Certified Information Systems Security Professional (CISSP) Post Assessment

How many keys are required to fully implement a symmetric algorithm with 10 participants? A. 10 B. 20 C. 45 D. 100

Answer C is correct. The number of keys required for a symmetric algorithm is dictated by the formula (n*(n-1))/2, which in this case, where n = 10, is 45.

In the wake of the September 11, 2001, terrorist attacks, what industry made drastic changes that directly impact DRP/BCP activities? A. Tourism B. Banking C. Insurance D. Airline

Answer C is correct. All the industries listed in the options made changes to their practices after September 11, 2001, but the insurance industry's change toward noncoverage of acts of terrorism most directly impacts the BCP/DRP process.

What business continuity metric identifies the longest period of time that a business function may be unavailable without causing irreparable harm to the business? A. MTD B. RTO C. SLE D. ALE

Answer A is correct. The maximum tolerable downtime (MTD) is the maximum length of time a business function can be inoperable without causing irreparable harm to the business. The MTD is the maximum length of time a business function can tolerate a disruption before suffering irreparable harm. The MTD provides valuable information when you're performing both BCP and DRP planning. The organization's list of critical business functions plays a crucial role in this process. Answer B is incorrect. The recovery time objective (RTO) for each business function is the amount of time in which the user thinks that he can feasibly recover the function in the event of a disruption. Answer C is incorrect. The single loss expectancy (SLE) is the monetary loss expected each time the risk materializes. Answer D is incorrect. The annualized loss expectancy (ALE) is the monetary loss that the business expects to suffer as a result of the risk harming the asset during a typical year.

A small business has decided to outsource payroll tasks. The business will pass relevant data to the payroll company, and the payroll will handle all payroll functions for the company. In this scenario, which of the following roles best describes the small business? A. Data controller B. Data subject C. Data processor D. Data custodian

Answer A is correct. The small business is the data controller. The data controller identifies what data to pass to the data processor and how that data should be processed. The data controller is the person or entity that controls the processing of the data. The data controller decides what data to process, why this data should be processed, and how it is processed. Answer B is incorrect. A data subject is an employee whose personal information is being processed in order to generate payment. Answer C is incorrect. The payroll company is fulfilling the role of a data processor by processing the payroll data. Answer D is incorrect. A data custodian is responsible for the day-to-day maintenance of data.

You previously configured a web application to use your social media account credentials. Today, you logged onto your social media account and then connected to the web-based application without authenticating again. The technology supporting this is based on RFC 6749. Which of the following best identifies the SSO technology being used in this scenario? A. OAuth 2.0 B. OIDC C. OpenID D. Kerberos

Answer A is correct. This describes OAuth 2.0 as an authorization framework described in Request for Comments (RFC) 6749. It is maintained by the Internet Engineering Task Force (IETF). Many companies on the internet use it to share account information with third-party websites. Answers B and C are incorrect. OpenID and OIDC (short for Open ID Connect) are open standards maintained by the OpenID foundation. Answer D is incorrect. Kerberos provides single sign-on (SSO) services in an internal network, not Internet web applications.

What standard of evidence is required for investigators to obtain a search warrant? A. Probable cause B. Reasonable certainty C. Beyond a shadow of a doubt D. Due care

Answer A is correct. To obtain a search warrant, investigators must have probable cause that demonstrates that they will likely collect evidence related to a crime. There must be some type of evidence that a crime took place and that the search in question will yield evidence relating to that crime. The standard of "probable cause" required to get a warrant is much weaker than the standard of evidence required to secure a conviction. Most warrants are "sworn out" based solely on the testimony of investigators. Answers B, C, and D are incorrect. The standards of reasonable certainty, beyond a shadow of a doubt, and due care do not apply to the procurement of a search warrant.

Which of the following can be used to run the exact OS version needed for a specific application? A. Virtualization B. Provisioning C. Identification D. Abstraction

Answer A is correct. Virtualization is used to host one or more operating systems within the memory of a single host computer. It permits virtually any OS to work on any hardware. It also permits multiple operating systems to work simultaneously on the same hardware. It can be used to run the exact OS version needed for a specific application. Answer B is incorrect. Provisioning refers to the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. Answer C is incorrect. Identification is the capability to find, retrieve, report, change, or delete specific data without ambiguity. Answer D is incorrect. Abstraction is used to suppress unnecessary details to examine and review the important and inherent properties.

Beth is planning to run a network port scan against her organization's web server. What ports should she expect will be open to the world? A. 80 and 443 B. 22 and 80 C. 80 and 1433 D. 22, 80, and 443

Answer A is correct. Web servers should expose ports 80 and/or 443 to the world to support HTTP and/or HTTPS connections. Answers B, C, and D are incorrect. Port 22, used by SSH, and port 1433, used by SQL Server databases, should not normally be publicly exposed.

When all the system testing and bugs correction is done, the software product will be delivered to the user for __________. A. acceptance testing B. white-box testing C. stress testing D. black-box testing

Answer A is correct. When all the system testing and bugs correction is done, the software product will be delivered to the user for acceptance testing conducted on project's completion. Basically, acceptance testing is done by the user, sometimes stakeholders may be involved. This test is used to establish confidence in the system and focuses on a validation type testing. Answer B is incorrect because white-box testing examines the internal logical structures of a program and steps through the code line by line, analyzing the program for potential errors. Answer C is incorrect because stress testing tests stress limits of a system (maximum number of users, peak demands, and so on). Answer D is incorrect because black-box testing examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output.

In object-oriented programming, what term describes a collection of the common methods from a set of objects that defines the behavior of those objects? A. Class B. Instance C. Message D. Polymorphism

Answer A is correct. A class is a collection of the common methods from a set of objects that defines the behavior of those objects. Many modern programming languages, such as C++, Java, and the .NET languages, support the concept of object-oriented programming (OOP). Other programming styles, such as functional programming and scripting, focus on the flow of the program itself and attempt to model the desired behavior as a series of steps. Answer B is incorrect. Objects are instances of or examples of classes that contain their methods. Answer C is incorrect. A message is communication to or input of an object. Answer D is incorrect. A polymorphism is the characteristic of an object that allows it to respond with different behaviors to the same message or method because of changes in external conditions.

Which of the following LAN devices typically examines the entire packet? A. Gateway B. Brouter C. Switch D. Router

Answer A is correct. A gateway typically examines the entire packet. The gateway is a network interconnectivity device that translates different communication protocols and is used to connect dissimilar network technologies. It provides greater functionality than a router or bridge because a gateway functions both as a translator and a router. Gateways are slower than bridges and routers. Answers B, C, and D are incorrect. Brouter, switch, and router do not examine the entire packet.

Carla is considering the use of new toolsets in her work as a software developer. She would like to use a tool that allows her to code, troubleshoot, and compile all in a single interface. Which one of the following tool categories would best meet her needs? A. IDE B. IPT C. IDS D. IPS

Answer A is correct. An integrated development environment (IDE) provides a single interface for writing, testing, and deploying code and would meet Carla's needs. The IDE simplifies the integration of these tasks, and the choice of an IDE is a personal decision for many developers. Answer B is incorrect. Integrated product teams (IPT) are an organizational approach to system development used by the U.S. Department of Defense. Answers C and D are incorrect. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are security controls used to protect endpoints and networks from malicious activity.

Which of the following is known as management of changes made to a system's hardware, software, or firmware throughout its operational life cycle? A. Configuration management B. Incident management C. Problem management D. Capacity management

Answer A is correct. Configuration management is known as management of changes made to a system's hardware, software, or firmware throughout its operational life cycle. Answer B is incorrect. Incident management is the process of restoring normal service operation as fast as possible while reducing unfavorable impact on business operations. Answer C is incorrect. Problem management reduces the adverse impact of incidents and problems on the business that occur due to errors in the IT infrastructure. Answer D is incorrect. Capacity management ensures that the service provider has, at all times, sufficient capacity so that the current and the future needs of the customer get fulfilled.

Which of the following processes is often intertwined with the configuration documentation to ensure that changes are documented? A. Change management B. Incident management C. Configuration management D. Capacity management

Answer A is correct. The change management process ensures that changes are adequately reviewed, approved, and documented to reduce outages from changes. It is often intertwined with the configuration documentation to ensure that changes are documented. Changes often create unexpected side effects that can result in outages. An administrator can make a change to a system in order to resolve a problem, but this may cause a problem in other systems. Answer B is incorrect. Incident management is the process of restoring normal service operation as fast as possible while reducing unfavorable impact on business operations. Answer C is incorrect. Configuration management helps ensure that systems are configured properly throughout their lifetime. Answer D is incorrect. Capacity management ensures that the service provider has, at all times, sufficient capacity so that the current and the future needs of the customer get fulfilled.

What is the discriminator used by the court to determine whether proper due care and due diligence was performed by an organization? A. HITECH breach notification rule B. Session rule C. Prudent man rule D. Annualized loss expectancy

Answer C is correct. The prudent man rule is used to determine whether proper due care and due diligence was performed by an organization. It requires senior official to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances. Answer A is incorrect. The HITECH breach notification rule requires HIPAA (Health Information Technology for Economic and Clinical Health Act) covered entities and their business associates to provide notice following a breach of unsecured protected health information. Answer B is incorrect. Session rules specify the amount of data each segment in a transport layer of the OSI model can contain, verify the integrity of data transmitted, and determine whether data has been lost. They are established through a handshaking process. Answer D is incorrect. The annualized loss expectancy (ALE) is the possible yearly cost of all instances of a specific realized threat against a specific asset.

