INSY 4312 Exam 1 Review (Ch1-4)

Ace your homework & exams now with Quizwiz!

3.3.5 You want to encrypt data on a removable storage device. Which encryption method would you choose to use the strongest method possible? a. AES b. 3DES c. SHA-1 d. RSA

AES

3.3.5 Which of the following can be classified as a "stream cipher"? a. Twofish b. AES c. Blowfish d. RC4

RC4

4.4.5 What is the average number of times that a specific risk is likely to be realized? a. Annualized Rate of Occurrence b. Estimated Maximum Downtime c. Exposure factor d. Annualized Loss Expectancy

Annualized Rate of Occurrence

2.1.6 Which type of access control focuses on assigning privileges based on security clearance and data sensitivity? a. MAC b. DAC c. RBAC d. TBAC

MAC (Mandatory Access Control)

2.11.11 You are teaching new users about security and passwords. Which example of the passwords would be the most secure password? a. T1a73gZ9! b. 8181952 c. Stiles_2031 d. JoHnSm1Th

T1a73gZ9!

2.13.5 Which of the following protocols can be used to centralize remote access authentication? a. TACACS b. Kerberos c. CHAP d. EAP e. SESAME

TACACS

3.6.4 Which of the following communications encryption mechanisms has a specific version for wireless communications? a. HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) b. TLS (Transport Layer Security) c. SSL (Secure Socket Layer) d. IPSec (Internet Protocol Security)

TLS (Transport Layer Security)

3.6.4 Which of the following technologies is based upon SSL (Secure Sockets Layer)? a. S/MIME (Secure Multipurpose Internet Mail Extensions) b. L2TP (Layer 2 Tunneling Protocol) c. TLS (Transport Layer Security) d. IPSec (Internet Protocol Security)

TLS (Transport Layer Security)

1.1 What is the greatest threat to confidentiality of data in most secure organizations? a. malware b. operator error c. USB devices d. hacker intrusion

USB devices

2.14.11 You want to deploy SSL to protect authentication traffic with your LDAP-based directory service. Which port would this use? a. 60 b. 80 c. 389 d. 443 e. 636 f. 2208

636

2.7.10 In the /etc/shadow file, which character in the password field indicates that a standard user account is locked?

! or !!

2.9.4 Which chage option keeps a user from changing password every two weeks? a. -W 33 b. -m 33 c. -a 33 d. -M 33

-m 33

2.9.4 Which file should you edit to limit the amount of concurrent logins for a specific user? (Tip: Enter the full path to the file.)

/etc/security/limits.conf

3.3.5 How many keys are used with symmetric key cryptography? a. one b. two c. four d. five

one

2.11.11 You have just configured the password policy and set the minimum password age to 10. What will be the effect of this configuration? a. the password must contain 10 or more characters. b. users must change the password at least every 10 days. c. the password must be entered within 10 minutes of the logon prompt being displayed. d. users cannot change the password for 10 days. e. the previous 10 passwords cannot be reused.

users cannot change the password for 10 days

3.6.4 Which of the following is not true in regards to S/MIME? a. included in most Web browsers. b. uses IDEA encryption c. authenticates through digital signatures d. uses X.509 version 3 certificates

uses IDEA encryption

4.4.5 You have conducted a risk analysis to protect a key company asset. You identify the following values: Asset value = 400 Exposure factor = 75 Annualized Rate of Occurrence = .25 What is the Single Loss Expectancy (SLE)? a. 100 b. 300 c. 475 d. 30000

300

2.13.5 which of the following ports are used with TACACS? a. 22 b. 49 c. 50 and 51 d. 1812 and 1813 e 3389

49

4.4.5 You have conducted a risk analysis to protect a key company asset. You identify the following values: Asset value = 400 Exposure value = 75 Annualized Rate of Occurrence: .25 What is the Annualized Loss Expectancy (ALE)? a. 25 b. 75 c. 100 d. 175 e. 475

75

2.12.7 You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You would like to define a granular password policy for these users. Which tool should you use? a. ADSI Edit b. Active Directory Users and Computers c. Active Directory Domains and Trusts d. Group Policy Management Console and Group Policy Management Editor e. Active Directory Sites and Services

ADSI Edit

2.1.6 Which of the following is the term for the process of validating a subject's identity? a. authorization b. authentication c. identification d. auditing

Authentication

2.1.6 A remote access user needs to gain access to resources on the server. Which of the processes are performed by the remote access server to control access to resources? a. authentication and authorization b. identity proofing and authentication c. identity proofing and authorization d. authorization and accounting e. authentication and accounting

Authentication and authorization

2.13.5 Which remote access authentication protocol periodically and transparently re-authenticates during a logon session by default? a. certificates b. PAP c. CHAP d. EAP

CHAP

3.4.3 Which of the following generates the key pair used in asymmetric cryptography? a. OCSP b. CPS c. CRL d. CSP e. CA

CSP

2.14.11 A manager has told you she is concerned about her employees writing their passwords for Web sites, network files, and database resources on sticky notes. Your office runs exclusively in a Windows environment. Which tool could be used to prevent this? a. Key Management Service b. Credential Manager c. Computer Management d. Local Users and Groups

Credential Manager

2.1.6 You have a system that allows the owner of a file to identify users and their permissions to the file. Which type of access control model is implemented? a. RBAC (based on rules) b. DAC c. RBAC (based on roles) d. MAC

DAC

2.1.6 Which form of access control enforces security based on user identities and allows individuals to define access controls over owned resources? a. DAC b. TBAC c. MAC d. RBAC

DAC (Discretionary Access Control)

3.3.5 Which of the following encryption mechanisms offers the least security because of weak keys? a. DES b. TwoFish c. IDEA d. AES

DES

3.4.3 Which cryptography system generates encryption keys that could be used with DES, AES, IDEA, RC5 or any other symmetric cryptography solution? a. Elliptical Curve b. Merkle-Hellman Knapsack c. RSA d. Diffie-Hellman

Diffie-Hellman

4.7.4 Which of the following is a representative example of an assigned level of a system that was judged through Common Criteria? a. C2 b. E5 c. EALS d. F-B1, E3

EALS

3.4.3 Which form of asymmetric cryptography is based upon Diffie-Hellman? a. Merkle-Hellman Knapsack b. RSA c. ECC d. El Gamal

El Gamal

3.6.4 Which of the following can be used to encrypt Web, e-mail, telnet, file transfer, and SNMP traffic? a. IPsec (Internet Protocol Security) b. SHTTP (Secure Hyptertext Transfer Protocol) c. SSL (Secure Sockets Layer) d. EFS (Encryption File System)

IPsec (Internet Protocol Security)

2.12.7 You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. Which should you do? a. create a GPO linked to the Directors OU. Configure the password policy in the new GPO. b. Implement a granular password policy for the users in the Directors OU. c. in Active Directory Users and Computers, select all user accounts in the Director OU. Edit the user account properties to require the longer password. d. create a new domain. Move the contents of the Directors OU to the new domain. Configure the necessary password policy on the domain.

