CISSP - Exam questions to study/review 1
At which OSI model layer does IPSec operate? a) Network b) Physical c) Session d) Transport
a) Network layer (layer 3)
Boolean operators (symbols):
! or ~ -> NOT ^ or & -> AND (^ looks like "A") V or || -> OR o -> NOR
Types of fire extinguishers
*Class - Type of Fire - Suppression material* A - Common combustibles - Water, soda acid B - Liquids - CO2, halon, soda acid C - Electrical - CO2, halon, FM200 D - Metal - Dry powder
Addressing schemes
1) Immediate: operand as argument of instruction 2) Direct: operand on memory location of instruction 3) Indirect: operand on memory location on the memory location of instruction 4) base+offset: base memory on register, offset supplied by instruction
What are the 3 types of accreditation that could be granted, defined by Information Systems Security Organization of the National Security Agency?
1) System accreditation ( a major application or general support system is evaluated) 2) Site accreditation (the applications and systems at a specific, self-contained location are evaluated) 3) Type accreditation (an application or system that is distributed to a number of different locations is evaluated)
How many rounds of encryption is performed by AES?
10 - for 128-bit keys 12 - for 192-bit keys 14 - for 256-bit keys
What is a security perimeter (choose all that apply) a) the boundary of the physically secure area that surrounds your systems b) the imaginary boundary that separates the TCB from the rest of the system c) the network where you firewall resides d) Any connections to your computer system
A and B
Breaches vs. Threat events
A breach is the occurrence of a security mechanism being bypassed or thwarted by a threat agent. Threat events are accidental and intentional exploitations of vulnerabilities. They can also be natural or manmade. Threat events include fire, earthquake, flood, system failure, human error (due to a lack of training or ignorance), and power outage.
John recently received an email from Bill. What cryptography goal would need to be met to convince John that Bill was actually the sender of the message? A) Nonrepudiation B) Confidentiality C) Availability D) Integrity
A) Nonrepudiation
Which of these following cases might require that you report the incident? (choose all that apply) a) confidential information protected by federal regulations was possibly disclosed b) Damages exceed $1,500 c) The incident has happened before d) The incident resulted in the violation of a law
A) and D)
Cryptography: What term defines when the same text encrypted by different keys produces the same cyphertext? (Same plaintext -> 2 different keys -> Same cyphertext)
Clustering (aka key clustering) in cryptography
During the de-encapsulation procedure the _______________________ layer strips out its information and sends the message to the network layer
Data link
Data objects and their names in the OSI model
Datalink layer: frame Network layer: datagram or packet Transport layer: segment Session, Presentation and Application: PDU (Protocol Data Unit)
Which component of the CIA triad has the most avenue or vectors of attacks and compromise?
Availability
What is the best definition of a security model? a) A security model states policies an organization must follow b) A security model provides a framework to implement a security policy c) A security model is the technical evaluation of each part of a computer to assess its concordance with security standards d) A security model is the process of formal acceptance of a certified configuration
B)
Evidence Standards for Civil Investigation and Criminal investigation
Civil Investigation -> Preponderance of the evidence Criminal Investigation -> Beyond a reasonable doubt
What is the minimum # of keys for a two-way communication using a symmetric key cryptography? a) one b) two c) three d) four
a) One. In symmetric key cryptography one key is required for 2 parties to communicate with each other
Cryptography: Different text -> same hashing function -> same hashes
Collition
Commercial/Business Organization:s labels of data classification
Confidential (or Private for PII) Sensitive (or Internal) Public
Which agency provides daily updates on wildfires in the USA? a) FEMA b) NIFC c) USGS d) USFWS
b) NIFC (National Interagency Fire Center) USGS (US Geological Survey) = earthquake FEMA = flood USFWS (United States Fish and Wildlife Service) = wildlife
Which VPN protocol should not be used as the sole encapsulation mechanism if there is a dial-up mechanism present between the host and the link end-point? a) L2F b) PPTP c) IPSEC d) L2TP
IPSec is not designed to operate naked over a dial-up segment. It should be encapsulated with L2TP for example
Which Bell-Lapadula property prevents subjects at lower levels from accessing objects at higher classification levels? a) * (star) security property b) no read-up property c) no write-up property d) no read-down property
b) no read-up (aka "simple" property)
What aspect of security governance is based on the idea that senior management is responsible for the success or failure of a security endevour? a) SOX Act of 2002 b) COBIT c) Accreditation d) Top-down approach
d) Top-down approach
STRIDE
Spoofing Tempering Repudiation Information disclosure Denial of service Elevation of privilege
Military labels of data classification
Top Secret Secret Confidential Sensitive but unclassified Unclassified Note that Top Secret, Secret and Confidential are known as "Classified Information" in Military or Governmental organizations
Which email security system is based on building a web of trust? a) PGP b) S/MIME c) MOSS d) PEM
a) PGP (Pretty Good Privacy) secure email system appeared on the computer security scene in 1991. It combines Certificate Authority (CA) hierarchy with the "web of trust" concept
Min # of keys for 3DES
Two 3DES uses 2 or 3 keys
UDP: a) bits b) logical addressing c) data reformatting d) simplex
UDP is a simplex protocol at the Transport layer UDP provides application multiplexing (via port numbers) and integrity verification (via checksum) of the header and payload.
Which of the following is not a typical security concern with VOIP? a) VLAN hopping b) Caller ID falsification c) Vishing d) SPIT
VLAN hopping is not associated with VOIP, but a switch security issue. SPIT = Spam over Internet Telephony
Vulnerability vs. Exposure
Vulnerability is the absence or weakness of a safeguard or countermeasure. Exposure is being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited by a threat agent or event.
What rule did the soviets break in 1940 (project Venona) which allowed the USA to decrypt their messages based on one-time pads? a) key values must be random b) key values must be the same length as the message c) key values must only be used once d) key values must be protected from disclosure
a) Key values must be random Crytpoanalysts in the USA found a pattern on the method the Soviets used for creating their keys
The Children Online Privacy Protection act was designed to protect the privacy of children using the Internet. What is the minimum age a child must be before companies can collect personally identifiable information from them without parental consent? a) 13 b) 14 c) 15 d) 16
a) 13
John wants to produce a message digest of a 2048-bit plaintext message using SHA-1. What would be the length of the message digest he would send? a) 160 bits b) 512 bits c) 1048 bits d) 2048 bits
a) 160 bits SHA-1 always produces a 160-bit message digest independent of the plaintext message. In fact one of the requirements of a hashing algorithm is to produce a fixed-size MD
Which of the following is not an allowed key length for AES? a) 56 bits b) 128 bits c) 192 bits d) 256 bits
a) 56 bits
What is a tcp wrapper? a) an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs. b) an encapsulation protocol used by switches c) a security protocol used to protect TCP/IP traffic over WAN links d) a mechanism to tunnel TCP/IP traffic on non-IP networks
a) A TCP wrapper is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs.
A biometric system has falsely rejected a valid user, indicating the user is not recognized. What type of error is this? a) Type 1 error b) Type 2 error c) Crossover error d) False alarm error
a) A Type 1 error occurs when a valid subject is not authenticated. A Type 2 error occurs when an invalid subject is authenticated. It is a more dangerous error
What unit of measurement should be used to assign quantitative values to assets in the priority identification phase of the Business Impact Assessment? a) Monetary b) Utility c) Importance d) Time
a) Monetary "Importance" is a qualitative metric
Which of the following is also known as identity-based access control model? a) Discretionary access control b) Role-based access control c) Rule-based access control d) Mandatory access control
a) A discretionary access control is an identity-based access control model. It allows the data owner or data custodian of a resource to grant permissions at the discretion of the owner. The Role-based access control model is based on the user role or group membership The Rule-based access control model is based on rules within an ACL. The Mandatory access control uses assigned labels to identify access rights.
Which of the following terms is used to describe any potential occurrence that can result in an undesirable outcome to an organization or to a specific asset? a) Threat b) Realized risk c) Incident d) Breach
a) A threat is a potential occurrence that can result in an undesirable outcome. The key here is *potential occurrence*. -> An incident and a breach are not potential occurrences, they are actual occurrences. An incident is any event that has a negative effect on the confidentiality, integrity, or availability of an organization's assets. A breach is the occurrence of a security mechanism being bypassed or thwarted by a threat agent.
Identification is the first step towards what ultimate goal? a) Accountability b) Authorization c) Auditing d) non-repudiation
a) Accountability is the ultimate goal of a process started by Identification
Which of the following roles is most likely to assign permissions to grant users access to data? a) Administrator b) Auditor c) Owner d) User
a) Administrator Custodians=Administrators Auditors: audit the system and processes for compliance w policies Owners: defines the classification of the data
When you are designing a security system for internet-delivered email, which of the following is the least important? a) Availability b) Non-repudiation c) Message integrity d) Access restriction
a) Availability Internet-based emails cannot have their availability guaranteed anyway. So in this context Availability is the least important feature.
If you are a victim of bluejacking, what has been compromised? a) you cell phone b) your firewall c) your browser d) your switch
a) Bluejacking is an wireless attack that exploits bluetooth communications
What type of application vulnerability most directly allows an attacker to modify the content of the system's memory? a) Buffer overflow b) Rootkit c) Backdoor d) TOC/TOU
a) Buffer overflow
What can be used to reduce the amount of logged and audited data using non-statistical methods? a) Clipping b) Sampling c) Log analysis d) Alarm triggering
a) Clipping Sampling is a statistical method of capturing relevant data
What type of incident is characterized by obtaining an increased level of privileges? a) Compromise b) Denial of service c) Malicious code d) Denial of service
a) Compromise Any time an attacker increases their authority the incident is classified as a system compromise.
Which law first required operators of federal interest computer systems to undergo periodic training in computer security issues? a) Computer Security Act b) National Infrastructure Protection Act c) Computer Fraud and Abuse Act d) Electronic Communications Privacy Act
a) Computer Security Act
Which form of access control is concerned primarily with the data stored by a field? a) Content-dependent b) Context-dependent c) Semantic integrity mechanisms d) Perturbation
a) Content-dependent access control is based on the contents or payload of the object being accessed.
