Chain of custody

As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan? Redefine all roles and responsibilities Collect and destroy all old plan copies Perform new awareness sessions Obtain senior management approval

Collect and destroy all old plan copies

Which of the following terms restricts the ability of a program to read and write to memory according to its permissions or access level? Layering Abstraction Bounds Confinement

Confinement

You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do? Implement training for employees who handle personal information Delete personally identifiable information from your computers Contact your customers to let them know of the security breach Perform additional investigations to identify the attacker

Contact your customers to let them know of the security breach

How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence? Create a checksum using a hashing algorithm Enable write protection Write a log file to the media

Create a checksum using a hashing algorithm

Which is the operating mode of a system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have the same specific clearance level as well as all of the need to know over all the data on the system? Compartmented System high Multilevel Dedicated

Dedicated

Which of the following is the best protection against security violations? Fortress mentality Monolithic security Bottom up decision making Defense in depth

Defense in depth

To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used? Delphi method Comparative Asset classification Sensitivity vs. risk

Delphi method

Which of the following is "NOT" a valid response to a risk discovered during a risk analysis? Mitigation Acceptance Denial Assignment

Denial

Who is assigned the task of judging the security of a system or network granting it an approval to operate? Designated Approving Authority Senior management Custodian InfoSec officer

Designated Approving Authority

When informing an employee that they are being terminated, what is the most important activity? Allowing them to collect their personal items Giving them two weeks' notice Disabling their network access Allowing them to complete their current work projects

Disabling their network access

During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence? Connect to the access point and examine its logs for information Run a packet sniffer to monitor traffic to and from the access point See who is connected to the access point to try and find the attacker Disconnect the access point from the network

Disconnect the access point from the network

When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first? Remove the hard drive Stop all running processes Turn off the system Document what's on the screen

Document what's on the screen

When conducting a forensic investigation, which of the following initial actions is appropriate for preserving evidence? Document what's on the screen Stop all running processes Turn off the system Remove the hard drive

Document what's on the screen

Which of the following is a representative example of an assigned level of a system that was judged through Common Criteria? EAL5 C2 E5

EAL5

How can an organization help prevent social engineering attacks? (Select two.) Educate employees on the risks and countermeasures. Publish and enforce clearlywritten security policies. Implement IPSec on all critical systems. Close all unneeded ports on firewalls.

Educate employees on the risks and countermeasures Publish and enforce clearly-written security polices

You are a network administrator over two Windows-based sites. You have almost 2000 employees with workstations and 64 servers that need to be more secure. You have decided to implement a Data Loss Prevention (DLP) solution to detect and stop breaches of sensitive data. You decide to implement e-mail and instant messaging communication controls so that messages that violate your organizations security policy are blocked at the workstation before being transmitted on the network. Which DLP solution should you implement? Borderpoint DLP FileLevel DLP Endpoint DLP Network DLP

Endpoint DLP

Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? Secure all terminals with screensaver passwords Create a strong password policy Establish and enforce a document destruction policy Mandate the use of Integrated Windows Authentication

Establish and enforce a document destruction policy

Which of the following is a recommendation to use when a specific standard or procedure does not exist? Procedure Standard Guideline Baseline

Guideline

Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence? Serial number notation Hashing File directory listing Photographs

Hashing

Which of the following is a common form of social engineering attack? Using a sniffer to capture network traffic. Hoax virus information emails. Logging on with stolen credentials. Distributing false information about your organization's financial status.

Hoax virus information e-mails.

You have been recently hired as the new network administrator for a startup company. The company's network was implemented prior to your arrival. One of the first tasks you need to complete in your new position is to develop a manageable network plan for the network. Which task should you complete as a pair of thie third milestone? select two Create an approved application list for each network device. Physically secure highvalue systems. Set account expiration dates. Identify and document each user on the network.

Identify and document each user on the network Physically secure high-value systems

What is the primary purpose of imposing software life cycle management concepts? Increase interoperability Increase the quality of software Reduce product returns Decrease development overhead

Increase the quality of software.

The chain of custody is used for what purposes? Identifying the owner of evidence Listing people coming into contact with evidence Retaining evidence integrity

Listing people coming into contact with evidence

What is the primary goal of business continuity planning? Minimize decision making during the development process Maintaining business operations with reduced or restricted infrastructure capabilities or resources Protecting an organization from major computer services failure Minimizing the risk to the organization from delays and interruptions in providing services

Maintaining business operations with reduced or restricted infrastructure capabilities or resources

What is another name for a backdoor that was left in a product by the manufacturer by accident? Security patch Trojan horse Root kit Maintenance hook

Maintenance hook

You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first? Make a bitlevel copy of the disk Run forensic tools to examine the hard drive contents Obtain a search warrant Fire the employee who uses the computer

