CISSP Study
In what type of software testing does the tester have access to the underlying source code? A. Static testing B. Dynamic testing C. Cross-site scripting testing D. Black-box testing
A. Static testing
What software development model uses a seven-stage approach with a feedback loop that allows progress one step backward? A. Boyce-Codd B. Iterative waterfall C. Spiral D. Agile
B. Iterative waterfall
Dylan is reviewing the security controls currently used by his organization and realizes that he lacks a tool that might identify abnormal actions taken by an end user. What type of tool would best meet this need? A. EDR B. Integrity monitoring C. Signature detection D. UEBA
A. EDR
Whenever an organization works with a third party, its supply chain risk management (SCRM) processes should be applied. One of the common requirements is the establishment of minimum security requirements of the third party. What should these requirements be based on? A. Existing security policy B. Third-party audit C. On-site assessment D. Vulnerability scan results
A. Existing security policy
Wendy recently accepted a position as a senior cybersecurity administrator at a U.S. government agency and is concerned about the legal requirements affecting her new position. Which law governs information security operations at federal agencies? A. FISMA B. FERPA C. CFAA D. ECPA
A. FISMA
James recently discovered an attack taking place against his organization that prevented employees from accessing critical records. What element of the CIA Triad was violated? A. Identification B. Availability C. Encryption D. Layering
B. Availability
Francis is reviewing the source code for a database-driven web application that his company is planning to deploy. He is paying particular attention to the use of input validation within that application. Of the characters listed here, which is most commonly used in SQL injection attacks? A. ! B. & C. * D. '
C. *
What method is a systematic effort to identify relationships between mission-critical applications, processes, and operations and all the necessary supporting elements when evaluating the security of a facility or designing a new facility? A. Log file audit B. Critical path analysis C. Risk analysis D. Taking inventory
B. Critical path analysis
An organization wants to use a wireless network internally, but they do not want any possibility of external access or detection. What security tool should be used? A. Air gap B. Faraday cage C. Biometric authentication D. Screen filters
B. Faraday cage
Ron believes that an attacker accessed a highly secure system in his data center and applied high-voltage electricity to it in an effort to compromise the cryptographic keys that it uses. What type of attack does he suspect? A. Implementation attack B. Fault injection C. Timing D. Chosen ciphertext
B. Fault injection
You operate a grain processing business and are developing your restoration priorities. Which one of the following systems would likely be your highest priority? A. Order-processing system B. Fire suppression system C. Payroll system D. Website
B. Fire suppression system
The Jones Institute has six employees and uses a symmetric key encryption system to ensure confidentiality of communications. If each employee needs to communicate privately with every other employee, how many keys are necessary? A. 1 B. 6 C. 15 D. 30
C. 15
Brian administers a symmetric cryptosystem used by 20 users, each of whom has the ability to communicate privately with any other user. One of those users lost control of their account and Brian believes that user's keys were compromised. How many keys must he change? A. 1 B. 2 C. 19 D. 190
C. 19
Name the Preventative Controls
Antivirus and antimalware applications Cybersecurity awareness training Data loss prevention (DLPs) Firewalls Gateways Intrusion prevention systems (IPSs)
Ruth recently obtained a utility patent covering a new invention that she created. How long will she retain legal protection for her invention? A. 14 years from the application date B. 14 years from the date the patent is granted C. 20 years from the application date D. 20 years from the date the patent is granted
C. 20 years from the application date
If a 2,048-bit plaintext message were encrypted with the El Gamal public key cryptosystem, how long would the resulting ciphertext message be? A. 1,024 bits B. 2,048 bits C. 4,096 bits D. 8,192 bits
C. 4,096 bits
Brandon is analyzing network traffic and is searching for user attempts to access websites over secure TLS connections. What TCP port should Brandon add to his search filter because it would normally be used by this traffic? A. 22 B. 80 C. 443 D. 1443
C. 443
Renee is reporting the results of her organization's BIA to senior leaders. They express frustration at all of the detail, and one of them says, "Look, we just need to know how much we should expect these risks to cost us each year." What measure could Renee provide to best answer this question? A. ARO B. SLE C. ALE D. EF
C. ALE
During a risk management project, an evaluation of several controls determines that none are cost-effective in reducing the risk related to a specific important asset. What risk response is being exhibited by this situation? A. Mitigation B. Ignoring C. Acceptance D. Assignment
C. Acceptance
Your organization is considering deploying a software-defined network (SDN) in the data center. Which of the following access control model is commonly used in a SDN? A. Mandatory Access Control (MAC) model B. Attribute-Based Access Control (ABAC) model C. Role-Based Access Control (RBAC) model D. Discretionary Access Control (DAC) model
B. Attribute-Based Access Control (ABAC) model
Security administrators are reviewing all the data gathered by event logging. Which of the following best describes this body of data? A. Identification B. Audit trails C. Authorization D. Confidentiality
B. Audit trail
While reviewing the facility design blueprints, you notice several indications of a physical security mechanism being deployed directly into the building's construction. Which of the following is a double set of doors that is often protected by a guard and is sued to contain a subject until their identity and authentication are verified? A. Gate B. Turnstile C. Access control vestibule D. Proximity detector
C. Access control vestibule
What type of evidence refers to written documents that are brought into court to prove a fact? A. Best evidence B. Parol evidence C. Documentary evidence D. Testimonial evidence
C. Documentary evidence
The board of directors of Clashmore Circuits conducts and annual review of the business continuity planning process to ensure that adequate measures are in place to minimize the effect of a disaster on the organization's continued viability. What obligation are they satisfying by this review? A. Corporate responsibility B. Disaster requirement C. Due diligence D. Going concern responsibility
C. Due diligence
Tim is working to improve his organization's antimalware defenses and would also like to reduce the operational burden on his security team. Which one of the following solutions would best meet his needs? A. UEBA B. MDR C. EDR D. NGEP
C. EDR
Which of the following is true related to a subject? A. A subject is always a user account. B. The subject is always the entity that provides or hosts information or data. C. The subject is always the entity that receives information about or data from an object. D. A single entity can never change roles between subject and object.
C. The subject is always the entity that receives information about or data from an object.
After installing an application on a user's system, your supervisor told you to remove it because it is consuming most of the system's resources. Which of the following prevention systems did you most likely install? A. A network-based intrusion detection system (NIDS) B. A web application firewall (WAF) C. A security information and event management (SIEM) system D. A host-based intrusion detection system (HIDS)
D. A host-based intrusion detection system (HIDS)
List and define the six cyclical phases of the Risk Management Framework (RMF):
- Prepare to execute the RMF from an organization- and system-level perspective by establishing a context and priorities for managing security and privacy risk. - Categorize the system and the information processed, stored, and transmitted by the system based on an analysis of the impact of loss. - Select an initial set of controls for the system and tailor the controls as needed to reduce risk to an acceptable level based on an assessment of risk. - Implement the controls and describe how the controls are employed within the system and its environment of operation. - Assess the controls to determine if the controls are implemented correctly, operating as intended, and producing the desired outcomes with respect to satisfying the security and privacy requirements. - Authorize the system or common controls based on a determination that the risk to organizational operations and assets, individuals, other organizations, and the nation is acceptable. - Monitor the system and the associated controls on an ongoing basis to include assessing control effectiveness, documenting changes to the system and environment of operation, conducting risk assessments and impact analyses, and reporting the security and privacy posture of the system.
You are concerned about the risk that a hurricane poses to your corporate headquarters in South Florida. The building itself is valued at $15 million. After consulting with the National Weather Service, you determine that there is a 10 percent likelihood that a hurricane will strike over the course of a year. You hired a team of architects and engineers, who determined that the average hurricane would destroy approximately 50 percent of the building. What is the annualized loss expectancy (ALE)? A. $750,000 B. $1.5 million C. $7.5 million D. $15 million
A $750,000
Match the term to its definition: 1. Asset 2. Threat 3. Vulnerability 4. Exposure 5. Risk I. The weakness in an asset, or the absence or the weakness of a safeguard or countermeasure. II. Anything used in a business process or task. III. Being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited. IV. The possibility or likelihood that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result. V. Any potential occurrence that may cause an undesirable or unwanted outcome for an organization or for a specific asset. A. 1-II, 2-V, 3-I, 4-III, 5-IV B. 1-I, 2-II, 3-IV, 4-II, 5-V C. 1-II, 2-V, 3-I, 4-IV, 5-III D. 1-IV, 2-V, 3-III, 4-II, 5-I
A. 1-II, 2-V, 3-I, 4-III, 5-IV
While evaluating network traffic, you discover several addresses that you are not familiar with. Several of the addresses are in the range of addresses assigned to internal network segments. Which of the following IP addresses are private IPv4 addresses as defined by RFC 1918? (Choose all that apply.) A. 10.0.0.18 B. 169.254.1:.119 C. 172.31.8.204 D. 192.168.6.43
A. 10.0.0.18 C. 172.31.8.204 D. 192.168.6.43
The Children's Online Privacy Protection Act (COPPA) was designed to protect the privacy of children using the internet. What is the minimum age a child must be before companies can collect personal identifying information from them without parental consent? A. 13 B. 14 C. 15 D. 16
A. 13
Darren is concerned about the risk of a serious power outage affecting his organization's data center. He consults the organization's business impact analysis and determines that the ARO of a power outage is 20 percent. He notes that the assessment took place three years ago and no power outage has occurred. What ARO should he use in this year's assessment, assuming that none of the circumstances underlying the analysis have changed? A. 20 percent B. 50 percent C. 75 percent D. 100 percent
A. 20 percent
Acme Widgets currently uses a 3,072-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If the company wants to maintain the same cryptographic strength, what ECC key length should it use? A. 256 bits B. 512 bits C. 1,024 bits D. 2,048 bits
A. 256 bits
You are installing a system that management hopes will reduce incidents in the network. The setup instructions require you to configure it inline with traffic so that all traffic goes through it before reaching the internal network. Which of the following choices best identifies this system? A. A network-based intrusion prevention system (NIPS) B. A network-based intrusion detection system (NIDS) C. A host-based intrusion prevention system (HIPS) D. A host-based intrusion detection system (HIDS)
A. A network-based intrusion prevention system (NIPS)
Victoria is choosing an encryption algorithm for use within her organization and would like to choose the most secure symmetric algorithm from a list of those supported by the software package she intends to use. If the package supports the following algorithms, which would be the best option? A. AES-256 B. 3DES C. RC4 D. Skipjack
A. AES-256
During the annual review of the company's deployed security infrastructure, you have been reevaluating each security control selection. How is the value of a safeguard to a company calculated? A. ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard B. ALE before safeguard * ARO of safeguard C. ALE after implementing safeguard + annual cost of safeguard - controls gap D. Total risk - control gap
A. ALE before safeguard - ALE after implementing the safeguard - annual cost of safeguard
Which of the following are examples of financially motivated attacks? (Choose all that apply.) A. Accessing services that you have not purchased B. Disclosing confidential personal employee information C. Transferring funds from an unapproved source into your account D. Selling a botnet for use in a DDoS attack
A. Accessing services that you have not purchased C. Transferring funds from an unapproved source into your account D. Selling a botnet for use in a DDoS attack
Security configuration guidelines issued by your CISO require that all HTTP communications be secure when communicating with internal web services. Which of the following is true in regards to using TLS? (Choose all that apply.) A. Allows for use of TCP port 443 B. Prevents tampering, spoofing, and eavesdropping C. Requires two-way authentication D. Is backward compatible with SSL sessions E. Can be used as a VPN solution
A. Allows for the use of TCP port 443 B. Prevents tampering, spoofing, and eavesdropping E. Can be used as a VPN solution
Which of the following are valid definitions for risk? (Choose all that apply.) A. An assessment of probability, possibility, or chance B. Anything that removes a vulnerability or protects against one or more specific threats C. Risk = threat * vulnerability D. Every instance of exposure E. The presence of a vulnerability when a related threat exists
A. An assessment of probability, possibility, or chance C. Risk = threat * vulnerability D. Every instance of exposure
You are updating the training manual for security administrators and want to add a description of a zero-day exploit. Which of the following best describes a zero-day exploit? A. An attack that exploits a vulnerability that doesn't have a patch or fix. B. A newly discovered vulnerability that doesn't have a patch or fix C. An attack on systems without an available patch D. Malware that delivers its payload after a user starts and application
A. An attack that exploits a vulnerability that doesn't have a patch or fix.
Gavin is considering altering his organization's log retention policy to delete logs at the end of each day. What is the most important reason that he should avoid this approach? A. An incident may not be discovered for several days and valuable evidence could be lost. B. Disk space is cheap, and the log files are used frequently. C. Log files are protected and cannot be altered. D. Any information in a log file is useless after it is several hours old.
A. An incident may not be discovered for several days and valuable evidence could be lost.
A(n) _________________________________ firewall is able to make access control decisions based on the content of communications as well as the parameters of the associated protocol and software. A. Application-level B. Stateful inspection C. Circuit-level D. Static packet filtering
A. Application-level
A company is developing a new product to perform simple automated tasks related to indoor gardening. The device will be able to turn lights on and off and control a pump to transfer water. The technology to perform these automated tasks needs to be small and inexpensive. It only needs minimal computational capabilities, does not need networking, and should be able to execute C++ commands natively without the need of an OS. The organization thinks that using an embedded system or microcontroller may be able to provide the functionality necessary for the product. Which of the following is the best choice to use for this new product? A. Arduino B. RTOS C. Raspberry Pi D. FPGA
A. Arduino
Internet Protocol Security (IPsec) is a standard of IP security extensions used as an add-on for IPv4 and integrated into IPv6. What IPsec component provides assurances of message integrity and nonrepudiation? A. Authentication Header B. Encapsulating Security Payload C. IP Payload Compression protocol D. Internet Key Exchange
A. Authentication Header
What are the primary reasons attackers engage in thrill attacks? (Choose all that apply.) A. Bragging rights B. Money from the sale of stolen documents C. Pride of conquering a secure system D. Retaliation against a person or organization
A. Bragging rights C. Pride of conquering a secure system
Which of the following statements about business continuity planning and disaster recovery planning are correct? (Choose all that apply.) A. Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes. B. Organizations can choose whether to develop business continuity planning or disaster recovery planning plans C. Business continuity planning picks up where disaster recovery planning leaves off. D. Disaster recovery planning guides and organization through recovery of normal operations at the primary facility.
