CISSP Cert Library Topic 12

Which of the following is a key principle in the evolution of computer crime laws in many countries? A. The definition of property was extended to include electronic information. B. Unauthorized acquisition of computer-based information without the intent to resell is not a crime. C. All members of the United Nations have agreed to uniformly define and prosecute computer crime. D. Existing laws against embezzlement, fraud, and wiretapping cannot be applied to computer crime.

Answer : A Explanation: * Answer "All members of the United Nations have agreed to uniformly define and prosecute computer crime" is incorrect because all nations do not agree on the definition of computer crime and corresponding punishments. * Answer "Existing laws against embezzlement, fraud, and wiretapping cannot be applied to computer crime" is incorrect because the existing laws can be applied against computer crime. * Answer "Unauthorized acquisition of computer-based information without the intent to resell is not a crime" is incorrect because in some countries, possession without intent to sell is considered a crime. NEXT QUESTION

A database management system (DBMS) is useful in situations where: A. Rapid development of applications is required and preprogrammed functions can be used to provide those applications along with other support features such as p p pp q p p g p pp g security, error recovery, and access control. B. The operations to be performed on the data are modified infrequently and the operations are relatively straightforward. C. Data are processed infrequently and results are not urgently needed. D. Large amounts of data are to be processed in time-critical situations. pp

Answer : A Explanation: A DBMS is called for when the required skilled programming resources are not available, information to be stored and accessed is common to many organizational business units, the processing requirements change frequently and timely responses are required for queries on the data. NEXT QUESTION

An expert system that has rules of the form If w is low and x is high then y is intermediate, where w and x are input variables and y is the output variable, is called a: A. Fuzzy expert system B. Realistic expert system C. Neural network D. Boolean expert system

Answer : A Explanation: A fuzzy expert system is an expert system that uses fuzzy membership functions and rules, instead of Boolean logic, to reason about data. Thus, fuzzy variables can have an approximate range of values instead of the binary True or False used in conventional expert systems. When it is desired to convert the fuzzy output to a single value, defuzzification is used. One approach to defuzzification is the CENTROID method. With this method, a value of the output variable is computed by finding the variable value of the center of gravity of the membership function for the fuzzy output value. Answers Neural network and Realistic expert system are distracters, and answer Boolean expert system is incorrect since it refers to Boolean values of one or zero. NEXT QUESTION

Which statement is true regarding the disbursement of funds during and after a disruptive event? A. Authorized, signed checks should be stored securely off-site for access by lower-level managers in the event senior-level or financial management is unable to disburse funds normally. B. In the event senior-level or financial management is unable to disburse funds normally, the company will need to file for bankruptcy. C. No one but the finance department should ever disburse funds during or after a disruptive event. D. Because access to funds is rarely an issue during a disaster, no special arrangements need to be made.

Answer : A NEXT QUESTION

Imprisonment is a possible sentence under: A. Neither civil nor criminal law B. Both civil and criminal law C. Civil (tort) law D. Criminal law

Answer : D Explanation: The correct answer is Criminal law. It is the only one of the choices where imprisonment is possible. NEXT QUESTION

In the Capability Maturity Model (CMM) for software, the definition describes the range of expected results that can be achieved by following a software process is that of: A. Software process capability B. Structured analysis/structured design (SA/SD) C. Software process maturity D. Software process performance

Answer : A Explanation: A software process is a set of activities, methods, and practices that are used to develop and maintain software and associated products. Software process capability is a means of predicting the outcome of the next software project conducted by an organization. * Answer software process performance, is the result achieved by following a software process. Thus, software capability is aimed at expected results while software performance is focused on results that have been achieved. *Software process maturity is the extent to which a software process is: Defined Managed Measured Controlled Effective Software process maturity, then, provides for the potential for growth in capability of an organization. An immature organization develops software in a crisis mode, usually exceeds budgets and time schedules, and software processes are developed in an ad hoc fashion during the project. In a mature organization, the software process is effectively communicated to staff, the required processes are documented and consistent, software quality is evaluated, and roles and responsibilities are understood for the project. Answer SA/SD is a distracter. NEXT QUESTION

Which choice below is NOT an element of BCP plan approval and implementation? A. Executing a disaster scenario and documenting the results B. Obtaining senior management approval of the results C. Creating an awareness of the plan D. Updating the plan regularly and as needed

Answer : A Explanation: Answer "Executing a disaster scenario and documenting the results" is a distracter, although it could be considered a loose description of disaster recovery plan testing. The other three choices are primary elements of BCP approval, implementation, and maintenance. NEXT QUESTION

Asystem that exhibits reasoning similar to that of humans knowledgeable in a particular field to solve a problem in that field is called: A. An expert system. B. A data warehouse. C. A neural network. D. A smart system.

Answer : A Explanation: Answer a smart system is a distracter. A data warehouse, is a repository of information from heterogeneous databases that is available to users for making queries. A neural network is a self-learning system that bases its operation on the model of the functioning of biological neurons. NEXT QUESTION

A client/server implementation approach in which any platform may act as a client or server or both is called: A. Peer-to-peer B. Simple file transfer C. Graphical User Interface (GUI) D. Application Programming Interface (API)

Answer : A Explanation: In answer Simple file transfer, a workstation or PC uses terminal emulation software and a client application program to receive data from a host machine. For answer API, an API defines how the client and server appear to each other and supports the exchange of information without either entity knowing the details of a particular resource that is accessed using the API. One example is the Generalized Security Application Programming Interface (GSAPI) that applications can use to access security services. Answer GUI, the GUI approach, is similar to the API implementation and employs a user interface such as SQL to access a server database. NEXT QUESTION

Which choice below BEST describes a threat as defined in the Operations Security domain? A. A potential incident that could cause harm B. A weakness in a system that could be exploited C. A company resource that could be lost due to an incident D. The minimization of loss associated with an incident

Answer : A Explanation: Incorrect answer: * "A weakness in a system that could be exploited" describes a vulnerability * "A company resource that could be lost due to an incident" describes an asset * "The minimization of loss associated with an incident" describes risk management. NEXT QUESTION

Which of the following languages is NOT an object-oriented language? A. Lisp p B. C++ C. Simula 67 D. Smalltalk

Answer : A Explanation: Lisp, for list processing, is a functional language that processes symbolic expressions rather than numbers. It is used in the artificial intelligence field. The languages cited in the other answers are object-oriented languages. NEXT QUESTION

Which choice below is the BEST description of a Protection Profile (PP), as defined by the Common Criteria (CC)? A. A reusable definition of product security requirements B. An intermediate combination of security requirement components C. A statement of security claims for a particular IT security product D. The IT product or system to be evaluated

Answer : A Explanation: The Common Criteria (CC) is used in two ways: As a standardized way to describe security requirements for IT products and systems As a sound technical basis for evaluating the security features of these products and systems The CC defines three useful constructs for building IT security requirements: the Protection Profile (PP), the Security Target (ST), and the PackagE. The PP is an implementation-independent statement of security needs for a set of IT security products. The PP contains a set of security requirements and is intended to be a reusable definition of product security requirements that are known to be useful and effectivE. APP gives consumers a means of referring to a specific set of security needs and communicating them to manufacturers and helps future product evaluation against those needs. Answer a defines the Security Target (ST). The ST is a statement of security claims for a particular IT security product or system. The ST parallels the structure of the PP, though it has additional elements that include product-specific detailed information. An ST is the basis for agreement among all parties as to what security the product or system offers, and therefore the basis for its security evaluation. *Answer "An intermediate combination of security requirement components" describes the PackagE. The Package is an intermediate combination of security requirements components. The package permits the expression of a set of p g g y q p p g p p either functional or assurance requirements that meet some particular need, expressed as a set of security objectives. *Answer "The IT product or system to be evaluated" describes the Target of Evaluation (TOE). The TOE is an IT product or system to be evaluated, the security characteristics of which are described in specific terms by a corresponding ST, or in more general terms by a PP. This evaluation consists of rigorous analysis and testing performed by an accredited, independent laboratory. The scope of a TOE evaluation is set by the Evaluation Assurance Level (EAL) and other requirements specified in the ST. Part of this process is an evaluation of the ST itself, to ensure that it is correct, complete, and internally consistent and can be used as the baseline for the TOE evaluation. Source: Common Criteria Project. NEXT QUESTION

Which book of the Rainbow series addresses the Trusted Network Interpretation (TNI)? A. Red Book B. Purple Book C. Orange Book g D. Green Book