What condition is necessary on a web page for it to be used on a cross-site scripting attack? a) Reflected input b) Database-driven content c) .NET technology d) CGI scripts
a) Cross-site scripting attacks occur when web applications contain some type of reflected input.
What type of federal government computing system requires that all the personnel accessing that system have a need to know of all of the information processed by that system? a) Dedicated b) System High c) Compartmented d) Multilevel
a) Dedicated
Which of the following actions usually does not take place during the restoration phase of incident response? a) Disconnecting the system from the network b) Restoring data from a backup c) Rebuilding compromised systems d) Supplementing existing security controls
a) Disconnecting the system from the network. Disconnecting is only usually done at the isolation and recovery phases of the incident response
Of the following choices which one is the most common vector for distributing malware? a) Drive-by downloads b) USB drives c) Ransomware d) Unapproved sofware
a) Drive-by downloads
Which of the following is a fake network designed to tempt intruders with unpatched and unprotected security vulnerabilities and false data? a) honeypot b) padded cell c) IDS d) honeynet
a) Honeynet A padded cell is a honey pot that has been protected so that that it cannot be easily compromised. In other words, a padded cell is a hardened honey pot. In addition to attracting attackers with tempting data, a padded cell operates in tandem with a traditional IDPS.
What protocol manage the security associations used by IPSec? a) ISAKMP b) SKIP c) IPCOMP d) SSL
a) ISAKMP (Internet Security Association and Key Management Protocol) ISAKMP provides background security support services for IPsec by negotiating, establishing, modifying, and deleting security associations.
Which of the following is not a component of the DevOps model? a) Information Security b) Software Development c) IT Operations d) Quality assurance
a) Information security The 3 elements of the DevOps model are Quality assurance, Software Development and IT Operations
Which of the following models place the majority of services and security tasks on the hands of the organization leasing the cloud-based services? a) Infrastructure as a service b) Software as a service c) Platform as a service d) Cloud as a service
a) Infrastructure as a Service model puts most of the services like support and security on the hands of the company leasing (using) the cloud-based services.
The operating system design concept of protection rings is derived from what early OS? a) Multics b) Unix c) Windows d) Macintosh
a) Multics
What protocol replaced SLIP? a) PPP b) TLS c) 802.11 d) SSH
a) PPP is the replacement of SLIP and can support any LAN protocol, not just TCP/ IP. PPP is is a full-duplex protocol used for transmitting TCP/ IP packets over various non-LAN connections, such as modems, ISDN, VPNs, Frame Relay, and so on. PPP is widely supported and is the transport protocol of choice for dial-up Internet connections. PPP authentication is protected through the use of various protocols, such as CHAP and PAP.
When designing firewall rules to prevent IP spoofing, which of the following principles should you follow? a) Packets with internal source IP address do not enter the network from outside b) Packets with internal source IP addresses do not exit the network from the inside c) Packets with public Ip addresses do not pass through the router in any direction d) Packets with external source IP addresses do not enter the network from the outside
a) Packets with internal source IP address should not be allowed to enter the network from the outside because they are likely spoofed
Which DRP exercise would you perform that involves personnel relocation and remote site activation? a) Parallel test b) Full-interruption test c) Structured walk-through d) Simulation test
a) Parallel tests involve relocating personnel to the alternate recovery site and implementing site activation procedures In simulation tests, disaster recovery team members are presented with a scenario and asked to develop an appropriate response. A structured walk-through, often referred to as a table-top exercise, members of the disaster recovery team gather in a large conference room and role-play a disaster scenario. Full-interruption tests operate like parallel tests, but they involve actually shutting down operations at the primary site and shifting them to the recovery site.
What authentication protocol offers no encryption or protection for logon credentials? a) PAP b) CHAP c) SSL d) RADIUS
a) Password Authentication Protocol (PAP) is a standardized authentication protocol for PPP. PAP transmits usernames and passwords in the clear.
Which of the following is the most important aspect of security? a) Physical security b) Awareness training c) Logical security d) Intrusion detection
a) Physical security. Without physical security none of the other forms of security implementation are sufficient
Which of the following is not a typical type of alarm that can be triggered for physical security? a) Preventive b) Deterrent c) Repellent d) Notification
a) Preventive There is no such thing as a preventive alarm. Alarms are always triggered as the result of an intrusion or attack
What relates to the principles of notice, choice, onward transfer and access? a) Privacy b) Identification c) Retention d) Classification
a) Privacy. These are four Safe Harbour principles that apply to maintaining the privacy of data
WHich of the following can be used to improve the effectiveness of a brute force password cracking attack? a) Rainbow tables b) Hierarchical screening c) TKIP e) Digital enhancement
a) Rainbow tables contain pre-computed hashes for common passwords and may be used to improve the efficiency of password cracking attacks.
Which portion of the Change Management process allows developers to prioritize tasks? a) Request control b) Release control c) Configuration control d) Change audit
a) Request control The request control process provides an organized framework within which users can request modifications, managers can conduct cost/ benefit analysis, and developers can prioritize tasks.
What change management control process provides a framework for cost/benefit analysis? a) Request control b) Deployment control c) Release control d) Change control
a) Request control. The request control process provides an organized framework within which users can request modifications, managers can conduct cost/ benefit analysis, and developers can prioritize tasks.
What are ethics? a) Rules of personal behavior b) Mandatory actions required to fulfil job requirements c) Regulations set forth by a professional organization d) Laws of professional conduct
a) Rules of personal behavior
In which type of software testing the tester has access to the underlying code? a) Static testing b) Dynamic testing c) Cross-site scripting testing d) Black-box testing
a) Static testing evaluates the security of software without running it by analyzing either the source code or the compiled application.
Which of the following is typically not an element that must be discussed with end users regarding email retention policies? a) Backup method b) Auditor review c) Length of retainer d) Privacy
a) The backup method is not something to discuss with end users about email retention
Which task of the BCP BIA involves creating a list of all business processes? a) Criticality prioritization b) Risk assessment c) Likelyhood assessment d) Impact assessment
a) The criticality prioritization task involves creating a comprehensive list of business processes and ranking them in order of importance.
Within the context of the European Union Data Protection Law, what is a data processor? a) The entity that processes personal data on behalf of the data controller b) The entity that controls the processing of the data c) The computing system that processes data d) The network that processes data
a) The entity that processes personal data on behalf of the data controller
What is the function of the network access server within a RADIUS architecture? a) Client b) Authentication c) AAA d) Firewall
a) The network access server is a client within the RADIUS architecture. The RADIUS servers provides AAA services (Authentication, Authorization and Accountability). The network access server might have a firewall, but that is not his primary service
Why is spam so difficult to stop? a) The source IP is usually spoofed b) Filters are ineffective at stopping inbound messages c) It is an attack that requires little expertise d) Spam can cause denial-of-service
a) The source address of an spam message is usually spoofed
What type of interface testing would identify flaws in a program's command-line interface? a) User interface testing b) Application programming interface testing c) Physical interface testing d) Security interface testing
a) User interface testing is used to test both graphical user interfaces and command-line interfaces
When a safeguard or countermeasure is non existent or inefficient, what remains? a) Vulnerability b) Risk c) Exposure d) Penetration
a) Vulnerability Vulnerability is the absence or weakness of a safeguard or countermeasure Risk is the possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset. It is an assessment of probability, possibility, or chance. Exposure is being susceptible to asset loss because of a threat;
During what type of penetration testing does the tester always have access to the server configuration information? a) White box testing b) Black box testing c) Grey box testing d) Red box testing
a) White box. In a white-box testing the testers always have access to detailed information about the configuration of the system under test. -> they key here is the word "always", since in a grey-box test the tester might have access to the server's configuration information
What is system accreditation? a) formal acceptance of stated system configuration b) a functional evaluation of the manufacturer's goals for each hardware and software component to meet integration standards c) acceptance of tests results that prove the computer system enforces the security policy d) the process to specify secure communications between machines
a) accreditation is a formal acceptance of stated system configuration option b) is not an appropriate answer because it addresses manufacturer standards. Option c) is not valid because there is no way to prove a configuration enforces a security policy. Option d) is incorrect because system accreditation does not refer to secure communication specifications.
What is an access object? a) a resource that a user or process wants to access b) a user or process that wants to access a resource c) a list of valid access rules d) the sequence of valid access types
a) an access object is an first of all an object. An object is a resource a user or process (aka "a subject") wants to access
What are the primary goals of a Thrill Attack? (choose all that apply) a) Pride of conquering a secure system b) Bragging rights c) Money d) Retaliation against a person or organization
a) and b)
Which operations cryptographic algorithms rely on to obscure plaintext messages? ( Choose all that apply) a) Confusion b) Diffusion c) Polymorphism d) Transposition
a) and b) Confusion and Diffusion Cryptographic algorithms rely on two basic operations to obscure plaintext messages— confusion and diffusion.
That type of preaker box is used to generate the 2600Hz signal to interact with Telephone network trunk systems? a) blue box b) white box c) black box d) red box
a) blue box
What layer of the ring protection scheme includes programs running in supervisory mode? a) level 0 b) level 1 c) level 3 d) level 4
a) level 0
Which of the following cannot be achieved by symmetric key encryption? a) non-repudiation b) confidentiality c) availability d) key distribution
a) non-repudation both parties have access to the same key, therefore the identity of the sender cannot be guaranteed 100%
You have 3 applications running on a single-processor, single core cpu. The 1st application has a total of 2 threads running. The other 2 applications have 1 thread each. How many threads are running on the cpu at any given time? a) one b) two c) three d) four
a) one a single cpu, single core system can only process one thread at a time.
What law prevents federal agencies from disclosing personal information that an individual supplies to the government under protected circumstances? a) Privacy Act b) Electronic Communications Privacy Act c) Health Insurance Portability and Accountability Act d) Gramm-Lichey-Bliley Act
a) the Privacy Act (1974)
A type B fire extinguisher can use all but except which of the fire suppression mediums below? a) water b) co2 c) halon d) soda acid
a) water Class B extinguisher is used on fires on flammable liquids. Water should not be used on such fires.