Implement a granular password policy for the users in the Directors OU

3.3.5 Which of the following symmetric block ciphers does not use a variable block length? a. Ron's Cipher v5 (RC5_ b. International Data Encryption Algorithm (IDEA) c. Elliptic Curve (EC) d. Advanced Encryption Standard (AES)

International Data Encryption Algorithm (IDEA)

2.14.11 Which of the following protocols use port 88? a. LDAP b. TACACS c. PPTP d. Kerberos e. L2TP

Kerberos

2.2.7 Which of the following authentication methods uses tickets to provide single sign-on? a. Kerberos b. 802.1x c. PKI d. MS-CHAP

Kerberos

2.14.11 Which of the following authentication mechanisms is designed to protect 9-character password from attacks by hashing the first seven characters into a single hash and then hashing the remaining two characters into another separate hash? a. LANMAN b. NTLM c. NTLMv2 d. LDAP

LANMAN

2.1.6 In which form of access control environment is access controlled by rules rather than by identity? a. DAC b. ACL c. most client-server environments d. MAC

MAC

3.2.4 Which of the following is the weakest hashing algorithm? a. MD5 b. AES c. SHA-1 d. DES

MD5

3.4.3 Mary wants to send a message to Sam. She wants to digitally sign the message to prove that she sent it. Which key should Mary use to create the digital signature? a. Mary's private key b. Sam's private key c. Sam's public key d. Mary's public key

Mary's private key

3.5.8 What technology was developed to help improve the efficiency and reliability of check the validity status of certificates in large complex environments? a. Certificate Revocation List b. Private Key Recovery c. Online Certificate Status Protocol d. Key Escrow

Online Certificate Status Protocol

2.13.5 Which of the following authentication protocols transmits passwords in clear text, and is therefore considered too insecure for modern networks? a. RADIUS b. EAP c. CHAP d. PAP

PAP

4.7.4 Which of the following components of the Common Criteria (CC) evaluation system is a document written by a user or community that identifies the security requirements for a specific purpose? a. Protection Profile (PP) b. Security Target (ST) c. Security Functional requirements (SFR) d. Target of Evaluation (TOE)

Protection Profile (PP)

2.13.5 which of the following are differences between RADIUS and TACACS+? a. RADIUS uses TCP; TACACS+ uses UDP b. RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers. c. RADIUS supports more protocols than TACACS+ d. RADIUS encrypts the entire packet contents; TACACS+ only encrypts the password.

RADIUS combines authentication and authorization into a single function; TACACS+ allows these services to be split between different servers

2.1.6 What form of access control is based on job description? a. Location-based access control (LBAC) b. Mandatory access control (MAC) c. Discretionary access control (DAC) d. Role-based access control (RBAC)

RBAC

2.1.6 Which access control model manages rights and permissions based on job descriptions responsibilities? a. Role Based Access Control (RBAC) b. Mandatory Access Control (MAC) c. Task Based Access Control (TBAC) d. Discretionary Access Control (DAC)

RBAC

2.1.6 You have implemented an access control method that allows only users who are managers to access specific data. Which types of access control model is used? a. MAC b. DACL c. RBAC d. DAC

RBAC

3.3.5 Which version of the Rivest Cipher is a block cipher that supports variable bit length keys and variable bit block sizes? a. RSA b. RC2 c. RC4 d. RC5

RC5

3.6.4 Which public key encryption system does PGP (Pretty Good Privacy) use for key exchange and digital signatures? a. Merkle-Hellman Knapsack b. RSA c. Elliptic Curve d. El Gamal

RSA

2.14.11 You want to use Kerberos to protect LDAP authentication. Which authentication mode should you choose? a. SASL b. EAP c. Mutual d. Simple

SASL

3.2.4 Which of the following does not or cannot produce a hash value of 128 bits? a. SHA-1 b. RIPEMD c. MD5 d. MD2

SHA-1

3.2.4 Which of the following is the strongest hashing algorithm? a. MD5 b. NTLM c. LANMAN d. SHA-1

SHA-1

3.6.4 Which security mechanism can be used to harden or protect e-commerce traffic from Web servers? a. removing unneeded protocols b. SSL c. penetration testing d. access control lists

SSL

3.4.3 Mary wants to send a message to SAM so that only SAM can read it. Which key would be used to encrypt the message? a. Mary's public key b. Sam's public key c. Sam's private key

Sam's public key

4.7.4 Which of the following terms describes the product that is evaluated against the security requirements in the Common Criteria (CC) evaluation system? a. Security Target (ST) b. object c. Protection Profile (PP) d. subject e. Target of Evaluation (TOE)

Target of Evaluation (TOE)

4.9.5 Your company security policy requires separation of duties for all network security matters. Which of the following scenarios best describes this concept? a. Every change to the default system image requires concurrent processing by multiple domain controllers. b. only the security officer can implement new border router rule sets. c. The system administrator configures remote access privileges and the security officer reviews and activates each account. d. security policy authors may never fraternize with system administration personnel.

The system administrator configures remote access privileges and the security officer reviews and activates each account

2.3.5 Which security mechanism uses a unique list for each object embedded directly in the object itself that defines which subjects have access to certain objects and the level or type of access allowed? a. hashing b. Kerberos c. Mandatory Access Control d. User ACL

User ACL

2.1.6 Which of the following is used for identification? a. password b. username c. PIN d. cognitive questions

Username

3.6.4 HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) can be used to provide security for what type of traffic? a. Telnet b. Web c. E-mail d. FTP

Web

2.5.5 Which of the following is an example of a decentralized privilege management solution? a. RADIUS b. Active Directory c. Workgroup d. TACAS+

Workgroup

3.5.8 Which of the following would find on a CPS? a. a list of issued certificates b. a declaration of the security that the organization is implementing for all certificates. c. a list of revoked certificates d. a description of the format for a certificate.

a declaration of the security that the organization is implementing for all certificates.

3.5.8 What is a PKI? a. an algorithm for encrypting and decrypting data b. a hierarchy of computers for issuing certificates. c. a protocol that defines secure key exchange. d. a program that generates key pairs.

a hierarchy of computers for issuing certificates.

