CASP-003 questions
When managing risk associated with IT security, which of the following options are available? (Choose all that apply) A. Acceptance B. Reduction C. Sharing D. Outsourcing
A, B, C, D Acceptance (A) is one of four options and is necessary for residual risk. Reduction (B) is a term that is synonymous with mitigation or the application of security controls. Sharing (C) and outsourcing (D) are both forms of transference - risks can be shared with partners or outsourced
A new regulation has been issued that applies to your operations. Which of the following are used to document the required changes? (Choose all that apply.) A. Policies B. Procedures C. Standards D. PIA
A, B. Changes in regulation can create the need for new policies and procedures.
Which of the following are examples of human-based social engineering? (Choose all that apply.) A. Dumpster diving B. Tailgating C. Phishing D. Spam E. Spim
A, B. Dumpster diving and tailgating are examples of human-based social engineering.
Which of the following technologies currently lack standards? (Choose all that apply.) A. IoT B. Blockchain C. Wi-Fi D. Bluetooth
A, B. IoT (Internet of Things) and blockchain still do not have any industry standards.
Examples of SSO include which of the following? (Select all that apply.) A. Kerberos B. OpenID systems C. SOAP D. WSDL
A, B. Kerberos is an enterprise-level SSO. OpenID is an open standard that defines the use of third parties as authentication systems and can be used to build an SSO. An example is when users employ Facebook to log in to other applications.
Which of the following are examples of malicious hackers who always hack for political or social reasons? (Choose all that apply.) A. Suicide hackers B. Hacktivists C. Script kiddies D. White hats
A, B. Suicide hackers are essentially hacktivists who are willing to get caught or "take one for the team" in order to advance their agenda.
What factors should be part of determining an overall likelihood rating for a particular issue? (Choose all that apply.) A. Threat-source motivation B. Threat-source capability C. Asset value D. ALE
A, B. Threat-source motivation and capability are driving factors as to whether an attack is likely, and both impact the likelihood component.
Which of the following are examples of file integrity monitoring tools? (Choose all that apply.) A. Tripwire B. System file checker (SFC) C. Nmap D. Event Viewer
A, B. Tripwire and SFC.
Risk management is an approach to information security that is built upon which elements? (choose all that apply A. Security Controls B. Policy C. Internal Audit D. FISMA
A, C a risk management framework is built around security controls (A) and audits (C)
Which of the following are true statements concerning the use of social engineering as a technique? (Choose all that apply.) A. It targets Facebook and Twitter accounts. B. It bypasses firewalls by tunneling traffic. C. It attacks the human element and not technology. D. It is best mitigated through security awareness training.
A, C, D. Social engineering targets the human element, which can also be done over targets like Facebook and Twitter. It is best mitigated through security awareness training.
Certificate-based authentication systems are characterized by which of the following? (Select all that apply.) A. A fairly extensive infrastructure in the form of public key infrastructures (PKIs) B. A trust relationship between a user and a service provider C. A Distinguished Name and an associated public key, with the entire certificate being signed by a trusted third party D. XML
A, C. Certificate-based authentication is based on public key cryptography and uses PKI to connect public keys to owners. It is composed of elements such as a Distinguished Name and an associated public key, with the entire certificate being signed by a trusted third party.
Elements of a change management program include which of the following? (Select all that apply.) A. CCB process B. Third-party validation before implementation C. Back-out plans for each change D. Approval by the CIO for each change in production
A, C. Change management programs are run by Change Control Boards (CCBs), and all change plans should have a back-out plan in case they do not integrate into production properly.
Desktop sharing can have which of the following security implications in an enterprise? (Choose all that apply.) A. Electronic clean desk issue B. VPN channels C. Malware delivery mechanism D. Increased need for monitoring
A, C. If the desktop has sensitive issues such as files with names that give away details, then the act of sharing can lead to data leakage. (Just as leaving a file marked "XYZ Merger" on your desk can alert passersby.) Also, because the desktop is shared, it can involve delivery of files and hence malware to a system.
Cryptoprocessors come in many forms, including which of the following? (Choose all that apply.) A. Smart cards B. Certificates C. TPM chips D. BIOS
A, C. Smart cards and TPM chips are examples of cryptoprocessors.
Alice needs to secure a message to Bob and prove it came from her. Which keys will she need to use to accomplish this task? (Choose all that apply.) A. Alice's private key B. Alice's public key C. Bob's private key D. Bob's public key
A, D. Alice uses her private key to sign a message, and Alice uses Bob's public key to encrypt a message.
Which of the following statements about jailbreaking and rooting are correct? (Choose all that apply.) A. Jailbreaking is for iOS; rooting is for Android. B. Rooting is for iOS; jailbreaking is for Android. C. Jailbreaking provides root-level privileges to the mobile OS. D. Rooting voids the warranty on the mobile device. E. Jailbreaking increases the security of the mobile OS.
A, D. Jailbreaking is for iOS, and rooting is for Android. Also, rooting voids the warranty on the mobile device.
Data retention times are specified by which of the following? (Select all that apply.) A. Laws and regulations B. Actual practice in the enterprise C. Security policy D. Corporate legal department
A, D. Laws and regulations (A) are one source of information; advice from the firm's legal department (D) is another.
XML is used in which standards? (Select all that apply.) A. SAML B. SSO C. SMTP D. XACML
A, D. SAML and XACML are both constructed using XML.
Which of the following is true concerning security processes, procedures, and controls? A. Security processes, procedures, and controls can be implemented within an organization, but if the employees seek to avoid them at every opportunity, security can be severely impacted. B. Security processes, procedures, and controls only apply to security personnel. C. Security processes, procedures, and controls are always strictly followed by the employees they pertain to. D. Security processes, procedures, and controls are all the same thing.
A. For security processes, procedures, and controls to be effective, they must be followed by the employees they apply to. If employees seek to avoid or ignore them, it will have a negative impact on the security of the organization.
Specifying performance of a security solution means: A. Specifying packets per second and throughput that must be supported B. Determining the MTTR of the solution C. Validating the TCO of the solution D. Counting the types and number of attacks contained in the signature database
A. In the examples listed, specifying the performance of a security solution means specifying packets per second and the throughput that must be supported.
A new piece of equipment is placed into production to improve security during the communication of orders between internal organizations. Which of the following documents would need updating? A. Procedures B. ISA C. NDA D. MOU
A. Procedures are work-level step-by-step documentation that is dependent on the people, technology, and task. A change of equipment would necessitate a new procedure.
In which situation or location would prototyping be most appropriate? A. In a lab environment B. After products have been released to the public C. In the production environment D. With second or subsequent releases of a product
A. Prototyping is typically done in a test environment.
What value does risk analysis provide to management? (Choose all that apply) A. Quantifies the impact of the threat source B. Supports budgeting for security C. Determines responsibility with respect to losses D. Allows for the adjusting of security policy
A. Quantifies the impact of the threat source B. Supports budgeting for security Risk is defined as the probability of a threat being manifested (A) and its effectiveness against a business asset (B)
Which of the following technologies would be most appropriate in your inventory control efforts? A. RFID B. NFC C. IrDA D. 802.11i
A. RFID was mentioned in this chapter as a technology that can be useful in tracking individual inventory items.
Which of the following testing methods determines if changes to software have resulted in unintended losses of functionality and security? A. Regression testing B. User acceptance testing C. Unit testing D. Peer review
A. Regression testing determines if changes to software have resulted in unintended losses of functionality and security.
Cloud computing has an impact on the security posture of an organization. Which of the following is NOT a risk associated with cloud computing? A. Regulatory requirements (for example, HIPAA/HITECH) associated with data stored in the cloud B. Backup provisions for the data stored in the cloud C. Business viability of the cloud provider D. Where the data is actually stored (location, country, and so on)
A. Regulatory requirements (for example, HIPAA/HITECH) associated with data stored in the cloud Regulatory requirements associated with the securing of a data for the most part technology and implementation methodology neutral. Data should always be encrypted in the cloud, and where data is stored does not relieve a firm of its protection requirements
Before compromising a web application, you decide to perform a fuzzing attack first. What is the purpose of fuzzers? A. Sending random strings of text to input fields B. Forking multiple requests to test load-balancing capabilities C. Testing the strength of SSL ciphers in use D. Validating user-supplied input
A. Send random strings of text at input fields.
To calculate risk, one needs to know which elements? (Choose all that apply) A. The chance of a threat occurring B. The exposure of a business asset or value to a threat C. The cost of the security control mitigating a threat D. The level of loss that can be transferred to other parties
A. The chance of a threat occurring B. The exposure of a business asset or value to a threat D. The level of loss that can be transferred to other parties Risk analysis is responsible for quantifying the risk profile associated with the specific risk (A). Risk analysis can also provide input into security operations and a firm's ability to control its computer-stored information (B). It allows for adjusting of policies and procedures to keep the business aligned with changes needed to adequately secure the information (D)
Which of the following statements is true about the information assurance community? A. It is large and continually growing. B. It has remained static for the last decade, neither growing nor shrinking. C. With the downturn in the global economy, the security community has also been affected and has shrunk from its peak, which occurred around 2001. D. It is not a legitimate source for security information.
A. The community has been growing and doesn't show any signs of a downturn.
Which of the following governs the review, retention, and destruction of data in the enterprise? A. Document retention policy B. Data destruction policy C. Compliance policy D. Incident response policy
A. The document retention policy (or data retention policy) governs all aspects of data/document retention.
You are a member of a team that is going to perform a forensics capture of a desktop PC. Which is the best order of capture? A. RAM, hard drive, DVD B. Thumb drive, hard drive, RAM C. Hard drive, RAM, DVD D. Hard drive, thumb drive, RAM
A. The most volatile is RAM, which is first, followed by hard drive and DVD.
What are the two common types of VLAN-hopping attacks? A. Switch spoofing and double tagging B. MAC switching and reverse tagging C. Route poisoning and DDoS D. ARP spoofing and reverse VLAN injection
A. The two main types of VLAN-hopping attacks are switch spoofing and double tagging.
New Technology can introduce risk to an enterprise. Which of the following describes significant risks associated with employee-owned devices, smartphones, and tablets? A. These devices can extend network boundaries B. These devices can be used to steal data C. These devices are next to impossible to secure D. These devices are concentrated within senior management who have greater levels of access
A. These devices can extend network boundaries. Mobile devices that connect to the network and can access data effectively shift the perimeter of the network to the device
Which of the following refers to the element of security associated with the unauthorized deletion of data? A. Integrity B. Confidentiality C. Data retention policy D. Privacy policy
A. This is the definition of integrity.
From a security standpoint, why is having a standard operating environment (SOE) important? A. Without an SOE, administrators will be hard pressed to maintain the security of systems because there could easily be so many different existing configurations that they would not be able to ensure all are patched and secured correctly. B. Having an SOE has nothing to do with security and is purely an administrative tool. C. Having an SOE allows administrators to take advantage of large-scale, bulk ordering of software, thus saving funds. D. Having an SOE is essential in order to implement Active Directory correctly.
A. This is the key. If your organization has a large number of systems, without having a standard operating environment, configuration control could quickly get out of hand, and maintaining the security of numerous, disparate systems would become untenable.
Your newest application has been having a variety of issues with conflicts and bugs. Management has decided to sandbox the application. What are the important details that need to be known to correctly sandbox the application? A. Exact enumeration and details of system resources needed by the application B. The language the application is written in C. The default storage location of the executables and config data D. How big the memory footprint is
A. To properly sandbox the application, one needs to know what interactions it must have with outside resources to function as built. These elements can then be used to determine safe access.
Which of the following device types is likely to provide multiple security and network services, including DLP, QoS, and VPN services? A. UTM B. Router C. Proxy server D. Firewall
A. UTM devices integrate numerous security and networking functions into a single all-in-one device.
The sales manager has requested your help in building an electronic ordering system that will offer nonrepudiation of orders entered through the system. You suggest a method with the following explanation of how it protects the firm from repudiation of an order. (Choose the best answer.) A. Use a digital signature to support nonrepudiation by ensuring a specific private key (registered to the person or firm submitting the order) was used in the order process. Only the holder of the private key could create the order and corresponding signature. B. Use an SSL login page to a secure order page. Logging in can create a log of the order and the credentials used. C. Verify all orders with an automated callback system designed around e-mail and a secondary approval process. D. Build the order system behind a VPN solution, having customers use the VPN to protect their orders from outside snooping.
A. Use a digital signature to support nonrepudiation by ensuring a specific private key (registered to the person or firm submitting the order) was used in the order process. Only the holder of the private key could create the order and corresponding signature.
Video-conferencing equipment poses what new threat(s) in the enterprise? A. Unauthorized eavesdropping via equipment B. Replay attacks C. Malware proliferation D. Driver corruption
A. Video conferencing equipment can be remotely activated and used to spy on people within range of camera and microphones, at times, without them knowing that they are being recorded.