A. Business continuity planning is focused on keeping business functions uninterrupted when a disaster strikes. B. Organizations can choose whether to develop business continuity planning or disaster recovery planning plans D. Disaster recovery planning guides and organization through recovery of normal operations at the primary facility.
What U.S. state was the first to pass a comprehensive privacy law modeled after the requirements of the European Union's General Data Protection Regulation? A. California B. New York C. Vermont D. Texas
A. California
In today's business environment, prudence is mandatory. Showing due diligence and due care is the only way to disprove negligence in an occurrence of loss. Which of the following are true statements? (Choose all that apply.) A. Due diligence is establishing a plan, policy, and process to protect the interests of an organization. B. Due care is developing a formalized security structure containing a security policy, standards, baselines, guidelines, and procedures. C. Due diligence is the continued application of a security structure onto the IT infrastructure of an organization. D. Due care is practicing the individual activities that maintain the security effort. E. Due care is knowing what should be done and planning for it. F. Due diligence is doing the right action at the right time.
A. Due diligence is establishing a plan, policy, and process to protect the interests of an organization. D. Due care is practicing the individual activities that maintain the security effort.
Which of the following is a true statement in regard to security cameras? (Choose all that apply.) A. Cameras should be positioned to watch exit and entry points allowing any change in authorization or access level. B. Cameras are not needed around valuable assets and resources as well as to provide additional protection in public areas such as parking structures and walkways. C. Cameras should be positioned to have clear sight lines of all exterior walls, entrance and exit points, and interior hallways. D. Security cameras should only be overt and obvious in order to provide a deterrent benefit. E. Security cameras have a fixed area of view for recording. F. Some camera systems include a system on a chip (SoC) or embedded components and may be able to perform various specialty functions, such as time-lapse recording, tracking, facial recognition, object detection, or infrared or color-filtered recording. G. Motion detection or sensing cameras can always distinguish between humans and animals.
A. Cameras should be positioned to watch exit and entry points allowing any change in authorization or access level. C. Cameras should be positioned to have clear sight lines of all exterior walls, entrance and exit points, and interior hallways. F. Some camera systems include a system on a chip (SoC) or embedded components and may be able to perform various specialty functions, such as time-lapse recording, tracking, facial recognition, object detection, or infrared or color-filtered recording.
Beth is assessing the vulnerability of a cryptographic system to attack. She believes that the cryptographic keys are properly secured and that the system is using a modern, secure algorithm. Which one of the following attacks would most likely still be possible against the system by an external attacker who did not participate in the system and did not have physical access to the facility? A. Ciphertext only B. Known plaintext C. Chosen plaintext D. Fault injection
A. Ciphertext only
What occurs when the relationship between the plaintext and the key is complicated enough that an attacker can't merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key? (Choose all that apply.) A. Confusion B. Transposition C. Polymorphism D. Diffusion
A. Confusion D. Diffusion
Matthew recently authored an innovative algorithm for solving a mathematical problem, and he wants to share it with the world. However, prior to publishing the software code in a technical journal, he wants to obtain some sort of intellectual property protection. Which type of protection is best suited to his needs? A. Copyright B. Trademark C. Patent D. Trade secret
A. Copyright
Due to recent organization restructuring, the CEO believes that new workers should be hired to perform necessary work tasks and support the mission and goals of the organization. When seeking to hire new employees, what is the first step? A. Create a job description. B. Set position classifications. C. Screen candidates. D. Request resumes.
A. Create a job description
You want to apply the least privilege principle when creating new accounts in the software development department. Which of the following should you do? A. Create each account with only the rights and permissions needed by the employee to perform their job. B. Give each account full rights and permissions to the servers in the software development department. C. Create each account with no rights and permissions. D. Add the accounts to the local Administrators group on the new employee's computer.
A. Create each account with only the rights and permissions needed by the employee to perform their job.
What type of backup involves always storing copies of all files modified since the most recent full backup? A. Differential backups B. Partial backup C. Incremental backups D. Database backup
A. Differential backups
Which of the following access control models allows the owner of data to modify permissions? A. Discretionary Access Control (DAC) B. Mandatory Access Control (MAC) C. Rule-based access control D. Risk-based access control
A. Discretionary Access Control (DAC)
Which of the following is a means for IPv6 and IPv4 to be able to coexist on the same network? (Choose all that apply.) A. Dual stack B. Tunneling C. IPsec D. NAT-PT E. IP sideloading
A. Dual stack B. Tunneling D. NAT-PT
The CISO wants to improve the organization's ability to manage and prevent malware infections. Some of her goals are to (1) detect, record, evaluate, and respond to suspicious activities and events, which may be cause by problematic software or by valid and invalid users, (2) collect event information and report it to a central ML analysis engine, and (3) detect abuses that are potentially more advanced than what can be detected by traditional antivirus or HIDSs. The solution needs to be able to reduce response and remediation time, reduce false positives, and manage multiple threats simultaneously. What solution is the CISO wanting to implement? A. EDR B. NGFW C. WAF D. XSRF
A. EDR
Supply chain risk management (SCRM) is a means to ensure that all the vendors or links in the supply chain are reliable, trustworthy, reputable organizations. Which of the following are true statements? (Choose all that apply.) A. Each link in the supply chain should be responsible and accountable to the next link in the chain. B. Commodity vendors are unlikely to have mined their own metals or processed the oil for plastics or etched the silicon of their chips. C. If the final product derived from a supply chain meets expectations and functional requirements, it is assured to not have unauthorized elements. D. Failing to properly secure a supply chain can result in flawed or less reliable products, or even embedded listing or remote control mechanisms.
A. Each link in the supply chain should be responsible and accountable to the next link in the chain. B. Commodity vendors are unlikely to have mined their own metals or processed the oil for plastics or etched the silicon of their chips. D. Failing to properly secure a supply chain can result in flawed or less reliable products, or even embedded listing or remote control mechanisms.
James has been hired to be a traveling repair technician. He will be visiting customers all over the country in order to provide support services. He has been issued a portable workstation with 4G and 5G data service. What are some concerns when using this capability? (Choose all that apply.) A. Eavesdropping B. Rogue towers C. Data speed limitations D. Reliability of establishing a connection E. Compatibility with cloud services F. Unable to perform duplex communications
A. Eavesdropping B. Rogue towers D. Reliability of establishing a connection
A major online data service wants to provide better response and access times for its users and visitors. They plan on deploying thousands of mini-web servers to ISPs across the nation. These mini-servers will host the few dozen main pages of their website so that users will be routed to the logically and geographically closest server for optimal performance and minimal latency. Only if a user requests data not on these mini-servers will they be connecting to the centralized main web cluster hosted at the company's headquarters. What is this type of deployment commonly known as? A. Edge computing B. Fog computing C. Thin clients D. Infrastructure as code
A. Edge computing
Multimedia collaboration is the use of various multimedia-supporting communication solutions to enhance distance collaboration (people working on a project together remotely). Often, collaboration allows workers to work simultaneously as well as across different time frames. Which of the following are important security mechanisms to impose on multimedia collaboration tools? (Choose all that apply.) A. Encryption of communications B. Multifactor authentication C. Customization of avatars and filters D. Logging of events and activities
A. Encryption of communications B. Multifactor authentication D. Logging of events and activities
While designing the security for the organization, you realize the importance of not only balancing the objectives of the organization against security goals but also focusing on the shared responsibility of security. Which of the following is considered an element of shared responsibility? (Choose all that apply.) A. Everyone in an organization has some level of security responsibility. B. Always consider the threat to both tangible and intangible assets. C. Organizations are responsible to their stakeholders for making good security decisions in order to sustain the organization. D. When working with third parties, especially with cloud providers, each entity needs to understand their portion of the shared responsibility of performing work operations and maintaining security. E. Multiple layers of security are required to protect against adversary attempts to gain access to internal sensitive resources. F. As we become aware of new vulnerabilities and threats, we should consider it our responsibility (if not our duty) to responsible disclose that information to the proper vendor or to an information sharing center.
A. Everyone in an organization has some level of security responsibility. B. Always consider the threat to both tangible and intangible assets. C. Organizations are responsible to their stakeholders for making good security decisions in order to sustain the organization. D. When working with third parties, especially with cloud providers, each entity needs to understand their portion of the shared responsibility of performing work operations and maintaining security. F. As we become aware of new vulnerabilities and threats, we should consider it our responsibility (if not our duty) to responsible disclose that information to the proper vendor or to an information sharing center.
What type of document will help public relations specialists and other individuals who need a high-level summary of disaster recovery efforts while they are under way? A. Executive summary B. Technical guides C. Department-specific plans D. Checklists
A. Executive summary
Sally has a user account and has previously logged on using a biometric system. Today, the biometric system didn't recognize her, so she wasn't able to log on. What does this describe? A. False rejection B. False acceptance C. Crossover error D. Equal error
A. False rejection
An organization wants to implement biometrics for authentication, but management doesn't want to use fingerprints. Which of the following is the most likely reason why management does want to use fingerprints? A. Fingerprints can be counterfeited. B. Fingerprints can be changed. C. Fingerprints aren't always available. D. Registration takes too long.
A. Fingerprints can be counterfeited.
What combination of backup strategies provides the fastest backup restoration time? A. Full backups and differential backups B. Partial backups and incremental backups C. Full backups and incremental backups D. Incremental backups and differential backups
A. Full backups and differential backups
What type of chart provides a graphical illustration of a schedule that helps to plan, coordinate, and track project tasks? A. Gantt B. Venn C. Bar D. PERT
A. Gantt
Control Objectives for Information and Related Technology (COBIT) is a documented set of best IT security practices crafted by the Information Systems Audit and Control Association (ISACA). It prescribes goals and requirements for security controls and encourages the mapping of IT security ideals to business objectives. COBIT is based on six key principles for governance and management of enterprise IT. Which of the following are among these key principles? (Choose all that apply.) A. Holistic Approach B. End-to-End Governance System C. Provide Stakeholder Value D. Maintaining Authenticity and Accountability E. Dynamic Governance System
A. Holistic Approach B. End-to-End Governance System C. Provide Stakeholder Value E. Dynamic Governance System
A recent security audit of your organization's facilities has revealed a few items that need to be addressed. A few of them are related to your main data center. But you think at least one of the findings is a false positive. Which of the following does not need to be true in order to maintain the most efficient and secure server room? A. It must be optimized for workers. B. It must include the use of nonwater fire suppressants. C. The humidity must be kept between 20 and 80 percent. D. The temperature must be kept between 59 and 89.6 degrees Fahrenheit.
A. It must be optimized for workers.
A financial organization commonly has employees switch duty responsibilities every 6 months. What security principle are they employing? A. Job rotation B. Separation of duties C. Mandatory vacations D. Least privilage
A. Job rotation
Which security framework was initially crafted by a government for domestic use but is now an international standard, which is a set of recommended best practices for optimization of IT services to support business growth, transformation, and change; which focuses on understanding how IT and security need to be integrated with and alight the objectives of an organization; and which is often used as a starting point the for the crafting of a customized IT security solution within an established infrastructure? A. ITIL B. ISO 27000 C. CIS D. CSF
A. ITIL
Which of the following items are required to ensure logs accurately support accountability? (Choose two.) A. Identification B. Authorization C. Auditing D. Authentication
A. Identification D. Authentication
Annaliese's organization is undergoing a period of increased business activity where they are conducting a large number of mergers and acquisitions. She is concerned about the risks associated with those activities. Which of the following are examples of those risks? (Choose all that apply.) A. Inappropriate information disclosure B. Increased worker compliance C. Data loss D. Downtime E. Additional insight into the motivations of inside attackers F. Failure to achieve sufficient return on investment (ROI)
A. Inappropriate information disclosure C. Data loss D. Downtime F. Failure to achieve sufficient return on investment
Christine is helping her organization implement a DevOps approach to deploying code. Which one of the following is not a component of the DevOps model? A. Information security B. Software development C. Quality assurance D. IT operations
A. Information security
Which one of the following is a cloud-based service model that gives an organization the most control and requires the organization to perform all maintenance on operating systems and applications? A. Infrastructure as a service (IaaS) B. Platform as a service (PaaS) C. Software as a service (SaaS) D. Public
A. Infrastructure as a service (IaaS)
A new web application was installed onto the company's public web server last week. Over the weekend a malicious hacker was able to exploit the new code and gained access to data files hosted on the system. This is an example of what issue? A. Inherent risk B. Risk matrix C. Qualitative assessment D. Residual risk
A. Inherent risk
What is used to increase the strength of cryptography by creating a unique ciphertext every time the same message is encrypted with the same key? A. Initialization vector B. Vegenere cipher C. Steganography D. Stream cipher
A. Initialization vector
You are the IT security manager for a retail merchant organization that is just going online with an ecommerce website. You hired several programmers to craft the code that is the backbone of your new web sales system. However, you are concerned that although the new code functions well, it might not be secure. You being to review the code to track down issues and concerns. Which of the following do you hope to find in order to prevent or protect against XSS? (Choose all that apply.) A. Input validation B. Defensive coding C. Allowing script input D. Escaping metacharacters
A. Input validation B. Defensive coding D. Escaping metacharacters
You are troubleshooting a problem on a user's computer. After viewing the host-based intrusion detection system (HIDS) logs, you determine that the computer has been compromised by malware. Of the following choices, what should you do next? A. Isolate the computer from the network. B. Review the HIDS logs of neighboring computers. C. Run an antivirus scan. D. Analyze the system to discover how it was infected.
