Pre-Course Assessment (ISC2)
The common term for systems that ensure proper temperature and humidity in the data center.
( HVAC)HVAC stands for "heating, ventilation and air conditioning," and is a common industry term. B is correct. A is incorrect; RBAC is an access control model. C is incorrect; MAC is the physical address of an IT device
Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this?
( Suvid's password has expired)Typically, users are required to reset passwords when the password has reached a certain age. Permanent passwords are more likely to be compromised or revealed. B is the correct answer. A, C and D are incorrect; these are not likely reasons to require password refresh.
Data retention periods apply to ____ data.
(All)All data should have specific retention periods (even though retention periods may differ for various types of data). C is the correct answer. A, B and D are incorrect; retention periods affect all data
Which of these is the most important reason to conduct security instruction for all employees.
(An informed user is a more secure user)While all the answers are true, D is the single most important reason to conduct security instruction, because it leads to all the others. A, B and C are incorrect; while true, they are not the most important reason(s).
What is the most important goal of a business continuity effort?
(Preserve health and human safety)In all security efforts, preserving health and human safety is paramount, so D is the correct answer. A, B and C are incorrect because D takes precedence over any of them.
Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use?
(Asymmetric encryption)With asymmetric encryption, Bluga can provide proof-of-origin for the message, for multiple recipients. B is the correct answer. A is incorrect; symmetric encryption does not provide a capability for proof of origin. C is incorrect; this term is meaningless, and used here only as a distractor. D is incorrect; hashing is not encryption, and does not provide proof of origin.
Logs should be reviewed ______.
(Continually)Log review should happen continually, in order to ensure detection efforts are optimized. B is the correct answer. A, C and D are incorrect; logs need to be reviewed on a continual basis.
A tool that inspects outbound traffic to reduce potential threats.
(DLP (data loss prevention))DLP solutions typically inspect outbound communications traffic to check for unauthorized exfiltration of sensitive/valuable information. C is correct. A, B and D are incorrect; these solutions are not typically suited to inspect outbound traffic.
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that operational managers have the utmost personal choice in determining which employees get access to which systems/data. Which method should Handel select?
(Discretionary access controls(DAC)DAC gives managers the most choice in determining which employees get access to which assets. C is the correct answer. A and B are incorrect; RBAC and MAC do not offer the same kind of flexibility that DAC does. D is incorrect; "security policy" is too broad and vague to be applicable; C is the better answer.
Which of the following is probably the main purpose of configuration management?
(Ensuring only authorized modifications are made to the IT environment)The main purpose of configuration management is to ensure that there is uniformity throughout the IT environment, and that only authorized modifications are made. D is the correct answer. A, B and C are incorrect; these may be overall security goals, and configuration management may assist for these purposes, but these are not the main goal of configuration management.
A device that is commonly useful to have on the perimeter between two networks.
(Firewall) Firewalls are often useful to monitor/filter traffic between two networks. D is correct. A and B are incorrect; these are typically located inside the perimeter of the internal environment. C is incorrect; cameras do not offer much benefit in monitoring communications traffic.
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk?
(Firewall)Firewalls can often identify hostile inbound traffic, and potentially counter it. A is the correct answer. B and D are incorrect; these are physical controls and aren't effective in identifying/countering communications attacks. C is incorrect; anti-malware is not typically useful in countering attacks that employ excess traffic as an attack mechanism.
A device that filters network traffic in order to enhance overall security/performance.
(Firewall)Firewalls filter traffic in order to enhance the overall security or performance of the network, or both. D is the correct answer. A is incorrect; "endpoint" is the term used to describe a device involved in a networked communication, at either "end" of a conversation. B is incorrect; laptops are not typically employed to filter network traffic. C is incorrect; MAC is the physical address of a device on a network.
Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why?