An organization wants to reduce its vulnerability against malicious employees committing fraud. What measures would help reduce that risk? (check all that apply) a) Job rotation b) Mandatory vacations c) Separation of duties d) Baselining
a), b) and c) Baselining is used for configuration management and would not help reducing the risk of fraud.
Abnormal or unauthorized activities detectable by IDS (select all that apply) a) External connection attempts b) Execution of malicious code c) Access to controlled object d) none of the above
a, b and c The question does not specify NIDS (network IDS) nor HIDS (Host ISD). Therefore assume both types.
WHich of the following VPN protocols do not offer native encryption mechanisms (choose all that apply)? a) L2F b) L2TP c) IPSec d) PPTP
a, b and d : these VPN protocols do not offer native encryption. Only IPSec includes native encryption
WHich of the following is the type of antivirus response function that removes malicious code but leave the damage unrepaired a) cleaning b) removal c) stealth d) polymorphism
b) (virus) removal cleaning removes the virus and repairs the damage
Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level? a) Inference b) Contamination c) Aggregation d) Polyinstantiation
b) Data contamination: mixing data with different classification levels and/ or need-to-know requirements is known as
Which type of virus uses a variety of keys to avoid detection? a) Polymorphic b) Encrypted c) Multipartite d) File infector
b) *Encrypted viruses* use cryptographic techniques to avoid detection. Each infection utilizes a different cryptographic key, causing the main code to appear completely different on each system. The key word here is *"keys"* which relates to cryptography Polymorphic viruses actually modify their own code as they travel from system to system. The virus's propagation and destruction techniques remain the same, but the signature of the virus is somewhat different each time it infects a new system.
How many building fires occur in the USA on any single day? a) 100 b) 1,000 c) 1,00,000 d) 1,000,000
b) 1,000
Which of the following is the least resistant to EMI? a) 10base2 b) 10Base-T UTP c) 10Base5 d) Coaxial cable
b) 10BaseT UTP
How many rounds of encryption is performed by DES? a) 2 b) 4 c) 16 d) 32
b) 16
Which of the following IP is not a private address as defined by RFC 1918? a) 10.0.0.18 b) 169.254.1.119 c) 172.31.8.204 d) 192.168.6.43
b) 169.254.1.119 is in the APIPA range The ranges of private IP addresses defined by RFC1918 are: 10.0.0.0- 10.255.255.255 (a full Class A range) 172.16.0.0- 172.31.255.255 (16 Class B ranges) 192.168.0.0- 192.168.255.255 (256 Class C ranges)
What is the ideal humidity range for a computer-room? a) 10%-20% b) 40%-60% c) 70%-80% d) 80%-95%
b) 40% to 60%
What is the size of the text block that DES operates on? a) 56 bits b) 64 bits c) 112 bits d) 128 bits
b) 64 bits block
A host organization that also has its own security staff is what form of alarm security system? a) Localized alarm system b) Proprietary alarm system c) Centralized alarm system d) Auxiliary alarm system
b) A *proprietary alarm system* is similar to a centralized station system, but the host organization has its own onsite security staff waiting to respond to security breaches.
Which of the following can be described as a virtual circuit that always exist and is available and waiting for users to send/receive data? a) ISDN b) PVC c) VPN d) SVC
b) A PVC (Permanent Virtual Circuit) is a predefined virtual circuit that is always available. An SVC (Switched Virtual Circuit) is more like a dial-up connection because a virtual circuit has to be created using the best paths currently available before it can be used and then disassembled after the transmission is complete.
What is system certification? a) formal acceptance of stated system configuration b) a technical evaluation of each part of a computer system to assess its compliance with security standards c) a functional evaluation of the manufacturer's goals for each hardware and software component to meet integration standards d) a manufacturer certificate stating that all components were installed and configured correctly
b) A system certification is a technical evaluation Option a) describes system accreditation Options c) and d) describe manufacturer's standards, not implementation standards
Which of the following describes putting similar elements into groups, classes or roles, that are assigned security controls, restrictions or permissions as a collective? a) Data Classification b) Abstraction c) Supperzapping d) Covert Channel
b) Abstraction is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective. It adds efficiency to carrying out a security plan.
What industry is most direcly impacted by the provisions of the Gramm-Leach-Bliley Act ? a) Health Care b) Banking c) Law Enforcement d) Defense Contractors
b) Banking The Gramm-Leach-Bliley Act somewhat relaxed the regulations government had until then concerning the services each financial organization could provide, and how people's information could be used
Which security model addresses data confidentiality? a) Clark-WIlson b) Bell-Lapadula c) Biba d) Brewer and Nash
b) Bell-Lapadula model addresses confidentiality Biba and Clark-Wilson address data integrity Brewer and Nash addresses conflict of interests
What BCP technique can be used by the business unit during the prioritization tasks of the DRP? a) Vulnerability analysis b) Business Impact Analysis c) Risk Management d) Continuity planning
b) Business Impact Analysis
What law requires that communication carriers cooperate with agencies conducting a wire trap? a) CFAA b) CALEA c) EPPIA d) ECPA
b) CALEA (Communications Assistance for Law Enforcement Act) requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order, regardless of the technology in use. Electronic Communications Privacy Act (ECPA) makes it a crime to invade the electronic privacy of an individual. CFAA (Computer Fraud and Abuse Act) changed the scope of the CCCA (Comprehensive Crime Control Act) regulation, covering federal computers that processed sensitive information, to cover all "federal interest" computers.
What type of motion sensor detects the change of electrical or magnetic field surrounding monitored objects? a) Infrared b) Capacitance c) Photoelectric d) Wave
b) Capacitance motion detectors
What method can be used to map out the needs of an organization for a new facility? a) Risk analysis b) Critical path analysis c) Inventory d) Logfiles audit
b) Critical path analysis Critical path analysis is a systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements, including facilities' infrastructure and physical security
Which of the following algorithms/protocols provide inherent support for non-repudiation? a) HMAC b) DSA c) MD5 d) SHA1
b) DSA (Digital Signature Algorithm) The Hashed Message Authentication Code (HMAC) algorithm implements a partial digital signature— it guarantees the integrity of a message during transmission, but it does not provide for nonrepudiation. MD5 and SHA are hashing (message digest) algorithms that provide integrity assurance.
Which of the following provides the best protection against the loss of confidentiality for sensitive data: a) Data labels b) Data classification c) Data handling d) Data degaussing methods
b) Data classification Data labels and proper data handling depend on data being classified correctly first.
Which type of security control is an audit trail? a) Preventive b) Detective c) Corrective d) Physical
b) Detective
Which of the following authentication, authorization and accountability (AAA) protocols is based on RADIUS and supports Mobile IP and Voice over IP? a) Distributed access control b) Diameter c) TACACS d) TACACS+
b) Diameter TACACS and TACACS+ are AAA protocols but are not based on RADIUS
Which cryptographic algorithm forms the basis of "El Gamal" cryptosystem? a) RSA b) Diffie-Hellman c) 3DES d) IDEA
b) Diffie-Hellman El Gamal uses mathematical principles behind the Diffie-Hellman key exchange algorithm and extended them to support an entire public key cryptosystem used for encrypting and decrypting messages.
What is encapsulation? a) Changing the source and destination address of a packet b) Adding a footer and a header to data as it moves down the OSI stack c) verifying a person's identity d) protecting evidence until it is properly collected
b) Encapsulation is the process of adding a footer and a header to data as it moves down the OSI stack
WiFi technique using a form of serial communication: a) Spread Spectrum b) FHSS c) DSSS d) OFDM
b) FHSS (Frequency Hopping Spread Spectrum) is an early implementation of frequency spread spectrum. Instead of sending data in a parallel fashion, it transmits data in a series while constantly changing the frequency in use. Direct Sequence Spread Spectrum (DSSS) employs all the available frequencies simultaneously in parallel Orthogonal frequency-division multiplexing (OFDM) sends data in multiple streams at the same time
What regulation formalizes the prudent man rule that requires senior executive to take personal responsibility for their actions? a) CFAA b) Federal Sentencing Guidelines c) GLBA d) Sarbanes-Oxley
b) Federal Sentencing Guidelines GLBA - Gramm-Leach-Bliley Act = financial institutions and privacy CFAA - Computer Fraude and Abuse Act
WHich of the following is not true concerning firewalls? a) They are able to log traffic information b) They are able to block viruses c) They are able to issue alarms based on suspected attacks d) They are unable to prevent internal attacks
b) Firewalls cannot block viruses
which of the following is not a feature of packet switching? a) Bursty traffic b) Fixed known delays c) Sensitive to data loss d) Supports any type of traffic
b) Fixed know delays. Packet switching has unknown traffic delays. Circuit switching has fixed known delays
What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities? a) Privacy act b) Forth Amendment c) Second Amendment d) Gramm-Leach-Bliley act
b) Fourth Amendment
What cryptosystem provides the encryption and decryption technology for the commercial version of Pretty Good Privacy secure email system? a) ROT13 b) IDEA c) ECC d) El Gamal
b) IDEA Pretty Good Privacy uses a "web of trust" system of digital signature verification. The encryption technology is based on the IDEA private key cryptosystem
_____________________________is a standards-based mechanism to provide encryption for point-to-point TCP/IP traffic a) ISDN b) IPSec c) SDLC d) IDEA
b) IPsec is a standard architecture set forth by the Internet Engineering Task Force (IETF) for setting up a secure channel to exchange information between two entities. IPsec uses public key cryptography to provide encryption, access control, nonrepudiation, and message authentication, all using IP-based protocols. ISDN is a private circuit technology for communication links. Synchronous Data Link Control (SDLC) is a packet-switching technology and uses virtual circuits instead of dedicated physical circuits. IDEA is an encryption algorithm
In what type of addressing scheme the CPU receives the data as an argument of the instruction provided to it? a) Direct b) Immediate c) Base+offset d) Indirect
b) Immediate The cpu does not need to look for the data on memory. It is supplied with the instruction , for an immediate access.
