CISSP Practice Test Combined_good

Ace your homework & exams now with Quizwiz!

45. SPIT attacks target what technology? A. Virtualization platforms B. Web services C. VoIP systems D. Secure Process Internal Transfers

C. VoIP systems

50. What method uses a strong magnetic field to erase media? A. Magwipe B. Degaussing C. Sanitization D. Purging

B. Degaussing

84. Helen is the owner of a website that provides information for middle and high school students preparing for exams. She is concerned that the activities of her site may fall under the jurisdiction of the Children's Online Privacy Protection Act (COPPA). What is the cutoff age below which parents must give consent in advance of the collection of personal information from their children under COPPA? A. 13 B. 15 C. 17 D. 18

A 13

98. Based upon the information in this scenario, what is the annaualized loss expectancy for a tornado at Atwood Landing's data center? A. $25,000 B. $50,000 C. $250,000 D. $500,000

A. $25,000

62. Tomas discovers a line in his application log that appears to correspond with an attempt to conduct a ditectory ttaversal attack. He believes the attack was conducted using URL encoding. The line reads: %252E%252E%252F%252E%252E%252Fetc/passwd Which character is represented by the %254E value? A. . B. , C. ; D. /

A. .

26. How many bits of keying material does the Data Encryption Standard use for encrypting informatiom? A. 56 bits B. 64 bits C. 128 bits D. 256 bits

A. 56 bits

22. During a penetration test, Danielle needs to identify systems, but she hasn't gained sufficient access on the system she is using to generate raw packets. What type of scan should she run to verify the most open services? A. A TCP connect scan B. A TCP SYN scan C. A UPD scan D. An ICMP scan

A. A TCP connect scan

64. In a Keberos environment, when a user needs to access a network resource, what ie sent to the TGS? A. A TGT B.An AS C. The SS D. A session key

A. A TGT

63. A phreaking tool used to manipulate line voltages to steal long-distance service is known as what type of box? A. A black box B. A red box C. A blue box D. A white box

A. A black box

39. What is the stored sample ofba biometric factor called? A. A reference template B. A token store C. A biometric password D. An enrollment artifact

A. A reference template

12. What network topology is shown in the image below? Refer to page 74 in book. A. A ring B. A bus C. A star D. A mesh

A. A ring

35. In her role as an information security professional, Susan has been asked to identify areas where her organization's wireless network may be accessible even though it isn't intended to be. What should Susan do to determine where her organization's wireless network is accessible? A. A site survey B. Warwalking C. Wardriving D. A design map

A. A site survey

62. Which type of firewall can be describd as " a device that filters traffic based on its source, destination and the port it is sent from or is going to" ? A. A static packet filtering firewall B. An Application layer gateway firewall C. A dynamic packet filtering firewall D. A stateful inspection firewall

A. A static packet filtering firewall

25. What method is commonly used to assess how well software testing covered the potential uses of a an sapplication? A. A test coverage analysis B. A source cofe review C. A fuzz analysis D. A code review report

A. A test coverage analysis

64. As part of the continued testing of their new application, Susa's quality assurance team has designed a set of test cases for a series of black box tests. These functional tests are then runs, and a report is pprepared explaining what has occurred. What type of report is typically generated during this testing to indicate metrics? A. A ttest coverage report B. A penetration test report C. A code coverage report D. A line coverage report

A. A test coverage report

9. As part of a penetration test, Alex needs to determine if there are web servers that could suffer from the 2014 Heartbleed bug. What type of tool could he use, and what should he check to verify that the tool can identify the probllem? A. A vulnerability scanner, to see whether the scanner has a signature or test for the Heartbleed CVE number B. A port scanner, to see whether the vulnerability scanner properly identifies SSL connections C. A vulnerability scanner, to see whether the vulnerability scanner detects problems with the Apache web server D. A port scanner, to see whether the port scanner supports TLS connections

A. A vulnerability scanner, to see whether the scanner has a signature or test for the Heartbleed CVE number

26. Which one of the following is normally used as an authorization tool? A. ACL B. Token C. Username D. Password

A. ACL

74. In the diagram shown here, which is an example of a class? Account Balance: currency = 0 Owner: string AddFunds(deposit: currency) RemoveFunds (withdrawal: currency) A. Account B. Owner C. AddFunds D. None of the above

A. Account

42. Adam recently configured permissions on an NTFS filesystem to describe the access that different users may have to a file by listing each user individually. What did Adam create? A. An access control list B. An access control entry C. Role-based access control D. Mandatory access control

A. An access control list

1.Referring to the figure below, what technology is shoewn that provides fault tolerance for the database servers? Refer to page 138 in book. A. Failover cluster B. UPS C. Tape backup D. Cold site

A. Failover cluster

45. What solution can best help sddress concerns about third parties that control SSO directs as shown in step 2 in the diagrams? A. An awareness campagin about trusted third parties B. TLS C. Handling redirects at the local site D. Implementing an IPS to capture SSO redirect attacks

A. An awareness campaign about trust third parties

64. Data streams occur at what three layers of theOSL model? A. Application, Presentation, and Session B. Presentation, Session, and Transport C. Physical, Data Link, and Network D. Data Link, Network, and Transport

A. Application, Presentation, and Session

41. What important function do senior managers normally fill on a business continuity planning team? A. Arbitrating disputes about criticality B. Evaluating the legal environment C. Training staff D. Designing failure controls

A. Arbitrating disputes about criticality

62. The graphic below shows the NIST risk management framework with step 4 missing. What is the missing step? Architecture Description/PROCESS OVERVEW/Organization Inputs RISK MANAGEMENT FRAMEWORK [Step 1 CATEGORIZE Information System] [Step 2 SELECT Security Controls] [Step 3 IMPLEMENT Security Controls] [ ?] [Step 5 AUTHORIZE Information System] [Step 6 MONITOR Security Controls] A. Assess security controls B. Determine control gaps C. Remediate control gaps D. Evaluate user activity

A. Assess security controls

84. What type of token-based authentication system uses a challenge/response process in which the challenge has to be entered on the nation? A. Asynchronous B. Smart card C. Synchronous D. RFID

A. Asynchronous

92. Which component of the database ACID model ensures that database transactions are an "all or nothing" affair? A. Atomicity B. Consistency C. Isolation D. Durability

A. Atomicity

78. What type of vulnerability scan accesses configuration from the systems is it run against as well as information that can be accessed via services available via the network? A. Authenticated scans B. Web application scans C. Unauthenticated scans D. Port scans

A. Authenticated scans

28. Mary is helping a computer user who sees the following message appear on his computer screen. What type of attack has occurred? CryptoLocker Your personal files are encrypted! Your important files encryption produced on this computer: photos, video, documents, etc. Here is a complete list of encrypted files, and you can personally verify this. Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key. The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore filies... To obtain the private key for this computer, which will automatically decrypt files, you need to pay 300 USD / 300 EUR / similar amount in another currency. Click<Next> to select the method of payment and the currency. Any attempt to remove or damage this software will lead to the immefiate destruction of the private key by server. Next>> A. Availability B. Confidentiality C. Disclosure D. Distributed

A. Availability

30. John's network begins to experience symptoms of slowness. Upon investigation, he realizes that the network is being bombarded with ICMP ECHO REPLY packets and believes that his organization is the victim of a Smurf attack. What principle of information security is being violated? A. Availability B. Integrity C. Confidentiality D. Denial

A. Availability

31. Vivian would like to hire a software tester to comee in and evaluate a new web application from a user's perpective. Which of the following tests best simulates that perspective? A. Black box B. Gray box C. Blue box D. White box

A. Black box

75. Grace would like to implement application control technology in her organization. Users often need to install new applications for research and testing purposes, and she does not want to inferere with that process. At the same time, she would like to block the use of known malicious software. What type of application control would be appropriate in this situation? A. Blacklisting B. Greylisting C. Whitelisting D. Bluelisting

A. Blacklisting

78. Raj is selecting an encryption algorithm for use in his organization and would like to be able to vary the strength of the encryption with the sensitivity of the information. Which one of the following algorithms allows the use of different key strengths? A. Blowfish B. DES C. Skipjack D. IDEA

A. Blowfish

2. COBIT, Control Objectives for Information and Related Technology, is a framework for IT management and governance. Which data management role is most likely to select and apply COBIT to balance the need for security controls against business requirements? A. Business owners B. Data processors C. Data owners D. Data stewards

A. Business owners

6. How can a data retention policy help to reduce liabilities? A. By ensuring that unneeded data isn't retained B. By ensuring that incriminating data is destroyed C. By ensuring that data is securely wiped so it cannot be restored for legal discovery D. By reducingthe cost of data storage required by law

A. By ensuring that unneeded data isn't retained

3. Ralph is designing a physical security infrastructure for a new computing facility that will remain largely unstaffed. He plans to implement motion detectors in the facility but would also like to include a secondary verification control for physical presence. Which one of the following would best meet his needs? A. CCTV B. IPS C. Turnstiles D. Faraday cages

A. CCTV

22. Tom is responding to a recent security incident and seeking information on the approval process for a recent modification to a system's security settings. Where would he most likely find this information? A. Change log B. System log C. security log D. Application log

A. Change log

55. What type of fire extinguisher is useful only against common combustibles? A. Class A B. Class B C. Class C D. Class D

A. Class A

10. What term is used to describe overwriting media to allow for its reuse in an environment operating at the same sensitivity level? A. Clearing B. Erasing C. Purging D. Sanitization

A. Clearing

86. At point B, what problem is likely to occur? A. False acceptance will be very high. B. False rejection will be very high. C. False rejection will be very low. D. False acceptance will be very low.

A. False acceptance will be very high

69. Becka recently signed a contract with an alternate data processing facility that will provide her company with space in the event of a disaster. The facility includes HVAC, power, and communications circuits but no hardware. What type of facility is Becka using? A. Cold site B. Warm site C. Hot site D. Mobile site

A. Cold site

20. Which is the proper order from least to most sensitive for US government classifications? A. Confidential, Secret, Top Secret B. Confidential, Classified, Secret C. Top Secret, Secret, Classified, Public, Classified, Top Secret D. Public, Unclassified, Classified, Top Secret

A. Confidential, Secret, Top Secret

60. Frank discovers a keylogger hidden on the laptop of his company's chief executive officer. What information security principle is the keylogger most likely designed to disrupt? A. Confidentiality B. Integrity C. Availability D. Denial

A. Confidentiality

45. Which one of the following issues is not normally addressed in a service-level agreement (SLA)? A. Confidentiality of customer information B. Failover time C. Uptime D. Maximum consecutive downtime

A. Confidentiality of customer information

Questions 37-40 refer to the following scenario: Linda is reviewing posts to a user forum on her company's website and, when she browses a certain post, a message pops up in a dialog box on her screen reading "Alert." She reviews the source code for the post and finds the following code snippe: <script>alert( ' Alert ' ) ; </ script> 37. What vulnerability definitely exists on Linda's message board? A. Cross-site scripting B. Cross-site request forgery C. SQL injection D. Improper authentication

A. Cross-site scripting

13. Bobbi is investigating a security incident and discovers that an attacker began with a normal user account but managed to exploit a system vulnerability to provide that account with administrative rights. What type of attack took place under the STRIDE model? A. Spoofing B. Repudiation C. Tampering D. Elevation of privilege

A. D. Elevation of privilege

39.What technology could Lauren's employer implement to help prevent confidential data from being emailed out of the organization? A. DLP B. IDS C. A firewall D. UDP

A. DLP

66. Ann continues her investigation and realizes that the traffic generating the alert is abnormally high volumes of inbound UDP traffic on port 53. What service typical uses this port? A. DNS B. SSH/SCP C. SSL/TLS D. HTTP

A. DNS

36. Which one of the following individuals is normally responsible for fulfilling the operational data proctection respobsibilities delegated by senior management, such as validating data integrity, testing backups, and managing security policies? A. Data custodian B. Data owner C. User D. Auditor

A. Data custodian

97. Which of the following does not describe data in motion? A. Data on a backup tape that is being shipped to a storage facility B. Data in a TCP packet C. Data in an e-commerce transaction D. Data in files being copied between locations

A. Data on a backup tape that is being shipped to a storage facility

For questions 86, 87, and 88, use the following scenario. As shown in the following security life cycle diagram (loosely based on the NIST reference architecture), NIST uses a five-step process for risk management. Using your knowledge of data roles and practices, answer the following questions based on the NIST framework process. [Step 1: Categorize Systems and Data] ▪[ Step 2: Select Security Controls] ▪ [ Step 3: Implement Security Controls] ▪ [ Step 4: Assess Security Controls] ▪ [ Step 5: Monitor Security] 86. What data role will own responsibility for step 1, the categorization of information systems, to whom will they delegate step 2, and what data role will be responsible for step 3? A. Data owners, system owners, custodians B. Data processors, custodians, users C. Business owners, administrators, custodians D. System owners, business owner, administrators

A. Data owners, system owners, custodians

60. Which of the following best describes a typical process for building and implementing an Information Seecurity Continuous Mnitoring program as described by NIST Special Publicatiion 800-137? A. Define, establish, implement, analyze and report, respond, review,, and update B. Desgin, build, operate, anaalyze, respond, review, revise C. PRepare, deeteect and analyze, contain, respond, recover,, report D. Define, design, build, monitor,, analyze, react, revise

A. Define, establish, implement, analyze and report, respond, review, and update

19. What phase of the SW-CMM should Robert report as the current status of Beta Particles? A. Defined B. Repeatable C. Optimizing D. Managed

A. Defined

12. Which one of the following testing methodologies typically works without access to source code? A. Dynamic testing B. Static testing C. White box testing D. Code review

A. Dynamic testing

96 Fred is preparing to send backup tapes off site to a secure third-party storage facility. What steps should Fred take before sending the tapes to that facility? A. Ensure that the tapes are handled the same way the orginal media would be handled based on their classification. B. Increase the classification level of the tapes because they are leaving the possession of the company. C. Purge the tapes to ensure that classified data is not lost. D. Encrypt the tapesin case they are lost in transit.

A. Ensure that the tapes are handled the same way the orginal media would be handled based on their classification.

87. In Transport Layer Security, what type of key is used to encrypt the actual content of communications between a web server and a client? A. Ephemeral session key B. Client's public key C. Service's public key D. Server's private key

A. Ephemeral session key

91. Darcy is a computer security specialist who is assisting with the prosecution of a hacker. The prosecutor requests that Darcy give testimony in court about whether, in her opinion, the logs and other records in a case are indicative of a hacking attempt. What type of evidence is Darcy being asked to provide? A. Expert opinion B. Direct evidence C. Real evidence D. Documentary evidence

A. Expert opinion

11. Tim's organization recently recieved a contract to conduct sponsored research as a government contractor. What law now likely applies to the information system involved in this contract? A. FISMA B. PCI DSS C. HIPAA D. GISRA

A. FISMA

1 What important factor listed below differentiates Frame Relay from X.25? A. Frame Relay supports multiple PVCs over a single WAN carrier connection. B. Frame Relay is a cell-switching technology instead of a packet-switching technology like X.25. C. Frame Relay does not provide a Committed Information Rate (CIR). D. Frame Relay only requires a DTE on the provider side.

A. Frame Rely supports multiple PVCs over a single WAN carrier connection.

7. When using the SDLC, which one of these steps should you take before the others? A. Functional requirements determination B. Control specifications development C. Code review D. Design review

A. Functional requirements determination

10. Yolanda is the cheif privacy officer for a financial institution and is researching privacy issues related to customer checking accounts. Which one of the following laws is most likely to apply to this situation? A. GLBA B. SOX C. HIPAA D. FERPA

A. GLBA

7. Harry who like to access a document owned by Sally and stored on a file server. Applying the subject/object model to this scenario, who or what is the subject of the resource request? A. Harry B. Sally C. Server D. Document

A. Harry

49. Finally, there are historical records stored on the server that are extremely important to the business and should never be modified. You would like to add an integrity control that allows you to verrify on a periodic basis that the files were not modified. What control can you add? A.Hashing B. ACLs C. Read-only attributes D. Firewalls

A. Hashing

For questions 57, 58, and 59, use the following scenario. Chris has recently been hired into a new organization. The organization that Chris belongs to uses the following classification process: 1. Criteria Re set for classifying data. 2. Data owners are established for each type of data. 3. Data is classified 4. Required controls are selected for each classification. 5. Baseline security standards are selected for the organization. 6. Controls are scoped and trailored. 7. Controls are applied and enforced. 8. Access is granted and managed. Use the classification process to answer the following questions. 57. If Chris is one of the data owners for the organization, what steps in this process is he most likely responsible for? A. He is responsible for steps 3, 4, and 5. B. He is responsible for steps 1, 2, and 3. C. He is responsible for steps 5, 6, and 7. D. All of the steps are his direct responsibility.

A. He is responsible for steps 3, 4, and 5.

76. Warren is designing a physical intrusion detection system for his data center and wants to include technology that issues an alert if the communications lines for the alarm system are unexpectedly cut. What technology would meet this requirement? A. Heatbear sensor B. Emanation securty C. Motion detector D. Faraday cage

A. Heartbeat sensor

81. The Domer Industries risk assessment team recently conducted a qualitative risk assessment and developed a matrix similar to the one shown below. Which quadrant contains the risks that require the most immediate attention? Probability [II ] [ I ] [III] [IV] Impact A. I B. II C. III D. IV

A. I

37. Which one of the following frameworks focuses on IT service management and includes topics such as change management, configuration management, and service-level agreements? A. ITIL B. PMBOK C. PCI DSS D. TOGAF

A. ITIL

76. The Financial services company that Susan works for provides a web portal for its users. When users need to verify their identity, the company uses information from third-party sources to ask questions based on their past credit reports, such as, "Which of the following streets did you live on in 2007?" What process is Susan's organization using? A. Identity proofing B. Password verification C. Autheenticating with Type 2 authentication factor D. Out-of-band identity proofing

A. Identify proofing

92. Which one of the following is the first step in developing an organization's vital records program? A. Identifying vital records B. Locating vital records C. Archiving vital records D. Preserving vital records

A. Identifying vital records

91. Jim is implementing a cloud identity solution for his orginization. What type of technology is he putting in place? A. Identity as a Service B. Employer ID as a Service C. Cloud-based RADIUS D. OAuth

A. Identity as a Service

89. Timber Industries recently got into a dispute with a customer. During a meeting with his account representative, the customer stood up and declared, "There is no other solution. We will have to take this matter to court." He then left the room. When does Timber Industries have an obligation to begin preserving evidence? A. Immediately B. Upon recipt of a notice of litigation from opposing attorneys C. Upon receipt of a subpoena D. Upon receipt of a court order

A. Immediately

57. By default, in what format does OpenLDAP store the value of the userPasssword attribute? A. In the clear B. Salted and hashed C. MD5 hashed D. Encrypted usingbAES256 encyrption

A. In the clear

2.Referring to the figure shown below, what is the earliest stageof a fire where it is possible to use detection technology to identify it? TEMPERATURE/TIME Stage 1: Incipient▪ Stage 2: Smoke ▪Stage 3: Flame ▪Stage 4: Heat A. Incipient B. Smoke C. Flame D. Heat

A. Incipient

5. The need to protect sensitive data drives what administrative process? A. Information classification B. Remanence C. Transmitting data D. Clearing

A. Information classification

82. The Bell- LaPadula and Biba models implement state machines in a fashion that uses what specific state machine model? A. Information flow B. Noninterference C. Cascading D. Freedback

A. Information flow

28. Chris is building an Ethernet network and knows that he needs to span a distance of over 150 meters with his 1000Base- T network. What network technology should he use to help with this? A. Install a repeater or a concentrator. before 100 meters. B. Use Category 7 cable, which has better shielding for higher speeds. C. Install a gate to handle the distance. D. Use STP cable to handle the longer distance at high speeds.

A. Install a repeater or a concentrator before 100 meters.

44. Beth is the security administrator for a public school district. She is implementing a new student information system and is testing the code to ensure that students are not able to alter their own grades. What principle of information security is Beth enforcing? A. Integrity B. Availability C. Confidentiality D. Denial

A. Integrity

52. During an incident investigatio, investigators meet with a system administrator who may have information about the incident but is not a suspect. What type of conversation is taking place during this meeting? A. Interview B. Interrogation C. Both an interview and an interrogation D. Neither an interview nor an interrogation

A. Interview

35.What should passive scanning be conducted in addition to implementing wireless security technologies like wireless intrusion detection system? A. It can help identify rogue devices. B. It can test the securityof the wireless network via scripted attacks. C. Their short dwell time on each wireless channel can allow them to capture more packets. D. They can help test wireless IDS or IPS systems.

A. It can help identify rogue devices.

39. Alan is reviewing a system that has been assigned the EAL1 evaluation assurance level under the Common Criteria. What is the degree of assurance that he may have about the system? A. It has been functionally tested B. It has been structurally tested. C. It has been formally verified, designed, and tested. D. It has been methodically designed, tested, and reviewed.

A. It has been functionally tested.

53.Jim configures his LDAP client to connect to an LDAP directory server. According to the configuration guide, his client should connect to the server on port 636. What does this indicate to Jim about the configuration of the LDAP server? A. It requires connections over SSL/TLS. B. It supports only unencrypted connections. C. It provides global catalog services. D. It does not provide gobal catalog services

A. It requires connections over SSL/TLS.

69. Question like "What is your pet's name?" are examples of what type of identity proofing? A. Knowledge-based authentication B. Dynamic knowledge-based authentication C. Out-of-band identity proofing D. A Type 3 authentication factor

A. Knowledge-based authentication

91. Lauren has been asked to replace her organization's PPTP implementation with an L2TP implementation for security reasons. What is the primary security reason that L2TP would replace PPTP? A. L2TP can use IP sec. B. L2TP creates a point-to-point tunnel, avoiding multipoint issues. C. PPTP doesn't support EAP. D. PPTP doesn't properly encapsulate PPP packets.

A. L2TP can use IPsec.

65. Which one of the following components should be included in an organization's emergency response guidelines? A. List of individuals who should be notified of an emergency incident B. Long-term business continuity protocols C. Activation procedures for the organization's cold sites D. Contact information for ordering equipment

A. List of individuals who should be notified of an emergency incident

23. What is the best way to provide accountability for the use of identittes? A. Logging B. Authorization C. Digital signatures D. Type 1 authentication

A. Logging

25. Biba is what type of access control model? A. MAC B. DAC C. Role BAC D. ABAC

A. MAC

61. Sherry conducted an inventory of the cryptographic technologies in use within her organization and found the following algorithms and protocols in use. Which one of these technologies should she replace because it is no longer considered secure? A. MD5 B. 3DES C. PGP D. WPA2

A. MD5

56. Gary is concerned about applying consistent security settings to the many mobile devices used throughout his organization. What technology would best assit with his challenge? A. MDM B. IPS C. IDS D. SIEM

A. MDM

11. What type of security vulnerability are developers most likely to introduce into code when they seek to facilitate their own access, for testing purposes, to software they developed? A. Maintenance hook B. Cross-site scripting C. SQL injection D. Buffer overflow

A. Maintenance hook

98. In what type of attackers manage to insert themselves into a connection between a user and a legitimate website? A. Man-in-the-middle B. Fraggle C. Wardrivind D. Meet-in-the-middle

A. Man-in-the-middle

33. Referring to the figure shown below, what is the name of the security control indicated by the arrow? Refer to page 55 in book. A. Mantrap B. Turnstile C. Intrusion prevention sysrem D. Portal

A. Mantrap

6. Which one of the following trusted recovery types does not fail into a secure operating state? A. Manual recovery B. Automated recovery C. Automated recovery without undue loss D. Function recovery

A. Manual recovery

11. Which one of the following is considered primary storage? A. Memory B. Hard disk C. Flash drive D. DVD

A. Memory

82. Which NIST document covers the creation of an Information Security Continuous Monitoring (ISCM)? A. NIST SP 800-137 B. NIST SP 800-53a C. NIST SP 800-145 D. NIST SP 800-50

A. NIST SP 800-137

18. Lydia is processing access control requests for her organization. She comes across a request where the user does have the required security clearance, but there is no business justification for the access. Lydia denies this request. What security principle is she following? A. Need to know B. Least privilege C. Seperation of duties D. Two-person control

A. Need to know

10. Jim would like to identify compromised systems on his network that may be participating in a botnet. He plans to do this by watching for connections made to known comnandand-control servers. Which one of the following techniques woyld be most likely to provide this information if Jim has access to a list of known servers? A. Netflow records B. IDS logs C. Authentication logs D. RFC logs

A. Netflow records

4. FlyAway Travel has offices in both the European Union and the United States and transfers personal information between those offices regularly. Which of the seven requirements for processing personal information states that organizations must inform individuals about how the information they collect is used? A. Notice B. Choice C. Onward Transfer D. Enforcement

A. Notice

46. Which attack helped drive vendors to move away from SSL toward TLS-only by default? A. POODLE B. Stuxnet C. BEAST D. CRIME

A. POODLE

40. Which one of the following components is used to assign classifications to objects in a mandatory access control system? A. Security label B. Security token C. Security descriptor D. Security capability

A. Security label

21. Keenan Systems recently developed a new manufacturing process for microprocessors. The company wants to license the technology to other companies for use but wishes to prevent unauthorized use of the technology. What type of intellectual property protection is best suited for this situation? A. Patent B. Trade secret C. Copyright D. Trademark

A. Patent

28. Information maintained about an individual that can be used to distinguish or trace their identity is known as what type of information? A. Personally identifiable information (PII) B. Personal health information (PHI) C. Social Security number (SSN) D. Secure identity information (SII)

A. Personally identifiable information (PII)

71. In what type of attack does the attacker replace the legitimate BIOS on a computer with a malicious alternative that allows them to take control of the system? A. Phlashing B. Phreaking C. Phishing D. Phogging

A. Phlashing

34. Which one of the following does not describe a standard physical security requirements for writing closets? A. Place only in areas monitored by security guards. B. Do not store flammable items in the closet. C. Use sensors on doors to log entries. D. Perform regular inspections of the closet.

