SSCP practice questions WGU C845
How would nonrepudiation be best classified as? A. A preventive control B. A logical control C. A corrective control D. A compensating control
A. A preventive control
Which of the following binds a subject name to a public key value? A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate
A. A public-key certificate
Which of the following is used to find the Media Access Control address (MAC) that matches with a known Internet Protocol (IP) address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).
A. ARP
Which access control model was proposed for enforcing access control in government and military applications? A. Bell-LaPadula model B. Biba model C. Sutherland model D. Brewer-Nash model
A. Bell-LaPadula model
Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks? A. Risk assessment B. Residual risks C. Security controls D. Business units
A. Risk Assessment
Another example of Computer Incident Response Team (CIRT) activities is: A. Management of the netware logs, including collection, retention, review, and analysis of data B. Management of the network logs, including collection and analysis of data C. Management of the network logs, including review and analysis of data D. Management of the network logs, including collection, retention, review, and analysis of data
D
A momentary power outage is a: A. spike B. blackout C. surge D. fault
D.
Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the: A. Transport Layer Security (TLS) Internet Protocol. B. Transport Layer Security (TLS) Data Protocol. C. Transport Layer Security (TLS) Link Protocol. D. Transport Layer Security (TLS) Handshake Protocol.
D.
What is the primary role of smartcards in a PKI? A. Transparent renewal of user keys B. Easy distribution of the certificates between the users C. Fast hardware encryption of the raw data D. Tamper resistant, mobile storage and application of private keys of the users
D.
When should a post-mortem review meeting be held after an intrusion has been properly taken care of? A. Within the first three months after the investigation of the intrusion is completed. B. Within the first week after prosecution of intruders have taken place, whether successful or not. C. Within the first month after the investigation of the intrusion is completed. D. Within the first week of completing the investigation of the intrusion.
D.
Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model? A. Bridge B. Repeater C. Router D. Gateway
D. gateway
Secure Shell (SSH-2) supports authentication, compression, confidentiality, and integrity, SSH is commonly used as a secure alternative to all of the following protocols below except: A. telnet B. rlogin C. RSH D. HTTPS
D. https
Which of the following steps should be one of the first step performed in a Business Impact Analysis (BIA)? A. Identify all CRITICAL business units within the organization. B. Evaluate the impact of disruptive events. C. Estimate the Recovery Time Objectives (RTO). D. Identify and Prioritize Critical Organization Functions
D. identify and prioritize critical organizational functions
Which of the following should be performed by an operator? A. Changing profiles B. Approving changes C. Adding and removal of users D. Installing system software
D. installing system software
Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property? A. It allows "read up." B. It addresses covert channels. C. It addresses management of access controls. D. It allows "write up."
D. it allows "write up."
Which of the following statements is true about data encryption as a method of protecting data? A. It should sometimes be used for password files B. It is usually easily administered C. It makes few demands on system resources D. It requires careful key management
D. it requires careful key management
Cryptography does not concern itself with which of the following choices? A. Availability B. Integrity C. Confidentiality D. Validation
D. validation
One purpose of a security awareness program is to modify: A. employee's attitudes and behaviors towards enterprise's security posture B. management's approach towards enterprise's security posture C. attitudes of employees with sensitive data D. corporate attitudes about safeguarding data
A
The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of the corresponding vulnerability. Therefore, a legal liability may exists when: A. (C < L) or C is less than L B. (C < L - (residual risk)) or C is less than L minus residual risk C. (C > L) or C is greather than L D. (C > L - (residual risk)) or C is greather than L minus residual risk
A
Why does compiled code pose more of a security risk than interpreted code? A. Because malicious code can be embedded in compiled code and be difficult to detect. B. If the executed compiled code fails, there is a chance it will fail insecurely. C. Because compilers are not reliable. D. There is no risk difference between interpreted code and compiled code.
A
A server cluster looks like a: A. single server from the user's point of view B. dual server from the user's point of view C. triple server from the user's point of view D. quardle server from the user's point of view
A.
Application Layer Firewalls operate at the: A. OSI protocol Layer seven, the Application Layer. B. OSI protocol Layer six, the Presentation Layer. C. OSI protocol Layer five, the Session Layer. D. OSI protocol Layer four, the Transport Layer.
A.
Packet Filtering Firewalls can also enable access for: A. only authorized application port or service numbers. B. only unauthorized application port or service numbers. C. only authorized application port or ex-service numbers. D. only authorized application port or service integers.
A.
What is a characteristic of using the Electronic Code Book mode of DES encryption? A. A given block of plaintext and a given key will always produce the same ciphertext. B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. C. Individual characters are encoded by combining output from earlier encryption routines with plaintext. D. The previous DES output is used as input.
A.
What is the main difference between a Smurf and a Fraggle attack? A. A Smurf attack is ICMP-based and a Fraggle attack is UDP-based. B. A Smurf attack is UDP-based and a Fraggle attack is TCP-based. C. Smurf attack packets cannot be spoofed. D. A Smurf attack is UDP-based and a Fraggle attack is ICMP-based.
A.
What is the primary role of cross certification? A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certificates by CA certificate revocation
A.
Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean? A. Use of public key encryption to secure a secret key, and message encryption using the secret key. B. Use of the recipient's public key for encryption and decryption based on the recipient's private key. C. Use of software encryption assisted by a hardware encryption accelerator. D. Use of elliptic curve encryption.
A.
What is RAD? A. A development methodology B. A project management technique C. A measure of system complexity D. Risk-assessment diagramming
A. A development methodology
Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message.
A.
Which of the following is an issue with signature-based intrusion detection systems? A. Only previously identified attack signatures are detected. B. Signature databases must be augmented with inferential elements. C. It runs only on the windows operating system D. Hackers can circumvent signature evaluations
A.
Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect? A. In order to facilitate recovery, a single plan should cover all locations. B. There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan. C. In its procedures and tasks, the plan should refer to functions, not specific individuals. D. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.
A.
Which of the following statements pertaining to a Criticality Survey is incorrect? A. It is implemented to gather input from all personnel that is going to be part of the recovery teams. B. The purpose of the survey must be clearly stated. C. Management's approval should be obtained before distributing the survey. D. Its intent is to find out what services and systems are critical to keeping the organization in business.
A.
Which of the following statements pertaining to disaster recovery planning is incorrect? A. Every organization must have a disaster recovery plan B. A disaster recovery plan contains actions to be taken before, during and after a disruptive event. C. The major goal of disaster recovery planning is to provide an organized way to make decisions if a disruptive event occurs. D. A disaster recovery plan should cover return from alternate facilities to primary facilities.
A.
Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA): A. Notifying senior management of the start of the assessment. B. Creating data gathering techniques. C. Identifying critical business functions. D. Calculating the risk for each different business function.
A.
Which of the following would best describe certificate path validation? A. Verification of the validity of all certificates of the certificate chain to the root certificate B. Verification of the integrity of the associated root certificate C. Verification of the integrity of the concerned private key D. Verification of the revocation status of the concerned certificate
A.
Which port does the Post Office Protocol Version 3 (POP3) make use of? A. 110 B. 109 C. 139 D. 119
A. 110
How long are IPv4 addresses? A. 32 bits long. B. 64 bits long. C. 128 bits long. D. 16 bits long.
A. 32 bits long
A network-based vulnerability assessment is a type of test also referred to as: A. An active vulnerability assessment. B. A routing vulnerability assessment. C. A host-based vulnerability assessment. D. A passive vulnerability assessment
A. An active vulnerability assessment
A 'Pseudo flaw' is which of the following? A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders. B. An omission when generating Psuedo-code. C. Used for testing for bounds violations in application programming. D. A normally generated page fault causing the system to halt.
A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders.
Which of the following would assist the most in Host Based intrusion detection? A. audit trails. B. access control lists. C. security clearances D. host-based authentication
A. Audit trails
Business Continuity and Disaster Recovery Planning (Primarily) addresses the: A. Availability of the CIA triad B. Confidentiality of the CIA triad C. Integrity of the CIA triad D. Availability, Confidentiality and Integrity of the CIA triad
A. Availability of the CIA triad
Most access violations are: A. Accidental B. Caused by internal hackers C. Caused by external hackers D. Related to Internet
A. accidental
Address Resolution Protocol (ARP) interrogates the network by sending out a? A. broadcast. B. multicast. C. unicast. D. semicast.
A. Broadcast
Which of the following is a LAN transmission method? A. Broadcast B. Carrier-sense multiple access with collision detection (CSMA/CD) C. Token ring D. Fiber Distributed Data Interface (FDDI)
A. Broadcast
Which of the following focuses on sustaining an organization's business functions during and after a disruption? A. Business continuity plan B. Business recovery plan C. Continuity of operations plan D. Disaster recovery plan
A. Business continuity plan
Which is NOT a suitable method for distributing certificate revocation information? A. CA revocation mailing list B. Delta CRL C. OCSP (online certificate status protocol) D. Distribution point CRL
A. CA revocation mailing list
Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards? A. Category 5e UTP B. Category 2 UTP C. Category 3 UTP D. Category 1e UTP
A. Cat 5e UTP
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields
A. Computing in Galois fields
Making sure that only those who are supposed to access the data can access is which of the following? A. confidentiality. B. capability. C. integrity. D. availability.
A. Confidentiality
Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following? A. Confidentiality B. Integrity C. Availability D. capability
A. Confidentiality
Who first described the DoD multilevel military security policy in abstract, formal terms? A. David Bell and Leonard LaPadula B. Rivest, Shamir and Adleman C. Whitfield Diffie and Martin Hellman D. David Clark and David Wilson
A. David Bell and Leonard Lapadula
Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup? A. differential backup method B. full backup method C. incremental backup method D. tape backup method.
A. Differential backup
Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location? A. direct addressing B. Indirect addressing C. implied addressing D. indexed addressing
A. Direct addressing
What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Denial of service through a deadly embrace D. Data leakage through covert channels.