(Gary's actions look like attack)Repeated login attempts can resemble an attack on the network; attackers might try to log in to a user's account multiple times, using different credentials, in a short time period, in an attempt to determine the proper credentials. D is correct. A is incorrect; security policies and processes are not intended to punish employees. B is incorrect; IT systems do not get tired. C is incorrect; the delay is not designed to help users remember credentials.
Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort?
(Hashing)Hashing is a means to provide an integrity check. A is the correct answer. B is incorrect; this term is meaningless, and used here only as a distractor. C and D are incorrect; neither symmetric encryption nor asymmetric encryption provides message integrity.
Which of the following statements is true?
(It is best to use a blend of controls in order to provide optimum security)The use of multiple types of controls enhances overall security. D is correct. A, B and C are all incorrect, because no single type of control can provide adequate protection of an environment.
Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: "Sensitive," "Proprietary" and "Public." This is an example of _____.
(Labeling)Labeling is the practice of annotating assets with classification markings. D is the correct answer. A is incorrect; "secrecy" is too broad a term in this context, and not accurate—the markings are visible. B is incorrect; privacy is associated with information that identifies a specific person (or specific people). C is incorrect; this term has no meaning in this context, and is used here only as a distractor.
Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's machine and Linda's machine and can then surveil the traffic between the two when they're communicating. What kind of attack is this?
(ON-PATH)This is a textbook example of an on-path attack, where the attackers insert themselves between communicating parties. C is the correct answer. A is incorrect; a side channel attack is entirely passive, and typically does not include surveilling actual data (it instead surveils operational activity, such as changes in power usage, emissions and so forth). B is incorrect; a DDOS attack involves multiple machines flooding the target to overwhelm the target; Gary is neither shutting down the target nor using multiple devices in the attack. D is incorrect; a physical attack involves tangible materials. An example of a physical attack would be Gary cutting the wire between Linda and Dauphine, so that they could not communicate.
A tool that aggregates log data from multiple sources, and typically analyzes it and reports potential threats.
(SIEM)SIEM/SEM/SIM solutions are typically designed specifically for this purpose. D is the correct answer. A and C are incorrect; these are specific single sources of log data. B is incorrect; anti-malware does not typically gather log data from multiple sources.
Jengi is setting up security for a home network. Jengi decides to configure MAC address filtering on the router, so that only specific devices will be allowed to join the network. This is an example of a(n)_______ control.
(Technical)This is a difficult question, because it may seem as if there are two possible answers: the router enforces a set of rules as to which MAC addresses may be included on the network, so that sounds like an administrative control. However, the router is an IT system, so that seems as if it is a technical control. In fact, it is considered the latter. In general, it is best to consider the matter this way: if it has a power cord, or electricity running through it, it's a technical control. So D is the correct answer. A is incorrect; while the router is a tangible object, it does not act on the physical realm, affecting other tangible objects; it's an electronic device that is part of the IT environment. C is incorrect; "substantial" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor.
The output of any given hashing algorithm is always _____.
(The same length)Hashing algorithms create output of a fixed length. A is the correct answer. B is incorrect; the characters in the output will change depending on the input. C is incorrect; hashing algorithms do not create output in any particular language—usually, the output is a mix of alphanumeric characters. D is incorrect; hash outputs should be the same when the same input is used.
The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______.
(The user who signed it)The AUP is an agreement between the user and the organization, so both parties need to keep a copy of it. A is the correct answer. B, C and D are incorrect; those entities are not party to the agreement, and should therefore not receive a copy.
Which of the following is one of the common ways potential attacks are often identified?
(Users report unusual systems activity/response to Help Desk or the security office)Users often act as an attack-detection capability (although many user reports might be false-positives). D is the correct answer. A and C are incorrect; unfortunately, we rarely get advance notification of impending threats to the environment. B is incorrect; attacks are not typically identified by physical manifestations.
______ is used to ensure that configuration management activities are effective and enforced.
(Verification and audit)Verification and audit are methods we use to review the IT environment to ensure that configuration management activities have taken place and are achieving their intended purpose. D is the correct answer. A, B and C are incorrect; while these are terms related to configuration management, the answer is verification and audit.