A. Place only in areas monitored by security guards.

88. Which one of the following principles would not be favored in an Angile approach to software development? A. Processes and tools over individuals and interactions B. Working software over comprehensive documentation C. Customer collaboration over contact negotiations D. Responding to change over following a plan

A. Processes and tools over individuals and interactions

30. In which cloud computing model does a customer share computing infrastructure with other customers of the cloud vendor where one customer may not know the other's identity? A. Public cloud B. Private cloud C. Community cloud D. Shared cloud

A. Public cloud

80. Howard is choosing a cryptographic algorithm for his organization and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement? A. RSA B. DES C. AES D. Blowfish

A. RSA

38. In what state does a processor's scheduler place a process when it is prepared to excecute but the CPU is not currently available? A. Ready B. Running C. Waiting D. Stopped

A. Ready

38. What was the likely motivation of the user who posted the message on the forum containing the code? A. Reconnaissance B. Theft of sensitive information C. Credential stealing D. Social engineering

A. Reconnaissance

43. Gary is analyzing a security incident and, during his investigation, encounters a user who denies having performed an action that Gary believes he did perform. What type of threat has taken place under the STRIDE model? A. Repudiation B. Information disclosure C. Tampering D. Elevation of privilege

A. Repudiation

79. Which one of the following change management processes is intitiated by users rather than developers? A. Request control B. Change control C. Release control D. Design review

A. Request control

27. What type of access control is being used in the following permission listing: Storage Device X User 1: Can read, write, list User 2: Can read, list User 3: Can read, write, list, delete User 4: Can list A. Resource-based access controls B. Role-based access controls C. Mandatory access controls D. Rule-based access controls

A. Resource- based access controls

20. Jacob is planning his organization's biometric authentication system and is considering retin scans. What concern may be raised aboutretina scans by others in his organization? A. Retina scans can reveal information about medical conditions. B. Retina scans are painful because they require a puff of air in the user's eye. C. Retina scanners are the most expensive type of biometric device. D. Retina scanners have a high fasle positive rate and will cause support issuses.

A. Retina scans can reveal information about medical conditions.

49. In the ring protection model shown below, what ring contains the operating system's kernel? Refer to page 59 in book. RING O ○ ; RING 1 ° ; RING 2 ° ; RING 3 ° A. Ring O B. Ring 1 C. Ring 2 D. Ring 3

A. Ring O

61. What is the formula used to determine risk? A. Risk = Threat * Vulnerability B. Risk = Threat / Vulnerability C. Risk = Asset * Threat D. Risk = Asset / Threat

A. Risk = Threat * Vulnerability

21. Which email security solution provides two major usage modes: (1) signed messages that provide integrity, sender authentication, and nonrepudiation; and (2) an enveloped message mode that provides integrity, sender authentication, and confidentiality? A. S/MIME B. MOSS C. PEM D. DKIM

A. S/MIME

22. During a security assessment, Jim discovers that the organization he is working with uses a multilayer protocol to handle SCADA systems and recently connected the SCADA network to the rest of the organization's production network. What concern should he raise about serial data transfers carried via TCP/IP? A. SCADA devices that are now connected to the network can now be attacked over the network. B. Serial data over TCP/IP cannot be encrypted. C. Serial data cannot be carried in TCP packets. D. TCP/IP's throughput can allow for easy denial of service attacks against serial devices.

A. SCADA devices that are now connected to the network can now be attacked over the network.

97. Kerberos, KryptoKnight, and SESAME are all examples of what type of system? A. SSO B. PKI C.CMS D. Directory

A. SSO

48. What type of attack is shown in the figure below? Refer to page 148 in book. A. SYN flood B. Ping flood C. Smurf D. Fraggle

A. SYN flood

5.Fran's company is considering purchasing a web-based email service from a vendor and eliminating its own email serve environment as a cost-saving measure. What type of cloud computing environment is Fran's company considering? A. SaaS B. IaaS C. CaaS D. PaaS

A. SaaS

63. When a computer is removed from service and disposed of, the process that ensures that all storage media has been removed or destroyed is know as what? A. Sanitization B. Purging C. Destruction D. Delclassification

A. Sanitization

12. As Gary design the program, he uses the matrix shown below. What principle of information security does this matrix most directly help enforce? Refer to page 140 in the book. A. Segregation of duties B. Aggregation C. Two-person control D. Defense in depth

A. Segregation of duties

74. Ben is concerned about exploits that allow VM escape. What option should Ben suggest to help limit the impact of VM escape exploits? A. Separate virtual machines onto separate physical hardware based on task or data types. B. Use VM escape detection tools on the underlying hypervisor. C. Restore machines to their orginal snapshots on a regular basis. D. Use a utility like Tripwire to look for changes in the virtual machines.

A. Separate virtual machines onto separate physical hardware based on task or data types.

97. Todd wants to add a certificate to a certificate revocation list. What element of the certificate goes on the list? A. Serial number B. Public key C. Digital signature D. Private key

A. Serial number

36. Which one of the following types of agreements is the most formal document that contains expectations about availability and other perforomance parameters between a service provider and a customer? A. Service-level agreement (SLA) B. Operations level agreement (OLA) C. Memorandum of understanding (MOU) D. Statement of work (SOW)

A. Service-level agreement (SLA)

94. Mail is eavesdropping on the unencryted communication between the user of a website and the web server. She manages to intercept the cookies from a request header. What type of attack can she perform with these cookies? A. Session hijacking B. Cross-site scripting C. Cross-site request forgery D. SQL injection

A. Session hijacking

98. Alison is examining a digital certificate presented to her by her bank's website. Which one of the following requirements is not necessary for her to trust the digital certificate? A. She knows that the server belongs to the bank. B. She trusts the certificate authority. C. She verifies that the cerificate is not listed on a CRL. D. She verifies the digital signature on the certificate.

A. She knows that the server belongs to the bank.

69. What type of firewall design is shown in the image below? Refer to page86 in book. •••••••••••••••••••••••••••••••Firewall••••••Private Network (Internet)_____●__________■_____ I____I ___I_____I____ •••••••••••••••••Router. I I I I A. Single tier B. Two tier C. Three tier D. Next veneration

A. Single tier

58. Rhonda is considering the use of new identification cards for physical access control in her organization. She comes across a military system that uses the card shown below. What type of card is this? Refer to page 61 in book. A. Smart card B. Proximity card C. Magnetic stripe card D. Phase three card

A. Smart card

2. An evil twin attack that broadcasts a legitimate SSID for an unauthorized network is an example of what category of threat? A. Spoofing B. Information disclosure C. Repudiation D. Tampering

A. Spoofing

51. Which one of the following is not normally included in business continuity plan documentation? A. Statement of accounts B. Statement of importance C. Statement of priorities D. Statement of organizational responnsibility

A. Statement of accounts

39. Joe is an investigator with a law enforcement agency. He recieved a tip that a suspect is communicatingsensitive information with a third party via a message board. After obtaining a warrant for the message, he obtained the contents and found that the message only contains the image show in the figure below. if this is the sole content of the communication, what technique could the suspect have used to embed sensitive information in the message? Refer to page 146 in the book. A. Steganography B. Watermarking C. Clipping D. Sampling

A. Steganography

6. Which one of the following elements of information is not considered personally identifiable information that would trigger most US state data breach laws? A. Student identification number B. Social Security number C. Driver's license number D. Credit card number

A. Student identification number

4. What message logging standard is connonly used by network devices, Linux and Unix systems, and many other enterprise devices? A. Syslog B. Netlog C. Eventlog D. Remote Log Protocol (RLP)

A. Syslog

8. Chris is configuring an IDS to monitor for unencypted FTP traffic. What ports should Chris use in his configuration? A. TCP 20 and 21 B. TCP 21 only C. UDP port 69 D. TCP port 21 and UDP port 21

A. TCP 20 and 21

51. Which one of the following is the most effective control aganist session hijacking attacks? A. TLS B. Complex session cookies C. SSL D. Expiring cookies frequently

A. TLS

17. What does labeling data allow a DLP system to do? A. The DLP system can detect labels and apply appropriate protections. B. The DLP system can adjust labels based on changes in the classification scheme. C. The DLP system can notify the firewall that traffic should be allowed through. D. The DLP system can delete unlabeled data.

A. The DLP system can detect labels and apply appropriate protections.

81. Which of the following will be superceded in 2018 by the European Union's General Data Protection Regulation (GDPR)? A. The EU Data Protection Directive B. NIST SP 800-12 C. The EU Personal Data Protection Regulation D. COBIT

A. The EU Data Protection Directive

56. What US government agency oversees compliance with the Safe Harbor framework for organizations wishing to use personal data of EU citizens? A. The FTC B. The FDA C. The DoD D. The Department of Commerce

A. The FTC

54. Segmentation, sequencing, and error checking all occur at what layer of the OSI model that is associated with SSL, TLS, and UDP? A. The Transport layer B. The Network layer C. The Session layer D. The Presentation layer

A. The Transport layer

34. Which of the following concerns should not be part of the decision when classifying data? A. The cost to classify the data B. The sensitivity of the data C. The amount of harm that exposure of the data could cause D. The value of the data to the organization

A. The cost to classify the data

30. Which one of the following is not one of the basic requirements for cryptographic hash function? A. The function must work on fixed-length input. B. The functiion must be relatively easy to compute for any input. C. The function must be one way. D. The function must be collision free.

A. The function must work on fixed-length input

60. What common security issue is often overlooked with cordless phones? A. Their signal is rarely encrypted and thus can be easily monitored. B. They use unlicensed frequencies. C. They can allow attackers access to wireless networks. D. They are rarely patched and are vulnerable to malware.

A. Their signal is rarely encrypted and thus can be easily monitored.

21. Which one of the following is not an attribute of a hashing algorithm? A. They require a cryptographic key. B. They are irreversible. C. It is very difficult to find two messages with the same hash value. D. They take variable-length input.

A. They require a cryptographic key.

30. What are the two types of covert channels that are commonly exploited by attackers seeking to surreptitiously exfiltrate information? A. Timing and storage B. Timing and firewall C. Storage and memory D. Firewall and storage

A. Timing and storage

40. A US government database contains Secret, Confidential, and Top Secret data. How should it be classified? A.Top Secret B. Confidential C. Secret D. Mixed classification

A. Top Secret

100. Which mapping correctly matches data classifications between nongovernment and government classification schemes? A. Top Secret - Confidential/Proprietary Secret- Private Confidential - Sensitive B. Secret - Business confidential Classified - Proprietary Confidential - Business Internal C. Top Secret - Business sensitive Secret - Business internal Confidential - Business proprietary D. Sacret - Proprietary Classified - Privatr Unclassified - Public

A. Top Secret - Confidential/Proprietary Secret - Private Confidential - Sensitive

46. Joan is seeking a to protect a piece of computer software that she developed under intellectual property law. Which one of the following avenues of protection would not apply to a piece of software? A. Trademark B. Copyright C. Patent D. Trade secret

A. Trademark

53. If your organization needs to allow attachments in email to support critical business processes, what are the two best option for helping to avoid security problems caused by attachments? A.Train your users and use anti-malware tools. B. Encrypt your email and use anti- malware tools. C. Train your users and require S/MIME for all email. D. Use S/MIME by default and remove all ZIP (.zip) file attachments.

A. Train your users and use anti-malware tools.

87. What type of trust relationship extends beyond the two domains participating in the trust to one or more of their subdomains? A. Transitive trust B. Inhsritable trust C. Nontransitive trust D. Noninheritable trust

A. Transitive trust

32. What government agency is responsible for the evaluation and registration of trademarks? A. USPTO B. Library of Congress C. TVA D. NIST

A. USPTO

44. Which one of the following terms is not used to describe a privileged mode of system operation? A. User mode B. Kernel mode C. Supervisory mode D. System mode

A. User mode

61. Lauren's organization has deployed VoIP phones on the same switches that the desktop PCs are on. What se urity issue could this create, and what solution would help. A. VLAN hopping, use physical separate switches. B. VLAN hopping, use encryption. C. Caller ID spoofing, MAC filtering D.Denial of service attacks,use a firewall between networks.

A. VLAN hopping, use physically separate switches.

80. In what virtualization model do full guest operating systems run on top of a virtualization platform? A. Virtual machines B. Software-defined networking C. Virtual SAN D. Application virtualization

A. Virtual machines

52. Ben is designing a Wi-Fi network and has been asked to choose the most secure option for the network. Which wireless security standard should he choose? A. WPA2 B. WPA C.WEP D. AES

A. WPA2

70. Nikto, Burp Suite, and Wapiti are all examples of what type of tool? A. Web application vulnerability scanners B. Code review tools C. Vulnerability scanners D. Port scanners

A. Web application vulnerability scanners

40. When might an organization using biometrics choose to allow a higher FRR instead of a higher FAR? A. When security is more important than usability B. When false rejection is not a concern due to data quality C. When the CER of the system is not known D. When the CER of the system is very high

A. When security is more important than usability

59. Roger is conducting a software test for a tax preparation application developed by his company. End users will access the application over the web, but Roger is conducting his test on the back end, evaluating the source code on the web server. What type of test is Roger conducting? A. White box B. Gray box C. Blue box D. Black box

A. White box

Susan is the lead of a Quality Assurance team at her company. They have been tasked with the testing for a major release of their company's core sofeware product. Use knowledge of code review and testing to answer the following three questions. 63. Susan's team of software testers are required to test every code path, including those that will only be used when an error condition occurs. What type of testing environment does her team need to ensure complete code coverage? A. White box B. Gray box C. Black box D. Dynamic

A. White box

65. What standard governs the creation and validation of digital certificates for use in a public key infrastructure? A. X.509 B. TLS C. SSL D. 802.1X

A. X.509

84. What function can be used to convert a string to a safe value for use in passing from a PHP application to a database? A. bin2hex( ) B. hex2bin( ) C. dechex( ) D. hexdec( )

A. bin2hex( )

22. Which one of the following files is most likely to contain a macro virus? A. projections . doc B. command . com C. command . exe D. loopmaster . exe

A. projections . doc

95. LDAP distinguished (DNs) are made up of comma- separated components called relative distinguished names (RDNs) that have an attribute name and a value. DNs become less specific as they progress from left to right. Which of the following LDAP DN best fits this rule? A. uid=ben,ou=sales,dc=example,dc=com B. uid=ben,dc=com,dc=example C. dc=com,dc=example,ou=sales,uid=ben D. ou=sales,dc=com,dc=example

A. uid=ben,ou=sales,dc=example,dc=com

15. Which one of the following control categories does not accurately describe a fence around a facility? A. Physical B. Detective C. Deterrent D. Preventive

B. Detective

51. Which one of the following is an example of a code, not a cipher? A. Data Encryption Standard B. "One if by land; two if by sea" C. Shifting letters by there D. Word scramble

B. "One if by land; two if by sea"

97. Based upon the information in this scenario, what is the annualized rate of occurrence for a tornado at Atwood Landing's data center? A. 0.0025 B. 0.05 C. 0.01 D. 0.015

B. 0.005

95. What speed is Category 3 UTP cable rate for? A. 5 Mbps B. 10 Mbps C. 100 Mbps D. 1000 Mbps

B. 10 Mbps

37. What is the minimum number of independent parties necessary to implement the Fair Cryptosystems approach to key escrow? A. 1 B. 2 C. 3 D. 4

B. 2

58. What is the default subnet mask for a Class B netwoork? A. 255.0.0.0 B. 255.255.0.0 C. 255.254.0.0 D. 255.255.255.0

B. 255.255.0.0

15. Marcy would like to continue using some old DES encryption equipment to avoid throwing it away. She understands that running DES multiple times improves the security of the algorithm. What is the minimum number of times she must run DES on the same data to achieve security that is cryptographically strong by modern standards? A. 2 B. 3 C. 4 D. 12

B. 3

4. Harry would like to retrieve a lost encryption key from a database that uses m of n control with m = 4 and n = 8. What is the minimum number of escrow agents required to retrieve the key? A. 2 B. 4 C. 8 D. 12

B. 4

41. Susan is working to improve the strength of her organization'spasswords bychanging the password policy. The password system thst she is using allows upper- and lower-case letters as well as numbers but no other characters. How much additional complexity does adding a single character to the mimimum length of passwords for her organization create? A. 26 times more complex B. 62 times more complex C. 36 times more complex D. 2^62 times more complex

B. 62 times more complex

54. Which NIST special publication covers the assessment of security and privacy control? A. 800-12 B. 800-53A C. 800-34 D. 800-86

B. 800-53A

1. During a port scan, Susan discovers a system running services on TCP and UDP 137-139 and TCP 445, as well as TCP 1433. What type of system is she likely to find if she connects to the machine? A. A Linux email server B. A Windows SQL server C. A Linux file server D. A Windows workstation

B. A Windows SQL server

24. An attack that causes a service to fail by exhausting all of a system's resources is what type of attack? A. A worm B. A denial of service attack C. A virus D. A Smurf attack

B. A denial of sevice attack

45. As part of his role as a security manage, Jacob provides the following chart to his organization's management team. What type of measurement is he providing for them? Refer to page 125 in the book. A. A coverage rate measure B. A key performance indicator C. A time to live metric D. A business. criticality indicator

B. A key performance indicator

74. Jim is designing his oranization's log management systems and know that he needs to carefully plan to handle the organization's log data. Which of the following is not a factor that Jim should be concerned with? A. The volume of log data B. A lack of sufficient log sources C. Data storage security requirements D. Network bandwidth

B. A lack of sufficient log sources

61. Lauren's team conducts regression testing on each patch that they release. What key performance measure should they maintain to measur the effectiveness of their ttesting? A. Time to remediate vulnerabilities B. A measure of the rate of defect recurrence C. A weighted risk trend D. A measure of the specific coverage of their testing

B. A measure of the rate of defect recurrence

7. NIST Special Publication 800-53A describes four major types of assessment objects that can be used to identify items being assessed. If the assessment covers IPS devices, which of the types of assessment objects is being assessed? A. A specification B. A mechanism C. An activity D. An individual

B. A mechanism

18. What network tool can be used to protect the identity of clients while providing Internet access by accepting client requests, altering the source addresses of the requests, mapping requests to clients, and sending the modified requests out to their destination? A. A gateway B. A proxy C. A router D. A firewall

B. A proxy

79. What type of firewall design does the image below show? Refer to page 88 in book. •••••••••••••••••••••••••••••••••••Firewall•••Private Network (Internet)_____________●______■_______|_____|_____|___|____ ••••••••••••••••••••••••••Router | | | | ••••••••••••••••••••••••••••••••••••••••••\DMZ A. A single-tier firewall B. A two-tier firewall C. A three-tier firewall D. A fully protected DMZ firewall

B. A two-tier firewall

Chris is designing layered network security for his organization. Using the diagram below, answer questions 13 through 15. Refer to page 74 in book. (Internet)•••••••••••• A Firewall □___________B__________Web server Router ○____________C__________VPN Concentrator Switch ■ _______________________________________________________________ Computers ■ ■ ■ ■ ■ 13. What type of firewall design is shown in the diagram? A. A single-tier firewall B. A two-tier firewall C. A three-tier firewall D. A four-tier firewall

B. A two-tier firewall

16. What type of encryption should you use on the file servers for the proprietary data, and how might you secure the data when it is in motion? A. TLS at rest and AES in motion B. AES at rest and TLS in motion C. VPN at rest and TLS in motion D. DES at rest and AES in motion

B. AES at rest and TLS in motion

37. One of Susan's attacks during a penetraion test involves inserting false ARP data into a system's ARP cache. When the system attempts to send traffic to the address it believes belongs to a legitmate system, it will instead send that traffic to a system she controls. What is this attack called? A. RARP Flooding B. ARP cache poisoning C. A denial of ARP attack D. ARP buffer blasting

B. ARP cache poisoning

96. Object-oriented programmong languages use a black box approach to development, where users of an object do not necessarily need to know the object's implementation details. What term is used to describe this concept? A. Layering B. Abstraction C. Data hiding D. Process isolation

B. Abstraction

24. Jim has worked in human relations, payroll, and customer service roles in his company over the past few years. What type of process should his company perform to ensure that he has appropriate rights? A. Re-provisioning B. Account review C. Privilege creep D. Account revocation

B. Account review

95. What term is used to describe the formal declaration by a designated approving authority (DAA) that an IT system is approved to operate in a specific environment? A. Certification B. Accreditation C. Evaluation D. Approval

B. Accreditation

63. Carla has worked for her company for 15 years and has held a variety of different positions. Each time she changed positions, she gained new privileges associated with that position, but no privilsges were ever taken away. What concept describes the sets of privileges she has accumlated? A. Entitlement B. Aggregation C. Transitivity D. Isolation

B. Aggregation

18.Which one of the following keys would Bob not possess in this scenario? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key

B. Alice's private key

19. Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital siignature? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key

B. Alice's private key

76. When a host on an Ethernet network detects a collision and transmits a jam signal, what happens next? A. The host that transmitted the jam signal is allowed to retransmit while all others host pause until that transmission is recieved successfully. B. All host stop transmitting and each host waits a random period of time before attempting to transmitagain. C. All hosts stop transmitting and each host waits a period of time based on how recently it successfully transmitted. D. Hosts wait for the token to be paased and then resume transmitting data as they pass the token.

B. All host stop transmitting and each host waits a random period of time before attempting to transmit again.

100. Which of the following is not a typical part of a penetration test report? A. A list of identified vulnerabilities B. All sensitive data that was gathered during the test C. Risk ratings for each issue discovered D. Mitigation guidance for issues identified

B. All sensitive data that was gathered during the test

83. What type of firewall is know as a second-generation firewall? A. Static packet filtering firewalls B. Application-level gateway firewalls C. Stateful inspection firewalls D. Unified Threat Management

B. Application-level gateway firewalls

32. Earlier this year, the information security team at Jim's employer identified a vulnerability in the web server that Jim is responsible for maintaining. He immediately applied the patch and is sure that it installed properly, but the vulnerability scanner has continued to flag the system as vulnerable even though Jim is sure the patch is installed. Which of the following options is Jim's best choice to deal with the issue? A. Uninstall and reinstall the patch. B. Ask the information security team to flag the system as patched and not vulnerable. C. Update the version information in the web server's configuration. D. Review the vulnerability report and use alternate remediation instructions if they are provided.

B. Ask the information security team to flag the system as patched and not vulnerable.

87. What should Ben do if the FAR and FRR shown in this diagram does not provide an acceptable performance level for his organization's needs? A. Adjust the sensitivity of the biometric devices. B. Assess other biometric systems to compare them. C. Move the CER D. Adjust the FRR settings in software.

B. Assess other biometric systems to compare them.

3. What term is used to describe a starting point for a minimum security standard? A. Outline B. Baseline C. Policy D. Configuration guide

B. Baseline

44. What term is used to describe a set of common security configurations, often provided by a third party? A. Security policy B. Baseline C. DSS D. SP 800

B. Baseline

55. Yolanda is writing a document that will provide configuration informmation regarding the minimum level of security that every system in the organization must meet. What type of document is she preparing? A. Policy B. Baseline C. Guideline D. Procedure

B. Baseline

92. Tommy is planning to implement a power conditing UPS for a rack of servers in his data center. Which one of the following conditions will the UPS be unable to protect against if it persists for more than a few minutes? A. Fault B. Blackout C. Sag D. Noise

B. Blackout

86. Gina is the fiewall administrator for a small business and recently installed a new firewall. After seeing signs of unusally heavy network traffic, she checked the intrusion detection system, which reported that a faggle attack was underway. What firewall configuration change can Gina make to most effectively prevent this attack? A. Block ICMP echo reply packets from entering the network. B. Block UDP port 7 and 9 traffic from entering the network. C. Block the destination address of the attack. D. Block the destination address of the attack.

B. Block UDP port 7 and 9 traffic from entering the network.

68. Cable modems, ISDN, and DSL are all examples of what type of technology? A. Baseband B. Broadband C. Digital D. Broadcast

B. Broadband

72. Which one of the following laws requires that communications service providers cooperate with law enforcement requests? A. ECPA B. CALEA C. Privacy Act D. HITECH Act

B. CALEA

10. Which authentication protocol commonly used for PPP links encrypts both the username and password and uses a challenge/response dialog that cannot be replayed and periodically reauthenticates remote systems throughtout its use in a session? A. PAP B. CHAP C. EAP D. LEAP

B. CHAP

6. Which one of the following attack types attempts to exploit the trust relationship that a user's browser has with other websites by forcing the submission of an authenticated request to a third-party site? A. XSS B. CSRF C. SQL injection D. Session hijacking

B. CSRF

68. What type of attack is the creation and exchange of state tokens intended to prevent? A. XSS B. CSRF C. SQL injection D.XACML

B. CSRF

69. NIST SP 800-60 provides a process shown in the following diagram to assess information systems. What process does this diagram show? PROCESS INPUTS Identify Information Systems: [1. Identify Information Types]▪[2. Select Provisional Impact Levels]▪[3. Review Provisional Impact Levels]▪[Adjust/Finalize Information Import Levels]▪[4. Assign System Security Category] RROCESS Process Outputs... Security Categorization FIPS 200/SP 800-53 A. Selecting a standard and implementing it B. Categorizing and selecting controls C. Baselining and selecting controls D. Categorizing and sanitizind

B. Categorizing and selecting controls

14. Which of the following is not a potential problem with active wireless scanning? A. Accidently scanning apparent rogue devices that actually belong to guests B. Causing alarms on the organization's wierless IPS C. Scanning devices that belongs to nearby organizations D. Misidentifying rogue devices

B. Causing alarms on the organization's wireless IPS

66. Who is the ideal person to approve an organization's business continuity plan? A. Chief information officer B. Chief executive officer C. Chief information security officer D. Chief operating officer

B. Cheif executive officer

40. Which one of the following individuals would be the most effective organizational owner for an information security program? A. CISSP-certified analyst B. Chief information officer C. Manager of network security D. President and CEO

B. Cheif information officer

13. Gary is preparing to create an account for a new user and assign privileges to the HR database. What two elements of information must Gary verify before granting this access? A. Credentials and need to know B. Clearance and need to know C. Password and clearance D. Password and biometric scan

B. Clearance and need to know

55. Which one of the following is not an effective control against SQL injection attacks? A. Escaping B.Client-side input validation C. Parameterization D. Limiting database permissions

B. Client-side input valdidation

53. Beth is selecting a disaster recovery facility for her organization. She would like to choose a facility that has appropriate environmental controls and power for her operations but wants to minnimize costs. She is willing to accept a lengthy recovery time. What type of facility should she choose? A. Hot site B. Cold site C. Warm site D. Service bureau

B. Cold site

80. The security administrators at the company that Susan works for have configured the workstation she uses to allow her to log in only during her work hours. Whatvtype of access control best describes this limitation? A. Constrained interface B. Context- dependent control C. Content-dependent control D. Least privilege

B. Context-dependent control

9. What major issue often results from decentralized access control? A. Access outages may occur. B. Control is not consistent. C. Control is too granular. D. Training costs are high.