Which of the following box test types is best for simulating a rogue administrator attacking the organization? A. White box B. Black box C. Gray box D. Red box
A. White box tests simulate the attacks that could be done by a powerful internal employee like an administrator.
An internal audit can provide management information with respect to the efficacy of security controls. Which documents can provide baseline guidance? (Choose all that apply) A. FISMA B. COBIT C. Consensus Audit Guidelines D. NIST SP 800-53
B, C, D Cobit (B) is a framework for control objectives in the IT environment. The Consensus Audit Guidelines (C) are a list of teh top 20 security controls. NIST SP 800-53 (D) is a collection of hundreds of security controls
Best-practice documents are useful for security personnel for which of the following reasons? (Choose all that apply.) A. Following them will ensure that the organization will be free from security problems (breaches). B. They allow security personnel to see what others may do in similar situations to the one they find themselves in. C. With a limited amount of time, security personnel need to know what things to do first or to concentrate on what will yield the largest payback. D. In case of a breach, the organization can show that it at least did what others are doing to secure their own systems, thus it has shown a reasonable level of due diligence.
B, C, D. All of these are reasons that following security best practices will be useful for security professionals.
Which of the following are generally true about the programmers in an organization? (Choose all that apply.) A. With the number and frequency of security incidents today, developing secure software has become a prime motivator for programmers. B. Programmers are encouraged to produce working software as quickly as possible. C. Security is not a primary concern for most programmers. D. Most programmers have not been trained in secure software development techniques.
B, C, D. All of these are true in general for programmers. Their prime motivation is in getting the software to run; they are not trained to be concerned about security within the code.
Hardware security modules perform which security functions for an enterprise? (Choose all that apply.) A. Sniffing the network in search of malicious or unapproved traffic B. Safeguarding of keys C. Key generation D. Preventing execution of unauthorized applications
B, C, D. Among other things, HSMs can provide safeguarding of cryptographic keys and key generation services as well as prevent the execution of unauthorized applications.
Google hacking is an example of which of the following? (Choose all that apply.) A. Hacking Google B. Using Google to perform advanced searches on the Internet C. Using Google to access cached copies of websites D. Using Google to limit results according to a specific domain
B, C, D. Google hacking advanced searches include accessing cached copies of websites and limiting the results to a particular domain.
Which of the following are ways that an organization can determine the security implications of a new technology? (Choose all that apply.) A. Check with the Better Business Bureau, which keeps a list of security vulnerabilities for products. B. The vendor may supply information, as long as it benefits the product. C. The organization can have a vulnerability or penetration test performed on the new product or technology. D. Check to see what has been said about it on the Internet.
B, C, D. The vendor may supply information on the security implications, but you can't always count on this. If they have considered the implications and addressed them, then they will probably be mentioned. If not, they will be avoided and you will need to check elsewhere. If you have already purchased the product, you can conduct a vulnerability or penetration test, either using your own security personnel to conduct it or by hiring a third party. Finally, don't forget the Internet. Chances are good that somebody has written something about the technology and its security implications already.
Which of the following are block-based symmetric algorithms? (Choose all that apply.) A. RSA B. 3DES C. AES D. RC4
B, C. 3DES and AES are examples of block-based symmetric ciphers.
Advantages of a SAML-based authentication system include which of the following? (Select all that apply.) A. A single, synchronized password across all systems B. Platform-neutral authentication C. Reduced costs D. Reduced authentication system complexity
B, C. Advantages of SAML-based authentication include a platform-neutral, improved user experience; strong commercial and open source support; and reduced costs.
Which of the following processes can be involved in continuous monitoring? (Choose all that apply.) A. Network flow analysis B. Configuration management and control C. Security control monitoring D. Security budget
B, C. Configuration management and control as well as security control monitoring directly affect system security status and are part of a continuous monitoring solution.
Which protocols are used by ping and Tracert? (Choose all that apply.) A. UDP B. ECHO C. ICMP D. TCP
B, C. ECHO and ICMP.
Which of the following statements are true of social media/networking? (Choose all that apply.) A. Social networks are harmless and present no security concern to an organization. B. Social networks can be used as an avenue for attackers to have users inadvertently install malware on corporate systems and networks. C. Employees might post sensitive information on a social networking site that could harm an organization. D. Social networks should never be used by any business.
B, C. Social networks can be a problem from several perspectives, including providing a new avenue for the insertion of malware and also the possibility of employees posting sensitive information.
Why are some organizations using static routing as opposed to dynamic routing? (Choose all that apply.) A. Static routing requires less administrative effort. B. Static routing generates less traffic. C. Static routing is more secure. D. Static routing automatically encrypts all traffic. E. All of the above.
B, C. Static routing generates less traffic and is more secure than dynamic routing.
Which of the following are the stages in the risk analysis process? (Choose all that apply.) A. Asset control B. Threat assessment C. Monitoring D. Budgeting
B, C. The steps of the risk analysis process are inventory, threat assessment, evaluation, management, and monitoring.
Which of the following are true statements regarding blockchain? (Choose all that apply.) A. It utilizes a centralized network for storing blocks. B. It utilizes a decentralized network for storing blocks. C. Each block only stores a hash of itself and not those of adjacent blocks. D. Each block stores a hash of itself and those of adjacent blocks.
B, D. Blockchain uses a decentralized network for storing blocks, and each block stores a hash of itself and those of adjacent blocks.
A web server is suspected of being compromised, and the incident response team suggests that it be fixed. What are elements associated with fixing the server? (Select all that apply.) A. Do a directory search for changed information to see if it is compromised. B. Make a forensic backup copy for analysis. C. Reapply all patches to the server and then return it to service. D. Perform a system restore from a known good copy.
B, D. Making a forensic backup copy for analysis (B) is correct because this step is one of the first steps in an incident response, and recovery can occur by restoring from a known good image (D).
Certificate-based authentication uses which of the following to establish proof of identity? (Select all that apply.) A. SAML elements B. Public key cryptography C. XML D. Trust relationships with third parties
B, D. Public key cryptography, backed by the trust relationship associated with certificate chains, establishes the proof of identity in certificate-based authentication systems.
There are multiple options for dealing with risk. Which of the following are appropriate risk management options? (Choose all that apply.) A. Evaluation B. Transfer C. Deferral D. Mitigation
B, D. The four options for risk treatment are avoid, mitigate, transfer, and accept.
True or false? A business impact analysis specifies data, technology, and communication sharing requirements between two or more organizations. A. True B. False
B. A business impact analysis documents the various risks to an organization and the resulting impact from disasters.
A common multitier network architecture might consist of which of the following layers? A. DMZ, SAN, and VLAN tier B. DMZ, application tier, and data tier C. NAS, DMZ, and data tier D. Public tier, private tier, and FMZ
B. A common multitier architecture might consist of a DMZ, application tier, and data tier.
Containers are increasingly being implemented in order to provide similar application isolation benefits to that of VMs but with significantly reduced hardware requirements. Which of the following virtualization types best describes containers? A. Hardware virtualization B. OS virtualization C. Desktop virtualization D. Application virtualization
B. Containers are an example of OS virtualization because the host OS is being broken down into multiple kernel slices, which simulates the appearance of multiple OSs.
Which of the following is the most likely factor for most organizations when considering virtualization? A. Security B. Cost reduction C. Personnel D. Performance
B. Cost reduction is often the overwhelming factor for most organizations when considering virtualization.
Which of the following applications helps manage relationships with customers? A. CMS B. CRM C. ERP D. CMDB
B. Customer relationship management (CRM) helps manage relationships with customers.
To protect confidential data from exposure during a breach, the best solution is: A. Hashing B. Encryption C. Anonymization of records D. Mitigation
B. Data that is encrypted is not readable if lost, and although the bits may be lost, the information is not.
IR cameras are most useful for which of the following scenarios? A. Discovering attackers in bright rooms B. Discovering attackers in dark rooms C. Discovering attackers through walls D. Discovering attackers through sound
B. Discovering attackers in dark rooms.
The components of a PKI include all of the following except: A. Certificate Authority (CA) B. Expiration Authority (EA) C. Registration Authority (RA) D. X.509 certificates
B. Expiration Authorities do not exist.
During application testing, fault injection can be used to search for which of the following? A. Off-by-one errors in loops B. Correct handling of specific errors C. Buffer-overflow errors D. Arithmetic errors
B. Fault injection is used to test the correct handling of exceptions.
What is one of the major issues with spam filters that rely solely on keyword searches to determine what to filter? A. Keyword searches are too labor intensive and therefore take too long to accomplish (thus slowing the system response time down). B. Keyword searches may filter e-mail you don't want to filter because the keyword may be found as part of legitimate text. C. It is hard to define the keywords. D. Keyword searches generally do not work.
B. Filtering based solely on keywords could mean you filter e-mail that contains legitimate occurrences of the string you are searching for. The chapter used the example of filtering on "cialis," which is often found in spam related to the sale of drugs; yet this pattern is also found in the word "specialist." Thus, you might filter a perfectly legitimate e-mail.
Which of the following regulations is aimed at sensitive information in the healthcare industry? A. FISMA B. HIPAA C. GLBA D. SOX
B. HIPAA is the Health Insurance Portability and Accountability Act.
You have a corporate standard requirement that all in-house software must have a standard auto-update module that checks for and applies code updates automatically. This is an example of what? A. An application security framework B. Secure by deployment C. Secure by default D. Coding standards
B. Having auto-update capability improves the security of the application because it is deployed in an enterprise; hence, secure by deployment is the best answer.
Which of the following is not a virtualization platform? A. Xen B. ISA C. Hyper-V D. KVM
B. ISA is not a virtualization platform and, in security circles, often stands for Internet Security and Acceleration Server (a Microsoft product).
What is the first step in secure infrastructure design? A. Determine the placement of firewalls and other perimeter devices. B. Identify network components and their security needs. C. Identify supported protocols. D. Catalog applications that will be used within the network.
B. Identifying network components and their security needs is the first step in secure infrastructure design.
You've been asked to configure the antivirus and patching schedules for 100 virtualized servers running on 10 physical virtualization servers. If patching and antivirus scanning take 30 minutes per server, how long will it take to update/scan all 100 virtual machines, assuming no more than two are patching/scanning at the same time on any given virtualization server? A. 1.5 hours B. 2.5 hours C. 3 hours D. 4 hours
B. If each system takes 30 minutes, you have 10 virtual servers on a physical server, and you run two virtual servers at a time, it will take 2.5 hours to update/scan all 100 servers.
One of the advantages of code signing is: A. It doesn't use PKI, so it is easier to deploy. B. It offers a means of verifying integrity and authorship of software. C. It provides for version tracing via a subversion process. D. It can prevent malware via detection of malware signatures.
B. It can help prove the integrity and authorship of software.
Which of the following is a popular attack framework? A. Acunetix B. Metasploit C. Nmap D. John the Ripper
B. Metasploit is the most well-known attacking framework.
Which wireless protocol is most commonly used to make mobile payments at various retail locations? A. Wi-Fi B. NFC C. LTE D. Bluetooth
B. NFC is the most commonly used for its short range and security.
Which of the following items are not standard fields on an X.509 certificate? A. Serial Number B. Reason for Revocation C. Certificate Usage D. Version Number
B. Reason for Revocation is not a standard field on an X.509 certificate.
Reverse-engineering an existing security solution is a good way to: A. Determine the TCO of the system B. Identify entry points and weaknesses C. Discover trends in network traffic D. Validate mitigation approaches
B. Reverse-engineering existing solutions is a good way to identify entry points and weaknesses in your network.
What is the following formula used for? SCinformation type = {(confidentiality, impact), (integrity, impact), (availability, impact)} A. To calculate qualitative risk B. To calculate aggregate CIA score C. To calculate the system risk consequence D. To calculate SLE
B. SCinformation system = {(confidentiality, impact), (integrity, impact), (availability, impact)} is an expression of the calculation of an aggregate CIA score for the information system.
If you require a trusted operating system environment, as described in this chapter, which of the following operating systems might you consider deploying? A. Windows 2008 Server B. SELinux C. Red Hat Linux D. Windows 7
B. SELinux is the only one of the operating systems listed that implements mandatory access controls, which allow for multiple levels of security.
Which of the following is the typical sequence of a failed TCP 3-way handshake? A. SYN, FIN B. SYN, RST C. SYN, ACK, RST D. SYN, ACK, FIN
B. SYN, RST.
What is the primary advantage of symmetric key over asymmetric encryption? A. Key exchange B. Speed C. Nonrepudiation D. Cost
B. Symmetric keys are smaller and therefore perform their encryption and decryption faster than asymmetric methods
Which of the following is not a web application security design consideration? A. Secure by design B. Secure by test C. Secure by deployment D. Secure by default
B. Testing cannot add security to an application; it can only catch where holes are. It is possible to miss holes with incomplete testing; hence, you can't test security into software.
You have been notified by management that your firm is acquiring a small, specialized forensics firm. Your firm is public; the small firm is private. You intend to operate the small forensics firm as an independent firm. It has a small group of clients, built on a solid reputation. Which regulations will require examination before the acquisition? A. HIPAA/HITECH B. Sarbanes-Oxley Act (SOX) C. FISMA D. CAN SPAM
B. The Sarbanes-Oxley Act (SOX) is the set of regulations associated with information security, financial reporting, and public companies. Because the new firm is private, its processes may not be compliant, so attention may be needed in this area.
