its 415 exam
How many possible keys exist when using a cryptographic algorithm that has an 8-bit binary encryption key? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A 512 option B 16 option C 128 option D 256
256
What is the length of the longest encryption key supported by the Advanced Encryption Standard (AES) algorithm? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A 256 bits option B 2,048 bits option C 1,024 bits option D 512 bits
256 bits
IPv4 has address lengths of how many bits? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A 128 option B 64 option C 32 option D 48
32
How many possible keys exist in a cryptographic algorithm that uses 6-bit encryption keys? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A 32 option B 64 option C 12 option D 16
64
Which of the following are the types of Bluetooth attacks? Each correct answer represents a complete solution. Choose all that apply. This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. A option A Bluejacking B option B Bluedigging C option C Bluesnarfing D option D Bluebugging
A Bluejacking C Bluesnarfing D Bluebugging
Which of the following are block cipher modes? Each correct answer represents a complete solution. Choose all that apply. This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. A option A CFB B option B OFB C option C AES D option D CBC
A CFB B OFB D CBC
Qualitative assessment of information is used as the basis of an information classification system that labels which broad categories of data to indicate the range of possible harm or impact? Each correct answer represents a complete solution. Choose all that apply. This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. A option A Confidential B option B For Official Use Only C option C Top marking D option D Top Secret
A Confidential B For Official D Top Secret
Which of the following are the stages of the waterfall model? Each correct answer represents a complete solution. Choose all that apply. This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. A option A Development and test B option B Operational deployment C option C Systems analysis D option D Systems replacement and architecture
A Development and test B Operational deployment C Systems analysis
Which of the following are the layers of the TCP/IP model? Each correct answer represents a complete solution. Choose all that apply. This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. A option A Link B option B Session C option C Network D option D Application
A Link C Network D Application
Which of the following are the legitimate ways to transfer a risk? Each correct answer represents a complete solution. Choose all that apply. This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. A option A Shift the affected business processes to a service provider, along with contractually making sure they are responsible for controlling that risk or have countermeasures in place to address it. B option B Change the underlying business process to use more secure software and hardware systems. C option C Recognize that government agencies have the responsibility to contain, control, or prevent the risk, which your taxes pay them to do. D option D Pay insurance premiums for a policy that provides for payment of claims and liabilities in the event the risk occurs.
A Shift the affected business processes to a service provider, along with contractually making sure they are responsible for controlling that risk or have countermeasures in place to address it. C Recognize that government agencies have the responsibility to contain, control, or prevent the risk, which your taxes pay them to do. D Pay insurance premiums for a policy that provides for payment of claims and liabilities in the event the risk occurs.
In this figure of the TCP three-way handshake, what should system A send to system B in step 3? https://imgur.com/a/EpqQahe A RST option B ACK option C SYN option D FIN
ACK
Which of the following is normally used as an authorization tool? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Password option B Username option C Token option D ACL
ACL
The Wi-Fi Protected Access Version 2 (WPA2) security protocol is based on which common encryption scheme? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A DES option B 3DES option C AES option D TLS
AES
Which of the following represents the annual loss expectancy (ALE) calculation? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A ALE = SLE/EF option B ALE = AV * EF option C ALE = SLE * ARO option D ALE = Risk * SLE
ALE=SLE*ARO
Which of the following is an organized disassembling of the rights and privileges of the user account as well as archiving any folders, data, or other user-specific information as required by the policy? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Aggregation option B Account provisioning option C Entitlement option D Account deprovisioning
Account Deprovisioning
What is the process of identifying everything that could be a key or valuable thing and adding it to an inventory system that tracks information about its acquisition costs, direct users, physical (or logical) location, and any relevant licensing or contract details? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Configuration management option B Configuration control option C Incident management option D Asset management
Asset management
When an application or system allows a logged-in user to perform specific actions, it is an example of what? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Accounting option B Authorization option C Availability option D Integrity
Authorization