B. Control is not consistent

37. Alan works for an e-commerce company that recently had some content stolen by another website and republished without permission. What type of intellectual property protection would best preserve Alan's company's rights? A. Trade secret B. Copyright C. Trademark D. Patent

B. Copyright

32. Which of the following drawbacks is a concern when multilayer protocols are allowed? A. A range of protocols may be used at higher layers. B. Covert channels are allowed. C. Filters cannot be bypassed. D. Encryption can't be incorporated at multiple layers.

B. Covert channels are allowed.

31. Sue's employer has asked her to use an IPsec VPN to connect to its network. When Sue connects, what does the IPsec VPN allow her to do? A. Send decrypted data over a public network and act like she is on her employer's internal network. B. Create a private encrypted network carried via a public network and act like she is on her employer's internal network. C. Create a virtual private network using TLS while on her employer's internal network. D. Create a tunneled network that connects her employer's network to her internal home network.

B. Create a private encrypted network carried via a public network and act like she is on her employer's internal network.

96. What issues occurs when data transmitted over one set of wires is picked up by another set of wires? A. Magnetic interference B. Crosstalk C. Transmission absorption D. Amplitude modulation

B. Crosstalk

46. Susan has been asked to recommend whether her organization should use a mandatory access control scheme or a discretionary access control scheme. If flexibility and scalability is an important requirement for implementing access controls, which scheme should she recommend and why? A. MAC, because it provides greater scalability and flexibility because you can simply add more labels as needed B. DAC, because allowing individual administratots to make choices about the objects they control provides scalability and flexibility C. MAC, because compartmentalization is well suited to flexibility and adding compartments will allow it to scale well D. DAC, because a central decision process allows quick responses and will provide scalability by reducing the number of decisions required and flexibility by movingthose decisions to a central authority

B. DAC, because allowing individual administrators to make choices about the objects they control provides scalability and flexibility

19.During troubleshooting, Chris uses the ns lookup command to check the IP address of a host he is attempting to connect to. The IP that should resolve when the lookup is done. What type of attack has likely been conducted? A. DNS spoofing B. DNS poisoning C. ARP spoofing D. A Cain attack

B. DNS poisoning

30. Full disk encryption like Microsoft's BitLocker is used to protect data in what state? A. Data in transit B. Data at rest C. Unlabeled data D. Labeled data

B. Data at rest

29. What is the primary information security risk to data at rest? A. Improper classification B. Data breach C. Decryption D. Loss of data integrity

B. Data breach

64. A hacker recently violated the integrity of data in Jame's company by modifying a file using a precise timing attack. The attacker waited until James verified the integrity of a file's contents using a hash value and then modified the file between the time that James verified the integrity and read the contents of the file. What type of attack took place? A. Social engineeing B. TOCTOU C.Data diddling D. Parameter checking

B. Data diddling

66. Data stored in RAM is best characterized as what typeof data? A. Data at rest B. Data in use C. Data in transit D. Data at large

B. Data in use

84. Lauren's multinational company wants to insure compliance with the EU Data Protection. If she allows data to be used aganist the requirements of the notice principle and against what users selected in the choice principle, what principle has her organization violated? A. Onward transfer B. Data integrity C. Enforcement D. Access

B. Data integrity

13. What term describes data that remains after attempts have been made to remove the data? A.Residual bytes B. Data remanence C. Slack space D. Zero fill

B. Data remanence

27. The government defense contractor that Saria works for has recently shut down a major research project and is planning on reusing the hundreds of thousands of dollars of systems and data storage tapes used for the project for others purposes. When Saria reviews the company's internal processes, she finds that she can't reuse the tapes and that the manual says they should be destroyed. Why isn't Saria allowed to degauss and then reuse the tapes to save her employer money? A.Data permanence may be an issue. B. Data remanence is a concern. C. The tapes may suffer from bitrot. D. Data from tapes can't be erased by degaussing.

B. Data remanence is a concern.

34. Which one of the following categories of organizations is most likely to be covered by the provisions of FISMA? A. Banks B. Defense contractors C. School districts D. Hospitals

B. Defense contractors

28. Florian and Tobias would like to begin communicating using a symmetric cryptoosystem but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key? A. IDEA B. Diffie-Hellman C. RSA D. MD5

B. Diffie-Hellman

98. Which of the following types of access controls do not describe a lock? A. Physical B. Directive C. Preventative D. Deterrent

B. Directive

67. Jim's organization uses fax machines to receive sensitive data. Since the fax machine is located in a public area, what actions should Jim take to deal with issues related to faxes his organization receives? A. Encrypt the faxes and purge local memory. B. Disable automatic printing and purge local memory. C. Encrypt faxes and disable automatic printing. D. Use link encryption and enable automatic printing.

B. Disable automatic printing and purge local memory.

17. Ben has configured his network to not broadcast a SSID. Why might Ben disable SSID broadcast, and how could his SSID be discovered? A. Disabling SSID broadcast prevents attackers from discovering the encryption key. The SSID can be recovered from decrypted packets. B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using wireless sniffer. C. Disabling SSID broadcast prevents issues with beacon frames. The SSID can be recovered by reconstructing the BSSID. D. Disabling SSID broadcast helps avoid SSID conflicts. The SSID can be discovered by attempting to connect to the network.

B. Disabling SSID broadcast hides networks from unauthorized personnel. The SSID can be discovered using a wireless sniffer.

62. What action can you take to prevent accidental data disclosure due to wear leveling on an SSD device before reusing the drive? A. Reformatin B. Disk encryption C. Degaussing D. Physical destruction

B. Disk encryption

23. Susan would like to configure IPsec in a manner that provides confidentiality for the content of packets. What component of IPsec provides this capability? A. AH B. ESP C. IKE D. ISAKMP

B. ESP

72. What is the best way to secure files that are sent from workstation A via the Internet service (C) to remote server E? A. Use AES at rest at point A, and TLS in transit via B and D. B. Encrypt the data files and send them. C. Use 3DES and TLS to provide double security. D. Use full disk encryption at A and E, and use SSL at B and D.

B. Encrypt the data files and send them.

80. Ben is responsible for the security of payment card information stored in a database. Policy directs that he remove the information from the database, but he cannot do this for operational reasons. He obtained an exception to policy and is seeking an appropriate compensating control to mitigate the risk. What would be his best option? A. Purchasing insurance B. Encrypting the database contents C. Removing the data D. Objecting to the exception

B. Encrypting the database contents

71. Which one of the following tools provides an organization with the greastest level of protection against a software vendor going out of business? A. Service-level agreement B. Escrow agreement C. Mutual assistance agreement D. PCI DSS compliance agreement

B. Escrow agreement

77.Whìch of the following tasks are not performed by a system owner per NIST SP 800-18? A. Develops a system security plan B. Establishes rules for appropriate use and protection of data C. Identifies and implements security controls D. Ensures that system users receive appropriate security training

B. Establishes rules for appropriate use and protection of data

84. Steve has been tasked with implementing a network storage protocol over an IP network. What storage-centric converged protocol is he likely to use in his implementation? A. MPLS B. FCoE C. SDN D. VoIP

B. FCoE

23. During a port scan using nmap, Joseph discovers that a system shows two ports open that cause him immediate worry: 21/open 23/open What services are likely runningon those ports? A. SSH and FTP B. FTP and Telnet C. SMTP and Telnet D. POP3 and SMTP

B. FTP and Telnet

26. What problems with FTP and Telnet makes using SFTP and SSH better alternatives? A. FTP and Telnet aren't installed on many systems. B. FTP and Telnet do not encrypt data. C. FTP and Telnet have known bugs and are no longer mainained. D. FTP and Telnet are difficult to use, making SFTP and SSH the perferred solution.

B. FTP and Telnet do not encrypt data.

67. Kathleen is reviewing the code for application. She first plans the review, conducts an overview session with the reviews and assigns roles, and then works wwith the reviewers too review materials and prepare for their roles. Next, she intends to review the code, rework it, and ensure that all defects found haave been corrected. What type of review is Kathleen conducting? A. A dynamic test B. Fagan insspection C. Fuzzing D. A Roth-Parker review

B. Fagan inspection

88. Beth would like to include technology in a secure area of her data center to protect against unwanted electromagnetic emanations. What technology would assit her with this goal? A. Heartbeat sensor B. Faraday cage C. Pigglybacking D. WPA2

B. Faraday cage

50. Google's identity integration with a vaiety of organizations and applications across domains is an example of which of the following? A. PKI B. Federation C. Single sign-on D. Provisioning

B. Federation

91. A software company developed two system that share information. System A provides information to the input of System B, which then reciprocates by providing information back to System A as input. What type of composition theory best describes this practice? A. Cascading B. Feedback C. Hookup D. Elementary

B. Feedback

16. Saria wants to log and review traffic information between parts of her network. What type of network logging should she enable on her routers to allow her to perform this analysis? A. Audit logging B. Flow logging C. Trace logging D. Route logging

B. Flow logging

50. What law serves as the basis for privacy rights in the United States. A. Privacy Act of 1974 B. Fourth Amendment C. First Amendment D. Electronic Communication Privacy Act of 1986

B. Fourth Amendment

90. What legal protection prevents law enforcement agencies from searching a facility or electronic system without either probable cause or consent? A.First Amendment B. Fourth Amendment C. Fifth Amendment D. Fifteenth Amendment

B. Fourth Amendment

44. What four types of coverage criteria are commonly used when validating the work of a code testing suite? A. Input , statement, branch, and condition coverage B. Function, statement, branch, and condition coverage C. API, branch, bounds, and condition coverage D. Bounds, branch, loop, and condition coverage

B. Function, statement, branch, and condition coverage

83. Which of the following is not an issue wgen using fuzzing to find program faults? A. They often find only simple faults. B. Fuzz testing bugs are often servere. C. Fuzzers may not fully cover the code. D. Fuzzers can't repoduce errors.

B. Fuzz testing bugs are often severe.

73. Every year, Gary receives privacy notices in the mail from financial institutions where he has accounts. What law requires the institutions to send Gary these notices? A. FERPA B. GLBA C. HIPAA D. HITECH

B. GLBA

99. NIST specifies four attack phase steps: gaining acess, escalating privileges, system browsing, and installing additional tools. Once attackers install additional tools, what phase will a penetration tester typically return to? A. Discovery B. Gaining access C. Escalating privileges D. System browsing

B. Gaining access

41. Chris uses the standard penetration testing methodology shown here. Use this methodology and your knowledge of penetration testing to answer the following questions about tool usage during a penetration test. Refer to page in 124 in book. What task is the most important during Phase 1, Planning? A. Building a testlab B. Getting authorization C. Gathering appropriate tools D. Determining if the test is white, black, or gray box

B. Getting authorization

6. Bob is a security administrator with the federal government and wishes to choose a digital signature approach that is an approved part of the federal Digital Signature Standard under FIPS 186-4. Which one of the following encryption algorithms is not an acceptable choice for use in digital signature? A. DSA B. HAVAL C. RSA D. ECDSA

B. HAVAL

Lauren's organization has used a popular instant messaging service for a number of years. Recently, concerns have been raised about the use of instant messaging. Using the diagram below, answer questions 29 through 31 about instant messaging. Refer to page 78 in book. (Internet)__________IM Traffic via TCP 80______[B] ••••A Firewall ■ Router ● Switch □ ••••••••••••••MI Traffic via TCP 80 ••••••••••••[A] [B] 29. What protocol is the instant messaging traffic most likely to used based on the diagram? A. AOL B. HTTP C. SMTP D. HTTPS

B. HTTP

29. Which one of the following organizations would not be automatically subject to the terms of HIPAA if they engage in electronic transactions? A. Healthcare provider B. Health and fitness application developer C. Health information clearinghouse D. Health insurance plan

B. Health and fitness application developer

1. When desgning an object-oriented model, which of the following situations is ideal? A. High cohesion, high coupling B. High cohesion, low coupling C. Low cohesion, low coupling D. Lo cohesion, high coupling

B. High cohesion, low coupling

34. Chris uses a cellular hot spot ( modem) to provide Internet acess when he is traveling. If he leaves the hot spot connected to his PC while his PC is on his organization's corporate network, what security issue might he cause? A. Traffic may not be routed properly, exposing sensitive data. B. His system may act as a bridge from the Internet to the local network. C. His system may be a portal for a reflected DDoS attack. D. Security administrators may not be able to determine his IP address if a security issue occurs.

B. His system may act as a bridge from the Internet to the local network.

43. Which of these concerns is the most import ant to address during planning to ensure the reporting phase does not cause problems? A. Which CVE format to use B. How the vulnerability data will be stored and sent C. Which targets are off limits D. How long the reportshould be

B. How the vulnerability data will be stored and sent

89. In a virtualized computing environment, what component is responsible for enforcing separation between guest machines? A. Guest operation system B. Hypervisor C. Kernel D. Protection manger

B. Hypervisor

71. Ben is seeking a control objective framework that is widely accepted around the world and focuses specifically on information security controls. Which one of the following frameworks would best meet his needs? A. ITIL B. ISO 27002 C. CMM D. PMBOK Guide

B. ISO 27002

36. When a subject claims an identity, what process is occurring? A. Login B. Identification C. Authorization D. Token presentation

B. Identification

44. If Alex's organization is one that is primarily made up of offsite, traveling users, what availability risk does integration of critical business applications to onsite authentication create and how could he solve it? A. Third-party integration may not be trustworthy; use SSL and digital signatures. B. If the home organization is offline, traveling users won't be able to access third-party applications; implement a hybrid cloud/local authentication system.. C. Local users may not be properly redirected to the third-party services; implement a local gateway. D. Browsers may not properly redirect; host files to ensure that issues with redirects are resolved.

B. If the home organization is offline, traveling users won't be able to access third-party applications; implement a hybrid cloud/local authentication system.

22. Which one of the following actions might be taken as part of a business continuity plan? A. Restoring from backup tapes B. Implementing RAID C. Relocating to a cold site D. Restarting business operations

B. Implementing RAID

31. How could Lauren's copany best address a desire for secure instant messaging for users of internal systems A and C? A. Use a 3rd party instant messaging service. B. Implements and use a locally hosted IM service. C. Use HTTPS. D. Discontinue use of IM and instead use email, which is more secure.

B. Implements and use a locally hosted IM service.

75. Gary is designing a database-driven application that relies on the use of aggregate functions. Which one of the following database concurrency issues might occur with aggregate functions and should be one of Gary's top concern? A. Lost updates B. Incorrect summaries C. SQL injections D. Dirty reads

B. Incorrect summaries

38. Susan's organization is updating its password policy and wants to use the strongest possible passwords. What password requirement will have the highest impact in preventing brute force attacks? A.Change maximum age from 1year to 180 days. B. Increase the minimum password length from 8 characters to 16 characters. C.Increase the password complexity sothat at least three character classes (such as uppercase, lowercase, numbers, and symbols) are required. D. Retain a password history of at least four passwords to prevent reuse.

B. Increase the minimum password length from 8 characters to 16 characters.

13. What concept in object-oriented programming allows a subclass to access methods belonging to a superclass? A. Polymorphism B. Inheritance C. Coupling D. Cohesion

B. Inheritance

15. Which one of the following controls would best protect an application against buffer overflow attacks? A. Encryption B. Input validation C. Firewall D. Intrusion prevention system

B. Input validation

53. Process_________________ ensures that any behavior will affect only the memory and resources associated with a process. A. Restriction B. Isolation C. Limitation D. Parameters

B. Isolation

73. The VM adminisitrators recommend enabling cut and paste between virtual machines. What security concern should Ben raise about this practice? A. It can cause a denial of service condition. B. It can serve as a cover channel. C. It can allow viruses to spread. D. It can bypass authentication controls.

B. It can serve as a covert channel.

59. Which one of the following is not a requirement for an invention to be patentable? A. It must be new. B. It must be invented by an American citizen. C. It must be nonobvious. D. It must be useful.

B. It must be invented by an American citizen.

19. What tasks must the client perform before it can use the TGT? A. It must generate a hash of the TGT and decrpt the symmetric key. B. It must install the TGT and decrypt the symmetric key. C. It must decrypt the TGT and the symmetric key. D. it must send a valid response using the symmetric key to the KDC and must install the TGT.

B. It must install the TGT and decrypt the symmetric key.

90. What danger is created by allowing the OpenID relying party to control the connection tothe OpenID provide? A. It may cause incorrect selection of proper OpenID provider. B. Its creates the possibility of a phishing attack by sending data to a fake OpenID provider. C. The relying party may be able to steal the clientz's username and password. D. The relying party may not send a signed assertion.

B. Its creates the possibility of a phishing attack by sending data to a fake OpenID provider.

97. What two key issues with the implementation of RC4 make Wired Equivalent Privacy (WEP) even weaker than it might other wise be? A. Its use of a static common key and client-set encryption algorithms B. Its use of a static common key and a limited numberof initialization vectors C. Its use of weak asymmetric keys and a limited number of initialization vectors D. Its use of a weak asymmetric key and client-set encryption algorithms

B. Its use of a static common key and a limited number of initialization vectors

99.What authenttication protocol does Windows use by default for Active Directory systems? A. RADIUS B. Kerrberos C. OAuth D. TACACS+

B. Kerberos

32. What cryptographic principle stands behind the idea that cryptographic algorithms should be open to public inspection? A. Security through obscurity B. Kerchoff principle C. Defense in deth D. Heisenburg principle

B. Kerchoff principle

6.Which of the following items are not commonly associated with restricted interfaces? A. Shells B. Keyboards C. Menus D. Database views

B. Keyboards

55. Microsoft's Active Directory Domain Services is based on which of the following technologies? A. RADIUS B. LDAP C. SSO D. PKI

B. LDAP

26. The Address Resolution Protocol (ARP) and the Reverse Address Resolution Protocol (RARP) operate at what layer of the OSI model? A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4

B. Layer 2

42. Javier is verifying that only IT system administrators have the ability to log on to servers used for administrative purposes. What principle of information security is he enforcing? A. Need to know B. Least privilege C. Two-person control D. Transitive trust

B. Least privilege

Questions 11-14 refer to the following scenario. Gary was recently hired as the first cheif information security officer (CISO) for a local government agency. The agency recently suffered a security breach and is attempting to build a new information security program. Gary would like to apply some best practices for security operations as he designing this program. 11. As Gary decides what access permissions he should grant to each user, what principle should guide his decisions sbout default permissions? A. Separation of duties B. Least privilege C. Aggregation D. Separation of privileges

B. Least privilege

99. What type of virus works by altering the system boot process to redirect the BIOS to load malware before the operating system loads? A. File infector B. MBR C. Polymorphic D. Service injection

B. MBR

49. Florian is building a diaster recovery plan for his organization and would like to determine the amount of time that a particular IT service may be down without casing serious the amount of time that a particular IT service may be down without causing serious damage to business operations. What variable is Florian calculating? A. RTO B. MTD C. RPO D. SLA

B. MTD

18. Karen's oranganization has been performing system backups for years but has not used the backups frequently. During a recent system outage, when administrators tried to restore from backups they found that the backups had errors and could not be restored. Which of the following options should Karen avoid when selecting ways to ensure that her organization's backups will work next time? A. Log review B. MTD verification C. Hashing D. Periodic testing

B. MTD verification

54. Harold is assessing the susceptibility of his environment to hardware failures and would like to identify the expected lifetime of a piece of hardware. What measure should he use for this? A. MTTR B. MTTF C. RTO D. MTO

B. MTTF

56. Which one of the following individuals poses the greatest risk to security in most well-defended organizations? A. Political activist B. Malicious insider C. Script kiddie D. Thrill attacker

B. Malicious insider

44. Tim is a forensic analyst who is attempting to retrieve information from a hard drive. It appears that thebuser attempted to erase the data, and Tim is trying to reconstruct it. What type of forensic analysis is Tim performing? A. Software analysis B. Media analysis C. Embedded device analysis D. Network analysis

B. Media analysis

27. Which one if the following is not an example of a backup tape rotation scheme? A. Grandfather/Father/Son B. Meet in the middle C. Tower of Hanoi D. Six Cartridge Weekly

B. Meet in the middle

47. In an object-oriented programming language, what does one object invoke in a second object to interact with the second object? A. Instance B. Method C. Behavior D. Class

B. Method

43. Which one of the following is not a technique used by virus authors to hide the existence of their virus from antimalware software? A. Stealth B. Multipartitism C. Polymorphism D. Encryption

B. Multipartitism

4l. What tool is used to prevent employees who leave from sharing proprietary information with their new employers? A. Encryption B. NDA C. Classification D. Purging

B. NDA

21. What technology should an organization use for each of the devices shown in the diagram to ensure that logs can be time sequenced across the entire infrastructure? A. Syslog B. NTP C. Logsync D. SNAP

B. NTP

76. You are performing an investigation into a potential bot infection on your network and wish to perform a forensic analysis of the information that passed between different systems on your network and those on the Internet.You believe that the information was likely encrypted. You are beginning your investigation after the activity concluded. What would be the best and easiest way to obtain the source of this information? A.Packet captures B. Netflow data C. Intrusion detection system logs D. Centralized authentication records

B. Netflow data

47. Which of the following is not an interface that is typically tested during the software testing process? A. APIs B. Network interfaces C. UIs D. Physical interfaces

B. Network interfaces

3. During a port scan, Lauren found TCP port 443 open on a system. Which tool is best suited to scanning the service that is most likely running on that oort? A. zzuf B. Nikto C. Metasoloit D. sqlmap

B. Nikto

100. Which one of the following is an administrative control that can protect the confidentiality of information? A. Encryption B. Non-disclosure agreement C. Firewall D. Fault tolerance

B. Non-disclosure agreement

73. Jim wants to allow cloud-based applications to act on his behalf to access information from other sites. Which of the following tools can allow that? A. Kerberos B. OAuth C. OpenID D. LDAP

B. OAuth

71. During an nmap scan, what three porential statuses are provided for a port? A. Open, unknown, closed B. Open, closed, and filtered C. Available, denied, unknown D. Available, unavailable, filtered

B. Open, closed, and filtered

41. What type of software program exposes the code to anyone who wishes to inspect it? A. Close source B. Open-source C. Fixed source D. Unrestricted source

B. Open-source

6. Susan needs to scan a system for vulnerabilities, and she wants to use an open source tool to test the system remotely. Which of the following tools will meet her requirements and allow vulnerability scanning? A. Namp B. OpenVAS C. MBSA D. Nessus

B. OpenVAS

49. What type of attack is demonstrated in the C programming language example below? int myarray[10] ; myarray [10] = 8 ; A. Mismatched data types B. Overflow C. SQL injection D. Covert channel

B. Overflow

69. In the digram shown here, which is an example of an attribute? Account Balance: currency = 0 Owner : string AddFunds(deposit: currency) RemoveFunds (withdrawal: currency) A. Account B. Owner C. AddFunds D. None of the above

B. Owner

35. Robert is responsible for securing systems used to process credit card information. What standard should guide his actions? A. HIPAA B. PCI DSS C. SOX D. GLBA

B. PCI DSS

56. What type of project management tool is shown in the figure? Refer to page 171 in the book. A. WSB chart B. PERT chart C. Gant chart D. Wireframe diagram

B. PERT chart

82. What type of health information is the Health Insurance Portability and Accountability Act required to protect? A. PII B. PHI C.SHI D. HPHI

B. PHI

90. Rick is an application developer who works primarily in Python. He recently decided to evaluate a new service where he provides his Python code to a vendor who then executes it on their server environments. What type of cloud computing environment is this service? A. SaaS B. PaaS C. IaaS D. CaaS

B. PaaS

78. What type of disater recovery test activates the alternate processing facility and uses it to conduct transactions but leaves the primary site up and runnings? A. Full interruption test B. Parallel test C. Checklist review D. Tabletop exercise

B. Parallel test

32. Which of the following is not a common threat to acess control mechanisms? A. Fake login pages B. Phishing C. Dictionary attacks D. Man- in- the- middle attacks

B. Phishing

82. Which of the following is not an access control layer? A. Physical B. Policy C. Adminstrative D. Technical

B. Policy

36. Greg is battling a malware outbreak in his organization. He used specialized malware analysis tools to capture samples of the malware from three different systems and noticed that the code is changing slightly from infection to infection. Greg believes that this is the reason that antivirus software is having a touch time defeating the outbreak. What type of malware should Greg suspect is responsible for this security incident? A. Stealth virus B. Polymorphic virus C. Multipartite virus D. Encrypted virus

B. Polymorphic virus

16. Berta is analyzing the logs of the Windows Firewall on one of her servers and comes across the entries shown in this figure. What type of attack do these entries indicate? 2016-04-2105:14:52DROPTCP192.168.250.4192.168.42.14 4004 21-RECEIVE 2016-04-21 05:14:53DROPTCP192.168.250.4192.168.42.14400522-RECEIVE 2016-04-2105:14:54DROPTCP192.168.250.4192.168.42.14400623-RECEIVE 2016-04-2105:14:56DROPTCP192.168.250.4192.168.42.14400725-RECEIVE 2016-04-2105:14:59DROPTCP192.168.250.4192.168.42.14400853-RECEIVE 2016-04-2105:15:02DROPTCP192.168.250.4192.168.42.14400980-RECEIVE 2016-04-2105:15:03DROPTCP192.168.250.4192.168.42.144010111RECEIVE 2016-04-2105:15:04DROPTCP192.168.250.4192.168.42.144011111RECEIVE A. SQL injection B. Port scan C. Teardrop D. Land

B. Port scan

78. Which of the following database keys is used by an RDBMS to uniquely identify each row in a database table? A. Foreign key B. Primary key C. Candidate key D. Referential key

B. Primary key

51. Which one of the following is not a canon of the (ISC)2 code of ethics? A. Protect society , the common good, neccessary public trust and confidence, and the infrastructure. B. Promptly report security vulnerabilities to relvant authorities. C. Act honorably, honestly, justly, responsibly, and legally. D. Provide diligent and competent service to principals.