Which type of fire-suppression system is typically the least expensive?
(Water)Water is typically the least expensive type of fire-suppression system, as water is one of the most common chemicals on the planet. A is correct. B is incorrect; dirt is usually only used in the suppression of forest fires. C and D are incorrect; gaseous/oxygen depletion systems are typically much, much more expensive than water-based systems.
The Triffid Corporation publishes a strategic overview of the company's intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this?
A is correct (Policy). This is an internal, strategic document, and is therefore a policy. B is incorrect; this is a strategic overview, not a specific process or practice, so it is not a procedure. C is incorrect; this is an internal document, not an industry-wide recognized set of practices, so it is not a standard. D is incorrect; this is not a legal mandate issued by a government, so it is not a law
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is Prachi?
A is correct( The subject). In this situation, Prachi is the subject in the subject-object-rule relationship. Prachi manipulates the database; this makes Prachi the subject. B and D are incorrect, because Prachi is the subject in this situation. C is incorrect, because Prachi is not, and never will be, a file.
Which of the following probably poses the most risk?
A is correct(A high-likelihood, high-impact event) An event that is has a significant probability of occurring ("high-likelihood") and also has a severe negative consequence ("high-impact") poses the most risk. The other answers all pose less risk, because either the likelihood or impact is described as "low." This is not to say that these risks can be dismissed, only that they are less significant than the risk posed by.
Guillermo logs onto a system and opens a document file. In this example, Guillermo is:
A is correct(The subject). Guillermo is the subject in this example. B is incorrect; in this example, the file is the object. C is incorrect; in this example, the process is logging on and opening the file. D is incorrect; in this example, the application used to open the file is the software
Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel. This is an example of _________.
A is correct. (Acceptance)Sophia is accepting the risk that the money will be lost, even though the likelihood is high; Sophia has decided that the potential benefit (winning the bet), while low in likelihood, is worth the risk. B is incorrect; if Sophia used avoidance, Sophia would not place the bet. C is incorrect; mitigation involves applying a control to reduce the risk. There is no practical (or legal) way to reduce the risk that Sophia will lose the bet. D is incorrect; if Sophia wanted to transfer the risk, Sophia might ask some friends to each put up a portion of the bet, so that they would all share the loss (or winnings) from the bet.
All of the following are typically perceived as drawbacks to biometric systems, except:
A is correct. (Lack of accuracy) Biometric systems can be extremely accurate, especially when compared with other types of access controls. B, C and D are all potential concerns when using biometric data, so those answers are incorrect in this context.
Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________.
A is correct. (Law and Procedure)The municipal code was created by a governmental body and is a legal mandate; this is a law. The Triffid checklist is a detailed set of actions which must be used by Triffid employees in specific circumstances; this is a procedure. B and C are incorrect; neither document is recognized throughout the industry, so neither is a standard. D is incorrect; neither document is a strategic internal overview issued by senior management, so neither is a policy.
A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of ______ controls.
A is correct. (Physical) A bollard is a tangible object that prevents a physical act from occurring; this is a physical control. B and D are incorrect because the bollard is a physical control, not administrative or technical. C is incorrect: "drastic" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor.
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has. In this situation, what is the database?
A is correct. (The object)Prachi is manipulating the database, so the database is the object in the subject-object-rule relationship in this case. B and C are incorrect, because the database is the object in this situation. D is incorrect because "site" has no meaning in this context
Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________.
A is correct.( Risk tolerance) Phrenal has decided there is an acceptable level of risk associated with the online sale of the laptop; this is within Phrenal's risk tolerance. B is incorrect; "risk inversion" is a term with no actual meaning, and is used here only as a distractor. C is incorrect; a threat is something or someone that poses risk—the sale of the laptop does not pose risk to Phrenal, only a lesser or greater benefit. D is incorrect; the sale of the laptop is not an avenue of attack against Phrenal.
Olaf is a member of (ISC)² and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do?