Answer : A Explanation: The Red Book is one book of the Rainbow Series, a six-foot-tall stack of books on evaluating Trusted Computer Systems according to the National Security Agency. The term Rainbow Series comes from the fact that each book is a different color. The Trusted Network Interpretation (TNI) extends the evaluation classes of the Trusted Systems Evaluation Criteria (DOD 5200.28-STD) to trusted network systems and components. * the Orange Book, is the main book of the Rainbow Series and most of the other books elaborate on the information contained in this book. The Orange Book is the DoD Trusted Computer System Evaluation Criteria [DOD 5200.28]1. * the Green Book, is CSC-STD-002-85, the DoD Password Management Guidelines. * the Purple Book, is NCSC-TG-014, Guidelines for Formal Verification Systems. Source: NCSC-TG-005 Trusted Network Interpretation [Red Book] and DoD Trusted Computer System Evaluation Criteria [DOD 5200.28-Orange Book.] NEXT QUESTION

Which choice below is NOT a security goal of an audit mechanism? A. Review employee production output records B. Deter perpetrators attempts to bypass the system protection mechanisms C. Review patterns of access to individual objects D. Discover when a user assumes a functionality with privileges greater than his own

Answer : A Explanation: The audit mechanism of a computer system has five important security goals: 1. The audit mechanism must allow the review of patterns of access to individual objects, access histories of specific processes and individuals, and the use of the various protection mechanisms supported by the system and their effectiveness.2 2. Allow discovery of both users and outsiders repeated attempts to bypass the protection mechanisms. 3. Allow discovery of any use of privileges that may occur when a user assumes a functionality with privileges greater than his or her own, i.e., programmer to administrator. In this case, there may be no bypass of security controls, but nevertheless, a violation is made possible. 4. Act as a deterrent against perpetrators habitual attempts to bypass the system protection mechanisms. However, to act as a deterrent, the perpetrator must be aware of the audit mechanisms existence and its active use to detect any attempts to bypass system protection mechanisms. 5. Supply an additional form of user assurance that attempts to bypass the protection mechanisms that are recorded and discovered.3 Even if the attempt to bypass the protection mechanism is successful, the audit trail will still provide assurance by its ability to aid in assessing the damage done by the violation, thus improving the systems ability to control the damage. Source: NCSC-TG-001 AGuide to Understanding Audit in Trusted Systems [Tan Book], and Gligor, Virgil D., Guidelines for Trusted Facility Management and Audit, University of Maryland, 1985. NEXT QUESTION

Which choice below is NOT a common example of exercising due care or due diligence in security practices? A. Implementing employee casual Friday B. Implementing security awareness and training programs C. Implementing controls on printed documentation D. Implementing employee compliance statements p g p y p

Answer : A Explanation: The correct answer is "Implementing employee casual Friday". The concepts of due care and due diligence require that an organization engage in good security practices relative to industry standards. NEXT QUESTION

Which choice below would NOT be a good reason to test the disaster recovery plan? A. Testing allows processing to continue at the database shadowing facility. B. Testing prepares and trains the personnel to execute their emergency duties. C. Testing identifies deficiencies in the recovery procedures. D. Testing verifies the processing capability of the alternate backup site.

Answer : A Explanation: The correct answer is "Testing allows processing to continue at the database shadowing facility.". It is a distracter. The other three answers are good reasons to test the disaster recovery plan. NEXT QUESTION

Responsibility for handling computer crimes in the United States is assigned to: A. The Federal Bureau of Investigation (FBI) and the Secret Service. B. The Central Intelligence Agency (CIA). C. The National Security Agency (NSA). D. The FBI only.

Answer : A Explanation: The correct answer is "The Federal Bureau of Investigation (FBI) and the Secret Service", making the other answers incorrect. NEXT QUESTION

Which choice below is the BEST description of the criticality prioritization goal of the Business Impact Assessment (BIA) process? A. The identification and prioritization of every critical business unit process B. The estimation of the maximum down time the business can tolerate C. The presentation of the documentation of the results of the BIA D. The identification of the resource requirements of the critical business unit processes

Answer : A Explanation: The correct answer is "The identification and prioritization of every critical business unit process". The three primary goals of a BIA are criticality prioritization, maximum down time estimation, and identification of critical resource requirements. *Answer "The presentation of the documentation of the results of the BIA" is a distracter. NEXT QUESTION

The US Government Tempest program was established to thwart which one of the following types of attacks? A. Emanation Eavesdropping B. Denial of Service C. Software Piracy D. Dumpster Diving

Answer : A Explanation: The correct answer is Emanation Eavesdropping. The Tempest program required shielding and other emanation reducing safeguards to be employed on computers processing classified data. The other answers are types of attacks against computers, but are not the focus of the Tempest program. NEXT QUESTION

Which one of the following is NOT one of the maturity levels of the Software Capability Maturity Model (CMM)? A. Fundamental B. Managed C. Defined D. Repeatable

Answer : A Explanation: The correct answer is Fundamental, a distracter. The first level of the Software CMM is the Initiating level. At this level, processes are performed on an ad hoc basis. Answer the Repeatable level is the second maturity level in the model. In the third level, Defined, management practices are institutionalized and technical procedures are integrated into the organizational structurE. The Managed level has both product and processes quantitatively controlled. The fifth level of the Software CMM is the Optimized level, where continuous process improvement is institutionalized. NEXT QUESTION

Which entity of the US legal system makes common laws? A. Judicial branch B. Administrative agencies C. Executive branch D. Legislative branch

Answer : A Explanation: The correct answer is Judicial branch. The judicial decisions made in the courts generate common law. Answer a, administrative agencies, create administrative laws and the legislative branch, answer b, generates statutory laws. The executive branch, answer c, does not make laws. NEXT QUESTION

What is a data warehouse? A. A repository of information from heterogeneous databases B. A remote facility used for storing backup tapes C. A hot backup building D. A table in a relational database system

Answer : A Explanation: The correct answer is a repository of information from heterogeneous databases. Answers "A remote facility used for storing backup tapes" and "A hot backup building" describe physical facilities for backup and recovery of information systems, and answer "A table in a relational database system" describes a relation in a relational database. NEXT QUESTION

Which of the following is NOT one of the primary goals of a BIA? A. Downtime estimation B. Criticality prioritization C. Personnel safety D. Resource requirements

Answer : C Explanation: The correct answer is Personnel safety. Personnel safety is the primary priority of BCP and DRP, not BIA. NEXT QUESTION

The equation Z = f [wn in ], where Z is the output, wn are weighting functions, and in is a set of inputs describes: A. An artificial neural network (ANN) B. A knowledge-based system C. An expert system D. A knowledge acquisition system

Answer : A Explanation: The equation defines a single layer ANN as shown in Figure. Each input, in, is multiplied by a weight, wn , and these products are fed into a summation transfer function, , that generates an output, Z. Most neural networks have multiple layers of summation and weighting functions, whose interconnections can also be changed. There are a number of di erent learning paradigms for neural networks, including reinforcement learning and back propagation. In reinforcement learning a training set of inputs is provided to the ANN along with a measure of how close the network is coming to a solution. Then, the weights and connections are readjusted. In back propagation, information is fed back inside the neural network from the output and is used by the ANN to make weight and connection adjustments. *Answers An expert system and A knowledge-based system are distracters that describe systems that use knowledge-based rules of experts to solve problems using an inferencing mechanism. *A knowledge acquisition system refers to the means of identifying and acquiring the knowledge to be

In 1996, the World Intellectual Property Organization (WIPO) sponsored a treaty under which participating countries would standardize treatment of digital copyrights. One of the items of standardization was the prohibition of altering copyright management information (CMI) that is included with the copyrighted material. CMI is: A. Licensing and ownership information B. A listing of Public keys C. An encryption algorithm D. Product description information

Answer : A Explanation: The other answers are distracters. The WIPO digital copyright legislation that resulted in the US was the 1998 Digital Millennium Copyright Act (DMCA). In addition to addressing answer d, the DMCAprohibits trading, manufacturing, or selling in any way that is intended to bypass copyright protection mechanisms. It also addresses Internet Service Providers (ISPs) that unknowingly support the posting of copyrighted material by subscribers. If the ISP is notified that the material is copyrighted, the ISP must remove the material. Additionally, if the posting party proves that the removed material was of lawful use, the ISP must restore the material and notify the copyright owner within 14 business days. Two important rulings regarding the DMCA were made in 2001. The rulings involved DeCSS, which is a program that bypasses the Content Scrambling System (CSS) software used to prevent viewing of DVD movie disks on unlicensed platforms. In a trade secrecy case [DVD-CCA v. Banner], the California Appellate Court overturned a lower court ruling that an individual who posted DeCSS on the Internet had revealed the trade secret of CSS. The appeals court has reversed an injunction on the posting of DeCSS, stating that the code is speech-protected by the First pp j p g , g p p y Amendment. The second case [Universal City v. Reimerdes] was the first constitutional challenge to DMCA anti-circumvention rules. The case involved Eric Corley, the publisher of the hacker magazine 2600 MagazinE. Corley was covering the DeCSS situation and, as part of that coverage, posted DeCSS on his publications Web site. The trial and appellate courts both ruled that the posting violated the DMCA and was, therefore, illegal. This ruling upheld the DMCA. It appears that there will be more challenges to DMCA in the future. NEXT QUESTION

The SEI Software Capability Maturity Model is based on the premise that: A. The quality of a software product is a direct function of the quality of its associated software development and maintenance processes. B. The maturity of an organizations software processes cannot be measured. C. Software development is an art that cannot be measured by conventional means. D. Good software development is a function of the number of expert programmers in the organization.

