Practice Test #5 Incorrect questions
Which one out of following is NOT an example of physical control? SELECT THE CORRECT ANSWER CCTV camera Physical access policy Security guard Barbed wire
Correct Option:B EXPLANATION All policies are part of administrative controls.
Features like providing access on need-to-know basis and controlling privilege accounts can be automated by _______________. SELECT THE CORRECT ANSWER Idea and Access Management Identity and Access Management Identity and Approval Management Policies and Procedures
Correct Option:B EXPLANATION Identity and Access Management (IAM) is a workflow-based tool and is used in the life cycle of identity for an organization. Based on the rule set/workflow configured in the tool.
Out of all models, _________________ dictates that a system should start up securely, conduct transitions securely, and even fail securely. This means that if the system encounters something that it deems unsafe, it should change to a more secure state for self-preservation and protection. SELECT THE CORRECT ANSWER Multilevel lattice model State machine model Access control matrix Non-interference model
Correct Option:B EXPLANATION State machine model dictates that a system should start up securely, conduct transitions securely, and even fail securely. This means that if the system encounters something it deems as unsafe, it should change to a more secure state for self-preservation and protection.
UDP is a ________ protocol and it does not guarantee packet delivery. SELECT THE CORRECT ANSWER Connection-oriented Connection-less Connection-full None of above
Correct Option:B EXPLANATION The User Datagram Protocol is a connectionless protocol that does not guarantee reliable packet delivery between the sender and the receiver.
In the framework of common architecture, holistic life cycle for developing security architecture begins with assessing business requirements and subsequently creating a "chain of traceability" through the phases of strategy, concept, design, implementation, and metrics. Which architecture is being referred to here? SELECT THE CORRECT ANSWER Sherwood Applied Business Security Architecture (SABSA) Framework The Open Group Architecture Framework (TOGAF) Zachman Simple substitution
Correct Option:A EXPLANATION SABSA is a holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a "chain of traceability" through the phases of strategy, concept, design, implementation, and metrics.
Which of the following is a directive issued by senior management that identifies goals, measurements, and responsibilities? SELECT THE CORRECT ANSWER Policy Standards Baselines Procedures
Correct Option:A EXPLANATION Senior management issues policies that give high-level instructions on what to accomplish and who is responsible for each goal to be properly accomplished. A company's security policy will give a broad explanation of how security will be achieved and who is responsible for each part.
In this type of IPS system, an organization has to be dependent on the Original Equipment Manufacturer for updates. SELECT THE CORRECT ANSWER Signature-based IPS Behavioral-based IPS Rule-based IPS None of above
Correct Option:A EXPLANATION Signature-based technology (e.g. IPS/Antivirus etc.) is dependent on OEMs to release the latest signatures per their signature release cycle. Signature-based technology may not protect from zero-day threats if you have not updated the signature immediately post release.
Jasmine is busy with the new recruitment process in her organization. Since organization onboarding process demands capturing personal information of employees for specific reasons, her primary tasks are to take and revoke consent from employees. What could be her role in the organization? SELECT THE CORRECT ANSWER Data Controller Data Owner Data Custodian Data Processor
Correct Option:A EXPLANATION The data controller is the principal party for data collection responsibilities. These controller responsibilities include collecting individual's consent, storing of the data, managing consent-revoking, enabling the right to access, etc. It has to possess the ability to demonstrate compliance with the principles relating to the processing of personal data. These principles are listed in the GDPR as "lawfulness, fairness and transparency, data minimization, accuracy, storage limitation and integrity, and confidentiality of personal data.
Which of the following security mechanisms encompasses all of the components that are responsible for enforcing the established security policy? SELECT THE CORRECT ANSWER Trusted computing base (TCB) Reference monitor Bell-LaPadula Model (BLP) Multilevel security policy
Correct Option:A EXPLANATION The trusted computing base (TCB) consists of software, hardware, firmware, and processes within a computer that are designed to enforce a security policy.
The process of getting the management go-ahead to use software is referred to as: SELECT THE CORRECT ANSWER Accreditation Certification Authentication Verification
Correct Option:A EXPLANATION There is always confusion between certification and accreditation. Certification is the process of validating that the systems being implemented are configured and operate as expected, whereas accreditation is the formal acceptance of the system's overall security. Normally, it is provided by a Senior Executive or another designated approving authority.
