Pre-Test
If Susan's organization requires her to log in with her username, a PIN, a password, and a retina scan, how many distinct authentication factor types has she used?
Two
Alejandro is an incident response analyst for a large corporation. He is on the midnight shift when an intrusion detection system alerts him to a potential brute-force password attack against one of the company's critical information systems. He performs an initial triage of the event before taking any additional action. If Alejandro's initial investigation determines that a security incident is likely taking place, what should be his next step?
Activate the incident response team
Which of the following is verification that a process has been completed according to the policy or plan?
Auditing
You are conducting a qualitative risk assessment for your organization. The two important risk elements that should weigh most heavily in your analysis of risk are probability and ...
impact
Which of the following cryptographic goals protects against the risks posed when a device is lost or stolen?
Confidentiality
Which of the following come under the CIA Triad?
Confidentiality, Integrity, Availability
What type of access control is intended to discover unwanted or unauthorized activity by providing information after the event has occurred?
Detective
Fred's company wants to ensure the integrity of email messages sent via their central email servers. If the confidentiality of the messages is not critical, what solution should Fred suggest?
Digitally sign but don't encrypt all messages
Alex's job requires him to see protected health information to ensure the proper treatment of patients. His access to thier medical records does not provide access to patient addresses or billing information. What access control concept best describes this control?
Need to know
Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower?
Likelihood
What are the forms of the layers of an organization's function?
Logical elements Physical systems of elements Administrative elements
Which of the following are the key characteristics of informatoin?
- Privacy - Integrity - Confidentiality
In an organization, a dashboard provides which of the following aspects of a critical information infrastructure's security situation?
- Real-time and near-real-time incident information - Real-time and near-real-time indicators and warnings - Systems health information
You have identified the risks and then you need to mitigate those risks as you find it unacceptable. Once you treat the risks, you won't completely eliminate all the risks because it is simply not possible and therefore, some risks will remain at a certain level. This is a description of which of the following?
Residual risk
Elaine is developing a business continuity plan for her organization. What value should she seek to minimize?
RTO
Which one of the following metrics specifies the amount of time that business continuity planners find acceptable for the restoration of services after a disaster?
RTO
During a penetration test, Chris recovers a file containing hashed passwords for the system he is attempting to access. What type of attack is likely to succeed against the hashed passwords?
Rainbow table attack
Derek sets up a series of virtual machines that are automatically created in a completely isolated environment. Once created, the systems are used to run potentially malicious software and files. The actions taken by those files and programs are recorded and then reported. What technique is Derek using?
Sandboxing
Theresa is implementing a new access control system and wants to ensure that developers do not have the ability to move code from development systems into the production environment. What information security principle is she most directly enforcing?
Separation of duties
The preamble of the (ISC)2 Code of Ethics reminds us of which of the following?
All of these
Which of the following are the datacenter's logging and monitoring system activities that are worth raising alarm for any incident that might occur?
All of these
NIST, in its special publication 800-61r2, refines the mitigation phase by breaking it down into which of the following steps?
- Eradication - Containment
Which of the following come under the guidelines for use during computer forensic investigation?
- Identifying evidence - Examining or analyzing evidence - Collecting or acquiring evidence
How many nodes or hosts per network does a Class C address support?
256
Kay is selecting an application management approach for her organization. Employees need the flexibility to install software on their systems, but Kay wants to prevent them from installing certain prohibited packages. What type of approach should she use?
Blacklist
Ann is a security professional for a mid-sized business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Ann received this alert and began looking into the origin of the traffic. Ann continues her investigation and realizes that the traffic generating the alert is abnormally high volumes of inbound UDP traffic on port 53. What service typically uses this port?
DNS
During troubleshooting, Chris uses the nslookup command to check the IP address of a host he is attempting to connect to. The IP he sees in the response is not the IP that should resolve when the lookup is done. What type of attack has likely been conducted?
DNS poisoning
Norm would like to conduct a disaster recovery test for his organization and wants to choose the most thorough type of test, recognizing that it may be quite disruptive. What type of test should Norm choose?
Full interuption
Kim wants to place a device on the outward-facing areas of the organization's network that may be broken into by an attacker so that she can evaluate the strategies that hackers are using on his systems. Which of the following would she use?
Honeypot
Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing?
Least privilege
Lauren starts at her new job and finds that she has access to a variety of systems that she does not need to accomplish her job. This is a violation of which of the following?
Least privilege
During what phase of the incident response process would security professionals analyze the process itself to determine whether any improvements are warranted?
Lessons learned
Which of the following is special-purpose software that bridges functional and interface gaps between different systems, applications, or platforms?
Middleware
What are the four correct steps of the OODA loop?
Observe, Orient, Decide, and Act
Rick is an application developer who works primarily in Python. He recently decided to evaluate a new service where he provides his Python code to a vendor who then executes it on their server environment. What type of cloud computing environment is this service?
PaaS
What type of disaster recover test activates the alternate processing facility and uses it to conduct transactions but leaves the primary site up and running?
Parallel
Which of the following steps of the PDCA cycle is the process of laying out the step-by-step path we need to take to go from "where we are" to "where we want to be"?
Planning
Juniper Content is a web content development company with 40 employees located in two offices: one in New York and a smaller office in the San Francisco Bay Area. You are the newly appointed IT manager for Juniper Content, and you are working to augment existing security controls to improve the organization's security. You are concerned about the availability of data stored on each office's server. You would like to add technology that would enable continued access to files located on the server even if a hard drive in a server fails. Which of the following will help in accomplishing the task?
RAID
Ben needs to verify that the most recent patch for this organization's critical application did not introduce issues elsewhere. What type of testing does Ben need to conduct to ensure this?
Regression testing
The common vulnerabilities and exposures (CVE) data and your own vulnerability assessments indicate that many of your end-user systems do not include recent security patches released by the software vendors. You decide to bring these systems up to date by applying these patches. This is an example of which of the following?
Remediating or mitigating a risk
Which formula is used to determine risk?
Risk = Threat * Vulnerability
Tom is conducting a business continuity planning effort for Orange Blossoms, a fruit orchard located in Central Florida. During the assessment process, the committee determined that there is a small risk of snow in the region but that the cost of implementing controls to reduce the impact of that risk is not warranted. They elect to not take any specific action in response to the risk. What risk management strategy is Orange Blossoms pursuing?
Risk acceptance
Tamara recently decided to purchase cyber-liability insurance to cover her company's costs in the event of a data breach. What risk management strategy is she pursuing?
Risk transferance
Ann is a security professional for a mid-sized business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, and many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because the network began to receive an unusually high volume of inbound traffic. Ann received this alert and began looking into the origin of the traffic. At this point in the incident response process, what term best describes what has occurred in Ann's organization?
Security event
What type of attack would the following precautions help prevent? - Requesting proof of identity - Requiring callback authorizations on voice-only requests - Not changing passwords via voice communications
Social engineering
During which of the following disaster recovery tests does the team sit together and discuss the response to a scenario but not actually activate any disaster recovery controls?
Structured walk-through
Andrew believes that a digital certificate belonging to his organization was compromised and would like to add it to a Certificate Revocation List. Who must add the certificate to the CRL?
The certificate authority that issued the certificate.
What type of alternate processing facility contains the hardware necessary to restore operations but does not have a current copy of data?
Warm site
Stella is using a phishing attack to masquerade a senior player of an organization and directly targeting other important individuals of the organization with the aim of stealing money or sensitive information. Which type of phishing attack is she using?
Whaling
Which of the following is an exploitation of a newly discovered vulnerability before that vulnerability is discovered by or reported to the developers, vendors, or users of the affected system?
Zero-day