A. Isolate the computer from the network.
Which of the following are basic security controls that can prevent many attacks? (Choose three.) A. Keep systems and applications up to date. B. Implement security orchestration, automation, and response (SOAR) technologies. C. Remove or disable unneeded services or protocols. D. Use up-to-date antimalware software. E. Use WAFs as the border
A. Keep systems and applications up to date. C. Remove or disable unneeded services or protocols. D. Use up-to-date antimalware software
Ryan is responsible for managing the cryptographic keys used by his organization. Which of the following statements are correct about how he should select and mange those keys? (Choose all that apply.) A. Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive. B. Keys should be chosen using an approach that generates them from a predictable pathern. C. Keys should be maintained indefinitely. D. Longer keys provide greater levels of security.
A. Keys should be sufficiently long to protect against future attacks if the data is expected to remain sensitive. D. Longer keys provide greater levels of security.
Extensible Authentication Protocol (EAP) is one of the three authentication options provided by Point-to-Point Protocol (PPP). EAP allows customized authentication security solutions. Which of the following are examples of actual EAP methods? (Choose all that apply.) A. LEAP B. EAP-VPN C. PEAP D. EAP-SIM E. EAP-FAST F. EAP-MBL G. EAP-MD5 H. VEAP I. EAP-POTP J. EAP-TLS K. EAP-TTLS
A. LEAP C. PEAP D. EAP-SIM E. EAP-FAST G. EAP-MD5 I. EAP-POTP J. EAP-TLS K. EAP-TTLS
Defense in depth is simply the use of multiple controls in a series. No one control can protect against all possible threats. Using a multilayered solution allows for numerous, different controls to guard against whatever threats come to pass. Which of the following are terms that relate to or are based on defense in depth? (Choose all that apply.) A. Layering B. Classifications C. Zones D. Realms E. Compartments F. Silos G. Segmentations H. Lattice structure I. Protection rings
A. Layering B. Classifications C. Zones D. Realms E. Compartments F. Silos G. Segmentations H. Lattice structure I. Protection rings
A developer added a subroutine to a web application that checks to see whether the data is April 1, and if it is, randomly changes user account balances. What type of malicious code is this? A. Logic bomb B. Worm C. Trojan horse D. Virus
A. Logic bomb
Your organization is considering deploying a publicly available screen saver to use spare system resources to process sensitive company data. What is a common security risk when using grid computing solutions that consume available resources from computers over the internet? A. Loss of data privacy B. Latency of communication C. Duplicate work D. Capacity fluctuation
A. Loss of data privacy
Ryan is assisting with his organization's annual business impact analysis effort. He's been asked to assign quantitative values to assets as part of the priority identification exercise. What unit of measure should he use? A. Monetary B. Utility C. Importance D. Time
A. Monetary
John recently received an email message from Bill. What cryptographic goal would need to be met to convince John that Bill was actually the sender of the message? A. Nonrepudiation B. Confidentiality C. Availability D. Integrity
A. Nonrepudiation
A cloud-based provider has implemented an SSO technology using JSON Web Tokens. The tokens provide authentication information and include user profiles. Which of the following best identifies this technology? A. OIDC B. OAuth C. SAML D. OpenID
A. OIDC
James is the administrator for his organization's symmetric key cryptographic system. He issues keys to users when the need arises. Marry and Beth recently approached him and presented a need to be able to exchange encrypted files securely. How many keys must James generate? A. One B. Two C. Three D. Four
A. One
Mark is configuring the remote access server to receive inbound connections from remote workers. He is following a configuration checklist to ensure that the telecommuting links are compliant with company security policy. What authentication protocol offers no encryption or protection for logon credentials? A. PAP B. CHAP C. EAP D. RADIUS
A. PAP
A security administrator wants to verify the existing systems are up to date with current patches. Of the following choices, what is the best method to ensure systems have the required patches? A. Patch management system B. Patch scanner C. Penetration tester D. Fuzz tester
A. Patch management system
What step of the Electronic Discovery Reference Model ensures that information that may be subject to discovery is not altered? A. Preservation B. Production C. Processing D. Presentation
A. Preservation
Which of the following best expresses the primary goal when controlling access to assets? A. Preserve confidentiality, integrity, and availability of systems and data. B. Ensure that only valid objects can authenticate on a system. C. Prevent unauthorized access to subjects. D. Ensure that all subjects are authenticated.
A. Preserve confidentiality, integrity, and availability of systems and data.
Tom is an adviser to a federal government agency that collects personal information from constituents. He would like to facilitate a research relationship between that firm that involves the sharing of personal information with several universities. What law prevents government agencies from disclosing personal information that an individual supplies to the government under protected circumstances? A. Privacy Act B. Electronic Communications Privacy Act C. Health Insurance Portability and Accountability Act D. Gramm-Leach-Bliley Act
A. Privacy Act
Which of the following is not a canon of the (ISC)^2 Code of Ethics? A. Protect your colleagues. B. Provide diligent and competent service to principals. C. Advance and protect the profession. D. Protect society.
A. Protect your colleagues.
The IT department routinely uses images when deploying new systems. Of the following choices, what is a primary benefit of using images? A. Provides a baseline for configuration management B. Improves patch management response times C. Reduces vulnerabilities from unpatched systems D. Provides documentation for changes
A. Provides a baseline for configuration management
Which of the following statements is true related to the RBAC model? A. A RBAC model allows users membership in multiple groups. B. A RBAC model allows users membership in a single group C. A RBAC model is nonhierarchical D. A RBAC model uses labels
A. RBAC model allows users membership in multiple groups.
Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack? A. Rainbow tables B. Hierarchical screening C. TKIP D. Random enhancement
A. Rainbow tables
David is responsible for reviewing a series of web applications for vulnerabilities to cross-site scripting attacks. What characteristic should he watch out for that would indicate a high susceptibility to this type of attack? A. Reflected input B. Database-driven content C. .NET technology D. CGI scripts
A. Reflected input
Management wants users to use multifactor authentication any time they access cloud-based resources. Which of the following access control models can meet this requirement? A. Risk-based access control B. Mandatory Access Control (MAC0 C. Role-based Access Control (RBAC) D. Discretionary Access Control (DAC)
A. Risk-based access control
Which of the following access control models determines access based on the environment and the situation? A. Risk-based access control B. Mandatory Access Control (MAC) C. Role-Based Access Control (RBAC) D. Attribute-Based Access Control (ABAC)
A. Risk-based access control
Administrators find that they are repeating the same steps to verify intrusion detection system alerts and perform more repetitive steps to mitigate well-known attacks. Of the following choices, what can automate these steps? A. SOAR B. SIEM C. NIDS D. DLP
A. SOAR
Dorothy is using a network sniffer to evaluate network connections. She focuses on the initialization of a TCP session. What is the first phase of the TCP three-way handshake sequence? A. SYN flagged packet B. ACK flagged packet C. FIN flagged packet D. SYN/ACK flagged packet
A. SYN flagged packet
You are developing an application that compares passwords to those stored in a Unix password file. The hash values you computer are not correctly matching those in the file. What might have been added to the stored password hashes? A. Salt B. Double hash C. Added encryption D. One-time pad
A. Salt
Your organization has just landed a new contract for a major customer. This will involve increasing production operations at the primary facility, which will entail housing valuable digital and physical assets. You need to ensure that these new assets receive proper protections. Which of the following is not a disadvantage of using security guards? A. Security guards are usually unaware of the scope of the operations within a facility. B. Not all environments and facilities support security guards. C. Not all security guards are themselves reliable. D. Prescreening, bonding, and training do not guarantee effective and reliable security guards.
A. Security guards are usually unaware of the scope of the operations within a facility.
Your organization issues devices to employees. These devices generate onetime passwords every 60 seconds. A server hosted within the organization knows what this password is at any given time. What type of device is this? A. Synchronous token B. Asynchronous token C. Smartcard D. Common access card
A. Synchronous token
Kevin is assessing his organization's obligations under state data breach notification laws. Which one of the following pieces of information would generally not be covered by a data breach notification law when it appears in conjunction with a person's name? A. Social Security number B. Driver's license number C. Credit card number D. Student identification number
D. Student identification number
An organization is considering creating a cloud-based federation using a third-part service to share federated identities. After it's completed, what will people use as their login ID? A. Their normal account B. An account given to them from the cloud-based federation C. Hybrid identity management D. Single-sign on
A. Their normal account
Which of the following is true regarding appliance firewalls? (Choose all that apply.) A. They are able to log traffic information B. They are able to block new phishing scams C. They are able to issue alarms based on suspected attacks. D. They are unable to prevent internal attacks.
A. They are able to log traffic information C. They are able to issue alarms based on suspected attacks. D. They are unable to prevent internal attacks.
Security administrators are regularly monitoring threat feeds and using that information to check systems within the network. Their goal is to discover any infections or attacks that haven't been detected by existing tools. What does this describe? A. Threat hunting B. Threat intelligence C. Implementing the kill chain D. Using artificial intelligence
A. Threat hunting
You suspect an attacker has launched a fraggle attack on a system. You check the logs and filter your search with the protocol used by fraggle. What protocol would you use in the filter? A. User Datagram Protocol (UDP) B. Transmission Control Protocol (TCP) C. Internet Control Message Protocol (ICMP) D. Security orchestration, automation and response (SOAR)
A. User Datagram Protocol (UDP)
Beth is looking through web server logs and finds form input that looks like this: <Sript>alert('Enter your password)</Sript> What type of attack has she likely discovered? A. XSS B. SQL injection C. XSRF D. TOCTTOU
A. XSS
What attack technique is often leveraged by advanced persistent threat groups but not commonly available to other attackers, such as script kiddies and hacktivists? A. Zero-day exploit B. Social engineering C. Trojan horse D. SQL injection
A. Zero-day exploit
A new startup company is designing a sensor that needs to connect wirelessly to a PC or IoT hub in order to transmit its gathered data to a local application or cloud service for data analysis. The company wants to ensure that all transferred data from the device cannot be disclosed to unauthorized entities. The device is also intended to be located within 1 meter of the PC or IoT hub it communicates with. Which of the following concepts is the best choice for this device? A. Zigbee B. Bluetooth C. FCoE D. 5G
A. Zigbee
Security investigators discovered that after attackers exploited a database server, they identified the password for the sa account. They then used this to access other servers in the network. What can be implemented to prevent this from happening in the future? A. Account deprovisioning B. Disabling an account C. Account access review D. Account revocation
Account access review
Lighter than Air Industries expects that it would lose $10 million if a tornado struck its aircraft operations facility. It expects that a tornado might strike the facility once every 100 years. What is the single loss expectancy for this scenario? A. 0.01 B. $10 million C. $100,000 D. 0.10
B. $10 million
You are concerned about the risk that an avalanche poses to your $3 million shipping facility. Based on expert opinion, you determine that there is a 5 percent chance that an avalanche will occur each year. Experts advise you that an avalanche would completely destroy your building and require you to rebuild on the same land. Ninety percent of the $3 million value of the facility is attributed to the building, and 10 percent is attributed to the land itself. What is the single loss expectancy (SLE) of your shipping facility to avalanches? A. $3 million B. $2,700,00 C. $270,000 D. $135,000
B. $2,700,000
Security documentation is an essential element of a successful security program. Understanding the components is an early step in crafting the security documentation. Match the following components to their respective definitions. 1. Policy 2. Standard 3. Procedure 4. Guideline I. A detailed, step-by-step how-to document that describes the exact actions necessary to implement a specific security mechanism, control, or solution. II. A document that defines the scope of security needed by the organization and discusses the assets that require protection and the extent to which security solutions should go to provide the necessary protection. III. A minimum level of security that every system throughout the organization must meet. IV. Offers recommendations on how security requirements are implemented and serves as an operational guide for both security professionals and users. V. Defines compulsory requirements for the homogenous use of hardware, software, technology, and security controls. A. 1-I; 2-IV; 3-II; 4-V B. 1-II; 2-V; 3-I; 4-IV C. 1-IV; 2-II; 3-V; 4-1 D. 1-V; 2-I; 3-IV; 4-III
B. 1-II; 2-V; 3-I; 4-IV
The company's server room has been update with raised floors and MFA door locks. You want to ensure that update facility is able to maintain optimal operational efficiency. What is the ideal humidity range for a server room? A. 20-40 percent B. 20-80 percent C. 80-89.6 percent D. 70-95 percent
B. 20-80 percent
You are implementing AES encryption for files that your organization plans to store in a cloud storage service and wish to have the strongest encryption possible. What key length should you choose? A. 192 bits B. 256 bits C. 512 bits D. 1,024 bits
B. 256 bits
John wants to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be? A. 160 bits B. 512 bits C. 1,024 bits D. 2,048 bits
B. 512 bits
Your company is evaluating several cloud providers to determine which is the best fit to host your custom services as a custom application solution. There are many aspects of security controls you need to evaluate, but the primary issues include being able to process significant amounts of data in short periods of time, controlling which applications can access which assets, and being able to prohibit VM sprawl or repetition of operations. Which of the following is not relevant to this selection process? A. Collections of entities, typically users, but can also be applications and devices, which can be granted or denied access to perform specific tasks or access certain resources or assets B. A VDI or VMI instance that serves as a virtual endpoint for accessing cloud assets and services C. The ability of a cloud process to use or consume more resources (such as compute, memory, storage, or networking) when needed D. A management or security mechanism able to monitor and differentiate between numerous instances of the same VM, service, app, or resource
B. A VDI or VMI instance that serves as a virtual endpoint for accessing cloud assets and services
A network includes a network-based intrusion detection system (NIDS). However, security administrators discovered that an attack entered the network and the NIDS did not raise an alarm. What does this describe? A. A false positive B. A false negative C. A fraggle attack D. A smurf attack
B. A false negative
An administrator is implementing an intrusion detection. Once installed, it will monitor all traffic and raise alerts when it detects suspicious traffic. Which of the following best describes this system? A. A host-based intrusion detection system (HIDS) B. A network-based intrusion detection system (NIDS) C. A honeynet D. A network firewall
B. A network-based intrusion detection system (NIDS)
The Risk Management Framework (RMF) provides a disciplined, structured, and flexible process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. The RMF has sever steps or phases. Which phase of the RMF focuses on determining whether system or common controls based on a determination that the risk to organizational operations and assets, individuals, other organizations, and the nation are reasonable? A. Categorize B. Authorize C. Assess D. Monitor
B. Authorize
A table include multiple objects and subjects, and it identifies the specific access each subject has to different objects. What is this table? A. Access control list B. Access control matrix C. Federation D. Creeping privilege
B. Access control matrix
Which of the following actions are considered unacceptable and unethical according to RFC 1097, Ethics and the Internet? A. Actions that compromise the privacy of classified information B. Actions that compromise the privacy of users C. Actions that disrupt organizational activities D. Actions in which a computer is used in a manner inconsistent with a stated security policy
B. Actions that compromise the privacy of users
Which of the following best describes an implicit deny principle? A. All actions that are not expressly denied are allowed. B. All actions that are not expressly allowed are denied. C. All actions must be expressly denied. D. None of the above.