In what DES mode the text of block to be encrypted is XOR'ed with the preceding block before being encrypted? a) Electronic Code Book (ECB) b) Cypher Block Chaining c) Cypher Feed Back d) Output Feed Back
b) In Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of ciphertext immediately preceding it before it is encrypted using the DES algorithm. Electronic Codebook (ECB) mode is the simplest mode to understand and the least secure. Each time the algorithm processes a 64-bit block, it simply encrypts the block using the chosen secret key. Cipher Feedback (CFB) mode is the streaming cipher version of CBC. In other words, CFB operates against data produced in real time. However, instead of breaking a message into blocks, it uses memory buffers of the same block size. In Output Feedback (OFB) mode, DES operates in almost the same fashion as it does in CFB mode. However, instead of XORing an encrypted version of the previous block of ciphertext, DES XORs the plain text with a seed value. (No error propagation)
What is the foundation of user and personnel security? a) Background checks b) Job descriptions c) Auditing and monitoring d) Discretionary access control
b) Job descriptions
Which of the following tools can be used to implement a DDoS against a network or a system? a) Satan b) Saint c) LOIC d) Nmap
b) LOIC The other tools are network discovery tools
What is it called when email is used as an attack mechanism? a) Spoofing b) Mail bombing c) Smurf attack d) Masquerading
b) Mail bombing Spoofing: an attack with the goal of gaining access to a target system through the use of a falsified identity. Spoofing can be used against IP addresses, MAC address, usernames, system names, wireless network SSIDs, email addresses, and many other types of logical identification. Smurf attack: is a type of flood attack. It floods the victim with Internet Control Message Protocol (ICMP) echo packets. More specifically, it is a spoofed broadcast ping request using the IP address of the victim as the source IP address.
When an unauthorized person uses an authorized person's identity to gain access to access restricted areas is called __________________ a) Piggybacking b) Masquerading c) Impersonation d) Eavesdropping
b) Masquerading
What is used to keep subjects accountable for their actions while they are authenticated on a system? a) Authentication b) Monitoring c) Account lockout d) User entitlements reviews
b) Monitoring Monitoring is required for accountability of users who have authenticated on a system. Monitoring includes log captures and analysis
What type of DRP test fully evaluates operation at the remote site but does not shift primary operations to the remote site? a) Structured walk-through b) Parallel testing c) Full simulation test d) Simulation test
b) Parallel test Simulation tests: disaster recovery team members are presented with a scenario and asked to develop an appropriate response.
You operate a grain processing facility. You are developing your BCP/DRP plans. What would likely be your highest priority? a) Order processing system b) Fire suppression system c) Payroll system d) Website
b) People should always be the priority #1. In this sense a fire suppression system would help protect people
The purchasing of insurance is a form of _______________________ a) Risk mitigation b) Risk assignment c) Risk avoidance d) Risk rejection
b) Purchasing insurance and outsourcing are common forms of assigning or transferring risk.
What japanese cypher code was broken by the USA in the WWII? a) VENONA b) Purple c) Enigma d) Ultra
b) Purple cipher was the name of the cipher used by japanese Russians: VENONA Germans: Enigma cypher broken by Ultra project
Which of the following actions would be considered unethical according to RFC 1087 "Ethics and the Internet"? a) Actions that compromise the privacy of confidential information b) Actions that compromise the privacy of users c) Actions that disrupt the activity of organizations d) Actions in which a computer is used against the principles of a security policy
b) RFC 1087 only addresses the privacy of users
Which of the following is not a routing protocol? a) RIP b) RPC c) BGP d) OSPF
b) RPC (remote procedure call) is not a routing protocol RIP: Routing Information Protocol BGP: Border Gateway Protocol OSPF: Open Shortest Path First protocol
Richard wants to digitally sigh a message to Sue so that Sue can be assured the message was sent from Richard and was not modified during its transmission. WHich key would Richard use to sign his message? a) RIchard's public key b) Richard's private key c) Sue's private key d) Sue's public key
b) Richard's private key
What type of cryptosystem commonly makes use of a passage of a book as the encryption key? a) Vernam cypher b) Running key cypher c) Skipjack cypher d) Twofish cypher
b) Running key cypher (aka book cypher)
Which of the following attacks allows the attacker to execute arbitrary commands on a database with a web front-end? a) XSS B) SQL injection c) Transaction manipulation d) Man-in-the middle
b) SQL injection. SQL injection attacks use unexpected input to a web application. However, instead of using this input to attempt to fool a user like in XSS atacks, SQL injection attacks use it to gain unauthorized access to an underlying database.
What is a good location for a turnstile a) Main entrance of a building b) Entrance of a secured area c) Secondary or side exits d) Internal offices intersections
b) Secondary or side exits, specially the ones where security guards are not available
Which of the following is the most distinctive concept in relation to layered security? a) Multiple b) Series c) Parallel d) Filter
b) Series. Layered security implies multiple layers and security controls in a series faction: one control after the other and if one control fails the overall security is not compromised
Which of the following licensing agreement does not require that the users acknowledge that they have read the agreement prior to executing it? a) Standard licensing agreement b) Shrink-wrap agreement c) Click-wrap agreement d) Verbal agreement
b) Shrink-wrap agreement
What is needed for an external client to initiate a communication session with an internal system if the network uses a NAT proxy? a) IPSec tunnel b) Static mode NAT c) Static private IP address d) reverse DNS
b) Static mode NAT Use static mode NAT when a specific internal client's IP address is assigned a permanent mapping to a specific external public IP address. This allows for external entities to communicate with systems inside your network even if you are using RFC 1918 IP addresses.
A security management plan that discusses the needs of an organization to maintain security, the desire to improve the control of authorized users, and the goal of implementing token-based security is what type of plan? a) Functional b) Strategic c) Operational d) Tactical
b) Strategic. A *strategic plan* is a long-term plan with a wish list of security measures to implement and improvements to existing processes A *tactical plan* is typically useful for about a year and often prescribes and schedules the tasks necessary to accomplish organizational goals. Some examples of tactical plans are project plans, acquisition plans, hiring plans, budget plans, maintenance plans, support plans, and system development plans. An *operational plan* is a short-term, highly detailed plan based on the strategic and tactical plans.
In which of the following security modes you can rest assured that all users have access permission for all information processed by the system but will not necessarily need to know of all that information? a) Dedicated b) System high c) Multilevel d) Compartmented
b) System High In system high mode all users have appropriate clearance and access permission for all the information processed, but "need to know" to only some of the information processed by the system
What encryption technique does WPA use to protect wireless communications? a) AES b) TKIP c) DES d) 3DES
b) TKIP WPA2 uses AES
Which of the following is not part of the Agile manifesto? a) Simplicity is essential b) Build projects around all team members equally c) Working software is the primary measure of success d) The best design comes out from self-organized teams
b) The Agile manifesto says you should build projects around motivated individuals and give them the support they need
What DRP metric defines the maximum length of time a business function can be inoperable without causing irreparable harm to the business? a) RTO b) MTD c) SLE d) ALE
b) The MTD (Maximum Tolerable Downtime) is the maximum length of time a business function can be inoperable without causing irreparable harm to the business.
What is the primary benefit of separation of duties and job rotation policies? a) prevent collusion b) prevent fraud c) encourage collusion d) correct incidents
b) prevent fraud Separation of duties and job rotation would require people to collude to commit fraud. Therefore they do not prevent collusion, nor encourage collusion.
How often the Payment Card Industry Data Security Standard recommends vulnerability scans on a public-facing web application that processes credit card information? a) Only if the application changes b) At least annually c) At least quarterly d) There is no re-scanning requirements
b) The PCI DSS (v3.2 2016) requires web-applications to be scanned each time the application changes and at least annually "Ensure all public-facing web applications are protected against known attacks, either by performing application vulnerability assessment at least annually and after any changes"
What information security management task ensures the organization's data protection requirements are met efficiently? a) Account management b) Backup verification c) Log reviews d) Key performance indicators
b) The data backup verification process ensures that data backups are running properly and thus meeting the organization's data protection objectives. REMARK: the key words on the question are "TASK" and "DATA PROTECTION". In this sense even though "key performance indicators" are the real indicators of the Company's information security policy, the question is focused on data protection and specifically to a task. Key performance indicators are not a task.
What BIA metric expresses the proportion of an asset that will be damaged if a risk materializes? a) AV b) EF c) SLE d) ARO
b) The exposure factor (EF) represents the amount of damage that a risk would impose on an asset, expressed as the percentage of the asset's value
What is the first step of the Business Impact Assessment process? a) Risk analysis b) Identification of priorities c) Likelihood assessment d) Resource prioritization
b) The first BIA task facing the BCP team is identifying business priorities. The steps of the BIA are: 1) Identification of Biz priorities 2) Risk Identification 3) Likelihood assessment 4) Impact Assessment 5) Resources Prioritization
What is the primary objective of data classification schemes? a) To control access to objects by authorized subjects b) To formalize and stratify the process of securing data based on assigning labels of importance and sensitivity c) To establish an transaction trail for auditing accountability d) To manipulate access control to provide for the most efficient mean to grant or restrict functionality
b) To formalize and stratify the process of securing data on assigning labels of importance and sensitivity. note that a) mainly refers to access control
What type of intellectual property protection is better suited for computer software? a) Copyright b) Trade secret c) Trademark d) Patent
b) Trade secret
A significant benefit of a security control is when it goes unnoticed by users. What is this called? a) Invisibility b) Transparency c) Diversion d) Hiding in plain sight
b) Transparency
Which AES finalist makes use of prewhitening and postwhitening techniques? a) Rindjdael b) Twofish c) Blowfish d) Skipjack
b) Twofish
What law formalizes many software licensing arrangements used by the software industry and attempts to standardize their use from state to state? a) Computer Security Act b) Uniform Computer Information Transactions Act (UCITA) c) Digital Millennium Copyright Act d) Gramm-Lichey-Bliley Act
b) Uniform Computer Information Transactions Act (UCITA)
When determining the classification of data which of the following is the most important consideration? a) Processing system b) Value c) Storage media d) Accessibility
b) Value
When conducting an internal investigation, what is the most common source of evidence? a) Warrant b) Voluntary surrender c) Subpoena d) Historical data
b) Voluntary surrender. An internal investigation is usually sponsored by senior management who authorizes/grants the collection of evidence
WHich of the following is not a technology specifically associated with wireless protocol 802.11? a) WPA b) WAP c) WEP d) 802.11i
b) WAP (Wireless Application Protocol) is a technology associated with cell phones accessing the internet WPA - WiFi Protected Access WEP - Wired Equivalent Privacy
Internet protocol all public emails comply with: a) IEEE 802.11 b) X.400 c) X.509 d) LDAP
b) X.400 IEEE 802.11 -> Wifi X.509 -> Digital certificates LDAP (Lightweight Directory Access Protocol) -> Directory information services protocol (i.e. name resolution, users database, domain controller DB, etc.)