Answer : A Explanation: The quality of a software product is a direct function of the quality of its associated software development and maintenance processes. *Answer "Good software development is a function of the number of expert programmers in the organization" is false because the SEI Software CMM relates the production of good software to having the proper processes in place in an organization and not to expert programs or heroes. *Answer "The maturity of an organizations software processes cannot be measured" is false because the Software CMM provides means to measure the maturity of an organizations software processes. *Answer " Software development is an art that cannot be measured by conventional means" is false because the Software CMM provides means to measure the maturity of an organizations software processes. NEXT QUESTION

Which statement below is NOT correct regarding the role of the recovery team during the disaster? A. The recovery team must be the same as the salvage team as they perform the same function. B. The recovery team is often separate from the salvage team as they perform different duties. C. The recovery team will need full access to all backup media. D. The recovery teams primary task is to get predefined critical business functions operating at the alternate processing site.

Answer : A Explanation: The recovery team performs different functions from the salvage team. The recovery teams primary mandate is to get critical processing re-established at an alternate site. The salvage teams primary mandate is to return the original processing site to normal processing environmental conditions. NEXT QUESTION

Which statement is accurate about trusted facility management? A. The TCB shall support separate operator and administrator functions for B2 systems and above. B. The role of a security administrator shall be identified and auditable in B2 systems and above. C. The TCB shall support separate operator and administrator functions for C2 systems and above. D. The role of a security administrator shall be identified and auditable in C2 systems and above.

Answer : A Explanation: Trusted Facility Management has two different requirements, one for B2 systems and another for B3 systems. The B2 requirements state: the TCB shall support separate operator and administrator functions. The B3 requirements are as follows: The functions performed in the role of a security administrator shall be identifieD. System administrative personnel shall only be able to perform security administrator functions after taking a distinct auditable action to assume the security administrator role on the system. Non-security functions that can be performed in the security administration role shall be limited strictly to those essential to y y p y y performing the security role effectively.6 Source: NCSC-TG-O15, Guide To Understanding Trusted Facility Management [Brown Book]. NEXT QUESTION

Which choice below would NOT be a common element of a transaction trail? A. Why the transaction was processed B. The date and time of the transaction C. Who processed the transaction D. At which terminal the transaction was processed

Answer : A Explanation: Why the transaction was processed is not initially a concern of the audit log, but we will investigate it later. The other three elements are all important information that the audit log of the transaction should record. NEXT QUESTION

What is the number one priority of disaster response? A. Protecting the hardware B. Protecting the software C. Transaction processing D. Personnel safety

Answer : D Explanation: The correct answer is Personnel safety. The number one function of all disaster response and recovery is the protection of the safety of people; all other concerns are vital to business continuity but are secondary to personnel safety. NEXT QUESTION

Which choices below are roles or responsibility of the person designated to manage the contingency planning process? Select three A. Providing direction to senior management B. Ensuring the identification of all critical business functions C. Integrating the planning process across business units D. Providing stress reduction programs to employees after an event

Answer : A,B,C Explanation: Contingency planners have many roles and responsibilities when planning business continuity, disaster recovery, emergency management, or business resumption processes. In addition to correct answers some of these roles and responsibilities can include: Ensuring executive management compliance with the contingency plan program Providing periodic management reports and status Coordinating and integrating the activation of emergency response organizations Answer "Providing stress reduction programs to employees after an event", providing stress reduction programs to employees after an event, is a responsibility of the human resources area. Source: Contingency Planning and Management, Contingency Planning 101, by Kelley Goggins, March 1999. NEXT QUESTION

Which of the following are alid legal issues associated with computer crime? Select three A. It may be difficult to prove criminal intent. B. It may be difficult to obtain a trail of evidence of activities performed on the computer. C. It may be difficult to show causation. D. Electronic Data Interchange (EDI) makes it easier to relate a crime to an individual.

Answer : A,B,C Explanation: EDI makes it more difficult to tie an individual to transactions since EDI involves computer-to-computer data interchanges and this makes it more difficult to trace the originator of some transactions. *Answer "It may be difficult to prove criminal intent" is a valid legal issue since it may be very difficult to prove criminal intent by a person perusing computer files and then causing damage to the files. The damage may have not been intentional. *Answer "It may be difficult to obtain a trail of evidence of activities performed on the computer" describes the situation of trying to track activities on a computer where the information is volatile and may have been destroyed. * In answer "It may be difficult to show causation", common law refers to causation of the criminal act. Causation is particularly difficult to show in instances where a virus or other malicious code erases itself after causing damage to vital information. NEXT QUESTION

Which of the following are computer investigation issues? S A. The time frame for investigation is compressed. B. An expert may be required to assist. C. The information is intangible. D. Evidence is easy to obtain.

Answer : A,B,C Explanation: In many instances, evidence is difficult to obtain in computer crime investigations. NEXT QUESTION

Which choices below are commonly accepted definitions for a disaster? Select three. A. A suddenly occurring event that has a long-term negative impact on social life B. An emergency that is beyond the normal response resources of the entity C. An occurrence or imminent threat to the entity of widespread or severe damage, injury, loss of life, or loss of property D. An occurrence that is outside the normal computing function

Answer : A,B,C Explanation: The disaster/emergency management and business continuity community consists of many different types of entities, such as governmental (federal, state, and local), nongovernmental (business and industry), and individuals. Each entity has its own focus and its own definition of a disaster. The correct answers are examples of these various definitions of disasters. A very common definition of a disaster is a suddenly occurring or unstoppable developing event that: Claims loss of life, suffering, loss of valuables, or damage to the environment. Overwhelms local resources or efforts. Has a long-term impact on social or natural life that is always negative in the beginning. Source: NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition. NEXT QUESTION

Which choices below are most accurate regarding the information needed to define the continuity strategy? Select all that apply. A. The strategy needs to define personnel roles in implementing continuity. B. Astrategy needs to be defined to preserve computing elements, such as hardware, software, and networking elements. C. The strategy needs to address facility use during a disruptive event. D. None of the other alternatives apply.

Answer : A,B,C NEXT QUESTION

Which one of the following are recommended practices regarding electronic monitoring of employees email? Select three. A. Inform all that e-mail is being monitored by means of a prominent log-in banner. B. Explain who is authorized to read monitored email. C. Provide individuals being monitored with a guarantee of email privacy. D. Apply monitoring in a consistent fashion.

Answer : A,B,D Explanation: No guarantee of e-mail privacy should be provided or implied by the employer. NEXT QUESTION

Which choices below are valid reasons for testing the g disaster recovery plan? Select three A. Testing verifies the accuracy of the recovery procedures. B. Testing identifies deficiencies within the recovery procedures. C. Testing provides the contingency planner with recent documentation. D. Testing prepares the personnel to properly execute their emergency duties.