B. All actions that are not expressly allowed are denied.
Management wants to add an intrusion detection system (IDS) that will detect new security threats. Which of the following is the best choice? A. A signature-based IDS B. An anomaly detection IDS C. An active IDS D. A network-based IDS
B. An anomaly detection IDS
You are replacing a failed switch. The configuration documentation for the original switch indicates a specific port needs to be configured as a mirrored port. Which of the following network devices would connect to this port? A. An intrusion prevention system (IPS) B. An intrusion detection system (IDS) C. A honeypot D. A sandbox
B. An intrusion detection system (IDS)
Ben's system was infected by malicious code that modified the operating system to allow the malicious code author to gain access to his files. What type of exploit did this attacker engage in? A. Privilege escalation B. Backdoor C. Rootkit D. Buffer overflow
B. Backdoor
Which of the following provides authentication based on a physical characteristic of a subject? A. Account ID B. Biometrics C. Token D. PIN
B. Biometrics
Company proprietary data are discovered on a public social media posting by the CEO. While investigating, a significant number of similar emails were discovered to have been sent to employees, which included links to malicious sites. Some employees report that they had received similar messages to their personal email accounts as well. What improvements should the company implement to address this issue? (Choose two.) A. Deploy a web application firewall. B. Block access to personal email from the company network. C. Update the company email server D. Implement multifactor authentication (MFA) on the company email server. E. Perform an access review of all company files. F. Prohibit access to social networks on company equipment.
B. Block access to personal email from the company network. F. Prohibit access to social networks on company equipment.
Carl recently completed his organization's annual business continuity plan refresh and is now turning his attention to the disaster recovery plan. What output from the business continuity plan can he use to prepare the business unit prioritization task of disaster recovery planning? A. Vulnerability analysis B. Business impact analysis C. Risk management D. Continuity planning
B. Business impact analysis
James was recently asked by his organization's CIO to lead a core team of four experts through a business continuity planning process for his organization. What is the first step that this core team should undertake? A. BCP team selection B. Business organization analysis C. Resource requirements analysis D. Legal and regulatory assessment
B. Business organization analysis
A new startup company needs to optimize delivery of high-definition media content to its customers. They are planning the deployment of resource service hosts in numerous data centers across the world in order to provide low latency, high performance, and high availability of the hosted content. What technology is likely being implemented? A. VPN B. CDN C. SDN D. CCMP
B. CDN
In addition to maintaining an updated system and controlling physical access, which of the following is the most effective countermeasure against PBX fraud and abuse? A. Encrypting communications B. Changing default passwords C. Using transmission logs D. Taping and archiving all conversations
B. Changing default passwords
Which one of the following encryption algorithm modes suffers from the undesirable characteristic of errors propagating between blocks. A. Electronic Code Book B. Cipher Block Chain C. Output Feedback D. Counter
B. Cipher Block Chain
What is the function of the network access server within a RADIUS architecture? A. Authentication server B. Client C. AAA server D. Firewall
B. Client
Congress passed CALEA in 1994, requiring that what type of organizations cooperate with law enforcement investigations? A. Financial institutions B. Communications carriers C. Healthcare organizations D. Websites
B. Communications carriers
Randy is implementing an AES-based cryptosystem for use within his organization. He would like to better understand how he might use this cryptosystem to achieve his goals. Which of the following goals are achievable with AES? (Choose all that apply.) A. Nonrepudiation B. Confidentiality C. Authentication D. Integrity
B. Confidentiality C. Authentication D. Integrity
A file server in your network recently crashed. An investigation showed that logs grew so much that they filled the disk drive. You decide to enable rollover logging to prevent this from happening again. Which of the following should you do first? A. Configure the logs to overwrite old entries automatically. B. Copy existing logs to a different drive. C. Review the logs for any signs of attacks. D. Delete the oldest log entries.
B. Copy existing logs to a different drive.
What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities? A. Privacy Act B. Fourth Amendment C. Second Amendment D. Gramm-Leach-Bliley Act
B. Fourth Amendment
Renee conducted an inventory of encryption algorithms used in her organization and found that they are using all of the algorithms below. Which of these algorithms should be discontinued? (Choose all that apply.) A. AES B. DES C. 3DES D. RC6
B. DES C. 3DES
While performing a risk analysis, you identify a threat of fire and a vulnerability of things being flammable because there are no fire extinguishers. Based on this information, which of the following is a possible risk? A. Virus infection B. Damage to equipment C. System malfunction D. Unauthorized access to confidential information
B. Damage to equipment
Which one of the following attacker actions is most indicative of a terrorist attack? A. Altering sensitive trade secret documents B. Damaging the ability to communicate and respond to a physical attack C. Stealing unclassified information D. Transferring funds to other countries
B. Damaging the ability to communicate and respond to a physical attack
When you're designing a security system for internet-delivered email, which of the following is least important? A. Nonrepudiation B. Data remnant destruction C. Message integrity D. Access restriction
B. Data remnant destruction
The CISO is concerned that the use of subnets as the only form of network segments is limiting growth and flexibility of the network. They are considering the implementation of switches to support VLANs but aren't sure VLANs are the best option. Which of the following is not a benefit of VLANs? A. Traffic isolation B. Data/traffic encryption C. Traffic management D. Reduced vulnerability to sniffers
B. Data/traffic encryption
Jane is conducting a threat assessment using threat modeling techniques as she develops security requirements for a software package her team is developing. Which business function is she engaging in under the Software Assurance Maturity Model (SAMM)? A. Governance B. Design C. Implementation D. Verification
B. Design
Neo is the security manager for the southern division of the company. He thinks that deploying a NAC will assist in improving network security. However, he needs to convince the CISO of this at a presentation next week. Which of the following are goals of NAC that Neo should highlight? (Choose all that apply.) A. Reduce social engineering threats B. Detect rogue devices C. Map internal private addresses to external public addresses D. Distribute IP address configuraitons E. Reduce zero-day attacks F. Confirm compliance with updates and security settings
B. Detect rogue devices E. Reduce zero-day attacks F. Confirm compliance with updates and security settings
Which of the following are valid incident management steps or phases as listed in the CISSP objectives? (Choose all that apply.) A. Prevention B. Detection C. Reporting D. Lessons learned E. Backup
B. Detection C. Reporting D. Lessons learned
When designing physical security for an environment, it is important to focus on the functional order in which controls should be used. Which of the following is the correct order of the six common physical security control mechanisms? A. Decide, Delay, Deny, Detect, Deter, Determine B. Deter, Deny, Detect, Delay, Determine, Decide C. Deny, Deter, Delay, Detect, Decide, Determine D. Decide, Detect, Deny, Determine, Deter, Delay
B. Deter, Deny, Detect, Delay, Determine, Decide
You are reviewing access control models and want to implement a model that allows the owner of an object to grant privileges to other users. Which of the following meets this requirement? A. Mandatory Access Control (MAC) model B. Discretionary Access Control (DAC) model C. Role-based Access Control (RBAC) model D. Rule-based access control model
B. Discretionary Access Control (DAC) model
Gary is a system administrator and is testifying in court about a cybercrime incident. He brings server logs to support his testimony. What type of evidence are the server logs? A. Real evidence B. Documentary evidence C. Parol evidence D. Testimonial evidence
B. Documentary evidence
Your network supports TCP/IP. TCP/IP is a multilayer protocol. It is primarily based on IPv4, but the organization is planning on deploying IPv6 within the next year. What is both a benefit and a potentially harmful implication of multilayer protocols? A. Throughput B. Encapsulation C. Hash integrity checking D. Logical addressing
B. Encapsulation
You are mapping out the critical paths of network cables throughout the building. Which of the following items do you need to make sure to include and label on your master cabling map as part of crafting the cable plant management policy? (Choose all that apply.) A. Access control vestibule B. Entrance facility C. Equipment room D. Fire escapes E. Backbone distribution system F. Telecommunications room G. UPSs H. Horizontal distribution system I. Loading dock
B. Entrance facility C. Equipment room E. Backbone distribution system F. Telecommunications room H. Horizontal distribution system
Tammy is choosing a mode of operation for a symmetric cryptosystem that she will be using in her organization. She wants to choose a mode that is cable of providing both confidentiality and data authenticity. What mode would best meet her needs? A. ECB B. GCM C. OFB D. CTR
B. GCM
Greg recently accepted a position as the cybersecurity compliance officer with a privately held bank. What law most directly impacts the manner in which his organization handles personal information? A. HIPAA B. GLBA C. SOX D. FISMA
B. GLBA
Larry manages a Linux server. Occasionally, he need to run commands that require root-level privileges. Management wants to ensure that an attacker cannot run these commands if the attacker compromises Larry's account. Which of the following is the best choice? A. Grant Larry sudo access B. Give Larry the root password C. Add Larry's account to the administrator's group D. Add Larry's account to the LocalSystem account
B. Give Larry the root password
The MAC model supports different environment types. Which of the following grants users access using predefined labels for specific labels? A. Compartmentalized environment B. Hierarchical environment C. Centralized environment D. Hybrid environment
B. Hierarchical environment
According to the (ISC)^2 Code of Ethics, how are CISSPs expected to act? A. Honestly, diligently, responsibly, and legally B. Honorably, honestly, justly, responsibly, and legally C. Upholding the security policy and protecting the organization D. Trustworthy, loyally, friendly, courteously
B. Honorably, honestly, justly, responsibly, and legally
Bob is developing a software application and has a field where users may enter a date. He wants to ensure that the values provided by the users are accurate dates to prevent security issues. What technique should Bos use? A. Polyinstantiation B. Input validation C. Contamination D. Screening
B. Input validation
Sharon believes that a web application developed by her organization contains a cross-site scripting vulnerability, and she would like to correct the issue. Which of the following is the most effective defense that Sharon cause use against cross-site scripting attacks? A. Limiting account privileges B. Input validation C. User authentication D. Encryption
B. Input validation
Micro segmentation is dividing up an internal network in numerous subzones, potentially as small as a single device, such as a high-value server or even a client or endpoint device. Which of the following is true in regard to micro segmentation? (Choose all that apply.) A. It is the assignment of the cores of a CPU to perform different tasks. B. It can be implemented using ISFWs. C. Transactions between zones are filtered. D. It supports edge and fog computing management. E. It can be implemented with virtual systems and virtual networks.
B. It can be implemented using ISFWs. C. Transactions between zones are filtered. E. It can be implemented with virtual systems and virtual networks.
Which of the following best identifies the benefit of a passphrase? A. It is short. B. It is easy to remember. C. It includes a single set of characters. D. It is easy to crack.