2.2.7 Which of the following is the strongest form of multi-factor authentication? a. a password and biometric scan b. two-factor authentication c. a password, a biometric scan, and a token device d. two passwords

a password, biometric scan, and a token device

2.14.11 What is mutual authentication? a. using a CA (certificate authority) to issue certificates b. deploying CHAP and EAP on remote access connections. c. a process by which each party in an online communications verifies the identity of the other part d. the use of two or more authentication factors.

a process by which each party in an online communications verifies the identity of the other part

3.3.5 What type of key or keys are used in symmetric cryptography? a. a single key pair b. two unique sets of key pairs c. a unique key for each participant d. a shared private key

a shared private key

3.2.4 Which of the following best describes high amplification when applied to hashing algorithms? a. a small change in the message results in a big change in the hash value. b. hashes produced by two different parties using the same algorithm result in the same hash value. c. reversing the hashing function does not recover the original message. d. dissimilar messages frequently result in the same hash value.

a small change in the message results in a big change in the hash value.

2.2.7 Which of the following is an example of two-factor authentication? a.a fingerprint and a retina scan. b. a username and a password c. a pass phrase and a PIN d. a token device and a PIN

a token device and a PIN

2.2.7 Which of the following is stronger than any biometric authentication factor? a. a dynamic asynchronous token device without a PIN b. a 47-character password c. a two-factor authentication d. a USB device hosting PKI certificates

a two-factor authentication

1.1 Which of the following is an example of an internal threat? a. a water pipe in the server room breaks. b. a delivery many is able to walk into a controlled area and steal a laptop. c. a server backdoor allows an attacker on the Internet to gain access to the intranet site. d. a user accidentally deletes the new product designs.

a user accidentally deletes the new product designs

2.13.5 Which of the following is the best example of remote access authentication? a. a user connects using Remote Desktop to a computer on the LAN. b. a user establishes a dial-up connection to a server to gain access to shared resources. c. a user accesses a shared folder on a server. d. a user logs on to an e-commerce site that use SSL

a user establishes a dial-up connection to a server to gain access to shared resources

4.4.5 You have conducted a risk analysis to protect a key company asset. You identify the following values: Asset value = 400 Exposure factor = 75 Annualized Rate of Occurrence (ARO) = .25 Countermeasure A has a cost of 320 and will protect the asset for four years. Countermeasure B has an annual cost of 85. An insurance policy to protect the asset has an annual premium of 90. What should you do? a. accept the risk or find another countermeasure. b. implement countermeasure A. c. implement countermeasure B. d. purchase the insurance policy.

accept the risk or find another countermeasure.

2.3.5 Which of the following terms describes the component that is generated following authentication and which is used to gain access to resources following logon? a. access token b. account policy c. proxy d. cookie

access token

4.7.4 A process performed in a controlled environment by a third-party which verifies that an IS meets a specific set of security standards before being granted the approval to operate is known as? a. accreditation b. external auditing c. penetration testing d. perturbation

accreditation

4.7.4 Which of the following defines system high mode? a. multiple levels of classified data resides within the same system. b. Each user is required to meet the relevant security criteria for all of the information stored within the system and have predetermined access level and valid need-to-know for some of the system. c. all users must have formal, need-to-know clearance to access all of the information which exists within a system. d. all systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.

all systems and peripherals within a system are classified and then protected according to the level of classification assigned to the most highly classified object which resides on the system.

4.1.11 Which of the following defines an acceptable use agreement? a. an agreement which outlines the organization's monitoring activities. b. an agreement which is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information. c. an agreement which prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization. d. an agreement which identifies the employer's rights to use company property such as Internet access and computer equipment for personal use.

an agreement which identifies the employer's rights to use company property such as Internet access and computer equipment for personal use.

3.1.5 Which of the following is a form of mathematical attack against the complexity of a cryptosystem's algorithm? a.replay attack b. analytic attack c. brute force attack d. birthday attack

analytic attack

1.1 Which of the following is the correct definition of a threat? a. instance of being exposed to losses from an attacker. b. any potential danger to the confidentiality, integrity, or availability of information or systems. c. absence of weakness of a safeguard that could be exploited. d. the likelihood of an attack taking advantage of a vulnerability.

any potential danger to the confidentiality, integrity, or availability of information or systems

4.8.5 How often would change control management be implemented? a. at regular intervals throughout the year. b. only when a production system is altered greatly. c. any time a production system is altered. d. only when changes are made which affect senior management.

any time a production system is altered.

4.7.4 Which of the following is a term used to describe a level of confidence that the evaluation methods were through and complete so that tehy security designation can be trusted? a. effectiveness b. functionality c. assurance d. evaluation

assurance

3.5.8 A PKI is a method for managing which type of encryption? a. hashing b. steganography c. asymmetric d. symmetric

asymmetric

3.6.4 What form of cryptography is scalable for use in very large and ever-expanding environments where data is frequently exchanged between different communication partners? a. symmetric cryptography b. hashing cryptography c. asymmetric cryptography d. private key cryptography

asymmetric cryptography

3.6.4 Which of the following statements is true when comparing symmetric and asymmetric cryptography? a. asymmetric key cryptography is used to distribute symmetric keys. b. symmetric key cryptography uses a public and a private key pair. c. asymmetric key cryptography is quicker than symmetric key cryptography while processing large amounts of data. d. symmetric key cryptography should be used for large, expanding environments.

asymmetric key cryptography is used to distribute symmetric keys.

4.9.5 What is the primary means by which supervisors can determine whether or not employees are complying with the organization's security policy? a. auditing b. keystroke logging c. job action warnings d. awareness sessions

auditing

2.13.5 RADIUS is primarily used for what purpose? a. managing access to a network over a VPN. b. authenticating remote clients before access to the network is granted. c. managing RAID fault-tolerant drive configurations. d. controlling entry gate access using proximity sensors.

authenticating remote clients before access to the network is granted

4.6.6 The receptionist received a phone call from an individual claiming to be a partner in a high-level project and requesting sensitive information. The individual is engaging in which type of social engineering attack? a. social validation b. commitment c. persuasive d. authority

authority

1.1 The company network is protected by a firewall, an IDS, and tight access controls. All of the files on this protected network are copied to tape every 24 hours. The backup solution imposed on this network is designed to provide protection for what security service? a. availability b. confidentiality c. integrity d. non-repudiation

availability

4.6.6 What is the primary countermeasure to social engineering? a. heavy management oversight b. traffic filters c. awareness d. a written security policy

awareness

4.6.6 Dictionary attacks are often more successful when performed after what reconnaissance action? a. site survey b. social engineering c. ARP flooding d. cutting the network cable.

b

4.5.7 After an intrusion has occurred and the intruder has been removed from the system, which of the following is the best next step or action to take? a. back up all logs and audits regarding the incident. b. update the security policy c. deploy new countermeasures. d. restore and repair any damage.

back up all logs and audits regarding the incident.