Who is the best party to be a data owner? A. CIO B. Business management associated with the data C. System administrator D. Database administrator
B. The best data owner is business management of the portion of the business involved in the data—it has the best visibility as to the business purpose and requirements.
The development of a plan to use in the collection of evidence is which step in the forensics process? A. Preparation B. Approach strategy C. Collection D. Analysis
B. The development of an approach or plan associated with strategizing the acts to be pursued is the "approach strategy" step.
Minimum security control determination requires which step to be completed? A. Pen testing B. Compute aggregate CIA score C. Fuzz testing D. Vulnerability assessment
B. The minimum security controls must address the complete security requirements by level, which is present in the aggregate CIA scores.
Which level of impact is characterized by a significant level of loss to an enterprise? A. Catastrophic B. High C. Moderate D. Accepted risk
B. The typical three levels are high, moderate, and low. The fact that the loss is assessed as "significant" makes the value high.
One type of attack occurs when an attacker is looking for somebody who has a system that is vulnerable to a specific exploit. The attacker is not concerned with the type of organization that is using the system, but only wants to find organizations that are utilizing the specific system or software. This is known as a(n): A. Explicit target B. Target of opportunity C. Non-sector-based attack D. Sector-specific attack
B. This is a description of a target of opportunity.
The group of people who prepare, train for, and respond to emergency incidents are referred to as which of the following? A. Incident containment team B. Incident response team C. Incident investigation team D. Incident management team
B. This is the definition of an incident response team.
Which of the following is a common use for Trusted Platform Modules? A. To authenticate and decrypt external storage devices B. To authenticate and decrypt internal storage devices C. To perform antivirus scans D. All of the above
B. Trusted Platform Modules (TPMs) have many purposes, including authenticating internal storage devices and then decrypting them.
Which of the following development approaches plans all long-term and short-term goals and milestones upfront with no ability to revisit development phases until the completion of the project? A. Spiral B. Waterfall C. Agile D. None of the above
B. Waterfall plans all long-term and short-term goals and milestones upfront with no ability to revisit development phases until the completion of the project.
Which of the following is an advantage of separate physical servers over virtualized servers? A. Reduced recovery times. B. Hardware failures only affect services on a single platform. C. Better use of computing resources. D. Significant energy savings.
B. When separate physical servers are in use, hardware failures tend to only affect the services running on the physical server in question.
To use XACML, one needs to have a defined set of which of the following? A. Envelope, body, and fault elements B. Policysets containing policies composed of rules C. Profiles, bindings, and protocols D. Identity Provider (IdP), Service Provider (SP), and asserting party
B. XACML consists of a hierarchy of policysets containing policies composed of rules.
______ defines a declarative access control policy language implemented in XML and a processing model that describes how to interpret the policies. A. SAML B. XACML C. SOAP D. SSO
B. XACML stands for eXtensible Access Control Markup Language. It is a declarative access control policy language implemented in XML and a processing model that describes how to interpret the policies.
In zoning discussions, what does pWWN stand for? A. Process World Wide Name B. Port World Wide Name C. Physical World Wide Name D. Packet World Wide Name
B. pWWN stands for port World Wide Name.
Which of the following are examples of computer-based social engineering? (Choose all that apply.) A. Dumpster diving B. Tailgating C. Phishing D. Spam E. Spim
C, D, E. Phishing, spam, and spim are all examples of computer-based social engineering since computers are used to conduct the social engineering.
What is a "hacktivist"? (Choose all that apply) A. An attacker who targets only controversial organizations. B. A term used to refer to "hackers" who are not as talented and are not part of any organized group. C. A term used to refer to individuals who are part of an organized hacking group targeting controversial organizations. D. An attacker who "hacks" in order to obtain publicity for some cause.
C, D. A term used to refer to individuals who are part of an organized hacking group targeting controversial organizations. Also, a hacktivist has a cause to promote and will attack sites associated with that issue or cause, but may also attack less protected sites in order to gain publicity.
Which of the following are true statements concerning a tester using black box testing techniques? (Choose all that apply.) A. Has detailed knowledge of function calls inside the software being tested B. Has some knowledge of function calls inside the software being tested C. Has no knowledge of function calls inside the software being tested D. Simulates the attack methods utilized by black hat hackers
C, D. Black box testers typically have no knowledge of function calls inside the software being tested. They are recruited to simulate the hacking techniques utilized by black hat hackers.
Your organization is considering migrating a group of 100 physical servers to a virtualized infrastructure using a 5:1 consolidation ratio. If each of the physical servers costs $0.50 a day to power and cool, and the virtual servers will cost $2.25 a day to power and cool, how much money every 30 days will your organization save in power and cooling costs by virtualizing? A. $50.25 B. $110.00 C. $150.00 D. $155.25
C. $150 is the correct amount. The physical servers cost $1,500 to operate over a 30-day period, and the virtual servers cost $1,350 over a 30-day period.
Which port number does POP3 use when secured by SSL/TLS? A. 110 B. 143 C. 995 D. 993
C. 995 is used by POP3 when secured by SSL/TLS.
Which of the following development approaches focuses on accelerated development with smaller milestones, and the ability to revisit previous stages at any point? A. Spiral B. Waterfall C. Agile D. None of the above
C. Agile focuses on accelerated development with smaller milestones, and the ability to revisit previous stages at any point.
You are the application designer for a new web application at work. Where is the preferred location to store the key used for encrypting data in the application? A. Store it in a config file, so it can be changed if needed. B. Put it in a database during the install and allow only the application to have read access. C. Store it on the server, but force a new, fresh random key with each install for uniqueness. D. Store it on the server, protected from all but the application by ACL.
C. All secrets need to be stored in a protected form on a server, away from unauthorized access. The addition of the random changing element prevents someone from learning the secret from another installation (such as a demo install) and using this knowledge to break a production installation.
As part of a merger, your organization acquired a smaller organization that has specialized SLAs with its customer base. Now that the two IT systems are connected, which of the following can you use to document the security requirements between the two systems? A. SLA B. OLA C. ISA D. BPA
C. An interconnection security agreement (ISA) is a specialized agreement between organizations that have connected IT systems to document the security requirements associated with the interconnection.
Which of the following is true about security requirements and goals for an organization? A. They are deliberately written in a way that makes them instantly understandable by anybody within the organization. B. They are intended for the security personnel within an organization, so it is not important that they be communicated to others. C. They are often written in a manner that can be understood by security professionals but may mean nothing to other individuals. D. After the goals and requirements are developed, the organization can then go about developing its overall security policy.
C. An organization's security goals and requirements are often written in a way and using language that is understood by security personnel but may not be understood by other personnel within the organization.
In a large enterprise, e-discovery is best handled via which of the following? A. A separate department B. Outsourcing C. Specialty appliances D. Large in-house legal staff
C. Because of scale issues, specialty appliances are necessary to handle the volumes of data in the time period allotted.
Which of the following conferences was created to draw its audience from "all sides" of the hacking community—that is, from industry, government (including law enforcement), academia, and the hacking community? A. DEFCON B. RSA C. Black Hat D. USENIX
C. Black Hat was originally created to bring together individuals from all sides to discuss security issues. It has grown to become a very large conference with attendees from all over the world and from every sector.
What term is associated with the protection of forensic evidence? A. Data analysis B. Data retention C. Chain of custody D. Hashing
C. Chain of custody is associated with preserving and protecting evidence.
Which of the following is the best solution for ensuring that software still in development is secure "out of the box"? A. Memory dumping B. Runtime debugging C. Code review D. Reconnaissance
C. Code review takes place during an application's development in order to discover and mitigate flaws before the product is finalized.
You have been contracted to secure the confidential informants' database for the local police department. What would be an appropriate SC attribute formula? A. SCCIs = {(confidentiality, high), (integrity, high), (availability, high)} B. SCCIs = {(confidentiality, moderate), (integrity, moderate), (availability, moderate)} C. SCCIs = {(confidentiality, high), (integrity, high), (availability, moderate)} D. SCCIs = {(confidentiality, moderate), (integrity, low), (availability, high)}
C. Confidential informants' information is extremely sensitive. Simple disclosure or alteration of the records could result in injury or death.
As the system administrator, you are tasked with assessing the various risks to your network. Which of the following is not a category associated with risk assessment? A. Risk determination B. Likelihood determination C. Cost determination D. Risk analysis
C. Cost determination is a management step that is needed but is not part of the risk assessment.
Which of the following biometric factors is considered the most accurate? A. Retina scan B. Facial scan C. Iris scan D. Fingerprint scan
C. Iris scanners are considered the most accurate.
Which of the following policy types focuses on specific organizational issues such as department issues, business products, and processes? A. Organizational policies B. System-specific policies C. Issue-specific policies D. Administrative-specific policies
C. Issue-specific policies target issues at the department, product, and process levels.
Which of the following is true concerning how security personnel approach the different disciplines within an organization? A. The success of security within an organization rests solely with security personnel and is not impacted by individuals in other disciplines. B. Because all security policies are based on the organization's overall security policy, there is no difference in the way security personnel should approach the different disciplines represented within an organization. C. Understanding the different disciplines and the jobs associated with them will give a picture of what motivates individuals within the discipline and will help security personnel better work to secure the organization's information assets in a manner that will be accepted by individuals within the discipline. D. Using different approaches to describe security requirements for different disciplines within an organization is generally a waste of time because the employees are not going to follow them anyway.
C. It is important for the success of security safeguards and requirements that each functional area, represented by different disciplines, understands the requirements in a manner that makes them applicable and understandable to that discipline.
Which of the following is performed by organizations to isolate and discover new forms of malware? A. Malware dumping B. Malware debugging C. Malware sandboxing D. Code review
C. Malware sandboxing takes place when organizations isolate and analyze real or potential malware themselves.
Your firm has a requirement to protect against man-in-the-middle attacks on SSL connections. The easiest method of doing this would be through the use of which of the following? (Select the best single answer.) A. Digital certificate-based authentication B. SAML C. Mutual authentication D. SSL/TLS handshake
C. Mutual authentication provides a level of security against man-in-the-middle attacks during the handshake process.
What phase indicates that the system should be modified on a regular basis through the addition of hardware and software? A. Requirements phase B. Change management phase C. Operation or maintenance phase D. Test phase
C. Phase 4 of the SDLC is known as the operation or maintenance phase. This phase indicates that the system should be modified on a regular basis through the addition of hardware and software.
Which of the following security principles can management implement to communicate high-level goals and objectives to the workforce? A. Standards B. Guidelines C. Policies D. NDA
C. Policies are the documents used by management to communicate high-level goals and objectives.
Which protocols do port scanners most commonly scan? A. ICMP and SNMP B. TCP and SNMP C. UDP and TCP D. UDP and RIP
C. Port scanners typically scan for TCP and UDP protocols due to ports being assigned at the Transport layer of the OSI model.
While designing your organization's disaster recovery plan, you are asked to weigh the advantages of cloud services over a traditional "warm" site. Which of the following advantages of cloud computing will allow your organization to recover faster in the event of a disaster than if your organization was using a "warm" site? A. Resiliency and resistance to DDoS attacks B. Dispersal and replication of data C. Provisioning of instances in multiple data centers D. Private clouds and encryption of your organization's data
C. Provisioning of instances in multiple data centers is a natural advantage for cloud services when it comes to disaster recovery. Warm sites have similar equipment, but do not typically have the data or applications required to be a full-fledged "hot" site. When multiple instances are provisioned in a cloud, you essentially have "instant" recovery, as the chances of all those instances being disabled by the same disaster decreases as you create more instances in multiple data centers.
Implementing VoIP in an enterprise has an effect on network utilization. Which complementary technology is frequently associated with VoIP? A. Data archiving B. Log management C. Quality of service D. Encryption
C. Quality of service can be an issue with respect to voice quality in VoIP implementations.
Remote assistance differs from remote desktop sharing in which of the following ways? A. Remote assistance uses encryption. B. Remote assistance does not support screen sharing. C. Remote assistance is designed for end-user assistance. D. Remote assistance is designed for server-based administration.
C. Remote assistance is designed for end-user assistance.
When considering the product offerings of a vendor, which of the following requests are you likely to generate first? A. Request for Proposal B. Request for Quote C. Request for Information
C. Request for Information is considered a "pre-qualifier" for future proposal and quote requests.
Rainbow tables aid a password-cracking tool by providing which of the following capabilities? A. Brute-force cracking B. Dictionary cracking C. Reversing hashes into plaintext D. Birthday attacks
C. Reversing hashes into plaintext.
SPML is used for what purpose in the enterprise? A. As a mechanism to consolidate digital identities across federated boundaries B. To trust credentials across multiple distinct systems C. To automate the provisioning of web service requests D. As a declarative access control policy language
C. SPML permits the sharing of user, resource, and service provisioning information between a group of organizations. It enables organizations to quickly set up user interfaces for web services in an automated manner.