A model in which the subject can read and write on the object but only on the same confidentiality level is known as: SELECT THE CORRECT ANSWER Strong * of Bell-LaPadula * Property of Biba * Property of Bell-LaPadula Brewer-Nash model
Correct Option:A EXPLANATION Under Bell-LaPadula Model, there are three types. Simple security property, * property and string * property. Strong * security property ensures that subject can read and write object of same classification level but not higher and lower classification level than of object.
What will a data processor have to do to be a GDPR compliant? SELECT THE CORRECT ANSWER(S) Refrain use of personal data other than the reason outlined by Data Controller Take consent from employees for using personally identified information Delete all personal data to the controller at the end of service contract Determine policies for purpose of use
Correct Option:A, C EXPLANATION The processor is forbidden from using personal data it is entrusted with, for purposes other than the ones outlined by the data controller. Upon request, the processor has to delete or return all personal data to the controller at the end of the service contract. The processor has to enable and contribute to compliance audits conducted by the controller or a representative of the controller.
Which question may be true while defining software verification and software validation? SELECT THE CORRECT ANSWER Software verification asks: Are we building the right product? Software Validation asks: Are we building products right? Software verification asks: Are we building products right? Software Validation asks: Are we building the right product? Once software verification is done, software validation is not required. Both software validation and verification ask: Are we building products right?
Correct Option:B EXPLANATION "Building the product right" checks that the specifications are correctly implemented by the system, while "building the right product" refers back to the user's needs. Building the right product implies creating a requirement specification that contains the needs and goals of the stakeholders of the software product.
Which one of the following describes bastion host? SELECT THE CORRECT ANSWER A system that blocks all traffic to enter into corporate environment A hardened system placed in perimeter A system that has three or more interface cards A system that replaces private IP with public IP for every packet leaving network
Correct Option:B EXPLANATION A bastion host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attack, a bastion host must minimize the chances of penetration.
Cheddi Frozen Inc. has installed biometric access control systems in their large facility. The Information Security Director predicts the systems will have a high FRR and that the organization should be concerned about it. What does this mean? SELECT THE CORRECT ANSWER The system has a high return rate and will quickly pay for itself. Quite a few valid users will be denied access. Almost all authorized users will be denied access. Almost all unauthorized users will be denied access.
Correct Option:B EXPLANATION A false rejection occurs when an authorized subject is rejected by the biometric system as unauthorized. False rejections are also called type I error. It is always recommended to have equal values for FRR and FAR (false acceptance rate). This can be referred to as the equal error rate (ERR).
What type of disaster recovery site has only basic infrastructure like AC/Power/Raised Floor, cabling? SELECT THE CORRECT ANSWER Hot Site Cold Site Warm Site Internal Hot site
Correct Option:B EXPLANATION A hot site has a replica of the primary site in terms of basic infrastructure and server network infrastructure. Basically, a hot site is fully functional and allows immediate recovery from a disaster. Cold site only includes infrastructure, but no technology until a disaster hits. Warm sites are the ones which have the technology ready, but lack real-time data.
What, according to you, best describes: "Something you have and something you are" SELECT THE CORRECT ANSWER When a user is prompted for a password and a biometric scan When a user is entering numbers referring to smartcard grid and gets Iris scan When user is asked to enter OTP and Voice recognition None of them
Correct Option:B EXPLANATION A smart card is a physical card that is "something you have" and can refer and enter the required number, whereas an Iris scan is one's biometric properties i.e. "Something You are"
Voice recognition, Fingerprint, and Iris Scan are examples of confirming _____________________. SELECT THE CORRECT ANSWER Something you know Something you are Something you have Something you do
Correct Option:B EXPLANATION All these traits are of a user, that is "something you are".
TCS wishes to provide assurance that the software they have provided to overseas clients is genuine. What can be used to achieve this? SELECT THE CORRECT ANSWER Server SSL certificate Object signing certificate Software SSL certificate Client SSL certificate
Correct Option:B EXPLANATION An object signing certificate is a certificate that you use to digitally "sign" an object. By signing the object, you provide a means by which you can verify both the object's integrity and the origination or ownership of the object.
Authorization protects ___________ from the CIA triad. SELECT THE CORRECT ANSWER Confidentiality Integrity Availability Integrity and Availability
Correct Option:B EXPLANATION Authorization is access to desired applications which a user is intended to use. Once the user has access to the desired application, he or she can access/modify it, compromising its integrity.