A. Disclosure of residual data
Which encryption algorithm is BEST suited for communication with handheld wireless devices? A. ECC (Elliptic Curve Cryptosystem) B. RSA C. SHA D. RC4
A. ECC
Which of the following is NOT an advantage that TACACS+ has over TACACS? A. Event logging B. Use of two-factor password authentication C. User has the ability to change his password D. Ability for security tokens to be resynchronized
A. Event logging
When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this: 0101 0001 Plain text 0111 0011 Key stream 0010 0010 Output What is this cryptographic operation called? A. Exclusive-OR B. Bit Swapping C. Logical-NOR D. Decryption
A. Exclusive-OR
Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences? A. Extensible Authentication Protocol B. Challenge Handshake Authentication Protocol C. Remote Authentication Dial-In User Service D. Multilevel Authentication Protocol
A. Extensible Authentication Protocol
Which of the following backup methods must be made regardless of whether Differential or Incremental methods are used? A. Full Backup Method. B. Incremental backup method. C. Supplemental backup method. D. Tape backup method.
A. Full backup method
Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful? A. host-based IDS B. firewall-based IDS C. bastion-based IDS D. server-based IDS
A. Host-based IDS
In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected? A. Human Resources B. Industrial Security C. Public Relations D. External Audit Group
A. Human Resources
Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place? A. Intrusion Detection System B. Compliance Validation System C. Intrusion Management System (IMS) D. Compliance Monitoring System
A. IDS
What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)? A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol
A. IKE
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations? A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)
A. IKE
All hosts on an IP network have a logical ID called a(n): A. IP address. B. MAC address. C. TCP address. D. Datagram address.
A. IP Adress
The Logical Link Control sub-layer is a part of which of the following? A. The ISO/OSI Data Link layer B. The Reference monitor C. The Transport layer of the TCP/IP stack model D. Change management control
A. ISO/OSI data link layer
Which of the following answers is described as a random value used in cryptographic algorithms to ensure that patterns are not created during the encryption process? A. IV - Initialization Vector B. Stream Cipher C. OTP - One Time Pad D. Ciphertext
A. IV- Initialization vector
Which of the following is an example of discretionary access control? A. Identity-based access control B. Task-based access control C. Role-based access control D. Rule-based access control
A. Identity-based access control
Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following? A. integrity B. confidentiality C. availability D. identity
A. Integrity
Which of the following biometric parameters are better suited for authentication use over a long period of time? A. Iris pattern B. Voice pattern C. Signature dynamics D. Retina pattern
A. Iris Pattern
What is NOT true about a one-way hashing function? A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message
A. It provides authentication of the message
What is defined as the rules for communicating between computers on a Local Area Network (LAN)? A. LAN Media Access methods B. LAN topologies C. LAN transmission methods D. Contention Access Control
A. LAN media access methods
Which of the following is not a preventive login control? A. Last login message B. Password aging C. Minimum password length D. Account expiration
A. Last login message
Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? A. Limiting the local access of operations personnel B. Job rotation of operations personnel C. Management monitoring of audit logs D. Enforcing regular password changes
A. Limiting the local access of operations personnel
Which access control model would a lattice-based access control model be an example of? A. Mandatory access control. B. Discretionary access control. C. Non-discretionary access control. D. Rule-based access control
A. Mandatory access control
Which of the following is NOT a basic component of security architecture? A. Motherboard B. Central Processing Unit (CPU) C. Storage Devices D. Peripherals (input/output devices)
A. Motherboard
What does the simple security (ss) property mean in the Bell-LaPadula model? A. No read up B. No write down C. No read down D. No write up
A. No read up
A host-based IDS is resident on which of the following? A. On each of the critical hosts B. decentralized hosts C. central hosts D. bastion hosts
A. On each of the critical hosts
Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part? A. One Time Pad (OTP) B. One time Cryptopad (OTC) C. Cryptanalysis D. Pretty Good Privacy (PGP)
A. One time pad (OTP)
Which of the following is considered the weakest link in a security system? A. People B. Software C. Communications D. Hardware
A. People
Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions? A. pipelining B. complex-instruction-set-computer (CISC) C. reduced-instruction-set-computer (RISC) D. multitasking
A. Pipelining
Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model? A. Prevention of the modification of information by unauthorized users. B. Prevention of the unauthorized or unintentional modification of information by authorized users. C. Preservation of the internal and external consistency. D. Prevention of the modification of information by authorized users
A. Prevention of the modification of information by unauthorized users
Sensitivity labels are an example of what application control type? A. Preventive security controls B. Detective security controls C. Compensating administrative controls D. Preventive accuracy controls
A. Preventive security controls
Risk analysis is MOST useful when applied during which phase of the system development process? A. Project initiation and Planning B. Functional Requirements definition C. System Design Specification D. Development and Implementation
A. Project initiation and planning
Which of the following protocols operates at the session layer (layer 5)? A. RPC B. IGMP C. LPD D. SPX
A. RPC
Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)? A. Recovery Point Objective B. Recovery Time Objective C. Point of Time Objective D. Critical Time Objective
A. RPO
Each data packet is assigned the IP address of the sender and the IP address of the: A. recipient. B. host. C. node. D. network.
A. Recipient
To be admissible in court, computer evidence must be which of the following? A. Relevant B. Decrypted C. Edited D. Incriminating
A. Relevant
Which of the following refers to the data left on the media after the media has been erased? A. remanence B. recovery C. sticky bits D. semi-hidden
A. Remanence
Which of the following biometric devices has the lowest user acceptance level? A. Retina Scan B. Fingerprint scan C. Hand geometry D. Signature recognition
A. Retina Scan
A deviation from an organization-wide security policy requires which of the following? A. Risk Acceptance B. Risk Assignment C. Risk Reduction D. Risk Containment
A. Risk Acceptance
A momentary high voltage is a: A. spike B. blackout C. surge D. fault
A. Spike
Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host? A. Statistical Anomaly-Based ID B. Signature-Based ID C. dynamical anomaly-based ID D. inferential anomaly-based ID
A. Statistical Anomaly-Based ID
Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? A. Steganography B. ADS - Alternate Data Streams C. Encryption D. NTFS ADS
A. Steganography
Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? A. Symmetric Key Cryptography B. PKI - Public Key Infrastructure C. Diffie-Hellman D. DSS - Digital Signature Standard
A. Symmetric Key Cryptography
Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing? A. System development activity B. Help-desk function C. System Imaging D. Risk management process
A. System development activity
Which of the following remote access authentication systems is the most robust? A. TACACS+ B. RADIUS C. PAP D. TACACS
A. TACAS+
Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? A. The Software Capability Maturity Model (CMM) B. The Spiral Model C. The Waterfall Model D. Expert Systems Model
A. The software Capability Maturity
What is a common problem when using vibration detection devices for perimeter control? A. They are vulnerable to non-adversarial disturbances. B. They can be defeated by electronic means. C. Signal amplitude is affected by weather conditions. D. They must be buried below the frost line
A. They are vulnerable to non-adversarial disturbances
In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols? A. Transport layer B. Application layer C. Physical layer D. Network layer
A. Transport layer
Which of the following is an example of a connectionless communication protocol? A. UDP B. X.25 C. Packet switching D. TCP
A. UDP
Which of the following describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time? A. Very-Long Instruction-Word Processor (VLIW) B. Complex-Instruction-Set-Computer (CISC) C. Reduced-Instruction-Set-Computer (RISC) D. Super Scalar Processor Architecture (SCPA)
A. Very-Long Instruction-Set-Word Processor (VLIW)
A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called a ? A. Vulnerability B. Risk C. Threat D. Overflow
A. Vulneranility
Which of the following standards is concerned with message handling? A. X.400 B. X.500 C. X.509 D. X.800
A. X.400
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs? A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack
A. a known-plaintext attack
What is used to protect programs from all unauthorized modification or executional interference? A. A protection domain B. A security perimeter C. Security labels D. Abstraction
A. a protection domain
Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it? A. Aggregation B. Inference C. Clustering D. Collision
A. aggregation
Which of the following methods of providing telecommunications continuity involves the use of an alternative media? A. Alternative routing B. Diverse routing C. Long haul network diversity D. Last mile circuit protection
A. alternative routing
Attributable data should be: A. always traced to individuals responsible for observing and recording the data B. sometimes traced to individuals responsible for observing and recording the data C. never traced to individuals responsible for observing and recording the data D. often traced to individuals responsible for observing and recording the data
A. always traced to individuals responsible for observing and recording the data
Which of the following is needed for System Accountability? A. Audit mechanisms. B. Documented design as laid out in the Common Criteria. C. Authorization. D. Formal verification of system design.
A. audit mechanisms
Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment? A. A baseline B. A standard C. A procedure D. A guideline
A. baseline
You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals. One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch. What critical step in forensic evidence have you forgotten? A. Chain of custody B. Locking the laptop in your desk C. Making a disk image for examination D. Cracking the admin password with chntpw
A. chain of custody
This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I ? A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack
A. chosen-chiphertext attack
Secure Shell (SSH) is a strong method of performing: A. client authentication B. server authentication C. host authentication D. guest authentication
A. client authentication
Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix? A. Contact information for all personnel. B. Vendor contact information, including offsite storage and alternate site. C. Equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations. D. The Business Impact Analysis.
A. contact information for all personnel
A business continuity plan is an example of which of the following? A. Corrective control B. Detective control C. Preventive control D. Compensating control
A. corrective control
What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities
A. cross certification
Which of the following is the most critical item from a disaster recovery point of view? A. Data B. Hardware/Software C. Communication Links D. Software Applications
A. data
The fact that a network-based IDS reviews packets payload and headers enable which of the following? A. Detection of denial of service B. Detection of all viruses C. Detection of data corruption D. Detection of all password guessing attacks
A. detection of denial of service
Which backup method copies only files that have changed since the last full backup, but does not clear the archive bit? A. Differential backup method. B. Full backup method. C. Incremental backup method. D. Tape backup method.
A. differential backup method
Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses? A. Direct evidence. B. Circumstantial evidence. C. Conclusive evidence. D. Corroborative evidence.