4.5.7 Which of the following is an important aspect of evidence gathering? a. purging transaction logs. b. monitoring user access to compromised systems. c. restoring damaged data from backup media. d. backing up all log files and audit trails.

backing up all log files and audit trails.

3.2.4 If two different messages or files produce the same hashing digest, then a collision has occurred. What form of cryptographic attack exploits this condition? a. meet in the middle attack b. birthday attack c. adaptive chosen ciphertext attack d. statistical attack

birthday attack

3.1.5 Which of the following attacks will typically take the longest amount of time to complete? a. impersonation attack b. dictionary attack c. brute force attack d. replay attack

brute force attack

4.3.4 In business continuity planning, what is the primary focus of the scope? a. business processes b. recovery time objective c. human life and safety d. company assets

business processes

4.9.5 Which of the following defines two-man control? a. certain tasks should be dual-custody in nature to prevent a security breach. b. an employee is granted the minimum privileges required to perform duties of the position. c. a situation in which multiple employees conspire to commit fraud or theft. d. for any task in which vulnerabilities exist, steps within the tasks are assigned to different positions with different management.

certain tasks should be dual-custody in nature to prevent a security breach.

3.5.8 In what form of key management solution is key recovery possible? a. centralized b. hierarchical c. decentralized d. public

centralized

3.5.8 Which of the following conditions does not result in a certificate being added to the certificate revocation list? a. certificate expiration b. private key compromise c. invalid identity credentials d. committing a crime using the certificate

certificate expiration

2.9.4 What chage command should you use to set the password for jsmith to expire after 60 days and give a warning 10 days before it expires? (Tip: Enter the command as if at the command prompt.)

chage -M 60 -W 10 jsmith

4.5.7 You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this? a. FIPS-140 b. CPS (certificate practice statement) c. rules of evidence d. chain of custody

chain of custody

4.5.7 What is the most important element related to evidence in addition to the evidence itself? a. completeness b. witness testimony. c. chain of custody document d. photographs of the crime scene

chain of custody document

3.1.5 Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plain text to see the resulting cipher text. What type of attack is this? a. chosen plaintext b. chosen cipher c. brute force d. known plaintext

chosen plaintext

4.9.5 A code of ethics provides for all but which of the following? a. clearly defines courses of action to take when a complex issue is encountered. b. establishes a baseline for managing complex situations. c. serves as a reference for the creation of acceptable use policies. d. improves the professionalism of your organization as well as your professions.

clearly defines courses of action to take when a complex issue is encountered.

4.3.4 As a BCP or DRP plan evolves over time, what is the most important task to perform when rolling out a new version of the plan? a. obtain senior management approval. b. perform new awareness sessions. c. redefine all roles and responsibilities. d. collect and destroy all old plan copies.

collect and destroy all old plan copies

3.2.4 When two different messages produce the same hash value, what has occurred? a. hash value b. high amplification c. collision d. birthday attack

collision

2.4.4 Need to know is required to access which types of resources? a. resources with unique ownership b. compartmentalized resources c. high-security resources d. low-security resources

compartmentalized resources

1.1 A user copies files from her desktop computer to a USB flash device and puts the device into her pocket. Which of the following security goals is most at risk? a. non-repudiation b. Integrity c. Confidentiality d. availability

confidentiality

1.1 By definition, which security concept ensures that only authorized parties can access data? a. confidentiality b. non-repudiation c. integrity d. authentication

confidentiality

1.1 Smartphones with cameras and Internet capabilities pose a risk to which security goal? a. availability b. integrity c. confidentiality d. non-repudiation

confidentiality

2.11.11 For users on your network, you want to automatically lock their user accounts if four incorrect passwords are used within 10 minutes What should you do? a. configure the enable/disable feature in the user accounts. b. configure account expiration in the user accounts. c. configure account lockout policies in Group Policy d. configure day/time restrictions in the user accounts e. configure password policies in Group Policy

configure account lockout policies in Group Policy

2.11.11 You want to make sure that all users have passwords over 8 characters and that passwords must be changed every 30 days. What should you do? a. configure account policies in Group Policy b. configure day/time settings in the user accounts. c. configure account lockout policies in Group Policy. d. configure expiration settings in the user accounts.

configure account policies in Group Policy

2.11.11 You have hired 10 new temporary workers who will be with the company for 3 months. You want to make sure that these users can only log on during regular business hours. What should you do? a. configure account expiration in the user accounts. b. configure account policies in Group Policy. c. configure day/time restrictions in the user accounts. d. configure account lockout in Group Policy

configure day/time restrictions in the user accounts

2.13.5 You have decided to implement a remote access solution that uses multiple remote access servers You want to implement RADIUS to centralize remote access authentication and authorization. Which of the following would be a required part of your configuration. a. obtain certificates from a public or private PKI. b. configure the remote access servers as RADIUS servers. c. configure the remote access servers as RADIUS clients. d. configure remote access clients as RADIUS clients.

configure the remote access servers as RADIUS clients

4.7.4 Which of the following terms restricts the ability of a program to read and write to memory according to its permissions or access level? a. bounds b. layering c. confinement d. abstraction

confinement

2.1.6 The Brewer-Nash model is designed primarily to prevent? a. false acceptance b. conflicts of interest c. inference attacks d. denial of service attacks

conflicts of interest

4.1.11 You have recently discovered that a network attack has compromised your database server. In the process, customer credit card numbers might have been taken by an attacker. You have stopped the attack and put measures in place to prevent the same incident from occurring in the future. What else might you be legally required to do? a. implement training for employees who handle personal information. b. perform additional investigations to identify the attacker. c. delete personally identifiable information from your computers. d. contact your customers to let them know of the security breach

contact your customers to let them know of the security breach

1.1 Which of the following is not a valid concept to associate with integrity? a. prevent the unauthorized change of data. b. ensure your systems record the real information when collecting data. c. control access to resources to prevent unwanted access. d. protect your environment so it maintains the highest source of truth.

control access to resources to prevent unwanted access

2.1.6 The Clark-Wilson model is primarily based on? a. a directed graph b. a matrix c. dynamic access controls d. controlled intermediary access applications

controlled intermediary access applications

3.3.5 Which of the following is considered an out-of-band distribution method for private-key encryption? a. sending a secured e-mail b. using a key distribution algorithm c. copying the key to a USB drive d. using a private fiber network

copying the key to a USB drive

2.10.5 You want to ensure that all users in the Development OU have a common set of network communication security settings applied. Which should you do? a. create a GPO computer policy for the computers in the Development OU. b. Create a GPO user policy for the Development OU. c. create a GPO computer policy for the Computers container. d. create a GPO folder policy for the folders containing the files.

create a GPO computer policy for the computers in the Development OU

4.5.7 How can a criminal investigator ensure the integrity of a removable media device found while collecting evidence? a. reset the file attributes on the media to read-only. b. create a checksum using a hashing algorithm. c. enable write protection d. write a log file to the media.

create a checksum using a hashing algorithm.