Which International Telecommunication Union (ITU) standard governs the creation and endorsement of digital certificates for secure digital communications? a) X.500 b) X.509 c) X.900 d) X.905
b) X.509 X.509 governs digital certifications and the Public Key Infrastructure (PKI). It defines the appropriate content of a digital certificate and the process used by certificate authorities to generate and revoke certificates X.500 = directory services
Which best describes a confined or constrained process? a) a process that can only run for a limited time b) a process that can only access certain memory locations c) a process that can only run at certain times of the day d) a process that controls access to an object
b) a confined or constrained process can only access certain and specific memory locations
What is the Delphi technique? a) a security model b) a form of qualitative risk analysis c) An encryption mechanism d) a security audit process
b) a form of qualitative risk analysis based on feedback-and-response method of gathering information to arrive to a consensus
Hacktivists are motivated by which of the following factors (choose all that apply) a) Financial gain b) Thrill c) Skill d) Political reasons
b) and d) Financial gain is not a motivation for hacktivists Many attacks do not require special skills.
In the wake of September 11, 2001, terrorist attacks, which industry made drastic changes that directly impacted BCP/DRP activities? a) banking b) insurance c) tourism d) airline
b) insurance Insurance companies explicitly removed coverage for acts of terrorism
Which technology provides organizations the best solution to control BYOD implementations? a) encryption b) mobile device management c) application whitelisting d) geotagging
b) mobile device management, and it can manage device's encryption, geotagging, applications whitelisting etc
Which of the following devices would benefit the most from encrypting its contents in a networked environment? a) backup tapes b) removable drives c) hard drives d) RAM
b) removable drives even though backup tapes should also be encrypted they are usually managed in a physically secure environment. Removable devices are more exposed.
Which OSI model layer manages communications in simplex, half-duplex and full-duplex mode? a) Application b) Session c) Transport d) Physical
b) the session OSI layer
Which type of cipher relies on changing the location of characters within a message to achieve confidentiality? a) stream cipher b) transposition cipher c) block cipher d) substitution cipher
b) transposition cipher Transposition ciphers use an encryption algorithm to rearrange the letters of the plain-text message to form a cipher text message. substitution cipher replaces one char by another (e.g. ROT)
How soon after an incident should a postmortem analysis be performed? a) within 24hs b) within a week c) within a month d) within three months
b) within a week
Which of the following assumptions is not necessary before you trust the public key contained on a digital certificate? a) the digital certificate of the CA is authentic b) you trust the sender of the certificate c) the certificate is not listed on a CRL d) the certificate actually contains the public key
b) you don't need to trust the sender as long as the certificate meets the other requirements and you trust the CA
What type of attack occurs when the attackers position themselves between the client and server and then interrupt the communication to take it over? a) Spoofing b) Man-in-the-middle c) Hijacking d) Cracking
c) *Hijacking* attacks occur when a malicious individual intercepts part of the communication between an authorized user and a resource and then uses a hijacking technique *to take over the session* and assume the identity of the authorized user. Man-in-the-middle attacks are similar, but the session is not taken over (hijacked)
How many keys are required for 10 people to communicate using assymetric key cryptography? a) 10 b) 20 c) 45 d) 100
c) 20 -> one pair of "private" and "public" keys per person
What is the length of validity of a patent is the USA? a) 5 years b) 10 years c) 20 years d) 35 years
c) 20 years
What is the standard patent protection period in the United States? a) 14 years from the date the application is submitted b) 14 years from the date the application is granted c) 20 years from the date the application is submitted d) 20 years from the date the application is granted
c) 20 years from the date the application is submitted
If a 2048-bit plaintext message is encrypted with El Gamal public key cryptosystem, what would be the length of the resulting cyphertext? a) 1024-bit b) 2048-bit c) 4096-bit d) 8092-bit
c) 4096-bit One of the biggest disadvantages of "El Gamal" is that it doubles the length of the plaintext message it encrypts
How many categories do the TCSEC directives define? a) two b) three c) four d) five
c) Four: category A is verified protection category B is mandatory protection category C is discretionary protection category D is minimum protection TCSEC = Trusted Computer System Evaluation and Criteria
Which of the following key types is used to enforce referential integrity between database tables? a) Primary key b) Candidate key c) Foreign key d) Super key
c) A *foreign key* is used to enforce relationships between two tables, also known as referential integrity. Referential integrity ensures that if one table contains a foreign key, it corresponds to a still-existing primary key in the other table in the relationship. A *primary key* is selected from the set of candidate keys for a table to be used to uniquely identify the records in a table. A *candidate key* is a subset of attributes that can be used to uniquely identify any record in a table. No two records in the same table will ever contain the same values for all attributes composing a candidate key. Each table may have one or more candidate keys, which are chosen from column headings.
What is the block size used by AES? a) 32 bits b) 64 bits c) 128 bits d) variable
c) AES processes blocks of 128-bits AES *key length* can be 128, 192 or 256-bits
Accountability requires all the following items except one. Which item is not required for accountability? a) Identification b) Authentication c) Authorization d) Auditing
c) Authorization Accountability does not require authorization. Accountability requires Identification and Authentication. After authentication, accountability requires logging for auditing purposes.
Which kind of alarm will notify the police or fire brigade etc when triggered? a) Central alarm system b) Remote alarm system c) Auxiliary alarm system d) Local alarm system
c) Auxiliary alarm systems Local alarm systems: must locally broadcast an audible (up to 120 decibel [db]) alarm signal that can be easily heard up to 400 feet away. Central Station System: The alarm is usually silent locally, but offsite monitoring agents are notified so they can respond to the security breach. Most residential security systems are of this type. Auxiliary alarm systems can be added to either local or centralized alarm systems. When the security perimeter is breached, emergency services are notified to respond to the incident and arrive at the location. This could include fire, police, and medical services.
Which of the following is based on Blowfish and helps protecting against rainbow table attacks? a) AES b) 3DES c) Bcrypt d) SCP
c) Bcrypt, it is used to encrypt passwords. It is based on Blowfish and adds a 128-bit hash to the encrypted password as "salt", which helps protect against rainbow-table attacks.
A complete loss of power: a) Sag b) Brownout c) Blackout d) Surge
c) Blackout Sag: Momentary low voltage Brownout: Prolonged low voltage
A prolonged period of low voltage: a) Blackout b) Sag c) Brownout d) Spike
c) Brownout
Which type of alarm system signals a monitoring station? a) Local b) Auxiliary c) Central d) Remote
c) Central. The alarm is usually silent locally, but offsite monitoring agents are notified so they can respond to the security breach. Local: sounds a local alarm Auxiliary: can be added to a local or central alarm. In this case emergency services are notified to respond to the incident and arrive at the location. This could include fire, police, and medical services.
WHich of the following links would be protected by WPA encryption? a) firewall to firewall b) router to firewall c) client to router d) Wireless Access Point to router
c) Client to router
An organization is using a Software as a Service cloud-based service provider, and it is sharing those services with another organization. What type of deployment model does this describe? a) Public b) Private c) Community d) Hybrid
c) Community Cloud service models: IaaS, PaaS, SaaS Cloud deployment model: Private, Public, Community and Hybrid. Hybrid deployment model is a combination of 2 or more clouds.
Which of the following is not a valid issue when considering a new safeguard? a) Cost/benefit analysis b) Compatibility with IT infrastructure c) Compliance with existing baseline d) Legal liability and prudent care
c) Compliance with existing baseline is not a valid consideration since baselines can and should be re-created to accommodate updates and enhancements
Which criminal law was the first to implemented penalties for the creators of viruses, worms, Trojan Horses, and other types of malicious code that cause harm to computer system(s)? a) Computer Security Act b) National Insurance Protection Act c) Computer Fraud and Abuse Act d) Electronic Communications Privacy Act
c) Computer Fraud and Abuse Act
Which of the following is not part of the change management process? a) Request control b) Release control c) Configuration audit d) Change control
c) Configuration audit is part of the configuration management process and not of the change management process
Which of the following is the best response after detecting and verifying an incident? a) report it b) remediate it c) contain it d) gather evidence
c) Contain it *Incident response steps:* Detection -> Response -> Mitigation -> Reporting -> Recovery -> Remediation -> Lessons Learned
In which phase of the CMM for Sofware do developers begin to operate according to a set of formal, documented software development practices? a) Initial b) Repeatable c) Defined d) Managed
c) Defined
Who administers the EU Safe Harbor provisions here in the United States? a) DoD b) Dept of Education c) Dept of Commerce d) Dept of State
c) Dept of Commerce
Which of the following is not usually an asset category covered by a BCP? a) Infrastructure b) People c) Documentation d) Equipment
c) Documentation is not usually covered by a bcp
During which phase of the BIA do you determine the risks that you are going to address simultaneously? a) Risk identification b) Likelihood analysis c) Resources prioritization d) Criticality prioritization
c) During the Resources prioritization you decide the risks that are going to be addressed simultaneously based on the resources made available to you
Which of the following algorithms is not supported by the Digital Signature Standard? a) Digital Signature Algorithm b) RSA c) El Gamal DSA d) Elliptic Curve DSA
c) El Gamal DSA The Digital Signature Standard allows government to use Digital Signature Algorithm, RSA and Elliptic Curve DSA in conjunction with SHA-1 hashing function to produce digital signatures.