B. It is easy to remember.
What is the major disadvantage of using certificate revocation lists? A. Key management B. Latency C. Record keeping D. Vulnerability to brute-force attacks
B. Latency
Dave is developing a key escrow system that requires multiple people to retrieve a key but does not depend on every participant being present. What type of technique is he using? A. Split knowledge B. M of N Control C. Work function D. Zero-knowledge proof
B. M of N Control
Which of the following access control models identifies the upper and lower bounds of access for subjects with labels? A. Nondiscretionary access control B. Mandatory Access Control (MAC) C. Discretionary Access Control (DAC) D. Attribute-Based Access Control (ABAC
B. Mandatory Access Control (MAC)
You are working on improving your organization's policy on mobile equipment. Because of several recent and embarrassing breaches, the company wants to increase security through technology as well as user behavior and activities. What is the most effective means of reducing the risk of losing the data on a mobile device, such as a laptop computer? A. Defining a strong logon password B. Minimizing sensitive data stored on the mobile device C. Using a cable lock D. Encrypting the hard drive
B. Minimizing sensitive data stored on the mobile device
The CISO has tasked you to design and implement an IT port security strategy. While researching the options, you realize there are several potential concepts that are labeled as port security. You prepare a report to present options to the CISO. Which of the following are port security concepts you should include on this report? (Choose all that apply.) A. Shipping container storage B. NAC C. Transport layer D. RJ-45 jacks
B. NAC C. Transport layer D. RJ-45 jacks
Confidentiality, integrity, and availability are typically viewed as the primary goals and objectives of a security infrastructure. Which of the following is not considered a violation of confidentiality? A. Stealing passwords using a keystroke logging tool B. Eavesdropping on wireless network communications C. Hardware destruction caused by arson D. Social engineering that tricks a user into providing personal information to a false website
C. Hardware destruction caused by arson
Which of the following acts as a proxy between an application and a database to support interaction and simplify the work of programmers? A. SDLC B. ODBC C. PCI DSS D. Abstraction
B. ODBC
_____________ is the process of adding new employees to the organization, having them review and sign policies, be introduced to managers and coworkers, and be trained in employee operations and logistics. A. Reissue B. Onboarding C. Background checks D. Site survey
B. Onboarding
Which of the following is a type of connection that can be described as a logical circuit that always exists and is waiting for the customer to send data? A. SDN B. PVC C. VPN D. SVC
B. PVC
What type of disaster recovery plan test fully evaluates operations at the backup facility but does not shift primary operations responsibility from the main site? A. Structured walk-through B. Parallel test C. Full-interruption test D. Simulation test
B. Parallel test
Katie is concerned about the potential for SQL injection attacks against her organization. She has already put a web application firewall in place and conducted a review of the organization's web application source code. She would like to add an additional control at the database level. What database technology could further limit the potential for SQL injection attacks? A. Triggers B. Parameterized queries C. Column encryption D. Concurrency control
B. Parameterized queries
Security administrators have learned that users are switching between two passwords. When the system prompts them to change their password, they use the second password. When the system prompts them to change their password again, they use the first password. What can prevent users from rotating between two passwords? A. Password complexity B. Password history C. Password length D. Password age
B. Password history
Your company has a yearly fire detection and suppression system inspection performed by the local authorities. You start up a conversation with the lead inspector and they ask you, "What is the most common cause of a false positive for a water-based fire suppression system?" So, what do you answer? A. Water shortage B. People C. Ionization detectors D. Placement of detectors in drop ceilings
B. People
A development team is working on a new project. During the early stages of systems development, the team considers the vulnerabilities, threats, and risks of their solution and integrates protections against unwanted outcomes. What concept of threat modeling is this? A. Threat hunting B. Proactive approach C. Qualitative approach D. Adversarial approach
B. Proactive approach
____________________________ is the oversight and management of the efficiency and performance of network communications. Items to measure include throughput rate, bit rate, packet loss, latency, jitter, transmission delay, and availability. A. VPN B. QoS C. SDN D. Sniffing
B. QoS
Adam is reviewing the fault-tolerance controls used by his organization and realizes that they currently have a single point of failure in the disks used to support a critical server. Which one of the following controls can provide fault tolerance for these disks? A. Load balancing B. RAID C. Clustering D. HA pairs
B. RAID
Which of the following steps would be included in a change management process? (Choose three.) A. Immediately implemented the change if it will improve performance. B. Request the change. C. Create a rollback plan for the change. D. Document the change.
B. Request the change. C. Create a rollback plan for the change D. Document the change.
After repeated events of retraining, a particular worker was caught for the fourth time attempting to access documents that were not relevant to their job position. The CSO decides this was the last chance and the worker is to be fired. The CSO reminds you that the organization has a formal termination process that should be followed. Which of the following is an important task to perform during the termination procedure to reduce future security issues related to this ex-employee? A. Return the exiting employee's personal belongings. B. Review the nondisclosure agreement. C. Evaluate the exiting employee's performance. D. Cancel the exiting employee's parking permit.
B. Review the nondisclosure agreement.
Richard received an encrypted message sent to him from Sue. Sue encrypted the message using the RSA encryption algorithm. Which key would Richard use to decrypt the message? A. Richard's public key B. Richard's private key C. Sue's public key D. Sue's private key
B. Richard's private key
Richard wants to digitally sign a message he's sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest? A. Richard's public key B. Richard's private key C. Sue's public key D. Sue's private key
B. Richard's private key
Fingerprint readers match minutiae from a fingerprint with data in a database. Which of the following accurately identify fingerprint minutiae? (Choose three.) A. Vein pattern B. Ridge C. Bifurcations D. Whorls
B. Ridge C. Bifurcations D. Whorls
During an operational investigation, what type of analysis might an organization undertake to prevent similar incidents in the future? A. Forensic analysis B. Root cause analysis C. Network traffic analysis D. Fagan analysis
B. Root cause analysis
Your organization recently implemented a centralized application for monitoring. Which of the following best describes this? A. SOAR B. SIEM C. HIDS D. Threat feed
B. SIEM
What type of security zone can be positioned so that it operates as a buffer between the secured private network and the internet and can host publicly accessible services? A. Honeypot B. Screened subnet C. Extranet D. Intranet
B. Screened subnet
You are a law enforcement officer and you need to confiscate a PC from a suspected attacker who does not work for your organization. You are concerned that if you approach the individual, they may destroy evidence. What legal avenue is most appropriate? A. Consent agreement signed by employees B. Search warrant C. No legal avenue necessary D. Voluntary consent
B. Search warrant
Often a ___________ is a member of a group who decides (or is assigned) to take charge of leading the adoption and integration of security concepts into the group's work activities. _______________ are often non-security employees who take up the mantle to encourage others to support and adopt more security practices and behaviors. A. CISO B. Security champions C. Security auditors D. Custodians
B. Security champions
A security role is the part an individual plays in the overall scheme of security implementation and administration within an organization. What is the security role that has the functional responsibility for security, including writing the security policy and implementing it? A. Senior management B. Security professional C. Custodian D. Auditor
B. Security professional
________________________ is a cloud computing concept where code is managed by the customer and the platform (i.e., supporting hardware and software) or server is managed by the cloud service provider (CSP). There is always a physical server running the code, but this execution model allows the software designer/architect/programmer/developer to focus on the logic of their code and not have to be concerned about the parameters or limitations of a specific server. A. Microservices B. Serverless architecture C. Infrastructure as code D. Distributed systems
B. Serverless architecture
Alan believes that an attacker is collecting information about the electricity consumption of a sensitive cryptographic device and using that information to compromise encrypted data. What type of attack does he suspect is taking place? A. Brute force B. Side channel C. Known plaintext D. Frequency analysis
B. Side channel
Which of the following access control models uses labels commonly referred to as a lattice-based mood? A. DAC B. Nondiscretionary C. MAC D. RBAC
C. MAC
Brian is upgrading a system to support SSH2 rather than SSH1. Which one of the following advantages will he achieve? A. Support for multifactor authentication B. Support for simultaneous sessions C. Support for 3DES encryption D. Support for IDEA encryption
B. Support for simultaneous sessions
A _______________________ is an intelligent hub because it knows the hardware addresses of the systems connected on each outbound port. Instead of repeating traffic on every outbound port, it repeats traffic only out of the port on which the destination is known to exist. A. Repeater B. Switch C. Bridge D. Router
B. Switch
What networking device can be used to create digital virtual network segments that can be altered as needed by adjusting the settings internal to the device? A. Router B. Switch C. Proxy D. Firewall
B. Switch
Security governance requires a clear understanding of the objectives of the organization as the core concepts of security. Which of the following contains the primary goals and objectives of security? A. A network's border perimeter B. The CIA Triad C. AAA services D. Ensuring that subject activities are recorded
B. The CIA Triad
Helen is planning to use a one-time pad to meet a unique cryptographic requirement in her organization. She is trying to identify the requirements for using this cryptosystem. Which of the following are requirements for the use of a one-time pad? (Choose all that apply.) A. The encryption key must be at least one-half the length of the message to be encrypted. B. The encryption key must be randomly generated. C. Each one-time pad must be used only once. D. The one-time pad must be physically protected against disclosure.
B. The encryption key must be randomly generated. C. Each one-time pad must be used only once. D. The one-time pad must be physically protected against disclosure
Tonya is reviewing the flood risk to her organization and learns that their primary data center resides within a 100-year flood plain. What conclusion can she draw from this information? A. The last flood of any kind to hit the area was more than 100 years go. B. The odds of a flood at this level are 1 in 100 in any given year. C. The area is expected to be safe from flooding for at least 100 years. D. The last significant flood to hit the area was more than 100 years ago.
B. The odds of a flood at this level are 1 in 100 in any given year.
Frances learned that a user in her organization recently signed up for a cloud service without the knowledge of her supervisor and is storing corporate information in that service. Which one of the following statements is correct? A. If the user did not sign a written contract, the organization has no obligation to the service provider. B. The user most likely agreed to a click-through license agreement binding the organization. C. The user's actions likely violate federal law. D. The user's actions likely violate state law.
B. The user most likely agreed to a click-through license agreement binding the organization.
Roger is the CISO at a healthcare organization covered under HIPAA. He would like to enter into a partnership with a vendor who will manage some of the organization's data. As part of the relationship, the vendor will have access to protected health information (PHI). Under what circumstances is this arrangement permissible under HIPAA? A. This is permissible if the service provider is certified by the Department of Health and Human Services. B. This is permissible if the service provider enters into a business associate agreement. C. This is permissible if the service provider is within the same state as Roger's organization. D. This is not permissible under any circumstances.
B. This is permissible if the service provider enters into a business associate agreement.
Tom built a database table consisting of the names, telephone numbers, and customer IDs for his business. The table contains information on 30 customers. What is the degree of this table? A. Two B. Three C. Thirty D. Undefined
B. Three
Which of the following is one of the primary reasons an organization enforces a mandatory vacation policy? A. To rotate job responsibilities B. To detect fraud C. To increase employee productivity D. To reduce employee stress levels.
B. To detect fraud
What is the main purpose of a military and intelligence attack? A. To attack the availability of military systems B. To obtain secret and restricted information from military or law enforcement sources C. To utilize military or intelligence agency systems to attack other, nonmilitary sites D. To compromise military systems for use in attacks against other systems
B. To obtain secret and restricted information from military or law enforcement sources
Among the many aspects of a security solution, the most important is whether it addresses a specific need (i.e., a threat) for your assets. But there are many other aspects of security you should consider as well. A significant benefit of a security control is when it goes unnoticed by users. What is this called? A. Invisibility B. Transparency C. Diversion D. Hiding in plain sight
B. Transparency
The next step after threat modeling is reduction analysis. Reduction analysis is also known as decomposing the application, system, or environment. The purpose of this task is to gain a greater understanding of the logic of the product, its internal components, as well as its interactions with external elements. Which of the following are key components to identify when performing decomposition? (Choose all that apply.) A. Patch or update versions B. Trust boundaries C. Dataflow paths D. Open vs. closed source code use E. Input points F. Privileged operations G. Details about security stance and approach
B. Trust boundaries C. Dataflow paths E. Input points F. Privileged operations G. Details about security stance and approach
A review of your company's virtualization of operations determines that the hardware resources supporting the VMs are nearly fully consumed. The auditor asks for the plan and layout of VM systems but is told that no such plan exists. This reveals that the company is suffering from what issue? A. Use of EOSL systems B. VM sprawl C. Poor cryptography D. VM escaping
B. VM sprawl
Cathy's employer has asked her to perform a documentation review of the policies and procedures of a third-party supplier. This supplier is just the final link in a software supply chain. Their components are being used as a key element of an online service operated for high-end customers. Cathy discovers several serious issues with the vendor, such as failing to require encryption for all communications and not requiring multifactor authentication on management interfaces. What should Cathy do in response to this finding? A. Write up a report and submit it to the CIO. B. Void the ATO of the vendor. C. Require that the vendor review their terms and conditions. D. Have the vendor sign an NDA.
B. Void the ATO of the vendor.
A recent attack on servers within your organization caused an excessive outage. You need to check systems for known issues that attackers may use to exploit other systems in your network. Which of the following is the best choice to meet this need? A. Versioning tracker B. Vulnerability scanner C. Security audit D. Security review
B. Vulnerability scanner
Which of the following are benefits of a gas-based fire suppression system? (Choose all that apply.) A. Can be deployed throughout a company facility B. Will cause the least damage to computer systems C. Extinguishes the fire by removing oxygen D. May be able to extinguish the fire faster than a water discharge system
B. Will cause the least damage to computer systems C. Extinguishes the fire by removing oxygen D. May be able to extinguish the fire faster than a water discharge system
Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication? A. X.500 B X.509 C. X.900 D. X.905
B. X.509
Jake is conducting a business impact analysis for his organization. As part of the process, he asks leaders from different units to provide input on how long the enterprise resource planning (ERP) system could be unavailable without causing irreparable harm to the organization. What measure is he seeking to determine? A. SLE B. EF C. MTD D. ARO
C. MTD
Which of the following could be classified as a form of social engineering attack? (Choose all that apply.) A. A user logs in to their workstation and then decides to get a soda from the vending machine in the stairwell. As soon as the user walks away from their workstation, another person sits down at their desk and copies all the files from a local folder onto a network share. B. You receive an email warning about a dangerous new virus spreading across the internet. The message tells you to look for a specific file on your hard drive and delete it, since it indicates the presence of the virus. C. A website claims to offer free temporary access to their products and services but requires that you alter the configuration of your web browser and/or firewall in order to download the access software. D. A secretary receives a phone call from a person claiming to be a client who is running late to meet the CEO. The caller asks for the CEO's private cell phone number so that they can call them.
B. You receive an email warning about a dangerous new virus spreading across the internet. The message tells you to look for a specific file on your hard drive and delete it, since it indicates the presence of the virus. C. A website claims to offer free temporary access to their products and services but requires that you alter the configuration of your web browser and/or firewall in order to download the access software. D. A secretary receives a phone call from a person claiming to be a client who is running late to meet the CEO. The caller asks for the CEO's private cell phone number so that they can call them.