B. Promptly report security vulnerabilities to relevant authorities.

7. Which one of the following might a security team use on a honeypot system to consume an attacker's time while alerting administrators? A. Honeynet B. Pseudoflaw C. Warning banner D. Darknet

B. Pseudoflaw

91. Which type of business impact assessment tool is most appropriate when attempting to evaluate the impact of a failure on customer confidence? A. Quantitative B. Qualitative C. Annualized loss expectancy D. Reduction

B. Qualitative

81. What level of RAID is also known as disk mirroring? A. RAID-0 B. RAID-1 C. RAID-5 D. RAID-10

B. RAID-1

Ben's organization has began to use STRIDE to assess their software, and has identified threat agents and the business impacts that these threats could have. Now they are working to identify appropriate controls for the issues they have identified. Use the STRIDE model to answer the following three questions. 79. Ben's development team needs to address an authorization issue, resulting in an elevation of privledge threat. Which of the following controls is most appropriate to this type of issue? A. Auditing and lodding is enabled. B. RBAC is used for specific operations. C. Data type and format check are enabled. D. Ussr input is tested against a whitelist.

B. RBAC is used for specific operations.

53. What type of vulnerability does a TOC/TOU attack target? A. Lack of input validation B. Race condition C. Injection flaw D. Lack of encryption

B. Race condition

33. What term property ddescribes what occurs when two or more processes require access to the same resource and must complete their tasks in the proper order for normal function? A. Collisions B. Race conditions C. Determinism D. Out-of-order execution

B. Race conditions

31. What passive monitoring technique records all user interaction with an application or website to ensure quality and performance? A. Client/serve testing B. Real user monitoring C. Synthetic user monitoring D. Passive user recording

B. Real user monitoring

60. Which of the following is not a part of the European Union's Data Protection principles? A. Notice B. Reason C. Security D. Access

B. Reason

62. Brandon observes that an authorized user of a system on his network recently misused his account to exploit a system vulnerability against a shared server that allowed him to gain root access to the server. What type of attack took place? A. Denial of service B. Privilege escalation C. Reconaissance D. Brute force

B. Reconaissance

92. RAID- 5 is an example of what type control? A. Administrative B. Recovery C. Compensation D. Logical

B. Recovery

58. Which one of the following conditions may make an application most vulnerable to a cross-site scripting (XSS) attack? A. Input valdation B. Reflected input C. Unpatched server D.Promiscuous firewall rules

B. Reflected input

52. When Chris verifies an individual's identity and adds a unique identifier like a user ID to an identity system, what process has occurred? A. Identity proofing B. Registration C. Directory management D. Session management

B. Registration

18. Robert is working with Acme Widgets on a strategy to advance their software development practices. What SW-CMM stage should be their next target milestone? A. Defined B. Repeatable C. Initial D. Managed

B. Repeatable

86. At which level of the Software Capability Maturity Model (SW-CMM) does an organization introduce basic life-cycle management processes? A. Initial B. Repeatable C. Defined D. Managed

B. Repeatable

91. Which one of the following is the proper order of steps in the waterfall model of software development? A. Requirements, Design, Testing, Coding, Maintenance B. Requirements, Design, Coding, Testing, Maintenance C. Design, Requirements, Coding, Testing, Maintenance D. Design, Requirements, Testing, Coding, Maintenance

B. Requirements, Design, Coding, Testing, Maintenance

59. What type of access control is typically used by firewalls? A. Discretionary access controls B. Rule- based access controls C. Task-based access conttrol D. Mandatory access controls

B. Rule-based access controls

11. During a wireless network penetration tests, Susan runs aircrack-ng against the network using a password file. What might couse her to fail in her paasword-cracking efforts? A. Use of WPA2 encryption B. Running WPA2 in Enterprise mode C. Use of WEP encryption D. Running WPA2 in PSK mode

B. Running WPA2 in Enterprise mode

88. What LDAP authentication mode can provide secure authentication? A. Anonymous B. SASL C. Simple D. S-LDAP

B. SASL

13. Tom is responsible for maintaining the security of systems used to control industrial process located within a power plant. What term is used to describe these systems? A. POWER B. SCADA C.HAVAL D. COBOL

B. SCADA

20. What name is given to the random value added to password in an attempt to defeat rainbow table attacks? A. Hash B. Salt C. Extender D. Rebar

B. Salt

85. What technique can application developers use to test applications in an isolated virtualized environment before allowing them on a production network? A. Penetration testing B. Sandboxing C. White box testing D. Black box testing

B. Sandboxing

24. Adjusting the CIS benchmarks to your organization's mission and your specific IT systems would involve what two processes? A. Scoping and selection B. Scoping and tailoring C. Baselining and tailoring D. Tailoring and selection

B. Scoping and tailoring

20. A remote access tool that copies what is displayed on a desktop PC to a remote computer is an example of what type of technology? A. Remote node operation B. Screen scraping C. Remote control D. RDP

B. Screen scraping

20. Which one of the following is an example of an administrative control? A. Intrusion detection system B. Security awareness training C. Firewalls D. Security guards

B. Security awareness training

68. At this point in the incident response process, what term best describes what has occurred in Ann's organization? A. Security occurrence B. Security incident C. Security event D. Security intrusion

B. Security incident

49. Misconfiguration, logical and functional flaws, and poor programming practices are all causes of what type of issue? A. Fuzzing B. Security vulnerabilities C. Buffer overflows D. Race conditions

B. Security vulnerabilities

25. How should you determine what controls from the baseline a given system or software package should receive? A. Consult the custodians of the data. B. Select based on the data classification of the data it stores or handles. C. Apply the same controls to all systems. D. Consult the business owner of the process the system or data supports.

B. Select based on the data classification of the data it stores or handles.

33. The Acme Widgets Company is putting new controls in place for its accounting department. Management is concerned that a rogue accountant may be able to create a new false vendor and then issue checks to that vendor as payment for services that were never rendered. What security control can best help prevent this situation? A. Mandatory vacation B. Separation of duties C. Defense of depth D. Job rotation

B. Separation of duties

58. When designing an access control scheme, Hilda set up roles so that the same person does not have the ability to provision a new user account and assign superuser privileves to an account. What information security principle is Hilda following? A. Least privilege B. Separation of duties C. Job rotation D. Security through obscurity

B. Separation of duties

74. Ben's organization has had issue with unauthorized access to applications and work-stations during the lunch hour when employees aren't at their desk. What are the best type of session management solutions for Ben to recommend to help prevent this type of access? A. Use session IDs for all access and verify system IP addresses of all workstations. B. Set session time-outs for applications and use password protected screensaver with inactivity time-outs on workstations. C. Use session IDs for all applications, and use password protected screensavers with inactivity time-outs on workstations. D. Set session time-outs for applications and verify system IP addresses of all workstations.

B. Set session time-outs for applications and use password protected screensavers with inactivity time-outs on workstations.

12. In the Figure shown below, Sally is blocked from reading the file due to the Biba integrity model. Sally has a Secret security clearance and the file has a Confidential classification. What principle of the Biba model is being enforced? Also refer to page 50 in book. ••••••••Read Request•••••• (Sally)-------------->[Data File] A. Simple Security Property B. Simple Integrity Property C. *-Security Property D. *-Integrity Property

B. Simple Integrity Property

79. Referring to the fire triangle shown below, which one of the following suppression materials attacks a fire by removing the fuel source? ••••••••••••••••Heat•••••••••••• ••••••Chemical Reaction........... •••Oxygen_________________Fuel•••• A. Water B. Soda acid C. Carbon dioxide D. Halon

B. Soda acid

94. Jerome is conducting a forensic investigation and is reviewing database server logs to investigate query contents for evidence of SQL injection. attacks. What type of analysis is he performing? A. Hardware analysis B. Software analysis C. Network analysis D. Media analysis

B. Software analysis

10. Callback to a home phone number is an example of what type of factor? A.Type 1 B. Somewhere you are C. Type 3 D. Geographic

B. Somewhere you are

9. FHSS, DSSS, and OFDM all use what wireless communication methods that occurs over multiple frequencies simultaneously? A. Wi-Fi B. Spread Spectrum C. Multiplexing D. Orthogonal modulation

B. Spread Spectrum

70. Which one of the following statements is true about software testing? A. Static testing works on runtine environments. B. Static testing performs code analysis. C. Dynamic testing uses automated tools but static testing does not. D. Static testing is a more important testing technique than dynamic testing.

B. Static testing performs code analysis

47. Gary intercepts a communication between two individuals and suspects that they are exchanging secret messages. The content of the communication appears to be the image shown below. What type of technique may the individuals use to hide messages inside this image? Refer to page 58 in book. A. Visual cryptography B. Steganography C. Cryptographic hashing D. Transport layer security

B. Steganography

87. If the systems that are being assessed all handle credit card information (and no other sensitive data), at what step would the PCI DSS first play an important role? A. Step 1 B. Step 2 C. Step 3 D. Step 4

B. Step 2

93. What type of encryption is typically used for data at rest? A. Asymmetric encryption B. Symmetric encryption C. DES D. OTP

B. Symmetric encryption

27. What type of monitoring uses simulated traffic to a website to monitor performance? A. Log analysis B. Synthetic monitoring C. Passive monitoring D. Simulated transaction analysis

B. Synthetic monitoring

30. Emily builds a script that sends data to a web application that she is testing. Each time the script runs, it sends a series of transactions with data that fits the expected requirements of the web application to verify that it responds to typical customer behavior. What type of transactions is she using, and what type of test is this? A. Synthetic, passive monitoring B. Synthetics, use case testing C. Actual, dynamic monitoring D. Actual, fuzzing

B. Synthetic, use case testing

57. Jim is working with a penetration testing contractor who proposes using Metasploit as part of her penetration testing effort. What should Jim expect to occur when Metasploit is used? A. Syystem will be scanned for vulnerabilities. B. Systems will have known vulnerabilities eexploited. C. Services will be probed for buffer overflow and other unknown flaws. D. Systems will be tested for zero-day exploits.

B. Systems will have know vulnerabilities exploited.

12. Which of the following AAA protocols is the most commonly used? A. TACACS B. TACACS+ C. XTACACS D. Super TACAS

B. TACACS+

60. In the diagram shown below of security boundaries within a computer system, What component's name has been replaced with XXX? ••••••••• User Space•••••••••• [Process] [Process] [Process] __________________________________________ •••••••••[Referece Monitor]•••••••• ••••••••••••••••••XXX•••••••••• •••••••••••••••••Kernel•••••••• A. Kernel B. TCB C.Security perimeter D. User execution

B. TCB

14. Sonia recently removed an encrypted hard drive from a laptop and moved it to a new device because of a hardware failure. She is having difficulty accessing encrypted content on the drive despite the fact that she knows the user's password. What hardware security feature is likely causing this problem? A. TCB B.TPM C. NIACAP D. RSA

B. TPM

87. A denial of service (DoS) attack that sends fragmented TCP packets is known as what kind of attack? A. Christmas tree B. Teardrop C. Stack killer D. Frag grenade

B. Teardrop

95. Which California law requires conspicuously posted privacy policies on commercial websites that collect the personal information of California residents? A. The Personal Information Protection and Electronic Documents Act B. The California Online Privacy Protection Act C. California Online Web Privacy Act D. California Civil Code 1798.82

B. The California Online Privacy Protection Act

55. The Windows ipconfig command displays the following information: BC-5F-F4-7B-4B-7D What term describes this, and what information can be gathered from it? A. The IP address, the network location of the system B. The MAC address, the network interface card's manufacturer C. The MAC address, the media type in use D. The IPv6 client ID, the network interface card's manufacturer

B. The MAC address, the network interface card's manufacturer

33. Fred's organization allows downgrading of systems for reuse after projects have been finished and the systems have been purged. What concern should Fred raise about the reuse of the systems from his Top Secret classified project for a future project classified as Secret? A. The Top Secret data may be commingled with the Secret data, resulting in a need to relabel the system. B. The cost of the sanitization process may exceed the cost of new equipment. C. The data may be exposed as part of the sanitization process. D. The organization's DLP system may flag the new system due to the difference in data labels.

B. The cost of the sanitization process may exceed the cost of new equipment.

32. Referring to the database transaction shown here, what would happen if no account exists in the Accounts table with account number 1001? BEGIN TRANSACTION UPDATE accounts Set balance = balance + 250 WHERE account_number = 1001; UPDATE accounts SET balance = balance - 250 WHERE account_number = 2002; END TRANSACTION A. The database would create a new account with this account number and give it a 250 balance. B. The database would ignore that command and still reduce the balance of the second account by $250. C. The database would roll back the transaction, ignoring the results of both commands. D. The database would generate an error message.

B. The database would ignore that command and still reduce the balance of the second account by $250.

4. When media is labeled based on the classification of the data it contains, what rule is typically applied regarding labels? A. The data is labeled based on its integrity requirements. B. The media is labeled based on the highest classification level of the data it contains. C. The media is labeled with all levels of classification of the data it contains. D. The media is labeled with the lowest level of classification of the data it contains.

B. The media is labeled based on the hightest classification level of the data it contains.

74.The European Union (EU) Data Protection Directive's seven principles do not include which of the following key elements? A. The need to inform subjects when their data is being collected B. The need to set a limit on how long data is retained C. The need to keep the data secure D. The need to allow data subjects to be able to access and correct their data

B. The need to set a limit on how long data is retained

61. Ben's company, which is based in the EU, hires a third-party organization that processes data for it. Who has responsibility to protect the privacy of the data and ensure that it isn't used for anything other than its intended purpose? A. Ben's company is responsible. B. The third-party data processor is responsible. C. The data controller is responsible. D. Both organizations bear equal responsibility.

B. The third-party data processor is responsible.

42. Which pair of the following factors are key for user acceptance of biometric identification system? A. The FAR B. The throughput rate and the time required to enroll C. The CER and the ERR D. How often users must reenroll and the reference profile requirements

B. The throughput rate and the time required to enroll

18. Why is it cost effective to purchase high- quality media to contain sensitive data? A. Expensive media is less likely to fail. B. The value of the data often far exceeds the cost of the media. C. Expensive media is easier to encrypt. D. More expensive media typically improves data integrity.

B. The value of the data often far exceeds the cost of the media.

80. What challenge is most common for endpoint security system deployments? A. Compromises B. The volume of data C. Monitoring encrypted traffic on the network D. Handling non-TCP protocols

B. The volume of data

58. Chris manage a team of system administrators. What data role are they fulfilling if they conduct steps 6,7, and 8 of the classification process? A. They are system owners and administrators. B. They are administrators and custodians. C. They are data owners and administrators. D. They are custodians and users.

B. They are administrators and custodians.

89. One of the findings that Jim made when performing a security audit was the use of non-IP protocols in private network. What issue should Jim point out that may result from the use of these non-IP protocols? A. They are outdated and cannot be used on modern PCs. B. They may not be able to filtered by firewall devices. C. They may allow Christmas tree attacks. D. IPX extends on the IP protocol and may not be supported by all TCP stacks.

B. They may not be able to be filtered by firewall devices.

8. Toni responds to the desk of a user who reports slow system activity. Upon checking outbound network connections from that system, Toni notices a large amount of social media traffic originating from the system. The user does not use social media, and when Toni checks the accounts in question, they contain strange messages that appear encrypted. What is the most likely cause of this traffic? A. Other users are relaying social media requests through Toni's computer. B. Toni's computer is partof a botnet. C. Toni is lying about her use of social media. D. Someone else is using Toni's computer when she is not present.

B. Toni's computer is part of a botnet.

93. Which one of the following security programs is designed to provide employees with the knowledge they need to perform their specific work tasks? A. Awareness B. Training C. Education D. Indoctrination

B. Training

5. If Susan's organization requires her to log in with her username, a PIN, a password, and a retina scan, how many distinct types of factor has she used? A. One B. Two C. Three 4. Four

B. Two

93. What is the minimum number of disks required to implement RAID level 1? A.One B. Two C. Three D. Five

B. Two

28. Helen is implementing a new security mechanism for granting employees administrative privileges in the accounting system. She designs the process so that both the employee's manager and the accounting manager must approve the request before the access is granted. What information security principle is Helen enforcing? A. Least privilege B. Two-person control C. Job rotation D. Separation of duties

B. Two-person control

82. Susan is writing a best practices statement for her organizational users who need to use Bluetooth. She knows that there are many potential security issues with Bluetooth and wants to provide the best advice she can. Which of the following sets of guidance should Susan include? A. Use Bluetooth's built-in strong encryption, change the default PIN on your device, turn off discovery mode, and turn off Bluetooth when it's not in active use. B. Use Bluetooth only for those activities that are not confidential, change the default PIN on your device, turn off discovery mode, and run off Blue tooth when it's not in active use. C. Use Bluetooth's built-in strong encyrption, use extended (8 digit or longer) Bluetooth PINs, turn off discovery mode, and turn off Bluetooth when it's not in a active use. D. Use Bluetooth only for those activities that are not confidential, use extended (8 digit or longer) Bluetooth PINs, turn off discovery mode, and turn off Bluetooth when it's not in active use.

B. Use Bluetooth's only for those activities that are not confidential, change the default PIN on your device, turn off discovery mode, and turn off Bluetooth when it's not in active use.

Questions 19, 20, and 21 refer to the following scenario. The company that Jennifer works for has implemented a central logging infrastructure, as shown in the following image. Use this diagram and your knowledge of logging systems to answer the following questions. Refer to page 119 in the book. 19. Jennifer needs to ensure that all Windows systems provide identical logging information to the SIEM. How can she best ensure that all Windows desktops have the same log settings? A. Perform periodic configuration audits. B. Use Group Policy. C. Use Local Policy. D. Deploy a Windows syslog client.

B. Use Group Policy.

43.Chris is responsible for his organization's security standards and has guided the selection and implementation of a security baseline for Windows PCs in his organization. How can Chris most effectively make sure that the workstations he is responsible for are being checked for compliance and that settings are being applied as necessary? A. Assign users to spot-check baseline compliance. B. Use Microsoft Group Policy. C. Create startedup scripts to apply policyat system start. D. Periodically review the baselineswith the data owner and system owners.

B. Use Microsoft Group Policy.

2. During a security assessment of a wireless network, Jim discovers that LEAP is in use on a network using WPA. What recommendation should Jim make? A. Continue to use LEAP. It provides. better security than TKIP for WPA networks. B. Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported. C. Contiune to use LEAP to avoid authentication issues, but move to WPA2. D. Use an alternate protocol like PEAP or EAP-TLS, and implement Wired Equivalent Privcy to avoid wireless security issues.

B. Use an alternate protocol like PEAP or EAP-TLS and implement WPA2 if supported.

2. Jim's organization-wide implementation of IDaaS offers broad support for cloud-based applications. The existing infrastructure for Jim's company does not use centralized identity services but uses Active Directory for AAA services. Which of the following choices is the best option to recommend to handle the company's onsite identity needs? A. Integrate onsite systems using OAuth. B. Use an on-premise third-party identity service. C. Integrate onsite systems using SAML. D. Design an in-house solution to handle the organization's unique needs.

B. Use an on-premise third-party identity service.

98. Chris is setting up a hotel network, and needs to insure that systems in each room or suit can connect each other, but systems in other suites or rooms cannot. At the same time, he needs to ensure that all systems in the hotel can reach the Internet. What solution should he recommend as the most effective business solution? A. Per- room VPNs B. VLANs C. Port security D. Firewalls

B. VLANs

69. In a software as a Service cloud computing environment, who is normally responsible for ensurinng that appropriate firewall controls are in place? A. Customer's security team B. Vendor C. Customer's networking team D. Customer's infrastructure management team

B. Vendor

Questions 47-49 refer to the following scenario. Juniper Content is a web content development company with 40 employees located in two offices: one in New York and a smaller office in the San Francisco Bay Area. Each office has a local area network protected by a perimeter firewall. The LAN contains modern switch equipment connected to both wired and wireless networks. Each office has its own file server, and the IT team runs software every hour to synchronize files between the two servers, distributing content between the offices. These servers are primarily used to store inages and other files related to web content developed by the company. The team also uses a SaaS-based email and document collaboration solution for much of their work. You are the newly appointed IT manager for Juniper Content and you are working to augment existing security controls to improve the organization's security. 47. Users in the two offices would like to access each other's file servers over the Internet. What control would provide confidentially for those communications? A. Digital signatures B. Virtual private network C. Virtual LAN D. Digital content management

B. Virtual private network

39. Linda communicates with the vendor and determines that no patch is available to correct this vulnerability. Which one of the following devices would best help her defend the application against further attack? A. VPN B.WAF C. DLP D. IDS

B. WAF

20. During normal operations, Jennifer's team uses the SEM appliance to monitor for exceptions recieved via syslog. What system shown des not natively have support for syslog events? A. Enterprise wireless access points B. Windows desktop systems C. Linux web servers D. Enterprise firewall devices

B. Window desktop systems

77. John and Gary are negotiating a business transaction and John must demonstrate to Gary that he has access to a system. He engages in an electronic verion of the "magic door" scenario shown below. What technique is John using? Refer to page 65 in book. A. Split-knowledge proof B. Zero-knowledge proof C. Logical proof D. Mathematical proof

B. Zero-knowledge proof

97. Which one of the following tools might an attacker use to best identify vulnerabilities in a targeted system? A. nmap B. nessus C. ipconfig D. traceroute

B. nessus

33. Angela wants to test a web browser's handling of unexpected data using an automated tool. What should she choose? A. Nmap B. zzuf C. Nessus D. Nikto

B. zzuf

86. Based on the scan results, what OS was the system that was scanned most likely running? A. Windows Desktop B. Linux C. Network device D. Windows Server

B.Linux

89. Susan's organization performs a zero fill on hard drives before they are sent to a third-party organization to be shredded. What issue is her organization attempting to avoid? A. Data remanence while at the third-party site B. Mishandling of drives by the third party C. Classification mistakes D. Data permanence

B.Mishandling of drives by the third party

4. Lauren's and Nick's PCs simltaneously send traffic by transmitting at the same time. What network term describes the rangeof systems on a network that could be affected by this same issue? A. The subnet B. The supernet C. A collision domain D. A broadcast domain

C. A collision domain

90. Embedded data used to help identify the owner of a file is an example of what type of label? A. Copyright notice B. DLP C. Digital watermark D. Steganography

C. Digital watermark

8. Jim has been contracted to perform a penetration test of a bank's primary branch. In order to make the test as real as possible, he has not been given any information about the bank other than its name and address. What type of penetration test has Jim agreed to perform? A. A crystal box penetration test B. A gray box penetration test C. A black box penetration test D. A white box penetration test

C .A black box penetration test

70. What is the threshold for malicious damage to a federal computer system that triggers the Computer Fraud and Abuse Act? A. $500 B. $2,500 C. $5,000 D. $10,000

C. $5,000

27. In the figure below, Harry's request to write to the data file is blocked. Harry has a Secret security clearance and the data has a Confidential classification. What principle of the Bell-LaPadula model blocked this request? •••••••Write Request•••••••• (Harry)-------------------->[Data File] A. Simple Security Property B. Simple Integrity Property C. *-Security Property D. *-Discretionary Security Property

C. *-Security Property

94. Chris is designing a cryptograghic system for use within his company. The company has 1,000 employees, and they plan to use an asymmetric encryption system. How many total keys will they need? A. 500 B. 1,000 C. 2,000 D. 4,950

C. 2,000

25. What speed and frequency range is used by 802.11n? A. 54 Mbps, 5 GHz B. 200+ Mbps, 5 GHz C. 200+ Mbps, 2.4 and 5 GHz D. 1 Gbps, 5 GHz

C. 200+ Mbps, 2.4 and 5 GHz

31. How many possible keys exist for a cipher that uses a key containing 5 bits? A. 10 B. 16 C. 32 D. 64

C. 32

78. What is the speed of a T3 line? A. 128 kbps B. 1,544 Mbps C. 44.756 Mbps D. 155 Mbps

C. 44.736 Mbps

32. Sam is responsible for backing up his company's primary file server. He configured a backup schedule that performs full backups every Monday evening at 9 p. m. and differential backups on other days of the week at the same time. Files change according to the information shown in the figure below. How many files wil be copied in Wednesday's backup? A. 2 B. 3 C. 5 D. 6 File Modifications Monday 8 a.m. - File 1 created Monday 10 a.m. - File 2 created Monday 11 a.m. - File 3 created Monday 4 p.m. - File 1 modified Monday 5 p.m. - File 4 created Tuesday 8 a.m. - File 1 modified Tuesday 9 a.m. - File 2 modified Tuesday 10 a.m. - File 5 created Wednesday 8 a.m. - File 3 modified Wednesday 9 a.m. - File 6 created