Which of the following is the correct sequence in the TCP 3-way handshake? A. SYN, ACK, SYN B. SYN, SYN/ACK, SYN C. SYN, SYN/ACK, ACK D. SYN, ACK, ACK
C. SYN, SYN/ACK, ACK.
Your firm needs to purchase a third-party application to assist in the exchange of authentication and authorization data between security domains. You want to ensure interoperability, so you insist that the vendor's solutions are compliant with the _____ standard. A. SPML B. XML C. SAML D. SSO
C. Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and authorization data between security domains.
When attempting to install third-party applications outside of an official application store onto a mobile device, you receive an error preventing the installation. Which of the following will best solve the issue? A. Firmware upgrade B. Containerization C. Side loading D. Application wrapping
C. Side loading enables the permission to install third-party applications from outside official application stores.
Which of the following federal regulations requires federal agencies to be able to monitor activity in a "meaningful and actionable way"? A. HIPAA B. Gramm-Leach-Bliley C. FISMA D. Sarbanes-Oxley
C. The Federal Information Systems Management Act (FISMA) requires federal agencies to monitor security-related activities.
To ensure a fast and seamless user experience, AJAX is being used on the client side. With this configuration, where is the best location for input validation and why? A. On the server, because AJAX takes extra bandwidth for checks B. On the client, because AJAX can speed up the work, thus improving the customer experience C. On the server, because this prevents post-browser attack D. On the client, because AJAX blocks post-browser attacks
C. The only place input validation for security reasons can be properly done is on the server because the responses are editable via proxy machines between the client and the server.
If you want to implement a restricted shell in a Unix environment, which of the following would you use? A. ksh B. csh C. rbash D. sh
C. The rbash command invokes the bash shell in restricted mode.
An abnormal condition detected in a computer system is referred to as what? A. Event B. Alarm C. Incident D. False positive
C. The term "incident" is used to describe any abnormal event in a system.
An operating system is said to implement multilevel security if it: A. Introduces multiple levels of authorization such that users must authenticate themselves every time they wish to access a file B. Includes multiple layers of security, such as having both firewalls and intrusion detection/prevention systems built into it C. Implements a system where information and users may have multiple levels of security and the system is trusted to prevent users from accessing information they are not authorized to see D. Can be said to be both trustworthy and reliable
C. This is a description of multilevel security. Generally, when somebody wants to utilize trusted operating systems, it is because they want to implement multiple levels of security on the system.
Which of the following is a program that replicates itself by attaching to other programs? A. Spyware B. Trojan horse C. Virus D. Worm
C. This is the definition of a virus.
A security incident where confidential data is copied, viewed, or stolen by an unauthorized party is a: A. Security breach B. PII violation C. Data breach D. Security failure
C. This is the definition of data breach.
Which of the following is not an important factor to consider when examining the usability of a security solution? A. Configurability of the user interface B. Amount of training required to use the product effectively C. Throughput under ideal conditions D. Type of interface used to display data to user
C. Throughput under ideal conditions is a performance consideration, not a usability consideration.
Which of the following is not a typical step in a vulnerability assessment? A. Valuation of examined systems B. Threat identification C. Exploiting vulnerabilities to penetrate systems D. Developing mitigation strategies
C. Vulnerabilities scans primarily discover vulnerabilities. Penetration tests exploit vulnerabilities.
Which of the following is not a best practice when securing SCADA networks? A. Replace default passwords. B. Filter traffic based on MAC address. C. Place SCADA devices on VLANs with other Internet-visible traffic. D. Perform regular auditing of devices.
C. You specifically want to avoid placing SCADA devices in situations where they are exposed to Internet-visible traffic such as in a DMZ.
You are expecting visitors from a local research university who are partnering with your firm in a new product development effort. What documents will be executed before any substantive discussions occur between parties? A. BPA B. MOU C. SLA D. NDA
D a nondisclosure agreement (NDA) will be executed before any sharing of information occurs, specifically to limit accidental loss of confidential information
A lessons-learned/after-action review is an analysis of: A. What happened B. Why it happened C. What can be done differently or more effectively next time D. All of the above
D. A lessons-learned/after-action review is a careful analysis of what happened, why it happened, what could be done to prevent it, and what can be done differently or more effectively next time.
To ensure proper privacy protections are in place in an organization, which of the following business documents are used? A. BPA B. NDA C. ISA D. PIA
D. A privacy impact assessment (PIA) is used to determine whether privacy-related data is properly handled.
As part of your job, you are to keep the system protected from new threats. What is an important step you would take to ensure this occurs? A. Apply new controls for the threat. B. Implement end-user awareness training. C. Apply all current patches in a timely manner. D. Perform a risk assessment.
D. A risk assessment is the best process for determining new threats and required countermeasures.
Which of the following levels of likelihood is defined by a threat source that's highly motivated and sufficiently capable, and the security controls used to prevent the vulnerability from being exercised are ineffective. A. Accepted B. Medium C. Normal D. High
D. Again, the typical levels are high, moderate, and low. The fact that the threat source is assessed as "highly motivated" and the controls are assessed as "ineffective" makes the value high.
Traditional security approaches might not be effective in a virtual environment for which of the following reasons? A. Network traffic can pass between virtual machines without leaving the virtualization server. B. Virtual machines can be rolled back to potential vulnerable states within minutes. C. Third-party tools might not be able to interact with the hypervisor to see memory, CPU usage, and so on. D. All of the above.
D. All are reasons that traditional security approaches may not be effective in a virtual environment.
Your organization is terminating its contract with a cloud services provider. To ensure your data is removed completely from the cloud environment, you should ask the provider to attest to removal of your data from which of the following? A. Tapes and other removable media B. Backup systems C. Instances in multiple data centers D. All of the above
D. All of the above. You should ask your cloud provider to attest to the removal of your organization's data from all tapes and removable media, backup systems, and instances in multiple data centers.
As a parent, you may be interested in monitoring the activities of your child on your computer system. If you are interested in determining what activities your child is involved in on the computer, which of the following pieces of software might you be tempted to install? A. Trojan horse B. Phishing software C. Firewall D. Keylogger
D. Although you should be careful where you obtain it from, a keylogger will record all keystrokes that your child makes, allowing you to determine what they are doing on the computer.
To constrain an application to a confined area during execution is a reference to: A. Application quarantining B. Tests to detect memory leaks C. Input validation D. Sandboxing
D. Application sandboxing is a mechanism to constrain an application into a confined area during execution
Which of the following uses public key cryptography to provide a secure means of authentication? A. Basic authentication B. Digest authentication C. Form-based authentication D. Certificate-based authentication
D. Certificate-based authentication is the most secure authentication scheme. A certificate-based authentication scheme uses public key cryptography and a digital certificate to authenticate a user.
Which of the following provides an isolated encrypted space on mobile devices for storing enterprise data? A. TPM B. HSM C. Virtual machine D. Containerization
D. Containerization provides an isolated encrypted space on mobile devices for storing enterprise data.
The placing of data into groups associated with risk for the purposes of managing security is known as what? A. Data ownership B. Data management C. Data retention D. Data classification
D. Data classification is the assignment of data into different groups of security requirement levels.
An HTTP interceptor will allow you to modify: A. Web requests on the server B. Data passing from the browser to the web server only C. Data passing from the web server to the browser only D. Data passing between the browser and the web server in either direction
D. Data passing between the browser and the web server in both directions.
Variations in packet delays affecting VoIP signal quality are known as what? A. Noise B. Slamming C. Latency D. Jitter
D. Jitter is the variation of latency from packet to packet and can disturb VoIP call quality.
Latency is: A. The total cost of a security system, including personnel costs B. Measurement of the overall throughput of a security system C. A desirable trait of any distributed solution D. The amount of time delay a system introduces as data passes through it
D. Latency is the amount of time delay a system introduces as data passes through it.
Which of the following business units is most responsible for helping organizations maintain compliance with state and federal regulations? A. Finance B. Human resources C. Physical security manager D. Legal counsel
D. Legal counsel is responsible for ensuring organizations maintain compliance with local and state laws and regulations.
Which of the following best describes mobile payment tokenization? A. The process of a mobile device sending payment information to a payment machine B. The process of a mobile device receiving confirmation of payment from the payment machine C. The process of a mobile device encrypting the payment information D. The process of a mobile device using a non-sensitive payment value as a substitute for the original sensitive payment value
D. Mobile payment tokenization is the process of a mobile device using a non-sensitive payment value as a substitute for the original sensitive payment value.
After performing basic footprinting and fingerprinting exercises, you are ready to enumerate the network. Network enumerators scan the network and collect which of the following? A. Visible shares B. User accounts C. Visible services D. All of the above
D. Network enumerators may discover shares, user accounts, and services.
Which of the following is an immediate concern for security professionals when a merger or acquisition occurs? A. When will the activity occur? B. Who will security personnel report to? C. How will the security function change? D. Who will have what access to the critical assets and information owned by the organization?
D. One of the most immediate concerns of security personnel is to determine who will have what access to the sensitive information stored and processed by the new organization formed by the merger or acquisition.
Public key cryptography offers which of the following advantages over symmetric cryptography? A. A public key can be used for free—there are no patent issues. B. It is built into most computer programming languages via library calls. C. It is faster on a bit basis. D. It can provide for nonrepudiation.
D. PKI provides for nonrepudiation.
Which remote access protocol is associated with VNC for remote assistance purposes? A. RDP B. SSH C. RPC D. RFB
D. RFB Remote Frame Buffer is the protocol used by VNC.
You are receiving reports of a random locking up of your application that you cannot replicate. What is the most likely cause? A. Injection flaw B. Memory leak C. Buffer overflow D. Race condition
D. Race conditions are the types of errors hardest to replicate, and they leave no obvious signs, such as increased memory use.
Hash functions used to protect passwords can be attacked using which of the following attack methods? A. Collision attack B. Cryptographic deconstruction C. Birthday attack D. Rainbow tables
D. Rainbow tables are like dictionary tables full of hashes and plaintext.
Which of the following are reasons that organizations conduct penetration tests? (Choose all that apply.) A. Regulatory requirements B. Damage control from recent hack C. To improve security to reduce hacking risk D. All of the above
D. Regulations, damage control, and reducing hacking risks are all good reasons to conduct penetration tests.
Which of the following standards defines profiles, bindings, protocols, and assertions? A. SOAP B. XACML C. SPML D. SAML
D. SAML is defined in terms of assertions, protocols, bindings, and profiles.
Unwanted bulk instant messages are called what? A. SPAM B. Malware C. Pharming D. SPIM
D. SPIM is SPAM over instant messaging.
When a computer turns on, the UEFI checks to make sure that the operating system is on the supported list of digitally signed operating systems. Which of the following features provides this capability? A. BitLocker B. Group Policy C. Measured Launch D. Secure Boot
D. Secure Boot is a UEFI feature that only boots up operating systems that are digitally signed and supported by the vendor.
Which of the following is an example of mobile-based social engineering? A. Spim B. Spam C. Phishing D. Smishing
D. Smishing involves the usage of SMS to send unsolicited messages to targets.
Which of the following is a popular tool used for pivoting? A. Nmap B. Angry IP Scanner C. Nessus D. Metasploit
D. The Metasploit Framework is one of the most popular hacking tools for pivoting.
As the new Chief Privacy Officer, you are tasked with protecting PII. Your first step would be to do what? A. Collect PII securely. B. Store PII securely. C. Perform a PIA. D. Create a privacy policy.
D. The first step is to define the privacy policy because this provides the needed guidance for all privacy activities.
A hacker gains unauthorized access to your system and deletes data. This is an example of what type of failure? A. Confidentiality B. Availability C. Authorization D. Integrity
D. The unauthorized deletion of data is an integrity failure.
Which type of intrusion detection/prevention system is based on statistical analysis of current network or system activity versus historical norms? A. Signature based B. Abnormal behavior based C. Pattern deviation based D. Anomaly based
D. This is the definition of anomaly-based detection.
You need to generate a rule that allows web-destined traffic to pass through your firewall. Which of the following rules will do that? A. iptables -A INPUT -p tcp -i eth0 --dport 25 --sport 1024:65535 \ -m state --state NEW -j REJECT B. iptables -A INPUT -p tcp -i eth0 --dport 80 --sport 1024:65535 \ -m state --state NEW -j REJECT C. iptables -A INPUT -p tcp -i eth0 --dport 25 --sport 1024:65535 \ -m state --state NEW -j ACCEPT D. iptables -A INPUT -p tcp -i eth0 --dport 80 --sport 1024:65535 \ -m state --state NEW -j ACCEPT
D. This is the sample rule we showed in the chapter that allows web traffic to pass.
Validation is what? A. Seeing if the process was properly followed during roduction B. Checking to see if all steps have been completed C. Checking to see if the processes are working correctly D. Seeing if all of the requirements are satisfied
D. Validation is the testing of an item to see if it meets requirements.
Total cost of ownership (TCO) should include which of the following? A. Cost of hardware B. Cost of maintenance contracts C. Cost of personnel D. All of the above
D. When calculating total cost of ownership, you should always include all the expenses associated with an item, including the cost of hardware, the cost of any maintenance agreements, and the cost of the personnel to run/maintain the system.