A new local VDI has been deployed in the organization. There have been numerous breaches of security due to issues on typical desktop workstations and laptop computers used as end-points. Many of these issues stemmed from users installing unapproved software or altering the configuration of essential security tools. In an effort to avoid security compromises originating from endpoints in the future, all endpoint devices are now used exclusively as dumb terminals. Thus, no local data storage or application execution is performed on end-points. Within the VDI, each worker has been assigned a VM containing all of their business necessary software and datasets. These VMs are configured to block the installation and execution of new software code, data files cannot be exported to the actual endpoints, and each time a worker logs out, the used VM is discarded and a clean version copied from a static snapshot replaces it. What type of system has now been deployed for the workers to use? A. Cloud services B. Nonpersistent C. Thin clients D. Fog computing
B. nonpersistent
Referring to the above scenario, what is annualized loss expectancy? A. 0.01 B. $10 million C. $100,000 D. 0.10
C. $100,000
Users in an organization complain that they can't access several websites that are usually available. After troubleshooting the issue, you discover that an intrusion protection system (IPS) is blocking the traffic, but the traffic is not malicious. What does this describe? A. A false negative B. A honeynet C. A false positive D. Sandboxing
C. A false positive
What type of information is used to form the basis of an expert system's decision-making process? A. A series of weighted layered computation B. Combined input from a number of human experts, weighted according to past performance C. A series of "if/then" rules codified in a knowledge base D. A biological decision-making process that simulates the reasoning process used by the human mind
C. A series of "if/then" rules codified in a knowledge base
When employees leave an organization, personnel either delete or disable accounts. In which of the following situations would they most likely delete an account? A. An administrator who has used their account to run services left the organization. B. A disgruntled employee who encrypted files with their account left the organization. C. An employee has left the organization and will start a new job tomorrow. D. A temporary employee using a shared account will not return to the organization.
C. An employee has left the organization and will start a new job tomorrow.
Devin is revising the policies and procedures used by his organization to conduct investigations and would like to include a definition of computer crime. Which one of the following definitions would best meet his needs? A. Any attack specifically listed in your security policy B. Any illegal attack that compromises a protected computer C. Any violation of a law or regulation that involves a computer D. Failure to practice due diligence in computer security
C. Any violation of a law or regulation that involves a computer.
Management wants to ensure that an IT network supports accountability. Which of the following is necessary to meet this requirement? A. Identification B. Integrity C. Authentication D. Confidentiality
C. Authentication
Your organization has a large network supporting thousands of employees, and it utilizes Kerberos. Of the following choices, what is the primary purpose of Kerberos? A. Confidentiality B. Integrity C. Authentication D. Accountability
C. Authentication
Users log on with a username when accessing the company network from home. Management wants to implement a second factor of authentication for these users. They want a secure solution, but they also want to limit costs. Which of the following best meets these requirements? A. Short Message Service (SMS) B. Fingerprint scans C. Authenticator app D. Personal identification number (PIN)
C. Authenticator app
What is the most important rule to follow when collecting evidence? A. Do not turn off a computer until you photograph the screen. B. List all people present while collecting evidence. C. Avoid the modification of evidence during the collection process. D. Transfer all equipment to a secure storage location.
C. Avoid the modification of evidence during the collection process.
Brianna is working with a U.S. software firm that uses encryption in its products and plans to export their product outside of the United States. What federal government agency has the authority to regulate the export of encryption software? A. NSA B. NIST C. BIS D. FTC
C. BIS
Which of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message? A. Stream cipher B. Caesar cipher C. Block cipher D. ROT3 cipher
C. Block cipher
A server administrator recently modified the configuration for a server to improve performance. Unfortunately, when an automated script runs once a week, the modification causes the server to reboot. It took several hours of troubleshooting to ultimately determine the problem wasn't with the script but instead with the modification. What could have prevented this? A. Vulnerability management B. Patch management C. Change management D. Blocking all scripts
C. Change management
Of the individuals listed, who would provide the best endorsement for a business continuity plan's statement of importance? A. Vice president of business operations B. Chief information officer C. Chief executive officer D. Business continuity manager
C. Chief executive officer
Brad is helping to design a disaster recovery strategy for his organization and is analyzing possible storage locations for backup data. He is not certain where the organization will recover operations in the event of a disaster and would like to choose an option that allows them the flexibility to easily retrieve data from any DR site. Which one of the following storage locations provides the best option for Brad? A. Primary data center B. Field office C. Cloud computing D. IT manager's home
C. Cloud computing
Nolan is considering the use of several different types of alternate processing facility for his organization's data center. Which one of the following alternative processing sites takes the longest time to activate but has the lowest cost to implement? A. Hot site B. Mobile site C. Cold site D. Warm site
C. Cold site
Which one of the following is not part of the change management process? A. Request control B. Release control C. Configuration audit D. Change control
C. Configuration audit
A company server is currently operating at near maximum resource capacity, hosting just seven virtual machines. Management has instructed you to deploy six new applications onto additional VMs without purchasing new hardware since the IT/IS budget is exhausted. How can this be accomplished? A. Data sovereignty B. Infrastructure as code C. Containerization D. Serverless architecture
C. Containerization
Which database security risk occurs when data from a higher classification level is mixed with data from a lower classification level? A. Aggregation B. Inference C. Contamination D. Polyinstantiation
C. Contamination
You have been tasked with designing and implementing a new security policy to address the new threats introduced by the recently installed embedded systems. What is a security risk of an embedded system that is not commonly found in a standard PC? A. Software flaws B. Access to the internet C. Control of a mechanism in the physical world D. Power loss
C. Control of a mechanism in the physical world
Which one of the following investigation types has the highest standard of evidence? A. Administrative B. Civil C. Criminal D. Regulatory
C. Criminal
What type of malicious software is specifically used to leverage stolen computing power for the attacker's financial gain? A. RAT B. PUP C. Cryptomalware D. Worm
C. Cryptomalware
Your organization is courting a new business partner. During the negotiations the other party defines several requirements of your organization's security that must be met prior to the signing of the SLA and business partners agreement (BPA). One of the requirements is that your organization demonstrate their level of achievement on the Risk Maturity Model (RMM). The requirement is specifically that a common or standardized risk framework is adopted organization-wide. Which of the five possible levels of RMM is being required of your organization? A. Preliminary B. Integrated C. Defined D. Optimized
C. Defined
Bryn runs a corporate website and currently uses a single server, which is capable of handling the site's entire load. She is concerned, however, that an outage on that server could cause the organization to exceed its RTO. What action could she take that would best protect against this risk? A. Install dual power supplies in the server. B. Replace the server's hard drives with RAID arrays. C. Deploy multiple servers behind a load balancer. D. Perform regular backups of the server.
C. Deploy multiple servers behind a load balancer.
Fred is reviewing the logs from his web server for malicious activity and finds this request: http://www.mycompany.com/../../../etc/passwd. What type of attack was most likely attempted? A. SQL injection B. Session hijacking C. Directory traversal D. File upload
C. Directory traversal
Helen is working on her organization's resilience plans, and her manager asks her whether the organization has sufficient technical controls in place to recover operations after a disruption. What type of plan would address the technical controls associated with alternate processing facilities, backups, and fault tolerance? A. Business continuity plan B. Business impact analysis C. Disaster recovery plan D. Vulnerability assessment
C. Disaster recovery plan
Which one of the following algorithms is not supported by the Digital Signature Standard under FIPS 186-4? A. Digital Signature Algorithm B. RSA C. ElGamal DSA D. Elliptic Curve DSA
C. ElGamal DSA
A new CIO learned that an organization doesn't have a change management program. The CIO insists one be implemented immediately. Of the following choices, what is a primary goal of a change management program? A. Personnel safety B. Allowing rollback of changes C. Ensuring that changes do not reduce security D. Auditing privilege access
C. Ensuring that changes do not reduce security
Frank is conducting a risk analysis of his software development environment and, as a mitigation measure, would like to introduce an approach to failure management that places the system in a high level of security in the event of a failure. What approach should he use? A. Fail-open B. Fail mitigation C. Fail-secure D. Fail clear
C. Fail-secure
Which one of the following key types is used to enforce referential integrity between database tables? A. Candidate key B. Primary key C. Foreign key D. Alternate key
C. Foreign key
If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message? A. Richard's public key B. Richard's private key C. Sue's public key D. Sue's private key
C. Sue's public key
A recent security policy update has restricted the use of portable storage devices when they are brought in from outside. As a compensation, a media storage management process has been implemented. Which of the following is not a typical security measure implemented in relation to a media storage facility containing reusable removable media? A. Employing a media librarian or custodian B. Using a check-in/check-out process C. Hashing D. Using sanitization tools on returned media
C. Hashing
You have been placed on the facility security planning team. You've been tasked to create a priority list of issues to address during the initial design phase. What is the most important goal of all security solutions? A. Prevention of disclosure B. Maintaining integrity C. Human safety D. Sustaining availability
C. Human safety
Equipment failure is a common cause of a loss of availability. When deciding on strategies to maintain availability, it is often important to understand the criticality of each asset and business process as well as the organization's capacity to weather adverse conditions. Match the term to the definition. I. MTTF II. MTTR III. MTBF IV. SLA 1. Clearly defines the response time a vendor will provide in the event of an equipment failure emergency 2. An estimation of the time between the first and any subsequent failures 3. The expected typical functional lifetime of the device given a specific operating environment 4. The average length of time required to perform a repair on the dive A. I -1, II -2, III - 4, IV - 3 B. I -4, II - 3, III -1, IV -2 C. I -3, II -4, III -2, IV -1 D. I -2, II -1, III - 3, IV -4
C. I -3, II -4, III -2, IV -1
A new VoIP system is being deployed at a government contractor organization. They require high availability of five nines of uptime for the voice communication system. They are also concerned about introducing new vulnerabilities into their existing data network structure. The IT infrastructure is based on fiber optics and supports over 1 Gbps to each device; the network often reaches near full saturation on a regular basis. What option will provide the best outcome of performance, availability, and security for the VoIP service? A. Create a new VLAN on the existing IT network for the VoIP service. B. Replace the current switches with routers and increase the interface speed to 1,000 Mbps. C. Implement a new, separate network for the VoIP system. D. Deploy flood guard protections on the IT network.
C. Implement a new, separate network for the VoIP system.
Your organization is considering the deployment of a DCE to support a massively multiplayer online role-playing game (MMORPG) based on the characters of a popular movie franchise. What is the primary concern of a DCE that could allow for propagation of malware or making adversarial pivoting and lateral movement easy? A. Unauthorized user access B. Identity spoofing C. Interconnectedness of the components D. Poor authentication
C. Interconnectedness of the components
Ryan is reviewing the terms of a proposed vendor agreement between the financial institution where he works and a cloud service provider. Which one of the following items should represent the least concern to Ryan? A. What security audits does the vendor perform? B. What provisions are in place to protect the confidentiality, integrity, and availability of data? C. Is the vendor compliant with HIPAA? D. What encryption algorithms and key lengths are used?
C. Is the vendor compliant with HIPAA?
What transaction management principle ensures that two transactions do not interfere with each other as they operate on the same data? A. Atomicity B. Consistency C. Isolation D. Durability
C. Isolation
What does the CER for a biometric device indicate? A. It indicates that the sensitivity is too high. B. It indicates that the sensitivity is too low. C. It indicates the point where the false rejection rate equals the false acceptance rate. D. When high enough, it indicates the biometric device is highly accurate.
C. It indicates the point where the false rejection rate equals the false acceptance rate.
Based on recent articles about the risk of mobile code and web apps, you want to adjust the security configurations of organizational endpoint devices to minimize the exposure. On a modern Windows system with the latest version of Microsoft's browser and all others disabled or blocked, which of the following is of the highest concern? A. Java B. Flash C. JavaScript D. ActiveX
C. JavaScript
Your boss wants to automate the control of the building's HVAC system and lighting in order to reduce costs. He instructs you to keep costs low and use off-the-shelf IoT equipment. When you are using IoT equipment in a private environment, what is the best way to reduce risk? A. Use public IP addresses B. Power off devices when not in use C. Keep devices current on updates D. Block access from the IoT devices to the internet
C. Keep devices current on updates
Your organization recently suffered a major data breach. After an investigation, security analysts discovered that attackers were using golden tickets to access network resources. Which of the following did the attackers exploit? A. RADIUS B. SAML C. Kerberos D. OIDC
C. Kerberos
While designing the security plan for a proposed facility, you are informed that the budget was just reduced by 30 percent. However, they did not adjust or reduce the security requirements. What is the most common and inexpensive form of physical access control device for both interior and exterior use? A. Lighting B. Security guard C. Key locks D. Fences
C. Key locks
What concept is used to grant users only the rights and permissions they need to complete their job responsibilities? A. Need to know B. Mandatory vacations C. Least privilege principle D. Service-level agreement (SLA)
C. Least privilege principle
Which of the following is a true statement in regard to vendor, consultant, and contractor controls? A. Using business email compromise (BEC) is a means to ensure that organizations providing services maintain an appropriate level of service agreed on by the service provider, vendor, or contractor and the customer organization. B. Outsourcing can be used as a risk response option known as acceptance or appetite. C. Multiparty risk exists when several entities or organizations are involved in a project. The risk or threats are often due to the variations of objectives, expectations, timelines, budgets, and security priorities of those involved. D. Risk management strategies implemented by one party do not cause additional risks against or from another party.
C. Multiparty risk exists when several entities or organizations are involved in a project. The risk or threats are often due to the variations of objectives, expectations, timelines, budgets, and security priorities of those involved.