A. direct evidence
What attribute is included in a X.509-certificate? A. Distinguished name of the subject B. Telephone number of the department C. secret key of the issuing CA D. the key pair of the certificate holder
A. distinguished name of the subject
Which of the following services is NOT provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signature D. Authentication
A. encryption
Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? A. Fiber Optic cable B. Coaxial cable C. Twisted Pair cable D. Axial cable
A. fiber optic cable
A Packet Filtering Firewall system is considered a: A. first generation firewall. B. second generation firewall. C. third generation firewall. D. fourth generation firewall.
A. first generation firewall
Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.
A. full backup method
Which of the following backup methods makes a complete backup of every file on the server every time it is run? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.
A. full backup method
Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test? A. Full Interruption test B. Checklist test C. Simulation test D. Structured walk-through test
A. full interruption test
Packet Filtering Firewalls examine both the source and destination address of the: A. incoming and outgoing data packets B. outgoing data packets only C. Incoming Data packets only D. user data packet
A. incoming and outgoing data packets
Which backup method is used if backup time is critical and tape space is at an extreme premium? A. Incremental backup method. B. Differential backup method. C. Full backup method. D. Tape backup method.
A. incremental backup method
Which backup method usually resets the archive bit on the files after they have been backed up? A. Incremental backup method. B. Differential backup method. C. Partial backup method. D. Tape backup method.
A. incremental backup method
In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. Initiation B. Development/acquisition C. Implementation D. Operation/maintenance
A. initiation
What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)? A. It can be very invasive to the host operating system B. Monitors all processes and activities on the host system only C. Virtually eliminates limits associated with encryption D. They have an increased level of visibility and control compared to NIDS
A. it can be very invasive to the host operating system
Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan? A. It is unlikely to be affected by the same disaster. B. It is close enough to become operational quickly. C. It is close enough to serve its users. D. It is convenient to airports and hotels
A. it is unlikely to be affected by the same disaster
Which of the following is NOT an administrative control? A. Logical access control mechanisms B. Screening of personnel C. Development of policies, standards, procedures and guidelines D. Change control procedures
A. logical access control mechanisms
Qualitative loss resulting from the business interruption does NOT usually include: A. Loss of revenue B. Loss of competitive advantage or market share C. Loss of public confidence and credibility D. Loss of market leadership
A. loss of revenue
A circuit level proxy is ___________________ when compared to an application level proxy. A. lower in processing overhead. B. more difficult to maintain. C. more secure. D. slower.
A. lower in processing overhead
In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the: A. Network or Transport Layer B. Application Layer. C. Inspection Layer. D. Data Link Layer.
A. network or transport layer
A proxy can control which services (FTP and so on) are used by a workstation , and also aids in protecting the network from outsiders who may be trying to get information about the: A. network's design B. user base C. operating system design D. net BIOS' design
A. network's design
Which of the following monitors network traffic in real time? A. network-based IDS B. host-based IDS C. application-based IDS D. firewall-based IDS
A. network-based IDS
Which of the following usually provides reliable, real-time information without consuming network or host resources? A. network-based IDS B. host-based IDS C. application-based IDS D. firewall-based IDS
A. network-based IDS
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is: A. Not possible B. Only possible with key recovery scheme of all user keys C. It is possible only if X509 Version 3 certificates are used D. It is possible only by "brute force" decryption
A. not possible
Which of the following is NOT a transaction redundancy implementation? A. on-site mirroring B. Electronic Vaulting C. Remote Journaling D. Database Shadowing
A. on-site mirroring
What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed? A. One-way hash B. DES C. Transposition D. Substitution
A. one-way hash
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for: A. Peer Authentication B. Peer Identification C. Server Authentication D. Name Resolution
A. peer authentication
The MOST common threat that impacts a business's ability to function normally is: A. Power Outage B. Water Damage C. Severe Weather D. Labor Strike
A. power outage
Which of the following is an advantage of prototyping? A. Prototype systems can provide significant time and cost savings. B. Change control is often less complicated with prototype systems. C. It ensures that functions or extras are not added to the intended system. D. Strong internal controls are easier to implement.
A. prototype systems can provide significant time and cost saving
An application layer firewall is also called a: A. Proxy B. A Presentation Layer Gateway. C. A Session Layer Gateway. D. A Transport Layer Gateway.
A. proxy
The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept: A. The reference monitor. B. Discretionary Access Control. C. The Security Kernel. D. Mandatory Access Control.
A. reference monitor
Which of the following would best classify as a management control? A. Review of security controls B. Personnel security C. Physical and environmental protection D. Documentation
A. review of security controls
Who should DECIDE how a company should approach security and what security measures should be implemented? A. Senior management B. Data owner C. Auditor D. The information security specialist
A. senior management
A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is: A. server cluster B. client cluster C. guest cluster D. host cluster
A. server cluster
If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a: A. server farm B. client farm C. cluster farm D. host farm
A. server farm
How would an IP spoofing attack be best classified? A. Session hijacking attack B. Passive attack C. Fragmentation attack D. Sniffing attack
A. session hijacking attack
Which OSI/ISO layer does a SOCKS server operate at? A. Session layer B. Transport layer C. Network layer D. Data link layer
A. session layer
When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as? A. Shadowing B. Data mirroring C. Backup D. Archiving
A. shadowing
Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)? A. signature-based IDS B. statistical anomaly-based IDS C. event-based IDS D. inferent-based IDS
A. signature-based IDS
What does "residual risk" mean? A. The security risk that remains after controls have been implemented B. Weakness of an assets which can be exploited by a threat C. Risk that remains after risk assessment has has been performed D. A security risk intrinsic to an asset being audited, where no mitigation has taken place.
A. the security risk that remains after controls have been implemented
Which of the following would be the best criterion to consider in determining the classification of an information asset? A. Value B. Age C. Useful life D. Personal association
A. value
If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on: A. Value of item on the date of loss B. Replacement with a new item for the old one regardless of condition of lost item C. Value of item one month before the loss D. Value of item on the date of loss plus 10 percent
A. value of item on the date of loss
Secure Sockets Layer (SSL) is very heavily used for protecting which of the following? A. Web transactions. B. EDI transactions. C. Telnet transactions. D. Electronic Payment transactions.
A. web transactions
What kind of certificate is used to validate a user identity? A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate
A.. public key certificate
Which Network Address Translation (NAT) is the most convenient and secure solution? A. Hiding Network Address Translation B. Port Address Translation C. Dedicated Address Translation D. Static Address Translation
B. Port address translation
If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated: A. Based on the value of item on the date of loss B. Based on new, comparable, or identical item for old regardless of condition of lost item C. Based on value of item one month before the loss D. Based on the value listed on the Ebay auction web site
B.
In stateful inspection firewalls, packets are: A. Inspected at only one layer of the Open System Interconnection (OSI) model B. Inspected at all Open System Interconnection (OSI) layers C. Decapsulated at all Open Systems Interconnect (OSI) layers. D. Encapsulated at all Open Systems Interconnect (OSI) layers.
B.
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics? A. Standard model for network communications B. Used to gain information from network devices such as count of packets received and routing tables C. Enables dissimilar networks to communicate D. Defines 7 protocol layers (a.k.a. protocol stack)
B.
Once evidence is seized, a law enforcement officer should emphasize which of the following? A. Chain of command B. Chain of custody C. Chain of control D. Chain of communications
B. Chain of custody
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis? A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)
B
Which access control model provides upper and lower bounds of access capabilities for a subject? A. Role-based access control B. Lattice-based access control C. Biba access control D. Content-dependent access control
B Lattice-based access control
In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process? A. Known-plaintext attack B. Ciphertext-only attack C. Chosen-Ciphertext attack D. Plaintext-only attack
B. Ciphertext-only attack
When it comes to magnetic media sanitization, what difference can be made between clearing and purging information? A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files. B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack. C. They both involve rewriting the media. D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack
B
Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system? A. Detective Controls B. Preventative Controls C. Corrective Controls D. Directive Controls
B preventative controls
The primary purpose for using one-way hashing of user passwords within a password file is which of the following? A. It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords.
B.
What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
B.
What is the main problem of the renewal of a root CA certificate? A. It requires key recovery of all end user keys B. It requires the authentic distribution of the new root CA certificate to all PKI participants C. It requires the collection of the old root CA certificates from all the users D. It requires issuance of the new root CA certificate
B.
Which of the following describes a logical form of separation used by secure computing systems? A. Processes use different levels of security for input and output devices. B. Processes are constrained so that each cannot access objects outside its permitted domain. C. Processes conceal data and computations to inhibit access by outside processes. D. Processes are granted access based on granularity of controlled objects.
B.
Which of the following is a disadvantage of a statistical anomaly-based intrusion detection system? A. it may truly detect a non-attack event that had caused a momentary anomaly in the system. B. it may falsely detect a non-attack event that had caused a momentary anomaly in the system. C. it may correctly detect a non-attack event that had caused a momentary anomaly in the system. D. it may loosely detect a non-attack event that had caused a momentary anomaly in the system.
B.
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)
B.
Which of the following is true about digital certificates? A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.
B.
Which of the following is true of network security? A. A firewall is a not a necessity in today's connected world. B. A firewall is a necessity in today's connected world. C. A whitewall is a necessity in today's connected world. D. A black firewall is a necessity in today's connected world.
B.
Which of the following statements pertaining to Secure Sockets Layer (SSL) is false? A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols.
B.
Which of the following statements pertaining to a security policy is incorrect? A. Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. B. It specifies how hardware and software should be used throughout the organization. C. It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. D. It must be flexible to the changing environment.
B.
Which of the following statements pertaining to key management is incorrect? A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.
B.
Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect? A. The plan should be reviewed at least once a year for accuracy and completeness. B. The Contingency Planning Coordinator should make sure that every employee gets an up-to-date copy of the plan. C. Strict version control should be maintained. D. Copies of the plan should be provided to recovery personnel for storage offline at home and office.
B.
Why are coaxial cables called "coaxial"? A. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. B. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis C. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channels, both running along the same axis. D. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis
B.