A hacker developed a one language translator software which was very lightweight and free for the user. This software was released for malicious intentions. On December 13, with the use of this software,the hacker initiated an attack on an e-grocery company and made their systems busy with many requests. This resulted in the server being unavailable for users. What is this event called? SELECT THE CORRECT ANSWER Denial Of Service (DOS) Distributed Denial Of Service (DDoS) Centralized Denial Of Service (CDoS) None of above
Correct Option:B EXPLANATION DDoS is the kind of attack where multiple computers are used to initiate attack which makes server busy and inaccessible.
Which out of the following is true about data custodian? SELECT THE CORRECT ANSWER The data custodian is not the technical caretaker of the controls that protects the data. The data custodian is responsible for the implementation and maintenance of security controls, as dictated by the data owner. The data custodian is responsible for dictating security controls for data. Determines impact of the data/information if it is leaked out
Correct Option:B EXPLANATION Data custodians are responsible for the safe custody, transport, storage of the data, and implementation of business rules. Data custodians are responsible for the technical environment and database structure.
Ensuring additional security configurations, software, and features apply to the equipment, and ensuring the equipment is inventoried, are steps of which phase of the equipment life cycle? SELECT THE CORRECT ANSWER Defining requirement Acquiring and implementing Disposal and decommission Operations and maintenance
Correct Option:B EXPLANATION Defining requirements is before purchase. Operations and maintenance is after the product is successfully installed. It is essential to apply all patches/enhancements to a product before it is put to use.
If the symmetric algorithm is required to be used by 150 users within an organization, how many symmetric keys will be required? SELECT THE CORRECT ANSWER 11100 11175 11025 300
Correct Option:B EXPLANATION Formula to calculate keys in Symmetric algorithm is N(N-1)/2. 150*(149)/2 = 11175
Which out of the following devices works on MAC address? SELECT THE CORRECT ANSWER Layer 3 switch Hub Router Firewall
Correct Option:B EXPLANATION Hub or repeaters are devices that work on Layer 2 and requires MAC address.
A small pathology lab suffered a network outage. While investigating, they noticed that all connections from clients and servers were going to one centralized Layer 3 switch and, because this switch had failed, there was an outage. According to the lab, the __________ topology created this issue. SELECT THE CORRECT ANSWER Tree topology Star topology Ring topology Bus topology
Correct Option:B EXPLANATION In star topology, all connections are made to a centralized node. If any of the nodes fails, communication between the other node and the centralized node does not get impacted. However, if the centralized one fails, the entire communication between nodes fails.
Media Access Control operates on which layer of the OSI model? SELECT THE CORRECT ANSWER Physical Layer Data Link Layer Network Layer Session Layer
Correct Option:B EXPLANATION MAC or Media Access Control works on Layer 2 of the OSI layer, which is the Data Link Layer.
A major concern while using a cloud-based IAM service could be: SELECT THE CORRECT ANSWER Slower time to provision Privacy control of data on cloud is not possible Cloud IAM solution is not mobile ready as on date Challenge in scaling up as an when needed
Correct Option:B EXPLANATION Many a time, while one opts for a cloud-based solution, customers may not have control or visibility of how identities are being stored or managed and, hence, data privacy could be one of the concerning areas.
During the pandemic, most employees are operating from home, and due to poor internet connectivity, Windows patching and AV updates are not happening. The organization has decided to scan every laptop for an employee and update the patches before they connect to the organization's LAN. Which type of control could this be? SELECT THE CORRECT ANSWER Detective control Preventive control Directive control Compensating control
Correct Option:B EXPLANATION Preventive controls are those that can help in the prevention of incidents. The solution mentioned in the question "prevents" a laptop from being introduced to the network without first performing a proper scan as per the organization's policy.
In the current scenario, where more and more employees are working from home and using centralized infrastructure, it is essential that all critical logs are consolidated at a central place and correlated to provide meaningful output. How can this be achieved? SELECT THE CORRECT ANSWER Secured Identity and Event Management (SIEM) Security Information and Event Management (SIEM) Security Incident and Event Management (SIEM) Security Incident and Evidence Management (SIEM)
Correct Option:B EXPLANATION Security Information and Event Management (SIEM) is a centralized platform which collects and correlates all logs received from various sources with the help of its analytical engine and provides actionable alerts to the analysts.
Fi Fi Fo Fum, a unique start-up company is a specialized industry wherein they work on unique ideas. They want to roll out company car policy for all their employees who have information on the amount an employee can purchase based on their job band. According to CISO of an organization, classification level of this document should be marked as ______________ SELECT THE CORRECT ANSWER Public Company confidential Company restricted Private
Correct Option:B EXPLANATION Since this car policy has information about job band, it cannot be disclosed to public, and cannot be private nor company restricted as it is applicable for all employees and not to any specific department or set of job bands. Company confidential classification is the best fit here.