Which of the following are the host layers of the OSI model? Each correct answer represents a complete solution. Choose all that apply. This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. A option A Data Link B option B Application C option C Presentation D option D Network
B Application C Presentation
Which of the following can put the organization completely out of existence and, along the way, inflict significant levels of pain and suffering on its employees? Each correct answer represents a complete solution. Choose all that apply. This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. A option A Triage B option B Disruption C option C Disaster D option D Anomaly
B Disruption C Disaster D Anomaly
Jim is building a research computing system that benefits from being part of a full mesh topology between systems. In a five-node full mesh topology design, how many connections will an individual system have? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Five option B Two option C Three option D Four
Four
Which of the following provides cloud services tailored to meet the needs of the U.S. federal government, whether for a single agency or for an interagency federation of activities? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Hybrid option B Private option C Public option D GovCloud
GovCloud
Don's company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A IDaaS option B IaaS option C SaaS option D PaaS
IaaS
Jim is implementing an IDaaS solution for his organization. What type of technology is he putting in place? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Intrusion detection as a service option B OAuth option C Identity as a service option D Employee ID as a service
Identity as a service
Alan is installing a fire suppression system that will kick in after a fire breaks out and protect the equipment in the data center from extensive damage. What metric is Alan attempting to lower? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A RPO option B Impact option C Likelihood option D RTO
Impact
Alice wants to send Bob a message with the confidence that Bob will know the message was not altered while in transit. What goal of cryptography is Alice trying to achieve? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Integrity option B Authentication option C Nonrepudiation option D Confidentiality
Integrity
What is the process of ensuring that the authorized senders and recipients have appropriate copies of cryptographic keys to be used for their secure communications, along with any updates to the rules for their period of use and their safe disposal? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Key exchange option B Key distribution option C Key generation option D Key encapsulation
Key distribution
A company is implementing asymmetric key cryptography for the emails of their employees. The company is concerned that employees may lose their private keys and will not be able to decrypt their messages. Which of the following is the best solution to this problem? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Key escrow option B Data remanence option C Key encapsulation option D Zeroization
Key escrow
SMTP, HTTP, and IMAP all occur at what layer of the OSI model? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Layer 3 option B Layer 4 option C Layer 5 option D Layer 7
Layer 7
Gary was recently hired as the first chief information security officer (CISO) for a local government agency. The agency recently suffered a security breach and is attempting to build a new information security program. Gary would like to apply some best practices for security operations as he is designing this program. As Gary decides what access permissions he should grant to each user, what principle should guide his decisions about default permissions? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Revocation option B Defense in depth option C Least privilege option D Separation of duties
Least privilege
Marty discovers that his organization allows any user to log into the workstation assigned to any other user, even if they are from completely different departments. This type of access violates which information security principle? option A Provisioning option B Revocation option C Aggregation option D Least privilege
Least privilege
Which of the following is designed to prevent a web server going offline from becoming a single point of failure in a web application architecture? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Firewall option B IPS option C Hypervisor option D Load balancing
Load balancing
Colleen is conducting a business impact assessment for her organization. What metric provides the maximum time that a business process or task cannot be performed without causing intolerable disruption or damage to the business? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A ALE option B MAO option C RTO option D MTTR
MAO
Florian is building a disaster recovery plan for his organization and would like to determine the amount of time that a particular IT service may be down without causing serious damage to business operations. What variable is Florian calculating? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A RPO option B MTO option C RTO option D SLA
MTO
Which of the following is not one of the canons of the (ISC)2 Code of Ethics? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Act honorably, honestly, justly, responsibly, and legally. option B Protect society, the common good, necessary public trust and confidence, and the infrastructure. option C Maintain competent records of all investigations and assessments. option D Provide diligent and competent service to principals.