A is the best answer. (Tell the auditors the truth)The (ISC)² Code of Ethics requires that members "act honorably, honestly, justly, responsibly" and also "advance and protect the profession." Both requirements dictate that Olaf should tell the truth to the auditors. While the Code also says that Olaf should "provide diligent and competent service to principals," and Olaf's principal is Triffid in this case, lying does not serve Triffid's best long-term interests, even if the truth has some negative impact in the short term.
Triffid, Inc., wants to host streaming video files for the company's remote users, but wants to ensure the data is protected while it's streaming. Which of the following methods are probably best for this purpose?
A is the correct answer;(Symmetric encryption) symmetric encryption offers confidentiality of data with the least amount of processing overhead, which makes it the preferred means of protecting streaming data. B is incorrect; hashing would not provide confidentiality of the data. C is incorrect; asymmetric encryption requires more processing overhead than symmetric encryption, and is therefore not preferable for streaming purposes. D is incorrect; VLANs are useful for logical segmentation of networks, but do not serve a purpose for streaming data to remote users.
Which of the following would be best placed in the DMZ of an IT environment?
B is correct(Mail server); devices that must often interact with the external environment (such as a mail server) are typically best situated in the DMZ. A, C and D are incorrect; devices that contain sensitive or valuable information are typically best placed well inside the perimeter of the IT environment, away from the external world and the DMZ
What is the overall objective of a disaster recovery (DR) effort?
B is correct(Return to normal, full operations). DR efforts are intended to return the organization to normal, full operations. A is incorrect; DR is often quite expensive, and not a cost-saving measure. C is incorrect; this is the goal of business continuity (BC) efforts. D is incorrect; DR efforts are intended to return the organization to normal, full operations, not enhance public perception.
Which of these is an example of a physical access control mechanism?
B is correct. (A lock on a door)A lock on a door restricts physical access to the area on the other side of the door to only those personnel who have the appropriate entry mechanism (key, badge, etc.). A and C are both technical/logical controls. D is an administrative control.
In risk management concepts, a(n) _________ is something a security practitioner might need to protect.
B is correct. (Asset)An asset is anything with value, and a security practitioner may need to protect assets. A, C, and D are incorrect because vulnerabilities, threats and likelihood are terms associated with risk concepts, but are not things that a practitioner would protect.
What is the risk associated with delaying resumption of full normal operations after a disaster?
B is correct. Alternate operations are typically more costly than normal operations, in terms of impact to the organization; extended alternate operations could harm the organization as much as a disaster. A is incorrect; typically, alternate operations are safer than normal operations. C is incorrect; this would actually be an argument for delaying alternate operations, but it doesn't make much sense. D is incorrect; competition is always a risk, but doesn't have anything to do with DR efforts.
Which of the following is an example of a "something you know" authentication factor?
B is correct.(Password) A password is something the user knows and can present as an authentication factor to confirm an identity assertion. A is incorrect because a user ID is an identity assertion, not an authentication factor. C and D are incorrect as they are examples of authentication factors that are something you are, also referred to as "biometrics."
Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina's selection and determine whether to approve the purchase. This is a description of:
B is correct.(Segregation of duties) Segregation of duties, also called separation of duties, is used to reduce the potential for corruption or fraud within the organization. More than one person must be involved in a given process in order to complete that process. A is incorrect; Trina and the manager are not both required to be present for the transaction. C is incorrect; software is a term used to describe programs and applications. D is incorrect; defense in depth is the use of multiple (and multiple types of) overlapping security controls to protect assets.
For which of the following assets is integrity probably the most important security aspect?
B is correct.(The file that contains passwords used to authenticate users) If a password file is modified, the impact to the environment could be significant; there is a possibility that all authorized users could be denied access, or that anyone (including unauthorized users) could be granted access. The integrity of the password file is probably the most crucial of the four options listed. A is incorrect because one frame of an entire film, if modified, probably would have little to no effect whatsoever on the value of the film to the viewer; a film has thousands (or tens of thousands, or millions) of frames. C is incorrect because a change in marketing material, while significant, is not as crucial as the integrity of the password file described in Answer B. D is incorrect because a typo in a product description is not likely to be as important as the integrity of the password file described in Answer B.