You want to ensure your IT network supports accountability. Which of the following is necessary to meet this requirement? A. Identification B. Audit trails C. Authorization D. Confidentiality

Answer B is correct. Audit trails provide documentation on what happened, when it happened, and who did it. IT personnel create audit trails by examining logs. Authentication of individuals is also needed to ensure the audit trails provide proof of identities listed in the logs. One or more logs create an audit trail that researchers or investigators can use to reconstruct events and identify security incidents. When they review audit trails' contents, they can provide evidence to hold people accountable for their actions, such as violating security policy rules. These audit trails also help verify user compliance with policies. Answer A is incorrect. Identification occurs when an individual claims an identity, but identification without authentication doesn't provide accountability. Answer C is incorrect. Authorization grants individuals access to resources based on their proven identity. Answer D is incorrect. Confidentiality ensures that unauthorized entities can't access sensitive data and is unrelated to this question.

An organization has recently added a configuration management system (CMS) to automate configuration management. Of the following choices, what else can this provide? A. Change management B. Hardware asset management C. Media management D. Intangible inventory

Answer B is correct. Automated CMS connects to systems over the network and can assist with hardware asset management by verifying systems are in the network and operational. Many organizations use an automated CMS to help with hardware asset management. The primary purpose of CMS is configuration management, discussed later in this lesson. CMS needs to connect to hardware systems when checking configuration settings. While doing so, it verifies that the system is still in the network and turned on. Answer A is incorrect. CMS can verify changes are implemented, but it doesn't include the entire change management process. Answer C is incorrect. CMS cannot access all media, such as removable drives, so it isn't effective for media management. Answer D is incorrect. CMS connects to tangible hardware inventory, but it does not track intangibles.

Which access control includes authentication methods such as usernames, passwords, smart cards, and biometrics? A. Administrative B. Logical C. Physical D. Preventive

Answer B is correct. Logical access controls (also known as technical access controls) are the hardware or software mechanisms used to manage access and provide protection for resources and systems. The logical or technical access controls include authentication methods (such as usernames, passwords, smart cards, and biometrics), encryption, constrained interfaces, access control lists, protocols, firewalls, routers, intrusion detection systems, and clipping levels. Answer A is incorrect. Administrative access controls are the policies and procedures defined by an organization's security policy and other regulations or requirements. Answer C is incorrect. Physical access controls include physical mechanisms used to prevent, monitor, or detect direct contact with systems or areas within a facility. Answer D is incorrect. Preventive access controls are deployed to thwart or stop unwanted or unauthorized activity from occurring.

Which of the following access controls includes the hardware or software mechanisms used to manage access and provide protection for resources and systems? A. Administrative B. Technical C. Physical D. Corrective

Answer B is correct. Technical access controls include the hardware or software mechanisms used to manage access and provide protection for resources and systems. It is also known as logical access controls. Examples of logical or technical access controls include authentication methods (such as usernames, passwords, smart cards, and biometrics), encryption, firewalls, routers, intrusion detection systems, and clipping levels. Answer A is incorrect because administrative access controls are the policies and procedures defined by an organization's security policy and other regulations or requirements. Answer C is incorrect because physical access controls include physical mechanisms deployed to prevent, monitor, or detect direct contact with systems or areas within a facility. Answer D is incorrect because corrective access controls modify the environment to return systems to normal after an unwanted or unauthorized activity has occurred.

Your network is using Kerberos. Which of the following best describes a ticket-granting ticket (TGT)? A. It verifies the existence of a user account. B. It is a message that proves a user can access an object. C. It allows authenticated users to request access to network services. D. It is an encrypted message with a timestamp used for accounting.

Answer C is correct. A TGT provides proof that a subject has authenticated with a key distribution center (KDC) and can request network service access. A TGT is encrypted and includes a symmetric key, an expiration time, and the user's IP address. Subjects present the TGT when requesting tickets to access objects. Answers A, B, and D are incorrect. The TGT does verify the existence of a user account, but it does much more. It proves the user has authenticated and can request a ticket. A ticket (not a ticket-granting ticket) is an encrypted message that proves a user can access an object. TGTs are not used for accounting.

A cloud application has been deployed and shared among several organizations with similar concerns. What type of cloud-based deployment model does this describe? A. Public B. Private C. Community D. Hybrid

Answer C is correct. A community cloud deployment model provides cloud-based assets to two or more organizations. A community cloud deployment model provides cloud-based assets to two or more organizations that have a shared concern, such as a similar mission, security requirements, policy, or compliance considerations. Assets can be owned and managed by one or more organizations. Maintenance responsibilities are shared based on who is hosting the assets and the service models. Answer A is incorrect. A public cloud model includes assets available for any consumers to rent or lease. Answer B is incorrect. A private cloud deployment model includes cloud-based assets that are exclusive to a single organization. Answer C is incorrect. A hybrid model includes a combination of two or more deployment models. It doesn't matter if it is a Software as a Service (SaaS) model or any other service model.

Security administrators suspect that many users have excessive privileges due to creeping privileges. What can be used to verify this? A. Account provisioning B. Disabling an account C. Account review D. Account revocation

Answer C is correct. Account reviews can detect instances of creeping privileges or excessive privileges. Administrators periodically review accounts to ensure they don't have excessive privileges. Account reviews also check to ensure accounts comply with security policies. This includes user accounts, system accounts, and service accounts. Answer A is incorrect. Account provisioning grants privileges. Answers B and D are incorrect. Disabling an account ensures it isn't used, and account revocation deletes the account.

What application security testing technique uses scripts containing routine activity with known results and then compares the actual results of executing the script with expected outcomes? A. Fuzzing B. Static testing C. Synthetic transactions D. Mutation testing

Answer C is correct. Synthetic transactions are scripted transactions with known expected results. Dynamic testing may include the use of synthetic transactions to verify system performance. These are scripted transactions with known expected results. The testers run the synthetic transactions against the tested code and then compare the output of the transactions to the expected state. Any deviations between the actual and expected results represent possible flaws in the code and must be further investigated. Answers A, B, and D are incorrect. The synthetic transaction is a type of dynamic, not static, application security testing. Mutation testing and other fuzzing techniques are also dynamic testing options, but they do not use predefined scripts of known transactions.

At which of the following layers of the OSI model do the Internet Control Message Protocol and the Internet Group Management Protocol work? A. Data-Link layer B. Physical layer C. Network layer D. Presentation layer

Answer C is correct. The Internet Control Message Protocol (ICMP) and the Internet Group Management Protocol (IGMP) work at the Network Layer of the Open System Interconnection (OSI) model.

Developers of an application want to ensure that users are logged off automatically after 20 minutes of inactivity. Which of the following choices indicates the easiest way to do this? A. Python B. JavaScript C. Web development framework D. Transport layer security

Answer C is correct. The easiest way (and the best way) to implement session management is with a web development framework, such as one recommended by the Open Web Application Security Project (OWASP). Web development frameworks are used worldwide and are regularly updated. The framework creates a session identifier or token at the beginning of the session. This identifier is included in every HTTP request throughout the session. It's possible to force the use of Transport Layer Security (TLS) to ensure the entire session (including the identifier) is encrypted. Answers A and B are incorrect. Writing the code from scratch in Python or JavaScript would not be the easiest way and may introduce vulnerabilities, whereas established frameworks are reliable and well tested. Answer D is incorrect. TLS should be used in session management, but Transport Layer Security (TLS) doesn't close sessions.

A small business is planning to outsource payroll. This requires the business to pass some data to the payroll company to handle payroll functions. In this scenario, which of the following roles best describes the payroll company? A. Data controller B. Data subject C. Data processor D. Data custodian

Answer C is correct. The payroll company is fulfilling the role of a data processor by processing the payroll data. A company that collects personal information on employees for payroll is a data controller. If they pass this information to a third-party company to process payroll, the payroll company is the data processor. The payroll company (the data processor) must not use the data for anything other than processing payroll at the direction of the data controller. Answer A is incorrect. The data controller identifies what data to pass to the data processor and how that data should be processed. Answer B is incorrect. A data subject is like a data user and simply accesses data. Answer D is incorrect. A data custodian is responsible for the day-to-day maintenance of data.

To gain more insights into the processes of a company, the company changes the positions of employees. Which of the following is an example of this practice? A. Separation of duties B. Auditing C. Job rotation D. Eavesdropping

Answer C is correct. This practice is an example of job rotation. Job rotation is practiced to allow qualified employees to gain more insights into the processes of a company, and to reduce boredom and increase job satisfaction through job variation. It is an approach to management development where an individual is moved through a schedule of assignments designed to give him or her the breadth of exposure to the entire operation. Answer A is incorrect. Separation of duties is the concept and a part of an organization's policy of having more than one person required to complete a task. Answer B is incorrect. Auditing is used to track user accounts for file and object access, logon attempts, system shutdown, etc. It is an important technical control that can be used to track the activities of systems, networks, or users. Answer D is incorrect. Eavesdropping is the intentional interception of data (such as e-mail, username, password, credit card, or calling card number) as it passes from a user's computer to a server, or vice versa.

You suspect a program that contains malwares on a cloud server. You want to test the program by safely executing it in an isolated environment. Which of the following techniques will you use? A. Multitenancy B. Content filtering C. Sandboxing D. Vulnerability scanning

Answer C is correct. You should use sandboxing as it provides you a stand-alone environment that allows you to safely view or execute the program while keeping it contained. It is frequently used to test untrusted programs that may contain a virus, malwares or other malignant code, without allowing the software to harm the host device. Answer A is incorrect because multitenancy refers to workloads from multiple clients, virtual machines, or services being shared by a hosting server and separated only by logical access policies. Answer B is incorrect because content filtering allows companies to outsource the content filtering service so that the cloud-based provider can manage and monitor all outbound and inbound traffic. Answer D is incorrect because vulnerability scanning is performed by outsourcing the service from a third-party provider and using tools such as Nessus, SAINT, and so on.