2.12.7 You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You define a new granular password policy with the required settings. All users in the Directors OU are currently members of the DirectorsGG group, a global security group in that OU. You apply the new password policy to that group. Matt Barnes is the chief financial officers. He would like his account to have even more strict password policies than is required for other members in the Directors OU. Which should you do? a. create a granular password policy for Matt. Apply the new policy directly to Matt's user account. b. create a granular password policy for Matt. Create a new group, and then make Matt a member of the group. Apply the new policy directly to the new group. Make sure the new policy has a higher precedence value than the value for the existing policy. c. edit the existing password policy. Define exceptions for the required settings. Apply the exceptions to Matt's user account. d. create a granular password policy for Matt. Apply the new policy directly to Matt's user account. Remove Matt from the DirectorsGG group.

create a granular password policy for Matt. Apply the new policy directly to Matt's user account

2.12.7 You manage a single domain named widgets.com. Organizational units (OUs) have been created for each company department. User and computer accounts have been moved into their corresponding OUs. You define a password and account lockout policy for the domain. However, members of the Directors OU want to enforce longer passwords than are required for the rest of the users. You need to make the change as easily as possible. Which should you do? a. create a granular password policy. Apply the policy to all users in the widgets.com domain. b. create a granular password policy. Apply the policy to the Directors OU. c. create a granular password policy. Apply the policy to all users in the Directors OU. d. create a granular password policy. Create a distribution group. Apply the policy to the group. Add all users in the Directors OU to the group.

create a granular password policy. Apply the policy to all users in the Directors OU

3.2.4 Hashing algorithms are used to perform what activity? a. create a message digest. b. encrypt bulk data for communications exchange c. provide a means to exchange small amounts of data securely over a public network. d. provide for non-repudiation

create a message digest

2.4.4 Which of the following is an example of privilege escalation? a. mandatory vacations b. principle of least privilege c. separation of duties d. creeping privileges

creeping privileges

4.9.5 Which of the following is not a protection against collusion? a. two man control. b. separation of duties. c. principle of least privilege d. cross training

cross training

2.1.6 Which of the following defines an object as used in access control? a. policies, procedures, and technologies that are implemented within a system. b. resources, policies, and systems. c. data, applications, systems, networks, and physical space. d. users, applications, or processes that need to be given access.

data, applications, systems, networks, and physical space

4.7.4 Which is the operating mode of a system that is deployed in such a way so that it operates at a single level of classification and all users who can access the system all have that same specific clearance level as well as all of the need to know over all the data on the system? a. compartmented b. multilevel c. system high d. dedicated

dedicated

4.1.11 Which of the following is the best protection against security violations? a. monolithic security b. bottom up decision making c. defense in depth d. fortress mentality

defense in depth

4.4.5 To determine the value of the company assets, an anonymous survey was used to collect the opinions of all senior and mid-level managers. Which asset valuation method was used? a. comparative b. delphi method c. sensitivity vs. risk d. asset classification

delphi method

4.4.5 Which of the following is not a valid response to a risk discovered during a risk analysis? a. denial b. mitigation c. assignment d. acceptance

denial

4.7.4 Who is assigned the task of judging the security of a system or network and granting it an approval to operate? a. InfoSec officer b. senior management c. custodian d. designated approving authority

designated approving authority

3.1.5 Which type of password attack employs a list of pre-defined passwords that it tries against a logon prompt or a local copy of a security accounts database? a. asynchronous b. salami c. dictionary d. brute force

dictionary

3.6.4 Which of the following is a direct protection of integrity? a. symmetric encryption b. asymmetric encryption c. digital signature d. digital envelope

digital signature

2.6.9 What should be done to a user account if the user goes on an extended vacation? a. remove all rights from the account. b. monitor the account more closely. c. disable the account d. delete the account

disable the account

4.1.11 When informing an employee that they are being terminated, what is the most important activity? a. disabling their network access b. allowing them to complete their current work projects. c. giving them two weeks' notice d. allowing them to collect their personal items.

disabling their network access

4.9.5 When informing an employee that they are being terminated, what is the most important activity? a. allowing them to collect their personal items. b. giving them two week's notice. c. allowing them to complete their current work projects. d. disabling their network access

disabling their network access

4.5.7 During a recent site survey, you find a rogue wireless access point on your network. Which of the following actions should you take first to protect your network, while still preserving evidence? a. see who is connected to the access point to try and find the attacker. b. connect to the access point and examine its logs for information. c. disconnect the access point from the network. d. run a packet sniffer to monitor traffic to and from the access point.

disconnect the access point from the network.

4.9.5 Which of the following is not an element of the termination process. a. dissolution of the NDA b. return company property c. disable all network access d. exit interview

dissolution of the NDA

4.9.5 The best way to initiate sold administrative control over an organization's employees is to have what element in place? a. mandatory vacations in one-week increments. b. an acceptable use policy. c. distinct job descriptions d. rotation of duties

distinct job descriptions

4.5.7 When conducting a forensic investigation, and assuming that the attack has been stopped, which of the following actions should you perform first? a. remove the hard drive b. stop all running processes c. document what's on the screen d. turn off the system

document what's on the screen

4.5.7 When conducting a forensic investigation, which of the following initial actions is appropriate for preserving evidence? a. turn off the system. b. remove the hard drive. c. stop all running processes. d. document what's on the screen.

document what's on the screen.

