ISC2 training
Which of the following does not normally influence an organization's retention policy for logs?
Audits Audits are a way to measure compliance with policy, but do not normally influence the retention policy itself. Organizations must maintain adherence to retention policy for logs as prescribed by law, regulations and corporate governance.
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do? (D1, L1.5.1)
Inform Triffid management
Chad is a security practitioner tasked with ensuring that the information on the organization's public website is not changed by anyone outside the organization. This task is an example of ensuring _________. (D1, L1.1.1)
Integrity preventing unauthorized modification
What is the most important aspect of security awareness/training?
Protecting health and human safety
Who is responsible for publishing and signing the organization's policies?
Senior management
A cloud arrangement whereby the provider owns and manages the hardware, operating system, and applications in the cloud, and the customer owns the data.
Software as a service (SaaS)
(ISC)² publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge?
Standard
Which of the following tools can be used to grant remote users access to the internal IT environment?
VPN (virtual private network)
Which threats are directly associated with malware?
ransomware trojan: benevolent but carries malicious behind the scenes payload taht has potential to wreak havoc on a system/network. virus: self-replicating piece of code that spreads withoutconsent of user
Common network device used to connect networks
router
Lia works in the security office. During research, Lia learns that a configuration change could better protect the organization's IT environment. Lia makes a proposal for this change, but the change cannot be implemented until it is approved, tested, and then cleared for deployment by the Change Control Board. This is an example o
segregation of duties lia can make a recommendation for a change to the IT enviornment, but cannot enact the change without authority
ethernet
standard taht defiens wired communications of netweorked devices
Derrick logs on to a system in order to read a file. In this example, Derrick is the
subject are entities that acess objects
Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on the router, so that only specific devices will be allowed to join the network. This is an example of a(n)_______ control
technical
Lankesh is the security administrator for a small food-distribution company. A new law is published by the country in which Lankesh's company operates; the law conflicts with the company's policies. Which governance element should Lankesh's company follow?
the law
Which is a physical control that prevents "piggybacking" or "tailgating"; that is, an unauthorized person following an authorized person into a controlled area?
turnstile turnstile typically uses a revolving mechanism which only allows 1 person to be admitted at a time, reducing the possibility of aunrhortized person following a authrorized person intoa controleld area
Which of the following is very likely to be used in a disaster recovery (DR) effort?
Data backups
Business Continuity
Actions, processes and tools for ensuring an organization can continue critical operations during a contingency.
A security solution that detects, identifies and often quarantines potentially hostile software.
Anti-malware
Which of the following is always true about logging
Logs should be stored separately from the systems they're logging
Duncan and Mira both work in the data center at Triffid, Inc. There is a policy in place that requires both of them to be present in the data center at the same time; if one of them has to leave for any reason, the other has to step out, too, until they can both re-enter. This is called
2 person integrity policy ensures single person is not alone with extremely sensitive assets and reduces the potential for inapproiate activity
endpoint <------> Web server Which port number is associated with the protocol typically used in this connection?
80
Which term describes a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an untrusted network?
A Virtual Private Network (VPN) describes a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an untrusted network.
Which of the following probably poses the most risk? (D1, L1.2.1)
A high-likelihood, high-impact event
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do? (D1, L1.5.1)
Inform (ISC)²
=When using physical access control tokens, how are the user's credentials read so they can be transmitted to a logical access control system? (D
A. Swiped (magnetic stripe) B. Inserted (smart card or proximity) C. Placed on or near a reader (proximity) Swiped, inserted and placed on or near a reader are all ways the user's credentials are read so they can be transmitted to a logical access control system.
When responding to a security incident, your team determines that the vulnerability that was exploited was not widely known to the security community, and that there are no currently known definitions/listings in common vulnerability databases or collections. This vulnerability and exploit might be called
A zero-day exploit is an attack using a vulnerability that is not widely known in the industry at the time of discovery.
riffid Corporation has a rule that all employees working with sensitive hardcopy documents must put the documents into a safe at the end of the workday, where they are locked up until the following workday. What kind of control is the process of putting the documents into the safe?
Administrative
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)
Administrative A password is something the user knows and can present as an authentication factor to confirm an identity assertion
An external entity has tried to gain access to your organization's IT environment without proper authorization. This is an example of a(n
An intrusion is an attempt, successful or otherwise, to gain unauthorized access.
A portion of the organization's network that interfaces directly with the outside world; typically, this exposed area has more security controls and restrictions than the rest of the internal IT environment.
B) Demilitarized zone (DMZ
A security solution installed on an endpoint in order to detect potentially anomalous activity.
B) Host-based intrusion prevention system A HIPS is installed on an endpoint to detect potentially harmful activity.