C. 5

Questions 96-98 refer to the following scenario. Henry is the risk manager for Atwood Landing, a resort community in the Midwestern United States. The resort's main data center is located in northern Indiana in an area that is prone to tornados. Henry recently undertook a replacement cost analysis and determined that rebuilding and reconfiguring the data center would cost $10 million. Henry consulted with tornado experts, data center specialists, and structural engineers. Together, they determined that a typical tornado would cause approximately $5 million of damage to the facility. The meteorologists determined that Atwood's facility lies in an area where they are likely to experience a tornado once every 200 years. 96. Based upon the information in this scenario, what is the exposure factor for the effect of a tornado on Atwood Landing's data center? A. 10% B. 25% C. 50% D. 75%

C. 50%

23. Victor created a database table that contains information on his organization's employees. The table contains the employee's user ID, three different telephone number fields (home, work, and mobile), the employee's office location, and the employee's job title. There are 16 records in a table. What is the degree of this table? A. 3 B. 4 C. 6 D. 16

C. 6

6. Gary is developing a wireless network and wants to deploy the fastest possible wireless technology. Of the 802.11 standards list below, which is the fastest 2.4 GHz option he has? A. 802.11a B. 802.11g C. 802.11n D. 802.11ac

C. 802.11n

58. A new customer at a bank that uses fingerprint scanners to authenticate its users is surprised when he scans his fingerprint and is logged in to another customer's account. What type of biometric factor error occurred? A. A registration error B. A Type 1 error C. A Type 2 error D. A time of use, method of use error

C. A Type 2 error

The following image shows a. typical workstation and server and their connections to each other and the Internet. Use the image to answer questions 70, 71,and 72. User workstation is A <---B---> Internet is C<---D---> Server is E <---F---> 70. Which letters should be associated with data at rest? A. A,B, and C B. C and E C. A and E D. B, D, and F

C. A and E

33.What network topology is shown in the image below? Refer to page 79 in book. A. A ring B. A star C. A bus D. A. mesh

C. A bus

1. Which of the following is best decribed as an access control model that focuses on subjects and identifies the objects that each subject can access? A. An access control list B. An implicit denial list C. A capability table D. A rights management matrix

C. A capability table

75. Jim has contracted with a software testing organization that uses automated testing tools to validate software. He is concerned that may not completely test all statements in his software. What measurement should he ask for in their report to provide information about this? A. A use case count B. A test coverage report C. A code coverage report D. A code review report

C. A code coverage report

7. During a log review, Saria discovers a series of logs that show login failures as shown here: Jan 31 11:39:12 ip-10-0-0-2 sshd[29098]: Invalid user admin from remotehost passwd=orange Jan 31 11:39:2] ip-10-0-0-2 sshd[2909]: Invalid user admin from remotehost passwx= Orang3 Jan 31 11:39:23 ip-10-0-0-2 sshd[29100]: Invalid user admin from remotehost passwd=Orange93 Jan 31 11:39:31 ip-10-0-0-2 sshd[29106]: Invalid ussr admin from remotehost passwd=Orangutan1 Jan 31 20:40:53 ip-10-0-0-254 sshd[30520]: Invalid user admin from remotehost passwd=Orangemonkey What type of attack has Saria discovered? A. A brute force attack B. A man-in-the-middle attack C. A dictionary attack D. A rainbow table attack

C. A dictionary attack

5. Alex wants to use an automated tool to fill web application forms to test for format string vulnerabilities. What type of tool should he use? A. A black box B. A brute-force tool C. A fuzzer D. A static analysis tool

C. A fuzzer

23. What type of key does WEP use to encrypt wireless communications? A. An asymmetric key B. Unique key sets for each host C. A predenfined shared static key D. Unique asymmetric keys for each host

C. A predefined shared static key

65. As part of their code coverage testing, Susan's team runs the analysis in a nonproduction environment using logging and tracing tools. Which of the following types of code issues is most likely to be missed during testing due to this change in the operating environment? A. Improper bounds checking B. Input validation C. A race condition D. Piointer maniplation

C. A race condition

49. During a penetration test, Chris recovers a file containing hashed passwords for the system he is attempting to access. What type of attack is most likely to succeed against the hashed passwords? A. A brute force attack B. A pass- the-hash attack C. A rainbow table attack D. A salt recovery attack

C. A rainbow table attack

84. Which term describes an evaluation of effectiveness of security controls performed by a third party? A. A security assessment B. A penetration test C. A security audit D. A security test

C. A security audit

77. The US government CACis an example of what form of Type 2 authentication factor? A. A token B. A biometric identifier C. A smart card D. A PIV

C. A smart card

66. Lauren's networking team has been asked to identify a technology that will alllow them to dynamically change the organization's network by treating the network like code. What type of architecture should she recommend? A. A network that follows the 5-4-3 rule B. A converged network C. A solfware-defined network D. A hypervisor-based network

C. A softeware-defined network

65. Chris needs to design a firewall architecture that can support separately a DMZ, a database, and a private internal network. What type of design should he use, and how many firewalls does he need? A. A four-tier firewall design with two firewalls B. A two-tier firewall design with three firewalls C. A three-tier firewall design with at least one firewall D. A single-tier firewall design with three firewalls

C. A three-tier firewall design with at least one firewall

29. Jim uses a tool that scans a system for available services, then connects to them to collect banner information to determine what verision of service is running. It then provides a report detailing what it gathers, basing results on service fingerprinting, banner information,and similar details it gathers combined with CVE information. What type of tool is Jim using? A. A port scanner B. A service validator C. A vulnerability scanner D. A patch mansagement tool

C. A vulnerability scanner

42. What encryption algorithm is used by both BitLocker and Microsoft's Encrypting File System? A. Blowfish B. Serpent C. AES D. 3DES

C. AES

75. WPA2's Counter Mode Ciper Block Chaining Message Authentication Mode Protocol (CCMP) is based on which common encryption scheme? A. DES B.3DES C. AES D. TLS

C. AES

83. What encryption algorithm would provide strong protection for data stored on a USB thumb drive? A. TLS B. SHAI C. AES D. DES

C. AES

81. Ursula is a government web developer who recently created a public application that offers property records. She would like to make it available for other developers to integrate into directly and integrate the output into their application? A. Object model B. Data dictionary C. API D. Primary key

C. API

89. What technique do API developers most commonly use to limit access to an API to authorized individuals and applications? A. Encryption B. Input validation C. API keys D. IP filters

C. API keys

3. Ben has connected his laptop to his tablet PC using an 802.11g connection. What wireless network mode has he usedto connect these devices? A. Infrastructure mode B. Wired extension mode C. Ad hoe mode D. Stand-alone mode

C. Ad hoe mode

10. In the diagram shown here, which is an example of method? ACCOUNT Balance: currency=0 Owner: string AddFunds(deposit: currency) RemoveFunds (withdrawal: currency) A. Account B. Owner C. Add Funds D. None of theabovr

C. Add Funds

61. Kathleen works for a data center hosting facility that provides physical data center space for iindividuals and organizations. Until recently , each client was given a magnetric-strip-based keycard to acess the section of the facility where their servers are located, and they were also given a key to access the cage or rack where their servers reside. In the past month, a number of servers have been stolen, but the logs for the passcards show only valid IDs. What is Kathleen's best option to make sure that the users of passcards are who they are supposed to be? A. Add a reader that requires a PIN for passcard users. B. Add a camera system to the facility to observe who is assessing servers. C. Add a biometric Factor. D. Replace the magnetic stripe keycards cards with smart cards.

C. Add a biometric Factor.

25. When should a design review take place when following an SDLC approach to software development? A. After the code review B. After user acceptance testing C. After the development of functional requirements D. After the completion of unit testing

C. After the development of functional requirements

14. Bobby is investigating how an authorized data base user is gaining access to information outside his normal clearance level. Bobby believes that the user is making use of a type of function that summarizes data. What term decribes this type of function? A. Inference B. Polymorphic C. Aggregate D. Modular

C. Aggregate

67. John Widgets strictly limits access to total sales volume information, classifying it as a competitive secret. However, shipping clerks have unrestricted access to order records to facilitate transaction completion. A shipping clerk recently pulled all of the individual sales records for a quarter and totaled them up to determine the total sales volume. What type of attack occurred? A. Social engineering B. Inference C. Aggregation D. Data diddling

C. Aggregation

65. Which objects and subjects have a label in a MAC model? A. Objects and subjects that arec classified as Confidential, Secret, or Top Secret have a label. B. All objects have a label,and all subjects have a compartment. C.All objects and subjects have a label. D. All subjects have a label and all objects have acompartment.

C. All objects and subjects have a label

15. If Chris wants to stop cross-site scripting attacks against the web server, what is the best device for this purpose, and where should he put it? A. A firewall, location A B. An IDS, location A C. An IPS, location B D. A WAF, location C

C. An IPS, location B

12. Which type of SOC report is best suited to provide assurance to users about an organization's security, availability, and the integrity of their service operation? A. An SOC 1 Type 2 report B. An SOC 2 report C. An SOC 3 report D. An SOC 1 Type 1 report

C. An SOC 3 report

10. In a response to a Request for Proposal, Susan recieves a SAS-70 Type 1 report. If she wants a report that includes operating effectiveness detail, what should Susan ask for as followup and why? A. An SAS-70 Type II, because Type 1 only covers a single point in time. B. An SOC Type 1, because Type II does not cover operating effectiveness C. An SOC Type 2, because Type 1 does not cover operating effectiveness D. An SAC-70 Type 3, because Type 1 and 2 are outdated and no longer accepted

C. An SOC Type 2, because Type 1 does not cover operating effectiveness

93. During a penetrtion test of her organization, Kathleen's IPS detects a port scan that has the URG, FIN, and PSH flags set and produces an alarm. What type of scan is the penetration tester attempting? A. A SYN scan B. A TCP flag scan C. An Xmas scan D. An ACK SCAN

C. An Xmas scan

70. Lauren builds a table thatvincludes assigned privileges, objects, and subjects to manage access control for the systems she is responsible for. Each time a subject attempts to access an object, the systems check the table to ensure that the subject has the appropriaate rights to the objects. What type of access control system is Lauren using? A. A capability table B.. An access control list C. An access control matrix D. A subject/object rights management system

C. An access control matrix

50. Which one of the folloing statements best describes a zero-day vulnerability? A. An attacker that is new to the world of hacking B. A database attack that places the date 00/00/0000 in data tables in an attempt to exploit flaws in business logic C. An attack previously unknown to the security community D. An attack that sets the operating system date and time to 00/00/0000 and 00:00:00

C. An attack previously unkown to the security community

18. At point B in the diagram, what two important elements does the KDC send to the client after verifying that the username is valid? A. An encrypted TGT and a public key B. An access ticket and a public key C. An encrypted, time-stamped TGT and a symmetric key encrypted with a hash of the user's password D. An encrypted, time-stamped TGT and an access token

C. An encrypted, time-stamped TGT and a symmetric key encrypted with a hash of the user's password

36. Which one of the following security controls is least often required in Bring Your Own Device (BYOD) environments? A. Remote wiping B. Passcodes C. Application control D. Device encryption

C. Application control

36. The DARPA TCP/IP model's Application layer matches up to what three OSI model layers? A. Application, Presentation,and Transport B. Presentation, Session, and Transport C. Application, Presentation, and Session D. There is not a direct match. The TCP model was created before the OSI model.

C. Application, Presentation, and Session

60. What you input a user ID and password, hou are performing what important identity and access management activity? A. Authorization B. Validation C. Authentication D. Login

C. Authentication

3. What of the following is not a weakness in Kerberos? A. The KDC is a single point of failure. B. Compromise of the KDC would allow attackers to impersonate any user. C. Authentication information is not encrypted. D. It is susceptible to password guessing.

C. Authentication information is not encrypted.

54. Which information security goal is impacted when an organization experiences a DoS or DDoS attack? A. Confidentiality B. Integrity C. Availability D. Denial

C. Availability

77. Which one of the following tools helps system administrators by providing a standard, secure template of configuration settings for operating systems and applications? A. Security guidelines B. Security policy C. Baseline configuration D. Running configuration

C. Baseline configuration

Questions 16-19 refer to the following scenario. Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. 16. If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key

C. Bob's public key

83. The historic ping of death attack is most similar to which of the following modern attack types? A. SQL injection B. Cross-site scripting C. Buffer overflow D. Brute force password cracking

C. Buffer overflow

76. Which one of the following stakeholders is not typically included on a business continuity planning team? A. Core business function leaders B. Information technology staff C. CEO D. Support departments

C. CEO

84. What type of motion detector senses changes in the electromagnetic fields in monitored areas? A.

C. Capacitance

91.What is the first step that should occur before a penetration test performed? A. Data gathering B. Port scanning C. Getting permission D. Planning

C. Getting permission

28. Victor recently took a new position at an online dating website and is responsible for leading a team of developers. He realized quickly that the developers are having issues with production code because they are working on different projects that results in conflicting modifications to the production code. What process should Victor invest in improving? A. Request control B. Release control C. Change control D. Configuration control

C. Change control

64. Which one of the following is not a principle of the Agile software development process? A. Welcome changing requirements, even late in the development process. B. Maximizing the amount of work not done is essential. C. Clear documentation is the primary measure of progress. D. Build projects around movitated individuals.

C. Clear documentation is the primary measure of progress.

75. Alice is responsible for reviewing authentication logs on her organization's network. She does not have the time to review all logs, so she decides to choose only records where there have been four or more invalid authentication attempts. What technique is Alice using to reduce the size of the pool? A. Sampling B. Random selection C. Clipping D. Statistical analysis

C. Clipping

38. Florian receives a flyer from a federal agency announcing that a new administrative law will affect his business operations. Where should he go to find the text of the law? A. United States Code B. Supreme Court rulings C. Code of Federal Regulations D. Compendium of Laws

C. Code of Federal Regulations

3. Which one of the following statements is not true about code review? A. Code review should be a peer-driven process that includes multiple developers. B. Code review may be automated. C. Code review occurs during thebdesign phase. D. Code reviewers may expect to review several hundred lines of code per hour.

C. Code review occurs during the design phase.

11. Which of the following classification levels is the US government's classification label for data that could cause damage but wouldn't cause serious or grave damage? A. Top secret B. Secret C. Confidential D. Classified

C. Confidential

64. Susan is working with the management team in her company to classify data in an attempt to apply extra security controls that will limit the likelihood of a data breach. What principle of information security is Susan trying to enforce? A. Availability B. Denial C. Confidentiality D. Integrity

C. Confidentiality

9 Helen is a software engineer and is developing code that she would like to restrict to running within an isolated sandbox for security purposes. What software development technique is Helen using? A. Bounds B. Input validation C. Confinement D. TCB

C. Confinement

14. As seen in the following image , a user on a Windows system is not able to use the "Send Message" functionality. What acess control model best describes this type of limitation? Refer to page 96 in book. A. Least privilege B. Need to know C. Constrained interface D. Separation of duties

C. Constrained interface

88.What data security role is primarily responsible for step 5? A. Data owners B. Data processors C. Custodians D. Users

C. Custodians

100. Ben knows that his organization wants to be able to validate the identity of other oranizations based on their domain name when receiving and sending email. What tool should Ben recommend? A. PEM B. S/MIME C. DKIM D. MOSS

C. DKIM

96. Carolyn is concerned that users on her network may be storing sensitive information, such as Social Security numbers, on their hard drives without proper authorization or security controls. What technology can she use to best detect this activity? A. IDS B. IDP C. DLP D. TLS

C. DLP

95. Quantum Computing regularly ships tapes of backup data across the country to a secondary facility. These tapes contain confidential information. What is the most important security control that Quantum can use to proctect these tapes? A. Locked shipping containers B. Private couriers C. Data encryption D. Media rotation

C. Data encryption

55. Which data role is described as the person who has ultimate organizational responsibility for data? A. System owners B. Business owners C. Data owners D. Mission owners

C. Data owners

80. What data role does a system that is used to process data have? A. Mission owner B. Data owner C. Data processor D. Custodian

C. Data processor

59. If Chris's company 0perates in the European Union and has been contracted to handle the data for a third party, what role is his company operating in when it uses this process to classify and handle data? A. Business owners B. Mission owners C. Data processors D. Data adminstrators

C. Data processors

67. What issue is the validation portion of the NIST SP 800-88 sample certificate of sanitization intend to help prevent? A. Destruction B. Reuse C. Data remanence D. Attribution

C. Data remanence

21. What scenario describes data at rest? A. Data in an IPsec tunnel B. Data in an e-commerce transaction C. Data stored on a hard drive D. Data stored in RAM

C. Data stored on a hard drive

78. What principle of information security states that an organization should implement overlapping security controls whenever possible? A. Least privilege B. Separation of duties C. Defense in depth D. Security through obscurity

C. Defense in depth

79. During which phase of the incident response process would an analyst receive an intrusion detection system alert and veeify its accuracy? A. Response B. Mitigation C. Detection D. Reporting

C. Detection

96. What approach to technology management integrates the three components of technology management shown in this illustration? (Software Development) (Quality Assurance)(Operations) Image reprint from CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition c John Wiley & Sons 2015, reprinted with permission. A. Agile B. Lean C. DevOps D. ITIL

C. DevOps

23. When developing a business impact analysis, the team should first create a list of assets. What should happen next? A. Identify vulnerabilities in each asset. B. Determine the risks facing the asset. C. Develop a value for each asset. D. Identify threats facing each asset.

C. Develop a value for each asset.

24. Carrie is analyzing the application logs for her web-based application and comes across the following string: . . /. . /. . /. . / . . /. . /. . / . . /. . /etc/passwd What type of attack was likely attempted against Carrie's application? A. Command injection B. Session hijacking C. Directory traversal D. Brute force

C. Directory traversal

85. What is the best method to sanitize a solid- state drive (SSD)? A. Clearing B. Zero fill C. Disintegration D. Degaussing

C. Disintegration

57. Ben is troubleshooting a network and discovers that the NAT router he is connected to has the 192.168.x.x subnet as its internal network and that its external IP is 192.168.1.40. What problem is he encountering? A. 192.168.x.x is a non-routable network and will not be carried to the Internet. B. 192.168.1.40 is not a valid address because it is reserved by RFC 1918. C. Double NATing is not possible using the same IP range. D. The upstream system is unable to de-encapsulate his packets and he needs to use PAT instead.

C. Double NATing is not possible using the same IP range.

18. Which one of the following principles imposes a standard of care upon an individual that is broad and equivalent to what one would expect from a resonable person uder the circumstances? A. Due diligence B. Separation of duties C. Due care D. Least privilege

C. Due care

41. What property of relational databases ensures that once a database transaction is committed to the database, it is preserved? A. Atomicity B. Consistency C. Durability D. Isolation

C. Durability

59. Jim's organization uses a traditional PBX for voice communication. What is the most common security issue that its internal communications are likely to face, and what should he recommend to prevent it? A. Eavesdropping, encrption B.Man-in-the-middle attacks, end-to-end encryption C. Eavesdropping, physical security D. Wardialing, deploy an IPS

C. Eavesdropping, physcial security

53. Which of the following is not normally considered a business continuity task? A. Business impact assessment B. Emergency response guidelines C. Electronic vaulting D. Vital records program

C. Electronic vaulting

57. Veronia is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move database backups from the primary facility to an offsite location eachbnight. What type of database recovery technique is the consultant describing? A. Remote journaling B. Remote mirroring C. Electronic vaulting D. Transaction logging

C. Electronic vaulting

11. Which of the following options is not a common best practice for securing a wireless network? A. Turn on WPA2. B. Enable MAC filtering if used for a relatively small group of clients. C. Enable SSID broadcast. D. Separate the access point from the wired network using a firewall, thus treating it as external access.

C. Enable SSID broadcast

35. Which of the following is the least effective method of removing data from media? A. Degaussing B. Purging C. Erasing D. Clearing

C. Erasing

82. During what phase of the IDEAL model do organizations develop a specific plan of action for implementing change? A. Initiating B. Diagnosing C. Establishing D. Acting

C. Establishing

56. Who should receive initial business continuity plan training in an organization? A. Senior executives B. Those with specific business continuity roles C. Everyone in the organization D. First responders

C. Everyone in the organization

53. Which of the following is not a hazard associated with penetration testing? A. Application crashes B. Denial of service C. Exploitation of vulnerabilities D. Data corruption

C. Exploitation of vulnerabilities

50. What network technology is best decribed as a toke -passing network that uses a pair of rings with traffic flowing in opposite directions? A. A ring topology B. Token Ring C. FDDI D. SONET

C. FDDI

34. Kim is troubleshooting an application firewall that serves as a supplement to the organization's network and host firewalls and intrusion prevention system, providing added protection aganist web-based attacks. The issue the organization is experiencing is that the firewall technology suffers somewhat frequent restarts that render it unavailable for 10 minutes at a time. What configuration might Kim consider to maintain availability during that period at the lowest cost to the company? A. High availability cluster B. Failover device C. Fail open D. Redundant disks

C. Fail open

81. Ben wants to prevents or detect tampering with data. Which of the following is not an appropriate solution? A. Hashes B.Digital signatures C.Filtering D. Authorization controls

C. Filtering

76. Charles has been asked to downgrade the media used for storage of private data for his organization. What process should Charles follow? A. Degauss the drives, and then relabel them with a lower classification level. B. Pulverize the drives, and then reclassify them based on the data they contain. C. Follow the organization's purging process, and then downgrade and replace labels. D. Relabel the media, and then follow the organization's purging process to ensure that the media matches the label.

C. Follow the organization's purging process, and then downgrade and replace labels.

21. Which one of the following database keys is used to enforce referential integrity relationships between tables? A. Primary key B. Candidate key C. Foreign key D. Master key

C. Foreign key

92. Jim is building a reseach computing system that benefits from being part of a full mesh topology between systems. In a five-node full mesh topology design, how many connections will an individual node have? A. Two B. Three C. Four D. Five

C. Four

15. Ben uses a fuzzing tool that develops data models and creates fuzzed data based on information about how the applicationuses datato test the application. What type of fuzzing is Ben doing? A. Mutation B. Parametric C. Generational D. Derivative

C. Generational

100. Which one of the following controls protects an organization in the event of a sustained period of power loss? A. Redundant server B. Uninterruptible power supply (UPS) C. Generator D. RAID

C. Generator

67. Which system or systems is/are responsible for user authentication for Google+ users? A. The e-commerce application B. Both the e-commerce application and Google servers C. Google servers D. The diagram does not provide enough information to determine this.

C. Google servers

70. Gordon suspects that a hacker has penetrated a system belonging to his company. The system does not contain any regulated information and Gordon wishes to conduct an investigation on behalf of his company. He has permission from his supervisor to conduct the investigation. Which of the following statements is true? A. Gordon is legally required to contract law enforcement before beginning the investigation. B. Gordon's may not conduct his own investigation. C. Gordon's investigation may include examining the contents of hard disks, network traffic, and any other systems or information belonging to the conpany. D. Gordon may ethically perform "hack back" activities after identifying the perpetrator.

C. Gordon's investigation may include examining the contents of hard disks, network traffic, and any other systems or information belonging to the company.

4. Which one of the following individuals is most likely to lead a regulatory investigation? A. CISO B. CIO C. Government agent D. Private detective

C. Government agent

70. Alice has read permissions on an object and she would like Bob to have those same rights. Which one of the rules in the Take-Grant protection model would allow her to complete this operation? A. Create rule B. Remove rule C. Grant rule D. Take rule

C. Grant rule

61. Melanie suspects that someone is using malicious software to steal computing cycles from her company. Which one of the following security tools would be in the best position to detect this type of incident? A. NIDS B. Firewall C.HIDS D. DLP

C. HIDS

95. Ryan is a security risk analyst for an insurance company. He is currently examining a scenario in which a hacker might use a SQL injection attack to deface a web server due to a missing patch in the company's web application. In this scenario, what is the threat? A. Unpatched web application B. Web defacement C. Hacker D. Operating system

C. Hacker

92. Which of the following activities is not a consideration during data classification? A.Who can access the data B. What the impact would be if the data was lost or breached C. How much the data cost to create D. What protection regulations may be required for the data

C. How much the data cost to create

33. Which one of the following security tools is not capable ofgenerating an active response to a security event? A. IPS B.Firewall C.IDS D. Antivirus software

C. IDS

59. Jim's is helping his organization decide on audit standsrds for uss throughout their international organization. Which of the following is not an IT standard that jim's organizationis likely to use as part of its audits? A. COBIT B. SSAE-16 C. ITIL D. ISO27002

C. ITIL

39. Susanneeds to predict high-risk areas for her organization and wants to use metrics to assess risk trends as they occur. What should she do to handle this? A. Perform yearly risk assessments B. Hire a penetration testing company to regularly test organizational security. C. Identify and track key risk indicators. D. Monitor logs and events using a SIEM device.

C. Identify and track key risk indicators.

During a port scan, Ben uses nmap's default settings and sees the following results. Use this information to answer the folliwing three questions. Nmap scan report for 192.168.184.130 Host is up ( 1.0s latency). Not shown: 977 closed ports POST STATE SERVICE 21/tcp open ftp 22/tcp open ssh 23/tcp open telnet 25/tcp open smtp 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 445/tcp open microsoft-ds 512/tcp open exec 513/tcp open login 514/tcp open shell 1099/tcp open ingreslock 2049/tcp open nfts 2121/tcp open ccproxy- ftpp 3306/tcp open mysql 5432/tcp open postgresql 5900/tcp open vnc 6000/tcp open X11 6667/tcp open irc 8009/tcp open ajp13 8180/tcp open unknown Nmap done: 1 IP address ( 1 host up) scanned in 54.69 seconds 85. If Ben is conducting a penetration test, what should his next step be after receiving these results? A. Connect to web server using a web browser. B. Connect via Telnet to test for vulnerable accounts. C. Identify interesting ports for further scanning. D. Use sqlmap against the open databases.