Maintain competent records of all investigations and assessments
Jack's organization is a government agency that handles very sensitive information. They need to implement an access control system that allows administrators to set access rights but does not allow the delegation of those rights to other users. What is the best type of access control design for Jack's organization? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Discretionary access control option B Rule-based access control option C Decentralized access control option D Mandatory access control
Mandatory access control
In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Private cloud option B Public cloud option C Community cloud option D GovCloud
Public cloud
Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A SLE option B ARO option C MAO option D RPO
SLE
Which of the following is not a single sign-on implementation? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A CAS option B SMTP option C Kerberos option D ADFS
SMTP
Dave is responsible for password security in his organization and would like to strengthen the security of password files. He would like to restrict his organization for the use of rainbow tables. Which of the following techniques is specifically designed to frustrate the use of rainbow tables? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Salting option B Password expiration policies option C Password complexity policies option D User education
Salting
Alex's organization uses the NIST incident classification scheme. Alex discovers that a laptop belonging to a senior executive had keylogging software installed on it. How should Alex classify this occurrence? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Security incident option B Risk tolerance option C Kill chain option D Risk appetite
Security incident
When an attacker calls an organization's help desk and persuades them to reset a password for them because of the help desk employee's trust and willingness to help, what type of attack succeeded? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Rainbow table option B Social engineering option C Trojan horse option D Side-channel
Social Engineering
An attacker conceals their true identities and motives and presents themselves as a trusted individual for manipulating users into giving up inside information of an organization. This is a description of which of the following? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Distributed denial-of-service option B Rainbow table option C Social engineering option D Trojan horse
Social engineering
Which of the following encompasses any effort to learn about the people in the organization and find exploitable weaknesses via those people? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Social engineering option B Risk appetite option C Human security behavior option D Information system
Social engineering
Voice pattern recognition is what type of authentication factor? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Something you have option B Something you are option C Somewhere you are option D Something you know
Something you are
A program gets secretly or surreptitiously installed on Kim's system that intercepts his interaction with the system and sends sensitive information to its creators about Kim's activities without his consent. Which type of program is referred to in this scenario? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Ransomware option B Scareware option C Spyware option D Rootkit
Spyware
What RADIUS alternative has been widely refined by the Cisco system and provides greater command logging and central management features? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A TACACS+ option B RADIUS+ option C SNMP option D LDAP
TACACS+
Which of the following works as a cross-layer protocol within both TCP/IP and OSI 7-layer reference model protocol stacks to provide secure connections and has largely replaced SSL (Secure Socket Layer) due to SSL's encryption vulnerabilities? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A SNMP option B TLS option C LDAP option D S/MIME
TLS
Sally recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite that she knows the user's password. What hardware security feature is likely causing this problem? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A SDN option B TPM option C DMZ option D IDS
TPM
Which of the following terms is defined as the basic logical geometry by which different elements of a network connect together? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Segmentation option B Protocol option C Topology option D Data plane
Topology
Which of the following security programs is designed to provide employees with the knowledge they need to perform their specific work tasks? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Education option B Indoctrination option C Awareness option D Training
Training
Ben is designing a Wi-Fi network and has been asked to choose the most secure option for the network. Which wireless security standard should he choose? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A WPA option B WPA2 option C NTP option D WEP
WPA2
Linda is selecting a disaster recovery facility for her organization, and she wants to retain independence from other organizations as much as possible. She would like to choose a facility that balances cost and recovery time, allowing activation in about one week after a disaster is declared. What type of facility should she choose? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Cold site option B Hot site option C Mutual site option D Warm site
Warm Site
During a management meeting, the chief information security officer, Jim, is describing attacks made against the senior level at an organization. Which attack is Jim describing? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Rainbow table option B Whaling option C ARP spoofing option D Bluesnarfing
Whaling
Greg would like to implement an application control technology in his organization. He would like to limit users to install only approved software on their systems. What type of application control would be appropriate in this situation? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Blacklisting option B Negative control option C Whitelisting option D Bluelisting
Whitelisting
Lauren wants to ensure that her users run only software that her organization has approved. What technology should she deploy? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Heuristic option B Antivirus option C Bluelisting option D Whitelisting
Whitelisting
Which of the following malware types uses built-in propagation mechanisms that exploit system vulnerabilities to spread and can replicate itself without any user interaction? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Logic bomb option B Virus option C Trojan horse option D Worm
Worm
The process by which cryptologic systems are cleared of all keying materials, plaintext, ciphertext, and control parameters is known as which of the following? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Cryptology option B Hashing option C Key revocation option D Zeroization
Zeroization