Many PC OSs provide functionality that enables them to support the simultaneous execution of multiple applications on single-processor systems. What term is used to describe this capability? A. Multistate B. Multithreading C. Multitasking D. Multiprocessing
C. Multitasking
Your organization is planning on building a new facility to house a majority of on-site workers. The current facility has had numerous security issues, such as loitering, theft, graffiti, and even a few physical altercations between employees and nonemployees. The CEO has asked you to assist in developing the facility plan to reduce these security concerns. While researching options you discover the concepts of CPTED. Which of the following is not one of its core strategies? A. Natural territorial reinforcement B. Natural access control C. Natural training and enrichment D. Natural surveillance
C. Natural training and enrichment
An organization ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following? A. Principle of least permission B. Separation of duties (SoD) C. Need to know D. Job rotation
C. Need to know
Which security principle involves the knowledge and possession of sensitive material as an aspect of one's occupation? A. Principle of least privilege B. Separation of duties C. Need to know D. As-needed basis
C. Need to know
Ricky is conducting the quantitative portion of his organization's business impact analysis. Which one of the following concerns is least suitable for quantitative measurement during this assessment? A. Loss of a plant B. Damage to a vehicle C. Negative publicity D. Power outage
C. Negative publicity
Which one of the following key distribution methods is most cumbersome when users are located in different geographic locations? A. Diffie-Hellman B. Public key encryption C. Offline D. Escrow
C. Offline
It's common to pair threats with vulnerabilities to identify threats that can exploit assets and represent significant risks to the organization. An ultimate goal of threat modeling is to prioritize the potential threats against an organization's valuable assets. Which of the following is a risk-centric threat-modeling approach that aims at selecting or developing countermeasures in relation to the value of the assets to be protected? A. VAST B. SD3+C C. PASTA D. STRIDE
C. PASTA
A phreaker has been apprehended who had been exploiting the technology deployed in your office building. Several handcrafted tools and electronics were taken in as evidence that the phreaker had in their possession when they were arrested. What was this adversary likely focusing on with their attempts to compromise the organization? A. Account B. NAT C. PBX D. Wi-Fi
C. PBX
Justin is a cybersecurity consultant working with a retailer on the design of their new point-of-sale (POS) system. What compliance obligation relates to the processing of credit card information that might take place through this system? A. SOX B. HIPAA C. PCI DSS D. FERPA
C. PCI DSS
Chris is searching a Windows system for binary key files and wishes to narrow his search using file extensions. Which one of the following certificate formats is closely associated with Windows Binary certificate files? A. CCM B. PEM C. PFX D. P7B
C. PFX
What database technique can be used to prevent unauthorized users from determining classified information by noticing the absence of information normally available to them? A. Inference B. Manipulation C. Polyinstantiation D. Aggregation
C. Polyinstantiation
What is the best type of water-based fire suppression system for a computer facility? A. Wet pipe system B. Dry pipe system C. Preaction system D. Deluge system
C. Preaction system
In which business continuity planning task would you actually design procedures and mechanisms to mitigate risks deemed unacceptable by the BCP team? A. Strategy development B. Business impact analysis C. Provisions and processes D. Resource prioritization
C. Provisions and processes
Kevin is attempting to determine an appropriate backup frequency for his organization's database server and wants to ensure that any data loss is within the organization's risk appetite. Which one of the following security process metrics would best assist him with this task? A. RTO B. MTD C. RPO D. MTBF
C. RPO
Vincent is a software developer who is working through a backlog of change tasks. He is not sure which tasks should have the highest priority. What portion of the change management process would help him to prioritize tasks? A. Release control B. Configuration control C. Request control D. Change audit
C. Request control
Carl works for a government agency that has suffered a ransomware attack and has lost access to critical data but does have access to backups. Which one of the following actions would best restore this access while minimizing the risk facing the organization? A. Pay the ransom B. Rebuild systems from scratch C. Restore backups D. Install antivirus software
C. Restore backups
James is working with his organization's leadership to help them understand the role that disaster recovery plays in their cybersecurity strategy. The leaders are confused about the differences between disaster recovery and business continuity. What is the end goal of disaster recovery planning? A. Preventing business interruption B. Setting up temporary business operations C. Restoring normal business activity D. Minimizing the impact of a disaster
C. Restoring normal business activity
Chris is completing the risk acceptance documentation for his organization's business continuity plan. Which one of the following items is Chris least likely to include in this documentation? A. Listing of risks deemed acceptable B. Listing of future events that might warrant reconsideration of risk acceptance decisions C. Risk mitigation controls put in place to address acceptable risks D. Rationale for determining that risks were acceptable
C. Risk mitigation controls put in place to address acceptable risks
Your organization has contracted with a third-part provider to host cloud-based servers. management wants to ensure there are monetary penalties if the third party doesn't meet their contractual responsibilities related to uptimes and downtimes. Which of the following is the best choice to meet this requirement? A. MOU B. ISA C. SLA D. SED
C. SLA
Your organization is concerned about information leaks due to workers taking home retired equipment. Which one of the following types of memory might retain information after being removed from a computer and therefore represents a security risk? A. Static RAM B. Dynamic RAM C. Secondary memory D. Real memory
C. Secondary memory
Your organization has divided a high-level auditing function into several individual job tasks. These tasks are divided between three administrators. None of the administrators can perform all of the tasks. What does this describe? A. Job rotation B. Mandatory vacation C. Separation of duties D. Least privilege
C. Separation of duties
Which one of the following is a cloud-based service model that allows users to access email via a web browser? A. Infrastructure as a service (IaaS) B. Platform as a service (PaaS) C. Software as a service (SaaS) D. Public
C. Software as a service (SaaS)
You have been tasked with crafting a long-term security plan that is fairly stable. It need to define the organization's security purpose. It also need to define the security function and align it to the goals, mission, and objectives of the organization. What are you being asked to create? A. Tactical plan B. Operational plan C. Strategic plan D. Rollback plan
C. Strategic plan
You have performed a risk assessment and determined the threats that represent the most significant concern to your organization. When evaluating safeguards, what is the rule that should be followed in most cases? A. The expected annual cost of asset loss should not exceed the annual costs of safeguards. B. The annual costs of safeguards should equal the value of the asset. C. The annual costs of safeguards should not exceed the expected annual cost of asset value loss. D. The annual costs of safeguards should not exceed 10 percent of the security budget.
C. The annual costs of safeguards should not exceed the expected annual cost of asset value loss.
Tracy is preparing for her organization's annual business continuity exercise and encounters resistance from some managers who don't see the exercise as important and feel that it is a waste of resources. She has already told the managers that it will only take half a day for their employees to participate. What argument could Tracy make to best address these concerns? A. The exercise is required by policy. B. The exercise is already scheduled and canceling it would be difficult. C. The exercise is crucial to ensuring that the organization is prepared for emergencies. D. The exercise will not be very time-consuming.
C. The exercise is crucial to ensuring that the organization is prepared for emergencies.
A company's security policy states that user accounts should be disabled during the exit interview for any employee leaving the company. Which of the following is the most likely reason for this policy? A. To remove the account B. To remove privileges assigned to the account C. To prevent sabotage D. To encrypt user data
C. To prevent sabotage
What process or event is typically hosted by an organization and is targeted to groups of employees with similar job functions? A. Education B. Awareness C. Training D. Termination
C. Training
Recently, a piece of malicious code was distributed over the internet in the form of software claiming to allow users to play Xbox games on their PCs. The software actually launched the malicious code on the machines of users who attempted to execute it. What type of malicious code does this describe? A. Logic bomb B. Virus C. Trojan horse D. Worm
C. Trojan horse
Ingrid is concerned that one of her organization's data centers has been experiencing a series of momentary power outages. Which one of the following controls would best preserve their operating status? A. Generator B. Dual power supplies C. UPS D. Redundant network links
C. UPS
John found a vulnerability in his code where an attacker can enter too much input and then force the system running the code to execute targeted commands. What type of vulnerability has John discovered? A. TOCTTOU B. Buffer overflow C. XSS D. XSRF
C. XSS
Richard recently developed a great name for a new product that he plans to begin using immediately. He spoke with his attorney and filed the appropriate application to protect his product name but has not yet received a response from the government regarding his application. He wants to begin using the name immediately. What symbol should he use next to the name to indicate its protected status? A. © B. ® C. ™ D. †
C. ™
Referring to the scenario in the question above, what is annualized loss expectancy? A. $3 million B. $2,700,00 C. $270,000 D. $135,000
D. $135,000
Leonard and Sheldon recently coauthored a paper describing a new superfluid vacuum theory. How long will the copyright on their paper last? A. 70 years after publication B. 70 years after completion of the first draft C. 70 years after the death of the first author D. 70 years after the death of the last author
D. 70 years after the death of the last author
What HTML tag is often used as part of a cross-site scripting (XSS) attack? (Changed below to save) A. <Ho1> B. <H3ad> C. <X$$> D. <Sript>
D. <Sript>
After a recent attack, management decided to implement an egress monitoring system that will prevent data exfiltration. Which of the following is the best choice? A. An NIDS B. An NIPS C. A firewall D. A DLP system
D. A DLP system
Michael is configuring a new web server to offer instruction manuals and specification sheets to customers. The web server has been positioned in the screened subnet and assigned an IP address of 172.31.201.17, and the public side of the company's split-DNS has associated the documents.myexamplecompany.com domain name with the assigned IP. After verifying that the website is accessible from his management station (which accesses the screened subnet via a jumpbox) as well as from several worker desktop systems, he declares the project completed and heads home. A few hours later, Michael thinks of a few additional modifications to perform to improve site navigation. However, when he attempts to connect to the new website using the FQDN, he receives a connection error stating that the site cannot be reached. What is the reason for this issue? A. The jumpbox was not rebooted. B. Split-DNS does not support internet domain name resolution. C. The browser is not compatible with the site's coding. D. A private IP address from RFC 1918 is assigned to the web server.
D. A private IP address from RFC 1918 is assigned to the web server.
Which of the following is a true statement about ARP poisoning or MAC spoofing? A. MAC spoofing is used to overload the memory of a switch. B. ARP poisoning is used to falsify the physical address of a system to impersonate that of another authorized device. C. MAC spoofing relies on ICMP communications to traverse routers. D. ARP poisoning can use unsolicited or gratuitous replies.
D. ARP poisoning can use unsolicited or gratuitous replies.
Fred, an administrator, has been working within an organization for over 10 years. He previously maintained database servers while working in a different division. He now works in the programming department but still retains privileges on the database servers. He recently modified a setting on a database server so that a script he wrote will run. Unfortunately, his change disabled the server for several hours before database administrators discovered the change and reversed it. Which of the following could have prevent this outage? A. A policy requiring strong authentication B. Multifactor authentication C. Logging D. Account access review
D. Account access review
What type of law does not require an act of Congress to implement at the federal level but rather is enacted by the executive branch in the form of regulations, policies, and procedures? A. Criminal law B. Common law C. Civil law D. Administrative law
D. Administrative law
Richard believes that a database user is misusing his privileges to gain information about the company's overall business trends by issuing queries that combine data from a large number of records. What process is the database user taking advantage of? A. Inference B. Contamination C. Polyinstantiation D. Aggregation
D. Aggregation
Matt is supervising the installation of redundant communications links in response to a finding during his organization's BIA. What type of mitigation provision is Matt overseeing? A. Hardening systems B. Defining systems C. Reducing systems D. Alternative systems
D. Alternative systems
You are installing a new intrusion detection system (IDS). It requires you to create a baseline before fully implementing it. Which of the following best describes the IDS? A. A pattern-matching IDS B. A knowledge-based IDS C. A signature-based IDS D. An anomaly-based IDS
D. An anomaly-based IDS
You have been tasked with crafting the organization's email retention policy. Which of the following is typically not an element that must be discussed with end users in regard to email retention policies? A. Privacy B. Auditor review C. Length of retainer D. Backup method
D. Backup method
Tonya is performing a risk assessment of a third-part software package for use within her organization. She plans to purchase a product from a vendor that is very popular in her industry. What term best describes this software? A. Open source B. Custom-developed C. ERP D. COTS
D. COTS
While implementing a motion detection system to monitor unauthorized access into a secured area of the building, you realize that the current infrared detectors are causing numerous false positives. You need to replace them with another option. What type of motion detector sense changes in the electrical or magnetic field surrounding a monitored object? A. Wave B. Photoelectric C. Heat D. Capacitance
D. Capacitance
The CISO has asked you to propose an update to the company's mobile device security strategy. The main concerns are the intermingling of personal information with business data and complexities of assigning responsibility over device security, management, updates, and repairs. Which of the following would be the best option to address these issues? A. Bring your own device (BYOD) B. Corporate-owned personally enabled (COPE) C. Choose your own device (CYOD) D. Corporate-owned
D. Corporate-owned
Which one of the following items is a characteristic of hot sites but not a characteristic of warm sites? A. Communications circuits B. Workstations C. Servers D. Current data
D. Current data
Julie is designing a highly secure system and is concerned about the storage of unencrypted data in RAM. What use cause is she considering? A. Data in motion B. Data at rest C. Data in destruction D. Data in use
D. Data in use
An organization stores group project data files on a central SAN. Many projects have numerous files in common but are organized into separate project containers. A member of the incident response team is attempting to recover files from the SAN after a malware infection. However, many files are unable to be recovered. What is the most likely cause of this issue? A. Using Fibre Channel B. Performing real-time backups C. Using file encryption D. Deduplication
D. Deduplication
In the incident management steps identified by (ISC)^2, which of the following occurs first? A. Response B. Mitigation C. Remediation D. Detection
D. Detection
You are creating a security product that must facilitate the exchange of symmetric encryption keys between two parties that have no way to securely exchange keys in person. What algorithm might you use to facilitate the exchange? A. Rijndael B. Blowfish C. Vernam D. Diffie-Hellman
D. Diffie-Hellman
Karen is taking maternity leave and will be away from the job for at least 12 weeks. Which of the following actions should be taken while she is taking this leave of absence? A. Delete the account. B. Reset the account's password. C. Do nothing. D. Disable the account.