Total cost of ownership (TCO) should include: A. Cost of hardware B. Cost of maintenance contracts C. Cost of personnel D. All of the above
D. When calculating total cost of ownership, you should always include all the expenses associated with an item, including the cost of hardware, the cost of any maintenance agreements, and the cost of the personnel to run/maintain the system.
When making a difficult decision where there is no clear "right" answer, you should: A. Gather as much data as possible B. Determine the cost and impact of each alternative C. Analyze all the collected data D. All of the above
D. When making a difficult decision where there is no clear "right" answer, you should gather as much data as possible, determine the cost and impact of each alternative, and analyze all the collected data.
Which method uses a separate federated identity management system to broker resource access between service providers and identity providers? A. Active Directory B. Kerberos C. SOAP D. WAYF
D. Where Are You From (WAYF) is a centralized SSO implementation frequently used by university federations to anchor resource access between federated partners. Unlike some SSO methods, WAYF acts as a proxy between federated identity providers and service providers.
If you are in a banking environment, what type of information might you look for in traffic that is leaving your organization in order to protect against data exfiltration by somebody who may have gotten unauthorized access to your system? (Choose all that apply.) A. Files containing strings of 9-digit numbers (which might be social security numbers) or numbers that might represent bank accounts B. Large data files being sent out of your organization in an unencrypted manner C. Files, or even e-mail, that contain numerous occurrences of numbers that could be phone numbers or ZIP codes D. Files or e-mail that contain sequences of digits that could be credit or debit card numbers
A, B, C, D. All of these might very well be indicators of information being sent out of your organization that shouldn't be. Even e-mails that are not encrypted and that contain more than one account or credit card number could indicate a problem.
Which of the following are considered threats in computer security? (Choose all that apply.) A. Hackers B. Organized crime C. Insiders D. Lightning
A, B, C, D. All these can be considered threats to your computer systems and network.
Your organization has established its overall security policy. What must now be done? (Choose all that apply.) A. Specific requirements, policies, processes, and guidelines can be developed based on the security policy to guide the organization in meeting its security goals. B. Once the requirements, policies, processes, and guidelines are established, it becomes imperative that they are communicated to individuals in other disciplines so that they may be understood and followed. C. The requirements, policies, processes, and guidelines need to be conveyed to individuals in all other disciplines in terms that they can understand and that highlight the ones that specifically apply to them. D. Because the overall security policy only pertains to security personnel, it is only important that security personnel understand the organization's security goals and requirements.
A, B, C. After the overall security policy is established, goals, requirements, processes, policies, and guidelines to implement the overall policy can be established. These need to be written in a manner that is understood by the employees in the disciplines that they will be applied to, and all employees need to understand their individual security responsibilities.
When discussing protocol analyzers with your colleague, which of the following points are true? (Choose all that apply.) A. Are software based B. Are hardware based C. Place network interfaces in promiscuous mode D. Only work on switched networks
A, B, C. Protocol analyzers can be hardware or software based, plus they put NICs in promiscuous mode so they can capture more data.
Common components of a privacy policy include which of the following? (Choose all that apply.) A. Clearly designating the elements of PII that are being collected and those that are stored B. Clearly stating what the PII will be used for, including any transfer to third parties C. Designating security provisions and storage time for stored PII D. Cost benefit analysis
A, B, C. The components of a privacy policy can vary by organization, but some common components include clearly designating the elements of PII that are being collected and those that are stored; clearly stating what the PII will be used for, including any transfer to third parties; and designating security provisions and storage time for stored PII.
Web conferencing can introduce which of the following security threat(s)? (Choose all that apply.) A. Data leakage B. Unauthorized attendance C. Impersonation D. Replay attacks against future sessions
A, B, D. Data leakage can occur when information is inadvertently shared via a shared desktop image during a web conference. Unauthorized attendance can occur if credentials are shared by a participant (forwarded e-mail invitation). Replay attacks can occur if sessions are recorded, or if a regular series of sessions uses common access passwords.
OASIS is a standards group responsible for which standards? (Select all that apply.) A. SAML B. XACML C. SOAP D. SPML
A, B, D. OASIS is responsible for SAML, SPML, and XACML, as well as other standards.
Technology has a life cycle. What are the different phases of the technology life cycle? (Choose all that apply.) A. Operational activities B. Maintenance C. Testing and validation D. Decommissioning
A, B, D. The phases of the technology life cycle include Technology Introduction, Operational Activities, Maintenance, and Retirement/Decommissioning.
Which of the following options are available to tether devices to a smartphone's mobile hotspot? (Choose all that apply.) A. USB B. Bluetooth C. NFC D. Wi-Fi
A, B, D. USB, Bluetooth, and Wi-Fi are all supported for mobile tethering.
Unified communications is frequently used to describe which of the following communication channels? (Choose all that apply.) A. VoIP B. E-mail C. Social media channels D. Instant messaging
A, B, D. Unified communications combine VoIP, e-mail, text messages, IM, voice mail, and other communication mechanisms into a single stream by user.
Which of the following statements are true about a security requirements traceability matrix (SRTM)? (Choose all that apply.) A. It assists in the documentation and easy presentation of what is necessary for the security of a system. B. It allows requirements and tests to be easily traced back to one another. C. It is part of the Common Criteria for determining the system level. D. It is a software development security assurance process proposed by Microsoft.
A, B. A security requirements traceability matrix (SRTM) is a grid that provides documentation and easy presentation of what is necessary for the security of a system. It allows requirements and tests to be easily traced back to one another. SRTM ensures that there is accountability for all processes. It also ensures that all work is being completed.
SIEM tools are designed to provide which of the following benefits? (Choose all that apply.) A. Aggregate logs from multiple sources B. Correlate logs from multiple sources C. Encrypt logs D. All of the above
A, B. Aggregate logs from multiple sources and correlate them.
Which new technologies represent the greatest set of risks to a business? (Choose two) A. Smartphones B. Social Media C. Virtualization D. Cloud Computing
A, D Smartphones (A) present a significant risk to businesses due to the dual threat of smartphones bringing in malicious content into the company, and sensitive data being extracted from the company. Cloud computing (D) imposes several sources of risk because it is typically located outside the enterprise and can involve data leaving the enterprise's direct control
The advantages of SSO include which of the following? (Choose all that apply.) A. Reduced help desk costs B. Improved security from SAML integration C. Reduced complexity of authentication system D. Improved end-user experience
A, D. Single sign-on can reduce help desk costs through reduced password reset requests, and it improves the end-user experience because of the reduced number of passwords to remember.
In order to conduct a port scan without the visibility of typical TCP connect scans, we will use Nmap's SYN scan. The SYN scan is also known as which of the following? (Choose all that apply.) A. Stealth scan B. Smart scan C. Covert scan D. Half-open scan
A, D. Stealth scan and half-open scan.
VPN technology provides which of the following benefits? (Choose all that apply.) A. Secure data transfers over insecure networks B. Self-correcting data packets C. Removes the need for IDS/IPS D. Secures external traffic into the enterprise past firewalls
A, D. VPNs can provide a secure network connection over insecure networks and can bring external traffic into an enterprise past the firewalls to a VPN server.
Which of the following IEEE protocols provides port-based authentication for Wi-Fi and wired networks? A. 802.1x B. 802.11 C. SPML D. LDAP
A. 802.1x provides port-based authentication for Wi-Fi and wired networks.
A company has just migrated to a new business recordkeeping system as part of a merger. This will necessitate the repeating of what process? A. PIA B. PII C. PHI D. PCI
A. A PIA (privacy impact assessment) needs to be redone after any material change in people, process, or technology.
The best source of pseudorandom numbers for a cryptographic function in a system would be which of the following? A. A combination of random elements from time, network activity, and user activity B. A crypto-library call in the source code C. Random user mouse movements D. The Trusted Platform Module (TPM) chip
A. A combination of randomly generated elements from time, network activity, and user activity.
A set of backup tapes is lost off an overnight shipping truck and has been deemed to be unrecoverable by the shipping company. Which of the following statements is true? A. This is a data breach. B. This is not a data breach because the files are truly lost and are not in the hands of another party. C. This is not a data breach because backup tapes are not truly data to outsiders. D. This is not a data breach because the tapes are not labeled as to firm, only a code number.
A. A data breach is the loss of control over data, regardless of the form or cause.
A penetration test usually simulates an attack from which of the following? A. A malicious outsider B. Malware and worms C. A rival organization D. ICMP floods
A. A malicious outsider is the most likely hacker to attack an organization; therefore, in most cases, this is the most appropriate hacker to simulate during a penetration test.
Audit findings can be best described as which of the following? A. A method to facilitate improvements in the security system B. An obligation of a firm to its shareholders C. A management tool to drive change D. A tool to reduce risk in the enterprise
A. A method to facilitate improvements in the security system Audit findings can and should be used to improve security control effectiveness in the enterprise
Which of the following indicates the difference between advisory and informative policies? A. Advisory policies provide strong recommendations as to the appropriate behaviors and actions that can be exhibited by employees. Informative policies are gentle recommendations or reminders for employees to consider. B. Informative policies provide strong recommendations as to the appropriate behaviors and actions that can be exhibited by employees. Advisory policies are gentle recommendations or reminders for employees to consider.
A. Advisory policies provide strong recommendations as to the appropriate behaviors and actions that can be exhibited by employees. Informative policies are gentle recommendations or reminders for employees to consider.
As the head of the database group, you have a responsibility to provide data for enterprise applications. To meet overall SLAs, your group must provide services that are in alignment with them. To communicate these requirements, what would be the best vehicle? A. OLA B. Subordinate SLA C. MOU D. BPA
A. An operating level agreement (OLA) is an internal document that defines the relationships between internal parties to support business activities.
Outsourcing of security operations can be advantageous for which of the following reasons? A. An outsource firm can take advantage of issues of scale with respect to information, workers, and so on B. Managed security services are cheaper because of competition in the marketplace C. Specialized services such as forensics require expertise only large firms can provide D. Managed security service providers can provide 14/7/365 operations
A. An outsource firm can take advantage of issues of scale with respect to information, workers, and so on Outsourcing of security functionality is advantageous when a firm does not have the appropriate scale of operations to handle worker retention, training, information update exposure, specialized skills, and 24/7/365 coverage.
Senior management has decided to restrict access to social media sites such as Facebook and Twitter. To accomplish this, administrators will perform which of the following security practices on users? A. Least privilege B. Defense in depth C. Separation of duties D. PII restrictions
A. Assuming social media is not required, then least privilege is the granting of access to only what is needed to perform work functions.
An attestation is _________________________. A. a statement certifying some element to be true B. used to explain details behind assumed facts C. an element of SAML D. an element of certificate-based authentication
A. Attestation is the act of certifying some element to be true and doing so in some fashion that provides a form of evidence as to its veracity.
As part of a security assessment, you want to test the strength of your passwords by using password crackers. Which of the following will try all possible combinations of characters up to a certain length? A. Brute-force attack B. Birthday attack C. Dictionary attack D. Rainbow table
A. Brute-force attacks try all possible combinations of characters up to a certain length.
There has been a lot of talk recently concerning buffer overflows at your firm. Management has decreed zero tolerance for buffer overflows in all future code. Is this possible, and why or why not? A. Yes, it has been done; it just requires careful examination of all buffer inputs. B. Yes, there is a library call to fix it. C. No, this is one of the errors that is almost impossible to completely remove. D. No, legacy code makes this impossible.
A. Buffer overflows are completely preventable, and numerous software projects have shown this. The key is in using multiple methodologies to defend against this type of coding error, including walkthroughs, library call utilization, and fuzzing.
A firm is unaware of an attack and the resulting losses caused. Which risk management technique is employed with respect to this threat? A. Acceptance. B. Risk transfer. C. Risk deferral. D. There isn't sufficient information to answer this question.
A. By default, the risk is accepted because this action occurs without any management action.
When implemented correctly, cloud services can provide some degree of protection from what type of attacks based on the inherent nature of cloud services? A. DDoS B. Buffer overflows C. Brute-force attacks D. Man-in-the-middle attacks
A. By the nature of their design, cloud services can provide natural protection from DDoS attacks. When the services are spread out over multiple data centers, it becomes much harder for an attacker to overwhelm the available resources.
Code reviews are intended to: A. Find programming errors and poor coding practices B. Validate placement of punctuation C. Catch bugs after software is released D. Count lines of code
A. Code reviews are designed to find programming errors and poor coding practices before software is fully released.
Unified communications can add significant risk to an enterprise because: A. Information is concentrated in single user channels. B. There is a lack of security products for this market segment. C. Auditing is not possible because of the nature of the system. D. Unified communications enable all users access to important information.
A. Concentrating information can increase exposure when vulnerabilities are exploited.
A cross-site scripting attack is characterized by which of the following? A. Application code that returns user input in HTML without validation checking B. A hidden layer to trick a user into clicking an undesired option C. The alteration of code used against a database D. Cookie stealing
A. Cross-site scripting involves inserting scripts into user inputs to get them to run on a server to return altered HTML pages.