3.6.4 Secure Multi-Purpose Internet Mail Extensions (S/MIME) is used primarily to protect what? a. e-mail attachments b. instant messages c. newsgroup postings d. web surfing

e-mail attachments

2.11.11 Which of the following is not an important aspect of password management? a. prevent use of personal information in a password. b. enable account lockout. c. always store passwords in a secure medium. d. training users to create complex passwords that are easy to remember.

enable account lockout

2.13.5 which of the following is a characteristic of TACACS+? a. requires that authentication and authorization are combined in a single server. b. uses UDP ports 1812 and 1813 c. encrypts the entire packet, not just authentication packets. d. supports only TCP/IP

encrypts the entire packet, not just authentication packets

4.4.5 You are a network administrator over two Windows-based sites. You have almost 2,000 employees with workstations and 64 servers that need to be more secure. You have decided to implement a Data Loss Prevention (DLP) solution to detect and stop breaches of sensitive data. You decide to implement e-mail and instant messaging communication controls so that messages that violate your organization security policy are blocked at the workstation before being transmitted on the network. Which DLP solution should you implement? a. network DLP b. file-level DLP c. endpoint DLP d. borderpoint DLP

endpoint DLP

2.15.3 In an Identity Management System, what is the function of the Identity Vault? a. ensure that each employee has the appropriate level of access in each system. b. store the user's access to resources c.implement the P-sync system d. coordinate the management of user identity across system boundaries

ensure that each employee has the appropriate level of access in each system.

4.6.6 Dumpster diving is a low-tech means of gathering information that may be useful in gaining unauthorized access, or as a starting point for more advanced attacks. How can a company reduce the risk associated with dumpster diving? a. establish and enforce a document destruction policy. b. secure all terminals with screensaver passwords. c. create a strong password policy. d. mandate the use of Integrated Windows Authentication.

establish and enforce a document destruction policy.

2.4.4 You want to implement an access control list where only the users you specifically authorize have access to the resource. Anyone not on the list should be prevented from having access. Which of the following will the access list use? a. explicit allow, implicit deny b. implicit allow, explicit deny c. explicit allow, explicit deny d. implicit allow, implicit deny

explicit allow, implicit deny

2.2.7 Which of the following terms is used to describe an event in which a person is denied access to a system when they should be allowed to enter? a. false positive b. false negative c. false acceptance d. error rate

false negative

3.6.4 What is the main function of a TPM hardware chip? a. control access to removable media b provide authentication credentials on a hardware device c. generate and store cryptographic keys d. perform bulk encryption in a hardware processor

generate and store cryptographic keys

2.8.6 You are the administrator for a small company. You need to add a new group of users, named sales, to the system. Which command will accomplish this? a. addgroup sales b. groupadd -r sales c. groupadd sales d. addgroup -x sales

groupadd sales

2.8.6 You have a group named temp_sales on your system. The group is no longer needed, and you should remove the group. Which of the following commands should you use? a. groupmod -n temp_sales b. groupmod -R temp_sales c. groupdel temp_sales d. newgroup -R temp_sales

groupdel temp_sales

2.8.6 Due to a merger with another company, standardization is now being imposed throughout the company. As a result of this, the sales group must be renamed marketing. Which of the following commands will accomplish this? a. grpchange marketing sales b. grpconv marketing sales c. groupadd -c marketing sales d. groupmod -n marketing sales

groupmod -n marketing sales

4.1.11 Which of the following is a recommendation to use when a specific standard or procedure does not exist? a. procedure b. baseline c. guideline d. standard

guideline

3.2.4 Which of the following is used to verify that a downloaded file has not been altered? a. hash b. symmetric encryption c. private key d. asymmetric encryption

hash

4.5.7 Which method can be used to verify that a bit-level image copy of a hard drive is an exact clone of the original hard drive collected as evidence? a. serial number notation b. hashing c. file directory listing d. photographs

hashing

3.2.4 A birthday attack focuses on what? a. e-commerce b. VPN links c. hashing algorithms d. encrypted files

hashing algorithms

2.3.5 Marcus White has just been promoted to a manager. To give him access to the files that he needs, you make his user account a member of the Managers group which has access to a special shared folder. Later that afternoon, Marcus tells you that he is still unable to access the files reserved for the Managers group. What should you do? a. manually refresh Group Policy settings on the file server. b. manually refresh Group Policy settings on his computer. c. have Marcus log off and log back on d. add his user account to the ACL for the shared folder.

have Marcus log off and log back on

4.6.6 Which of the following is a common form of social engineering attack? a. using a sniffer to capture network traffic b. logging on with stolen credentials c. hoax virus information e-mails. d. distributing false information about your organization's financial status.

hoax virus information e-mails.

3.1.5 Which of the following password attacks adds appendages to known dictionary words? a. brute force b. analytic c. dictionary d. hybrid

hybrid

2.10.5 Computer policies include a special category called user rights. Which action do they allow an administrator to perform? a. specify the registry settings for all users in an OU. b. designate a basic set of rights for all users in an OU. c. set ACL rights for users on specified computers in an OU. d. identify users who can perform maintenance tasks on computers in an OU.

identify users who can perform maintenance tasks on computers in an OU

3.5.8 To obtain a digital certificate and participate in a Public Key Infrastructure (PKI), what must be submitted and where should it be submitted? a. identifying data and a secret key request to the subordinate distribution authority (DA) b. identifying data with the 3DES block cipher to the hosting certificate authority (CA) c. identifying data with the MAC and IP addresses to the root certificate authority (CA). d. identifying data and a certification request to the registration authority (RA)

identifying data and a certification request to the registration authority (RA)

2.1.6 Discretionary Access Control (DAC) manages access to resources using what primary element or aspect? a. classification b. rules c. age d. identity

identity

4.3.4 What is the primary goal of business continuity planning? a. protecting an organization from major computer services failure. b. minimize decision making during the development process. c. maintaining business operations with reduced or restricted infrastructure capabilities or resources. d. minimizing the risk to the organization from delays and interruptions in providing services.

maintaining business operations with reduced or restricted infrastructure capabilities or resources.

2.10.5 Which statement is true regarding application of GPO settings? a. if a setting is defined in the Local Group Policy on the computer and not defined in the GPO linked to the OU, the setting will not be applied. b. if a setting is defined in the Local Group Policy on the computer and defined differently in the GPO linked to the OU, the Local Group Policy setting will be applied. c. if a setting is defined in the Local Group Policy on the computer and not defined in the GPO linked to the OU, the setting will be applied. d. if a setting is not defined in the Local Group Policy and is defined in the GPO linked to the OU, the setting will not be applied.

if a setting is defined in the Local Group Policy on the computer and not defined in the GPO linked to the OU, the setting will be applied

4.9.5 As you are helping a user with a computer problem you notice that she has written her password on a note stuck to her computer monitor. You check the password policy of your company and find that the following settings are currently required: Minimum password length = 10 Minimum password age = 4 Maximum password age = 30 Password history = 6 Require complex passwords that include numbers and symbols. Account lockout clipping level = 3 Which of the following is the best action to take to make remembering passwords easier so that she no longer has to write the password down? a. implement end-user training. b. increase the maximum password days. c. remove the complex password requirement. d. increase the account lockout clipping level. e. decrease the minimum password length.