D. Disable the account.
Karen would like to configure a new application so that it automatically adds and releases resources as demand rises and falls. What term best describes her goal? A. Scalability B. Load balancing C. Fault tolerance D. Elasticity
D. Elasticity
Your organization is planning on building a new primary headquarters in a new town. You have been asked to contribute to the design process, so you have been given copies of the proposed blueprints to review. Which of the following is not a security-focused design element of a facility or site? A. Separation of work and visitor areas B. Restricted access to areas with higher value or importance C. Confidential assets located in the heart or center of a facility D. Equal access to all locations within a facility
D. Equal access to all locations within a facility
The CSO has expressed concern that after years of security training and awareness programs, the level of minor security violations has actually increased. A new security team member reviews the training materials and notices that it was crafted four years ago. They suggest that the materials be revised to be more engaging and to include elements that allow for the ability to earn recognition, team up with coworkers, and strive toward a common goal. They claim these efforts will improve security compliance and foster security behavior change. What is the approach that is being recommended? A. Program effectiveness evaluation B. Onboarding C. Compliance enforcement D. Gamification
D. Gamification
You organization has become concerned with risks associated with the supply chain of their retail products. Fortunately, all coding for their custom product is done in-house. However, a thorough audit of a recently completed product revealed that a listening mechanism was integrated into the solution somewhere along the supply chain. The identified risk is associated with what product component in this scenario? A. Software B. Services C. Data D. Hardware
D. Hardware
A data center has had repeated hardware failures. An auditor notices that systems are stacked together in dense groupings with no clear organization. What should be implemented to address this issue? A. Visitor logs B. Industrial camouflage C. Gas-based fire suppression D. Hot aisles and cold aisles
D. Hot aisles and cold aisles
You have been tasked with overseeing the security improvement project for your organization. The goal is to reduce the current risk profile to a lower level without spending considerable amounts of money. You decide to focus on the largest concern mentioned by your CISO. Which of the following is likely the element of the organization that is considered the weakest? A. Software products B. Internet connections C. Security policies D. Humans
D. Humans
STRIDE is often used in relation to assessing threats against applications or operating systems. When confidential documents are exposed to unauthorized entities, which element of STRIDE is used to reference that violation? A. S B. T C. R D. I E. D F. E
D. I
Systems within an organization are configured to receive and apply patches automatically. After receiving a patch, 55 of the systems automatically restarted and booted into a stop error. What could have prevented this problem without sacrificing security? A. Disable the setting to apply the patches automatically. B. Implement a patch management program to approve all patches. C. Ensure systems are routinely audited for patches. D. Implement a patch management program that tests patches before deploying them
D. Implement a patch management program that tests patches before deploying them.
You are reviewing different access control models. Which of the following best describes a rule-based access control model? A. It uses local rules applied to users individually. B. It uses global rules applied to users individually. C. It uses local rules applied to all users equally. D. It uses global rules applied to all users equally.
D. It uses global rules applied to all users equally.
Brian's organization recently suffered a disaster and wants to improve their disaster recovery program based on their experience. Which one of the following activities will best assist with this task? A. Training programs B. Awareness efforts C. BIA review D. Lessons learned
D. Lessons learned
Due to a recent building intrusion, facility security has become a top priority. You are on the proposal committee that will be making recommendations on how to improve the organization's physical security stance. What is the most common form of perimeter security devices or mechanisms? A. Security guards B. Fences C. CCTV D. Lighting
D. Lighting
In which phase of the SW-CMM does an organization use quantitative measures to gain a detailed understanding of the development process? A. Initial B. Repeatable C. Defined D. Managed
D. Managed
Which one of the following encryption algorithms is now considered insecure? A. ElGamal B. RSA C. Elliptic Curve Cryptography D. Merkle-Hellman Knapsack
D. Merkle-Hellman Knapsack
Service-oriented architecture (SAO) constructs new applications or functions out of existing but separate and distinct software services. The resulting application is often new; thus, its security issues are unknown, untested, and unprotected. Which of the following is a direct extension of SOA that creates single-use functions that can be employed via an API by other software? A. Cyber-physical systems B. Fog computing C. DCS D. Microservices
D. Microservices
Some users in your network are having problems authenticating with a Kerberos server. While troubleshooting the problem, you verified you can log on to the user's computer with your credentials. Which of the following is most likely to solve this problem? A. Advanced Encryption Standard (AES) B. Network Access Control (NAC) C. Security Assertion Markup Language (SAML) D. Network Time Protocol (NTP)
D. Network Time Protocol (NTP)
An administrator is granting permissions to a database. What is the default level of access the administrator should grant to new users in the organization? A. Read B. Modify C. Full access D. No access
D. No access
Brian encountered encrypted data left on one of his systems by attackers who were communicating with one another. He has tried many cryptanalytic techniques and was unable to decrypt the data. He believes that the data may be protected with an unbreakable system. When correctly implemented, what is the only cryptosystem known to be unbreakable? A. Transposition cipher B. Substitution cipher C. Advanced Encryption Standard D. One-time pad
D. One-time pad
Based on advice from the National Institute of Standards and Technology (NIST), when should regular users be required to change their passwords? A. Every 30 days B. Every 60 days C. Every 90 days D. Only if the current password is compromised
D. Only if the current password is compromised
Harry is conducting a disaster recovery test. He moved a group of personnel to the alternate recovery site, where they are mimicking the operations of the primary site but do not have operational responsibility. What type of disaster recovery test is he performing? A. Checklist test B. Structured walk-through C. Simulation test D. Parallel test
D. Parallel test
An attacker used a tool to exploit a weakness in NTLM. They identified an administrator's user account. Although the attacker didn't discover the administrator's password, they did access remote systems by impersonating the administrator. Which of the following best identifies this attack? A. Pass the ticket B. Golden ticket C. Rainbow table D. Pass the hash
D. Pass the hash
Brian is developing continuity plan provisions and processes for his organization. What resource should he protect as the highest priority in those plans? A. Physical plant B. Infrastructure C. Financial D. People
D. People
Darcy is leading the BCP effort for her organization and is currently in the project scope and planning phase. What should she expect will be the major resource consumed by the BCP process during this phase? A. Hardware B. Software C. Processing time D. Personnel
D. Personnel
Which of the following is not a principle of Agile development? A. Satisfy the customer through early and continuous delivery. B. Businesspeople and developers work together. C. Pay continuous attention to technical excellence. D. Prioritize security over other requirements.
D. Prioritize security over other requirements.
A large organization using a Microsoft domain wants to limit the amount of time users have elevated privileges. Which of the following security operation concepts can be used to support this goal? A. Principle of least permission B. Separation of duties C. Need to know D. Privileged account management
D. Privileged account management
During a meeting of company leadership and the security team, discussion focuses on defining the value of assets in dollars, inventorying threats, predicting the specific amount of harm of a breach, and determining the number of times a threat could cause harm to the company each year. What is being performed? A. Qualitative risk assessment B. Delphi technique C. Risk avoidance D. Quantitative risk assessment
D. Quantitative risk assessment
A central authority determines which files a user can access based on the organization's hierarchy. Which of the following best describes this? A. DAC model B. An access control list (ACL) C. Rule-based access control model D. RBAC model
D. RBAC model
You are developing a new product that is intended to process data in order to trigger real-world adjustments with minimal latency or delay. The current plan is to embed the code into a ROM chip in order to optimize for mission-critical operations. What type of solution is most appropriate for this scenario? A. Containerized application B. An Arduino C. DCS D. RTOS
D. RTOS
Randi is designing a disaster recovery mechanism for her organization's critical business databases. She selects a strategy where an exact, up-to-date copy of the database is maintained at an alternative location. What term describes this approach? A. Transaction logging B. Remote journaling C. Electronic vaulting D. Remote mirroring
D. Remote mirroring
What phase of the Electronic Discovery Reference Model examines information to remove information subject to attorney-client privilege? A. Identification B. Collection C. Processing D. Review
D. Review
What are ethics? A. Mandatory actions required to fulfill job requirements B. Laws of professional conduct C. Regulations set forth by a professional organization D. Rules of personal behavior
D. Rules of personal behavior
A large city's central utility company has seen a dramatic increase in the number of distribution nodes failing or going offline. An APT group was attempting to take over control of the utility company and was responsible for the system failures. Which of the following systems has the attacker compromised? A. MFP B. RTOS C. SoC D. SCADA
D. SCADA
After conducting a survey of encryption technologies used in her organization, Melissa suspects that some may be out of date and pose security risks. Which one of the following technologies is considered flawed and should no longer be used? A. SHA-3 B. TLS 1.2 C. IPsec D. SSL 3.0
D. SSL 3.0
Some standalone automated data-gathering tools use search engines in their operation. They are able to accomplish this by automatically interacting with the human-interface web portal interface. What enables this capability? A. Remote control B. Virtual desktops C. Remote node operation D. Screen scraping
D. Screen scraping
Optimally, security governance is performed by a board of directors, but smaller organizations may simply have the CEO or CISO perform the activities of security governance. Which of the following is true about security governance? A. Security governance ensures that the requested activity or access to an object is possible given the rights and privileges assigned to the authenticated identity. B. Security governance is used for efficiency. Similar elements are put into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective. C. Security governance is a documented set of best IT security practices that prescribes goals and requirements for security controls and encourages the mapping of IT security ideals to business objectives. D. Security governance seeks to compare the security processes and infrastructure used within the organization with knowledge and insight obtained from external sources.
D. Security governance seeks to compare the security processes and infrastructure used within the organization with knowledge and insight obtained from external sources.
UDP is a connectionless protocol that operates at the Transport layer of the OSI model and uses ports to manage simultaneous connections. Which of the following terms is also related to UDP? A. Bits B. Logical addressing C. Data reformatting D. Simplex
D. Simplex
What disaster recovery planning tool can be used to protect an organization against the failure of a critical software firm to provide appropriate support for their products? A. Differential backups B. Business impact analysis C. Incremental backups D. Software escrow agreement
D. Software escrow agreement
Renee's organization is establishing a partnership with a firm located in France that will involve the exchange of personal information. Her partners in France want to ensure that the transfer will be compliant with the GDPR. What mechanism would be most appropriate? A. Binding corporate rules B. Privacy Shield C. Privacy Lock D. Standard contractual clauses
D. Standard contractual clauses
Modern networks are built on multilayer protocols, such as TCP/IP. This provides for flexibility and resiliency in complex network structures. All of the following are implications of multilayer protocols except which one? A. VLAN hopping B. Multiple encapsulation C. Filter evasion using tunneling D. Static IP addressing
D. Static IP addressing
Brian computes the digest of a single sentence of text using a SHA-2 hash function. He then changes a single character of the sentence and computes the hash value again. Which one of the following statements is true about the new hash value? A. The new hash value will be only one character different from the old hash value. B. The new hash value will share at least 50 percent of the characters of the old hash value. C. The new hash value will be unchanged. D. The new hash value will be completely different from the old hash value.
D. The new hash value will be completely different from the old hash value.
Mary is the cofounder of Acme Widgets, a manufacturing firm. Together with her partner, Joe, she has developed a special oil that will dramatically improve the widget manufacturing process. To keep the formula secret, Mary and Joe plan to make large quantities of the oil by themselves in the plant after the other workers have left. They want to protect this formula for as long as possible. What type of intellectual property protection best suits their needs? A. Copyright B. Trademark C. Patent D. Trade secret
D. Trade secret
What programming language construct is commonly used to perform error handling? A. If...then B. Case...when C. Do...while D. Try...catch
D. Try...catch
You are configuring a VPN to provide secure communications between systems. You want to minimize the information left in plaintext by the encryption mechanism of the chosen solution. Which IPsec mode provides for encryption of complete packets, including header information? A. Transport B. Encapsulating Security Payload C. Authentication Header D. Tunnel
D. Tunnel
The CISO has requested a report on the potential communication partners throughout the company. There is a plan to implement VPNs between all network segments in order to improve security against eavesdropping and data manipulation. Which of the following cannot be linked over a VPN? A. Two distant internet-connected LANs B. Two systems on the same LAN C. A system connected to the internet and a LAN connected to the internet D. Two systems without an intermediary network connection
D. Two systems without an intermediary network connection
Which of the following would not be a primary goal of a grudge attack? A. Disclosing embarrassing personal information B. Launching a virus on an organization's system C. Sending inappropriate email with a spoofed origination address of the victim organization D. Using automated tools to scan the organization's systems for vulnerable ports
D. Using automated tools to scan the organization's systems for vulnerable ports
What would be a valid argument for not immediately removing power from a machine when an incident is discovered? A. All of the damage has been done. Turning the machine off would not stop additional damage. B. There is no other system that can replace this one if it is turned off. C. Too many users are logged in and using the system. D. Valuable evidence in memory will be lost.
D. Valuable evidence in memory will be lost.
Which one of the following processes is most likely to list all security risks within a system? A. Configuration management B. Patch management C. Hardware inventory D. Vulnerability scan
D. Vulnerability scan
Jim was tricked into clicking on a malicious link contained in a spam email message. This cause malware to be installed on his system. The malware initiated a MAC flooding attack. Soon, Jim's system and everyone else's in the same local network began to receive all transmissions from all other members of the network as well as communications from other parts of the next-to-local members. The malware took advantage of what condition in the network? A. Social engineering B. Network segmentation C. ARP queries D. Weak switch configuration
D. Weak switch configuration
Name the Compensatory Controls
Hot failover sites Access controls Segregation of duties
Name the Detective Controls
Intrusion detection systems (IDSs) Security information and event management system (SIEMs)
Name the Corrective Controls
Vulnerability patching Keeping OSs current Backups