Which of the following guidelines should be used when configuring routers and switches? A. Do not enable DHCP or BOOTP for edge routers. B. Use Telnet for access to management interfaces. C. Disable MAC filtering on internal switches. D. Configure ACLs to only monitor traffic originating from outside your network.
A. DHCP and BOOTP should not be enabled on edge routers.
The salvaging of data from a damaged or corrupted secondary storage media that cannot be used in a normal access mode is an example of what? A. Data recovery B. Data restoration C. Data cleansing D. Data management
A. Data recovery is the salvaging of data from broken storage media, whether the broken aspect is either physical or logical.
Fingerprinting is often: A. One of the first steps in an assessment B. Rarely used by professional penetration testers C. Used in conjunction with dictionary files D. Only performed on Linux-based systems
A. Fingerprinting identifies key system details and therefore is often one of the first steps in an assessment.
In a modern browser environment, which of the following considerations should be taken? A. Disable SSLv2 to block attempts against this version. B. Disable SSLv2 to prevent interference with TLS, a newer form of SSL. C. Enable SSLv2 to increase compatibility with diverse systems. D. Enable SSLv2 for use with non-Internet Explorer browsers.
A. Disable SSL 2.0 due to well-known flaws.
Which of the following presence standards is used by Facebook Messenger and Google Talk? A. XMPP B. HTTPS C. SIP D. VoIP
A. Extensible Messaging and Presence Protocol (XMPP).
The HITECH Act imposes what additional restrictions on HIPAA-related data? (Choose all that apply) A. Imposes data-breach notification requirements B. Increases enforcement through industry self-monitoring efforts C. Extends coverage requirements to software vendors of electronic healthcare record systems D. Limits elements considered to be personal health information (PHI)
A. Imposes data-breach notification requirements C. Extends coverage requirements to software vendors of electronic healthcare record systems The HITECH Act imposes new expanded data-breach notification requirements on affected firms (A). It also extends the coverage of information to business associates, including vendors supplying EMR software solutions (C).
Which of the following statements are true concerning compliance? (Choose all that apply) A. Indicates that a firm's actions are aligned with its own internal policies B. Indicates that a firm's actions are aligned with the laws and regulations C. Indicates security functionality is sufficient D. Is a result of an effective internal audit program
A. Indicates that a firm's actions are aligned with its own internal policies B. Indicates that a firm's actions are aligned with the laws and regulations Compliance means that an organization must fulfill the requirements of its own internal policies (A) as well as those imposed by external bodies in the form of regulations and legal requirements (B).
Which of the following is a common firewall found and used on Linux-based machines? A. iptables B. Snort C. Defender D. Check Point
A. Iptables is the specific firewall we discussed in the chapter, and it is found in releases of Linux.
SDLC phases include a minimum set of security tasks required to effectively incorporate security in the system development process. Which of the following is one of the key security activities for the initiation phase? A. Determine CIA requirements. B. Define the security architecture. C. Conduct a PIA. D. Analyze security requirements.
A. Key security activities for the initiation phase are as follows: initial definition of business requirements in terms of confidentiality, integrity, and availability (CIA); determination of information categorization and identification of known special-handling requirements in transmitting, storing, or creating information; determination of privacy requirements.
Which two elements must exist to ensure perfect forward secrecy? A. Keys are not reused; new keys cannot be derived from existing keys. B. Keys are not reused; new keys use a different algorithm. C. Only AES can offer perfect forward secrecy. D. Keys must be stored in a TPM chip.
A. Keys are not reused; new keys cannot be derived from existing keys.
Deperimeterization is an acknowledgement that: A. Mobile access devices make edge-based protection impractical by itself B. Networks are dynamic and not defined as static structures C. Firewalls are no longer effective D. Insider threats make boundary security no longer relevant
A. Mobile access devices make edge-based protection impractical by itself The rise of smartphones and tablets that consume data and interfere with operational systems has made the concept of perimeter security a topic without specific bounds. The use of Bring Your Own Device has furthered the issues of a perimeter, forcing security to focus on the information, not the perimeter. You cannot rely on the perimeter for security anymore.
Network traffic analysis can help you: A. Really understand the traffic passing through your network B. Reveal problems in your organization's accounting policies C. Pinpoint sources of data corruption D. Verify the MTTF of network components
A. Network traffic analysis can help you understand what is really going on within your network.
The sharing of customer data with third-party business partners is permitted under which of the following? A. Opt-in provisions of the EU Data Protection Directive B. An MOU between the firm and a third-party firm C. An SLA between the firm and a third-party partner D. A business partnership agreement
A. Opt-in provisions of the EU Data Protection Directive All data interactions with customers located in the EU are under the regulation of the EU Data Protection Directive, and the standard is based on opt-in by the customer for all sharing.
In order to access an important server at the headquarters, a hacker first uses Metasploit to establish a connection on a workstation located at a branch office. Which of the following techniques will the hacker consider employing? A. Pivoting B. Sandboxing C. DNS harvesting D. Whois
A. Pivoting is a daisy-chaining concept in which hackers compromise one host in order to use that host to compromise other hosts.
As part of an acquisition of a smaller firm, you now have some IT systems that have federated authentication based on the older Liberty Alliance Identity Federation Framework. You need to integrate this into your existing enterprise solution based on SAML 1.1. What is the best course of action for the enterprise as a whole? (Choose all that apply.) A. Upgrade all federated authentication to a SAML 2.0-compliant solution. B. Nothing, because the two systems are already compatible. C. Examine both SAML and Liberty Alliance and pick the best solution for your circumstances. D. Move to an SPML-based solution.
A. SAML 2.0 integrates Liberty Alliance Identity Federation Framework elements.
Which of the following is a common method for enrolling network and mobile devices with digital certificates from a Certificate Authority? A. SCEP B. VNC C. OSCP D. OpenCert
A. SCEP provides enrollment of certificates for network and mobile devices from Certificate Authority servers.
Which of the following IPv6 tunneling methods can traverse a NAT device? A. Teredo B. 6to4 C. ISATAP D. SIEM
A. Teredo tunnels can traverse NAT devices.
Which of the following sets standards for U.S. government systems? A. FISMA B. HIPAA C. GLBA D. SOX
A. The Federal Information Security Management Act sets security standards for government systems.
Where is the Open Shortest Path First (OSPF) routing protocol most commonly used? A. As an internal routing protocol B. Between gateway routers C. Between DMZs and external firewalls D. For dynamic routing updates given to remote access users
A. The Open Shortest Path First (OSPF) routing protocol is most commonly used as an internal routing protocol.
The process of creating or altering systems, and the models and methodologies that people use to develop these systems, is referred to as what? A. Systems Development Life Cycle B. Agile methods C. Security requirements traceability matrix D. EAL level
A. The Systems Development Life Cycle (SDLC), or Software Development Life Cycle, in systems engineering, information systems, and software engineering is the process of creating or altering systems as well as the models and methodologies that people use to develop these systems.
Which of the following is true concerning the different disciplines represented within an organization in relation to security policies? A. Although all employees are subject to the organization's security policies, the different roles that each may have based on their specific discipline will require different specific security responsibilities. B. All disciplines are equally motivated by security concerns. C. Specific security requirements are the same for all employees no matter what the discipline. The requirements are based on the single organizational security policy. D. None of the above.
A. The different disciplines represented within an organization will result in different roles for the employees and thus different security requirements. All, however, will be subject to the organization's overall security policy. How it applies to them may be different depending on their specific discipline.
A firm is looking at adopting a telecommuting policy for many of its workers. Which of the following risks are likely and need to be specifically addressed? (Choose all that apply) A. The risk of data leakage from data being on a home PC B. The costs associated with data transfers between work and home C. The employee stealing or tampering with data when on home equipment D. The risk of malware from a home PC entering the work network
A. The risk of data leakage from data being on a home PC D. The risk of malware from a home PC entering the work network Data leakage from data left on a home PC is a concern (A) as well as the patch level and antivirus/anti-spyware/malware protection elements wherever the data is stored (D)
Which of the following elements of security states that only authorized users are able to modify or delete data? A. Integrity B. Availability C. Confidentiality D. Authorization
A. Unauthorized alteration or deletion of data is an integrity violation.
You are testing an application for arithmetic errors. What is your best tool? A. Fault injection B. A fuzzing framework C. Code walkthroughs D. Use of specific library calls for math functions
B. A fuzzing framework is the best tool for input validation errors, of which arithmetic errors are one example.
Which ports are involved in e-mail? (Choose all that apply.) A. TCP 22 B. TCP 25 C. TCP 21 D. TCP 110
B, D. Port 25 is for SMTP, port 110 for POP3.
Before capturing traffic on a wired network with a protocol analyzer, which of the following are good practices? (Choose all that apply.) A. Installing the AirPcap adapter B. Putting the NIC in promiscuous mode C. Using a protocol analyzer that is compatible with your NIC's chipset D. Injecting traffic as needed to trigger responses from network targets
B, C, D. Putting the NIC in promiscuous mode, using an analyzer compatible with your NIC's chipset, and using carefully planned traffic injection.
Utilizing open source intelligence sites like Facebook to gather target information is an example of which of the following? (Choose all that apply.) A. Fingerprinting B. Footprinting C. Reconnaissance D. Social engineering
B, C. Footprinting and reconnaissance typically utilize open source intelligence websites and are often interchangeable terms.
Input validation can be employed to guard against all of the following errors except which ones? (Check all that apply.) A. Buffer overflow B. TOCTOU race conditions C. Privilege escalation D. SQL injections
B, C. Input validation is of no use in detecting time-of-check/time-of-use race conditions, nor will it help detect cases of privilege escalation.
Security processes, procedures, and controls are all the same thing. 6. Which of the following are factors that can impact the motivation and willingness of employees to adhere to security policies and procedures? (Choose all that apply.) A. The speed at which the policies and procedures were created after the organization's overall security policy was established. (The faster they are established, the more likely it is that employees understand that they are important to management.) B. The level of understanding by employees of specific policies and procedures. C. The belief that employees had a say in the decision to adopt specific policies and procedures. D. There is little that can be done to motivate employees.
B, C. The motivation and willingness of employees to adhere to security policies and procedures can be affected by several factors, including understanding the reason and need for the policy or procedure and the belief that the employees had a say in the decision to adopt it.
An American corporation has a data center in Paris. If the U.S. government issues a warrant to the corporation demanding that it turn over information stored in the Paris data center, the corporation might refuse on the grounds that Paris has legal control over data stored on those servers. Which two answers best describe this situation? A. Deperimeterization B. Data Sovereignty C. Common Criteria D. Jurisdiction
B, D Data Sovereignty (B) and jurisdiction (D) specify that once data has been collected on foreign soil it is subject to the laws of the foreign nation
Which type of incident response team (IRT) is associated with a regional office? A. Central IRT B. Distributed IRT C. Coordinating IRT D. Outsourced IRT
B. A local independent IRT is part of a distributed IRT structure.
An ESB consists of which two main components? A. VLANs and a SAN B. Connectors and a routing engine C. Authentication servers and application servers D. Protocol translators and central management
B. An ESB (Enterprise Service Bus) consists of connectors and a routing engine.
Which Virtual Desktop Infrastructure model would you recommend for use in an environment where network connections are not completely reliable? A. Hosted virtual desktops B. Remote virtual desktops C. Centralized virtual desktops D. Public cloud
B. Remote virtual desktops typically run an image of the remote desktop on local resources. If the network connection is lost, users can still continue to work under this model.
Which of the following modern physical access control systems provides consolidated IP-based control over all facilities equipment? A. HVAC controller B. BAS C. SoC D. SCADA
B. Building automation systems (BASs) integrate and automate building systems management across an IP network.
Which of the following mobile device strategies specifically involves users buying their own mobile device based on an enterprise's preselected list? A. BYOD B. CYOD C. COPE D. SCEP
B. Choose your own device (CYOD) involves users buying their own mobile device based on an enterprise's preselected list.
Which of the following security policies is most appropriate for requiring that all sensitive paperwork be kept out of plain sight at your work area? A. Access control policy B. Clean desk policy C. Physical security policy D. Removable media policy
B. Clean desk policies require all sensitive materials on your desk, including PII and other sensitive data types, are locked away and kept out of plain sight from unauthorized users.
Which of the following capabilities of MDM ensures devices receive the settings they require? A. Plug-ins B. Configuration profiles C. Tokens D. SoCs
B. Configuration profiles deploy OS and application configurations to mobile devices.
The Digital Signature Algorithm (DSA) utilizes which of the following cryptographic functions? A. MD5 or SHA and AES B. SHA-2 series hash and the ElGamal discrete logarithm method C. Any hash function and any public key method (methods identified in header) D. SHA-1 hash or newer and RSA public key algorithm
B. DSA uses the SHA-2 cipher and the ElGamal discrete logarithm method.
Which of the following is true of the relationship between security professionals and management? A. Once the security policy is established, it is unimportant and generally not needed for security personnel to interact or communicate with the upper levels of management. B. Security personnel may need to make recommendations concerning security to management and will need to do so in a manner that highlights the reason for the recommendation and is conveyed in terms that management can understand. C. It is more important that security recommendations are precise and written in terms understandable by security personnel who have to implement them rather than being conveyed in a manner that is understandable by management. D. Management support for security recommendations is nice but unimportant because security is the responsibility of security personnel.