Answer : A,B,D Explanation: The corre answers are all excellent reasons for testing a disaster recovery plan. Until a disaster recovery plan has been tested thoroughly, no plan can be considered complete. Since the functionality of the plan directly determines the ability of an organization to survive a business interrupting event, testing is the only way to have some degree of confidence that the plan will work. *Answer "Testing provides the contingency planner with recent documentation" is a distracter. Source: The International Handbook of Computer Security, by Jae K. Shim, Anique A. Qureshi, and Joel G. Siegel (The Glenlake Publishing Co. Ltd, 2000). NEXT QUESTION

Which choice below is NOT an element of proper media control? A. Accurately and promptly marking all data storage media B. Assuring the accuracy of the backup data C. The proper environmental storage of the media D. The safe and clean handling of the media

Answer : B Explanation: "Assuring the accuracy of the backup data" is an example of a software integrity control, although the other three elements of media control listed apply to the backup tapes themselves. NEXT QUESTION

Which choice below BEST describes the type of control that a firewall exerts on a network infrastructure? A. Detective control B. Preventative control C. Corrective control D. Application control

Answer : B Explanation: A firewall is primarily intended to prevent unauthorized access. NEXT QUESTION

Which of the following refers to a US Government program that reduces g p g or eliminates emanations from electronic equipment? A. ECHELON B. TEMPEST C. ECHO D. CLIPPER

Answer : B Explanation: Answer CLIPPER refers to the US government Escrowed Encryption Standard. Answer ECHELON refers to the large-scale monitoring of RF transmissions. Answer ECHO is a distracter. NEXT QUESTION

Which choice below is NOT a common element of user account administration? A. Establishing, issuing, and closing user accounts B. Authorizing the request for a users system account C. Tracking users and their respective access authorizations D. Periodically verifying the legitimacy of current accounts and access authorizations

Answer : B Explanation: For proper separation of duties, the function of user account establishment and maintenance should be separated from the function of initiating and authorizing the creation of the account. User account management focuses on identification, authentication, and access authorizations. This is augmented by the process of auditing and otherwise periodically verifying the legitimacy of current accounts and access authorizations. Also, there are considerations involved in the timely modification or removal of access and associated issues for employees who are reassigned, promoted, or terminated, or who retire. Source: National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special Publication 800-12. NEXT QUESTION

Which disaster recovery/emergency management plan testing type below is considered the most cost-effective and efficient way to identify areas of overlap in the plan before conducting more demanding training exercises? A. Evacuation drill B. Table-top exercise test C. Full-scale exercise D. Walk-through drill

Answer : B Explanation: In a table-top exercise, members of the emergency management group meet in a conference room setting to discuss their responsibilities and how they would react to emergency scenarios. Disaster recovery/emergency management plan testing scenarios have several levels, and can be called different things. The primary hierarchy of disaster/emergency testing plan types is shown below. Checklist review. Plan is distributed and reviewed by business units for its thoroughness and effectiveness. Table-top exercise or structured walk-through test. Members of the emergency management group meet in a conference room setting to discuss their responsibilities and how they would react to emergency scenarios by stepping through the plan. Walk-through drill or simulation test. The emergency management group and response teams actually perform their emergency response functions by walking through the test, without actually initiating recovery procedures. More thorough than the table-top exercise. Functional drills. Test specific functions such as medical response, emergency notifications, warning and communications procedures, and equipment, although not necessarily all at once. Also includes evacuation drills, where personnel walk the evacuation route to a designated area where procedures for accounting for the personnel are tested. Parallel test or full-scale exercise. A real-life emergency situation is simulated as closely as possible. Involves all of the participants that would be responding to the real emergency, including community and external organizations. The test may involve ceasing some real production processing. Source: Emergency Management Guide for Business and Industry, Federal Emergency Management Agency, August 1998 and Computer Security Basics, by Deborah Russell and G.T. Gangemi, Sr. (OReilly, 1992). NEXT QUESTION

In object-oriented programming, when all the methods of one class are passed on to a subclass, this is called: A. Delegation B. Inheritance C. Multiple Inheritance D. Forward chaining

Answer : B Explanation: In inheritance, all the methods of one class, called a superclass, are inherited by a subclass. Thus, all messages understood by the superclass are understood by the subclass. In other words, the subclass inherits the behavior of the superclass. *Answer Forward chaining is a distracter and describes data-driven reasoning used in expert systems. *Multiple inheritancedescribes the situation where a subclass inherits the behavior of multiple superclasses. *Answer delegation, is an alternative to inheritance in an object-oriented system. With delegation, if an object does not have a method to satisfy a request it has received, it can delegate the request to another object. NEXT QUESTION

Why are maintenance accounts a threat to operations controls? A. Maintenance might require physical access to the system by vendors or service providers. B. Maintenance accounts are commonly used by hackers to access network devices. C. Maintenance personnel could slip and fall and sue the organization. D. Maintenance account information could be compromised if printed reports are left out in the open.

Answer : B Explanation: Maintenance accounts are login accounts to systems resources, primarily networked devices. They often have the factory-set passwords that are frequently distributed through the hacker community. NEXT QUESTION

Which of the following items is NOT a component of a knowledgebased system (KBS)? A. Knowledge base B. Procedural code C. Interface between the user and the system D. Inference Engine

Answer : B Explanation: Procedural code in a procedural language implies sequential execution of instructions based on the von Neumann architecture of a CPU, Memory, and Input/Output device. Variables are part of the sets of instructions used to solve a particular problem and, thus, the data are not separate from the statements. Such languages have control statements such as goto, ifthenelse and so on. The program execution is iterative and corresponds to a sequence of state changes in a state machine. *Answer knowledge base, refers to the rules and facts of the particular problem domain. *The inference engine takes the inputs to the KBS and uses the knowledge base to infer new facts and to solve the problem. *Answer "Interface between the user and the system" refers to the interface between the user and the system through which the data are entered, displayed, and output. NEXT QUESTION

Which general TCSEC security class category describes that mandatory access policies be enforced in the TCB? Exhibit: A. A B. B C. C D. D

Answer : B Explanation: The Trusted Computer System Evaluation Criteria [Orange Book] defines major hierarchical classes of security by the letters D (least secure) through A (most secure): D. Minimal protection C. Discretionary protection (C1&C2) B. Mandatory protection (B1, B2, B3) A. Verified protection; formal methods (A1) Source: DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria. NEXT QUESTION

A refinement to the basic Waterfall Model that states that software should be developed in increments of functional capability is called: A. Functional development B. Incremental development C. Functional refinement D. Incremental refinement

Answer : B Explanation: The advantages of incremental development include the ease of testing increments of functional capability and the opportunity to incorporate user experience into a successively refined product. The other answers are distracters. NEXT QUESTION

Which choice below represents the most important first step in creating a business resumption plan? A. Analyzing the business impact B. Obtaining senior management support C. Performing a risk analysis D. Planning recovery strategies

Answer : B Explanation: The business resumption, or business continuity plan, must have total, highly visible senior management support. Senior management must agree on the scope of the project, delegate resources for the success of the project, and support the timeline and training efforts. Source: Contingency Planning and Management, Contingency Planning 101, by Kelley Goggins, March 1999. NEXT QUESTION

What is enticement? A. Encouraging the commission of a crime when there was initially no intent to commit a crime B. Luring the perpetrator to an attractive area or presenting the perpetrator with a lucrative target after the crime has already been initiated C. Assisting in the commission of a crime D. Encouraging the commission of one crime over another

Answer : B Explanation: The correct answer is "Luring the perpetrator to an attractive area or presenting the perpetrator with a lucrative target after the crime has already been initiated", the definition of enticement. *Answer "Encouraging the commission of a crime when there was initially no intent to commit a crime" is the definition of entrapment. The other answers are distracters. NEXT QUESTION

What is considered the major disadvantage to employing a hot site for disaster recovery? A. The site is immediately available for recovery. B. Maintaining the site is expensive. C. Annual testing is required to maintain the site. D. Exclusivity is assured for processing at the site.

Answer : B Explanation: The correct answer is the expense of maintaining the site. A hot site is commonly used for those extremely time-critical functions that the business must have up and running to continue operating, but the expense of duplicating and maintaining all of the hardware, software, and application elements is a serious resource drain to most organizations. NEXT QUESTION

The European Union (EU) has enacted a Conditional Access Directive (CAD) that addresses which of the following? A. Access to and use of copyrighted material B. Unauthorized access to Internet subscription sites and pay TV services C. Reverse engineering D. Use of copyrighted material by libraries

Answer : B Explanation: The focus of the CAD is on access to services as opposed to access to works. As of this writing, the EU is discussing a directive focusing on copyrights, but it has not been finalizeD. It is anticipated that this directive will be similar to the US DMCA(Question 7). The other answers are copyright issues that will be addressed by the EU Copyright Directive or by other related directives. NEXT QUESTION

Which choice below is NOT one of the four major aspects of configuration management? A. Configuration auditing B. Configuration product evaluation C. Configuration identification D. Configuration status accounting

Answer : B Explanation: The four major aspects of configuration management are: Configuration identification Configuration control Configuration status accounting Configuration auditing These aspects are described earlier in this chapter. Answer " Configuration product evaluation" is a distracter. Source: NCSC-TG-014-89, Guidelines for Formal Verification Systems [Purple Book]. NEXT QUESTION

Which term below BEST describes the concept of least privilege? A. Active monitoring of facility entry access points. B. Each user is granted the lowest clearance required for their tasks. C. A formal separation of command, program, and interface functions. D. A combination of classification and categories that represents the sensitivity of information.