__________________ is a layer 2 connection mechanism that uses packet switching technology to establish virtual circuits between the communication endpoints. a) ISDN b) VPN c) Frame Relay d) SMDS
c) Frame Relay is a layer 2 connection mechanism that uses packet-switching technology to establish virtual circuits between communication endpoints. SMDS = Switched Multimegabit Data Service is a connectionless packet-switching technology used to connect multiple LANs to form a metropolitan area network (MAN) or a WAN.
What type of attack makes the Caesar cypher practically unusable? a) meet in the middle attack b) Escrow attack c) Frequency analysis d) Transposition attack
c) Frequency analysis
Which of the following is not a typical security measure implemented in relation to a media storage facility containing reusable removable media ? a) Employing a librarian or custodian b) Using a check-in/check-out process c) Hashing d) Using sanitation tools
c) Hashing
A tunnel mode VPN is used to connect which types of systems? a) Hosts and servers b) Clients and terminals c) Hosts and networks d) Servers and domain controllers
c) Hosts and networks Tunnel mode VPNs are used to connect Networks to Networks and Hosts to Networks Transport mode VPN is used to connect Hosts to Hosts. Host, server, client, terminal and domain controller are all synonyms in this context
An organization wants to implement cloud-based service based on two separate clouds. Which deployment model should they use? a) Private b) Community c) Hybrid d) Public
c) Hybrid Hybrid models include a combination of two or more clouds. The other answers refer to single-cloud models
Which of the following best defines the "rules of behavior" established by a data owner? a) Granting users access to only what they need b) Determining who has access to the systems c) Identifying appropriate use and protection of data d) Applying security controls to a system
c) Identifying appropriate use and protection of data Data owners = managers, biz owners
What security control is directly focused on preventing collusion? a) Principle of least privilege b) Job rotation c) Separation of duties d) Qualitative risk analysis
c) Job rotation Separation of duties and Least privilege do not PREVENT collusion. In fact by giving people less privileges and by separating and limiting their duties people are required to collude if they want to commit any wrongdoing. That does not mean they should not be implemented, but collusion is usually taking place within environment where there is proper separation of duties and minimum privileges being used. Else there would be no need to collude if people have too much permission and have privileges to all of the data or system. Separation of duties prevents fraud. The principle of least privilege prevents unauthorized access to protected or sensitive objects and information. Notice that the likelihood that a co-worker will be willing to collaborate in a illegal or abusive activity is reduced because of the higher risk of detection created by the combination of separation of duties, reduced job responsibilities and job rotation
What is the most common and inexpensive form of physical security devices? a) Fences b) Alarm system c) Key locks d) Lighting
c) Key locks
Which of the following individuals would normally not be part of your incident response team? a) IT specialists b) Legal representative c) Law enforcement representative d) Public Affairs representative
c) Law enforcement representative is usually not part of the incident response team
Which one of the following is not a valid legal reason for processing information about an individual under the European Union Privacy directive? a) Contract b) Legal obligations c) Marketing needs d) Consent
c) Marketing needs is not a valid legal reason under the European Privacy directive
Mathew would like to test the systems on his network against SQL injection. Which of the following tools would be most suitable for the task? a) Port scanner b) Network vulnerability scanner c) Web vulnerability scanner d) Network discovery scanner
c) Mathew would use a Web vulnerability scanner since SQL injection attacks occur on web servers. A network vulnerability scanner might pick this vulnerability but a web vulnerability scanner is better suited for this goal.
Grace is performing a penetration test on a client's network and would like to use a tool to assist in automatically executing common exploits. Which of the following security tools would best meet her needs? a) nmap b) NEssus c) Metaexploit d) Snort
c) Metaexploit is a tool for executing common exploits. Nessus is a vulnerability scanner. Snort is a Intrusion Detection and Prevention tool
What action usually closes the Identification phase of incident responses? a) Publishing an incident repport b) Gathering evidence c) Notifying the incident to the incident response team d) Isolating the affect system(s)
c) Notifying the incident response team
Which wireless frequency access method offers the greatest throughput with the least interference? a) DSSS b) FHSS c) OFDM d) OSPF
c) OFDM (Orthogonal Frequency-Division Multiplexing) OSPF is a routing protocol
Which protocol is replacing certificate revocation lists? a) OLAP b) LDAP c) OSCP d) BGP
c) Online Certificate Status Protocol (OCSP) This protocol eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification. OLAP (Online Analytical Processing) is the technology behind many Business Intelligence (BI) applications BGP: Border Gateway Protocol
What is the most common cause of failure on a water-based fire suppression system? a) Heat b) Smoke c) People d) Ionization detectors
c) People
Which of the following statements correctly identifies a problem with sanitation methods? a) Methods are not available to remove data ensuring that unauthorized personnel cannot remove data b) Even fully incinerated media can offer extractable data c) Personnel can perform sanitation steps improperly d) Stored data is physically etched on the media
c) Personnel can perform sanitation steps improperly
Which of the following is not considered a non-IP protocol? a) IPX b) Appletalk c) UDP d) NetBUI
c) UDP Although UDP is not an IP protocol by itself, it depends on IP. UDP is a transport layer protocol that operates as the payload of IP packets
What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them? a) Inference b) Manipulation c) Polyinstantiation d) Aggregation
c) Polyinstantiation occurs when two or more rows in the same relational database table appear to have identical primary key elements but contain different data for use at differing classification levels. It is often used as a defense against some types of inference attacks
What function does RARP perform? a) it is a routing protocol b) it converts IP addresses to MAC addresses c) it resolves physical addresses into logical addresses d) It manages multiplex streaming
c) RARP resolves physical addresses (MAC addresses) into logical addresses (IP addresses)
Which database backup technology uses frequent, usually hourly, transfer of data from the primary to the alternate site? a) Remote mirroring b) Electronic vaulting c) Remote journaling d) Fault tolerance
c) Remote journaling
What is the main goal of disaster recovery? a) Preventing business interruption b) Setting up temporary business operations c) Restoring normal business activity d) Minimizing the impact of a disaster
c) Restoring normal business activity Preventing business interruption and Minimizing the impact of a disaster are goals of business continuity planning
___________________________ is a technology that can allow an automated tool to interact with a human interface. a) Remote control b) Virtual desktops c) Screen scraping d) Remote node operation
c) Screen scraping
_______________________ are considered third-generation firewalls a) Packet filtering firewalls b) Application-level gateways c) Stateful inspection firewalls d) Circuit-level gateways
c) Stateful inspection firewalls
Which tasks of the BCP bridges the gap between the Business Impact Assessment and the Continuity Planning phases? a) Resources Prioritization b) Likelihood Assessment c) Strategy Development d) Procedures and Processes
c) Strategy Development bridges the gap by analyzing the prioritized list of risks identified during the BIA and determined which risks will be addressed by the BCP Planning phase
What is the broadest category of computer systems protected by the Computer Fraud and Abuse Act, as amended? a) Government-owned systems b) Federal interest systems c) Systems used in interstate commerce e) Systems located in the USA
c) Systems used in Interstate commerce
What is a trusted computing base (TCB)? a) hosts in your network that support secure communications b) the operating system kernel and device drivers c) the combination of hardware, software and controls that work together to enforce a security policy d) the software and controls that certify a security policy
c) TCB is the combination of hardware, software and controls that work together to enforce a security policy
Which security models are based on the concept of state machine model? a) Bell-lapadula and Take-Grantt b) Biba and Clark-Wilson c) Bell-lapadula and Biba d) Clark-Wilson and Bell-Lapadula
c) The Bell-LaPadula and Biba models are both information flow models based on the state machine model
What organization created the "ten commandments of computer ethics"? a) ISC2 b) Internet Advisory Board c) Computer Ethics Institute d) IS Audit and Control Association
c) The Computer Ethics Institute created its own code of ethics: the "Ten Commandments of Computer Ethics"
How often the Payment Card Industry Data Security Standard recommends vulnerability scan on networks that process credit card information? a) Only if the network changes b) At least annually c) At least quarterly d) There is no re-scanning requirements
c) The PCI DSS (v 3.2 2016) requires servers to be scanned each time the network changes and at least quarterly "Run internal and external network vulnerability scans at least quarterly and after any significant change in the network"
What type of information is used to form the basis of an expert system's decision making process? a) A series of weighted layered computations b) Combined input from human experts, weighted according to past performance c) a series of if/then statements in a knowledge base d) a biological decision-making process that simulates the reasoning process of the human mind
c) The knowledge base contains the rules known by an expert system. The knowledge base seeks to codify the knowledge of human experts in a series of "if/ then" statements.
What part of the TCB concept validates access to every resource prior to granting the requested access? a) TCB partition b) Trusted library c) Reference monitor d) security kernel
c) The reference monitor
Which of the following is not a critical piece of information in the chain of evidence? a) Time and date the evidence was collected b) name of the person who collected the evidence c) relationship of the evidence with the incident d) general description of the evidence
c) The relationship of the evidence with the incident is not a required piece of information The information that should be provided include: 1) General description of the evidence 2) Time and date the evidence was collected 3) Exact location the evidence was collected from 4) Name of the person collecting the evidence 5) Relevant circumstances surrounding the collection
Richard recently developed a great name for a new product that he plans to begin using immediately. He spoke to his attorney and filed the appropriate application to protect his project name but has not yet received a response from the government regarding his application. He wants to use the name of his product immediately. What symbol should he use next to the same to indicate the its protected status? a) The "copyright" (c) symbol b) The "registered" (r) symbol c) The "trademark" (tm) symbol d) The "cross" (+) symbol
c) The tradermark (tm) symbol. Once he received the notification his product name has been accepted then he can use the "registered" (r) symbol
What security model has a feature that in theory has one name or label, but when implemented takes the name or label of the security kernel? a) Biba b) Clark-Wilson c) Trusted Computing Base d) Chinese Wall
c) Trusted Computing Base, In the TCB the reference monitor is the theoretical component that intermediates all communications between subjects and objects. Its implementation is the security kernel.