By far, the most crucial element of any security instruction program.
B is correct:(Preserve health and human safety) This is the paramount rule in all security efforts. A, C and D are incorrect; these are goals of the security instruction program, but all are secondary to B.
Which common cloud deployment model typically features only a single customer's data/functionality stored on specific systems/hardware?
B is correct;(Private) this is the defining feature of private cloud. A is incorrect; in public cloud, multiple customers (or "tenants") typically share the underlying systems. C is incorrect; in community cloud, multiple customers from a shared affinity group/industry typically share access to the underlying infrastructure. D is incorrect; in hybrid cloud, more than one customer may use underlying infrastructure.
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma's colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do?
B is the best answer.( Explain the style and format of the questions, but no detail)It is all right to explain the format of the exam, and even to share your own impressions of how challenging and difficult you found the exam to be. But in order to protect the security of the test, and to adhere to the (ISC)² Code of Ethics ("advance and protect the profession"), Zarma should not share any explicit information about details of the exam or reveal any actual questions.
Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except:
B is the best answer.(Fence) A fence is useful for controlling visitors, authorized users and potential intruders. This is the only control listed among the possible answers that is not specific to visitors. A, C and D are all controls that should be used to manage visitors.
Which of the following is probably most useful at the perimeter of a property?
B is the best answer.(Fence) Of the options listed, a fence would be most useful at the perimeter of a property. A, C and D are incorrect, because those contain high-value assets which would be better located away from the perimeter of the property, so they can be protected with multiple security controls of varying types.
The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company's commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security. The Triffid document is a ______, and the SANS documents are ________.
B is the correct answer(Policy and Standard). The Triffid document is a strategic, internal rule published by senior management; this is a policy. The SANS documents are industry best practices recognized globally; these are standards. A and C are incorrect, because neither document was issued by a governmental body, so they are not laws. D is incorrect because neither document is a detailed set of instructions, so they are not procedures.
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly?
B is the correct answer.(Update the anti-malware solution regularly) Anti-malware solutions typically work with signatures for known malware; without continual updates, these tools lose their efficacy. A, C and D are incorrect; these measures will not aid in the effectiveness of anti-malware solutions.
All of the following are important ways to practice an organization disaster recovery (DR) effort; which one is the most important?
B is the only answer(Facility evacuation drills) that directly addresses health and human safety, which is the paramount concern of all security efforts. All the other answers are good exercises to perform as DR preparation, but B is the correct answer.
Preenka works at an airport. There are red lines painted on the ground next to the runway; Preenka has been instructed that nobody can step or drive across a red line unless they request, and get specific permission from, the control tower. This is an example of a(n)______ control.
B)Administrative B is correct. The process of requesting and getting permission, and the painted signage, are examples of administrative controls. A is incorrect; while the line is painted on the ground (and the ground is a tangible object), the line does not actually act to prevent or control anything—the line is a symbol and indicator; Preenka could easily walk across the line, if Preenka chose to do so. C is incorrect; "critical" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor. D is incorrect; a painted line is not an IT system or part of the IT environment.
At Parvi's place of work, the perimeter of the property is surrounded by a fence; there is a gate with a guard at the entrance. All inner doors only admit personnel with badges, and cameras monitor the hallways. Sensitive data and media are kept in safes when not in use. (D3, L3.1.1) This is an example of:
C is correct. (Defense in depth)Defense in depth is the use of multiple different (and different types of) overlapping controls to provide sufficient security. A and B are incorrect; nothing in the question suggested that two-person integrity or segregation of duties are being used in Parvi's workplace. D is incorrect; this is not a description of penetration testing.
All visitors to a secure facility should be _______.