Which type of security plan is designed to be a forward-looking document pointing out goals to achieve in a five-year time frame? A. Operational B. Tactical C. Strategic

Answer C is correct. A strategic plan focuses on five-year goals, missions, and objectives. It is a fairly stable, long-term plan that defines an organization's security purpose. Answer A is incorrect. An operational plan is a highly-detailed, short-term plan based on the strategic and tactical plans. It is updated monthly or quarterly to retain compliance with tactical plans. Answer B is incorrect. The tactical plan is a midterm plan that provides details on accomplishing the goals defined in the strategic plan. It is useful for about a year.

Your organization recently suffered a data breach. You are reviewing your organization's data policy to see if it addresses protections that could have thwarted this attack. Which of the following actions will provide the best protection for data at rest? A. Tokenization B. Marking C. Encryption D. Destruction

Answer C is correct. Encryption protects data at rest (and data in transit). Data at rest (sometimes called data on storage) is any data stored on media such as system hard drives, solid-state drives (SSDs), external USB drives, storage area networks (SANs), and backup tapes. Strong symmetric encryption protects data at rest. Answer A is incorrect. Tokenization replaces some data with tokens or artificial identifiers, but it's not used with all data, so it won't protect data at rest. Answer B is incorrect. Marking data and assets makes them easier to identify, but marking doesn't protect data at rest. Answer D is incorrect. The destruction of the data will eliminate data at the end of its lifecycle, but data should be used when it is still needed.

An organization is implementing security controls to protect sensitive data. Which of the following choices identifies data that they would protect with additional security controls? A. Name of the CEO B. Public data C. Personally identifiable information D. Data posted on a public website

Answer C is correct. Personally identifiable information (PII) is an example of sensitive data that should be protected. Active prevention of unauthorized access to information that is personally identifiable (that is, data points that can be linked directly to a person or organization), known as personally identifiable information. Answers A, B, and D are incorrect because these are examples of data that is accessible to the public.

Which of the following are the cost functions that are related to quantitative risk analysis? Each correct answer represents a complete solution. Choose all that apply. A. Single loss expect B. Double profit gain C. Annualized rate of occurrence D. Annualized loss expectancy

Answers A, C, and D are correct. The following cost functions are related to quantitative risk analysis: Exposure factor (EF): It is defined as the percentage of loss experienced by an organization when a particular asset is violated by a realized risk. Single loss expectancy (SLE): It is defined as the cost related to a single realized risk against a particular asset. The following formula is used to calculate the SLE: SLE = asset value (AV) * exposure factor (EF) Annualized rate of occurrence (ARO): It is defined as the expected frequency of occurrence of a particular threat or risk in a single year. Annualized loss expectancy (ALE): It is defined as the yearly cost of all instances of a particular threat against a particular asset. The following formula is used to calculate the ALE: ALE = single loss expectancy (SLE) * annualized rate of occurrence (ARO) Answer B is incorrect. This is an invalid answer.

There's an almost infinite possibility of threats, so it's important to use a structured approach to accurately identify relevant threats. What are the common examples of threat modeling approaches? Each correct answer represents a complete solution. Choose all that apply. A. Focus on attackers B. Focus on insiders C. Focus on assets D. Focus on stakeholders E. Focus on software

Answers A, C, and E are correct. There's an almost infinite possibility of threats, so it's important to use a structured approach to accurately identify relevant threats. For example, some organizations use one or more of the following three approaches: Focused on Assets: This method uses asset valuation results and attempts to identify threats to valuable assets. Focused on Attackers: Some organizations are able to identify potential attackers and can identify the threats they represent based on the attacker's motivations, goals, or tactics, techniques, and procedures (TTPs). Focused on Software: If an organization develops software, it can consider potential threats against the software.

Which of the following is provided by an Authentication Header? Each correct answer represents a complete solution. Choose all that apply. A. Data encryption B. Integrity C. Authentication D. Non-repudiation

Answers B, C, and D are correct. Authentication Header (AH) is an IPSec protocol that provides integrity, authentication, and non-repudiation. Answer A is incorrect. Encapsulating Security Payload (ESP) provides data encryption.

Which of the following protocols work at the Application layer of an OSI model? Each correct answer represents a complete solution. Choose all that apply. A. Address Resolution Protocol (ARP) B. Secure Hypertext Transfer Protocol (S-HTTP) C. Trivial File Transfer Protocol (TFTP) D. Post Office Protocol version 3 (POP3)

Answers B, C, and D are correct. The following protocols work at the Application layer of an OSI model: Secure Hypertext Transfer Protocol (S-HTTP) Trivial File Transfer Protocol (TFTP) Post Office Protocol version 3 (POP3) Answer A is incorrect. The Address Resolution Protocol (ARP) works at the Data-Link layer of an OSI model.

Which one of the following is not a core principle of the Agile Manifesto? A. Simplicity is essential. B. Build projects around all team members equally C. Working software is the primary measure of progress. D. The best designs emerge from self-organizing teams.

Answer B is correct. The Agile Manifesto says that you should build projects around motivated individuals and give them the support they need.

You need to identify a method to embed unobtrusive labels in digital data. After they are embedded, other methods should be able to detect these labels. Which of the following is the best choice to meet these requirements? A. Watermarking B. Remanence C. Signature D. Encryption

Answer A is correct. Digital watermarking places labels or marking in files (digital data). Other methods, such as data loss prevention (DLP) and digital rights management (DRM), can detect the labels. Marking also includes using digital marks or labels. A simple method is to include the classification as a header or footer in a document or embed it as a watermark. A benefit of these methods is that they also appear on printouts. Even when users include headers and footers on printouts, most organizations require users to place printed sensitive documents within a folder that includes a label or cover page clearly indicating the classification. Headers aren't limited to files. Backup tapes often include header information, and the classification can be included in this header. Answer B is incorrect. Remanence refers to data left on media after it should have been removed. Answer C is incorrect. A digital signature is used in emails to validate the sender's identity. Answer D is incorrect. Encryption scrambles data so that it is unreadable, but it doesn't add labels.

Which of the following can uncover fraud and ensure that more than one person knows the tasks of a position? A. Job rotation B. Separation of duties C. Auditing D. Eavesdropping

Answer A is correct. Job rotation can uncover fraud and ensure that more than one person knows the tasks of a position. Job rotation is a means to distribute knowledge and competence among a given set of employees. Job rotation ensures that security tasks can be performed by more than one person in the organization. This ensures backup of a person in case he/she is unavailable in critical situation. Some companies require employees in critical positions to rotate assignments every couple of years. Answer B is incorrect. Separation of duties (SoD) is the concept of having more than one person required to complete a task. It is alternatively called segregation of duties or, in the political realm, separation of powers. Segregation of duties helps reduce the potential damage from the actions of one person. IS or end-user department should be organized in a way to achieve adequate separation of duties. Answer C is incorrect. Auditing is used to track user accounts for file and object access, logon attempts, system shutdown, etc. This enhances the security of the network. Before enabling auditing, the type of event to be audited should be specified in the Audit Policy in User Manager for Domains. Answer D is incorrect. Eavesdropping is the intentional interception of data (such as e-mail, username, password, credit card, or calling card number) as it passes from a user's computer to a server, or vice versa. There are high-tech methods of eavesdropping. It has been demonstrated that a laser can be bounced off a window and vibrations caused by the sounds inside the building can be collected and turned back into those sounds.

Which technology directs data from one network node to the next based on short path labels rather than long network addresses? A. MPLS B. SLIP C. SMDS D. FDDI

Answer A is correct. MPLS (Multiprotocol Label Switching) is a networking technology that directs data from one network node to the next based on short path labels rather than long network addresses, avoiding complex lookups in a routing table. It provides a connection-oriented network to transport data over the network. Answer B is incorrect because SLIP (Serial Line Internet Protocol) is a technology developed to support TCP/IP communications over asynchronous serial connections, such as serial cables or modem dial-up. Answer C is incorrect because SMDS (Switched Multimegabit Data Service) is a connectionless packet-switching technology. It is used to connect multiple LANs to form a MAN or a WAN. Answer D is incorrect because FDDI (Fiber Distributed Data Interface) is a high-speed token-passing technology that employs two rings with traffic flowing in opposite directions. It is used as a backbone for large enterprise networks.

Which technique is used to restrict ports that are connected to the same VLAN? A. Port isolation B. IP probe C. Port mirroring D. Port scanning

Answer A is correct. Port isolation is a technique used to restrict ports that are connected to the same VLAN. The restricted ports are called private ports. Port isolation is also known as PVLAN (Private VLAN) that offers Layer 2 isolation between ports. Port isolation helps improve network security, provides a flexible networking scheme, and conserves VLAN resources. Answer B is incorrect because IP probes are the type of network reconnaissance carried out against a targeted network. With this technique, automated tools simply attempt to ping each address in a range. Answer C is incorrect because port mirroring is used on a network switch to send a copy of network packets seen on one switch port (or an entire VLAN) to a network monitoring connection on another switch port. Answer D is incorrect because port scanning is a process by which an attacker connects to TCP and UDP ports to find the services and applications running on the target system.