What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable? A. 80 meters B. 100 meters C. 185 meters D. 500 meters
B. 100 meters
The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. 4 B. 16 C. 54 D. 64
B. 16
Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)? A. Authentication B. Administration C. Accounting D. Authorization
B. Administration
Related to information security, integrity is the opposite of which of the following? A. abstraction B. alteration C. accreditation D. application
B. Alteration
Which of the following is a telecommunication device that translates data from digital to analog form and back to digital? A. Multiplexer B. Modem C. Protocol converter D. Concentrator
B. Modem
What assesses potential loss that could be caused by a disaster? A. The Business Assessment (BA) B. The Business Impact Analysis (BIA) C. The Risk Assessment (RA) D. The Business Continuity Plan (BCP)
B. BIA
Which division of the Orange Book deals with discretionary protection (need-to-know)? A. D B. C C. B D. A
B. C
Which TCSEC level is labeled Controlled Access Protection? A. C1 B. C2 C. C3 D. B1
B. C2
What are the three FUNDAMENTAL principles of security? A. Accountability, confidentiality and integrity B. Confidentiality, integrity and availability C. Integrity, availability and accountability D. Availability, accountability and confidentiality
B. CIA
Which authentication technique best protects against hijacking? A. Static authentication B. Continuous authentication C. Robust authentication D. Strong authentication
B. Continuous authentication
Which type of control is concerned with restoring controls? A. Compensating controls B. Corrective controls C. Detective controls D. Preventive controls
B. Corrective Controls
What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions? A. A B. D C. E D. F
B. D
Which of the following is NOT a symmetric key algorithm? A. Blowfish B. Digital Signature Standard (DSS) C. Triple DES (3DES) D. RC5
B. DSS
Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis? A. DSS is aimed at solving highly structured problems. B. DSS emphasizes flexibility in the decision making approach of users. C. DSS supports only structured decision-making tasks. D. DSS combines the use of models with non-traditional data access and retrieval functions
B. DSS emphasizes flexibility in the decision making approach of users
Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control? A. Physical B. Data link C. Network D. Session
B. Data link
Which of the following is not appropriate in addressing object reuse? A. Degaussing magnetic tapes when they're no longer needed. B. Deleting files on disk before reusing the space. C. Clearing memory blocks before they are allocated to a program or data. D. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.
B. Deleting files on disk before reusing the space
Related to information security, confidentiality is the opposite of which of the following? A. closure B. disclosure C. disposal D. disaster
B. Disclosure
Organizations should not view disaster recovery as which of the following? A. Committed expense. B. Discretionary expense. C. Enforcement of legal statutes. D. Compliance with regulations
B. Discretionary expense
Which of the following are NOT a countermeasure to traffic analysis? A. Padding messages. B. Eavesdropping. C. Sending noise. D. Faraday Cage
B. Eavesdropping
What can best be defined as the detailed examination and testing of the security features of an IT system or product to ensure that they work correctly and effectively and do not show any logical vulnerabilities, such as evaluation criteria? A. Acceptance testing B. Evaluation C. Certification D. Accreditation
B. Evaluation
Which of the following backup sites is the most effective for disaster recovery? A. Time brokers B. Hot sites C. Cold sites D. Reciprocal Agreement
B. Hot sites
What kind of Encryption technology does SSL utilize? A. Secret or Symmetric key B. Hybrid (both Symmetric and Asymmetric) C. Public Key D. Private key
B. Hybrid (both symmetric and asymmetric)
Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using a TACACS+ server. B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5. D. Only attaching modems to non-networked hosts.
B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.
What does the Clark-Wilson security model focus on? A. Confidentiality B. Integrity C. Accountability D. Availability
B. Integrity
Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)? A. Host-to-host layer B. Internet layer C. Network access layer D. Session layer
B. Internet layer
Which of the following questions is less likely to help in assessing physical access controls? A. Does management regularly review the list of persons with physical access to sensitive facilities? B. Is the operating system configured to prevent circumvention of the security software and application controls? C. Are keys or other access devices needed to enter the computer room and media library? D. Are visitors to sensitive areas signed in and escorted?
B. Is the operating system configured to prevent circumvention of the security software and application controls?
How should a doorway of a manned facility with automatic locks be configured? A. It should be configured to be fail-secure. B. It should be configured to be fail-safe. C. It should have a door delay cipher lock. D. It should not allow piggybacking
B. It should be configured to be fail safe
The Diffie-Hellman algorithm is primarily used to provide which of the following? A. Confidentiality B. Key Agreement C. Integrity D. Non-repudiation
B. Key Agreement
What is defined as the manner in which the network devices are organized to facilitate communications? A. LAN transmission methods B. LAN topologies C. LAN transmission protocols D. LAN media access methods
B. LAN topologies
An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? A. Discretionary Access B. Least Privilege C. Mandatory Access D. Separation of Duties
B. Least Privilege
Which access control model is best suited in an environment where a high security level is required and where it is desired that only the administrator grants access control? A. DAC B. MAC C. Access control matrix D. TACACS
B. MAC
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)
B. MAC
Which of the following security mode of operation does NOT require all users to have the clearance for all information processed on the system? A. Compartmented security mode B. Multilevel security mode C. System-high security mode D. Dedicated security mode
B. Multilevel security mode
An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as: A. Netware availability B. Network availability C. Network acceptability D. Network accountability
B. Network Availability
What does the simple integrity axiom mean in the Biba model? A. No write down B. No read down C. No read up D. No write up
B. No read down
Which of the following is most concerned with personnel security? A. Management controls B. Operational controls C. Technical controls D. Human resources controls
B. Operational controls
Which of the following items is NOT a benefit of cold sites? A. No resource contention with other organisation B. Quick Recovery C. A secondary location is available to reconstruct the environment D. Low Cost
B. Quick recovery
Which of the following is not a one-way hashing algorithm? A. MD2 B. RC4 C. SHA-1 D. HAVAL
B. RC4
What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization? A. Recovery Point Objectives (RPO) B. Recovery Time Objectives (RTO) C. Recovery Time Period (RTP) D. Critical Recovery Time (CRT)
B. RTO
When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).
B. Reverse Address Resolution Protocol RARP
What is called the probability that a threat to an information system will materialize? A. Threat B. Risk C. Vulnerability D. Hole
B. Risk
How is Annualized Loss Expectancy (ALE) derived from a threat? A. ARO x (SLE - EF) B. SLE x ARO C. SLE/EF D. AV x EF
B. SLE x ARO
Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces? A. ISDN B. SLIP C. xDSL D. T1
B. SLIP
Which of the following is an example of a passive attack? A. Denying services to legitimate users B. Shoulder surfing C. Brute-force password cracking D. Smurfing
B. Shoulder surfing
Which type of attack involves impersonating a user or a system? A. Smurfing attack B. Spoofing attack C. Spamming attack D. Sniffing attack
B. Spoofing attack
Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data? A. Test environment using test data. B. Test environment using sanitized live workloads data. C. Production environment using test data. D. Production environment using sanitized live workloads data
B. Test environment using sanitized live workloads data
In the Bell-LaPadula model, the Star-property is also called: A. The simple security property B. The confidentiality property C. The confinement property D. The tranquility property
B. The confidentiality property
Which of the following best describes the purpose of debugging programs? A. To generate random data that can be used to test programs before implementing them. B. To ensure that program coding flaws are detected and corrected. C. To protect, during the programming phase, valid changes from being overwritten by other changes. D. To compare source code versions before transferring to the test environment
B. To ensure that program coding flaws are detected and corrected
What is considered the most important type of error to avoid for a biometric access control system? A. Type I Error B. Type II Error C. Combined Error Rate D. Crossover Error Rate
B. Type II Error
Preservation of confidentiality within information systems requires that the information is not disclosed to: A. Authorized person B. Unauthorized persons or processes. C. Unauthorized persons. D. Authorized persons and processes
B. Unauthorized persons or processes
Which of the following would MOST likely ensure that a system development project meets business objectives? A. Development and tests are run by different individuals B. User involvement in system specification and acceptance C. Development of a project plan identifying all development activities D. Strict deadlines and budgets
B. User involvement in system specification and acceptance
Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements? A. Validation B. Verification C. Assessment D. Accuracy
B. Verification
Which of the following is biggest factor that makes Computer Crimes possible? A. The fraudster obtaining advanced training & special knowledge. B. Victim carelessness. C. Collusion with others in information processing. D. System design flaws.
B. Victim carelessness
The first step in the implementation of the contingency plan is to perform: A. A firmware backup B. A data backup C. An operating systems software backup D. An application software backup
B. a data backup
Failure of a contingency plan is usually: A. A technical failure. B. A management failure. C. Because of a lack of awareness. D. Because of a lack of training.
B. a management failure
PGP uses which of the following to encrypt data? A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate
B. a symmetric encryption algorithm
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate
B. an attribute certificate
The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram? A. Transmission Control Protocol (TCP) B. Authentication Header (AH) C. User datagram protocol (UDP) D. Internet Control Message Protocol (ICMP)
B. authentication header (AH)
The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as? A. Confidentiality B. Availability C. Integrity D. Reliability
B. availability
Computer security should be first and foremost which of the following: A. Cover all identified risks B. Be cost-effective. C. Be examined in both monetary and non-monetary terms. D. Be proportionate to the value of IT systems.
B. be cost effective
An effective information security policy should not have which of the following characteristic? A. Include separation of duties B. Be designed with a short- to mid-term focus C. Be understandable and supported by all stakeholders D. Specify areas of responsibility and authority
B. be designed with a short-to-midterm focus
Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit D. Because of insufficient system memory
B. because of improper parameter checking within the application
What is the name of the third party authority that vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority
B. certificate authority
Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier? A. Dynamic authentication B. Continuous authentication C. Encrypted authentication D. Robust authentication
B. continuous authentication
This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence? A. Circumstantial evidence B. Corroborative evidence C. Opinion evidence D. Secondary evidence
B. corroborative evidence
Which of the following is given the responsibility of the maintenance and protection of the data? A. Data owner B. Data custodian C. User D. Security administrator
B. data custodian
Which of the following is not a form of passive attack? A. Scavenging B. Data diddling C. Shoulder surfing D. Sniffing
B. data diddling
Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level ? A. System Auditor B. Data or Information Owner C. System Manager D. Data or Information user
B. data or information owner
What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging
B. data remanence
A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include? A. Marketing/Public relations B. Data/Telecomm/IS facilities C. IS Operations D. Facilities security
B. data/telecomm/IS facilities
Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature
B. digital watermarking
What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location? A. Remote journaling B. Electronic vaulting C. Data clustering D. Database shadowing
B. electronic vaulting
Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing? A. Interface errors are detected earlier. B. Errors in critical modules are detected earlier. C. Confidence in the system is achieved earlier. D. Major functions and processing are tested earlier.