implement end-user training

2.4.4 An access control list (ACL) contains a list of users and allowed permissions. What is it called if the ACL automatically prevents access to anyone not on the list? a. explicit allow b. explicit deny c. implicit deny d. implicit allow

implicit deny

4.9.5 Over the last month you have noticed a significant increase in the occurrence of inappropriate activities performed by employees. What is the best first response step to take in order to improve or maintain the security level of the environment? a. terminate all offenders. b. initiate stronger auditing c. improve and hold new awareness sessions. d. reduce all employee permissions and privileges.

improve and hold new awareness sessions

4.8.5 What is the primary purpose of imposing software life cycle management concepts? a. reduce product returns b. increase interoperability c. increase the quality of software d. decrease development overhead.

increase the quality of software

1.1 Your computer system is a participant in an asymmetric cryptography system. You've crafted a message to be sent to another user. Before transmission, you hash the message, then encrypt the hash using your private key. You then attach this encrypted hash to your message as a digital signature before sending it to the other user. In this example, what protection does the hashing activity provide? a. integrity b. confidentiality c. availability d. non-repudiation

integrity

2.4.4 You are concerned that the accountant in your organization might have the chance to modify the books and steal from the company. You want to periodically have another person take over all accounting responsibilities to catch any irregularities. Which solution should you implement? a. separation of duties b. need to know c. least privilege d. explicit deny e. job rotation

job rotation

3.1.5 When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred? a. statistical b. replay c. analytic d. key clustering

key clustering

3.3.5 Which of the following is not true concerning symmetric key cryptography? a. both parties share the same key (which is kept secret) b. before communications begin, both parties must exchange the shared secret key. c. key management is easy when implemented on a large scale. d. each pair of communicating entities requires a unique shared key. e. the key is not shared with other communication partners

key management is easy when implemented on a large scale.

3.3.5 You are concerned about the strength of your cryptographic keys, so you implement a system that does the following: The initial key is fed into the input of the bcrypt utility on a Linux workstation. The bcrypt utility produces an enhanced key that is 128 bits long. The resulting enhanced key is much more difficult to crack than the original key. Which kind of encryption mechanism was used in this scenario? a. perfect forward secrecy b. DHE c. key stretching d. ephemeral keys

key stretching

3.1.5 In which type of attack does the attacker have access to both the plain text and the resulting cipher text, but does not have the ability to encrypt the plain text? a. chosen plaintext b. known plaintext c. chosen cipher d. brute force

known plaintext

2.9.4 Within the /etc/security/limits.conf file, you notice the following entry: @guests hard maxlogins 3 What effect does the line have on the Linux system? a. limits the maximum file size that the guest group can create to 3GB. b. limits the concurrent logins from the same user to three. c. limits the number of max logins from the guest group to three. d. limits the total amount of memory used by the guest group to 3MB

limits the number of max logins from the guest group to three

4.5.7 The chain of custody is used for what purposes? a. identifying the owner of evidence b. listing people coming into contact with evidence c. retaining evidence security d. detailing the timeline between creation and discovery of evidence

listing people coming into contact with evidence

2.11.11 Which of the following is the single best rule to enforce when designing complex passwords? a. longer passwords b. computer generated passwords c. force use of all four types of characters (uppercase, lowercase, numbers, symbols) d. maximum password page

longer passwords

4.8.5 What is another name for a backdoor that was left in a product by the manufacturer by accident? a. maintenance hook b. security patch c. Trojan horse d. root kit

maintenance hook

4.5.7 You manage the network for your company. You have recently discovered information on a computer hard drive that might indicate evidence of illegal activity. You want to perform forensic activities on the disk to see what kind of information it contains. What should you do first? a. obtain a search warrant b. fire the employee who uses the computer. c. make a bit-level copy of the disk. d. run forensic tools to examine the hard drive contents.

make a bit-level copy of the disk.

1.1 Which of the following is an example of a vulnerability? a. virus infection b. unauthorized access to confidential resources. c. misconfigured server d. denial of service attack

misconfigured server

4.3.4 When recovery is being performed due to a disaster, which services are to be stabilized first? a. mission critical b. least business critical c. outside communications d. financial support

mission critical

2.13.5 Which of the following is a feature of MS-CHAP v2 that is not included in CHAP? a. mutual authentication b. certificate-based authentication c. three-way handshake d. hashed shared secret

mutual authentication

3.5.8 When is the best time to apply for a certificate renewal? a. just after a certificate expires b. after a certificate has been revoked c. near the end of the certificate's valid lifetime d. immediately after a certificate is issued

near the end of the certificate's valid lifetime

2.4.4 Which of the following principles is implemented in a mandatory access control model to determine access to an object using classification levels? a. clearance b. need to know c. ownership d. least privilege e. separation of duties

need to know

4.4.5 If an organization shows sufficient due care, which burden is eliminated in the event of a security breach? a. asset loss b. investigation c. negligence d. liability

negligence

4.4.5 Which type of Data Loss Prevention system is usually installed near the network perimeter to detect sensitive data that is being transmitted in violation of organizational security policies? a. endpoint DLP b. file-level DLP c. Chinese Wall d. network DLP

network DLP

4.3.4. When is a BCP or DRP design and development actually implemented? a. never b. only after implementation and distribution. c. only after testing and drilling d. once senior management approves.

never

2.1.6 Which is the star property of Bell-LaPadula? a. no read up b. no write down c. no write up d. no read down

no write down

2.6.9 You are the network administrator in a small nonprofit organization. Currently, an employee named Craig Jenkins handles all help desk calls for the organization. In recent months, the volume of help desk calls has exceeded what Craig can manage alone, so an additional help desk employee has been hired to carry some of the load. Currently, permissions to the network resources are assigned directly to Craig's user object. Because the new employee needs exactly the same level of access, you decide to simply copy Craig's Active Directory domain user object and rename it with the new employee's name. Will this strategy work? a. Yes, the strategy will be successful. b. No, permissions are not copied when a user account is copied. c. No, making a copy of an existing user causes both accounts to have the same security identifier (SID). d. No, Active Directory does not permit you to copy an existing user account.

no, permissions are not copied when a user account is copied

4.9.5 Which of the following is a legal contract between the organization and the employee that specifies the employee is not to disclose the organization's confidential information? a. acceptable use agreement b. non-disclosure agreement c. non-compete agreement d. employee monitoring agreement

non-disclosure agreement

1.1 By definition, which security concept uses the ability to prove that a sender sent an encrypted message? a. integrity b. non-repudiation c. authentication d. privacy

non-repudiation

3.5.8 You have a Web server that will be used for secure transactions for customers who access the Web site over the Internet. The Web server requires a certificate to support SSL. Which method would you use to get a certificate for the server? a. create your own internal PKI to issue certificates. b. have the server generate its own certificate. c. obtain a certificate from a public PKI. d. run a third-party tool to generate the certificate

obtain a certificate from a public PKI.