Changes made to the software to improve performance, maintainability, and other attributes of systems is called: SELECT THE CORRECT ANSWER Adaptive maintenance Perfective maintenance Corrective maintenance Preventive maintenance
Correct Option:B EXPLANATION Software needs preventive maintenance by means of bug fixing or patching or performance enhancement. This is a periodic and preventive process before an actual problem or vulnerability exists.
A large e-commerce company wishes to test their newly developed website thoroughly before they launch a mega discount offer. They anticipate huge success and excessive traffic on this website from their customers. Jayesh, the Project Manager, really wants to find issues before the customer reports and he also wants to measure the performance impact on the other integrated third party applications. Which test should he perform? SELECT THE CORRECT ANSWER Real user monitoring Synthetic transaction monitoring Artificial transaction monitoring White box testing
Correct Option:B EXPLANATION Synthetic monitoring allows you to proactively simulate traffic in that area and helps you ensure availability and performance. Synthetic monitoring enables you to check your application performance in that geography and address performance issues, if any, before your real end users encounter them.
Camelina is having a discussion with her manager, Robert. Robert is instructing her to prepare a note on Zachman framework which he intends to implement for the organization. He gives four bullet points, however Camelina is not convinced with one of this. Which one out of following could that be? SELECT THE CORRECT ANSWER A two-dimensional model that uses communication interrogatives intersecting with different levels A security-oriented model that gives instructions in a modular fashion Used to build a robust enterprise architecture versus a technical security architecture Uses six perspectives to describe a holistic information infrastructure
Correct Option:B EXPLANATION The Zachman Framework is not security oriented, but it is a good template to work with to build an enterprise security architecture because it gives direction on how to understand the enterprise in a modular fashion.
Security Information and Event Management (SIEM) has noticed that one specific ID "IM.FUNNY" is trying to log on System Center Configuration Manager (SCCM) server. It was noticed that the intruder was able to log in once successfully, but was not able to push the malware via SCCM console to all systems. What do you think has been protected here? SELECT THE CORRECT ANSWER Confidentiality Integrity Availability None of above
Correct Option:B EXPLANATION The intruder was able to compromise the system and managed to have an access to the SCCM server, however, he was not able to modify policy to push malware to larger end points. This has protected integrity of system which says that an unauthorized person cannot make any modifications.
A trusted computing system generally contains all of the following, except SELECT THE CORRECT ANSWER Audit mechanisms Anti-virus and spyware programs Mandatory access control mechanisms Discretionary access control mechanisms
Correct Option:B EXPLANATION Trusted computing base (TCB) defines the level of assurance for trust, that a system provides. It does not define the level of security it provides, which is more related to perception, instead, is a quantifiable measure based on the level of compliance with security requirements known to be effective in protecting systems.
When you delete any files and folders from Windows-based machine, ________. SELECT THE CORRECT ANSWER It deletes all files and associated references from the disk. It prefixes $ on the file instead of deletion and maintains a reference. It deletes files from the hard drive, but maintains a reference for indexing. It deletes from memory, but it will still be there on disk
Correct Option:B EXPLANATION When you delete files from a Windows-based machine, it prefixes $ against the file and maintains a reference. A simple delete cannot assure permanent file deletion from the hard drive. These references are kept in the $MFT file and when forensic recovery is required, it is used.
An information security program should include the following elements: SELECT THE CORRECT ANSWER Disaster recovery and business continuity planning, definition of access control requirements and human resources policies. Business impact, threat and vulnerability analysis, delivery of an information security awareness program, and physical security of key installations. Security policy implementation, assignment of roles and responsibilities, and information asset classification. Senior management organizational structure, message distribution standards, and procedures for the operation of security management systems.
Correct Option:B EXPLANATION While all options are appropriate, the most important one is identification of business impact by doing vulnerability analysis.
In this kind of arrangement, two organizations of similar nature enter into an understanding to host data and processing of one another in an event of a disaster: SELECT THE CORRECT ANSWER Service-level agreement Escrow agreement Reciprocal agreement Data center hosting agreement
Correct Option:C EXPLANATION A reciprocal agreement is a pledge of assistance between two companies to use each other's resources in the case of a disaster. Support requires sharing space, computer facilities, and technology resources.