B. It may become necessary for security personnel to make recommendations to management on the implementation of security controls. When this occurs, the recommendations need to be conveyed in a manner that is understood by them in order to obtain management support.
True or false? Master service agreements are designed to serve as a single agreement that prevents the need for future agreements. A. True B. False
B. Master service agreements are all-encompassing agreements between multiple organizations that serve as the building blocks for future agreements, transactions, and business documents.
Which of the following is a dedicated network vulnerability scanner? A. Nmap B. Nessus C. Tripwire D. Iptables
B. Nessus is the only product here that is dedicated to vulnerability scanning.
What is the correct correlation between the OpenID and OAuth standards? A. OpenID and OAuth both handle authentication. B. OpenID handles authentication, and OAuth handles authorization. C. OpenID handles authorization, and OAuth handles authentication. D. OpenID and OAuth both handle authorization.
B. OpenID provides authentication services, whereas OAuth provides authorization services.
Your desktop machines (numbering 50) are getting old, and management has approved a replacement plan. You presented a solution based on an enterprise standard operating environment. You promoted this solution for what reasons? (Choose all that apply) A. Cost saving from buying in bulk B. Operational savings from a single environment C. Improved security from a single environment D. Reduced bickering over who has a better machine
B. Operational savings from a single environment C. Improved security from a single environment Having a mono-culture environment for hardware and software (B) makes automation of many administrative tasks an efficient option, lowering operational costs and improving security. Although a single mono-culture environment is not naturally more secure and may in fact suffer if it has some systematic failure because there is no diversity and all machines would be affected, it can be made more secure with unified operational policies and procedures (C)
From a security perspective, prototyping could help you in which way? A. Identifying issues in production environments B. Identifying potential vulnerabilities in early versions of products C. Spotting data exfiltration attacks D. Targeting botnets on wireless networks
B. Prototyping can help you identify potential vulnerabilities in early versions of products.
What does ROI stand for? A. Real occurrence of incidents B. Return on investment C. Rate of incident D. Rate of inclusion
B. ROI is return on investment, also known as the efficiency of an investment.
Which of the following hypervisor types involves the guest OS communicating with the hypervisor, which then communicates with the host OS? A. Type 1 B. Type 2 C. VMware ESXi D. Type 3
B. Type 2 hypervisors use a host OS as the intermediary between the hypervisor and the hardware.
Which of the following best describes augmented reality? A. Users' perception of their real-world environment is completely replaced by a digital reality. B. Users' perception of their real-world environment is enhanced by digital elements. C. Users' devices and appliances are all networked together, forming a smart home. D. Users' devices and appliances are all networked together, forming a smart business.
B. Users' perception of their real-world environment is enhanced by digital elements.
You are reviewing service contracts for potential cloud providers and want to ensure the provider has adequate response support for auditing findings that may require changes to your cloud environment. Which of the following activities might generate a significant number of actionable audit findings that would require support from your cloud provider? A. Password audit B. Software inventory C. PCI compliance audit D. Antimalware scan
C. A PCI compliance audit has the potential to generate a significant number of actionable audit findings that require changes to supported encryption levels, handling of client input, and so on.
A benchmark is an example of which of the following? A. A set of expectations B. Only useful for batch routine measurements C. A point of reference for measurement D. Used to encrypt backup files
C. A benchmark is a point of reference for measurement. It could be a set of performance criteria, a set of conditions, an established and measured process, and so on.
You have been tasked with setting up a partner program where participants are bound by the rules of the program. The best vehicle would be which of the following? A. MOU B. Implicit contract C. BPA D. ISA
C. A business partner agreement (BPA) contains the complete terms and conditions that both the partners agree to be bound by as participants in the partner program. This program is set in motion once the application to participate in the program is accepted by both partners.
Which of the following standards are considered official? A. De facto standards B. Open standards C. De jure standards D. None of the above
C. De jure standards are considered official standards due to being ratified by standards companies.
An organization is looking to sell off a large piece of its business, which will then function as a separate organization. Both entities will need to ensure that proper security requirements are met on both sides. Which of the following options best describes this scenario? A. Deperimeterization B. Demerger C. Divestiture D. Deregulation
C. Divestiture takes place when an organization sells off one of it's business units
10. Which of the following applications helps manage enterprise resources? A. CMS B. CRM C. ERP D. CMDB
C. Enterprise resource planning (ERP) systems help manage enterprise resources.
Which of the following technologies refers to locating a device's geographical location by using GPS or cell towers? A. Geotagging B. Geofencing C. Geolocation D. Geosensing
C. Geolocation refers to locating a device's geographical location by using GPS or cell towers.
The Chief Security Officer of a large corporation is curious as to how information classification levels are ranked in federal government environments. She is hoping that by duplicating a federal classification system, overall file security for the corporation can be improved. From most sensitive data to least sensitive, what order of information classifications would you advise her of? A. Public Trust, Top Secret, Secret, Confidential, Unclassified B. Confidential, Top Secret, Secret, Public Trust, Unclassified C. Top Secret, Secret, Confidential, Public Trust, Unclassified D. Top Secret, Confidential, Secret, Public Trust, Unclassified
C. Government and military environments typically use Top Secret, Secret, Confidential, Public Trust, and Unclassified as their most-sensitive-to-least-sensitive classification levels.
Which vulnerability are hackers hoping to take advantage of while searching for the target's DNS records? (Choose the best answer.) A. DNS server is missing patches. B. DNS server doesn't have DNSSEC enabled. C. DNS server supports zone replication to any entity. D. None of the above.
C. Hackers are hoping that administrators forgot to disable zone replication to any server while configuring the DNS server settings.
Which of the following is a characteristic of a highly structured threat? A. It is conducted by script kiddies. B. Attackers will take weeks or even months to accomplish their goal. C. The attackers have considerable time and financial backing. D. Attackers concentrate on only one attack vector until successful.
C. Highly structured threats are characterized by attackers who have considerable time and financial backing in order to accomplish their goal.
Your organization wants to deploy an e-mail server with the most important mailboxes stored on-premises and less critical mailboxes stored on a hosted cloud environment. Which of the following selections should you choose? A. Public cloud B. Private cloud C. Hybrid cloud D. Community cloud
C. Hybrid clouds typically utilize a connected combination of public and private cloud computing.
The following are hash algorithms except: A. MD5 B. SHA-256 C. IDEA D. RIPEMD-160
C. IDEA is a symmetric block cipher.
Which organization is responsible for publishing RFCs? A. ISO B. IEEE C. IETF D. NIST
C. IETF publishes RFCs.
Which of the following is an advantage of IPv6 over IPv4? A. Smaller address space B. Widely used by most organizations C. Support for IPSec and better QoS capabilities D. Protocol and Type of Service fields in header
C. IPv6 has integrated support for IPSec and better QoS capabilities than IPv4.
Which of the following best describes a zero-day vulnerability? A. A vulnerability that can be quickly mitigated. B. A vulnerability that disappears on its own. C. A vulnerability that is unknown to the vendor of the vulnerable product. D. A vulnerability too complex or risky to ever develop a patch for.
C. It a vulnerability that a product's vendor is currently unaware of; therefore, the vendor has not developed a patch yet.
From a security standpoint, why might you want to protect your database of inventory items? A. Regenerating it if it is lost can be costly. B. Losing something like this would be an indication of a lack of general security procedures and processes. C. Because it would contain information on the hardware and software platforms your organization uses and thus would provide an attacker with information that could be used to determine vulnerabilities you might be susceptible to. D. If a software or hardware vendor obtained a copy of it, you might find yourself inundated with sales calls trying to sell you any number of products.
C. Knowing what hardware and software you have provides an attacker a tremendous boost in terms of determining what attacks to try against you.
Your VoIP installation is having difficulty with call quality. Network analysis points to severe traffic congestion causing consistent delays in packet delivery. This is an example of which of the following? A. Best-effort class of service B. VoIP routing C. Latency D. Jitter
C. Latency is the measured time in milliseconds it takes for the transmission of a network packet.
Which of the following tools can assist you in analyzing large data sets for trends? A. Sniffers B. Prototypes C. Log consolidation tools such as Splunk D. Cost analysis platforms
C. Log consolidation tools such as Splunk can assist you in analyzing large data sets for attack trends.
MTTR stands for: A. Mean time to reboot B. Mean time to reimage C. Mean time to repair D. Mean time to reinitialize
C. MTTR is the abbreviation for "mean time to repair" (how quickly the system can be brought back online).
Establishing security controls that require multiple employees to complete a task is an example of what? A. Mandatory vacations policy B. Least privilege C. Separation of duties D. Job rotation
C. The use of multiple people to complete a task is known as separation of duties, which creates an opportunity for checks and balances.
Your network administrator has informed you that your organization will be switching from IPv4 to IPv6. You've been asked to determine what impact this might have on the security of the corporate network. You know that others have also made this same move in their organizations, so you are sure that there must be some documents on what the security implications might be. Besides documents from vendors that often are obviously also trying to sell you a product or service, which of the following might you also check to learn as much about this new technology and its security implications from an objective standpoint? A. There is no real way of determining the security implications of new technology before you implement it on your own network. B. The National Institute of Standards and Technology (NIST) produces best-practice documents for all new technology that is introduced to the Internet. C. RFCs are used to seek input from the community on issues and changes in technology that have an impact on the larger Internet community. D. The International Internet Standards Organization must approve all new technology changes that will have an impact on the Internet before they are implemented. This organization produces standards for the implementation and use of new technologies, which you can download and follow.
C. RFCs are often used to seek input for security issues due to changes in technology that may have a large impact on the Internet. Although the possibility was not provided, you can also often find fairly objective white papers produced by various vendors discussing security issues related to new technology.
An asset under attack has a potential loss amount of $135,000, and it is expected that successful attacks could occur every 18 months. What is the ALE? A. $135,000 B. $100,000 C. $90,000 D. $45,000
C. The SLE = $135,000, the ARO = 12/18 = .666, and the ALE = 135,000 * 0.666 = $90,000
Which of the following would be most important when considering the scalability of a security solution? A. Support for future versions B. Cost of maintenance contracts C. Ability to accommodate more users and more traffic D. Ability to analyze encrypted traffic
C. The ability to accommodate more users and more traffic is the most important item in the list when considering the scalability of a security solution.
If you're looking to get maximum visibility into attacks launched at your organization from hostile Internet sources, where would you place an IDS/IPS? A. Right behind the main firewall between your organization and the Internet B. Between your server farm and user base C. In front of the main firewall between your organization and the Internet D. In the DMZ, preferably next to a web server
C. The best place to view and analyze attacks originating from Internet sources is on your main network link between your firewall and your Internet connection.
Your organization is looking to consolidate 20 physical servers into a virtualized infrastructure. Each physical server contains a 2 GHz processor with 8GB of RAM and averages 50 percent memory utilization and 17 percent CPU utilization. At a minimum, how many 2 GHz processors will you need in your virtualized infrastructure to handle this CPU load? A. 2 B. 3 C. 4 D. 5
C. The calculated load is 6.8 GHz, and to achieve this load you must have 8 GHz, or four CPUs at 2 GHz each. If 20 servers have 2 GHz CPUs, which equals, in a sense, 40 GHz in total, they are collectively running at 17 percent utilization. Therefore, if you multiply 40 GHz by 17 percent, you get an effective 6.8 GHz across all servers combined.
Which of the following is true about the introduction of new technologies into an organization? A. Because the security issue has been known for a while, new technologies are produced with security in mind, and introducing them will have no adverse impact on the security of an organization. B. The introduction of new technology to an organization will usually result in a more secure network environment. C. New technologies can have a negative impact on the security of an organization, potentially introducing new vulnerabilities. D. New technology is more secure than older technology but can still have security implications if not installed correctly.
C. The introduction of some new technologies can absolutely have an impact on the security of the system and should therefore be closely examined to see what new vulnerabilities might have been introduced. An example of this is the introduction of wireless networks to an organization.
The last step of an incident response effort is: A. Recovery B. Assignment of blame C. Lessons learned D. Customer notification
C. The last step is a lessons learned session, where process improvements are discussed.
Risk is defined as: A. The expected annual loss from unforeseen problems B. A level of loss that cannot be avoided C. The loss associated with threats against system vulnerabilties D. Costs from inadequate security
C. The loss associated with threats against system vulnerabilties Risk is defined as "the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization" (ISO/IEC 27005:2008).
Which of the following testing methods involves testing every line of code? A. Regression testing B. User acceptance testing C. Unit testing D. Peer review
C. Unit testing attempts to test each and every line of code, or a certain percentage of the application's total code base.
A company buys another firm in a similar industry but located in a different country. The certificates used by each company come from different CAs. Which of the following represents the easiest method of connecting the trust relationships associated with the certificates? A. Use a wildcard certificate. B. Have each firm get additional certificates from the other firm's CA. C. Use a cross-certificate defining the new trust relationship. D. Have the smaller firm move its certificates to the larger firm's CA via a certificate transfer.