Make a bit-level copy of the disk

Match each manageable network plan milestone on the left with the tasks that are associated with that milestone on the right. Make sure that remote access connections are secure Create a list of all protocols being used on the network Identify the choke points on the network Use timestamps on all documents Create a list of all devices -------------------Choices----------------- Map your network Prepare to document Protect your network Reach your network Map your network

Make sure that remote access connections are secure Reach your network Create a list of all protocols being used on the network Map your network Identify the choke points on the network Protect your network Use timestamps on all documents Prepare to document Create a list of all devices Map your network

When recovery is being performed due to disaster, which services are to be stabilized first? Least business critical Outside communications Mission critical Financial support

Mission critical

If an organization shows sufficient due care, which burden is eliminated in the event of a security breach? Asset loss Liability Negligence Investigation

Negligence

Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organization security policies? FileLevel DLP Network DLP Endpoint DLP Chinese Wall

Network DLP

When is a BCP or DRP design and development actually completed? Never Only after testing and drilling Only after implementation and distribution Once senior management approves

Never

What is the primary difference between impersonation and masquerading? One is easily detected, the other is subtle and stealthy One is a realtime attack, the other is an asynchronous attack One is used against administrator accounts, the other against end user accounts One is more active, the other is more passive

One is more active, the other is more passive

Which of the following components of the Common Criteria (CC) evaluation system is a document written by a user or community that identifies the security requirements for a specific purpose? Target of Evaluation (TOE) Security Functional Requirement (SFR) Protection Profile (PP) Security Target (ST)

Protection Profile (PP)

When analyzing assets, which analysis method assigns financial values to assets? Transfer Quantitative Acceptance Qualitative

Quantitative

Which of the following best describes the concept of due care or due diligence? Availability supersedes security unless physical harm is likely. Reasonable precautions, based on industry best practices, are utilized and documented. Security through obscurity is best accomplished by port stealthing. Legal disclaimers are consistently and conspicuously displayed on all systems.

Reasonable precautions, based on industry best practices, are utilized and documented.

The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence? Rebooting the system Disconnecting the system from the network Copying the contents of memory to removable media Restricting physical access to the system

Rebooting the system

Mach each manageable network plan milestone on the left with the task that are associated with that milestone on the right. Remove insecure protocols Implement the principle of least privilege Segregate and isolate networks Establish an update management process Establish a baseline for all systems Manage your network Protect your network Reach your network Control your network

Remove insecure protocols Reach your network Implement the principle of least privilege Control your network Segregate and isolate networks Protect your network Establish an update management process Manage your network Establish a baseline for all systems Manage your network

Which of the following is "NOT" used by the reference monitor to determine levels of access? Token Security label Ring architecture Capabilities list

Ring architecture

Who has the responsibility for the development of a security policy? Human resources supervisor Security administrator Senior management Site manager

Senior Management

Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its client? Final Audit Report Service Level Agreement Mutual Aid Agreement Certificate practice statement

Service level agreement

You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs? Shredding Delete the data on the discs Write junk data over the discs 7 times Degaussing

Shredding

Dictionary attacks are often more successful when performed after what reconnaissance action? Social engineering Site survey ARP flooding Cutting the network cable

Social engineering

Which type of social engineering attack uses peer pressure to persuade someone to help an attacker? Social validation Persuasive Reciprocity Friendship

Social validation

In which phase of the system life cycle is software testing performed? System Design Specifications Software Development Functional Design Analysis and Planning Installation

Software Development

Which of the following development modes is a method used by programmers while writing programs that allows for optimal control over coherence, security, accuracy, and comprehensibility? Object oriented programming Structured programming Clean room Waterfall planning

Structured programming

You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered? Medium exercise Succession planning Complex exercise Tabletop exercise

Tabletop exercise

Which of the following terms describes the product that is evaluated against the security requirements in the Common Criteria (CC) evaluation system? Target of Evaluation (TOE) Subject Object Security Target (ST)

Target of Evaluation (TOE)

Which of the following best describes the Security Target (ST) in the Common Criteria (CC) evaluation system? The ST is a description of a specific security feature provided by the product. The ST is a security product that is to be evaluated. The ST is a document that describes the security properties of a security product

The ST is a document that describes the security properties of a security product.

The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing? * The testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies. * Informing all new employees of the security policy, ensuring strict compliance. * The evaluation of individual transactions, integrity of data, and the processing of information.

The testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies.

Which of the following best defines Single Loss Expectancy (SLE)? The monetary value of a single employee's loss of productivity due to a successful attack The total monetary loss associated with a single occurrence of a threat The total cost of all countermeasures associated with protecting against a given vulnerability The statistical probability of a malicious event

The total monetary loss associated with a single occurrence of a threat

When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated? Through historical data provided by insurance companies and crime statistics. Divide the static variable by the probability index. Multiply the Single Loss Expectancy (SLE) by the standard annual deviation. Multiply the Single Loss Expectancy (SLE) by the Annual Loss Expectancy (ALE).