What is the typical time estimate to activate a warm site from the time a disaster is declared? a) 1h b) 6h c) 12h d) 24h
c) Typically a warm site is activated 12hs after a disaster is declared
What provisions of the EU Safe Harbor for privacy requires mechanisms to protect data against loss? a) Notice b) Access c) Security d) Enforcement
c) Under the security requirement proper mechanisms must be in place to protect data against loss, misuse, and unauthorized disclosure. EU safe harbor Requirements: 1) Notice 2) Choice 3) Onward transfer 4) Access 5) Security 6) Data Integrity 7) Enforcement
What would detect if an user has more privileges than necessary? a) Account management b) Logging c) Users entitlement audit d) Reporting
c) Users entitlement audit
ACME Inc wants to replace its 1024-bit RSA cryptosystem with an elliptic curve cryptosystem (ECC). WHich ECC key length would provide the same strength? a) 512-bit b) 256-bit c) 160-bit d) 1024-bit
c) a 160-bit ECC key provides the same encryption strength as a 1024-bit RSA key.
What is a closed system? a) a system designed around final, closed, standards b) a system that includes industry standards c) a proprietary system that uses unpublished protocols d) any machine that does not run windows
c) a closed system uses proprietary unpublished protocols. option b) describes open systems
Many cryptographic algorithms rely on the difficulty of factoring the product of large prime numbers. Which characteristic of this problem are they relying on? a) It contains diffusion b) It contains confusion c) It is a one-way function d) It complies with Kerchoff's principle
c) a one-way function is a mathematical function that easily produces unique output values for any input, but makes it impossible to retrieve the input value with the knowledge of the output value *Kerchoff's principle* is the principle against "security via obscurity": Specifically, the Kerchoff principle (aka Kerchoff's assumption) is that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge. *Confusion* occurs when the relationship between the plain text and the key is so complicated that an attacker can't merely continue altering the plain text and analyzing the resulting ciphertext to determine the key. *Diffusion* occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.
What is the duration of a trade secret under federal law? a) 20 years b) 35 years c) Unlimited d) 50 years
c) a trade secret does not have an expiration date
Which of the following tools would be more suitable for testing a system for XSS (cross-site scripting) vulnerabilities? a) nmap b) network vulnerability scanner c) web vulnerability scanner d) network discovery scanner
c) a web vulnerability scanner, since XSS is a web-based vulnerability
The ____________________ data model has data stored in more than one database, but those databases are logically connected. The user perceives the database as a single entity, even though it consists of numerous parts interconnected over a network. a) centralized b) hierarchical c) distributed d) normalized
c) distributed
What is a security risk of an embedded system not usually found on a standard pc? a) software flaws b) access to the internet c) control of a mechanism in the physical world d) power loss
c) embedded systems have control of a mechanism in the physical world, thus representing risks not usually found on standard pcs
What of the following serves as an operational guide for both security professionals and IT operations, are flexible, and states what should be done instead of prescribing a specific product or solution? a) Policies b) Procedures c) Guidelines d) Baselines
c) guidelines
Many PCs provide the capability to run multiple applications on a single processor machine. What term is used to describe this capability? a) multiprogramming b) multithreading c) multitasking d) multiprocessing
c) multitasking. it is implemented by the OS multithreading: capability of a process to run multiple threads (e.g. multiple MS Word threads of a single MS Word process) multiprogramming: mainly used on legacy systems, it allows multiple programs to run at the same time. Implemented by software. Takes advantage of a process's I/O wait times to run other processes. multiprocessing: in systems with multiple processors it allows one application to be split between the multiple processors
Which of the following is not part of the access control relationship of the Clark-Wilson model? a) object b) subject c) programming language d) interface
c) programming language is not a component of the Clark-Wilson model. Its 3 components are subject, object and program (interface)
Which of the following would an administrator do to classified media before re-using it on a less secure environment? A) Erasing b) clearing c) purging d) overwriting
c) purging erasing = deleting clearing = overwriting
What is the implied meaning of the simple property of Biba? a) No write-up b) write-down c) read-up d) write-up
c) read-up the simple property of Biba is no read-down, which implies that read-up is allowed
Which of the following is not a required component of a digital cerificate? a) serial number b) validity period c) receiver's name d) X.509 version
c) receiver's name
In which phase of the BIA would the SLE be calculated? a) Risk identification b) Likelihood assessment c) Impact assessment d) Resource prioritization
c) the SLE represents the amount of loss, therefore it is calculated during the Impact Assessment phase
Who is responsible for classifying information? a) User b) Data custodian c) Administrator d) Data owner
d) *The data owner* role is assigned to the person who is responsible for classifying information (*DEFINES CLASSIFICATION*) *The data custodian* role is assigned to the person who is responsible for *implementing the protection* defined by the security policy and senior management
At what voltage level can static electricity cause damage to a hard drive? a) 4,000V b) 40V c) 17,000V d) 1,500V
d) 1,500V
What type of virus utilize more than one propagation technique to maximize the number of systems infected? a) Polymorphic virus b) Stealth virus c) Companion virus d) Multipartite virus
d) *Multipartite viruses* use more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other. For example file infection and boot sector infection *Polymorphic viruses* actually modify their own code as they travel from system to system.
Which of the following elements is not necessarily a part of the BCP? a) Risk acceptance details b) Emergency response guidelines c) Risk assessment d) Mobile site plan
d) The plan of the mobile site is usually not included in the BCP, but in the DRP
Adam ran a port scanner on his organization's web server, from the internet, to get a perspective of potential exposures. Which of the following results would raise the red flag about his server? a) 80/open b) 22/filtered c) 443/open d) 1433/open
d) 1433/open Only open ports represent potential security risks. Ports 80 and 443 are ports used regularly on web servers. Port 1433 is used for databases and should never be open on a web server. "Filtered port:" the port scanner is unable to determine whether a port is open or closed because a firewall is interfering with the connection attempt.
What is the max key length of 3DES? a) 56 bits b) 64 bits c) 112 bits d) 168 bits
d) 168 bits (56x3)
According to FEMA which percentage of states have at least a moderate risk of hearthquakes? a) 20% b) 40% c) 60% d) 80%
d) 80% (41 out of 50 states)
Which of the following best describes a rule-based access control model? a) It uses local rules applied to users individually b) It uses global rules applied to users individually c) It uses local rules applied to all users equally d) It uses global rules applied to all users equally
d) A rule-based access control uses global rules applied to all users equally. It does not apply rules locally, or to individual users.
What IPSec component provides assurances of message integrity and non-repudiation? a) ESP b) L2TP c) IKE d) AH
d) AH = Authentication Header The Authentication Header (AH) provides assurances of message integrity and nonrepudiation. AH also provides authentication and access control and prevents replay attacks. ESP = Encapsulating Security Payload provides confidentiality and integrity of packet contents. IKE = Internet Key Exchange
It is a cell-switching technology instead of packet-switching one: a) ISDN b) Frame Relay c) SMDS d) ATM
d) ATM is a cell-switching technology SMDS: Switched Multi-megabit Data Service. Frame Relay and ISDN are also packet switching services
You've performed a risk analysis and implemented a countermeasure. When evaluating the risk after the implementation, which of the following would be reduced? a) Exposure factor (EF) b) Single loss expectancy (SLE) c) Asset value d) Annualized Rate of Occurrence (ARO)
d) Annualized Rate of Occurrence The EF is the % of the asset's value that is lost if the vulnerability is exploited. If the vulnerability is exploited after the implementation of the countermeasure the loss would be the same (think if the countermeasure would not work). Therefore the EF would be the same and its SLE. A safeguard changes the ARO. In fact, the whole point of a safeguard is to reduce the ARO. In other words, a safeguard should reduce the number of times an attack is successful in causing damage to an asset.
Which of the following tests provide the most accurate and detailed information about the security state of a server? a) Unauthenticated scan b) Port scan c) Half-open scan d) Authenticated scan
d) Authenticated scan: the scanner has read-only access to the servers being scanned and can use this access to read configuration information from the target system and use that information when analyzing vulnerability testing results.
Which of the following is not a physical control for physical security? a) Lights b) Fences c) Locks d) CCTV system
d) CCTV is a technical control for physical security
The normal operations of a business are restored at the end of the __________________ phase of the incident response. a) Identification b) Analysis c) Lessons Learned d) Closure
d) Closure
Example of Administrative law: a) US Constitution b) EU Directives c) US Code d) Code of Federal Regulation
d) Code of Federal Regulations
Which of the following is not considered an useful item to consider when establishing the value of an asset? a) Development cost b) Intellectual property or equity value c) Liability of asset loss d) Confidentiality
d) Confidentiality is defined by the asset's sensitivity, confidentiality and value. It is not used as a valuation element.
Who or what grants permissions to users in a discretionary access control model? a) Administrators b) Access Control List c) Assigned labels d) Data custodian
d) Data custodian (= owner) grants permissions to users in a DAC model. ACLs grant permissions in a rule-based model Assigned labels are used in Mandatory access control models
WHich networking technology is based on IEEE 802.3? a) Token ring b) FDDI c) WPA d) Ethernet
d) Ethernet
What law protect the privacy rights of studentts? a) HIPAA b) SOX c) GLBA d) FERPA
d) FERPA - Family Educational Rights and Privacy Act GLBA = Gramm-Leach-Bliley Act -> relaxed regulations for customers information shared by banks and services they could provide
What amendment of the US Constitution protects individuals against wiretapping and other invasions of privacy? a) First b) Fourth c) Fifth d) Tenth
d) Fourth amendment
Which of the following symmetric encryption algorithm is not supported by S/MIME? a) DES b) 3DES c) RC2 d) IDEA
d) IDEA is not supported by S/MIME
In which scenario wold you perform bulk data transfer of backup data to an offsite storage facility? a) Incremental backup b) Full backup c) Differential backup d) Electronic vaulting
d) In an electronic vaulting scenario, database backups are moved to a remote site using bulk transfers.