The current scenario of working from home has escalated risk rating from moderate risk to critical. Boeing is seriously concerned about the security of their assets and they really want to put some controls so that risk can be per SELECT THE CORRECT ANSWER Industry practice Organization's unacceptable level so that it can be managed Organization's acceptable level None of above
Correct Option:C EXPLANATION An organization's risk management policy must always have defined acceptable levels of risk which can also be referred to as risk appetite. Efforts should always be made to minimize risk level as per acceptable level.
When is it NOT appropriate to list certificates under the Certification Revocation List (CRL)? SELECT THE CORRECT ANSWER During the web site authentication and validation, the requester misrepresents some information used in the process, or the web site owner has violated the terms of its agreement with the CA. The website owner has ceased doing business and no longer owns the domain name or the server defined in the certificate. Changing server hardware The issuing CA has been compromised
Correct Option:C EXPLANATION Changing the hardware of the server does not impact the certificate.
Which one of the following statements pertaining to various software testing approaches is correct? SELECT THE CORRECT ANSWER A bottom-up approach allows interface errors to be detected earlier. A top-down approach allows errors in critical modules to be detected earlier. The test plan and results should be retained as a part of the system's permanent documentation. Black-box testing is predicted based on a close examination of data.
Correct Option:C EXPLANATION During the life cycle of either infrastructure asset or software development, it is essential to document everything. This is important because, in case of any organization changes/employees' retrenchments, the impact is minimized.
Which of the following rule is less likely to allow computer evidence to be admissible in court? SELECT THE CORRECT ANSWER It must prove a fact that is relevant to the case Its reliability must be proven The process of producing must be documented The chain of custody of evidence must show who collected, secured, controlled, handled, transported, and tampered with the evidence.
Correct Option:C EXPLANATION For any evidence to be admissible in court, it has to have five rules to follow: it should be admissible, authentic, complete, reliable and believable. It is also important to see how the chain of custody of evidence is maintained. This ensures that there was no contamination of the evidence.
How many subnets can be designed on a 10.0.0.0/26 network? SELECT THE CORRECT ANSWER 2 1 4 5
Correct Option:C EXPLANATION In class C IP address with subnet mask of /26, there can be four subnets. Each subnet will have 63 usable host IP addresses. Four possible IP ranges could be: 10.0.0.1-10.0.0.62, 10.0.0.65-10.0.0.126, 10.0.0.129-10.0.0.190, 10.0.0.193-10.0.0.254
Why does Windows take more time to copy and less time to delete files and folders? SELECT THE CORRECT ANSWER While copying files, it has to make entries in the Windows registry, which takes time. Copying takes more time because it copies to multiple places to maintain a data backup in the event of corruption. Windows actually does not delete files; instead, it deletes references, which explains why the deletion is so quick. Windows copy and delete actually take the same time. Delete operation happens in the background without the user's awareness.
Correct Option:C EXPLANATION It is a concept that while deleting files from Windows, it does not delete files, but it deletes the reference only. While using specialized software, deleted files can be recovered.
Top secret, Secret, and Confidential are few of the classifications used in: SELECT THE CORRECT ANSWER Public sector companies Private sector companies Defense establishments Startups
Correct Option:C EXPLANATION It is a type of data classification used in defense establishments where a Top Secret can be described as, a leakage of information that could lead to some potential harm to a country.
A disadvantage of Kerberos could be: SELECT THE CORRECT ANSWER Kerberos system is very slow in authenticating It takes a lot of effort to onboard any application for Kerberos authentication An organization needs the capability to embed Kerberos calls into an application Kerberos is not secured
Correct Option:C EXPLANATION Many legacy applications/proxies may not be integrated with Kerberos authentication and, hence, that is one of the major disadvantages of Kerberos.
Which of the following is the main reason that system certification and accreditation are needed? SELECT THE CORRECT ANSWER To assist data owners in making future sensitivity and criticality determinations To assure the software development team that all security issues have been addressed To verify security protection remains as per organization policies To help the security team accept or reject a new system for implementation and production
Correct Option:C EXPLANATION Recertification assures that any changes made in an environment should not affect the existing security posture, whereas re-accreditation is about taking management's go-ahead for the changed system.
What is the correct terminology where a tester does not execute code as a part of their testing activity for an application? SELECT THE CORRECT ANSWER Dynamic code analysis Fuzzing Static code analysis Greybox analysis
Correct Option:C EXPLANATION Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards. This testing could also take place outside of the system.
Which of the following is NOT a disadvantage of symmetric cryptography when compared with asymmetric cryptography? SELECT THE CORRECT ANSWER Provides limited security services Has no built in key distribution Speed Large number of keys are needed
Correct Option:C EXPLANATION Symmetric cryptography is faster compared to Asymmetric.
Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following? SELECT THE CORRECT ANSWER Object-Relational Database (OR DB) Relational Database (RDBMS) Object-Oriented Database (OODB ) Database Management System (DBMS)
Correct Option:C EXPLANATION While developing complex applications, especially involving multimedia, it becomes essential to use and reuse objects multiple times.
o initiate a birthday attack, which weakness of hashing is used? SELECT THE CORRECT ANSWER When hashing algorithm generates different hashing message digest values for two different messages When hashing algorithm generates a hashing message digest which includes the date of birth for two different messages When a weak hashing algorithm is used When hashing algorithm generates the same hashing message digest value for two different messages
Correct Option:D EXPLANATION When two different inputs generate the same hashing value, it is used to initiate birthday attacks. Traditionally, hashing two different inputs should result in a different hash value (output).
Which one of the followings process takes previous inputs from the actual operations of the software and manipulates them to create a fuzzed input? SELECT THE CORRECT ANSWER Partial Fuzzing Flaw Fuzzing Intelligent Fuzzing Dumb Fuzzing
Correct Option:D EXPLANATION Works without having any knowledge of the data that it is mutating. Since all software can be represented as 1 and 0, that is something that dumb fuzzing relies on. It randomly chooses a bit and flips it. Considering a media file, most of it is binary data, i.e. a sequence of 1s and 0s ready to be read by the media player. For such a file, a dumb fuzzer randomly changes 1s to 0s and vice-versa. It does so throughout the file and randomly. What this does is that it corrupts the file and breaks it.
_________ checks the entire program and returns a list of errors, whereas _______ stops and reports an error as soon as it is reported. SELECT THE CORRECT ANSWER Compiler, Interpreter Interpreter, Compiler Interpreter, Debugger Debugger, Compiler
Correct Option:A EXPLANATION In a programming language, the interpreter processes each line and highlights errors as they occur, whereas the compiler checks the entire code and presents the programmer with a list of errors at the end.
A vendor approaches you with a solution that will allow end users to connect to VPN only if their machine has up-to-date windows security patches and antivirus definitions. This will help organizations to _________ risk of users accessing corporate resources from unpatched system. SELECT THE CORRECT ANSWER Mitigate Avoid Transfer Accept
Correct Option:A EXPLANATION Reducing risk by implementing certain controls are referred as risk mitigation.
In Vulnerability Scanning (VA), which of the following can be defined as a false negative? SELECT THE CORRECT ANSWER Not identifying vulnerability and failing to report it as a part of results Reporting wrong vulnerability by mistake Reporting correct vulnerabilities Reporting of all vulnerabilities, including right and wrong ones
Correct Option:A EXPLANATION In a security alerting system, an alert which is raised by mistake is referred to as a false positive and alerts which are genuine but not reported can be referred to as a false negative. A security professional's endeavor should be to reduce false positives and ensure that all necessary alerts are reported.
_______ requires forcing the collusion of at least two or more people to combine their split knowledge to gain access to an asset. SELECT THE CORRECT ANSWER Split Knowledge Dual Control Segregation of duties Best control
Correct Option:A EXPLANATION In split knowledge, it is essential that two or more people are required to carry out the required task.
____________ is more secure and less flexible than__________; if access is not granted, it is forbidden. SELECT THE CORRECT ANSWER Mandatory access control (MAC), discretionary access control (DAC) Discretionary access control (DAC), mandatory access control (MAC) Mandatory Access Control (MAC), Role-based access control Rule-based access control, Role-based access control
Correct Option:A EXPLANATION MAC is more secure and less flexible than DAC because one must pass through an MAC.
Remote access represents the best opportunity for a hacker to steal confidential information. Of the following vulnerabilities, which is NOT inherent in remote access? SELECT THE CORRECT ANSWER Software on laptops can be easily exploited. Internet connections are not secure. Sessions are not authenticated. Diagnostic ports on networking devices can be targeted.
Correct Option:A EXPLANATION Most of the time vulnerable softwares installed in system or unpatched system causes most of the attacks as they are easy to take an advantage of remote access.
Which out of following may not be considered as control measures for protecting any web application? SELECT THE CORRECT ANSWER Security patching of operating system System hardening Web Application Firewall (WAF) Encryption and authentication of traffic
Correct Option:A EXPLANATION Operating system patches prevent systems from vulnerabilities pertaining to the operating system and not web applications. The question is very specific about protection from web vulnerabilities.