C is correct. (Escorted)In a secure facility, visitors should be escorted by an authorized person. A is incorrect; it is not feasible to fingerprint every visitor to a facility. Moreover, it might not be legal, depending on the jurisdiction. B is incorrect; some facilities may be in jurisdictions that restrict the use of photographic surveillance in the workplace. D is incorrect; not all secure facilities require the use of protective equipment.
A _____ is a record of something that has occurred
C is correct. (Log)This is a description of a log. A is incorrect; "biometrics" is a term used to describe access control systems that use physiological traits of individuals in order to grant/deny access. B is incorrect; laws are legal mandates. D is incorrect; a firewall is a device for filtering traffic.
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don't collide with pedestrians. What is probably the most effective type of control for this task?
C is correct.(Physical) Physical controls, such as fences, walls and bollards, will be most likely to ensure cars cannot collide with pedestrians by creating actual barriers between cars and pedestrians. A is incorrect; administrative controls (such as signage and written directions) may be helpful in this situation, but not as helpful as physical controls. B is incorrect because technical controls are typically associated with IT environments and less practical for physical interactions; while helpful, technical controls would most likely not be as useful as physical controls in this situation. D is incorrect because "nuanced" is not a common type of security control, and the word is only used here as a distractor.
When should a business continuity plan (BCP) be activated?
C is correct.(When senior managment decides) A senior manager with the proper authority must initiate the BCP. A is incorrect; this answer has no context—there is no way to know when "as soon as possible" would be. B is incorrect; typically, it is impossible to determine the "beginning" of a disaster. D is incorrect; not all organizations are in regulated industries, and regulators do not supervise disaster response.
Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization's offices. Which sort of security control would probably be best for this purpose?
C is the best answer.(Physical) Because laptops are tangible objects, and Druna is trying to ensure that these objects are not moved from a certain place, physical controls are probably best for the purpose. A is incorrect; technical controls might help detect an attempt to steal a laptop, or locate the laptop after it has been stolen, but won't prevent the laptop from being taken. B is incorrect; "obverse" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor. D is incorrect; administrative controls may help reduce theft, such as ensuring that laptops are not left in a place unobserved, but won't prevent the laptop from being taken.
Barry wants to upload a series of files to a web-based storage service, so that people Barry has granted authorization can retrieve these files. Which of the following would be Barry's preferred communication protocol if he wanted this activity to be efficient and secure?
C is the correct answer(SFTP (Secure File Transfer Protocol) SFTP is designed specifically for this purpose. A, B and D are incorrect; these protocols are either not efficient or not secure in Barry's intended use.
Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks?
C is the correct answer.(Updating and patching systems) Keeping systems up to date is typically part of both the configuration management process and enacting best security practices. A, B and D are incorrect; these activities are neither part of the configuration management process nor a best security practice.
Which of the following is an example of a "something you are" authentication factor?
D is correct. (A photograph of your face )A facial photograph is something you are—your appearance. A is incorrect because a credit card is an example of an authentication factor that is something you have. B is incorrect because passwords and PINs are examples of authentication factors that are something you know. C is incorrect because a user ID is an identity assertion, not an authentication factor.
What is the goal of Business Continuity efforts? (D2, L2.2.1)
D is correct. (Keep critical business functions operational) Business Continuity efforts are about sustaining critical business functions during periods of potential interruption, such as emergencies, incidents, and disasters. A is incorrect; Business Continuity efforts often require significant financial expenditures. B is incorrect; Business Continuity efforts are important regardless of whether customers are impressed. C is incorrect; Business Continuity efforts should focus specifically on critical business functions, not the entire IT environment.
The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this?
D is correct. (Law)The city council is a governmental body making a legal mandate; this is a law. A is incorrect; the rule is not a policy used by a specific organization, but instead applies to anyone within the jurisdiction of the Grampon city council. B is incorrect; this rule is not a process to follow. C is incorrect; this rule is not recognized outside the jurisdiction of the Grampon city council.