C. Identify interesting ports for further scanning.

72. Brain's large organization has used RADIUS for AAA services for its network devices for years and has recently become aware of security issues with the unecrypted information transferred during authentication. How should Brain implement encryption for RADIUS? A.Use the built-in encryption in RADIUS B. Implement RADIUS over its native UDP using TLS for protection. C. Implement RADIUS over TCP using TLS for protection. D. Use an AES256 pre-shared cipher between devices.

C. Implement RADIUS over TCP using TLS for protection.

Alex is in charge of SAML integration with a major third-party partner that provides a variety of business productivity services for his organization. Using the following diagream and your knowledge of SAML integrations and security architecture design, answer questions 43, 44, and 45. Refer to page 102 in book. 43. Alex is concerned about eavesdropping on the SAML traffic and also wants to ensure that forged assertions will not be successful. What should he do to prevent these pitential attacks? A. Use SAML's secure mode to provide secure authentication. B. Implement TLS using a strong cipher suite, which will protect against both types of attacks. C. Implement TLS using a strong cipher suite and use digital signatures. D. Implement TLS using a strong cipher suite and message hashing.

C. Implement TLS using a strong cipher suite and use digital signatures.

20. Which one of the following mechanisms is not commonly seen as a deterrent to fraud? A. Job rotatio B. Mandatory vacations C. Incident response D. Two-person control

C. Incident response

77. During a review of access logs, Alex notices that Danielle logged into her workstation in New York at 8 a. m. daily, but that she was recorded as logging into her department's main web applicationvshortly after 3 a. m. daily. What common loggings issue has Alex likely encountered? A. Inconsistent log formatting B. Modified logs C. Inconsistent timestamps D. Multiple log sources

C. Inconsistent timestamps

76. When a Windows system is rebooted, what type of log is generated? A. Error B. Warning C. Information D. Failure audit

C. Information

99. John is analyzing an attack against his company in which the attacker found comments embedded in HTML code that provided the clues needed to exploit a software vulnerability. Using the STRIDE model, what type of attack did he uncover? A. Spoofing B. Repudiation C. Information disclosure D. Elevation of privilege

C. Information disclosure

Questions 17-20 refer to the following scenario: Robert is a consultant who helps organizations create and develop mature software development oractices. He prefers to use the Software Capability Maturity Model ( SW-CMM) to evaluate the current and future status of organizations using both independent review and self-assessments. He is currently working with two different clients. Acme Widgets is not very well organized with their software development practices. They have a dedicated team of developers who do "whatever it takes" to get software out the door, but they do not have any formal processes. Beta Particles is a company with years of experience developing software using formal, documented software development processes. They use a standard model for software development but do not have quantitative management of those processes. 17. What phase of the SSW-CMM should Robert report as the current status of Acme Widgets? A. Defined B. Repeatable C. Initial D. Managed

C. Initial

40. In further discussions with the vendor, Linda finds thst they are willing to correct the issue but do not know how to update their software. What technique would be most effective in mitigating the vulnerability of the application to this type of attack? A. Bounds checking B. Peer review C. Input validation D. OS patching

C. Input validation

17. Which one of the following tasks is performed by a forensic disk controller? A. Masking error conditions reported by the storage device B. Transmitting write commands to the storage device C. Intercepting and modifying or discarding commands sent to the storage deviice D. Preventing data from being returned by a read operation sent to the device

C. Intercepting and modifying or discarding commands sent to the storage device

13. What type of testing is used to ensure that separately developed software modules properly exchange data? A. Fuzzing B. Dynamic testing C. Interface testing D. API checksums

C. Interface testing

100. Which one of the following would be a reasonable application for the use of self-signed digital certificates? A. E-commerce website B. Banking application C. Internal scheduling application D. Customer portal

C. Internal scheduling application

60. Which of the following statements is true about heuristic-based antimalwar software? A. It has a lower false positive raye than signature detection. B. Its requires frequent definition updates to detect nee malware. C. It has a higher likelihood of detecting zero-day exploits than signature detection. D. It monitors systems for files with content know to be viruses.

C. It has a higher likelihood of detecting zero-day exploits than signature detection.

68. Why is declassification rarely chosen as an option for media reuse? A. Purging is sufficient for sensitive data. B. Sanitization is the preferred method of data removal. C. It is more expensive than new media and may still fail. D. Clearing is required first.

C. It is more expensive than new media and may still fail.

30. What security concern does sending internal communications from A to B cause? A. The firewall does not protect system B. B. System C can see the broadcast traffic from system A to B. C. It is traveling via an unencrypted protocol. D. IM does not provide nonrepudation.

C. It is traveling via an unencypted protocol.

65. Susan works in an organization that labels all removable media with the classification level of the data it contains, including public data. Why would Susan's employer label all media instead of labeling only the media that contains data that could cause harm if it was exposed? A. It is cheaper to order all prelabeled media. B. It prevents sensitive media from not being marked by mistake. C. It prevents reuse of public media for sensitive data. D. Labeling all media is required by HIPAA.

C. It prevents reuse of public media for sensitive data.

47. Which of the following options includes standards or protocols that exists in layer 6 of the OSI model ? A. NFS, SQL, and RPC B. TCP, UDP ,and TLS C. JPEG, ASCII, and MIDI D. HTTP, FTP, SMTP

C. JPEG, ASCII, and MIDI

63. Tom is a cryptanalyst and is working on breaking a cryptograghic algorithm's secret key. He has a copy of an intercepted message that is encrypted and he also has a copy of the decrypted version of that message. He wants to use both the encrypted message and its decrypted plaintext to retrieve the secret key for use in decrypting other messages. What type of attack is Tom engaging in? A. Chosen ciphertext B. Chosen plaintext C. Known plaintext D. Brute force

C. Known plaintext

46. Kyle is being granted access to a military computer system that uses System High mode. What is not true about Kyle's security clearance requirements? A. Kyle must have a clearance for the highest level of classification processed by the system, regardless of his access. B. Kyle must have access approval for all information processed by the system. C. Kyle must have a valid need to know for all information processed by the system. D. Kyle must have a valid security clearance.

C. Kyle must have a valid need to know for all information processed by the system.

52. Alex works for a government agency that is required to meet US Federal government requirements for data security. To meet these requirements, Alex has been tasked with making sure data is identifiable by its classification level. What should Alex do to the data? A. Classify the data. B. Encrypt the data. C. Label the data. D. Apply DRM to the data.

C. Label the data.

21. Mandatory access control is based on what type of model? A. Discretionary B. Group based C. Lattice based D. Rule based

C. Lattice based

71. ICMP, RIP, and network address translation all occur at what layer of the OSI model? A. Layer 1 B. Layer 2 C. Layer 3 D. Layer 4

C. Layer 3

3. Which one of the following is not a privileged administrative activity should be automatically sent to a log of superuser actions? A. Purging log entries B. Restoring a system from backup C. Logging into a workstation D. Managing user accounts

C. Logging into a workstation

44. Jim's remote site has only ISDN as an option for connectivity. What type of ISDN should he look for to get the maximum speed possible? A. BRI B. BPRI C. PRI D. Channel

C. PRI

87. Lucas runs the accounting systems for his company. The morning after a key employee was fired, systems began mysteriously losing information. Luscas suspects that the fired employee tampered with the systems prior to his departure. What type of attack should Lucas suspect? A. Privilege escalation B. SQL injection C. Logic bomb D. Remote code execution

C. Logic bomb

50. Which one of the following database issues occurs when one transaction writes a value to the database that overwrites a value that was needed by transactions with earlier precedence? A. Dirty read B. Incorrect summary C. Lost update D. SQL injection

C. Lost update

34. What type of access control scheme is shown in the following table? Highly Sensitive •••••••••••Red•••••••• Blue •••••••••Green Confidential ••••••••••••••••Purple•••••Orange••••••Yellow Internal Use•••••••••••••••••Black••••••Gray••••••••••White Public••••••••••••••••••••••••Clear•••••••Clear•••••••••Clear A. RBAC B. DAC C. MAC D. TBAC

C. MAC

89. Saria needs to write a requests for proposal for code review and wants to ensure that the reviewers take the business logic behind her organization's applications into account. What type of code review should she specify in the. RFP? A. Static B. Fuzzing C. Manual D. Dynamic

C. Manual

90. What type of diagram used in application threat modeling includes malicious users as well as descriptions like mitigates and threatens? A. Threat trees B. STRIDE chats C. Misuse case diagrams D. DREAD diagrams

C. Misuse case diagram

26. Testing that is focused on functions that a system should not allow are an example of what type of testing? A. Use case testing B. Manual testing C. Misuse case testing D. Dynamic testing

C. Misuse case testing

64. During what phase of the incident response process do administrators take action to limit the effect or scope of an incident? A. Detection B. Response C. Mitigation D. Recovery

C. Mitigation

100. What type of virus is characterized by the use of two or more different propagation mechanisms to improve its likelihood of spreading between systems? A. Stealth virus B. Polymorphic virus C. Multipartite virus D. Encrypted virus

C. Multipartite virus

74. Which one of the following agreements typically requires that a vendor not disclose confidential information learned during the scope of an engagement? A.NCA B. SLA C. NDA D. RTO

C. NDA

42. Which of the following tools is most likely to be used during discovery? A Nessus B. john C. Nmap D. Nikto

C. Nmap

77. IPX, AppleTalk, and NetBEUI are all examples of what? A. Routing protocols B. UDP protocols C. Non-IP protocols D. TCP protocols

C. Non-IP protocols

57. Alice sent a message to Bob. Bob would like to demonstrate to Charlie that the message he recieved definitely came from Alice. What goal of cryptography is Bob attempting to achieve? A. Authentication B. Confidentiality C. Nonrepudiation D. Integrity

C. Nonrepudiation

46. Which of the following organizations is widely considered as the definitive source for information on web-based attack vectors? A. (ISC)2 B. ISACA C. OWASP D. Mozilla Foundation

C. OWASP

81. Laura is responsible for securing her company's web-based applications and wishes to conduct an education program for developers on common web application security vulnerabilities. Where can she turn for a concise listing of the most common web application issues? A. CVE B. NSA C. OWASP D. CSA

C. OWASP

72. Fran is considering new human resources policies for her bank that will deter fraud. She plans to implement a mandatory vacation policy. What is typically considered the shortest effective length of a mandatory vacation? A. Two days B Four days C. One week D. One month

C. One week

Use the following scenario to help guide your answers in the following three questions. Ben is an information security professional at an organization that is replacing its physical servers with virtual machines. As the organization builds its virtual environment, it is decreasing the number of physical servers it uses while purchasing more powerful servers to act as the virtualization platforms. A. The same traffic he currently sees B. All inter-VM traffic C. Only traffic sent outside of the VM environment D. All intter-hypervisor traffic

C. Only traffic sent outside of the VM environment

78. What authentication technology can be paired with OAuth to perform identity verification and obtain user profile information using a RESTful API? A. SAML B. Shibboleth C. OpenID Connect D. Higgins

C. OpenID Connect

22. If you are selecting a security standard for a Windows 10 system that processes credit card, what security standard is your best choice? A. Microsoft's Windows 10 security baseline B. The CIS Windows 10 baseline C. PCI DSS D. The NSA Windows 10 baseline

C. PCI DSS

90. Angela needs to choose between EAP, PEAP, and LEAP for secure authentication. Which authentication. Which authentication protocol should she choose and why? A. EAP, because it provides strong encryption by default B. LEAP, because it provides frequent re- authentication, and changing of WEP keys C. PEAP, because it provides encryption and doesn't suffer from the same vulnerabilities that LEAP does D. None of these options can provide secure authentication, and an alternate solution should be chosen.

C. PEAP, because it provides encryption and doesn't suffer from the same vulnerabilities that LEAP does

99. Ed has been asked to send data that his organization classifies as confidential and proprietary via email. What encryption technology would be appropriate to ensure that the contents of the files attached to the email remain confidential as they traverse the Internet? A. SSL B. TLS C. PGP D. VPN

C. PGP

29. Under the Common Criteria, what. element describes the security requirements for a products? A. TCSEC B. ITSEC C. PP D. ST

C. PP

49. There are four common VPN protocols. Which group of four below contains all of the common VPN protocols? A. PPTP, LTP, L2TP, IPsec B. PPP, L2TP, IPsec, VNC C. PPTP, L2F, L2TP, IPsec D. PPTP, L2TP, IPsec, SPAP

C. PPTP, L2F, L2TP, IPsec

88. Renee is a software developer who writes code in Node.js for her organization. The company is considering moving from a self-hosted Node.js environment to one where Renee will run her code on application servers managed by a cloud vendor. What type of cloud solution is Renee's company considering? A.IssS B. CaaS C. PaaS D. SaaS

C. PaaS

89. Which of the following Type 3 authenticators is appropriate to use by itself rather than in combination with other biometric factors? A. Voice pattern recognition B. Hand geometry C. Palm scans D. Heart/pulse patterns

C. Palm scans

43. Betty is concerned about the use of buffer overflow attacks against a custom application developed for use in her organization. What security control would provide the stronger defense against these attacks? A. Firewall B. Intrusion detection system C. Parameter checking D. Vulnerability scanning

C. Parameter checking

40. What major difference separates synthetic and passive monitoring? A. Synthetic monitoring only works after problems have occurred. B. Passive monitoring cannot detect functionality issues. C. Passive monitoring only works after problems have occurred. D. Synthetic monitoring cannot detect functionally issues.

C. Passive monitoring only works after problems have occurred.

84. Roger recently accepted a newcposition as a security professional at a company that runs its entire IT infrastructure within an IaaS environment. Which one of the following would most likely be the responsibility of Roger's firm? A. Configuring the network firewall B. Applying hypervisor updates C. Patshing operating systems D. Wiping drives prior to disposal

C. Patshing operating system

63. An attacker posted a message to a publicdiscussion forum that contains an enbedded maliciious script that is not displayed to the user but executes on the user's system when read. What type of attack is this? A. Persistent XSRF B. Nonpersistent XSRF C. Persistent XSS D. Nonpersistent XSS

C. Persistent XSS

80. Which one of the following techniques is an effective countermeasure aganist some inference attacks? A. Inputs validation B. Parameterization C. Polyinstantiation D. Server-side validation

C. Polyinstantiation

38. Lauren's employer asks Lauren to classify patient X-ray data that has an internal patient identifier associated with it but does not have any way to directly identify a patient. The company's data owner believes that exposure of the data could cause damage (but not exceptional damage) to the organization. How should Lauren classify the idea? A. Public B. Sensitive C. Private D. Confidential

C. Private

3l. Alex has been employed by his company for over a decade and has held a number of positions in the company. During an adult, it is discovered that he has access to shared folders and applications due to his former roles. What issue has Alex's company encountered? A. Excessive provisioning B. Unauthorized access C. Privilege creep D. Account review

C. Privilege creep

7. In 1991, the federal sentencing guidelines formalized a rule that requires senior executives to take personal responsibility for information security matters. What is the name of this rule? A. Due dilidence rule B. Personal liability rule C. Prudent man rule D. Due process rule

C. Prudent man rule

For questions 14, 15, and 16, please refer to the following scenario: Your organization regularly handles three types of data: information that it shares with customers, information that it uses internally to conduct business, and trade secret information that offers the organization significant competitive advantages. Information shared with customers is used and stored on web servers, while both the internal business data and the trade secret information are stored on internal file servers and employee workstations. 14. What civilian data classifications best fit this data? A. Unclassified, confidential, top secret B. Public, sensitive, private C. Public, sensitive, proprietary D. Public, confidential, private

C. Public, sensitive, proprietary

26. Which of the following is a client/serve protocol designed to allow network access servers to authenticate remote users by sending access request messages to a central server? A. Kerberos B. EAP C. RADIUS D. OAuth

C. RADIUS

48. You are also concerned about the availability of data stored on each office's server. You would like to add technology that would enable continued access to files located on the server even if a hard drive in a server fails. What integrity control allows you to add robustness without adding additional servers? A. Server clustering B. Load balancing C. RAID D. Scheduled backups

C. RAID

75. Lauren is an information security analyst tasked with deploying technical access control? A. Paaswords B. Firewalls C. RAID arrays D. Routers

C. RAID arrays

46. Which one of the following technologies would provide the most automation of an inventory control process in a cost- effective manner? A. IPS B. Wi-Fi C. RFID D. Ethernet

C. RFID

28. Which of the following vulnerabilities is unlikely to be found by a web vulnerability scanner? A. Path disclosure B. Local file inclusion C. Race condition D. Buffer overflow

C. Race condition

45. What type of policy describes how long data is retained and maintained before destruction? A.Classification B. Audit C. Record retention D. Availability

C. Record retention

87. Alan is performing threat modeling and decides that it would be useful to decompose the system into the key elements shown in the following illustration. What tool is he using. Refer to page 21 in book A. Vulnerability assessment B. Fuzzing C. Reduction analysis D. Data modeling

C. Reduction analysis

26. Tracy is preparing to apply a patch to her organization's enterprise resource planning system. She is concerned that the patch may introduce flaws that did not exist in prior versions, so she plans to conduct a test that will compare previous responses to input with those produced by the newly patched application. What type of testing is Tracy planning? A. Unit testing B. Acceptance testing C. Regression testing D. Vulnerability testing

C. Regression testing

5. Which process is responsible for ensuring that changes to software include acceptance testing? A. Request control B. Change control C. Release control D. Configuration control

C. Release control

57. James is conducting a risk assessment for his organization and is attempting to assign an asset value to the servers in his data center. The organization's primary concern is ensuring that it has sufficient funds available to rebuild the data center in the event it is damaged or destroyed. Which one of the following asset valuation methods would be most appropriate in this situation? A. Purchase cost B. Depreciated cost C. Replacement cost D. Opportunity cost

C. Replacement cost

60. Which one of the following events marks the completetion of a diaster recovery process? A. Securing property and life safety B. Restoring operations in an alternate facility C. Restoring operations in the primary facility D. Standing down first responders

C. Restoring operations in the primary facility

24. Mike recently impemented an intrusion prevention system designed to block common network attacks from affecting his organization. What type of risk management strategy is Mike pursuing? A. Risk acceptance B. Risk avoidance C. Risk mitigation D. Risk transference

C. Risk mitigation

48. What protocol is used to handle vulnerability management data? A. VML B. SVML C. SCAP D. VSCAP

C. SCAP

48. Lauren needs to send information about services she is provisioning to a third-party organizaton. What standards-based markup language should she choose to build the interface? A. SAML B. SOAP C. SPML D. XACML

C. SPML

54. While evaluating a potential security incident, Harrg comes across a log entry from a web server request showing that a user entered the following input into a form field: CARROT ' &1=1 ;-- What type of attack was attempted? A. Buffer overflow B. Cross-site scripting C. SQL injection D. Cross-site request forgery

C. SQL injection

56. Lauren is performing a review of a third- party service organization and wants to determine if the organization's policies and procedures are effectively enforced over a period of time. What type of industry standard assessment report should she request? A. SSAE 16 SOC 1 Type I B. SAS 70 Type I C. SSAE 16 SOC 1 Type II D. SAS 70 Type II

C. SSAE 16 SOC 1 Type II

82. Bruce is seeing quite a bit of suspicious activity on his network. It appears that an outside entity is attempting to connect to all of his systems using a TCP connection on pirt 22. What type of scanning is the ouysidee likely engaging in? A. FTP scannin B. Telnet scanning C. SSH scanning D. HTTP scanning

C. SSH scanniing

47. Connor's company recently experienced a denial of service attack that Connor believes came from an inside source. If true, what type of event has the company experienced? A. Espionage B. Confidentiality breach C. Sabotage D. Integrity breach

C. Sabotage

99. Which one of the following techniques uses statistical methods to select a small number of records from a large pool for further analysis with the goal of choosing a set of records that is representative of theentire pool? A. Clipping B. Randomization C. Sampling D. Selection

C. Sampling

19. Chris is responsible for workstations throughout his company and knows that some of the company's workstations are used to handle proprietary information. Which option best describes what should happen at the end of their lifecycle for workstations he is responsible for? A. Erasing B. Clearing C. Sanitization D. Destruction

C. Sanitization

79. Jim has Secret clearance and iscaccessing files that use a mandatory access control scheme to apply the Top Secret, Secret, Confidential , and Unclassified label scheme. If his rights include the ability to access all data of his clearance level or lower, what classification levels of data can he access? A. Top Secret and Secret B. Secret, Confidential, and Unclassified C. Secret data only D. Secret and Unclassified

C. Secret data only

100. Alex configures his LDAP server to provide services on 636 and 3269. What type of LDAP services has he configured based on LDAP's default ports? A. Unsecure LDAP and unsecure gobal directory B. Username LDAP and secure global directory C. Secure LDAP and secure global directory D. Secure LDAP and unsecure gobal directory

C. Secure LDAP and secure global directory

Questions 65-68 refer to the following scenario. Ann is a security professional for a mid-sized business and typically handles log analysis and security monitoring tasks for her organization. One of her roles is to monitor alerts originating from the organization's intrusion detection system. The system typically generates several dozen alerts each day, any many of those alerts turn out to be false alarms after her investigation. This morning, the intrusion detection system alerted because that network began to recieve an unusually high volume of inbound traffic. Ann recieved this alert and began looking into the orgin of the traffic. 65. At this point in the incident response process, what term best describes what has occurred in Ann's organization? A. Security occurrence B. Security incident C. Security event D. Security intrusion

C. Security intrusion

71. During a review of support incidents, Ben's organization discovered that password changes accounted for morethan a quarter of its help desk's cases. Which of the following options would be most likely to decrease that number significantly? A. Two-factor authentication B. Biometric authentication C. Self-service password reset D. Passphrases

C. Self-service password reset

78.Susan needs to provide a set of minimum security requirements for email. What steps should she recommend for her organization to ensure that the email remains secure? A. All email should be encrypted. B. All email should be encrypted and labeled. C. Sensitive email should be encrypted and labeled. D. Only highly sensitive email should be encrypted.

C. Sensitive email should be encrypted and labeled.

48. Which one of the following terms accurately describes the Caesar cipher? A. Transposition ciper B. Block ciper C. Shift ciper D. Strong ciper

C. Shift cipher

90. Which one of the following statements about malware is correct? A. Malware authors do not target Macintosh or Linux systems. B. The most reliable way to detect known malware is watching for unusual system activity. C. Signature detection is the most effective technique to combat known malware. D. APT attackers typically use malware designed to exploit vulnerabilities identified in security bulletins.

C. Signature detection is the most effective technique to combat known malware.

47. Which of the following tool is not typically used to verify that a provisioning process was followed in a way that ensures that the organization's security policy is being followed? A. Log review B. Manual review of permissions C. Signature-based detection D. Review the audit trail

C. Signature-based detection

1. Angela is an information security architect at a bank and has been assigned to ensure that transactions are secure as they traverse the network. She recommends that all transactions use TLS. What threat is the most likely attempting to stop, and what method is she using to proctect against it? A. Man-in-the-middle VPN B. Packet injection, encryption C. Sniffing, encryption D. Sniffing, TEMPEST

C. Sniffing, encryption

51.During a penetration test Saria calls her target's help desk claiming to be the senior assistant to an officer of the company. She requests that the help desk reset the officer's password because of an issue with his laptop while traveling and persuades them to do so. What type of attack has she successfully completed? A. Zero knowledge B. Help desk spoofing C. Social engineering D. Black box

C. Social engineering

38. Sue modifies her MAC address to one that is allowed on a network that uses MAC filtering to provide security. What is the technique Sue used, and what non-security issue could her actions cause? A. Broadcast domain exploit, address conflict B. Spoofing, token loss C. Spoofing, address conflict D. Sham EUI creation, token loss

C. Spoofing, address conflict

62. Which of the following types of code review is not typically performed by a human? A. Software inspections B. Code review C. Static program analysis D. Software walkthroughs

C. Stactic program analysis

88. What technique relies on reviewing code without running it? A. Fuzzing B. Black box analysis C. Static analysis D. Gary box analysis

C. Static analysis

83. Ben uses a software based token which changes its code every minute. What type of token is he using? A. Asynchronous B. Smart card C. Synchronous D. Static

C. Synchronous

55. What type of port scanning is known as "half open" scanning? A. TCP Connect B. TCP ACK C. TCP SYN D. Xmas

C. TCP SYN

7l. What would be the best way to secure data at points B, D, and F? A. AES256 B. SSL C. TLS D. 3DES

C. TLS

Use the following scenario to answer questions 37, 38, and 39. The healthcare company that Lauren works for handles HIPAA data as well as internal business data, protected health information, and day-to-day business communications. Its internal policy uses the following requirements for securing HIPAA data at rest and in transit. CLASSIFICATION▪▪ HANDLING REQUIREMENTS Confidential (HIPAA): Encrypt at rest and in transit. Full disk encryption required for all workstations. Files can only be sent in encrypted form, and passwords must be transferred under separate cover. Printed documents must be labeled with "HIPAA handling required." Private (PHI) : Encrypt at rest and in transit. PHI must be stored on secure servers, and copies should not be kept on local workstations. Printed documents must be labeled with "Private." Sensitive ( business confidential): Encryption is recommended but not required. Public: Information can be sent unecrypted. Using the table, answer the following questions. 37. What type of encryption would be appropriate for HIPAA documents in transit? A. AES256 B. DES C. TLS D. SSL

C. TLS

8. Michael is responsible for forensic investigations and investigating a medium severity security incident that involved the defacement of a corporate website. The web server in question ran on a virtualization platform, and the markrting team would like to get the website up and running as quickly as possible. What would be the most reasonable next step for Michael to take? A. Keep the website offline until the investigation is complete. B. Take the virtualization platform offline as evidence. C. Take a snapshot of the compromised system and use that for the investigation. D. Ignore the incident and focus on quickly restoring the website.