Your organization has a database of customer data. To comply with the EU GDPR, administrators plan to use pseudonymization. Which of the following best describes pseudonymization? A. The process of replacing some data with another identifier B. The process of removing all personal data C. The process of encrypting data D. The process of storing data

Answer A is correct. Pseudonymization is the process of replacing some data with an identifier, such as a pseudonym. This makes it challenging to identify an individual from the data. A pseudonym is an alias. The GDPR refers to pseudonymization as replacing data with artificial identifiers. These artificial identifiers are pseudonyms. Answer B is incorrect. Removing personal data without using an identifier is closer to anonymization. Answer C is incorrect. Encrypting data is a logical alternative to pseudonymization because it makes it difficult to view the data. Answer D is incorrect. Data should be stored in such a way that it is protected against any type of loss, but this is unrelated to pseudonymization

Which of the following is a security method, mechanism, or model that reveals a capabilities list of a subject across multiple objects? A. Separation of duties B. Access control matrix C. Biba D. Clark-Wilson

Answer B is correct. An access control matrix assembles ACLs from multiple objects into a single table. The rows of that table are the ACEs of a subject across those objects, thus a capabilities list. Answer A is incorrect. The separation of duties mechanism ensures that sensitive functions are split into tasks performed by two or more employees. It helps to prevent fraud and errors by creating a system of checks and balances. Answer C is incorrect. The Biba Model describes a set of access control rules designed to ensure data integrity. Data and subjects are grouped into ordered levels of integrity. Answer D is incorrect. The Clark-Wilson model uses a multifaceted approach to enforcing data integrity. Instead of defining a formal state machine, the Clark-Wilson model defines each data item and allows modifications through only a small set of programs.

You want to ensure continuous availability of data. Which of the following is known as the replication of logical disk volumes onto separate physical hard disks in real time? A. RAID 1 B. RAID 0 C. RAID 5 D. RAID 10

Answer A is correct. RAID 1 is known as the replication of logical disk volumes onto separate physical hard disks in real time. Both disks contain the same data, that is, one disk is a mirror image of the other. If one disk fails, the other disk takes over automatically. This RAID level also provides performance improvement in data reads because if one disk is busy, the data can be read from the other disk. Answer B is incorrect. RAID 0, also known as disk striping, is made up of a disk set in which data is divided into blocks and spread equally in each disk. It provides best performance because data read and data write operations are not limited to a single disk, but to a set of disks. It does not provide data redundancy. Data once lost cannot be recovered. Answer C is incorrect. RAID 5 supports striped-with-parity. It contains a minimum of three disks. In this disk system, data along with its parity bits is stored across multiple disks. When a file is written to a RAID 5 volume, the file splits to all the disks in the set excluding the final disk. The final disk contains the parity information. This parity information allows the disks in the array to keep functioning, in case a disk in the set fails. Due to data redundancy, RAID 5 provides fault tolerance. Answer D is incorrect. RAID 10 is a combination of RAID 1 and RAID 0. It is implemented at hardware level rather than on the operating system. It is used to connect mirrored disk pairs to form a RAID 0 array. Data is written on the striped set of disk array as in RAID 0 and then it is mirrored as in RAID 1. Although expensive, RAID 10 provides better fault tolerance as well as input/output performance. Since RAID 10 is expensive, it is not recommended.

Which of the following RAID levels is used to double the number of required hard drives? A. RAID 1 B. RAID 0 C. RAID 2 D. RAID 5

Answer A is correct. RAID 1 is used to double the number of required hard drives. This RAID level also provides performance improvement in data reads, because if one disk is busy, the data can be read from the other disk. Answer B is incorrect. RAID 0, also known as disk striping, is made up of a disk set in which data is divided into blocks and spread equally in each disk. It provides best performance because data read and data write operations are not limited to a single disk, but to a set of disks. It does not provide data redundancy. Data once lost cannot be recovered. Answer C is incorrect. RAID 2 implements striping with parity and therefore, needs at least three disks, as parity information is written on a disk other than the data disks. The striping is done at bit level, that is, bits are striped across multiple disks. If a data disk fails and the parity disk does not, the data on the failed disk can be reconstructed from the parity disk. Answer D is incorrect. RAID 5 supports striped-with-parity. It contains a minimum of three disks. In this disk system, data along with its parity bits is stored across multiple disks. When a file is written to a RAID 5 volume, the file splits to all the disks in the set excluding the final disk. The final disk contains the parity information. This parity information allows the disks in the array to keep functioning, in case a disk in the set fails. Due to data redundancy, RAID 5 provides fault tolerance.

Rena works as a security analyst for a company. She determines that an overseas branch office within the company has more technical and non-technical security incidents than other parts of the company. Which of the following management controls can she use to improve the security of the branch office? A. Continuous monitoring processes B. Initial baseline configuration snapshots C. Firewall, IPS, and network segmentation D. Event log analysis and incident response

Answer A is correct. Rena should perform continuous monitoring processes to improve the security of the branch office. Continuous monitoring involves regular measurements of network traffic levels, routine evaluations for regulatory compliance, and checks of network security device configurations. It defines exactly what events and environments should be monitored based on a prior risk analysis. It also points toward the never-ending review of what resources a user actually accesses, which is critical for preventing insider threats. Answer B is incorrect. An initial baseline configuration snapshot would allow for the standardized minimal level of security that all systems in an organization must comply with to be enforced. This will not cover the non-technical security incidents. Answer C is incorrect. Firewall, IPS, and network segmentation will offer technical protection, but not non-technical security protection. Answer D is incorrect. Event log analysis and incident response will not cover the non-technical security incidents.

In an Agile software development process, how often should business users be involved in development? A. Daily B. Weekly C. Monthly D. At each release

Answer A is correct. The Agile development process requires that business users interact with developers on a daily basis. Of these, the Scrum approach is the most popular. Scrum takes its name from the daily team meetings, called scrums, which are its hallmark. Each day the team gets together for a short meeting, where they discuss the contributions made by each team member, plan the next day's work, and work to clear any impediments to their progress. These meetings are led by the project's scrum master, an individual in a project management role who is responsible for helping the team move forward and meet their objectives.

Which of the following should maintain the appropriate temperature and humidity levels and provide closed-loop recirculating air-conditioning, positive pressurization, and ventilation? A. HVAC B. CPTED C. NDMP D. BIA

Answer A is correct. The HVAC system should maintain the appropriate temperature and humidity levels and provide closed-loop recirculating air-conditioning, positive pressurization, and ventilation. Answer B is incorrect. Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the crime can be reduced by the proper design of a physical environment with a direct effect on a human behavior. Through proper facility construction and environmental components and procedures, CPTED provides guidance in loss and crime prevention. Answer C is incorrect. Network Data Management Protocol (NDMP) is an open protocol used to control data backup and recovery communications between primary and secondary storage on an Ethernet based network. With NDMP, heterogeneous network file servers can communicate directly to a network-attached tape device for backup or recovery operations. Answer D is incorrect. A business impact analysis (BIA) is a crisis management and business impact analysis technique that identifies those threats that can impact the business continuity of operations.

An organization plans to donate several older computers to a local school. Chad will sanitize the hard drives in these computers. Which of the following methods is Chad most likely to use? A. Erasing B. Clearing C. Purging D. Overwriting

Answer C is correct. Purging media removes all data by writing over existing data multiple times to ensure that the data is not recoverable using any known methods. Purged media can then be reused in less secure environments. Answer A is incorrect. Erasing the media performs a delete, but the data remains and can easily be restored. Answers B and D are incorrect. Clearing, or overwriting, writes unclassified data over existing data, but some sophisticated forensics techniques may be able to recover the original data, so this method should not be used to reduce the classification of media.

As network administrator for an organization, you need to prevent unethical access to the organization's online library. For this, you need to apply a condition such that the employee name and the employee code should match to access the library. Which of the following access controls will you select to accomplish the task? A. Mandatory access control B. Discretionary access control C. Role-based access control D. Attribute-based access control

Answer A is correct. You should select MAC (mandatory access control) to accomplish this task. It prevents the unethical access for the organization's online library by applying the condition of matching the employee name and the employee code. It relies upon the use of classification labels. Each classification label represents a security domain, or a realm of security. A security domain is a collection of subjects and objects that share a common security policy. Answer B is incorrect. DAC (discretionary access control) allows the owner or creator of an object to control and define subject access to that object. Answer C is incorrect. In RBAC (role-based access control), a user can access resources according to his role in the organization. Answer D is incorrect. In ABAC (attribute-based access control), access is granted not based on the rights of the subject associated with a user after authentication, but based on the attributes of the user.

Third-party governance is the system of external entity oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements. Often third-party assessment is necessary to evaluate the security of a supply chain. Which of the following means of third-party assessment is used to interview personnel and observe their operating habits? A. On-site B. Document exchange and review C. Process/policy review D. Third-party audit

Answer A is correct. An on-site assessment is a third-party assessment tool where auditors visit the site of the organization to interview personnel and observe their operating habits. On-site assessments can provide firsthand exposure to the security mechanisms employed at a location. Those performing on-site assessment or audits need to follow auditing protocols (such as Control Objectives for Information and Related Technology [COBIT]) and have a specific checklist of requirements to investigate. Answer B is incorrect. Document exchange and review is a mechanism to investigate the means by which datasets and documentation are exchanged as well as the formal processes by which they perform assessments and reviews. Answer C is incorrect. Process/policy review is a mechanism that requests copies of their security policies, processes/procedures, and documentation of incidents and responses for review. Answer D is incorrect. A third-party audit is performed by a third party, such as defined by AICPA, to provide an unbiased review of an entity's security infrastructure.

Administrators regularly back up sensitive data on servers within a data center. Security controls restrict access to the data center, and all systems that process sensitive information are marked. After backing up data, they send an unmarked copy to an unstaffed company warehouse for long-term storage. Recently, someone posted some of this data on the internet. Investigators determined much of the backup media is no longer in the warehouse. Which of the following administrator actions would have the best chance of preventing this incident? A. Mark the tapes before sending them to the warehouse. B. Purge the tapes before backing up data to them. C. Degauss the tapes before backing up data to them. D. Add the tapes to an asset management database.