Which of the following are not typically involved in incident detection?
D is correct. (Requlators)Typically, regulators do not detect incidents, nor alert organizations to the existence of incidents. All the other answers are often involved in incident detection.
Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens. Which security concept is being applied in this situation?
D is correct.(Dual control) This is an example of dual control, where two people, each with distinct authentication factors, must be present to perform a function. A is incorrect; defense in depth requires multiple controls protecting assets—there is no description of multiple controls in this situation. B is incorrect; in segregation of duties, the parts of a given transaction are split among multiple people, and the task cannot be completed unless each of them takes part. Typically, in segregation of duties, the people involved do not have to take part simultaneously; their actions can be spread over time and distance. This differs from dual control, where both people must be present at the same time. C is incorrect; the situation described in the question does not reduce the permissions of either person involved or limit their capabilities to their job function.
Which of the following is not a typical benefit of cloud computing services?
D is correct.(Freedom from legal constraints) Moving data/operations into the cloud does not relieve the customer from legal constraints (and may even increase them). A, B and C are all common benefits of cloud services, and are therefore incorrect answers.
Which of the following is not an appropriate control to add to privileged accounts?
D is correct.(Security deposit) We typically do not ask privileged account holders for security deposits. A, B, and C are incorrect; those are appropriate controls to enact for privileged accounts.
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control.
D is correct.(Technical) A software firewall is a technical control, because it is a part of the IT environment. A is incorrect; a software firewall is not a tangible object that protects something. B is incorrect; a software firewall is not a rule or process. Without trying to confuse the issue, a software firewall might incorporate an administrative control: the set of rules which the firewall uses to allow or block particular traffic. However, answer D is a much better way to describe a software firewall. C is incorrect; "passive" is not a term commonly used to describe a particular type of security control, and is used here only as a distractor.
The concept that the deployment of multiple types of controls provides better security than using a single type of control.
D is correct;(Defense in depth) defense in depth involves multiple types of controls to provide better security. A is incorrect; a virtual private network protects communication traffic over untrusted media, but does not involve multiple types of controls. B is incorrect; the principle of least privilege is a system of access control. C is incorrect; the internet is an untrusted medium.
A means to allow remote users to have secure access to the internal IT environment.
D is correct;(HIDS (host-based intrusion-detection systems))(VPN) a virtual private network protects communication traffic over untrusted media. A is incorrect; the internet is an untrusted medium. B is incorrect; VLANs are used to segment portions of the internal environment. C is incorrect; MAC is the physical address of a given networked device.
Hoshi is an (ISC)2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi's cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do?
D is the best answer.(disclose the relationship, but recommend the vendor/product) (According to the third Canon of the ISC2 Code of Ethics, members are required to "provide diligent and competent service to principals." Hoshi's principal here is Triffid, Hoshi's employer. It would be inappropriate for Hoshi to select the cousin's product solely based upon the family relationship; however, if the cousin's product is, in fact, the best choice for Triffid, then Hoshi should recommend that product. In order to avoid any appearance of impropriety or favoritism, Hoshi needs to declare the relationship when making the recommendation.
Security needs to be provided to ____ data.
D is the correct answer(All). All data needs some form of security; even data that is not sensitive (such as data intended for public view) needs protection to ensure availability. A, B and C are incorrect; all data needs some form of security protection.
Triffid, Inc., has many remote workers who use their own IT devices to process Triffid's information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues. Which of the following is probably most appropriate for this specific purpose?
Host-based intrusion-detection systems are expressly designed for this purpose; each HIDS is installed on each endpoint machine. A is the correct answer. B is incorrect; NIDS are useful for monitoring internal traffic, but a HIDS would be better for distributed users/devices. C is incorrect; LIDS is not a term standard within our industry, and was just made up and used here as a distractor. D is incorrect; firewalls limit traffic, and can be used to identify potential threats, but a HIDS is specifically intended for this purpose.