An object is accessing a subject which is present at a confidential and secret level after secret clearance. This is an example of: SELECT THE CORRECT ANSWER Multilevel lattice model State machine model Access control matrix Non-interference model
Correct Option:A EXPLANATION Per definition of multilevel lattice model, an object with clearance can access subjects at higher level.
Which out of following is NOT a type of policy? SELECT THE CORRECT ANSWER Regulatory policy Advisory policy Informative policy Operating policy
Correct Option:D EXPLANATION There are three major types of policies, namely; Regulatory policy which ensures organization is adhering to regulations like HIPAA, PCI DSS, Advisory policy which communicates types of behavior and activities followed in organization, and Informative policy which provides required information to employees.
The requirement of erasure is the end of the media life cycle if it contains sensitive information. Which of the following best describes purging? SELECT THE CORRECT ANSWER Information is made unrecoverable, even with extraordinary effort. Data formerly in the media was made unrecoverable by overwriting it with a pattern. It is unacceptable when the media is reused in the same physical environment for the same purposes. Changing the polarization of the atoms on the media.
Correct Option:A EXPLANATION Purging is a process of deleting data in such a way that it is not recoverable, even with the use of specialized software.
There are two trust models under Federated ID Management and they are: SELECT THE CORRECT ANSWER Cross-Certification Trust Model and Trusted Third Party Model Trusted Third Party Model and Bridge Model Bridge Model and Cross-Certification Model Bridge Model and Cross Reference Model
Correct Option:A EXPLANATION Federated Identity management has two trust models and they are - Cross-Certification Trust Model and Trusted Third Party Model.
In this type of access control, the administrator of a system defines the control of the files. What type of access control could this be? SELECT THE CORRECT ANSWER Non-discretionary Control Discretionary Control Mandatory Control Role Based Access Control (RBAC)
Correct Option:A EXPLANATION In Non-discretionary access control, rules are configured in the system as per the classification level of the subject and the object.
Bob, a newly certified CISSP, has offered to help his sister-in-law Kaitee with her small construction business. The business currently has 25 computers configured as a peer-to-peer network. All users are responsible for their own security and can set file and folder privileges as they see fit. Which access control model best describes the configuration of this organization? SELECT THE CORRECT ANSWER Discretionary Mandatory Role-based Nondiscretionary
Correct Option:A EXPLANATION A system that uses discretionary access control (DAC) enables the owner of the resource to specify which subjects can access specific resources. This model is called discretionary because the control of access is based on the discretion of the owner.
A large software development company wants to ensure the developed code does not lose its integrity and also wants to protect its use as it is intended. According to Jack, a senior project manager, what should be done to help achieve this goal? SELECT THE CORRECT ANSWER Code signing Code review Code validation Digital signature
Correct Option:A EXPLANATION Code signing is typically used in the software development environment to ensure that there are no changes in the software code and integrity is maintained while delivering it to the client.
Mr.Loudermilk, a senior representative of an organization, has recently joined. As part of his onboarding process and birthright access policy he should be provided an access to enterprise ERP, corporate E-mail and Internet. While E-mail and Internet is provided, he was not able to access ERP system. Which element of CIA tried is affected here? SELECT THE CORRECT ANSWER Confidentiality Integrity Availability None of above
Correct Option:A EXPLANATION Confidentiality means that the authorized person should be able to access required resources. In this case, he was authorized to access enterprise ERP, but he was not able to access. While technical reasons could be possible, confidentiality was not adhered here.
Ou la la la Inc. had sponsored a half marathon event for a city where many of their employees had participated. Post event, the company wanted to use this opportunity to brand and advertise, and wished to share a picture of its employees who participated in this event on that day. Ou la la la Inc has strict data classification policy and any deviation is not permitted. Pinokio (risk officer), was concerned about the employees wearing "BIB" which had their participation number for that marathon. However, the CISO of an organization suggested: SELECT THE CORRECT ANSWER To agree with the risk officer and instruct the marketing team to not use that picture To revise data classification policy as such requirements can be keep coming To instruct marketing department to use a pic which does not have BIB information That there is no personally identified information in BIB number, so it is ok to use the picture for marketing
Correct Option:D EXPLANATION BIB number is typically used only by media organizers in the event of an emergency. It technically does not hold any value for an external person and can be classified under public category without addition of any more information.
Sending random data, usually in larger chunks than expected by the applications, to the input channels of an application to provoke a crash of the application can be referred to as _______ SELECT THE CORRECT ANSWER Overload testing Regression testing Static testing Fuzz testing
Correct Option:D EXPLANATION Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the inputs of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted.