Answer A is correct. If the tapes were marked before they left the data center, employees would recognize their value, and it is more likely someone would challenge their storage in an unstaffed warehouse. If a backup tape holding sensitive data isn't marked, a user might assume it only holds unclassified data. However, if the organization marks unclassified data, too, unlabeled media would be easily noticeable, and the user would view an unmarked tape with suspicion. Answers B and C are incorrect. Purging or degaussing the tapes before using them will erase previously held data but won't help if sensitive information is backed up to the tapes after they are purged or degaussed. Answer D is incorrect. Adding the tapes to an asset management database will help track them but wouldn't prevent this incident.

Which of the following are tactical documents that specify steps or methods to accomplish the goals and overall direction defined by security policies? A. Standards B. Guidelines C. Procedures D. Baselines

Answer A is correct. Standards are tactical documents that specify steps or methods to accomplish the goals and overall direction defined by security policies. Answer B is incorrect. Guidelines serve as an operational guide for both security professionals and users and provide suggestions on how standards and baselines are implemented. Answer C is incorrect. Procedures are the final element of the formalized security policy structure. They are detailed, step-by-step how-to documents that specify the exact actions required to implement a specific security mechanism, control, or solution. Answer D is incorrect. Baselines define a minimum level of security that must be met by every system throughout an organization.

Joe's organization uses a rigorous code review process that includes six formal steps: planning, overview, preparation, inspection, rework, and follow-up. What term best describes this approach? A. Fagan inspection B. Agile software development C. Waterfall model D. Spiral model

Answer A is correct. The Fagan inspection model uses the six formal steps of planning, overview, preparation, inspection, rework, and follow-up to conduct a formal code review process. The Fagan inspection level of formality is normally found only in highly restrictive environments where code flaws may have a catastrophic impact. Answer B is incorrect. Agile software development refers to a group of software development methodologies based on iterative development, where requirements and solutions evolve through collaboration between self-organizing cross-functional teams. Answer C is incorrect. The waterfall model is also referred to as a linear-sequential life cycle model. Answer D is incorrect. The spiral model is one of the most important software development life cycle (SDLC) models, which provides support for risk handling.

Gavin is preparing the report from an audit engagement he conducted under SSAE 18. The report he is preparing covers security and privacy controls and is designed for public consumption. What kind of engagement did he conduct? A. SOC 1 B. SOC 2 C. SOC 3 D. SOC 4

Answer C is correct. SOC 3 engagements assess the organization's controls that affect the security and privacy of information stored in a system. The results of a SOC 3 audit are intended for public disclosure. Answer A is incorrect. SOC 1 engagements assess the organization's controls that might impact the accuracy of financial reporting. Answer B is incorrect. SOC 2 engagements assess the organization's controls that affect the security (confidentiality, integrity, and availability) and privacy of information stored in a system. SOC 2 audit results are confidential and are normally only shared outside the organization under an NDA. Answer D is incorrect. SOC 4 doesn't exist.

A company has been the victim of business email compromise. The primary manager in the accounting department paid a fraudulent invoice for $132,000. She did so based on the instructions sent to her in a message received from the CEO's email address. What social engineering principle was used in this situation? A. Tailgating B. Authority C. Scarcity D. Familiarity

Answer B is correct. Business email compromise (BEC) is often performed by taking advantage of the social engineering principle of authority. The false invoice that was apparently received from the CEO makes it seem as if it originated from a proper authority. Authority is an effective technique because most people are likely to respond to authority with obedience. The trick is to convince the target that the attacker is someone with valid internal or external authority. Some attackers claim their authority verbally, and others assume authority by wearing a costume or uniform. Answers A, C, and D are incorrect. Tailgating is the abuse of someone's access into a system or facility without their consent or knowledge in order for an unauthorized person to intrude. Tailgating is not a social engineering principle. Scarcity is the social engineering principle of limited opportunity, which was not used in this situation. Familiarity is the social engineering principle of establishing or perceiving similarity, which was not used in this situation.

Management is concerned that users may copy sensitive data onto USB devices. You're asked what technology will prevent this activity. Which of the following would be the most cost-effective to implement? A. CASB B. DLP C. SIEM D. IDS

Answer B is correct. Endpoint data loss prevention (DLP) systems can prevent the copying of any data to external devices such as Universal Serial Bus (USB) drives. DLP systems attempt to detect and block data exfiltration attempts. These systems have the capability of scanning unencrypted data looking for keywords and data patterns. Answer A is incorrect. A cloud access security broker (CASB) helps enforce security policies for cloud-based assets. Answer C is incorrect. Security information and event management (SIEM) systems provide real-time analysis of events occurring on systems throughout an organization but don't block activity on an endpoint device. Answer D is incorrect. Intrusion detection systems (IDSs) scan incoming traffic, but they don't block traffic leaving a user's computer.

You work as network administrator for an organization. The organization wants to ensure that the server room should be highly secured. To implement this, the organization wants that anyone who has right to authenticate himself should enter a password, which changes at every 60 seconds. Which of the following identification and authentication techniques will you select to accomplish the task? A. Smart card B. Token C. Digital certificate D. Fingerprint

Answer B is correct. For securing the server room, you will select a token device because it is a password-generating device that users can carry with them. It includes an LCD that displays a number used as a password and changes at a fixed time interval, such as every 60 seconds. Answer A is incorrect because a smart card is a credit-card-sized ID or badge and has an integrated circuit chip embedded in it. It contains information about the authorized bearer that can be used for identification and/or authentication purposes. Answer C is incorrect because digital certificates provide communicating parties with the assurance that the people they are communicating with truly are who they claim to be. Answer D is incorrect because fingerprints are used in the biometric system. These are the visible patterns on the fingers and thumbs of people that are unique to an individual.

In which of the following cryptographic attacking techniques does an attacker obtain encrypted messages that have been encrypted using the same encryption algorithm? A. Known plaintext attack B. Ciphertext only attack C. Chosen plaintext attack D. Chosen ciphertext attack

Answer B is correct. In a ciphertext only attack, the attacker obtains encrypted messages that have been encrypted using the same encryption algorithm. Answer A is incorrect because in a known plaintext attack, the attacker should have both the plaintext and ciphertext of one or more messages. Answer C is incorrect because in a chosen plaintext attack, the attacker somehow picks up the information to be encrypted and takes a copy of it with the encrypted data. Answer D is incorrect because in a chosen ciphertext attack, the attacker can choose the ciphertext to be decrypted and can then analyze the plaintext output of the event.

Employees regularly connect to a VPN server when working from home. You want to ensure that employees don't reveal their credentials to a rogue VPN server. Which of the following will meet this need? A. Multifactor authentication B. Mutual authentication C. Device authentication D. Service authentication

Answer B is correct. Mutual authentication ensures that a server provides authentication before the client provides authentication. This prevents employees from revealing their credentials to rogue servers. Mutual authentication methods commonly use digital certificates. Answer A is incorrect. Multifactor authentication uses more than one factor of authentication. Answer C is incorrect. Devices authenticate with a server in internal networks. Answer D is incorrect. Service accounts are used to run services or applications.

Administrators are required to keep logs for a minimum of five years on several servers. Which of the following is the most likely reason for this policy? A. Data remanence policies B. Record retention policies C. Data destruction processes D. Data collection procedures

Answer B is correct. Record retention policies define the amount of time to keep any data, including logs. Laws and regulations that apply to an organization often dictate how long to save data. Still, all organizations should keep data as long as they are required to do so. Record retention involves retaining and maintaining important information as long as it is needed and destroying it when it is no longer needed. An organization's security policy or data policy typically identifies retention time frames. Answers A and C are incorrect. Data remanence is data remnants on media, and proper data destruction processes ensure discarded media don't retain any data. Answer D is incorrect. Data collection procedures indicate that organizations should collect only the minimum amount of data they need.

Which of the following provides the strongest authentication? A. Requiring users to authenticate using biometrics B. Requiring users to authenticate with something they know and something they have C. Requiring users to authenticate with strong passwords and a personal identification number (PIN) D. Requiring users to authenticate with a hardware token

Answer B is correct. Requiring users to authenticate with something they know (such as a password) and something they have (such as a hardware token) provides two-factor authentication and is the strongest method of those listed. Answer C is incorrect. A password and PIN are both in the something you know factor of authentication, so they are only a single authentication factor. Answer D is incorrect. Using a hardware token (without a PIN or password) is only a single factor of authentication.

Which of the following is the method of hiding data within another media type such as graphic or document? A. Spoofing B. Steganography C. Cryptanalysis D. Packet sniffing

Answer B is correct. Steganography is the method of hiding data within another media type such as graphic or document. The advantage of steganography, over cryptography alone, is that messages do not attract attention to malicious users. Answer A is incorrect. Spoofing is a technique that makes a transmission appear to have come from an authentic source by forging the IP address, email address, caller ID, and so on. In IP spoofing, a hacker modifies packet headers by using someone else's IP address to hide his identity. However, spoofing cannot be used while surfing the Internet, chatting on-line, etc. because forging the source IP address causes the responses to be misdirected. Answer C is incorrect. Cryptanalysis is the process of analyzing cipher text and finding weaknesses in cryptographic algorithms. These weaknesses can be used to decipher the cipher text without knowing the secret key. Answer D is incorrect. Packet sniffing is a process of monitoring data packets that travel across a network. The software used for packet sniffing is known as sniffers. There are many packet-sniffing programs that are available on the Internet. Some of these are unauthorized, which can be harmful for a network's security.