Answer : B Explanation: The least privilege principle requires that each subject in a system be granted the most restrictive set of privileges (or lowest clearance) needed for the p p g p p q j y g p g ( ) performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use. Applying this principle may limit the damage resulting from accidents, errors, or unauthorized use of system resources. *Answer "A formal separation of command, program, and interface functions." describes separation of privilege, which is the separation of functions, namely between the commands, programs, and interfaces implementing those functions, such that malicious or erroneous code in one function is prevented from affecting the code or data of another function. *Answer "A combination of classification and categories that represents the sensitivity of information." is a security level. A security level is the combination of hierarchical classification and a set of non-hierarchical categories that represents the sensitivity of information. *Answer "Active monitoring of facility entry access points." is a distracter. Source: DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria. NEXT QUESTION

In developing an emergency or recovery plan, which choice below would NOT be considered a short-term objective? A. Minimum resources needed to accomplish the restoration B. The organizations strategic plan C. Priorities for restoration D. Acceptable downtime before restoration

Answer : B Explanation: The organizations strategic plan is considered a long-term goal. In developing plans, consideration should be given to both shortterm and long-term goals and objectives. Short-term goals can include: Vital personnel, systems, operations, and equipment Priorities for restoration and mitigation Acceptable downtime before restoration to a minimum level of operations Minimum resources needed to accomplish the restoration Long-term goals and objectives can include: The organizations strategic plan Management and coordination of activities Funding and fiscal management Management of volunteer, contractual, and entity resources Source: NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition. NEXT QUESTION

The Federal Intelligence Surveillance Act (FISA) of 1978, the Electronic Communications Privacy Act (ECPA) of 1986, and the Communications Assistance for Law Enforcement Act (CALEA) of 1994 are legislative acts passed by the United States Congress. These acts all address what major information security issue? A. Computer fraud B. Wiretapping C. Unlawful use of and access to government computers and networks D. Malicious code

Answer : B Explanation: These laws reflected different views concerning wiretapping as technology progresseD. The Federal Intelligence Surveillance Act (FISA) of 1978 limited wiretapping for national security purposes as a result of the record of the Nixon Administration in using illegal wiretaps. The Electronic Communications Privacy Act (ECPA) of 1986 prohibited eavesdropping or the interception of message contents without distinguishing between private or public systems. The Communications Assistance for Law Enforcement Act (CALEA) of 1994 required all communications carriers to make wiretaps possible in ways approved by the FBI. NEXT QUESTION

What key professional or professionals are required to develop an expert system? A. Domain expert and object designer B. Knowledge engineer and object designer C. Knowledge engineer and domain expert D. Domain expert

Answer : C Explanation: The knowledge engineer usually has a computer-related and expert system background, but does not have the knowledge of the specific discipline or domain being addressed by the expert system. For example, the expert system being developed may be a medical diagnostic system requiring input from diagnostic specialists and other types of physicians. These individuals are the domain experts. It is the job of the knowledge engineer to elicit the critical knowledge from the domain expert and incorporate it into the expert system knowledge base. The term object designer in the answers is a distracter. NEXT QUESTION

The definition the science and art of specifying, designing, implementing and evolving programs, documentation and operating procedures whereby computers can be made useful to man is that of: A. Functional programming B. Software engineering C. Structured analysis/structured design (SA/SD) D. An object-oriented system

Answer : B Explanation: This definition of software engineering is a combination of popular definitions of engineering and software. One definition of engineering is the p g g p p g g g g application of science and mathematics to the design and construction of artifacts which are useful to man. A definition of software is that it consists of the programs, documentation and operating procedures by which computers can be made useful to man. *Answer SA/SD deals with developing specifications that are abstractions of the problem to be solved and not tied to any specific programming languages. Thus, SA/SD, through data flow diagrams (DFDs), shows the main processing entities and the data flow between them without any connection to a specific programming language implementation. *An object-oriented system is a group of independent objects that can be requested to perform certain operations or exhibit specific behaviors. These objects cooperate to provide the systems required functionality. The objects have an identity and can be created as the program executes (dynamic lifetime). To provide the desired characteristics of object-oriented systems, the objects are encapsulated, i.e., they can only be accessed through messages sent to them to request performance of their defined operations. The object can be viewed as a black box whose internal details are hidden from outside observation and cannot normally be modifieD. Objects also exhibit the substitution property, which means that objects providing compatible operations can be substituted for each other. In summary, an object-oriented system contains objects that exhibit the following properties: Identity each object has a name that is used to designate that object. Encapsulation an object can only be accessed through messages to perform its defined operations. Substitution objects that perform compatible operations can be substituted for each other. Dynamic lifetimes objects can be created as the program executes. *Answer functional programming uses only mathematical functions to perform computations and solve problems. This approach is based on the assumption that any algorithm can be described as a mathematical function. Functional languages have the characteristics that: They support functions and allow them to be manipulated by being passed as arguments and stored in data structures. Functional abstraction is the only method of procedural abstraction. NEXT QUESTION

Which choice below is NOT an example of intentionally inappropriate operator activity? A. Using unauthorized access levels to violate information confidentiality B. Making errors when manually inputting transactions C. Using the companys system to store pornography D. Conducting private business on the company system

Answer : B Explanation: While "Making errors when manually inputting transactions" is most certainly an example of a threat to a systems integrity, it is considered unintentional loss, not an intentional activity. NEXT QUESTION

Liability of senior organizational officials relative to the protection of the organizations information systems is prosecutable under: A. Criminal law. B. Civil law. C. Financial law. D. International law.

Answer : B NEXT QUESTION

Which one of the following items are true concerning the Platform for Privacy Preferences (P3P) developed by the World Wide Web Consortium (W3C)? Select three. A. It does not provide the site privacy practices to users in machine-readable format. B. It allows Web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. C. It allows users to be informed of site practices in human-readable format. D. It automates decision-making based on the sites privacy practices when appropriate.

Answer : B C D }{ Answer : B,C,D Explanation: In addition to the capabilities in the correct answers, P3P does provide the site privacy practices to users in machine-readable format. NEXT QUESTION

Which choice below is considered the HIGHEST level of operator privilege? A. Read/Write B. Read Only C. Access Change D. Write Only

Answer : C Explanation: The correct answer is Access Change. The three common levels of operator privileges, based on the concept of least privilege, are: Read Only Lowest level, view data only Read/Write View and modify data Access Change Highest level, right to change data/operator permissions Answer d is a distracter. NEXT QUESTION

Which choice below refers to a business asset? A. Protection devices or procedures in place that reduce the effects of threats B. Events or situations that could cause a financial or operational impact to the organization C. Competitive advantage, credibility, or good will D. Personnel compensation and retirement programs

Answer : C }{ Answer : C Explanation: Assets are considered the physical and financial assets that are owned by the company. Examples of business assets that could be lost or damaged during a disaster are: Revenues lost during the incident On-going recovery costs Fines and penalties incurred by the event. Competitive advantage, credibility, or good will damaged by the incident *Answer "Events or situations that could cause a financial or operational impact to the organization" is a definition for a threat. *Answer "Protection devices or procedures in place that reduce the effects of threats" is a description of mitigating factors that reduce the effect of a threat, such as a UPS, sprinkler systems, or generators. *Answer "Personnel compensation and retirement programs" is a distracter. Source: Contingency Planning and Management, Contingency Planning 101 by Kelley Goggins, March, 1999. NEXT QUESTION

Information Warfare is: A. Developing weapons systems based on artificial intelligence technology. B. Signal intelligence. C. Attacking the information infrastructure of a nation to gain military and/or economic advantages. D. Generating and disseminating propaganda material.

Answer : C Explanation: * Answer "Developing weapons systems based on artificial intelligence technology" is a distracter and has to do with weapon systems development. * Answer "Generating and disseminating propaganda material" is not applicable. Answer "Signal intelligence" is the conventional acquisition of information from radio signals. NEXT QUESTION

Which one of the following conditions must be met if legal electronic monitoring of employees is conducted by an organization? A. Employees must be unaware of the monitoring activity. B. All employees must agree with the monitoring policy. C. The organization must have a policy stating that all employees are regularly notified that monitoring is being conducted. D. Results of the monitoring cannot be used against the employee.