The difference between Server SSL certificate and S/MIME certificate is: SELECT THE CORRECT ANSWER Server certificate is used to identify clients to servers via SSL, whereas S/MIME is used for signaling and encrypting email Server certificate is used to identify clients to servers via SSL, whereas S/MIME is used to identify server to client via SSL Server certificate is used to identify servers to client via SSL, whereas S/MIME is used to identify client to server via SSL Server certificate is used to identify servers to client via SSL, whereas S/MIME is used for signaling and encrypting email
Correct Option:D EXPLANATION It is a concept: SSL certificate securely identifies communication between server and client, whereas S/MIME focuses on email.
Most application/software security vulnerabilities are caused by four major factors: bad programming, functional bugs in security infrastructure, logical flaws, and ____________________ SELECT THE CORRECT ANSWER Low skill level of staff Coordination gaps within team Lack of testing Misconfiguration of security infrastructure
Correct Option:D EXPLANATION Most application/software security vulnerabilities are caused by a few of major factors: bad programming, functional bugs in security infrastructure, logical flaws, and misconfigurations.
The process of periodic ID recertification can be referred to as which type of control? SELECT THE CORRECT ANSWER Preventive Control Corrective Control Administrative Control Detective Control
Correct Option:D EXPLANATION Periodic ID reconciliation/recertification helps in identifying dormant/orphan IDs from the system and they can be cleaned up. Since it helps in detecting such gaps, it is referred to as detective control.
In an application development environment, restricting user inputs beyond certain characters can be referred to as ______. SELECT THE CORRECT ANSWER Corrective Control Detective Control Administrative Control Preventive Control
Correct Option:D EXPLANATION Preventive controls are those that can help prevent an incident from occurring. Preventing users from entering inputs beyond specific characters may avoid the software/application from crashing.
Which RAID technology is not used because it is very complex? SELECT THE CORRECT ANSWER RAID 10 RAID 5 RAID 6 RAID 2
Correct Option:D EXPLANATION RAID 2 is not used as the entry level cost is very high and requires a very high transfer rate requirement to justify it. Hence, it is not commercially viable.
A superstore situated at petrol pump has a capacity to store 1000 dollars of value of goods. The store owner assumes a 50% loss of goods if there is a fire incident. The chances of such a fire are about once in 15 years. What, according to you, could be an ALE? SELECT THE CORRECT ANSWER 250 dollars 2.5 dollars 25 dollars 75 dollars
Correct Option:D EXPLANATION SLE = 1000*50% = 500. ALE = SLE*ARO; 500*0.15
Putin has been told to report to the board of directors with a vendor-neutral enterprise architecture framework that will help the company reduce fragmentation that results from the misalignment of IT and business processes. Which of the following frameworks should he suggest? SELECT THE CORRECT ANSWER DoDAF CMMI ISO/IEC 42010 TOGAF
Correct Option:D EXPLANATION The Open Group Architecture Framework (TOGAF) is a vendor-neutral platform for developing and implementing enterprise architectures. It focuses on effectively managing corporate data through the use of metamodels and service-oriented architecture (SOA). A proficient implementation of TOGAF is meant to reduce fragmentation that occurs due to misalignment of traditional IT systems and actual business processes. It also adjusts to new innovations and capabilities to ensure that these changes can easily be integrated into the enterprise platform.
Andrea is the data privacy officer (DPO) of a reputed organization. What could be her primary responsibilities? SELECT THE CORRECT ANSWER Ensuring protection of partner data Ensuring the accuracy of company financial information Ensuring that all security policies are defined and enforced Ensuring protection of customer, employee, and company data
Correct Option:D EXPLANATION The data privacy officer (DPO) position is created by companies in response to the increasing demands on organizations to protect myriad types of data. The DPO is responsible for ensuring the security of customer, company, and employee data, which keeps the company free from legal prosecution and out of the headlines. Thus, the DPO is directly involved with setting policies on how data is collected, protected, and distributed to third parties. The DPO is usually an attorney and reports to the chief security officer.
The two important capabilities DLP should have are to monitor and control data in motion and to _____. SELECT THE CORRECT ANSWER Ability to monitor traffic at each layer of OSI and reconstruction of data Randomize and mixing of packets Error check and reconstruction of missing packets Assemble the collected packets and reconstruct the files
Correct Option:D EXPLANATION The two very important capabilities DLP should have are to monitor and control data in motion and to assemble the collected packets and reconstruct the files.