Which of the following 'Code of Ethics Canons' of the '(ISC)2 Code of Ethics' states that you should act honorably, honestly, justly, responsibly and legally? A. First Code of Ethics Canons B. Second Code of Ethics Canons C. Third Code of Ethics Canons D. Fourth Code of Ethics Canons

Answer B is correct. The Code of Ethics includes the following canons: Protect society, the commonwealth, and the infrastructure Act honorably, honestly, justly, responsibly, and legally Provide diligent and competent service to principals Advance and protect the profession

Which US law makes it illegal to bypass electronic copy protection? A. PATRIOT B. DMCA C. Federal Sentencing Guidelines D. Economic Espionage Act

Answer B is correct. The Digital Millennium Copyright Act (DMCA) makes it illegal to bypass electronic copy protection. The first major provision of the DMCA is the prohibition of attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder. This clause was designed to protect copy-prevention mechanisms placed on digital media such as CDs and DVDs. Answer A is incorrect. The PATRIOT Act allows authorities to obtain a blanket authorization for a person and then monitor all communications to or from that person under the single warrant. Answer C is incorrect. The Federal Sentencing Guidelines provides penalty recommendations for breaking federal laws. Answer D is incorrect. The Economic Espionage Act provides penalties for individuals found guilty of the theft of trade secrets.

Your organization has several servers in use that they purchased from a hardware vendor. You just learned that the vendor announced that the end-of-life (EOL) date for these servers is in 60 days. What does this mean? A. The vendor will stop supporting the servers after the EOL date. B. The vendor will discontinue sales of the servers after the EOL date. C. The vendor will disable the servers after the EOL date. D. The lease of the servers will end after the EOL date.

Answer B is correct. The end-of-life (EOL) date is the date when the vendor will stop offering a product for sale. The end-of-support (EOS) date, not the end-of-life (EOL) date, is the date when the vendor will stop supporting a product. Vendors don't disable servers that they sold to customers. The scenario states that the organization purchased the servers, not that they leased them. End-of-life (EOL), end-of-support (EOS), and end-of-service-life (EOSL) can apply to either software or hardware. In the context of asset retention, they apply directly to hardware assets. Most vendors refer to EOL as the time when they stop offering a product for sale. However, they will still support the products they've sold, at least for a while. EOS refers to the time when this support ends. Most hardware is on a refresh cycle based on the EOL and EOS time frames. Organizations sometimes retain legacy hardware to access older data, such as data on tape drives.

Administrators routinely connect to servers in the data center from remote locations using their administrator accounts. Of the following, what should be a prime concern when doing so? A. Protecting data at rest B. Protecting data in transit C. Protecting data in use D. Preventing data remanence

Answer B is correct. They should take steps to protect data in transit by using encryption algorithms that encrypt data sent between their computers and the servers. Data in transit (sometimes called data in motion or being communicated) is any data transmitted over a network. This includes data transmitted over an internal network using wired or wireless methods and data transmitted over public networks such as the internet. A combination of symmetric and asymmetric encryption protects data in transit. Answers A, C, and D are incorrect. Data at rest is data stored on media, but data sent between two systems is data in transit. Data in use refers to data in memory and used by a program. Data remanence is data that persists beyond noninvasive means to delete it.

Mark is planning to conduct a penetration test against his organization's systems and is documenting the tactics he will use. Which one of the following would not be considered a penetration testing best practice? A. Mimicking attacks previously perpetrated against your system B. Performing the attacks without management's consent C. Using manual and automated attack tools D. Reconfiguring the system to resolve any discovered vulnerabilities

Answer B is correct. You should never conduct a formal or informal penetration test against any company without the advanced knowledge and express consent of management. Answers A, C, and D are incorrect. NIST defines the penetration testing process as consisting of the four phases: Planning includes agreement on the scope of the test and the rules of engagement. Information gathering and discovery use manual and automated tools to collect information about the target environment. Attack seeks to use manual and automated exploit tools to attempt to defeat system security. Reporting summarizes the results of the penetration testing and makes recommendations for improvements to system security.

In the case of a major business interruption, the security analysis team has documented the expected loss of earnings, potential fines, and potential consequence to customer service. Which of the following would include the most detail on these objectives? A. ISA B. SOA C. BIA D. SLA

Answer C is correct. BIA (business impact assessment) identifies present organizational risks and determines the impact to ongoing, business-critical operations and processes if such risks actually occur. BIAs contain vulnerability assessments and evaluations to determine risks and their impact on the customers. It includes all phases of the business to ensure a strong business continuation strategy. Answer A is incorrect. ISA (interconnection security agreement) is a type of agreement geared towards the information systems of partnered entities to ensure that the use of inter-organizational technology meets a certain security standard for CIA. Because they focus heavily on security, ISAs are often written to be legally binding. Answer B is incorrect. SOA (statement of applicability) is a document which identifies the controls in place in an organization and explains their purpose. It refers to the policies and procedures that will take advantage of the identified controls. It may be beneficial to not only explain why a certain control was included but to also explain why certain controls were excluded. Answer D is incorrect. SLA (service-level agreement) defines what services are to be provided to the client, and what support, if any, will be provided. It includes timeframes within which failures will be repaired or serviced; guarantees of uptime; or, in the case of a network provider, guarantees of data upload and download rates.

Thomas is preparing to conduct a dynamic software test and will not have access to any of the source code. What type of testing is he conducting? A. White-box B. Grey-box C. Black-box D. Blue-box

Answer C is correct. Black-box testing is conducted without any access to the source code. Black-box testing examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output. Black-box testers do not have access to the internal code. Final acceptance testing that occurs prior to system delivery is a common example of black-box testing. Answers A and B are incorrect. White-box and grey-box testing require source code access. Answer D is incorrect. Blue-box testing is not a software testing technique.

Which of the following types of fire extinguishers is needed for electrical fire? A. Class A B. Class B C. Class C D. Class D

Answer C is correct. Class C fire extinguishers are needed for electrical fire. Electrical fire involves electrical equipment, such as appliances, wiring, and circuit breakers. The Class C extinguishing agent is non-conductive. Water should not be used as an extinguisher for this type of fire. It might cause lethal electric shocks. Answer A is incorrect. Class A extinguishers are needed for ordinary flammable materials' fire such as paper, wood, cardboard, and most plastics. Answer B is incorrect. Class B extinguishers are needed for flammable or combustible liquids' fire such as gasoline, kerosene, grease, and oil. Answer D is incorrect. Class D extinguishers are needed for combustible metals' fire such as magnesium, titanium, potassium and sodium.

You work as a network technician for uCertify Inc. You have erased data saved in your laptop. You still have many device configuration files, passwords, and text strings on your laptop. What is this type of information called? A. Data mining B. Degaussed data C. Data remanence D. Sanitized data

Answer C is correct. Data remanence refers to the data that remains even after the efforts have been made for removing or erasing the data. This event occurs because of data being left intact by an insignificant file deletion operation, by storage media reformatting, or through physical properties of the storage medium. It can make unintentional disclosure of sensitive information possible. So, it is required that the storage media be released into an uncontrolled environment. Answer A is incorrect. Data mining is the process used to manipulate the data included in the data warehouse into more useful information. Data mining tools are used to determine an association and correlation between data for producing the metadata. Metadata can show previously unseen relationships between individual subsets of information. Answers B and D are incorrect. This type of information is not called degaussed data or sanitized data.

Which of the following heights of fence deters only casual trespassers? A. 6 to 7 feet B. 2 to 2.5 feet C. 3 to 4 feet D. 8 feet

Answer C is correct. Fences having a height of 3 to 4 feet can deter casual trespassers. Answer A is incorrect. Fences having a height of 6 to 7 feet are considered too difficult to climb. Answer B is incorrect. Fences having a height of 2 to 2.5 feet can be easily crossed. Hence, this will not act as a deterrent. Answer D is incorrect. Fences having a height of 8 feet should be used to prevent a determined intruder.

In which of the following access controls can a user access resources according to his role in the organization? A. DAC B. MAC C. RBAC D. ABAC

Answer C is correct. In RBAC (role-based access control), a user can access resources according to his role in the organization. RBAC uses roles, and these roles are granted appropriate privileges based on jobs or tasks. Subjects are placed into roles and they inherit privileges assigned to the roles. Answer A is incorrect. DAC (discretionary access control) allows the owner or creator of an object to control and define subject access to that object. Answer B is incorrect. MAC (mandatory access control) uses a predefined set of access privileges for an object of the system. Answer D is incorrect. In ABAC (attribute-based access control), access is granted not based on the rights of the subject associated with a user after authentication, but based on the attributes of the user.

A small business owner has created a network to support employees. When an employee creates a file, the employee is the owner and can assign access to the file. Which of the following access control models does this describe? A. Mandatory access control B. Rule-based access control C. Discretionary access control and this is correct answer D. Role-based access control

Answer C is correct. In a discretionary access control (DAC) model, every object has an owner, and the owner assigns access to the object. A system that employs discretionary access controls allows the owner, creator, or data custodian of an object to control and define access to that object. All objects have owners, and access control is based on the discretion or decision of the owner. Answer A is incorrect. The mandatory access control (MAC) model uses labels to assign access and is sometimes referred to as a lattice-based model. Answer B is incorrect. A rule-based access control model uses rules to grant access. Answer D is incorrect. Role-based access control (RBAC) models use groups or roles to assign access.

Your organization works with several third-party suppliers for a wide range of services, including accounting, payroll, benefits management, help desk, incident response, log analysis, and more. The CEO has recently complained that the organization is likely wasting money due to paying for the same services from multiple providers and not taking full advantage of the services from those providers, and still performing some of those tasks in-house. In order to gain a better understanding of the outsourced services as well as improve ordering convenience, manage related training, and consolidate billing, which of the following should be implemented? A. SIEM B. SLR C. VMS D. BPA

Answer C is correct. This scenario describes a situation that would benefit from a vendor management system (VMS). VMS is a software solution that assists with the management and procurement of staffing services, hardware, software, and other needed products and services. A VMS can offer to order convenience, order distribution, order training, consolidated billing, and more. In regard to security, a VMS can potentially keep communications and contracts confidential, require encrypted and authenticated transactions, and maintain a detailed activity log of events related to vendors and suppliers. Answers A, B, and D are incorrect because they do not apply to this scenario since they are not a means to view, manage, or optimize the relationship between an organization and third-party suppliers. Security information and event management (SIEM) can be used to aggregate data sources, such as log files, perform real-time network traffic capture, and perform data analytics to provide near-real-time alerts and reports on security issues and incidents. A service-level requirement (SLR) is a statement of the expectations of service and performance from the product or service of a vendor. This is the wrong tool in this scenario since existing vendor services need to be managed, and a new relationship with another vendor is not being established. A business partners agreement (BPA) is a contract between two entities dictating the terms of their business relationship. It clearly defines the expectations and obligations of each partner in the endeavor. A BPA is the closest but still an incorrect option since it focuses on the business partner relationship rather than that of a customer to a vendor.