B. errors in critical modules are detected earlier
What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent? A. Evidence Circumstance Doctrine B. Exigent Circumstance Doctrine C. Evidence of Admissibility Doctrine D. Exigent Probable Doctrine
B. exigent circumstance doctrine
What can be described as a measure of the magnitude of loss or impact on the value of an asset? A. Probability B. Exposure factor C. Vulnerability D. Threat
B. exposure factor
Which of the following is BEST defined as a physical control? A. Monitoring of system activity B. Fencing C. Identification and authentication methods D. Logical access control mechanisms
B. fencing
Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location? A. Direct addressing B. Indirect addressing C. Indexed addressing D. Program addressing
B. indirect addressing
What is the main characteristic of a bastion host? A. It is located on the internal network. B. It is a hardened computer implementation C. It is a firewall. D. It does packet filtering.
B. it is a hardened computer implementation
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? A. Key collision B. Key clustering C. Hashing D. Ciphertext collision
B. key clustering
Which of the following recovery plan test results would be most useful to management? A. elapsed time to perform various activities. B. list of successful and unsuccessful activities. C. amount of work completed D. description of each activity.
B. list of successful and unsuccessful activities
In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices? A. new loop B. local loop C. loopback D. indigenous loop
B. local loop
Which of the following results in the most devastating business interruptions? A. Loss of Hardware/Software B. Loss of Data C. Loss of Communication Links D. Loss of Applications
B. loss of data
To understand the 'whys' in crime, many times it is necessary to understand MOM. Which of the following is not a component of MOM? A. Opportunities B. Methods C. Motivation D. Means
B. methods
Which of the following security modes of operation involves the highest risk? A. Compartmented Security Mode B. Multilevel Security Mode C. System-High Security Mode D. Dedicated Security Mode
B. multilevel security mode
What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition? A. Running key cipher B. One-time pad C. Steganography D. Cipher block chaining
B. one-time pad
Which of the following is used in database information security to hide information? A. Inheritance B. Polyinstantiation C. Polymorphism D. Delegation
B. polyinstantiation
Which of the following are REGISTERED PORTS as defined by IANA ? A. Ports 128 to 255 B. Ports 1024 to 49151 C. Ports 1025 to 65535 D. Ports 1024 to 32767
B. ports 1024 to 32767
What prevents a process from accessing another process' data? A. Memory segmentation B. Process isolation C. The reference monitor D. Data hiding
B. process isolation
Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks? A. Monitoring and auditing for such activity B. Require user authentication C. Making sure only necessary phone numbers are made public D. Using completely different numbers for voice and data accesses
B. require user authentication
Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes? A. Key escrow B. Rotation of duties C. Principle of need-to-know D. Principle of least privilege
B. rotation of duties
Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems? A. Recovery testing B. Security testing C. Stress/volume testing D. Interface testing
B. security testing
When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems? A. Executive management staff B. Senior business unit management C. BCP committee D. Functional business units
B. senior business unit management
What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets? A. SYN Flood attack B. Smurf attack C. Ping of Death attack D. Denial of Service (DOS) attack
B. smurf attack
What can be defined as secret communications where the very existence of the message is hidden? A. Clustering B. Steganography C. Cryptology D. Vernam cipher
B. steganography
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack? A. The use of good key generators. B. The use of session keys. C. Nothing can defend you against a brute force crypto key attack. D. Algorithms that are immune to brute force key attacks.
B. the use of session keys
What is also known as 10Base5? A. Thinnet B. Thicknet C. ARCnet D. UTP
B. thicknet
What can be defined as an event that could cause harm to the information systems? A. A risk B. A threat C. A vulnerability D. A weakness
B. threat
Within the realm of IT security, which of the following combinations best defines risk? A. Threat coupled with a breach B. Threat coupled with a vulnerability C. Vulnerability coupled with an attack D. Threat coupled with a breach of security
B. threat coupled with a vulnerability
Which of the following would be the best reason for separating the test and development environments? A. To restrict access to systems under test. B. To control the stability of the test environment. C. To segregate user and development staff. D. To secure access to systems under development.
B. to control the stability of the test environment
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term? A. Subordinate CA B. Top Level CA C. Big CA D. Master CA
B. top level CA
Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet? A. Authentication mode B. Tunnel mode C. Transport mode D. Safe mode
B. tunnel mode
Devices that supply power when the commercial utility power system fails are called which of the following? A. power conditioners B. uninterruptible power supplies C. power filters D. power dividers
B. uninterruptible power supplies
Which of the following determines that the product developed meets the projects goals? A. verification B. validation C. concurrence D. accuracy
B. validation
Communications and network security relates to transmission of which of the following? A. voice B. voice and multimedia C. data and multimedia D. voice, data and multimedia
B. voice and multimedia
Which of the following statements pertaining to software testing approaches is correct? A. A bottom-up approach allows interface errors to be detected earlier. B. A top-down approach allows errors in critical modules to be detected earlier. C. The test plan and results should be retained as part of the system's permanent documentation. D. Black box testing is predicated on a close examination of procedural detail.
C
Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system? A. Fail proof B. Fail soft C. Fail safe D. Fail Over
C fail safe
A trusted system does NOT involve which of the following? A. Enforcement of a security policy. B. Sufficiency and effectiveness of mechanisms to be able to enforce a security policy. C. Assurance that the security policy can be enforced in an efficient and reliable manner. D. Independently-verifiable evidence that the security policy-enforcing mechanisms are sufficient and effective.
C.
Controls are implemented to: A. eliminate risk and reduce the potential for loss B. mitigate risk and eliminate the potential for loss C. mitigate risk and reduce the potential for loss D. eliminate risk and eliminate the potential for loss
C.
In what way could Java applets pose a security threat? A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system. C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.
C.
One of the following statements about the differences between PPTP and L2TP is NOT true A. PPTP can run only on top of IP networks. B. PPTP is an encryption protocol and L2TP is not. C. L2TP works well with all firewalls and network devices that perform NAT. D. L2TP supports AAA servers
C.
What is the main characteristic of a multi-homed host? A. It is placed between two routers or firewalls. B. It allows IP routing. C. It has multiple network interfaces, each connected to separate networks. D. It operates at multiple layers.
C.
What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team? A. The most critical operations are moved from alternate site to primary site before others B. Operation may be carried by a completely different team than disaster recovery team C. The least critical functions should be moved back first D. You moves items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site
C.
What would BEST define a covert channel? A. An undocumented backdoor that has been left by a programmer in an operating system B. An open system port that should be closed. C. A communication channel that allows transfer of information in a manner that violates the system's security policy. D. A trojan horse.
C.
When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence: A. Evidence has to be collected in accordance with all laws and all legal regulations. B. Law enforcement officials should be contacted for advice on how and when to collect critical information. C. Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available. D. Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.
C.
Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection? A. Anomaly detection tends to produce more data B. A pattern matching IDS can only identify known attacks C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams D. An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines
C.
Which of the following best describes signature-based detection? A. Compare source code, looking for events or sets of events that could cause damage to a system or network. B. Compare system activity for the behaviour patterns of new attacks. C. Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack. D. Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack.
C.
Which of the following concerning the Rijndael block cipher algorithm is false? A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.
C.
Which of the following is true about link encryption? A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.
C.
Which of the following statements is most accurate regarding a digital signature? A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.
C.
Which of the following statements pertaining to link encryption is false? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
C.
Which of the following statements pertaining to message digests is incorrect? A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Messages digests are usually of fixed size.
C.
Which of the following statements pertaining to packet switching is incorrect? A. Most data sent today uses digital signals over network employing packet switching. B. Messages are divided into packets. C. All packets from a message travel through the same route. D. Each network node or point examines each packet for routing.
C.
Which of the following would best define a digital envelope? A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's private key.
C.
How many layers are defined within the US Department of Defense (DoD) TCP/IP Model? A. 7 B. 5 C. 4 D. 3
C. 4
How many bits is the effective length of the key of the Data Encryption Standard algorithm? A. 168 B. 128 C. 56 D. 64
C. 56
The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics? A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output
C. 64 bit blocks with a 64 bit total key length
In response to Access-request from a client such as a Network Access Server (NAS), which of the following is not one of the response from a RADIUS Server? A. Access-Accept B. Access-Reject C. Access-Granted D. Access-Challenge
C. Access-Granted
What is the most critical characteristic of a biometric identifying system? A. Perceived intrusiveness B. Storage requirements C. Accuracy D. Scalability
C. Accuracy
What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity? A. Polyinstantiation B. Inference C. Aggregation D. Data mining
C. Aggregation
What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects? A. A capacity table B. An access control list C. An access control matrix D. A capability table
C. An Access Control Matrix
In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use: A. Screened subnets B. Digital certificates C. An encrypted Virtual Private Network D. Encryption
C. An encrypted Virtual private network
Which of the following best allows risk management results to be used knowledgeably? A. A vulnerability analysis B. A likelihood assessment C. An uncertainty analysis D. A threat identification
C. An uncertainty analysis
Which of the following questions is less likely to help in assessing physical and environmental protection? A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled?
C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printer or electronic information?
What is the PRIMARY use of a password? A. Allow access to files. B. Identify the user. C. Authenticate the user. D. Segregate various user's accesses
C. Authenticate the user
In the CIA triad, what does the letter A stand for? A. Auditability B. Accountability C. Availability D. Authentication
C. Availability
Why should batch files and scripts be stored in a protected area? A. Because of the least privilege concept B. Because they cannot be accessed by operators. C. Because they may contain credentials. D. Because of the need-to-know concept.