What type of addressing scheme supplies the cpu with a memory location which contains the memory address of the operand? a) Direct b) Immediate c) Base+offset d) Indirect
d) Indirect
What is the most common form of perimeter security devices or mechanisms? a) CCTV b) Fences c) Security Guards d) Lighting
d) Lighting
Which of the following alternate processing arrangement is rarely implemented? a) Cold site b) Warm site c) Hot site d) MAA
d) MAA (Mutual Assistance Agreement) is rarely implement because of the confidentiality issues related to two companies sharing the same resources
Tom built a table consisting of his customer's names, phone numbers and customer ID. The database contains the data for 30 customers. What is the degree of his database? a) One b) Thirty c) Non defined d) Three
d) Three Degree is the # of columns or attributes Cardinality is the # of rows
What type of cryptographic attack rendered 2DES no more secure than standard DES encryption? a) Birthday attack b) Chosen ciphertext attack c) Man-in-the-middle attack d) Meet-in-the-middle attack
d) Meet-in-the-middle attack In the *meet-in-the-middle attack*, the attacker uses a known plaintext message. The plain text is then encrypted using every possible key (k1), and the equivalent ciphertext is decrypted using all possible keys (k2). When a match is found, the corresponding pair (k1, k2) represents both portions of the double encryption. This type of attack generally takes only double the time necessary to break a single round of encryption (or 2n rather than the anticipated 2n * 2n), offering minimal added protection. The *birthday attack*, also known as a *collision attack* or *reverse hash matching*, seeks to find flaws in the one-to-one nature of hashing functions. In this attack, the malicious individual seeks to substitute in a digitally signed communication a different message that produces the same message digest, thereby maintaining the validity of the original digital signature.
Which of the following algorithms is now considered insecure? a) El Gamal b) RSA c) Skipjack d) Merkle-Hellman Knapsack
d) Merkle-Hellman Knapsack, which relies on the difficulty of factoring super-increasing sets, has been broken by cryptoanalists
Which of the following security modes does not require that all users have a clearance for the highest level of information processed by the system? a) Dedicated b) Sytem high c) Compartmented d) Multilevel
d) Multilevel
WHich of the following is not a benefit of NAT? a) Hiding the internal IP addressing scheme b) Sharing a few number of public internet addresses with a large number of internal clients c) Using the private IP addresses defined by RFC1918 d) Filtering network traffic to prevent brute force attacks
d) NAT does not prevent brute-force attacks
What law amended the Computer Fraud and Abuse Act to include protections for portions of the national infrastructure? a) Government Information Security Reform Act b) Computer Security Act c) Comprehensive Computer Control Act d) National Information Infrastructure Protection Act
d) National Information Infrastructure Protection Act
Which of the following DES modes can be used for large messages with the assurance that an early error in the message is not going to propagate throughout the communication? a) Cypher Blocking Chaining (CBC) b) Electronic Codebook (EBC) c) Cypher Feedback (CFB) d) Output Feedback (OFB)
d) OFB CBC and CFB will propagate errors. EBC is not suitable for large amounts of data
Which of the following is not a hashing algorithm? a) MD3 b) MD5 c) SHA-1 d) PGP
d) PGP (Pretty Good Privacy) is an encryption algorithm used for securing emails.
Which of the following methods is the most reliable method for destroying data on a Solid State Drive? a) Erasing b) Degaussing c) Deleting d) Purging
d) Purging
During threat modeling several options exist for ranking the severity and priority of threats. Which of the following options is not a threat modeling ranking system? a) DREAD b) Probability * Damage potential c) High/Medium/Low d) Qualitative analysis
d) Qualitative analysis is part of risk assessment/risk management, but not specifically a means for ranking or rating the severity and priority of threats. DREAD rating system is designed to provide a flexible rating solution that is based on the answers to five main questions about each threat: *D*amage potential *R*eproducibility *E*xploitability *A*ffected users *D*iscoverability
Which of the following does not erase data? a) Purging b) Clearing c) Overwriting d) Remanence
d) Remanence is not a method for erasing data, but the data that remains after data erasure on a magnetic disk, due to residual magnetic flux
What procedure returns business facilities and environments to a working state? a) Recovery b) Reparation c) Respiration d) Restoration
d) Restoration Recovery and restoration are separate concepts. In this context, recovery involves bringing business operations and processes back to a working state. Restoration involves bringing a business facility and environment back to a workable state.
What would the security personnel do during the remediation step of an incident response? a) Contain the incident b) Collect evidence c) Rebuild system d) Root cause analysis
d) Root cause analysis. In the remediation stage, personnel look at the incident and attempt to identify what allowed it to occur, and then implement methods to prevent it from happening again. This includes performing a root cause analysis. Rebuilding the system may be required and would be performed during the recovery step *Incident response steps:* Detection -> Response -> Mitigation -> Reporting -> Recovery -> Remediation -> Lessons Learned
Which of the following is the best choice to support a federated identity management system? a) Kerberos b) XML c) HTML d) SAML
d) SAML (Security Assertion Markup Language) is a XML-based language used to exchange information for Single Sign-On (SSO) between organizations within a federated identity management system. Kerberos supports SSO within a single organization, not a federation.
What is the name of the security protocol implemented by Visa and Mastercard for the secured transaction of credit cards? a) SSH b) SSL c) S-HTTP d) SET
d) SET (Secure Electronic Transaction) protocol
What type of network discovery scan attempts to simulate an already open network connection? a) TCP connect scan b) Xmas scan c) TCP SYN d) TCP ACK
d) TCP ACK Scanning Sends a packet with the ACK flag set, indicating that it is part of an open connection.
What element of data categorization management can override all other forms of data management control? a) Classification b) Physical access c) Custodian responsibilities d) Taking ownership
d) Taking ownership. It overrides controls and gives full access and control of the object
What is the goal of a BCP? a) MTD and RTO are equal b) MtD and RTO do not cohexist c) MtD is less than RTO d) RTO is less than MTD
d) The goal of a BCP is to ensure the Return Time objective (RTO) is shorter than the Maximum Tolerable Downtime (MTD)
Which of the following best describes a characteristic of the mandatory access control model? a) Employs explicit-deny principles b) Permissive c) Rule-based d) Prohibitive
d) The mandatory access control model is prohibitive and has a implicit-deny philosophy (not explicit deny). It is not permissive. It uses labels rather than rules.
Which of the following would not be the primary goal of a grudge attack? a) Disclosing embarrassing personal information b) Launching a virus on an organization's system c) Sending inappropriate emails with an spoofed recipient address d) Using a automated tool to scan the company's network for vulnerable ports
d) Using an scanning tool to scan the company's network would not be the primary goal. The primary goal of a grudge attack is to cause embarrassment or retaliation
WHich of the following is not an example of network segmentation? a) Intranet b) DMZ c) Extranet d) VPN
d) VPN is a tunneling protocol, not an example of network segmentation
What type of database backup strategy involves maintaining a live backup server at a remote site? a) Remote journaling b) Transaction logging c) Electronic vaulting d) Remote mirroring
d) a live backup server strategy requires a database to be remotely mirrored
What is a security control? a) a security component that stores attributes that describe an object b) a document that describes all data classification types c) a list of valid access rules d) a mechanism that controls the access to an object
d) a security control limits the access to an object to protect it from misuse by unauthorized users
Which of the following tasks would a custodian most likely perform? a) access the data b) classify the data c) verify that the security policy is properly implemented d) backup the data
d) backup the data Most of the literature define "Data (or information) Custodian = System Administrator" users access the data the data owner classifies the data auditor verifies that the security policy is properly implemented
What electrical component is used on dynamic RAM chips? a) resistor b) transistor c) flip-flop d) capacitor
d) capacitors However, because capacitors naturally lose their charges over time, the CPU need to refresh their charges periodically, thus spending time doing it. Dynamic RAM is cheaper and slower than static RAM flip-flops are used on static RAM chips. they don't need to be refreshed
Which of the following is a characteristic of a hot site but not of a warm site? a) servers b) workstations c) comm circuits d) current data
d) current data Warm sites and hot sites contain workstations, servers and comm circuits. The main difference is that a hot site contains near real-time copies of the data and on warm sites the data needs to be restored from backups
During what phase of the IDEAL model does the organization develops solutions and then tests, refines, and implements them? a) Initiating b) Establishing c) Developing d) Acting
d) in the Acting phase the organization develops solutions and then tests, refines, and implements them.
In which phase of the SW-CMM does an organization use quantitative methods to gain a detailed understanding of the development process? a) Initial b) Repeatable c) Defined d) Managed
d) in the Managed phase
Which security principle mandates that only the minimum number of OS process should run on supervisory mode? a) abstraction b) layering c) data hiding d) least privilege
d) least privilege
In the RSA public key cryptosystem, which of the following numbers will always be the largest? a) p b) q c) e d) n
d) n n is the product of 2 large prime numbers p and q. e always need to be smaller than n. Therefore n is the largest
What is the level of access a database administrator should grant to all new users? a) read b) write c) modify d) no access
d) no access
Which of the following programming languages is less prone to a malicious modification run undetected? a) C++ b) Java c) Fortran d) VBScript
d) of all the options only VBScript is a interpreted language, which allows anyone to analyze the source code for modifications. All the other languages are compiled languages, which makes identifying malicious modifications more difficult.
What is the best water-based fire suppression system for use on a computer-room? a) wet pipe b) dry pipe c) deluge system d) pre-action system
d) pre-action system is the best water-based suppression system for a computer-room
What character should be treated carefully when encountered as user input on a web form? a) ; b) & c) * d) '
d) the single quote character (') is used in SQL queries and should be treated carefully to avoid SQL injection attacks