Which of the following is performed when no real action takes place? A. Structured walk-through B. Code walk-through C. Checklist test D. Read-through

Answer D is correct. A read-through of a disaster recovery plan is performed when no real action takes place. It involves reading of the disaster recovery checklists and discussion of the actions. After selecting the appropriate strategies that work for an organization, a written plan should be developed. The written plan should define specifications and provide step-by-step up-to-date instructions to recover after a disaster. Answer A is incorrect because a structured walk-through test takes software testing one step further. In this type of testing, members of the disaster recovery team gather in a large conference room and role-play a disaster scenario. Answer B is incorrect because code review walk-through meetings should be performed at various milestones throughout the coding process. These technical meetings usually involve only development personnel who sit down with a copy of the code for a specific module and walk through it, looking for problems in logical flow or other design/security flaws. Answer C is incorrect because the checklist test should be performed by the organization. The manager of disaster recovery team should distribute copies of disaster recovery checklists to the members for review. The checklist test helps ensure that key personnel are aware of their responsibilities and have that knowledge refreshed periodically.

IT personnel are concerned that attackers may take over some Internet of Things (IoT) devices on the network's border. They want to ensure that any malicious traffic from these devices is blocked. Which of the following access control models has the best chance of blocking this traffic? A. Attribute-based access control B. Mandatory access control C. Role-based access control D. Risk-based access control

Answer D is correct. A risk-based access control model can be coded to block malicious traffic from infected IoT devices. It evaluates the environment and the situation and makes decisions to block traffic that is abnormal. Risk-based access control is relatively new, and the implementation can be quite complex. The model attempts to evaluate risk by considering several different elements, such as: The environment The situation Security policies Answer A is incorrect. An attribute-based access control (ABAC) model uses attributes to grant access and is often used in software-defined networks (SDNs). Answer B is incorrect. A mandatory access control (MAC) model grants access with the use of labels. Answer C is incorrect. The role-based access control (RBAC) uses a well-defined collection of named job roles for access control. Administrators grant each job role with the privileges they need to perform their jobs.

Which of the following is in the something you have factor of authentication and doesn't generate a password? A. Synchronous dynamic token B. Asynchronous dynamic token C. Authenticator app D. Smartcard

Answer D is correct. A smartcard is in the something you have factor of authentication, but it doesn't generate a password. A smartcard is a credit card-sized ID or badge and has an integrated circuit chip embedded in it. Smartcards contain information about the authorized user that is used for identification and/or authentication purposes. Most current smartcards include a microprocessor and one or more certificates. Answer A is incorrect. A synchronous dynamic token is synchronized with an authentication server and generates synchronous one-time passwords. Answer B is incorrect. An asynchronous dynamic token generates and displays one-time passwords using a challenge-response process to generate the password. Answer C is incorrect. An authenticator app creates personal identification numbers (PINs) used as passwords.

A user logs in with a login ID and a password. What is the purpose of the login ID? A. Authentication B. Authorization C. Accountability D. Identification

Answer D is correct. A user professes an identity with a login ID. Identification is the process of a subject claiming or professing an identity. A subject must provide an identity to a system to start the authentication, authorization, and accountability processes. Answer A is incorrect. The combination of the login ID and the password provides authentication. Answer B is incorrect. Subjects are authorized access to objects after authentication. Answer C is incorrect. Logging and auditing provide accountability.

Which of the following would be completed during the remediation and review stage of an incident response? A. Contain the incident B. Collect evidence C. Rebuild system D. Root cause analysis

Answer D is correct. An incident is examined during the remediation and review stage. A root cause analysis is generated in an attempt to discover the source of the problem. After the cause is discovered, the review will often identify a solution to help prevent a similar occurrence in the future. Containing the incident and collecting evidence is done early in the incident response process. Rebuilding a system may be needed during the recovery stage.

A network technician reports to a compromised workstation. The technician secures the area, documents the scene, checks the compromised machines by taking them offline and then leaves them there without making any record. Which of the following steps in the incident handling has not been performed correctly by the network technician? A. Documentation of the scene B. Area security C. Forensic report D. Chain of custody

Answer D is correct. As the network technician checks the compromised machines but leaves them without making any record, chain of custody is the step that has not been performed correctly. A chain of custody document records about the people obtaining, controlling, and securing the evidence and contains the basic information about the organization, the affected clients, as well as other information. Since the network technician has not only forgot to collect the evidence by taking the machines, he has also skipped making a record of them. Answers A and B are incorrect because these steps are performed successfully and correctly by the network technician. Answer C is incorrect because a forensic report summarizes the substantive evidences in a simple and concise way. It follows chain of custody and data transport in the incident handling. Since chain of custody has not been performed correctly, a forensic report is bound to have issues.

On which of the following principles does the Trusted Computer Security Evaluation Criteria (TCSEC) depend? A. Auditing, activating, and effectiveness B. Assurance, provisioning, and functionality C. Assurance, auditing, and availability D. Functionality, effectiveness, and assurance

Answer D is correct. Depending upon the functionality, effectiveness, and assurance security principles, TCSEC determines if a product meets security goals. Answers A, B, and C are incorrect. These are invalid answers.

Which of the following describes the statement given below?"It contains specific identifying information, and their construction is governed by X.509." A. Block cipher B. El Gamal C. Hash function D. Digital certificate

Answer D is correct. Digital certificates contain specific identifying information, and their construction is governed by an international standard—X.509. Digital certificates provide communicating parties with the assurance that the people they are communicating with truly are who they claim to be. Digital certificates are essentially endorsed copies of an individual's public key. When users verify that a certificate was signed by a trusted CA (certificate authority), they know that the public key is legitimate. Answer A is incorrect because block ciphers operate on chunks or blocks of a message and apply the encryption algorithm to an entire message block at the same time. Answer B is incorrect because El Gamal is an asymmetric key encryption algorithm that is based on the Diffie-Hellman key exchange. It serves as an alternative to the RSA for public key encryption. Its advantage is that a different ciphertext is produced by the same plaintext each time an encryption takes place. Answer C is incorrect because hash functions take a potentially long message and generate a unique output value derived from the content of the message. This value is commonly referred to as the message digest.

Which of the following security assessment and testing program components may be performed by security professionals in the IT organization? A. None of these B. CVE C. Criminal investigation D. Security test

Answer D is correct. IT staff may perform security tests to evaluate the security of their systems and applications. The three major components of a security assessment program: Security tests Security assessments Security audits Answer B is incorrect. Common Vulnerabilities and Exposures (CVE) provides a naming system for describing security vulnerabilities. Answer C is incorrect. Criminal investigations must be performed by certified law enforcement personnel.

Which of the following best describes the statement below?"Usernames and passwords are stored in one location and used to access websites and other computers." A. Patch management B. Vulnerability management C. Configuration management D. Credential management

Answer D is correct. In credential management, usernames and passwords are stored in one location and used to access websites and other computers. There are many security standards and data protection laws that have requirements for credential management, particularly user accounts and passwords. In credential management, an organization should ensure its compliance needs to fulfill requirements such as secure transmission of passwords, strong password policies, password storage, and self-service password reset. Answer A is incorrect. Patch management ensures that systems are kept up-to-date with current patches. Answer B is incorrect. Vulnerability management helps verify that systems are not vulnerable to known threats. Answer C is incorrect. Configuration management is the process of ensuring that systems are configured properly throughout their lifetime.

Tom is preparing to conduct a penetration test and would like to use a tool that allows him to easily deploy exploits. Which one of the following tools would best meet his needs? A. OpenVAS B. Nmap C. Sqlmap D. Metasploit Framework

Answer D is correct. Metasploit Framework is a penetration testing framework that allows the easy deployment of exploits against target systems. It would be the best tool for Tom to use during his penetration test. Penetration testers commonly use a tool called Metasploit Framework to automatically execute exploits against targeted systems. Metasploit Framework uses a scripting language to allow the automatic execution of common attacks, saving testers (and hackers!) quite a bit of time by eliminating many of the tedious, routine steps involved in executing an attack. Answers A, B, and C are incorrect. OpenVAS is an open-source scanner, Nmap is the most common open-source tool that is used for network discovery scanning, and Sqlmap is a commonly used open-source database vulnerability scanner that allows security administrators to probe web applications for database vulnerabilities.

You work as network administrator for an organization that has a Windows-based network. You want to use multiple security countermeasures to protect the organization's information assets integrity. To accomplish the task, you need to implement multiple-layered security using the defense in depth strategy. Which three components does this strategy use? Each correct answer represents a complete solution. Choose all that apply. A. Antivirus software B. Firewall C. Backdoor D. Intrusion detection

Answers A, B, and D are correct. The defense in depth strategy provides multiple-layered security to protect the organization's information assets integrity. The components of defense in depth include antivirus software, firewalls, anti-spyware programs, hierarchical passwords, intrusion detection, and biometric verification. Answer C is incorrect because a backdoor allows a hacker to connect to a computer without going through the normal authentication process.