C. Because they may contain credentials
Which of the following models does NOT include data integrity or conflict of interest? A. Biba B. Clark-Wilson C. Bell-LaPadula D. Brewer-Nash
C. Bell-LaPadula
Which security model is based on the military classification of data and people with clearances? A. Brewer-Nash model B. Clark-Wilson model C. Bell-LaPadula model D. Biba model
C. Bell-LaPadula model
Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack
C. Birthday attack
Which of the following networking devices allows the connection of two or more homogeneous LANs in a simple way where they forward the traffic based on the MAC address ? A. Gateways B. Routers C. Bridges D. Firewalls
C. Bridges
Which security model uses division of operations into different parts and requires different users to perform each part? A. Bell-LaPadula model B. Biba model C. Clark-Wilson model D. Non-interference model
C. Clark-Wilson model
This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? A. Checkpoint level B. Ceiling level C. Clipping level D. Threshold level
C. Clipping level
What is the main focus of the Bell-LaPadula security model? A. Accountability B. Integrity C. Confidentiality D. Availability
C. Confidentiality
One of these statements about the key elements of a good configuration process is NOT true A. Accommodate the reuse of proven standards and best practices B. Ensure that all requirements remain clear, concise, and valid C. Control modifications to system hardware in order to prevent resource changes D. Ensure changes, standards, and requirements are communicated promptly and precisely
C. Control modifications to system hardware in order to prevent resource changes
Which of the following does NOT concern itself with key management? A. Internet Security Association Key Management Protocol (ISAKMP) B. Diffie-Hellman (DH) C. Cryptology (CRYPTO) D. Key Exchange Algorithm (KEA)
C. Cryptology
Which of the following services relies on UDP? A. FTP B. Telnet C. DNS D. SMTP
C. DNS
One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec) A. Data cannot be read by unauthorized parties B. The identity of all IPsec endpoints are confirmed by other endpoints C. Data is delivered in the exact order in which it is sent D. The number of packets being exchanged can be counted.
C. Data is delivered in the exact order in which it is sent
Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms? A. Rivest, Shamir, Adleman (RSA) B. El Gamal C. Elliptic Curve Cryptography (ECC) D. Advanced Encryption Standard (AES)
C. ECC
Which of the following LAN topologies offers the highest availability? A. Bus topology B. Tree topology C. Full mesh topology D. Partial mesh topology
C. Full mesh topology
During which phase of an IT system life cycle are security requirements developed? A. Operation B. Initiation C. Functional design analysis and Planning D. Implementation
C. Functional design analysis and planning
Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design? A. Development/acquisition B. Implementation C. Initiation D. Maintenance
C. Initiation
An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n): A. active attack B. outside attack C. inside attack D. passive attack
C. Inside attack
Which of the following statements pertaining to Kerberos is false? A. The Key Distribution Center represents a single point of failure. B. Kerberos manages access permissions. C. Kerberos uses a database to keep a copy of all users' public keys. D. Kerberos uses symmetric key cryptography
C. Kerberos uses a database to keep a copy of all users' public keys.
Which of the following statements pertaining to using Kerberos without any extension is false? A. A client can be impersonated by password-guessing. B. Kerberos is mostly a third-party authentication protocol. C. Kerberos uses public key cryptography. D. Kerberos provides robust authentication
C. Kerberos uses public key crytography
Which of the following would be used to implement Mandatory Access Control (MAC)? A. Clark-Wilson Access Control B. Role-based access control C. Lattice-based access control D. User dictated access control
C. Lattice-based access control
What security model is dependent on security labels? A. Discretionary access control B. Label-based access control C. Mandatory access control D. Non-discretionary access control
C. Mandatory Access control
How are memory cards and smart cards different? A. Memory cards normally hold more memory than smart cards B. Smart cards provide a two-factor authentication whereas memory cards don't C. Memory cards have no processing power D. Only smart cards can be used for ATM cards
C. Memory Cards have no processing power
What does the (star) property mean in the Bell-LaPadula model? A. No write up B. No read up C. No write down D. No read down
C. No write down
What does the directive of the European Union on Electronic Signatures deal with? A. Encryption of classified data B. Encryption of secret data C. Non repudiation D. Authentication of web servers
C. Non-repudiation
Which of the following does not address Database Management Systems (DBMS) Security? A. Perturbation B. Cell suppression C. Padded cells D. Partitioning
C. Padded cells
Which of the following does not apply to system-generated passwords? A. Passwords are harder to remember for users. B. If the password-generating algorithm gets to be known, the entire system is in jeopardy. C. Passwords are more vulnerable to brute force and dictionary attacks. D. Passwords are harder to guess for attackers.
C. Passwords are more vulnerable to brute force and dictionary attacks.
In the context of access control, locks, gates, guards are examples of which of the following? A. Administrative controls B. Technical controls C. Physical controls D. Logical controls
C. Physical controls
Which type of control is concerned with avoiding occurrences of risks? A. Deterrent controls B. Detective controls C. Preventive controls D. Compensating controls
C. Preventive Controls
Which of the following algorithms does NOT provide hashing? A. SHA-1 B. MD2 C. RC4 D. MD5
C. RC4
Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS? A. El Gamal B. Elliptic Curve Cryptosystems (ECCs) C. RSA D. International Data Encryption Algorithm (IDEA)
C. RSA
Which of the following encryption algorithms does not deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve
C. RSA
Which of the following is a device that is used to regenerate or replicate the received signals? A. Bridge B. Router C. Repeater D. Brouter
C. Repeater
Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure? A. Access control lists B. Discretionary access control C. Role-based access control D. Non-mandatory access control
C. Role-based access control
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank? A. SSH ( Secure Shell) B. S/MIME (Secure MIME) C. SET (Secure Electronic Transaction) D. SSL (Secure Sockets Layer)
C. SET
Which of the following can prevent hijacking of a web session? A. RSA B. SET C. SSL D. PPP
C. SSL
A proxy is considered a: A. first generation firewall. B. third generation firewall. C. second generation firewall. D. fourth generation firewall.
C. Second generation firewall
Which of the following would be best suited to oversee the development of an information security policy? A. System Administrators B. End User C. Security Officers D. Security administrators
C. Security Officers
Which of the following is NOT a form of detective administrative control? A. Rotation of duties B. Required vacations C. Separation of duties D. Security reviews and audits
C. Separation of duties
Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? A. Business and functional managers B. IT Security practitioners C. System and information owners D. Chief information officer
C. System and information owners
Which of the following would be an example of the best password? A. golf001 B. Elizabeth C. T1me4g0lF D. password
C. T1me4g0lf
Smart cards are an example of which type of control? A. Detective control B. Administrative control C. Technical control D. Physical control
C. Technical Control
Which of the following statements pertaining to software testing is incorrect? A. Unit testing should be addressed and considered when the modules are being designed. B. Test data should be part of the specifications. C. Testing should be performed with live data to cover all possible situations. D. Test data generators can be used to systematically generate random test data that can be used to test programs
C. Testing should be performed with live data to cover all possible situations
Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? A. The Take-Grant model B. The Biba integrity model C. The Clark Wilson integrity model D. The Bell-LaPadula integrity model
C. The Clark-Wilson integrity model
Which security model introduces access to objects only through programs? A. The Biba model B. The Bell-LaPadula model C. The Clark-Wilson model D. The information flow model
C. The Clark-Wilson model
Which of the following Kerberos components holds all users' and services' cryptographic keys? A. The Key Distribution Service B. The Authentication Service C. The Key Distribution Center D. The Key Granting Service
C. The Key Distribution Center
What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted? A. The security kernel B. The reference monitor C. The security perimeter D. The reference perimeter
C. The security perimeter
Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor
C. Third Floor
What is the main objective of proper separation of duties? A. To prevent employees from disclosing sensitive information. B. To ensure access controls are in place. C. To ensure that no single individual can compromise a system. D. To ensure that audit trails are not tampered with
C. To ensure that no single individual can compromise a system
Under United States law, an investigator's notebook may be used in court in which of the following scenarios? A. When the investigator is unwilling to testify. B. When other forms of physical evidence are not available. C. To refresh the investigators memory while testifying. D. If the defense has no objections.
C. To refresh the investigators memory while testifying
What can best be defined as the sum of protection mechanisms inside the computer, including hardware, firmware and software? A. Trusted system B. Security kernel C. Trusted computing base D. Security perimeter
C. Trusted computing base
Which of the following is used by RADIUS for communication between clients and servers? A. TCP B. SSL C. UDP D. SSH
C. UDP
Which of the following protocols was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers? A. TCP B. SSL C. UDP D. SSH
C. UDP
Which of the following computer recovery sites is only partially equipped with processing equipment? A. hot site B. rolling hot site C. warm site D. cold site
C. Warm site
When backing up an applications system's data, which of the following is a key question to be answered first? A. When to make backups B. Where to keep backups C. What records to backup D. How to store backups
C. What records to backup
Which of the following would best describe the difference between white-box testing and black-box testing? A. White-box testing is performed by an independent programmer team. B. Black-box testing uses the bottom-up approach. C. White-box testing examines the program internal logical structure. D. Black-box testing involves the business units
C. White-box testing examines the program internal logical structure
The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something: A. you need. B. you read. C. you are. D. you do
C. You are
Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms? A. A trusted path B. A protection domain C. A covert channel D. A maintenance hook
C. a covert channel
What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it? A. A fail safe system B. A fail soft system C. A fault-tolerant system D. A failover system
C. a fault tolerant system
What is the RESULT of a hash algorithm being applied to a message? A. A digital signature B. A ciphertext C. A message digest D. A plaintext
C. a message digest
What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept? A. The reference monitor B. Protection rings C. A security kernel D. A protection domain
C. a security kernel
During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first? A. Damage mitigation B. Install LAN communications network and servers C. Assess damage to LAN and servers D. Recover equipment
C. access damage to LAN and servers
A Business Continuity Plan should be tested: A. Once a month. B. At least twice a year. C. At least once a year. D. At least once every two years.