Through historical data provided by insurance companies and crime statistics.

What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year? To check for evidence of fraud To prevent the buildup of significant vacation time To test their knowledge of security To cut costs on travel

To check for evidence of fraud

What is the primary purpose of source code escrow? To provide a backup copy of software to use for recovery in the event of a disaster To obtain resale rights over software after the vendor goes out of business To obtain change rights over software after the vendor goes out of business To hold funds in reserve

To obtain change rights over software after the vendor goes out of business

Purchasing insurance is what type of response to risk? Rejection Deployment of a countermeasure Acceptance Transference

Transference

What is the most effective means of improving or enforcing security in any environment? Enforcing account lockout Requiring twofactor authentication Disabling Internet access User awareness training

User awareness training

Which of the following defines layering in regards to system access control? A set of permissible values for a class of objects which prevent subjects from modifying objects in ways that aren't permitted. Constraints which restrict the ability of a program to read and write to memory according to its permissions or access level. Various tasks are divided into a hierarchical manner to provide security.

Various tasks are divided into a hierarchical manner to provide security.

Which of the following is an action which must take place during the release stage of the SDLC? Certification, accreditation, and auditing are performed. Vendors develop and release patches in response to exploited vulnerabilities that have been discovered. The product goes into major production and is developed by programmers.

Venders develop and release patches in response to exploited vulnerabilities that have been discovered.

You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service. What should you do? Click on the link in the email and follow the directions to enter your logon information. Open a Web browser and type the URL included in the email, then follow the directions to enter your logon credentials. Verify that the email was sent by the administrator and that this new service is legitimate. Delete the email.

Verify that the e-mail was sent by the administrator and that this new service is legitimate.

You've got just received an e-mail messages that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it can inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. What should your first action based on the message be? Perform a complete system backup Reboot the system Delete the indicated files if present Verify the information on wellknown malicious code threat management Web sites

Verify the information on well-known malicious code threat management Web sites.

What is the best definition of a security incident? Criminal activity Compromise of the CIA of resources Interruption of productivity Violation of security policy

Violation of security policy

Which of the following social engineering attacks are use Voice over IP (VoIP) to gain sensitive information? Masquerading Spear phishing Vishing Tailgating

Vishing

A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. What type of an attack best describes the scenario? Masquerading MAC spoofing Passive Whaling

Whaling

When would choosing to do nothing about an identified risk be acceptable? When the threat is most likely to come from an internal source instead of an external source When the cost of protecting the asset is greater than the potential loss When the threat is likely to occur less than once a year When the asset is an intangible asset instead of a tangible asset

When the cost of protecting the asset is greater than the potential loss

What is the most important element related to evidence in addition to the evidence itself? Photographs of the crime scene Chain of custody document Witness testimony Completeness

chain of custody document

In which phase of the system life cycle is security integrated into the product? Project Initiation Software Development Maintenance Installation

Project initiation

You have discovered a computer that is connected to your network that was used for an attack. You have disconnected the computer from the network to isolate it from the network and stop the attack. What should you do next? Make a hash of the hard drive Clone the hard drive Perform a memory dump Stop all running processes

Perform a memory dump

Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site? Adware Session hijacking Maninthemiddle Phishing

Phishing

Match the social engineering description on the left with the appropriate attack type on the right. Piggybacking, Phishing , Whaling, Dumpster diving, Spear phishing, Vishing An attacker sends an email pretending to be from a trusted organization, asking users to access a web site to verify personal information. An attacker gathers personal information about the target individual, who is a CEO. An attacker gathers personal information about the target individual in an organization. An attacker searches through an organization's trash looking for sensitive information. An attacker enters a secured building by following an authorized employee through a secure door without providing identification. An attacker uses a telephone to convince target individuals to reveal their credit card information.

Phishing An attacker sends an email pretending to be from a trusted organization, asking users to access a web site to verify personal information. Whaling An attacker gathers personal information about the target individual, who is a CEO. Spear phishing An attacker gathers personal information about the target individual in an organization. Dumpster diving An attacker searches through an organization's trash looking for sensitive information. Piggybacking An attacker enters a secured building by following an authorized employee through a secure door without providing identification. Vishing An attacker uses a telephone to convince target individuals to reveal their credit card information.

Which of the following is a high-level, general statement about the role of security in the organization? Guideline Policy Standard Baseline

Policy

By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized? Spear phishing Phishing Caller ID spoofing Pretexting

Pretexting

What is the primary purpose of change control? Create detailed documentation Increase security Keep senior management apprised of the organization's state of security Prevent unmanaged change

Prevent unmanaged change

HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what? Privacy Integrity Availability Non-repudiation

Privacy

Which of the following policies specifically protects PII? Code of ethics SLA Acceptable Use Privacy

Privacy