An attacker tries to develop a long-term relationship with staff members within the target organization. They may pose as a prospective employee and gather significant information about software (applications and systems) being used at the target company, how tightly it is controlled, and how well it is maintained. Offering a sympathetic ear to complaints about the systems being used, attackers can spot potential vulnerabilities—either in those systems or with other humans in the organization to target with social engineering efforts. According to the scenario, this describes which of the following attacks? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Privilege escalation option B Cat-fish option C Brute-force option D Distributed denial-of-service
Cat-fish
Which of the following is referred to as the encrypted text? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Hypertext option B Plaintext option C Ciphertext option D Criptext
Ciphertext
In what model of cloud computing do two or more organizations collaborate to build a shared cloud computing environment that is for their own use? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Private cloud option B Public cloud option C Hybrid cloud option D Community cloud
Community cloud
Susan has discovered that the smart card-based locks used to keep the facility secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Recovery option B Detective option C Administrative option D Compensation
Compensation
Alice sends a message to Bob and wants to ensure that Mal, a third party, does not read the contents of the message while in transit. What goal of cryptography is Alice attempting to achieve? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Integrity option B Authentication option C Nonrepudiation option D Confidentiality
Confidentiality
An investment has been made in obtaining and producing information. The competitive advantage this information investment gives us is that others cannot take this information away and neutralize our advantage. Which of the following is about protecting such investment? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Integrity option B Confidentiality option C Due care option D Nonrepudiation
Confidentiality
During which phase does the incident response team limit the damage caused by an incident? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Containment option B Preparation option C Recovery option D Detection
Containment
During a forensic investigation, Charles is able to determine the Media Access Control address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vendor and are part of the fingerprint of the system. To which OSI layer does a MAC address belong? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Application layer option B Session layer option C Physical layer option D Data Link layer
Data Link layer
What principle of information security states that an organization should implement overlapping security controls whenever possible? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Revocation option B Defense in depth option C Separation of duties option D Chain of custody
Defense in depth
Ann is a security professional for a midsize business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system gave an alert because the network began to receive an unusual high volume of the inbound traffic. Ann received this alert and began looking into the origin of the traffic. As Ann analyzes the traffic further, she realizes that the traffic is coming from many different sources and has overwhelmed the network, preventing legitimate uses. The inbound packets are responses to queries that she does not see in the outbound traffic. The responses are abnormally large for their type. What type of attack should Ann suspect? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Rainbow table option B Cryptanalysis option C Denial-of-service option D Phishing
Denial-of-Service
Frank is the security administrator for a web server that provides news and information to people located around the world. His server received an unusual high volume of traffic that it could not handle and was forced to reject requests. Frank traced the source of the traffic back to a botnet. What type of attack took place? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Denial-of-service option B Phishing option C Rainbow table option D Side-channel
Denial-of-Service
The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack detect issues like this using his organization's new centralized logging? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Deploy and use MDM. option B Use a honeypot. option C Deploy and use SIEM. option D Use a hypervisor.
Deploy and use SIEM
At a murder crime scene, a laptop is found which is password protected. The investigation team has hired a hacker to access the laptop to get all the relevant information of the deceased. The hacker is trying to access the laptop by systematically entering every word/phrase as a password. Which type of attack does this describe? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Man-in-the-middle option B Denial-of-service option C Data exfiltration option D Dictionary
Dictionary
Which of the following tools is used to achieve the goal of nonrepudiation? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Firewall option B IDS option C Digital signature option D Symmetric encryption
Digital Signature
What type of access control allows the owner of a file to grant other users access to it using an access control list? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Nondiscretionary option B Subject-based option C Discretionary option D Role-based
Discretionary
Harry would like to access a document owned by Sally stored on a file server. Applying the subject/object model to this scenario, who or what is the object of the resource request? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Sally option B File server option C Document option D Harry
Document
Which of the following starts with the initial claim of identity and a request to create a set of credentials for that identity? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Entitlement option B Aggregation option C Deprovisioning option D Provisioning
Provisioning
Veronica is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move database backups from the primary facility to an off-site location each night. What type of database recovery technique is the consultant describing? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Electronic vaulting option B Striping option C Hypervisor option D Load balancing clustering
Electronic Vaulting
What is the process that occurs when the header and footer are added to the data? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Segmentation option B Encapsulation option C Payload option D De-encapsulation
Encapsulation
Which of the following is the process of taking raw data from numerous sources, assimilating and processing it, and presenting the result in a way that can be easily interpreted and acted upon? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Traffic analysis option B Event data analysis option C Business impact analysis option D Gap analysis
Event data analysis
Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Matthew's private key option B Richard's public key option C Richard's private key option D Matthew's public key
Matthew's private key
Kolin is searching for a network security solution that will allow him to help reduce zero-day attacks while using identities to enforce a security policy on systems before they connect to the network. What type of solution should Kolin implement? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Intrusion detection system option B NAC system option C Firewall option D Port security