C. Take a snapshot of the compromised system and use that for the investigation.

22. Which of the following is not a type of attack. used aganist access controls? A. Dictionary attack B. Brute force attack C. Teardrop D. Man-in-the-middle attack

C. Teardrop

7. What common applications are associated with each of the following TCP ports: 23, 25, 143, and 515? A. Telnet, SFTP, NetBIOS, and LPD B. SSH, SMTP, POP3, and ICMP C. Telnet, SMTP, IMAP, and LPD D. Telnet, SMTP, POP3, and X Windows

C. Telnet, SMTP, IMAP, and LPD

Ben's organization is adopting biometric authentication for its high-security building's access control system. Using the following chart, answer question 85, 86, and87 about the organization's adoption of the technology. Refer to page 111 in book. 85. Ben's company is considering configuring its systems to work at the level shown by point A on the diagram. To what level is it setting the sensitivity? A. The FRR crossover B. The FAR point C. The CER D. The CFR

C. The CER

51. Which OSI layer includes electrical specitications, protocols, and interface standards? A. The Transport layer B. The Device layer C. The Physical layer D. The Data Link layer

C. The Physical layer

58. During a third-party audit, zjim's company recieves a finding that staates, "The administrator should review backup success and failure logs on a daily basis, and take action in a timeely manner to resolve reported exceptions. " What is the biggest issue that is likely to result if Jim's IT staff need to restore from a backup? A. They will not know if the backups succeeded or failed. B. The backups may not be properly logged. C. Tthe backups may not be usable. D. The backup logs may not be properly reviewed.

C. The backups may not be usable.

41. Which of the following is not true about the (ISC)2 code of ethics? A. Adherence to the code is a condition of certification. B. Failure to comply with the code may result in revocation of certification. C. The code applies to all members of the information security profession. D. Members who observe aa breach of the code are required to report the possible violation.

C. The code applies to all members of the information security profession.

52. Which one of the following systems assurance processes provides an independent third-party evaluation of a system's controls that may be trusted by many different organizations? A. Certification B. Definition C. Verification D. Accreditation

C. Verification

68. In the transaction shown here, what would happen if the database failed in between the first and second update statement? Begin transaction UPDATE accounts SET balance = balance + 250 WHERE account_number = 1001; UPDATE accounts SET balance = balance - 250 WHERE account_number = 2002; COMMIT TRANSACTION A. The database would credit the first account with $250 in funds but thennot reduce the balance of the secondaccount. B. The database would ignore the first command and only reduce the balance of the second account by $250. C. The database would roll back the transaction, ignoring the results of both commands. D. The database would successfully execute both commands.

C. The database would roll back the transaction, ignoring the results of both commands.

29. Which one of the following is not a requirement for evidence to be admissible in court? A. The evidence must be relevent. B. The evidence must be material. C. The evidence must be tangible. D. The evidence must be vompetent..

C. The evidence must be tangible.

9. Ben has been tasked with identifying security controls for systems covered by his organization's information classification system. Why might Ben choose to use a security baseline? A. It applies in all circumstances, allowing consistent security controls. B. They are approved by industry standards bodies, preventing liability. C. They provide a good starting point that can be tailored to organizational needs. D. They ensure that systems are always in a secure state.

C. They provide a good starting point that can be tailored to organizational needs.

34. STRIDE, which stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege, is useful in what part of application threat modeling? A. Vulnerability assessment B. Misuse case testing C. Threat categorization D. Penetration test planning

C. Threat categorization

19. Darcy is designing a fault tolerant system and wants to implement RAID-5 for her system. What is the minimum number of physical hard disks she can use to build this system? A. One B. Two C. Three D. Five

C. Three

3. Under the Digital Millennium Copyright Act (DMCA), what type of offenses do not require prompt action by an Internet service provider after it receives a notification of infringement claim from a copyright holder? A. Storage of information by a customer on a provider's server B. Caching of information by the provider C. Transmission of information over the provider's network by a customer D. Caching of information in a provider search engine

C. Transmission of information over the provider's network by a customer

73. Alan intercepts an encrypted message and wants to determine what type of algorithm was used to createe the message. He first performs a frequency analysis and notes that the frequency of letters in the message closely matches the distribution of letters in the English language. What type of cipher was most likely used to create this message? A. Subsitution ciper B. AES C. Transposition cipher D. 3DES

C. Transposition cipher

4. Voice pattern recognition is what type of authentication factor? A. Type 1 B. Type 2 C. Type 3 D. Type 4

C. Type 3

81. When Lauren uses a fingerprint scanner to access her bank accojnt, what type of authentication factor is she using? A. Type1 B. Type 2 C. Type 3 D. Type 4

C. Type 3

99. Which one of the following is an example of a covert timing channel when used to exfiltrate information from an organization? A. Sending an electronic mail message B. Posting a file on a peer-to-peer file sharing service C. Typing with the rhythm of Morse code D. Writing data to a shared memory space

C. Typing with the rythm of Morse code

28. Angela uses a sniffer to monitor traffic from a RADIUS serve configured with default settings. What protocol should she monitor and what traffic will she be able to read? A. UDP, none. All RADIUS traffic is encrypted. B. TCP, all traffic but the passwords, which are encrypted C. UDP, all traffic but the passwords, which are encrypted D. TCP, none. All RADIUS traffic is encrypted.

C. UDP, all traffic but the passwords, which are encrypted

45. Which one of the following is an example of a computer security incident? A. Completion of a backup schedule B. System access recorded in a log C. Unauthorixed vulnerability scsn of a file server D. Update of antivirus signatures

C. Unauthorized vulnerability scsn of a file server

65. Samantha is responsible for the development of three new code modules that will form part of a complex system that her compantmy is developing. She is perpared to publish her code and runs a series of tests against each module to verify that it works as intended. What type of testing is Samantha conducing? A. Regression testing B. Integration testing C. Unit testing D. System testing

C. Unit testing

50. Which of the folloeing strategies should not be used to handle a vulnerability identified by a vulnerability scanner? A. Install a patch. B. Use a workaround fix. C. Update the banner or version number. D. Use an application layer firewall or IPS to prevent attacks against the identified vulnerability.

C. Update the banner or version number.

56. Lauren is responsible for building a banking website. She needs proof of the identity of the users who register for the site. How should she validate user identities? A. Require users to create unique questions that only they will know. B. Require new users to bring their driver's license or passport in person to the bank. C. Use information that both the bank and the user have such as questions pulled from their credit report. D. Call the user on their registered phone number to verify that they are who they claim to be.

C. Use information that both the bank and the user have such as questions pulled from their credit report.

44. Which one of the following types of software testing usually occurs last and is executed against test scenarios? A. Unit testing B. Integration testing C. User acceptance testing D. System testing

C. User acceptance testing

72. Which of the. following is not a method of syntthetic transsaction mornitoring? A. Database monitoringB. Traffic vapture and analysis C. User session monitoring D. Website performance monitoring

C. User session monitoring

90. Which one of the following tools is most often used for identification purposes and is not suitable for use as an authenticator? A. Password B. Retinal scan C. Username D. Token

C. Username

96. MITRE's CVE database provides what type of information? A. Current verions of software B. Patching information for applications C. Vulnerability information D. A list of costs verus effort required for common processes

C. Vulnerability information

15. What technique could you use to mark your trade secret information in case it was released or stolen and you need to identify it? A. Classification B. Symmetric encryption C. Watermarks D. Metadata

C. Watermarks

25. What logical operation is described by the truth table below? Input 1 [0] [0] [1] [1] Input 2 [0] [1] [0] [1] Input 3 [0] [1] [1] [0] A. OR B. AND C. XOR D. NOR

C. XOR

95. What type of vulnerabilities will not be found by a vulnerability scanner? A. Local vulnerabilities B. Service vulnerabilities C. Zero-day vulnerabilities D. Vulnerabilities that require authentication

C. Zero-day vulnerabilities

35. Which of the following is not a valid LDAP DN (distinguished name)? A. cn=ben+ou=sales B. ou=example C. cn=ben,ou=example; D. ou=example,dc=example,dc=com+dc=org

C. cn=ben,ou=example;

52. Faith is looking at the / etc /passwd file on a system configured to use shadowed passwords. When she examines a line in the file for a user with interactive login permissions, what should she expect to see in the password field? A. Plaintext password B. Hashed password C. x D. *

C. x

88. What law governs the handling of information related to the finicial statements of publicly traded companies? A. GLBA B. PCI DSS C. HIPAA D. SOX

D. SOX

49. What protocol is preferred over Telnet for remote server adminstration via the command line? A.SCP B.SFTP C. WDS D. SSH

D. SSH

24. Which one of the following cryptographic goals protects against the risks posted when a device is lost or stolen? A. Nonrepudiation B. Authentication cC. Integrity D. Confidentiality

D .Confidentiality

35. In the figure shown below, Sally is blocked from writing to the data file by the Biba integrity model. Sally has a Secret security clearance and the file is classified Top Secret. What principle is preventing her from writing to the file? •••••••Write Request•••••••• (Sally)--------------------->[Data fie] A. Simple Security Property B. Simple Integrity Property C. *-Security Property D. *-Integrity Property

D. *-Integrity Property

55. You are working to evaluate the risk of flood to an area and consult the flood maps from the Federal Emergency Management Agency (FEMA). According to those maps, the area lies within a 200-year flood plain. What is the annualized rate of occurrence (ARO) of a flood in that region? A. 200 B. 0.01 C. 0.02 D. 0.005

D. 0.005

85. Tom is considering locating a business in the downtown area of Miami, Florida. He consults the FEMA flood plain map for the region, shown below, and determines that the area he is considering lies within a 100-year flood plain. Refer to page 19 in book. What is the ARO of a flood in this area? A. 100 B. 1 C. 0.1 D. 0.01

D. 0.01

43. Ben has deployed a 1000Base-T 1 gigabit network and needs to run a cable to another building. If Ben is running his link directly from a switch to another switch in that building, what is the maxiumum distance Ben can cover according to the 1000Base-T specification? A. 2 kilometers B. 500 meters C. 185 meters D. 100 meters

D. 100 meters

93. Which one of the following humidity values is within the acceptable range for a data center operations? A. 0% B. 10% C. 25% D. 40%

D. 40%

42. Lauren wants to provide port-based authentication on her network to ensure that clients must authenticate before using the network. What technology is an appropriate solution for this requirements? A. 802.11a B. 802.3 C. 802.15.1 D. 802.1x

D. 802.1x

16. Susan is deploying a routing protocol that maintains a list of destination networks with metrics that include the distance in hops to them and the direction traffic should be sent to them. What type of protocol is she using? A. A link-state protocol B. A link-distance protocol C. A destination metric protocol D. A distance-vector protocol

D. A distance-vector protocol

81. What type of address is 127.0.0.1? A. A public IP address B. An RFC 1918 address C. An APIPA address D. A loopback address

D. A loopback address

94. What type of attack is most likely to occur after a successful ARP spoofing attempt? A. A DoS attack B. A Trojan C. A replay attack D. A man-in-the-middle attack

D. A man-in-the-middle attack

48. What network topology is shown below? Refer to page 82 in book. A. A ring B. A bus C. A star D. A mesh

D. A mesh

85. What type of network device modulates between an analog carrier signal and digital information for computer communications? A. A bridge B. A router C. A brouter D. A modem

D. A modem

11. Kathleen needs to set up an Active Directory trust to allow authentication with an existing Kerberos K5 domain. Whattype of trust does she need to create? A. A shortcut trust B. A forest trust C. An external trust D. A realm trust

D. A realm trust

93. What topology correctly describes Ethernet? A. A ring B. A star C. A mesh D. A. bus

D. A. bus

Using your knowledge of the Kerberos logon process andd the followingbdiiagram, answer questions 17, 18, and 19. Refer to page 97 in book. ••••••■____________________A______________》 [] Client Workstatiion•••••••••••••••••••KDC •••••••■《__________B____________ [] Client workstation•••••••KDC •••••••■__________C______________》(Service) Client workstation 17. At point A in the diagram, the client sends the username and password to the KDC. How is the username and password protected? A. 3DES encryption B. TLS encryption C. SSL encryption D. AES encryption

D. AES encryption

46. What does using unique user IDs for all users provide when reviewing logs? A. Confidentiality B. Integrity C. Availability D. Accountability

D. Accountability

63. What type of access control is composed of policies and procedures that suport regulations, requirements, and the organization's own policies? A. Corrective B. Logical C. Compensating D. Administrative

D. Administrative

94. which data role is tasked with granting appropriate access to staff members? A. Data processors B. Business owners C. Custodians D. Administrators

D. Administrators

29. What type of database security issue exists when a collection of facts has a higher classification than classification of any of those facts standind akone? A. Inference B. SQL injection C. Multilevel security D. Aggregation

D. Aggregation

15. When should an organization conduct a review of theprivileged access that a user has to sensitive systems? A. On a periodic basis B. When a user leaves the organization C. When a user changes roles D. All of the above

D. All of the above

2. Which of the following is a common way that attackers leverage botnets? A. Sending spam messages B. Conducting brute-force attacks C. Scanning for vulnerable systems D. All of the above

D. All of the above

31. Which of the following organizations would be likely to have a representative on a CSIRT? I. Information security II. Legal counsel III. Senior management IV. Engineering A. I, III, and IV B. I, II, and III C. I, II,and IV D. All of the above

D. All of the above

73. Which of the following events would constitute a security incident? 1. An attempted network intrusion 2. A successful database intrusion 3. A malware infection 4. A violation of a confidentiality policy 5. An unsuccessful attempt to remove information from a secured area A. 2, 3, and 4 B. 1, 2, and 3 C. 4 and 5 D. All of the above

D. All of the above

95. Which of the following vulnerabilities might be discovered during a penetration test of a web-based application? A. Cross-site scripting B. Cross-site request forgery C. SQL injection D. All of the above

D. All of the above

86. Which list presents the layers of the OSI model in the correct order? A. Presentation, Application, Session, Transport, Network, Data Link, Physical B. Application, Presentation, Session, Network, Transport, Data Link, Physical C. Presentation, Application, zsession, Transport, Data Link, Nerwork, Physical D. Application, Presentation, Session, Transport, Network, Data Link, Physical

D. Application, Presentation, Session, Transport, Network, Data Link, Physical

10. What concept describes the degree of confidence that an organization has that its controls satisfy security requirements? A. Trust B. Credentialing C. Verification D. Assurance

D. Assurance

27. What term is used to describe the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner? A. Validation B. Accreditation C. Confidence interval D. Assurance

D. Assurance

30. When an application or system allows a logged-in user to perform specific actions, it is an example of what? A. Roles B. Group management C. Logins D. Authorization

D. Authorization

68. Gary is implementing a new RAID-based disk system designed to keep a server up and running even in the event of a single disk failure. What principle of information security is Gary seeking to enforce? A. Denial B. Confidentiality C. Integrity D. Availability

D. Availability

94. Which one of the following security programs is designed to establish a mlnimum standard common denominator of security understanding? A. Training B. Education C. Indoctrination D. Awareness

D. Awareness

87. Ben's manger expresses concern about the coverage of his scan. Why might his mananger have this concern? A. Ben did not test UDP services. B. Ben did not discover ports outside the "wel-know ports." C. Ben did not perform OS fingerprinting. D. Ben tested only a limited number of ports.

D. Ben tested only a limited number of ports.

24. saria's team is working to persuade their management that their network has extensive vulnerabilities that attackers could expoit. If she wants to conduct a realistic attack as partof a penetration test, what type of penetration test should she conduct? A. Crystal box B. Gray box C. White box D. Black box

D. Black box

48. Lisa is attempting to prevent her network from being targeted by IP spoofing attacks as well as preventing her network from being the source of those attacks. Which one of the following rules is not a best practice that Lisa can configure at her network border? A. Block packets with internal source addresses from entering the network. B. Block packets with external source addresses from leaving the network. C. Block packets with private IP addresses from exiting the network. D. Block packets with public IP addresses from entering the network.

D. Block packets with public IP addresses from entering the network.

64. Linux systems that use bcrypt are using a tool based on what DES alternative encryption scheme? A. 3DES B. AES C. Diffie-Hellman D. Blowfish

D. Blowfish

36. During a penetration test, Lauren is asked to test the organization's Bluetooth security. Which of the following is not a concern she should explain to her employers? A. Bluetooth scanning can be time consuming. B. Many devices that may be scanned are likely to be personal devices. C. Bluetooth passive scans may require multiple visits at different times to identify all targets. D. Bluetooth active scans can't evaluate the security mode of Bluetooth devices.

D. Bluetooth active scans can't evaluate the security mode of Bluetooth devices.

17. When Bob receives the encrypted message from Alice, what key does he use to decrypt the message? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key

D. Bob's private key

83. The ________________ of a process consist (s) of the limits set on the memory addresses and resources that the process may access. A. Perimeter B. Confinement limits C. Metes D. Bounds

D. Bounds

1. Matthew is the security administrator for a consulting firm and must enforce access controls that restrict users' access based upon their previous activity. For example, once a consultant accesses data belonging to Acme Cola, a consulting client, they may no longer access data belonging to any of Acme's competitors. What security model best fits Matthew's needs? A. Clarke-Wilson B. Biba C. Bell-LaPadula D. Brewer-Nash

D. Brewer-Nash

24. Which one of the following information sources is useful to security admiistrators seeking a list information security vulnerabilities in applications, devices, and operating systems? A. OWASP B. Bugtraq C. Microsoft Security Bulletins D. CVE

D. CVE

68. Danielle wants to compare vulnerbilities she has discovered in her data center based on how exploitable they are, if exploit code exists, as well as how hard they are to remediate. What scoring system should she use to compare vulnerability metrics like these? A. CSV B.NVD C. VSS D. CVSS

D. CVSS

26. Glenda would like to conducta diaster recovery test and is seeking a test that will allow a review of the plan with no disruption to normal information activities and as minimal a commitment of time as possible. What type of information system activities and as minimal a commitment of time as possible. What type of test should shebchoose? A. Tabletop excerrise B. Parallel test C. Full interruption test D. Checklist review

D. Checklist review

16. Tony is developing a business continuity plan and is having difficulty prioritizing resources because of the difficulty of combining information about tangible and intangible assets. What would be the most effective risk assessment approach for him to use? A. Quantitative risk assessment B. Qualitative risk assessment C. Neither quantitative nor qualitative risk assessment D. Combination of quantitative and qualitative risk assessment

D. Combination of quantitative and qualitative risk assessment

69. Frank is seeking to introduce a hacker's laptop in court as evidence against the hacker. The laptop does contain logs that indicate the hacker committed the crime, but the court ruled that the search of the apartment thatvresulted in police finding the laptop was unconstitutional. What admissibility criteria prevents Frank from introducing the laptop as evidence? A. Materiality B. Relevance C. Hearsay D. Competence

D. Competence

8. Susan works for an American company that conducts business with customers in the European Union. What is she likely to have to do if she is responsible for handling PII from those customers? A. Encrypt the data at all times. B. Label and classify the data according to HIPAA. C. Conduct yearly assessments to the EU DPD baseline. D. Comply with the US-EU Safe Harbor requirements.

D. Comply with the US-EU Safe Harbor requirements.

1. What is the final step of quantitative? A. Determine asset value. B.Assess the annualized rate of occurrence. C. Derive the annualized loss expectancy. D. Conduct a cost/benefit analysis.

D. Conduct a cost/benefit analysis.

43. Which one of the following is not a basis preventative measure that you can take to protect your systems and applications against attack? A. Implement intrusion detection and prevention systems. B. Maintain current patch levels on all operating systems and applications. C. Remove unnessary accounts and services. D. Conduct forensic imaging of all systems.

D. Conduct forensic imaging of all systems.

86. You discover that a user on your network has been using the Wireshark tool,as shown in the following screen shot. Further investigation revealed that he was using it for illicit purposes. What pillar of information security has most likely been violated? Refer to page 20 in book. A. Integrity B. Denial C. Availability D. Confidentiality

D. Confidentiality

7. Staff in an IT department who are delegated responsibility for day-to-day tasks hold what data role? A. Business owner B. User C. Data processor D. Custodian

D. Custodian

19. Which one of the folling security tools consists of an unused network address space that may detect unauthorized activity? A. Honeypot B. Honeynet C. Psuedoflaw D. Darknet

D. Darknet

75. Which one of the following is not an example of a technical control? A. Router ACL B. Firewall rule C. Encryption D. Data classification

D. Data classification

46. What does a bluesnarfing attack target? A. Data on IBM systems B. An outbound phone call via Bluetooth C. 802.11b networks D. Data from a Bluetooth-enabled device

D. Data from a Bluetooth-enabled device

67. As Ann analyzes the traffic further, she realizes that the traffic is comming from many different sources and has overwhelmed the network, preventing legitimate uses. The inbound packets are responses to queries that she does not see in outbound traffic. The responses are abnormally large for their type. What type of acck should Ann suspect? A. Reconnaissance B. Malicious code C. System penetration D. Denial of service

D. Denial of service

9. What United States government agency is responsible for administering the terms of safe harbor agreements between the European Union and the United States under the EU Data Protection Directive? A. Department of Defense B. Department of the Treasury C. State Department D. Department of Commerce

D. Department of Commerce

73.Incineration, crushing, shredding, and disintegration all describe what stage in the life cycle of media? A. Sanitization B. Degaussing C. Purging D. Destruction

D. Destruction

94. What open protocol was designed to replaced RADIUS- including support for aadditional commands and protocols, replacing UDP traffic with TCP, and providing for extensible commands-but does not preserve backward compatibility with RADIUS? A. TACACS B. RADIUS- NG C. Kerberos D. Diameter

D. Diameter

54. The X.500 standards cover what type of important identity systems? A. Kerberos B. Provisioning services C. Biometric authentication systems D. Directory services

D. Directory services

98. Which one of the following database concurrency issues occurs when one trnsaction reads information that was written to a database by a second transaction that never committed? A. Lost update B. SQL injection C. Incorrect summary D. Dirty read

D. Dirty read

15. What type of acess controls allow the owner of a file to grant other users access to it using an access control list? A. Role based B. Non-discretionary C. Rule based D. Discretionary

D. Discretionary

93. When Alex sets the permissions shown in the following image as one of many users on a Linux server, what type of accesscontrol modelis he leveraging? $ chmod 731 alex.txt $ ls -la total 12 drwxr -xr -x 2 alex root 4096 Feb 27 19:26 . drwxr -xr- x 3 root 4096 Feb 27 19:25 .. -rwx -wx--x 1 alex 15 Feb 27 19:26 alex. txt $□ A. Role-based access control B. Rule-based access control C. Mandatory acces control D. Discretionary access control

D. Discretionary access control

14. You are completing your business continuity planning effort and have decided that you wish to accept one of the risks. What should you do next? A. Implement new security control to reduce the risk level. B. Design a disaster recovery plan. C. Repeat the business impact assessment. D. Document your decision-making process.

D. Document your decision-making process.

67. Which one of the following actions is not normally part of the project scope and planning phase of business continuity planning? A. Structured analysis of the organization B. Review of the legal and regulatory landscape C. Creation of BCP team D. Documentation of the plan

D. Documentation of the plan

17. What law provides intellectual property proctection to the holders of trade secrets? A. Copyright Law B. Lanham Act C. Glass-Steagall Act D. Economic Espionage Act

D. Economic Espionage Act

12. Chris is advising travelers from his organization who will be visiting many different countries overseas. He is concerned about compliiance with export control laws. Which of the following technologies is most likely to trigger these regulations? A. Memory chips B. Office productivity applications C. Hard drives D. Encryption software

D. Encryption software

35. What term is used to describe the default set of privileges assigned to a user when a new account is created? A. Aggregation B. Transitivity C. Baseline D. Entitlement

D. Entitlement

51. Lauren starts at her new job and finds that she has access to a variety of systems that she does not need access to accomplish her job. What problem has she encountered? A. Privilege creep B. Rights collision C. Least privilege D. Excessive privileges

D. Excessive privileges

59. Reggie recently reived a letter from his company's internal auditors scheduling the kickoff meeting for an assessment of his group. Which of the following should Reggie not expect to learn during that meeting? A. Scope of the audit B. Purpose of the audit C. Expected timeframe D. Expected findings

D. Expected findings

76. Which one of the following approaches to failure management is the most conservative from a security perspective? A. Fail open B. Fail mitigation C. Fail clear D. Fail closed

D. Fail closed

8. Jaime is a technical support analyst and is asked to visit a user whose computer is displaying the error message shown here. What state has this computer entered? Refer to page 161 in the book. A. Fall open B. Irrecoverable error C. Memory exhaustion D. Fail secure

D. Fail secure

8. Which one of the following provides an authentication mechanism that would be appropriate for pairing with a password to achieve multifactor authentication? A. Username B. PIN C. Security question D. Fingerprint scan

D. Fingerprint scan

25. Which one of the following is an example of physical infrastructure hardening? A. Antivirus software B. Hardware-based network firewall C. Two-factor authentication D. Fire suppression system

D. Fire suppression system

89. Craig is selecting the site for a new center and must choose a location somewhere within the United States. He obtained the earthquake risk map below from the United States Geological Survey. Which of the following would be the safest location to build his facility if he were primarily concerned with earthquake risk? Refer to page 22 in book. A. New York B. North Carolina C. Indiana D. Florida

D. Florida

5. Which one of the following is not one of the three common threat modeling techniques? A. Focused on assets B. Focused on attackers C. Focused on software D. Focused on social engineering

D. Focused on social engineering

45. What type of requirements soecifies what software must do by describing the inputs, behavior, and outputs of software? A. Derived requirements B. Structural requirements C. Behavioral requirements D. Functional requirements

D. Functional requirements

71. David is working on developinga project schedule for a software development effort, and he comes across the chart shown here. What type of chart is this? Refer to page 174 in book. A. Work breakdown structure B. Functional requirements C. PERT chart D. Gant chart

D. Grant chart

72. Barry is a software tester who is working with a new gaming application developed by his company. He is playing the game on a smartphone to conduct his testing in an environment that best simulates a normal end user, but he is referencing the source code as he conducts his test. What type of test is Barry conducting? A. White box B. Black box C. Blue box D. Gray box

D. Gray box

85. Which one of the following fire suppression systems uses a suppressant that is no longer manufactured due to environmental concerns? A. FM-200 B. Argon C. Inergen D. Halon

D. Halon

21. Brian recently joined an organization that runs the majority of its services on a virtualization platform located in its own data center but also leverages an IaaS provider for hosting its web services and SaaS email system. What term best describes the type of cloud environment this organisation uses? A. Public cloud B. Dedicated cloud C. Private cloud D. Hybrid cloud

D. Hybrid cloud

34. In virtualizationn platforms, what name is given to the module that is responsible for controlling access to physical resource by vitual resources? A. Guest machine B. SDN C. Kernel D. Hypervisor

D. Hypervisor

25. Which of the following would normally be considered an example of disaster when performing disaster recovery planning? I. Hacking incident II. Flood III. Fire IV. Terrorism A. II and III only B. I amd IV only C. II, III, and IV only D. I, II,III, and IV

D. I, II, III, and IV

41. Lauren uses the ping utility to check whether a remote system is up as part of a penetration testing excrise. If she wants to filter ping out by protocol, What protocol should she filter out from her packet sniffer's logs? A. UDP B. TCP C. IP D. ICMP

D. ICMP

92. What international framework was SSAE-16 based on? A. ISO27001 B. SAS70 C. SOX D. ISAE 3402

D. ISAE 3402

97. A zero-day vulnerability is announced for the popular Apache web serve in the middle of a workday. In Jacob's role as an information security analysts, he needs to quickly scan his network to determine what servers are vulnerable to the issue. What is Jacob's best route to quickly identify vulnerable systems? A. Immediately run Nessus against all of the servers to identify which systms are vulnerable. B. Review the CVE database to find the vulnerability information and patch information. C. Create a custom IDS or IPS signature. D. Identify affected versions and check systems for that verison number using an automated scanner.