Answer : C Explanation: * Answer "Employees must be unaware of the monitoring activity" is incorrect because employees must be made aware of the monitoring if it is to be legal * answer "All employees must agree with the monitoring policy" is incorrect because employees do not have to agree with the policy * answer "Results of the monitoring cannot be used against the employee" is incorrect because the results of monitoring might be used against the employee if the corporate policy is violated. NEXT QUESTION

Which type of backup subscription service will allow a business to recover quickest? A. A mobile or rolling backup service B. A warm site C. A cold site D. A hot site

Answer : D Explanation: The correct answer is "A hot sit". Warm and cold sites require more work after the event occurs to get them to full operating functionality. A mobile backup site might be useful for specific types of minor outages, but a hot site is still the main choice of backup processing site. NEXT QUESTION

What does the prudent man rule require? A. Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur B. Senior officials to post performance bonds for their actions C. Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances D. Senior officials to follow specified government standards

Answer : C Explanation: *Answer "Senior officials to post performance bonds for their actions" is a distracter and is not part of the prudent man rule. * Answer "Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur" is incorrect because it is not possible to guarantee that breaches of security can never occur. * Answer "Senior officials to follow specified government standards" is incorrect because the prudent man rule does not refer to a specific government standard but relates to what other prudent persons would do. NEXT QUESTION

Because the development of new technology usually outpaces the law, law enforcement uses which traditional laws to prosecute computer criminals? A. Conspiracy and elimination of competition B. Immigration C. Embezzlement, fraud, and wiretapping D. Malicious mischief

Answer : C Explanation: *Answer Malicious mischief is not a law *answer Immigration is not applicable because it applies to obtaining visas and so on *answer Conspiracy and elimination of competition is not correct because the crimes in answer "Embezzlement, fraud, and wiretapping" are more commonly used to prosecute computer crimes. NEXT QUESTION

Which of the following would best describe a cold backup site? A. A computer facility available with electrical power and HVAC and some file/print servers, although the applications are not installed or configured and all of the needed workstations may not be on site or ready to begin processing B. A computer facility with no electrical power or HVAC C. A computer facility with electrical power and HVAC but with no workstations or servers on-site prior to the event and no applications installed D. A computer facility with electrical power and HVAC, all needed applications installed and configured on the file/print servers, and enough workstations present to p begin processing y p , pp g p , g p

Answer : C Explanation: A computer facility with electrical power and HVAC, with workstations and servers available to be brought on-site when the event begins and no applications installed, is a cold site. * Answer "A computer facility with electrical power and HVAC, all needed applications installed and configured on the file/print servers, and enough workstations present to begin processing" is a hot site *answer "A computer facility available with electrical power and HVAC and some file/print servers, although the applications are not installed or configured and all of the needed workstations may not be on site or ready to begin processing" is a warm site. *Answer "A computer facility with no electrical power or HVAC" is just an empty room. NEXT QUESTION

Which choice below is NOT considered a potential hazard resulting from natural events? A. Forest fire B. Urban fire C. Arson D. Earthquake/land shift

Answer : C Explanation: According to the NFPA, arson is an example of a potential hazard caused by a human event. Fires, in themselves, are considered natural events, like forest fires, range fires, urban or city fires, unless arson is thought to be the source of the blazE. Of the three categories of potential hazards (natural, technological, and human), human events could include: General strikes Terrorism Sabotage Mass hysteria Civil unrest Source: NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition. NEXT QUESTION

Which choice below does NOT accurately describe a task of the Configuration Control Board? A. The CCB assures that the changes made are approved, tested, documented, and implemented correctly. B. The CCB should meet periodically to discuss configuration status accounting reports. C. The CCB is responsible for documenting the status of configuration control activities. D. The CCB is responsible for assuring that changes made do not jeopardize the soundness of the verification system.

Answer : C Explanation: All analytical and design tasks are conducted under the direction of the vendors corporate entity called the Configuration Control Board (CCB). The CCB is headed by a chairperson who is responsible for assuring that changes made do not jeopardize the soundness of the verification system and assures that the changes made are approved, tested, documented, and implemented correctly. The members of the CCB should interact periodically, either through formal meetings or other available means, to discuss configuration management topics such as proposed changes, configuration status accounting reports, and other topics that may be of interest to the different areas of the system development. These interactions should be held to keep the entire system team updated on all advancements or alterations in the verification system. Answer b describes configuration accounting. Configuration accounting documents the status of configuration control activities and, in general, provides the information needed to manage a configuration effectively. The configuration accounting reports are reviewed by the CCB. Source: NCSC-TG-014-89, Guidelines for Formal Verification Systems. NEXT QUESTION

Which task below would normally be considered a BCP task, rather than a DRP task? A. Recovery procedures B. Life safety processes C. Project scoping D. Restoration procedures

Answer : C Explanation: Although many processes in making business continuity plans are similar to processes in creating disaster recovery plans, several differences exist. p g yp g yp p g yp , Business continuity planning processes that are unique to BCP could include: Project scoping and assigning roles Creating business impact and vulnerability assessments Choosing alternate processing sites whereas unique disaster recovery/emergency management processes could include: Implementing relocation procedures to the alternate site Plan testing and training Recovering data Salvaging damaged equipment Source: CISSP Examination Textbooks, Volume One: Theory, by S. Rao Vallabhaneni, SRV Professional Publications first edition 2000 and Handbook of Information Security Management, by Micki Krause and Harold F. Tipton, Auerback, 1999 edition. NEXT QUESTION

In the modified Waterfall Model: A. Product verification and validation are not included. B. The model was reinterpreted to have phases begin at project milestones. C. The model was reinterpreted to have phases end at project milestones. D. Unlimited backward iteration is permitted.

Answer : C Explanation: The modified Waterfall model was reinterpreted to have phases end at project milestones. Answer "Unlimited backward iteration is permitted" is false p p p p j p because unlimited backward iteration is not permitted in the modified Waterfall model. Answer "The model was reinterpreted to have phases begin at project milestones" is a distracter. Answer "Product verification and validation are not included" is false because verification and validation are included. NEXT QUESTION

( p ) Another type of artificial intelligence technology involves genetic algorithms. Genetic algorithms are part of the general class known as: A. Suboptimal computing B. Biological computing C. Evolutionary computing D. Neural networks

Answer : C Explanation: Evolutionary computing uses the Darwinian principles of survival of the fittest, mutation, and the adaptation of successive generations of populations to their environment. The genetic algorithm implements this process through iteration of generations of a constant-size population of items or individuals. Each individual is characterized by a finite string of symbols called genomes. The genomes are used to represent possible solutions to a problem in a fixed search space. For example, if the fixed population of the first generation of individuals consists of random binary numbers, and the problem is to find the minimum binary number that can be represented by an individual, each binary number is assigned a fitness value based on the individuals binary number value. The smaller the binary number represented by a parent individual, the higher level of fitness that is assigned to it. Through cross breeding among the numbers (known as crossover), mutations of the numbers, and pairing of numbers with high fitness ratings, the smallest value that can be represented by the number of bits in the binary number will emerge in later generations. *Answer neural networks, is incorrect and has been discussed extensively in previous questions in this chapter. *Answer Suboptimal computing is a distracter and answer biological computing, refers to computation performed by using certain characteristics of living organisms. NEXT QUESTION

In an object-oriented system, polymorphism denotes: A. Objects of many different classes that are unrelated but respond to some common set of operations in the same way. B. Objects of many different classes that are related by some common superclass; thus, all objects denoted by this name can respond to some common set of operations in identical fashion. C. Objects of many different classes that are related by some common superclass; thus, any object denoted by this name can respond to some common set of operations in a different way. D. Objects of the same class; thus, any object denoted by this name can respond to some common set of operations in the same way.

Answer : C Explanation: Objects of many different classes that are related by some common superclass that are able to respond to some common set of operations in a different way. The other answers are incorrect by the definition of polymorphism. NEXT QUESTION

Which statement below is the BEST example of separation of duties? A. Getting users to divulge their passwords. B. An activity that checks on the system, its users, or the environment. C. One person initiates a request for a payment and another authorizes that same payment. D. A data entry clerk may not have access to run database analysis reports. A C

Answer : C Explanation: Separation of duties refers to dividing roles and responsibilities so that a single individual cannot subvert a critical process. In financial systems, no single individual should normally be given the authority to issue checks. Checks and balances need to be designed into both the process as well as the specific, individual positions of personnel who will implement the process. *Answer "An activity that checks on the system, its users, or the environment" describes system monitoring. *Answer "Getting users to divulge their passwords" is social engineering, a method of subverting system controls by getting users or administrators to divulge information about systems, including their passwords. *Answer "A data entry clerk may not have access to run database analysis reports" describes least privilege. Least privilege refers to the security objective of granting users only those accesses they need to perform their official duties. Least privilege does not mean that all users will have extremely little functional access; some employees will have significant access if it is required for their position. It is important to make certain that the implementation of least privilege does not interfere with the ability to have personnel substitute for each other without undue delay. Without careful planning, access control can interfere with contingency plans. Source: National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special Publication 800-12. NEXT QUESTION

Inappropriate computer activities could be described as: A. Data scavenging through the resources available to normal system users. B. Theft of information or trade secrets for profit or unauthorized disclosure. C. Computer behavior that might be grounds for a job action or dismissal. D. Loss incurred unintentionally though the lack of operator training.