An organization has a high-value data center in the center of a building. Management wants to upgrade the security allowing employees to raise a silent duress alarm as they enter. Which of the following would support this goal? A. Motion detection B. Face recognition door lock C. Proximity card lock D. Cipher door lock

Answer D is correct. Some cipher locks can be programmed with more than one code. One code can open the door, and another code can open the door and also raise a silent alarm. Some electronic cipher locks support two or more codes, such as one for regular use and one to raise the alarm. Normally, employees would enter a code (such as 1 2 3 4) to open the door to a secure area. In a duress situation, they could enter a different code (such as 5 6 7 8) that would open the door and set off a silent alarm. Answers A, B, and C are incorrect because they don't support dual use of the same physical security control. Motion detection would detect all motion and can't differentiate between normal activity and a duress situation. A proximity card lock opens a door when an employee places a proximity card close to a proximity card reader. A face recognition door lock will open the door if the employee's face is recognized, or it won't open the door if the employee's face is not recognized. The face recognition system doesn't have a third option to open the door and raise a silent alarm.

What contractual obligation requires credit card merchants to report the potential compromise of credit card data? A. GLBA B. Sarbanes-Oxley C. FERPA D. PCI DSS

Answer D is correct. The Payment Card Industry Data Security Standard (PCI DSS) requires that credit card merchants immediately report any known or suspected compromise of cardholder data. PCI DSS is an excellent example of a compliance requirement that is not dictated by law but by contractual obligation. PCI DSS governs the security of credit card information and is enforced through the terms of a merchant agreement between a business that accepts credit cards and the bank that processes the business's transactions. Answer A is incorrect. Until the Gramm-Leach-Bliley Act (GLBA) became law in 1999, there were strict governmental barriers between financial institutions. Banks, insurance companies, and credit providers were severely limited in the services they could provide and the information they could share with each other. GLBA somewhat relaxed the regulations concerning the services each organization could provide. Answer B is incorrect. The Sarbanes-Oxley Act of 2002 is a law the U.S. Congress passed on July 30 of that year to help protect investors from fraudulent financial reporting by corporations. Answer C is incorrect. The Family Educational Rights and Privacy Act (FERPA) is another specialized privacy bill that affects any educational institution that accepts any form of funding from the federal government (the vast majority of schools).

A company is installing several Linux servers in the server room. These are the first Linux servers for the company, so they hired an administrator with Linux experience to manage them and train other administrators on Linux. How should the company assign privileges for the new administrator? A. Add the administrator to the Administrators group. B. Add the administrator to the sudo group. C. Give the administrator the sudo password. D. Define a new role for Linux administrators.

Answer D is correct. The best choice is to define a new role for Linux administrators and assign privileges based on the role definition. During the lifetime of any organization, employee responsibilities will change. Many times, this is just a simple transfer to a different position. Other times an organization may create a completely different job role. When they do so, it's important to define the new role and the privileges needed by employees in the role. Answer A is incorrect. Linux systems do not have an Administrators group or a sudo group. However, you can grant root account access to users by adding them to the sudoers file. Answers B and C are incorrect. There isn't a sudo password. Instead, users execute root-level commands in the context of their own account and their own password.

Which of the following security factors does not come under CIA triad? A. Integrity B. Availability C. Confidentiality D. Authentication

Answer D is correct. Authentication does not come under CIA triad. CIA triad is the process defined by the CIA to confirm whether the security is properly implemented. Authentication is a process of verifying the identity of a person, network host, or system process. The authentication process compares the provided credentials with the credentials stored in the database of an authentication server. Answers A, B, and C are incorrect. Confidentiality, integrity, and availability are the security factors that come under CIA triad.

Once a system is compromised, _______________ access control is deployed to restore it to its previous known-good state. A. compensation B. recovery C. directive D. corrective

Answer D is correct. Corrective access control is deployed to restore systems to normal after an unwanted or unauthorized activity has occurred. It attempts to correct any problems resulting from a security incident. Corrective controls can be simple, such as terminating malicious activity or rebooting a system. Answer A is incorrect. A compensation control is deployed to provide various options to other existing controls to aid in enforcement and support of security policies. Answer B is incorrect. Recovery controls are an extension of corrective controls but have more advanced or complex abilities. Answer C is incorrect. A directive control is deployed to direct, confine, or control the actions of subjects to force or encourage compliance with security policies.

The Roscommon Rangers baseball team is concerned about the risk that a storm might result in the cancellation of a baseball game. There is a 30 percent chance that the storm will occur, and if it does, the team must refund all single-game tickets because the game cannot be rescheduled. Season ticket holders will not receive a refund and account for 20 percent of ticket sales. The ticket sales for the game are $1.5 million. What is the exposure factor in this scenario? A. 20 percent B. 30 percent C. 70 percent D. 80 percent

Answer D is correct. The exposure factor is the amount of the asset that is at risk. In this case, 80 percent of the tickets that are single-game sales must be refunded, so the exposure factor is 80 percent of the game's revenue. Exposure is being susceptible to asset loss because of a threat; there is the possibility that a vulnerability can or will be exploited by a threat agent or event. Exposure doesn't mean that a realized threat (an event that results in loss) is actually occurring, just that there is the potential for harm to occur.

The internal development team has performed an assessment of the reliability, stability, resilience, and security of their newly developed business application. The code personnel who wrote the code were in the team that performed the live security assessment. What type of evaluation method was used? A. Lateral movement B. Passive reconnaissance C. Integration testing D. White box

Answer D is correct.. This scenario describes a white box test since those performing the testing are fully knowledgeable about the software code and its operations and functions. White box testing examines the internal logical structures of a program and steps through the code line by line, analyzing the program for potential errors. The key attribute of a white-box test is that the testers have access to the source code. Answer A is incorrect. This is not a lateral movement, which is when an intruder is able to gain remote control over another internal system after pivoting from the initial system they compromised. Answer B is incorrect. This is not passive reconnaissance which is gathering information about a target in such a way as to not to be noticed by the said target. Answer C is incorrect. This is not integration testing as it seems to have taken place in the development environment, as there was no mention of the new application already being placed into production. Integration testing is performed when a new product is deployed or integrated into a real or simulated production environment to ensure that all previously function work tasks still work and all newly added or expected work tasks work as well.

Symmetric key algorithms depend on the shared secret encryption key. Which of the following are symmetric key algorithms?Each correct answer represents a complete solution. Choose all that apply. A. ADES B. AES C. Diffie-Hellman D. El Gamal

Answers A and B are correct. AES and DES are symmetric key algorithms. With such algorithms a single secret key is needed to both encrypt and decrypt a message. Answers C and D are incorrect. Diffie-Hellman and El Gamal are asymmetric algorithms. With such algorithms a pair of linked keys is used and consists of a public key, used to encrypt data and a private key used to decrypt data.

John has been tasked by the CISO to help establish a new asset protection plan. Recent audits reveal that compromises have occurred due to a lack of adequate protection for sensitive and critical assets. Which of the following would be an asset that an organization would want to protect with access controls? Each correct answer represents a part of the solution. Choose three. A. Information B. Systems C. Devices D. Sessions

Answers A, B, and C are correct.

Which of the following are the guidelines that prevent an organization from malware?Each correct answer represents a complete solution. Choose all that apply. A. The updated antivirus signatures should be deployed on each device. B. The organization should not give permission to a user to disable antivirus software. C. Backup files and all external disks should be scanned D. Wireshark should be installed on a server.

Answers A, B, and C are correct. Here are the guidelines that prevent an organization from malware: Anti-malware software should be installed on the workstation, server, and mobile device. The updated antivirus signatures should be deployed on each device. The organization should not give permission to a user to disable antivirus software. Backup files and all external disks should be scanned. Virus scans should be automated and scheduled. Antivirus software should provide boot virus protection. Answer D is incorrect. Wireshark is a popular protocol analyzer available as a free download. It captures the contents of a file that was opened on a file server and transferred over the network. It is used for network troubleshooting, analysis, software and communications protocol development.

Which of the following statements are true of RADIUS?Each correct answer represents a complete solution. Choose all that apply. A. AIt centralizes authentication for remote dial-up connections. B. It uses UDP and encrypts only the exchange of the password C. It is used when an organization has more than one remote access server. D. It uses TCP and encrypts the entire session.

Answers A, B, and C are correct. RADIUS (Remote Authentication Dial-in User Service) centralizes authentication for remote dial-up connections. It is used when an organization has more than one remote access server. A user can connect to any remote access server, which then passes on the user's credentials to the RADIUS server to verify authentication and authorization and to track accounting. It uses UDP and encrypts only the exchange of the password. It doesn't encrypt the entire session, but additional protocols can be used to encrypt the data session.

Which of the following statements are true of virtual private network (VPN)? Each correct answer represents a complete solution. Choose all that apply. A. It is a form of wide area network (WAN) that supplies network connectivity over a possibly long physical distance. B. It is a network that uses a public telecommunication infrastructure, such as the Internet. C. It provides remote offices or individual users with secure access to their organization's network D. It operates at the physical layer of the OSI model.

Answers A, B, and C are correct. Virtual private network (VPN) is a form of wide area network (WAN) that supplies network connectivity over a possibly long physical distance. VPN is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. VPN can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost. VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). Answer D is incorrect. VPN operates at the network layer of the OSI model.

Which of the following are Data Link layer components? Each correct answer represents a complete solution. Choose all that apply. A. Bridges B. Switches C. Hub D. MAC addresses

Answers A, B, and D are correct. The following are Data Link layer components: Switches Bridges Network interface card (NIC) MAC addresses The Data Link layer of the OSI model is responsible for error-free transfer of data frames. This layer provides synchronization for the physical level. Answer C is incorrect. A hub is a Physical layer component.