D. Identify affected versions and check systems for that version number using an automated scanner.

35. What type of security issue arises when an attacker can deduce a more sensitive piece of information by analyzing several pieces of information classified at a lower level? A. SQL injection B. Multilevel security C. Aggregation D. Inference

D. Inference

79. Which one of the following is not a goal of a formal change management program? A. Implement change in an orderly fashion. B. Test changes prior to implementations. C. Provide rollback plans for changes. D. Inform stakeholders of changes after they occur.

D. Inform stakeholders of changes after they occur.

93. Tom is writing a software program that calculates the sales tax for online orders placed from various jurisdictions. The application includes a user-defined field that allows the entry of the total sale amount. Tom would like to ensure that the data entered in this field is properly formatted dollar amount. What technique should he use? A. Limit check B. Fail open C. Fail secure D. Input validation

D. Input validation

73. Susan needs to ensure that the interactions between the components of her e-coommerce application are all handled properly. She intends to verify communications, error handling, and session management capabilities throughout her infrastructure. What type of testing is she planning to conduct? A. Misuse case testing B. Fuzzing C. Regression testing D. Interface testing

D. Interface testing

86. Which one of the following statements is correct about the Biba model of access control? A. It addresses confidentiality and integrity. B. It addresses integrity and availability. C. It prevents covert channel attacks. D. It focuses on protecting objects from external threats.

D. It focuses on protecting objects from external threats.

32. What is the primary purpose of data classification? A. Its quantifies the cost of a data breach. B. It prioritizes IT expenditures. C. It allows compliance with breach notification laws. D. It identifies the value of the data to the organization.

D. It identifies the value of the data to the organization.

48. Joe works at a major pharmaceutical research and development company and has been tasked with writing his organization's data retention policy. As part of its legal requirements, the organization must comply with the US Food and Drug Administration's Code of Federal Regulations Title 21. To do so, it is required to retain records with electronic signatures. Why would a signature be part of a retention requirement? A. It ensures that someone has reviewed the data. B. It provides confidentiality. C. It ensures that the data has not been changed. D. It validates who approved the data.

D. It validates who approved the data.

42. Which one of the following programming languages does not make use of a compiler? A. Java B. C++ C. C D. JavaScript

D. JavaScript

62. Which of the following is a ticket-based authentication protocol designed to provide secure communication? A. RADIUS B. OAuth C. SAML D. Kerberos

D. Kerberos

66. What are the two components of an expert system? A. Decision support system and neural network B. Inference engine and neural network C. Neural network and knowledge bank D. Knowledge bank and inference engine

D. Knowledge bank and inference engine

51. What primary issue does personnel retention deal with? A. Employees quitting B. Employees not moving on to new positions C. Knowledge gained after employment D. Knowledge gained during employment

D. Knowledge gained during employment

38. Richard is experiencing issues with the quality of network service on his organization's network. The primary systom is that packets are consistently taking too long to travel from their source to their destination. What term describes the issue Richard is facing? A. Jitter B. Packet loss C. Interference D. Latency

D. Latency

40. SMTP, HTTP, and SNMP all occur at what layer of the OSI model? A. Layer 4 B. Layer 5 C. Layer 6 D. Layer 7

D. Layer 7

39. Tom is installing a next-generation firewall (NGFW) in his data center that is designed to block many types of application attacks. When viewed from a risk management perspective, what metric is Tom attempting to lower? A. Impact B. RPO C. MTO D. Likelihood

D. Likelihood

52. In this image, what issue may occur due to the log handling settings? Refer to page 127 in the book. A. Log data may be lost when the log is archived. B. Log data may be overwritten. C. Log data may not include needed information. D. Log data may fill the system disk.

D. Log data may fill the system disk.

20. Robert is also working with Beta Particles on a strategy to advance their software development practices. What SW-CMM stage. should be their next target milestone? A. Defined B. Repeatable C. Optimizing D. Managed

D. Managed

52. An accounting employee at Doolitte Industries was recently arrested for praticipation in an embezzlement scheme. The employee transferred money to a personal account and then shifted funds around between other accounts every day to disguise the fraud for months. Which one of the following controls might have best allowed the eaarlier detection of this fraud? A. Separation of duties B. Least privilege C. Defense in depth D. Mandatory vacation

D. Mandatory vacation

74. The Double DES (2DES) encryption allgorithm was never used as a viable alternative to the orginal DES algorithm. What attack is 2DES vulnerable to that does not exist for the DES of 3DES approach? A. Chosen ciphertext B. Brute force C. Man in the middle D. Meet in the middle

D. Meet in the middle

45. James is working with a Department of Defense system that is authorized to simultaneously handle information classified at the Secret and Top Secret levels. What type of system is he using? A. Single state B. Unclassified C. Compartmented D. Multistate

D. Multistate

72. Which one of the following computing models allows the execution of multiple concurrent tasks within a single process? A. Multitasking B. Multiprocessing C. Multiprogramming D. Multithreading

D. Multithreading

2. Which of the following is a method used to design new software tests and to ensure the quality of tests? A. Code auditing B. Static code analysis C. Regression testing D. Mutation testing

D. Mutation testing

58. The Computer Security Act of 1987 gave a federal agency responsibility for developing computer security standards and guidelines for federal computer systems. What agency did the act give this responsibility to? A. National Security Agency B. Federal Communications Commission C. Department of Defense D. National Institute of Standards and Technology

D. National Institute of Standards and Technology

16. Alex's job requires him to see personal health information (PHI) to ensure proper treatment of patients. His access to their medical records does not provide access to patient addresses or billing information. What access control concept best describes this control? A. Separation of duties B. Constrained interfaces C. Context- dependent control D. Need to know

D. Need to know

85. Which one of the following types of artificial intelligence attempts to use complex computations to replicate the partial function of the human mind? A. Decision support systems B. Expert systems C. Knowledge bank D. Neural networks

D. Neural networks

2. Joe is the security administrator for an ERP system. He is preparing to create accounts for several new employees. What default access should he give to all of the new employees as he creates the accounts? A. Read only B. Editor C. Administrator D. No assess

D. No Access

67. Neal is working with a Dy amoDB database. The database is not structured like a relational database but allows Neal to store data using a key-value store. What type of database is DynamoDB? A. Relational database B. Graph database C. Heerarchical database D.NoSQL database

D. NoSQL database

77. Ben is designing a messaging system for a bank and would like to include a feature that allows the recipient of a message to prove to a third party that the message did indeed come from the purported originator. What goal is Ben trying to achieve? A. Authentication B. Authorization C. Integrity D. Nonrepudiation

D. Nonrepudiation

39. Jim's audit of a large organization's traditional PBX showed that Direct Inward System Access (DISA) was being abused by third parties. What issue is most likely to lead to this problem? A. The PBX was not fully patched. B. The dial-in modem lines use uppublished numbers. C. DISA is set up to only allow local calls. D. One or more users' access codes have been compromised.

D. One or more users' access codes have been compromised.

56. Chris has been asked to choose between implementing PEAP and LEAP for wireless authentication. What should he choose, and why? A. LEAP, because it fixes problems with TKIP, resulting in stronger security B. PEAP, because it implements CCMP for security C. LEAP, because it implements EAP-TLS for end-to-end session encryption D. PEAP, because it can provide a TLS tunnel that encapsulates EAP methods, protecting the entire session

D. PEAP, because it can provide a TLS tunnel that encapsulates EAP methods, protecting the entire session

37. Dogs, guard, and fences are all common examples of what type of control? A. Detective B. Recovery C. Administrative D. Physical

D. Physcial

22. What tye of fire suppression system fills with water when the intial stages of a fire are detected and then requires a sprinkler head heat activation before dispensing water? A. Wet pipe B. Dry pipe C. Deluge D. Preaction

D. Preaction

69. During a port scan of his network, Alex finds that a number of hosts respond on TCP ports 80, 443, 515, and 9100 in offices throughout his organization. What type of devices is Alex likely discovering? A. Web servers B. File servers C. Wireless access points D. Printers

D. Printers

NIST Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, provides NIST's process for penetration testing. Using this image as well as your knowledge of penetration testing, answer the following questions. Planning Reporting....... Information Gathering and Discovery Exploitation....Vulnerability Scanning 98. Which of the following is not a part of the discovery phase? A. Hostname and IP address information gathering B. Service information capture C. Dumpster diving D. Privilege escalation

D. Privilege escalation

97. Under what type of software license does the recipient of software have an unlimited right to copy, modify, distribute, or resell a software package? A. GNU Public License B. Freeware C. Open source D. Public domain

D. Public domain

53. Ben is following the NIST Special Publiciation 800-88 guidelines for santiziation and disposition as shown in the following diagram. He is handling information that his organization classified as sensitive, which is a moderate security categorization in the NIST MODEL. If the media is going to be sold as surplus, what process does Ben need to follow? Refer to page 36 in book. A. Destroy, validate, document B. Clear, purge, document C. Purge, document, validate D. Purge, validate, document

D. Purge, validate, document

13. Which of the following is not a single sign- on implementation? A. Kerberos B. ADFS C. CAS D. RADIUS

D. RADIUS

5. Sarah is manually reviewing a packet capture of TCP traffic and finds that a system is setting the RST flag in the TCP packets it sends repeatedly during a short peripd of time. What does this flag mean in the TCP packet header? A. RST flags mean "Rest." The server needs traffic to briefly pause. B. RST flags mean "Relay-set." The packets will be forwarded to the address set in the packet. C. RST flags mean "Resume Standard." Communications will resume in their normal format. D. RST means " Reset." The TCP session will be disconnected.

D. RST means " Reset." The TCP session will be disconnected.

83. TJ inspecting a system where the user reported a strange error message and the inability to access files. He sees the window shown in this figure. What type of malware should TJ suspect? Refer to page 177 in the book. A. Service injection B. Encrypted virus C. SQL injection D. Ransomware

D. Ransomware

5. What type of evidence consists entirely of tangible items that may be brought into a court of law? A. Documentary evidence B. Parol evidence C. Testimonial evidence D. Real evidence

D. Real Edvidence

91.Retaining and maintaining information for as long as it is needed is known as what? A. Data storage policy B. Data storage C. Asset maintenance D. Record retention

D. Record retention

92. Which one ofthe following techniques is not commonly used to remove unwanted remnant data from magnetic tapes? A. Phyical destruction B. Degaussing C. Overwriting D. Reformatting

D. Reformatting

37. What term describes software testing that is intended to uncover new bugs introduced by patches or configuration changes? A. Nonregression testing B. Evolution testing C. Smoke testing D. Regression testing

D. Regression testing

57. In what software testing technique does the evaluator retest a large number of scenarios each time that the software changes to verify that the results are consistent with a standard baseline? A. Orthogonal array testing B. Pattern testing C. Maxtrix testing D. Regression testing

D. Regression testing

80. Ben's team is attempting to categorize a transaction identification issue that iscaused by use of a symmetric key shared by multiple servers. What STRIDE category should this fall into? A. Information disclosure B. Denial of service C. Tampering D. Repudiation

D. Repudiation

98. A new law is passed that would result in significant financial harm to your company if the data that it covers was stolen or inadvertently released. What should your organizationdo about this? A. Select a new security baseline. B. Relabel the data. C. Encrypt all of the data at rest and in transit. D. Review its data classifications and classify the data appropriately.

D. Review its data classifications and classify the data appropriately.

82. Tom is planning to terminate an employee this afternoon for fraud and expects that the meeting will be somewhat hostile. He is coordingating the meeting with Human Resources and wants to protect the company against damage. Which one of the following steps is most important to coordinate in time with the termination meeting? A. Informing other employees of the termination B. Retrieval of photo ID C. Calculation of final paycheck D. Revocation of electronic access rights

D. Revocation of electronic access rights

83. Rolando is a risk manager with a large-scale enterprise. The firm recently evaluated the risk of California mudslides on its operations in the region and determined that the cost of responding outweighed the benefits of any controls it could implement. The company chose to take no action at this time. What risk management strategy did Rolando's organization pursue? A. Risk avoidance B. Risk mitigation C. Risk transference D. Risk acceptance

D. Risk acceptance

63. HAL Systems recently decided to stop offering public NTP services because of a fear that its NTP servers would be used in amplification DDoS attacks. What type of risk management strategy did HAL pursue with respect to its NTP serrvices? A. Risk mitigation B. Risk acceptance C. Risk transference D. Risk avoidance

D. Risk avoidance

9. Under what virtualization model does the virtualization platform separate the network control plane from the data plane and replace complex network devices with simpler devices that simply receive instructions from the controller? A. Virtual machines B. VSAN C. VLAN D. SDN

D. SDN

42. You are the CISO for a major hospital system and are preparing to sign a contract with a Software-as-a-Service (SaaS) email vendor and want to ensure that its business continuity planning measures are reasonable. What type of audit might you request to meet this goal? A. SOC-1 B. FISMA C. PCI DSS D. SOC-2

D. SOC-2

23. Mark is considering replacing his organization's customer relationship management (CRM) solution with a mew product that is available in the cloud. This new solution is completely managed by the vendor and Mark's company will not have to write any code or manage any physical resources. What type of cloud solution is Mark considering? A. IaaS B. CaaS C. PaaS D. SaaS

D. SaaS

79. What term describes the process of reviewing baseline security controls and selecting only the controls that are appropriate for the IT system you are trying to protect? A. Standard creation B. CIS benchmarking C. Baselining D. Scoping

D. Scoping

62. Major Hunter, member of the US armed forces, has been enstrusted with informaion that, if exposed, could cause serious damage to national security. Under US government classification standards, how should this data be classified? A. Unclassified B. Top Secret C. Confidential D. Secret

D. Secret

70. During a review of her organization's network, Angela discovered that it was suffering from broadcast storms and that contractors, guests, and organizational administrative staff were on the same network segment. What design change should Angela recommend? A. Require encryption for all users. B. Install a firewall at the network border. C. Enable spanning tree loop detection. D. Segment the network based on functional requirements.

D. Segment the network based on functional requirements.

16. Which one of the following terms is often used to describe a collection of unrelated patches released in a large collection? A. HotfixB. Update C. Security fix D. Service pack

D. Service pack

4. Harold's conpany has a strong password policy that requires a minimum length of 12 characters and the use of both alphanumeric characters and symbols. What technique would be the most effective way for an attacker to compromise passwords in Harold's organization? A. Brute-force attack B. Dictionary attack C. Rainbow table attack D. Social engineering attack

D. Social engineering attack

77. What software development model is shown in the figure? Refer to page 176 in book. A.Waterfall B. Agile C. Lean D. Spiral

D. Spiral

31. Renee is designing the long-term security plan for her organization and has a three-to five-year planning horizon. What type of plan is she developing? A. Operational B. Tactical C. Summary D. Strategic

D. Strategic

59. Gordon is concerned about the possibility that hackers may be able to use the Van Eck radiation phenomenon to remotely read the contents of computer monitors in his facility. What technology would protect against this type of attack? A. TCSEC B. SCSI C. GHOST D. TEMPEST

D. TEMPEST

54. What methods are often used to protect data in transit? A. Telnet, ISDN, UDP B. Encrypted storage media C. AES, Serpent, IDEA D. TLS,VPN,IPsec

D. TLS, VPN, IPsec

73. Miguel recently completed a pentration test of the applications that his organization uses to handle sensitive information. During his testing, he discovered a condition where an attacker can exploit a timing condition to manipulate software into allowing him to perform an unauthorized action. Which one of the following attack types fits this scenario? A. SQL injection B. Cross-site scripting C. Pass the hash D. TOC/TOU

D. TOC/TOU

29. Which of the following is not part ot a Kerberos authentication system? A. KDC B. TGT C. AS D. TS

D. TS

99. During a forensic investigation, Charles is able to determine the Media Access Countrol address of a system that was connected to a compromised network. Charles knows that MAC addresses are tied back to a manufacturer or vedor and are part of the fingerprint of the system. To which OSI layer does a MAC address belongs? A. The Application layer B. The Session layer C. The Physical layer D. The Data Link layer

D. The Data Link layer

36. Safe Harbor is part of a US program to meet what European Union law? A.The EU CyberSafe Act B. The Network and Information Security (NIS) directives B. The General Data Protection Regulation (GDPR) D. The EU Data Protection Directive

D. The EU Data Protection Directive

17. Jim has been contractedto conduct a gray box penetration test, and his clients have provided him with the following information about their networks so that he can scan them. Data center: 10.10.10.0/24 Sales: 10.10.11.0/24 Billing; 10.10.12.0/24 Wireless: 192.168.0.0/16 What problem will Jim encounter if he is contracted to conduct a scan from offsite? A. The IP ranges are too large to scan efficiently. B. The IP addresses provided cannot be scanned. C.The IP ranges overlap and will cause scanning issues. D. The IP addresses provided are RFC 1918 addresses

D. The IP addressses provided are RFC 1918 addresses.

Chris is the identity architect for a growing e-commerce website that wants to leverage social identity. To do this, he and his team intend to allow users to use their existing Google accounts as their primary accounts when using the e-commerce site. This means that when a new user initially connects to the e-commerce platform, they are viven the choice between using their Google+ account using OAuth 2.0, or creating anew account on the platform using their own email address and password of their choice. Using this information and the following diavram of an example authentication flow, answer questions 66, 67, andy8. Refer to page 107 in book. 66. When the e-commrce application creates an account for a Google+ user, where should that user's password be stored? A. The password is stored in the e-commerce application's database. B. The password is stored in memory on the e-commerce application's server. C. The password is stored in Google's account management system. D. The password is never stored; instead, a salted hash is stored in Google's accounts management system.

D. The password is never stored; instead, a salted hash is stored in Google's account management system.

12. What issue is common to spare sectors and bad sectors on hard drives as well as overprovisioned space on modern SSDs? A. They can be used to hide data. B. They can only be degaussed. C. They are not addressable, resulting in data remanence. D. They may not be cleared, resulting in data remanence.

D. They may not be cleared, resulting in data remanence.

75.Why might an organization use unique screen backgrounds or designs on workstations that deal with data of different classification levels? A. To indicate the software version in use B. To promote a corporate message C. To promote availability D. To indicate the classification level of the data or system

D. To indicate the classification level of the data or system

9. Which one of the following is not a goal of software threat modeling? A.To reduce the number of security-related design flaws B. To reduce the number of security-related coding flaws C. To reduce the severity of non-security flaws D. To reduce the number of threat vectors

D. To reduce the number of threat vectors

27. The International Information System Security Certification Consortium uses the logo below to respesent itself online and in a variety of forums. What type of intellectual property protection may it use to proctect its rights in this logo? (ISC) 2 A. Copyright B. Patent C. Trade secret D. Trademark

D. Trademark

74. Which one of the following traffic types should not be blocked by an organization's egress filtering policy? A. Traffic destined to a private IP address B. Traffic with a broadcast destination C. Traffic with a source address from an external network D. Traffic with a destination address on a external network

D. Traffic with a destination address on a external network

40. Which one of the following is an example of a manmade disaster? A. Hurricane B. Flood C. Mudslide D. Transformer failure

D. Transformer failure

14. Gary is preparing to develop controls around access to root encryption keys and would like to apply a principle of security designed specifically for very sensitive operations. What principle should he apply? A. Least privilege B. Defense in depth C. Security through obscurity D. Two-person control

D. Two-person control

47. What security measure can provide an additional security control in the event that backup tapes are stolen or lost? A. Keep multiple copies of the tapes. B. Replace tape media with hard drives. C. Use appropriate security labels. D. Use AES256 encryption.

D. Use AES256 encryption.

Use the following senario for questions 23, 24, and 25. The Center for Internet Security (CIS) works with subject matter experts from a variety of industries to create lists of security controls for operating systems, mobile devices, server software, and network devices. Your organization has decided to use the CIS benchmarks for your systems. Answer the following question based on this decision. 23. The CIS benchmarks are an example of what practice? A. Conducting a risk assessment B. Implementing data labeling C. Proper system ownership D. Using security baselines

D. Using security baselines

14. If the VPN grants remote users the same access to network and system resources as local workstations have, what security issue should Chris rsise? A. VPN users will not be able to access the web server. B. There is no additional security issue; the VPN concentrator's logical network location matches the logical network location of the workstations. C. VPN by passes the firewall, creating additional risks. D. VPN users should only connect from managed PCs.

D. VPN users should only connect from managed PCs.

66. What step should occur after a vulnerability scan finds a critical vulnerability on a system? A. Patching B. Reporting C. Remediation D. Valdation

D. Validation

50. In an Infrastucture as a Service (IaaS) environment where a vendor supplies a customer with access to storage services, who is normally responsible for removing sensitive data from drives that are taken out of service? A. Customer's security team B. Customer's storage team C. Customer's vendor management team D. Vendor

D. Vendor

54. What technique has been used to protect the intellectual property in the image shown below? Refer to page 149 in the book? A. Steganography B. Clipping C. Sampling D. Watermarking

D. Watermarking

68. What physical security control broadcasts false emanations constantly to mask the presence of true electromagnetic emanations from computing equipment? A. Faraday cage B. Copper-infused windows C. Shielded cabling D. White noise

D. White noise

33. What type of malware is characterized by spreading from system to system under its own power by exploiting vulnerabilities that do not require user intervention? A. Trojan horse B. Virus C. Logic bomb D. Worm

D. Worm

27. Which of the following is a converged protocol that allows storage mounts over TCP, and which is frequently used as a lower-cost alternative to Fibre Channel? A. MPLS B. SDN C. VoIP D. iSCSI

D. iSCSI

8. What type of attack can be prevented by using a trusted path? A. Dictionary attacks B. Brute force attacks C.Man-in-the-middle attacks D. Login spoofing

D. login spoofing

96. Susan is troubleeshooting Kerberos authentication problems with symptoms including TGTs that are not accepted as valid and an inability to receive new tickets. If the system she is troubleshooting is properly configured for Kerberos authentication, her username and. password are correct, and her network connection is functioning, what is the most likely issue? A. The Kerberos serve is offline. B. There is a protocol mismatch. C. dc=com, dc=example,ou=sales,uid=ben D. ou=sales,dc=com,dc=example

D. ou=sales,dc=com,dc=example

38. Which of the tools cannot identify a target's operating system for a penetration tester? A. Nmap B. Nessus C. Nikto D. sqlmap

D. sqlmap

61. Martin is inspecting a sustem where the user reported unusual activity, including disk activity when the system is idle and abnormal CPU and network usage. He suspects that the machine is infected by a virus but scans come up clean. What malware technique might be in use here that would explain the clean scan results? A. File infector virus B. MBR virus C. Service injection virus D. Stealth virus

D. stealth virus

66. What is the mimimum fence height that makes a fence difficult to climb easily, deterring most intruders? A. 3 feet B. 4 feet C. 5 feet D. 6 feet

D.6 feet

88. Modern dial-up connections use what dial-up protocol? A. SLIP B. SLAP C. PPTP D. PPP

D.PPP

94. Nmap is an example of what type of tool? A. Vulnerability scanner B. aweb application fuzzer C. Network design and layout D. Port sscanner

D.Port scanner


Related study sets

EMR: Chapter 23 Pregnancy and Childbirth

View Set

Chapter 4 - The constitution of the United States of America

View Set

Speak Out Starter Unit 4 (2) Days, time phrases

View Set

Post Traumatic Stress Disorder/Syndrome

View Set

Unit 7 - Investment Analysis and Strategies

View Set

CME Workbook 1, Lesson 5, Page 44, Exercise 3 - answer

View Set

NUR 230 exam 1 clicker questions

View Set

Gov- Unit 3: Quiz 1 - The American Party System

View Set

Week Three: Cell Structure and Protists

View Set