NAC system
Which of the following allows a local area network to use one set of IP addresses for internal traffic and another set of IP addresses for external traffic? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A NAC option B VPN option C DMZ option D NAT
NAT
John is a network administrator of his organization. He wants to monitor all network traffic on his local network for suspicious activities and alert with a notification when a possible attack is in process. Which of the following will help in detecting this type of incident? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A IDE option B HIDS option C NIDS option D NAC
NIDS
Chris is troubleshooting an issue with his organization's SIEM reporting. After analyzing the issue, he believes that the timestamps on log entries from different systems are inconsistent. What protocol can he use to resolve this issue? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A NTP option B SSH option C FTP option D TLS
NTP
Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. Matthew would like to enhance the security of his communication by adding a digital signature to the message. What goal of cryptography are digital signatures intended to enforce? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Privacy option B Nonrepudiation option C Utility option D Availability
Nonrepudiation
Information about an individual like their name, Social Security number, date and place of birth, or their mother's maiden name is an example of what type of protected information? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A DAC option B SSO option C MAC option D PII
PII
Mark is planning a disaster recovery test for his organization. He would like to perform a live test of the disaster recovery facility but does not want to disrupt operations at the primary facility. What type of test should Mark choose? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Full interruption test option B Structured walk-through option C Parallel test option D Checklist review
Parallel test
Dogs, guards, and fences are all common examples of what type of control? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Detective option B Physical option C Administrative option D Recovery
Physical
In what cloud computing model does the customer build a cloud computing environment in his or her own data center or build an environment in another data center that is for the customer's exclusive use? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Private cloud option B Public cloud option C GovCloud option D Hybrid cloud
Private cloud
Alex has been with the university he works at for more than 10 years. During that time, he has been a system administrator and a database administrator, and he has worked in the university's help desk. He is now a manager for the team that runs the university's web applications. https://imgur.com/a/SsLeYSy Alex has access to B, C, and D. What concern should he raise to the university's identity management team? A The provisioning process did not give him the rights he needs. option B He has excessive privileges. option C Privilege creep may be taking place. option D Logging is not properly enabled.
Privilege creep may be taking place
Gordon is developing a business continuity plan for a manufacturing company's IT operations. The company is located in North Dakota and currently evaluating the risk of earthquakes. They choose to pursue a risk transference strategy. Which of the following actions is consistent with that strategy? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Taking no action other than documenting the risk option B Reengineering the facility to withstand the shock of an earthquake option C Purchasing earthquake insurance option D Relocating the data center to a safer area
Purchasing earthquake insurance
Which type of business impact assessment tool is most appropriate when attempting to evaluate the impact of a failure on customer confidence? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Qualitative option B Quantitative option C Single loss expectancy option D Annualized loss expectancy
Qualitative
Which of the following is used to write data to a series of hard disks to provide either speed or data redundancy? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A SOC option B RAID option C SIEM option D NAC
RAID
Greg is building a disaster recovery plan for his organization and would like to determine the amount of time that it should take to restore a particular IT service after an outage. What variable is Greg calculating? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A RTO option B MTTR option C SLA option D ALE
RTO
Kim is a security administrator of his company. Jack, a team member, reports Kim about an e-mail that displays a message demanding a fee to be paid for his system to work again. Which type of threat is described in the scenario? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Rainbow table option B Backdoor option C Zero-day option D Ransomware
Ransomware
Retaining and maintaining information for as long as it is needed is known as what? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Records retention option B Data encapsulation option C Data storage option D Data remanence
Records retention
An incident response team works using the prepositioned sets of software and hardware tools for capturing data, analyzing it, and drawing conclusions about the event. Which tool helps the team in accomplishing this? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Semantic option B Resiliency option C Precursor option D Responder's workbench
Responder's workbench
Ricky would like to access a remote file server through a VPN connection. He begins this process by connecting to VPN and attempting to log in. Applying the subject/object model to this request, what is the subject of Ricky's login attempt? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Files contained on the remote server option B Ricky option C VPN option D Remote file server
Ricky
A major incident of security breach has occurred in your IT organization. As a security manager, you are working along with your team to find out the underlying vulnerability or mechanism of failure which has led to this incident. What sort of analysis is required? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Gap analysis option B Root cause analysis option C Traffic analysis option D Evaluate analysis
Root cause analysis
Which of the following is a special class of malware that uses a variety of privilege elevation techniques to insert themselves into the lowest-level (or kernel) functions in the operating system and upon bootup get loaded and enabled before most antimalware or antivirus systems get loaded and enabled? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Keystroke logger option B Trojan horse option C Rootkit option D Virus
Rootkit
Fred needs to deploy a network device that can connect his network to other networks while controlling traffic on his network. What type of device should Fred choose? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A Hub option B Router option C Load balancer option D Firewall
Router
Which of the following uses network management and virtualization tools to completely define the network in software? This type of question contains radio buttons and checkboxes for selection of options. Use Tab for navigation and Enter or space to select the option. option A WEP option B NFC option C DMZ option D SDN
SDN