Answer : C Explanation: The correct answer is "Computer behavior that might be grounds for a job action or dismissal". While all of the activities described are considered in the broad category of inappropriate activities, this description is used to define a narrower category of inappropriate activities. Answer "Loss incurred unintentionally though the lack of operator training." is defined as accidental loss. Answer "Theft of information or trade secrets for profit or unauthorized disclosure." is considered intentionally illegal computer activity. Answer "Data scavenging through the resources available to normal system users."is a keyboard attack, a type of data scavenging attack using common tools or utilities available to the user. NEXT QUESTION

Which choice below is NOT an example of a software control? A. Routinely testing the backup data for accuracy B. Implementing a formal application upgrade process C. Controlling diagnostic ports on networked equipment D. Employing anti-virus management and tools

Answer : C Explanation: The correct answer is "Controlling diagnostic ports on networked equipment". This is an example of a hardware control. The other three are examples of p software controls. g g p q p p p NEXT QUESTION

If C represents the cost of instituting safeguards in an information system and L is the estimated loss resulting from exploitation of the corresponding vulnerability, a legal liability exists if the safeguards are not implemented when: A. C/L = a constant B. C>L C. C<L D. C = 2L

Answer : C Explanation: The correct answer is C<L. If the cost to implement the safeguards is less than the estimated loss that would occur if the corresponding vulnerability were successfully exploited, then a legal liability exists. The other answers are distracters. NEXT QUESTION

entered into the knowledge base of an expert system. In general, computer-based evidence is considered: A. Secondary. NEXT QUESTION B. Conclusive. C. Hearsay. D. Circumstantial.

Answer : C Explanation: The correct answer is Hearsay. Answer Conclusive refers to incontrovertible evidence; answer Circumstantial refers to inference from other, intermediate facts; and answer Secondary refers to a copy of evidence or oral description of its content. NEXT QUESTION

Which statement is true regarding company/employee relations during and after a disaster? A. Senior-level executives are the only employees who should receive continuing salaries during the disruptive event. B. The organizations responsibility to the employees families ends when the disaster stops the business from functioning. g p y p y p g C. The organization has a responsibility to continue salaries or other funding to the employees and/or families affected by the disaster. D. Employees should seek any means of obtaining compensation after a disaster, including fraudulent ones.

Answer : C Explanation: The organization has an inherent responsibility to its employees and their families during and after a disaster or other disruptive event. The company must be insured to the extent it can properly compensate its employees and families. Alternatively, employees do not have the right to obtain compensatory damages fraudulently if the organization cannot compensate. NEXT QUESTION

The security term that is concerned with the same primary key existing at different classification levels in the same database is: A. Polymorphism. B. Inheritance. C. Polyinstantiation. D. Normalization.

Answer : C Explanation: The security term that is concerned with the same primary key existing at different classification levels in the same database is polyinstantiation. Answer Polymorphism is incorrect because polymorphism is defined as objects of many different classes that are related by some common superclass; thus, any object denoted by this name is able to respond to some common set of operations in a different way. Answer Normalization is incorrect because normalization refers to removing redundant or incorrect data from a database. Answer Inheritance is incorrect because inheritance refers to methods from a class inherited by another subclass. NEXT QUESTION

Which of the following is NOT a European Union (EU) principle? A. Data should be collected in accordance with the law. B. Information collected about an individual cannot be disclosed to other organizations or individuals unless authorized by law or by consent of the individual. C. Transmission of personal information to locations where equivalent personal data protection cannot be assured is permissible. D. Data should be used only for the purposes for which it was collected and should be used only for reasonable period of time.

Answer : C Explanation: The transmission of data to locations where equivalent personal data protection cannot be assured is NOT permissible. The other answers are EU principles. NEXT QUESTION

What is the difference between a parallel disaster recovery plan test and a full interruption disaster recovery plan test? A. There is no difference; both terms mean the same thing. B. Functional business unit representatives meet to review the plan to ensure it accurately reflects the organizations recovery strategy. C. While a parallel test tests the processing functionality of the alternate site, the full-interruption test actually replicates a disaster by halting production. D. While a full-interruption test tests the processing functionality of the alternate site, the parallel test actually replicates a disaster by halting production.

Answer : C Explanation: parallel test tests the processing functionality of the alternate site, whereas the full-interruption test actually replicates a disaster by halting production. *Answer "Functional business unit representatives meet to review the plan to ensure it accurately reflects the organizations recovery strategy" is the definition of a checklist test type. NEXT QUESTION

A pen register is a: A. Device that records the caller-ID of incoming calls B. Device that records the URLs accessed by an individual C. Device that identifies the cell in which a mobile phone is operating D. Device that records all the numbers dialed from a specific telephone line

Answer : D Explanation: (Electronic Privacy Information Center, Approvals for Federal Pen Registers and Trap and Trace Devices 1987-1998, www.epic. org). Gathering p ( y , pp g p , p g) g information as to which numbers are dialed from a specific telephone line is less costly and time-consuming than installing a wiretap and recording the information. * There is also equipment that can record the information listed in answers "Device that identifies the cell in which a mobile phone is operating" and "Device that records the URLs accessed by an individual". * The device referred to in answer "Device that records the caller-ID of incoming calls" is called a trap-and-trace device. All of the answers in this question are a subset of the category of traffic analysis wherein patterns and frequency associated with communications are studied instead of the content of the communications. NEXT QUESTION

A standard that uses the Object Request Broker (ORB) to implement exchanges among objects in a heterogeneous, distributed environment is called: A. An Interface Definition Language (IDL) B. Open Architecture C. The Object Management Group (OMG) Object Model D. A Common Object Request Broker Architecture (CORBA)

Answer : D Explanation: * the OMG Object Model provides standard means for describing the externally visible characteristics of objects. *Answer Open Architecture is a distracter. *IDL is a standard interface language that is used by clients to request services from objects. NEXT QUESTION

Which choice below most accurately describes a business continuity program? A. A standard that allows for rapid recovery during system interruption and data loss B. A determination of the effects of a disaster on human, physical, economic, and natural resources C. A program that implements the mission, vision, and strategic goals of the organization D. Ongoing process to ensure that the necessary steps are taken to identify the impact of potential losses and maintain viable recovery

Answer : D Explanation: A business continuity program is an ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and recovery plans, and ensure continuity of services through personnel training, plan testing, and maintenance. Answer "A program that implements the mission, vision, and strategic goals of the organization" describes a disaster/emergency management program. A disaster/ emergency management program, like a disaster recovery program, is a program that implements the mission, vision, and strategic goals and objectives as well as the management framework of the program and organization. *Answer "A determination of the effects of a disaster on human, physical, economic, and natural resources" describes a damage assessment. A damage assessment is an appraisal or determination of the effects of a disaster on human, physical, economic, and natural resources. *Answer "A standard that allows for rapid recovery during system interruption and data loss" is a distracter. Source: NFPA1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition. NEXT QUESTION

Which statement below is accurate about Evaluation Assurance Levels (EALs) in the Common Criteria (CC)? A. A security level equal to the security level of the objects to which the subject has both read and write access B. Requirements that specify the security behavior of an IT product or system C. A statement of intent to counter specified threats D. Predefined packages of assurance components that make up security confidence rating scale

Answer : D Explanation: An Evaluation Assurance Level (EAL) is one of seven increasingly rigorous packages of assurance requirements from CC Part 3. Each numbered package represents a point on the CCs predefined assurance scalE. An EAL can be considered a level of confidence in the security functions of an IT product or system. The EALs have been developed with the goal of preserving the concepts of assurance drawn from the source criteria, such as the Trusted Computer System Evaluation Criteria (TCSEC), Information Technology Security Evaluation Criteria (ITSEC), or Canadian Trusted Computer Evaluation Criteria (CTCPEC), so that results of previous evaluations remain relevant. EAL levels 27 are generally equivalent to the assurance portions of the TCSEC C2-A1 scale, although exact TCSEC mappings do not exist. *Answer "A security level equal to the security level of the objects to which the subject has both read and write access" is the definition of Subject Security Level. Asubjects security level is equal to the security level of the objects to which it has both read and write access. A subjects security level must always be dominated by the clearance of the user with which the subject is associated. * Answer "A statement of intent to counter specified threats" describes a Security Objective, which is a statement of intent to counter specified threats and/or satisfy specified organizational security policies and assumptions. *Answer "Requirements that specify the security behavior of an IT product or system" describes Security Functional Requirements. These are requirements, preferably from CC Part 2, that when taken together specify the security behavior of an IT product or system. Source: CC Project and DoD 5200.28-STD. NEXT QUESTION

Cyclic redundancy checks, structured walkthroughs, and hash totals are examples of what type of application controls? A. Corrective consistency controls B. Preventive security controls C. Preventive consistency controls D. Detective accuracy controls

Answer : D Explanation: Cyclic redundancy checks, structured walkthroughs, and hash totals are examples of detective accuracy controls. The other answers do not apply by the definition of the types of controls. NEXT QUESTION

In an object-oriented system, the situation wherein objects with a common name respond differently to a common set of operations is called: A. Polyinstantiation. B. Delegation. C. Polyresponse. D. Polymorphism.