C. Use a cross-certification to define a new trust relationship.
Which port number does IMAP4 use when secured by SSL/TLS? A. 110 B. 143 C. 995 D. 993
D. 993 is used by IMAP4 when secured by SSL/TLS.
Your application is going to e-mail results to other users based on program logic. To perform this function, you incorporate a set of library calls to an e-mail program requiring administrative access permissions to perform the task. What type of attack should you be concerned with in employing this methodology? A. Impersonation attack B. Improper storage of sensitive data attack C. Fuzzing attack D. Privilege-escalation attack
D. A failure that occurs during the escalated privilege function of the e-mail library could result in an exploitable privilege escalation against the application.
Password crackers will get the most benefit from which of the following? A. Available memory B. Long dictionary files C. Solid-state drives D. A fast multicore processor
D. A fast multicore processor will provide the most benefit.
Two parties need to document an agreement associated with pursuing a common action. Which document would they use? A. SLA B. BPA C. NDA D. MOU
D. An MOU is a written agreement defining a common cause and actions on behalf of parties.
Which of the following could indicate a potential security problem? A. Spike in outbound network traffic at odd times B. Increase in CPU utilization on Internet-facing systems C. Increased logins during weekend or evening hours D. All of the above
D. Any of these could indicate a potential security problem. If you have an established set of benchmarks (reference points), deviations from the "norm" could indicate a potential security problem.
Using hex encoding of Unicode input is associated with which of the following? A. SQL injection B. Directory traversal attack C. Cross-site scripting D. Canonicalization error
D. Canonicalization errors are those that exploit the process by which application programs manipulate strings to a base form, creating a foundational representation of the input, to avoid input validation detection of invalid input.
Which of the following areas should you examine when performing reverse-engineering: A. Communication paths B. Reactive capabilities C. Impact on network traffic D. All of the above
D. Communications paths, reactive capabilities, and impact on network traffic are all areas you should examine when reverse-engineering existing security solutions.
Which of the following best describes data that has been collected on foreign soil and is therefore subject to the laws of that particular nation? A. Data ownership B. Data hold C. Data remnants D. Data sovereignty
D. Data sovereignty describes data that has been collected on foreign soil and is therefore subject to the laws of that particular nation.
Select the best set of conditions associated with PCI DSS compliance with respect to cryptographic algorithms and processes. A. Ensure all machines using SSL and TLS are updated to the current patch levels. B. When using SSL or TLS to secure communication channels, ensure client connections are also fully patched. C. Restrict connections to HTTPS and VPNs using IPSec. D. Disable SSLv1 and SSLv2 as well as all export-level cryptographic algorithms (less than 128 bit).
D. Disable older SSL versions and ensure the latest TLS versions are supported.
Which of the following is not a potential vulnerability associated with hosting multiple companies' virtual machines on a single physical server? A. Hardware failure B. Resource flooding attacks C. Competition for resources D. Double-tagging
D. Double-tagging is a vulnerability associated with VLANs.
You are responsible for secure programming at your company. You want to implement steps to validate the security of software design. At what phase in the SDLC should you implement design validation for security? A. After the design phase. B. Before the testing phase. C. This is not necessary. SDLC eliminates the need for design validations. D. At every phase.
D. Every phase of the SDLC can result in tweaks and changes to the design, necessitating revalidation.
To create a digital signature, which of the following steps are used? A. Hash the data to be signed, encrypt the data using a private key, and send both. B. Hash the data and send the hash with the data to the recipient. C. Encrypt the data, hash the encrypted data, and send to the recipient. D. Hash the data to be signed, encrypt the message digest using a private key, and send both.
D. Hash the data to be signed, encrypt the message digest using a private key, and then send both to the other party.
Which of the following represent the correct order of steps for risk management? A. Assessment, Identification, Analyzation, Mitigation B. Designing, Assessing, Analyzation, Mitigation C. Planning, Assessing, Analyzation, Mitigation D. Identification, Assessment, Analyzation, Mitigation
D. Identification, Assessment, Analyzation, Mitigation is the correct answer
A user requests authentication from an Identity Provider (IdP), which becomes an asserting party across a trust relationship to a Service Provider (SP), which then can use the asserted credentials in making an access control decision for the user. This describes which standard? A. SPML B. XACML C. SSO D. SAML
D. Identity Providers (IdPs) and Service Providers (SPs) are elements of SAML.
To ensure that business processes are not dependent on single employees, senior management has decreed that for designated sensitive positions, people must change jobs every six months. This is an example of what? A. Separation of duties B. Principle of least privilege C. Performing a PIA D. Job rotation
D. Job rotation involves the moving of people among jobs in an organization to reduce the risk of only one person knowing/performing a particular task.
Which of the following is not a common network file system service that is typically supported by NAS devices? A. SMB/CIFS B. AFP C. SFTP D. LanMan
D. LanMan is the hash used by Windows to store passwords in versions prior to NT.
Which of the following is not an example of a standardized SOA framework? A. SOAP B. CORBA C. WCF D. LDAP
D. Lightweight Directory Access Protocol (LDAP) is an application protocol for querying and modifying data of directory services—it is not an example of a standardized SOA framework.
Which of the following refers to the act of maintaining an ongoing awareness of information security effectiveness? A. Security policy B. Incident response C. Threat assessment D. Continuous monitoring
D. Maintaining an ongoing awareness of one's security posture is a key element in defining continuous monitoring.
Two of the main types of vulnerability scanners are: A. Host-based and port scanners B. Network-based and password crackers C. Switch port analyzers and host-based scanners D. Network-based and host-based scanners
D. Network-based and host-based are the two main types of vulnerability scanners.
A port-scanning tool like Nmap looks for which types of ports? (Choose all that apply.) A. Only closed ports B. Only open ports C. Only filtered ports D. All of the above
D. Nmap looks for open ports, closed ports, and ports filtered by a firewall.
Removal of unneeded PII from a database is an example of what? A. HIPAA compliance B. Encryption C. Privacy control D. Data minimization
D. Not storing unneeded data is an example of data minimization.
OCSP is best described as: A. A replacement for standard PKI, taking advantage of Web 2.0 capabilities B. An alternative to the X.509 certificate format C. A service for transferring certificates securely between parties D. An alternative to certificate revocation lists
D. OCSPs are more efficient alternatives to CRLs.
Which of the following are common purposes for using protocol analyzers? (Choose all that apply.) A. To examine network traffic for duplicate IP addresses B. To find the source of an ARP spoofing attack in your network C. To look for unauthorized computers connected to your network D. All of the above
D. Protocol analyzers can be used for all of these purposes.
Reviewing the effectiveness of your existing security programs can help you: A. Identify areas that need improvement B. Identify areas where additional effort is needed C. Measure impact of user training D. All of the above
D. Reviewing the effectiveness of your existing security programs can help you identify areas that need improvement, identify areas where additional effort is needed, and measure the impact of user-training programs.
Internal audits are a useful tool for ensuring which of the following? A. Management has budgeted the correct amount of resources for security B. Regulatory-mandated security controls are effective in eliminating risks C. The PCI DSS standard is effective at securing credit card data D. Security Controls are effectively deployed
D. Security Controls are effectively deployed Internal audits alert all levels of management to the effectiveness of security controls as deployed in the enterprise.
The use of ______ can assist in the collection and analysis of log file data to help determine the organization's security posture. A. PIA B. signature analysis C. data minimization D. SIEM
D. Security incident event management (SIEM) solutions can be programmed with alerts.
Segmenting remote access traffic allows you to do which of the following? A. Treat remote access traffic as potentially hostile. B. Filter traffic through a firewall and IDS/IPS. C. Verify the patch and antivirus status of remote users before allowing them to connect to the organizational network. D. All of the above.
D. Segmenting network traffic allows you to treat remote access traffic as potentially hostile, filter traffic through a firewall and IDS/IPS, and verify the patch and antivirus status of remote users before allowing them to connect to the organizational network.
You are concerned about users of your web application being subjected to a clickjacking-type attack. What is the best defense you can offer? A. Use the SECURITY=RESTRICTED header. B. Use a cookie with an encrypted session ID. C. Use a JavaScript frame-busting script to prevent iframe incorporation. D. Use the X-FRAME-OPTIONS header.
D. The X-FRAME-OPTIONS header with the DENY or SAMEORIGIN option is the best server-side defense against clickjacking-type attacks.
Which of the following is the primary security reason for network segmentation? A. To provide centralized control over the network to allow for a more consistent monitoring process B. To spread the monitoring of the network out so that it can be conducted more effectively C. To encourage diversity among software and hardware technology to make it harder for attackers to use a single technique to gain unauthorized access. D. To separate the network into different pieces so that if a portion of the network is penetrated, the other portions may still remain secure
D. The immediate and primary reason for network segmentation from a security standpoint is to separate portions of the network into various pieces so that if one portion is penetrated, it will give access to only a subset of the entire network.
You've been asked to create an initial configuration for the server that will be used in an upcoming virtualization project. Which of the following hardware platforms would be the most logical choice if reliability and redundancy are the primary concerns? A. Dual 2.5 GHz Xeon, 128GB non-ECC RAM, RAID 5, redundant power supplies B. Dual 2.5 GHz Xeon, 128GB ECC RAM, RAID 0, redundant power supplies C. Single 2.5 GHz Xeon, 128GB non-ECC RAM, RAID 0, redundant power supplies D. Dual 2.5 GHz Xeon, 128GB ECC RAM, RAID 5, redundant power supplies
D. The server with dual 2.5 GHz Xeon, 128GB ECC RAM, RAID 5, and redundant power supplies provides the most reliability and redundancy.
When reviewing a cloud services contract, which provisions should you consider regarding the storage and handling of sensitive data? A. Encryption of data at rest B. Separation of data from other organizations C. Encryption of data in transit D. All of the above
D. When reviewing a cloud services contract, you should ensure the contract addresses encryption of data at rest, separation of data from other organizations, and encryption of data in transit.
In a firewall, where should you place a "default" rule stating that any packet with any source/destination IP address and any source/destination port should be allowed? A. It should be the first rule so that it will always be checked. B. It doesn't matter where it is placed as long as you have it in the rules somewhere. C. You should never have a rule like this in your rule set. D. It should be the last rule checked.
D. You should have this as the last rule so that if none of the other rules is invoked, the system will fall through to this one and know what to do.
Your CEO just came back from a luncheon where the speaker discussed zero-day threats. Your CEO has expressed a concern that your organization could be hit by one of these and wants to know what can be done to protect the organization from such a threat. The CEO wants you to do whatever is necessary to guarantee that such an event won't impact your organization. What is your reply? A. You tell your CEO that you can guarantee that you will never be susceptible to a zero-day exploit, but it will require a dramatic increase in the security budget so you can employ all possible countermeasures. B. You try to allay some of the CEO's fears by discussing how as long as you employ what are considered the standard best practices for your industry, you should be pretty much guaranteed that you will not be hit by a zero-day exploit. C. You use Stuxnet as an example and explain that zero-day exploits are only the concern of specific sectors (such as the critical infrastructures such as power and water) and that because your company is not part of one of them, it is not going to be hit with an event such as Stuxnet. D. You explain that by their very nature, zero-day exploits are extremely difficult to detect and that there is no way you can guarantee the company will never be impacted by one. You explain that there are steps that can be taken to minimize the potential impact and to increase the likelihood that you catch one quickly, but you can't eliminate the possibility totally.
D. Zero-day exploits can hit any software, so there is no way to guarantee that a piece of software your organization uses won't be impacted by one. There are certainly steps you can take to make it less likely you will suffer a catastrophic impact from a zero-day exploit, but you simply can't guarantee you will never be impacted by one.
Your organization has begun an enterprise-wide physical-to-virtual (P2V) conversion of its collaboration servers. You want to implement a security feature that will attest to the state of the virtual machine, generate and store cryptographic keys, passwords, and certificates, and perform platform authentication. Which of the following is the best answer? A. Hypervisor B. TPM C. UEFI D. vTPM
D. vTPMs allow VMs to utilize many of the benefits of physical TPMs, including attestation to the state of the VM, generating and storing cryptographic keys, passwords, and certificates, and performing platform authentication.
To reduce the risk of lock picking, which mitigations could you consider implementing? (Choose all that apply.) A. Use lock picks to test your lock's resistance to lock picking. B. Have a locksmith test the locks for you. C. Switch lock to a biometric door lock. D. Switch lock to a Bluetooth door lock. E. All of the above.
E. All of these are good ideas.
Which of the following disciplines generally has no security requirements and responsibilities? A. Programmer. B. Network administrator. C. Human resources. D. Facilities manager. E. All disciplines and jobs within an organization will have some level of security responsibilities.
E. Everybody in an organization has some level of security responsibility.
Which of the following are common vulnerabilities associated with commingling of hosts with different security requirements? A. VM escape B. Privilege escalation C. Live VM migration D. Data remnants E. All of the above
E. VM escape, privilege escalation, live VM migration, and data remnants are all examples of vulnerabilities associated with commingling hosts with different security requirements.