C. at least once a year
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list
C. authority revocation list
What is called the access protection system that limits connections by calling back the number of a previously authorized location? A. Sendback systems B. Callback forward systems C. Callback systems D. Sendback forward systems
C. callback systems
What type of cable is used with 100Base-TX Fast Ethernet? A. Fiber-optic cable B. Category 3 or 4 unshielded twisted-pair (UTP). C. Category 5 unshielded twisted-pair (UTP). D. RG-58 cable.
C. cat 5 unshielded twisted-pair (UTP)
Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle? A. Pipelining B. Reduced Instruction Set Computers (RISC) C. Complex Instruction Set Computers (CISC) D. Scalar processors
C. complex instruction set computers CISC
Which of the following should NOT be performed by an operator? A. Implementing the initial program load B. Monitoring execution of the system C. Data entry D. Controlling job flow
C. data entry
Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of? A. Transport layer B. Network layer C. Data link layer D. Physical layer
C. data link layer
The preliminary steps to security planning include all of the following EXCEPT which of the following? A. Establish objectives. B. List planning assumptions. C. Establish a security audit function. D. Determine alternate courses of action
C. establish a security audit function
Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users? A. Inadequate quality assurance (QA) tools. B. Constantly changing user needs. C. Inadequate user participation in defining the system's requirements. D. Inadequate project management.
C. inadequate user participation in defining the systems requirments
Which of the following specifically addresses cyber attacks against an organization's IT systems? A. Continuity of support plan B. Business continuity plan C. Incident response plan D. Continuity of operations plan
C. incident response plan
A one-way hash provides which of the following? A. Confidentiality B. Availability C. Integrity D. Authentication
C. integrity
Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications? A. External Hot site B. Warm Site C. Internal Hot Site D. Dual Data Center
C. internal hot site
Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false? A. It can be used for voice B. it can be used for data C. It carries various sizes of packets D. It can be used for video
C. it carries various sizes of packets
Which of the following statements do not apply to a hot site? A. It is expensive. B. There are cases of common overselling of processing capabilities by the service provider. C. It provides a false sense of security. D. It is accessible on a first come first serve basis. In case of large disaster it might not be accessible.
C. it provides a false sense of security
The Diffie-Hellman algorithm is used for: A. Encryption B. Digital signature C. Key agreement D. Non-repudiation
C. key agreement
Which of the following is NOT a technical control? A. Password and resource management B. Identification and authentication methods C. Monitoring for physical intrusion D. Intrusion Detection Systems
C. monitoring for physical intrusion
Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. Development/acquisition B. Implementation C. Operation/Maintenance D. Initiation
C. operation/maintenance
Whose role is it to assign classification level to information? A. Security Administrator B. User C. Owner D. Auditor
C. owner
Which of the following is responsible for MOST of the security issues? A. Outside espionage B. Hackers C. Personnel D. Equipment failure
C. personnel
Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used? A. preventive, corrective, and administrative B. detective, corrective, and physical C. Physical, technical, and administrative D. Administrative, operational, and logical
C. physical, technical, and administrative
Which of the following are WELL KNOWN PORTS assigned by the IANA? A. Ports 0 to 255 B. Ports 0 to 1024 C. Ports 0 to 1023 D. Ports 0 to 127
C. ports 0 to 1023
Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options? A. Detailed design B. Implementation C. Product design D. Software plans and requirements
C. product design
What kind of encryption is realized in the S/MIME-standard? A. Asymmetric encryption scheme B. Password based encryption scheme C. Public key based, hybrid encryption scheme D. Elliptic curve based encryption
C. public key based, hybrid encryption scheme
Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors? A. Unit testing B. Pilot testing C. Regression testing D. Parallel testing
C. regression testing
Which of the following is a not a preventative control? A. Deny programmer access to production data. B. Require change requests to include information about dates, descriptions, cost analysis and anticipated effects. C. Run a source comparison program between control and current source periodically. D. Establish procedures for emergency changes
C. run a source comparison program between control and current source periodically
Which of the following keys has the SHORTEST lifespan? A. Secret key B. Public key C. Session key D. Private key
C. session key
Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? A. The Bell-LaPadula model B. The information flow model C. The noninterference model D. The Clark-Wilson model
C. the noninterference model
Which software development model is actually a meta-model that incorporates a number of the software development models? A. The Waterfall model B. The modified Waterfall model C. The Spiral model D. The Critical Path Model (CPM)
C. the spiral model
Who should measure the effectiveness of Information System security related controls in an organization? A. The local security specialist B. The business manager C. The systems auditor D. The central security manager
C. the system auditor
In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? A. The transactions should be dropped from processing. B. The transactions should be processed after the program makes adjustments. C. The transactions should be written to a report and reviewed. D. The transactions should be corrected and reprocessed.
C. the transactions should be written to a report and reviewed
The typical computer fraudsters are usually persons with which of the following characteristics? A. They have had previous contact with law enforcement B. They conspire with others C. They hold a position of trust D. They deviate from the accepted norms of society
C. they hold a position of trust
What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment? A. Risk management B. Risk analysis C. Threat analysis D. Due diligence
C. threat analysis
Which of the following teams should NOT be included in an organization's contingency plan? A. Damage assessment team B. Hardware salvage team C. Tiger team D. Legal affairs team
C. tiger team
When considering an IT System Development Life-cycle, security should be: A. Mostly considered during the initiation phase. B. Mostly considered during the development phase. C. Treated as an integral part of the overall system design. D. Added once the design is completed.
C. treated as an integral part of the overall system design
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following? A. encrypting messages B. signing messages C. verifying signed messages D. decrypt encrypted messages
C. verifying signed messages
Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy? A. Who is involved in establishing the security policy? B. Where is the organization's security policy defined? C. What are the actions that need to be performed in case of a disaster? D. Who is responsible for monitoring compliance to the organization's security policy?
C. what are the actions that need to be performed in case of a disaster
Which of the following can best define the "revocation request grace period"? A. The period of time allotted within which the user must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation request and the publication of the revocation information
D.
Which of the following does NOT use token-passing? A. ARCnet B. FDDI C. Token-ring D. IEEE 802.3
D.
Which of the following is NOT a correct notation for an IPv6 address? A. 2001:0db8:0:0:0:0:1428:57ab B. ABCD:EF01:2345:6789:ABCD:EF01:2345:6789 C. ::1 D. 2001:DB8::8:800::417A
D.
Which of the following is covered under Crime Insurance Policy Coverage? A. Inscribed, printed and Written documents B. Manuscripts C. Accounts Receivable D. Money and Securities
D.
Which of the following is the best reason for the use of an automated risk analysis tool? A. Much of the data gathered during the review cannot be reused for subsequent analysis. B. Automated methodologies require minimal training and knowledge of risk analysis. C. Most software tools have user interfaces that are easy to use and does not require any training. D. Information gathering would be minimized and expedited due to the amount of information already built into the tool.
D.
Which of the following rules is least likely to support the concept of least privilege? A. The number of administrative accounts should be kept to a minimum. B. Administrators should use regular accounts when performing routine operations like reading mail. C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible. D. Only data to and from critical systems and applications should be allowed through the firewall.
D.
Which of the following statements pertaining to disaster recovery is incorrect? A. A recovery team's primary task is to get the pre-defined critical business functions at the alternate backup processing site. B. A salvage team's task is to ensure that the primary site returns to normal processing conditions. C. The disaster recovery plan should include how the company will return from the alternate site to the primary site. D. When returning to the primary site, the most critical applications should be brought back first.
D.
Which of the following statements pertaining to the security kernel is incorrect? A. The security kernel is made up of mechanisms that fall under the TCB and implements and enforces the reference monitor concept. B. The security kernel must provide isolation for the processes carrying out the reference monitor concept and they must be tamperproof. C. The security kernel must be small enough to be able to be tested and verified in a complete and comprehensive manner. D. The security kernel is an access control concept, not an actual physical component
D.
You have been tasked to develop an effective information classification program. Which one of the following steps should be performed first? A. Establish procedures for periodically reviewing the classification and ownership B. Specify the security controls required for each classification level C. Identify the data custodian who will be responsible for maintaining the security level of data D. Specify the criteria that will determine how data is classified
D.
What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month? A. 100 B. 120 C. 1 D. 1200
D. 1200
How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE? A. 6 bits B. 12 bits C. 16 bits D. 24 bits
D. 24 bits
In the statement below, fill in the blank: Law enforcement agencies must get a warrant to search and seize an individual's property, as stated in the _____ Amendment. A. First. B. Second. C. Third. D. Fourth.
D. 4th
Which of the following IEEE standards defines the token ring media access method? A. 802.3 B. 802.11 C. 802.5 D. 802.2
D. 802.2
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature
D. A digital certificate
Which of the following are not Remote Access concerns? A. Justification for remote access B. Auditing of activities C. Regular review of access privileges D. Access badges
D. Access badges
A contingency plan should address: A. Potential risks. B. Residual risks. C. Identified risks. D. All answers are correct.
D. All answers are correct
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm
D. An auxiliary station alarm
What is a decrease in amplitude as a signal propagates along a transmission medium best known as? A. Crosstalk B. Noise C. Delay distortion D. Attenuation
D. Attenuation
Which of the following is not a security goal for remote access? A. Reliable authentication of users and systems B. Protection of confidential data C. Easy to manage access control to systems and network resources D. Automated login for remote users
D. Automated login for remote users
Making sure that the data is accessible when and where it is needed is which of the following? A. confidentiality B. integrity C. acceptability D. availability
D. Availability
Which of the following items would best help an organization to gain a common understanding of functions that are critical to its survival? A. A risk assessment B. A business assessment C. A disaster recovery plan D. A business impact analysis
D. BIA
What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A. Clark and Wilson Model B. Harrison-Ruzzo-Ullman Model C. Rivest and Shamir Model D. Bell-LaPadula Model
D. Bell-LaPadula Model
How can an individual/person best be identified or authenticated to prevent local masquerading attacks? A. UserId and password B. Smart card and PIN code C. Two-factor authentication D. Biometrics
D. Biometrics
Which TCSEC class specifies discretionary protection? A. B2 B. B1 C. C2 D. C1
D. C1
A variation of the application layer firewall is called a: A. Current Level Firewall. B. Cache Level Firewall. C. Session Level Firewall. D. Circuit Level Firewall.