Answer : D Explanation: Delegation is the forwarding of a request by one object to another object. Answer Polyresponse is a distracter. Polyinstantiationis the development of a detailed version of an object from another object. The new object uses values that are different from those in the original object. NEXT QUESTION

Which of the following is NOT true regarding software unit testing? A. The test data is part of the specifications. B. Testing should check for out-of-range values and other bounds conditions. C. Correct test output results should be developed and known beforehand. D. Live or actual field data is recommended for use in the testing procedures.

Answer : D Explanation: Live or actual field data are NOT recommended for use in testing because they do not thoroughly test all normal and abnormal situations and the test results are not known beforehand. The other answers are true of testing. NEXT QUESTION

Which statement below is accurate about the concept of Object Reuse? A. Object reuse protects against physical attacks on the storage medium. B. Object reuse applies to removable media only. C. Object reuse controls the granting of access rights to objects. D. Object reuse ensures that users do not obtain residual information from system resources.

Answer : D Explanation: Object reuse mechanisms ensure system resources are allocated and reassigned among authorized users in a way that prevents the leak of sensitive information, and ensure that the authorized user of the system does not obtain residual information from system resources. Object reuse is defined as The reassignment to some subject of a storage medium (e.g., page frame, disk sector, magnetic tape) that contained one or more objects. To be securely reassigned, no residual data can be available to the new subject through standard system mechanisms.7 The object reuse requirement of the TCSEC is intended to assure that system resources, in particular storage media, are allocated and reassigned among system users in a manner which prevents the disclosure of sensitive information. Answer a is incorrect. Object reuse does not necessarily protect against physical attacks on the storage medium. Answer c is also incorrect, as object reuse applies to all primary and secondary storage media, such as removable media, fixed media, real and virtual main memory (including registers), and cache memory. Answer d refers to authorization, the granting of access rights to a user, program, or process. Source: NCSC-TG-018, A Guide To Understanding Object Reuse in Trusted Systems [Light Blue Book]. NEXT QUESTION

What is searching for data correlations in the data warehouse called? A. Configuration management B. Data warehousing C. A data dictionary D. Data mining

Answer : D Explanation: Searching for data correlations in the data warehouse is called data mining. Answer Data warehousing is incorrect because data warehousing is creating a repository of information from heterogeneous databases that is available to users for making queries. Answer A data dictionary is incorrect because a data dictionary is a database for system developers. Answer Configuration management is incorrect because configuration management is the discipline of identifying the components of a continually evolving system for the purposes of controlling changes to those components and maintaining integrity and traceability throughout the life cycle. NEXT QUESTION

The basic version of the Construction Cost Model (COCOMO), which proposes quantitative, life-cycle relationships, performs what function? A. Estimates software development effort and cost as a function of the size of the software product in source instructions modified by manpower buildup and productivity factors B. Estimates software development effort and cost as a function of the size of the software product in source instructions modified by hardware and input functions C. Estimates software development effort based on user function categories D. Estimates software development effort and cost as a function of the size of the software product in source instructions

Answer : D Explanation: The Basic COCOMO Model (B.W. Boehm, Software Engineering Economics, Prentice-Hall, Englewood Cliffs, New Jersey, 1981) proposes the following equations: The number of man-months (MM) required to develop the most common type of software product, in terms of the number of thousands of delivered source instructions (KDSI) in the software product MM = 2.4 (KDSI)1.05 The development schedule (TDEV) in months TDEV = 2.5(MM)0.38 In addition, Boehm has developed an intermediate COCOMO Model that also takes into account hardware constraints, personnel quality, use of modern tools, and other attributes and their aggregate impact on overall project costs. A detailed COCOMO Model, by Boehm, accounts for the effects of the additional factors used in the intermediate model on the costs of individual project phases. NEXT QUESTION

What principle requires corporate officers to institute appropriate protections regarding the corporate intellectual property? A. Least privilege B. Need-to-know C. Separation of duties D. Due care

Answer : D Explanation: The correct answer is Separation of duties. The Federal Sentencing Guidelines state, The officers must exercise due care or reasonable care to carry out their responsibilities to the organization. The other answers are information security principles but are distracters in this instance. NEXT QUESTION

Discovery, recording, collection, and preservation are part of what process related to the gathering of evidence? A. The chain of evidence B. Admissibility of evidence C. Relevance of evidence D. The evidence life cycle

Answer : D Explanation: The correct answer is The evidence life cycle. The evidence life cycle covers the evidence gathering and application process. * Answer "Admissibility of evidence" refers to certain requirements that evidence must meet to be admissible in court. * Answer "The chain of evidence" the chain of evidence, is comprised of steps that must be followed to protect the evidence. * Relevance of evidence is one of the requirements of evidence admissibility. NEXT QUESTION

What does normalizing data in a data warehouse mean? A. Data is restricted to a range of values. B. Numerical data is divided by a common factor. C. Data is converted to a symbolic representation. D. Redundant data is removed.

Answer : D Explanation: The correct answer is removing redundant data. NEXT QUESTION

The main differences between a software process assessment and a software capability evaluation are: A. Software process assessments and software capability evaluations are essentially identical, and there are no major differences between the two. B. Software capability evaluations determine the state of an organizations current software process and are used to gain support from within the organization for a p y g p g pp g software process improvement program; software process assessments are used to identify contractors who are qualified to develop software or to monitor the state of the software process in a current software project. C. Software process assessments are used to develop a risk profile for source selection; software capability evaluations are used to develop an action plan for continuous process improvement. D. Software process assessments determine the state of an organizations current software process and are used to gain support from within the organization for a software process improvement program; software capability evaluations are used to identify contractors who are qualified to develop software or to monitor the state of the software process in a current software project.

Answer : D Explanation: The other answers are distracters. If, in answer "Software process assessments are used..." the terms software process assessments and software capability evaluations were interchanged, that result would also be correct. It would then read, Software capability evaluations are used to develop a risk profile for source selection; software process assessments are used to develop an action plan for continuous process improvement. NEXT QUESTION

Which statement below is the most accurate about the results of the disaster recovery plan test? yp A. The plan should not be changed no matter what the results of the test. B. If no deficiencies were found during the test, then the plan is probably perfect. C. The results of the test should be kept secret. D. If no deficiencies were found during the test, then the test was probably flawed.

Answer : D Explanation: The purpose of the test is to find weaknesses in the plan. Every plan has weaknesses. After the test, all parties should be advised of the results and the plan updated to reflect the new information. NEXT QUESTION

Which choice below is NOT considered an appropriate role for senior management in the business continuity and disaster recovery process? A. Delegate recovery roles B. Closely control media and analyst communications C. Publicly praise successes D. Assess the adequacy of information security during the disaster recovery

Answer : D Explanation: The tactical assessment of information security is a role of information management or technology management, not senior management. In addition to the elements of answers a, b, and c above, senior management has many very important roles in the process of disaster recovery, including: Remaining visible to employees and stakeholders Directing, managing, and monitoring the recovery Rationally amending business plans and projections Clearly communicating new roles and responsibilities Senior management must resist the temptation to participate handson in the recovery effort, as these efforts should be delegated. Information or technology management has more tactical roles to play, such as: Identifying and prioritizing mission-critical applications Continuously reassessing the recovery sites stability Recovering and constructing all critical data Source: Business Recovery Checklist, KPMG LLP 2001. NEXT QUESTION

Which of the following is NOT considered a natural disaster? A. Flood B. Tsunami C. Earthquake D. Sabotage

Answer : D NEXT QUESTION