Which of these combinations of physical security controls share a single point of failure? (D3, L3.2.1)
Badge readers and walls represent defense in depth. If an attacker can get past the wall, the attacker still has to contend with the badge reader, and vice-versa. Incorrect. Guards and fences represent defense in depth; if an attacker can scale a fence, the guards are still operating, and may catch the attacker. If the attacker can elude the guards, the attacker still has to get over/through the fence.
Why is security training important?
Because it helps people to perform their job duties more efficiently. The correct answer is A. Security training is important because it reduces the risk of certain types of attacks, like social engineering. When employees and staff are prepared to recognize security problems and know how to operate securely, then the organization is in a better security position.
Lakshmi presents a userid and a password to a system in order to log on. Which of the following characteristics must the password have?
CONFIDENTIAL Passwords do not have to be unique; because they are secret, we don't know if multiple users utilize the same password.
The concept of "secrecy" is most related to which foundational aspect of security? (D1, L1.1.1)
Confidentiality
What is a type of malware that encrypts files and demands payment for the decryption code?
Correct. Ransomware is a type of malware that encrypts files and demands payment for the decryption code.
Which of the following examples is a correctly shortened version of the address 2001:0db8:0000:0000:0000:ffff:0000:0001?
D. 2001:db8::ffff:0:1 . Correct. This is the shortened version of the address. Check Answer
For what purpose is a process required with a change management policy
D. To ensure that systems changes are done without adversely affecting business operations. Correct. Change management requires a process to implement necessary changes so they do not adversely affect business operations. Check Answer
Hoshi is an (ISC)² member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? (D1, L1.5.1)
Disclose the relationship, but recommend the vendor/product
Discretionary Access Control (DAC)
Discretionary Access Control (DAC) A certain amount of access control is left to the discretion of the object's owner, or anyone else who is authorized to control the object's access. The owner can determine who should have access rights to an object and what those rights should be. NIST SP 800-192
An attack against the availability of a network/system; typically uses many attacking machines to direct traffic against a given target
Distributed-denial-of-service (DDOS)
A ready visual cue to let anyone in contact with the data know what the classification is.
Encryption
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do? (D1, L1.5.1)
Explain the style and format of the questions, but no detail
The IT department is responsible for creating the organization's business continuity plan.
FALSE members from across the company not just IT should participate in creating the BCP to ensure all systems, processes and operations are accounted for in the plan
Which tools help to identify, prevent or both identify and prevent threats? HIDS
HIDS: Host intrusion detection system helps to identify threats to a host system, but does not prevent them
The common term used to describe the mechanisms that control the temperature and humidity in a data center.
HVAC (heating, ventilation and air conditioning)
Which of the following is not a source of redundant power
HVAC is not a source of redundant power, but it is something that needs to be protected by a redundant power supply, which is what the other three options will provide.
IDS Which tools help to identify, prevent or both identify and prevent threats?
IDS: intrusion detection system helps to identify threats, but does not have the capability to prevent them
What is meant by non-repudiation? (D1, L1.1.1)
If a user does something, they can't later claim that they didn't do i To repudiate means to attempt to deny after the fact, to lie about one's actions.
disaster recovery
In information systems terms, the activities necessary to restore IT and communications services to an organization during and after an outage, disruption or disturbance of any kind or scale
You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. After a brief investigation, you determine that the user's account has been compromised. This is an example of a(n)
Incident detection The user's report and the subsequent identification of the problem constitute incident detection.
Sinka is considering a physical deterrent control to dissuade unauthorized people from entering the organization's property. Which of the following would serve this purpose?
NOT A SIGN Razor tape or wall
Clyde is the security analyst tasked with finding an appropriate physical control to reduce the possibility that unbadged people will follow badged employees through the entrance of the organization's facility. Which of the following can address this risk?
NOT FENCE
Lakshmi presents a userid and a password to a system in order to log on. Which of the following characteristics must the userid have?
NOT confidential NOT complex
NIDS
Network Intrusion Detection System helps identify threats based on network traffic but does not prevent them
A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________. (D1, L1.1.1)
Non-repudiation
Which of the following cloud service models provides the most suitable environment for customers to build and operate their own software?
PaaS typically provides a set of software building blocks and development tools, such as programming languages and supporting a run-time environment, that facilitate the construction of high-quality, scalable applications.
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task? (D1, L1.3.1)
Physical
Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization's offices. Which sort of security control would probably be best for this purpose? (D1, L1.3.1)
Physical because laptops are tangible objects ( and tangible objects not moved from certain place.
While taking the certification exam for this certification, you notice another candidate for the certification cheating. What should you do? (D1, L1.5.1)
Report the candidate to (ISC)2.
Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________. (D1, L1.2.2)
Risk tolerance he has decided there is an acceptable level of risk associated with the online sale of the laptop- this is within his risk tolerance
Is it possible to avoid risk? (D1, L1.2.1)
Risks can be dealt with by mitigation techniques after being identified during risk assessments.
Which of the following protocols is a secure alternative to using telnet?
SSH Correct. Secure Shell (SSH) is the secure alternative to telnet as it encrypts all traffic between the host and remote user. Check Answer
Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1)
Stop participating in the group
A mode of encryption for ensuring confidentiality efficiently, with a minimum amount of processing overhead
Symmetric
Which organizational policy is most likely to indicate which types of smartphones can be used to connect to the internal IT environment?
The BYOD policy (bring your own device)
The Business Continuity effort for an organization is a way to ensure critical ______ functions are maintained during a disaster, emergency, or interruption to the production environment
The Business Continuity effort is designed to ensure critical business functions continue during periods of potential interruption.
Incident Response
The mitigation of violations of security policies and recommended practices. Source: NIST SP 800-61 Rev 2
Disaster Recovery Plan (DRP)
The processes, policies and procedures related to preparing for recovery or continuation of an organization's critical business functions, technology infrastructure, systems and applications after the organization experiences a disaster. A disaster is when an organization's critical business function(s) cannot be performed at an acceptable level within a predetermined period following a disruption.
Which entity is most likely to be tasked with monitoring and enforcing security policy
The security office
Kristal is the security administrator for a large online service provider. Kristal learns that the company is harvesting personal data of its customers and sharing the data with local governments where the company operates, without the knowledge of the users, to allow the governments to persecute users on the basis of their political and philosophical beliefs. The published user agreement states that the company will not share personal user data with any entities without the users' explicit permission. According to the (ISC)2 Code of Ethics, to whom does Kristal ultimately owe a duty in this situation? (
This is incorrect because the governments are represented by the second Canon ("legally"), which is subservient to the first Canon.
Why is an asset inventory so important?
You can't protect what you don't know you have
Which of the following is a subject?
a user is a subject something trying to get access to objects
mac address
address that denotes the vendor/manuf of physical network interface
A chief information security officer (CISO) at a large organization documented a policy that establishes the acceptable use of cloud environments for all staff. This is an example of a:
adminstrativice control
In risk management concepts, a(n) _________ is something a security practitioner might need to protect. (D1, L1.2.1)
asset
cloud computing
associated with internet based set of computing resources, typically sold as a service, provided by cloud service provider CSP.
logical access control systems
automated system that controls an individuals ability to access one more more computer. requires validation of individuals identity through some mechanism such as apin, card, biometric or other token
Siobhan is deciding whether to make a purchase online; the vendor wants Siobhan to create a new user account, and is requesting Siobhan's full name, home address, credit card number, phone number, email address, the ability to send marketing messages to Siobhan, and permission to share this data with other vendors. Siobhan decides that the item for sale is not worth the value of Siobhan's personal information, and decides to not make the purchase. What kind of risk management approach did Siobhan make
avoidance
A set of security controls or system settings used to ensure uniformity of configuration throughout the IT environment.
base line
This would most generally be associated with confidentiality and identity management, but could be argued for all three, the same as a password policy.
biometrics
server
computer that provides info to other computers
Which of the following is NOT one of the four typical ways of managing risk?
conflate
Which of the following can be used to map data flows through an organization and the relevant security controls used at each point along the way?
data life cycle
firewall
device that filters network traffic based on a defined set of rules
switch
device that routes traffic to port of a known device
. This is usually associated with integrity, to protect files from tampering or to provide non-repudiation. It is also commonly used to protect data in transit from prying eyes, so it could be aiding confidentiality as well
encryption
You are working in your organization's security office. You receive a call from a user who has tried to log in to the network several times with the correct credentials, with no success. This is an example of a(n
event
Adverse effects
events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges', defacement of a web page or execution of malicious code that destroys data
his one is abstract but could be linked to availability, because the sooner it works, the more data remains available.
fire extinguisher
Which of the following is typically associated with an on-premises data center
fire suppression HVAC power
A common network device used to filter traffic.
firewall
This protects availability by ensuring continued access to systems during a power outage.
generator
AUP acceptable use policy
he AUP dictates what users can and cannot do with IT assets belonging to the organization.
IP address
logical address representing the network interface
linux
operating system that is open source, making its source code legally available to end users
3. This can provide confidentiality by protecting data from unauthorized access and integrity from unauthorized changes. It could even be stretched to provide availability if shared emergency access to information is needed by more than one person
password policy
Which cloud deployment model provides services to only one organization?
private includes cloud based assets for 1 company
Guillermo is the system administrator for a midsized retail organization. Guillermo has been tasked with writing a document that describes, step-by-step, how to securely install the operating system on a new laptop. This document is an example of a ________.
procedure