D. Circuit level firewall
Which of the following computer recovery sites is the least expensive and the most difficult to test? A. non-mobile hot site B. mobile hot site C. warm site D. cold site
D. Cold site
A Security Kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy. To be secure, the kernel must meet three basic conditions, what are they? A. Confidentiality, Integrity, and Availability B. Policy, mechanism, and assurance C. Isolation, layering, and abstraction D. Completeness, Isolation, and Verifiability
D. Completeness, Isolation, and Verifiability
According to private sector data classification levels, how would salary levels and medical information be classified? A. Public. B. Internal Use Only. C. Restricted. D. Confidential.
D. Confidential
External consistency ensures that the data stored in the database is: A. inconsistent with the real world. B. remains consistent when sent from one system to another. C. consistent with the logical world. D. consistent with the real world
D. Consistent with the real world
Which of the following is NOT an asymmetric key algorithm? A. RSA B. Elliptic Curve Cryptosystem (ECC) C. El Gamal D. Data Encryption System (DES)
D. DES
Related to information security, availability is the opposite of which of the following? A. delegation B. distribution C. documentation D. destruction
D. Destruction
Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses? A. Digital Video Tape (DVT). B. Digital Analog Tape (DAT). C. Digital Voice Tape (DVT). D. Digital Audio Tape (DAT).
D. Digital Audio Tape (DAT)
At what stage of the applications development process should the security department become involved? A. Prior to the implementation B. Prior to systems testing C. During unit testing D. During requirements development
D. During requirements development
Which of the following groups represents the leading source of computer crime losses? A. Hackers B. Industrial saboteurs C. Foreign intelligence officers D. Employees
D. Employees
Which of the following transmission media would NOT be affected by cross talk or interference? A. Copper cable B. Radio System C. Satellite radiolink D. Fiber optic cables
D. Fiber optic cables
Which of the following is NOT a common category/classification of threat to an IT system? A. Human B. Natural C. Technological D. Hackers
D. Hackers
Which of the following protocols does not operate at the data link layer (layer 2)? A. PPP B. RARP C. L2F D. ICMP
D. ICMP
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)
D. IKE
The concept of best effort delivery is best associated with? A. TCP B. HTTP C. RSVP D. IP
D. IP
What is the Biba security model concerned with? A. Confidentiality B. Reliability C. Availability D. Integrity
D. Integrity
Which of the following questions is less likely to help in assessing identification and authentication controls? A. Is a current list maintained and approved of authorized users and their access? B. Are passwords changed at least every ninety days or earlier if needed? C. Are inactive user identifications disabled after a specified period of time? D. Is there a process for reporting incidents?
D. Is there a process for reporting incidents?
Which of the following is NOT true concerning Application Control? A. It limits end users use of applications in such a way that only particular screens are visible. B. Only specific records can be requested through the application controls C. Particular usage of the application can be recorded for audit purposes D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved
D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved
Which of the following is related to physical security and is not considered a technical control? A. Access control Mechanisms B. Intrusion Detection Systems C. Firewalls D. Locks
D. Locks
Which of the following access control models requires defining classification for objects? A. Role-based access control B. Discretionary access control C. Identity-based access control D. Mandatory access control
D. Mandatory access control
Which of the following statements pertaining to RADIUS is incorrect? A. A RADIUS server can act as a proxy server, forwarding client requests to other authentication domains. B. Most of RADIUS clients have a capability to query secondary RADIUS servers for redundancy. C. Most RADIUS servers have built-in database connectivity for billing and reporting purposes. D. Most RADIUS servers can work with DIAMETER servers.
D. Most RADIUS servers can work with DIAMETER servers
What does the (star) integrity axiom mean in the Biba model? A. No read up B. No write down C. No read down D. No write up
D. No write up
What security model implies a central authority that define rules and sometimes global rules, dictating what subjects can have access to what objects? A. Flow Model B. Discretionary access control C. Mandatory access control D. Non-discretionary access control
D. Non-discretionary access control
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY
D. OAKLEY
Which of the following is NOT a common integrity goal? A. Prevent unauthorized users from making modifications. B. Maintain internal and external consistency. C. Prevent authorized users from making improper modifications. D. Prevent paths that could lead to inappropriate disclosure
D. Prevent paths that could lead to inappropriate disclosure
Which of the following is not an example of a block cipher? A. Skipjack B. IDEA C. Blowfish D. RC4
D. RC4
Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement? A. hot site B. warm site C. cold site D. reciprocal agreement
D. Reciprocal agreement
Which of the following is the MOST important aspect relating to employee termination? A. The details of employee have been removed from active payroll files. B. Company property provided to the employee has been returned. C. User ID and passwords of the employee have been deleted. D. The appropriate company staff are notified about the termination
D. The appropriate company staff are notified about the termination
Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate? A. The project will be completed late. B. The project will exceed the cost estimates. C. The project will be incompatible with existing systems. D. The project will fail to meet business and user needs.
D. The project will fail to meet business and user needs
As a result of a risk assessment, your security manager has determined that your organization needs to implement an intrusion detection system that can detect unknown attacks and can watch for unusual traffic behavior, such as a new service appearing on the network. What type of intrusion detection system would you select? A. Protocol anomaly based B. Pattern matching C. Stateful matching D. Traffic anomaly-based
D. Traffic anomaly-based
What can a packet filtering firewall also be called? A. a scanning router B. a shielding router C. a sniffing router D. a screening router
D. a screening router
What can be defined as: It confirms that users' needs have been met by the supplied solution ? A. Accreditation B. Certification C. Assurance D. Acceptance
D. acceptance
Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards? A. Certification B. Declaration C. Audit D. Accreditation
D. accreditation
In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in? A. Recovery B. Containment C. Triage D. Analysis and tracking
D. analysis and tracking
Which expert system operating mode allows determining if a given hypothesis is valid? A. Blackboard B. Lateral chaining C. Forward chaining D. Backward chaining
D. backward chaining
Proxies work by transferring a copy of each accepted data packet from one network to another, thereby masking the: A. data's payload B. data's details C. data's owner D. data's origin
D. data's origin
Which of the following issues is not addressed by digital signatures? A. nonrepudiation B. authentication C. data integrity D. denial-of-service
D. denial-of-service
If an employee's computer has been used by a fraudulent employee to commit a crime, the hard disk may be seized as evidence and once the investigation is complete it would follow the normal steps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which of the following steps listed below? A. Acquisition collection and identification B. Analysis C. Storage, preservation, and transportation D. Destruction
D. destruction
A timely review of system access audit records would be an example of which of the basic security functions? A. avoidance B. deterrence C. prevention D. detection
D. detection
In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process? A. Using a write blocker B. Made a full-disk image C. Created a message digest for log files D. Displayed the contents of a folder
D. displayed the contents
Risk reduction in a system development life-cycle should be applied: A. Mostly to the initiation phase. B. Mostly to the development phase. C. Mostly to the disposal phase. D. Equally to all phases
D. equally to all phases
Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product? A. Estimating the cost of the changes requested B. Recreating and analyzing the problem C. Determining the interface that is presented to the user D. Establishing the priorities of requests
D. establishing the priorities of requests
Which of the following server contingency solutions offers the highest availability? A. System backups B. Electronic vaulting/remote journaling C. Redundant arrays of independent disks (RAID) D. Load balancing/disk replication
D. load balancing/disk replication
What algorithm was DES derived from? A. Twofish. B. Skipjack. C. Brooks-Aldeman. D. Lucifer.
D. lucifer
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. message non-repudiation. B. message confidentiality. C. message interleave checking. D. message integrity.
D. message integrity
Valuable paper insurance coverage does not cover damage to which of the following? A. Inscribed, printed and Written documents B. Manuscripts C. Records D. Money and Securities
D. money and securities
What is the most secure way to dispose of information on a CD-ROM? A. Sanitizing B. Physical damage C. Degaussing D. Physical destruction
D. physical destruction
Step-by-step instructions used to satisfy control requirements is called a: A. policy B. standard C. guideline D. procedure
D. procedure
Which of the following best defines add-on security? A. Physical security complementing logical security measures. B. Protection mechanisms implemented as an integral part of an information system. C. Layer security. D. Protection mechanisms implemented after an information system has become operational.
D. protection mechanisms implemented after an information system has become operational
Which of the following is not a responsibility of an information (data) owner? A. Determine what level of classification the information requires. B. Periodically review the classification assignments against business needs. C. Delegate the responsibility of data protection to data custodians. D. Running regular backups and periodically testing the validity of the backup data.
D. running regular backups and periodically testing the validity of the backup data
A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence? A. Direct evidence B. Circumstantial evidence C. Hearsay evidence D. Secondary evidence
D. secondary evidence
Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence? A. Implementation B. System feasibility C. Product design D. Software plans and requirements
D. software plans and requirements
Which disaster recovery plan test involves functional representatives meeting to review the plan in detail? A. Simulation test B. Checklist test C. Parallel test D. Structured walk-through test
D. structured walk-through test
Which of the following security models does NOT concern itself with the flow of data? A. The information flow model B. The Biba model C. The Bell-LaPadula model D. The noninterference model
D. the noninterference model
What is called an event or activity that has the potential to cause harm to the information systems or networks? A. Vulnerability B. Threat agent C. Weakness D. Threat
D. threat
Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes? A. Carrier sense multiple access with collision avoidance (CSMA/CA) B. Carrier sense multiple access with collision detection (CSMA/CD) C. Polling D. Token-passing
D. token-passing
Secure Shell (SSH-2) provides all the following services except: A. secure remote login B. command execution C. port forwarding D. user authentication
D. user authentication
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that: A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use. B. The channels through which the information flows are secure. C. The recipient's identity can be positively verified by the sender. D. The sender of the message is the only other person with access to the recipient's private key.
c