4.6.6 What is the primary difference between impersonation and masquerading? a. one is easily detected, the other is subtle and stealthy. b. one is used against administrator accounts, the other against end user accounts. c. one is a real-time attack, the other is a asynchronous attack. d. one is more active, the other is more passive.

one is more active, the other is more passive.

3.1.5 Which of the following encryption methods combines a random value with the plain text to produce the cipher text? a. elliptic curve b. steganography c. transposition d. one-time pad

one-time pad

3.2.4 SHA-1 uses which of the following bit length hashing algorithms? a. only 160-bit b. 128-bit, 160-bit, 192-bit. 224-bit, and 256-bit c. 224-bit, 256-bit, 384-bit, and 512-bit d. only 128-bit

only 160-bit

2.7.10 You suspect that the gshant user account is locked. Which command will show the status of the user account? (Tip: Enter the command as if at the command prompt.)

passwd -S gshant

4.5.7 You have discovered a computer that is connected to your network that was used for an attack. You have discovered the computer from the network to isolate it from the network and stop the attack. What should you do next? a. perform a memory dump. b. clone the hard drive. c. stop all running processes. d. make a hash of the hard drive.

perform a memory dump.

2.13.5 CHAP performs which of the following security functions? a. links remote systems together b. periodically verifies the identity of a peer using a three-way handshake. c. allows the use of biometric devices d. protects usernames

periodically verifies the identity of a peer using a three-way handshake

4.6.6 Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through e-mails or Web sites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site? a. phishing b. man-in-the-middle c. session hijacking d. adware

phishing

4.1.11 Which of the following is a high-end, general statement about the role of security in the organization? a. guideline b. standard c. baseline d. policy

policy

4.6.6 By definition, which type of social engineering attack uses of a fictitious scenario to persuade someone to give information for which they are not authorized. a. speak phishing b. pretexting c. phishing d. caller ID spoofing

pretexting

2.4.4 What is the primary purpose of separation of duties? a. inform managers that they are not trusted. b. prevent conflicts of interest. c. grant a greater range of control to senior management d. increase the difficulty in performing administration.

prevent conflicts of interest

4.1.11 What is the primary purpose of change control? a. prevent unmanaged change b. keep senior management apprised of the organization's state of security c. increase security d. create detailed documentation

prevent unmanaged change

2.4.4 Separation of duties is an example of which type of access control? a. detective b. preventive c. corrective d. compensative

preventitive

2.4.4 By assigning access permissions so that users can only access those resources which are required to accomplish their specific work tasks, you would be in compliance with? a. need to know b. principle of least privilege c. job rotation d. cross training

principle of least privilege

4.1.11 HIPAA is a set of federal regulations that define security guidelines that enforce the protection of what? a. availability b. privacy c. integrity d. non-repudiation

privacy

4.1.11 Which of the following policies specifically protects PII? a. acceptable use b. privacy c. SLA d. code of ethics

privacy

3.4.3 Above all else, what must be protected to maintain the security and benefit of an asymmetric cryptographic solution, especially if it is widely used for digital certificates? a. cryptographic algorithm b. private keys c. hash values d. public keys

private keys

4.8.5 In which phase of the system life cycle is security integrated into the product? a. software development b. installation c. project initiation d. maintenance

project initiation

3.6.4. What is the primary use of Secure Electronic Transaction (SET)? a. encrypt e-commerce traffic. b. validate the integrity of database changes c. secure electronic checking account transactions d. protect credit card information transmissions

protect credit card information transmissions

4.4.5 When analyzing assets, which analysis method assigns financial values to assets? a. acceptance b. transfer c. qualitative d. quantitative

quantitative

4.1.11 Which of the following best describes the concept of due care or due diligence? a. legal disclaimers are consistently conspicuously displayed on all systems. b. security through obscurity is best accomplished by port stealthing c. availability supersedes security unless physical harm is likely. d. reasonable precautions, based on industry best practices, are utilized and documented

reasonable precautions, based on industry best practices, are utilized and documented

4.5.7 The immediate preservation of evidence is paramount when conducting a forensic analysis. Which of the following actions is most likely to destroy critical evidence? a. rebooting the system. b. restricting physical access to the system. c. copying the contents of memory to removable media. d. disconnecting the system from the network.

rebooting the system.

3.5.8 You have lost the private key that you have used to encrypt files. You need to get a copy of the private key to open some encrypted files. Who should you contact a. recovery agent b. enrollment agent c. certification authority d. registration authority

recovery agent

3.5.8 Which of the following is an entity that accepts and validates information contained within a request for a certificate? a. registration authority b. enrollment agent c. certificate authority d. recovery agent

registration authority

2.13.5 What does a remote access server use for authorization? a. SLIP or PPP b. usernames and passwords c. CHAP or MS-CHAP d. remote access policies

remote access policies

4.7.4 Which of the following is not used by the reference monitor to determine levels of access? a. token b. ring architecture c. capabilities list d. security label

ring architecture

2.4.4 Which type of media preparation is sufficient for media that will be reused in a different security context within your organization? a. formatting b. sanitization c. destruction d. deleting

sanitization

3.4.3 The strength of a cryptosystem is dependent upon which of the following? a. secrecy of the algorithm b. integrity of the individuals who created the cryptosystem c. complexity of the cipher text d. secrecy of the key

secrecy of the key

3.5.8 How many keys are used with Public Key Cryptography? a. one b. two c. three d. four

two

3.4.3 A receiver wants to verify the integrity of a message received from a sender. A hashing value is contained within the digital signature of the sender. What must the receiver use to access the hashing value to verify the integrity of the transmission? a. sender's public key b. receiver's private key c. receiver's public key d. sender's private key

sender's public key

4.1.11 Who has the responsibility for the development of a security policy? a. human resources supervisor b. security administrator c. senior management d. site manager

senior management

2.4.4 Which security principle prevents any one administrator from having sufficient access to compromise the security of the overall IT solution? a. need to know b. dual administrator accounts c. principle of least privilege d. separation of duties

seperation of duties

2.4.4 You want to make sure that any reimbursement checks issued by your company cannot be issued by a single person. Which principle should you implement to accomplish this goal? a. mandatory vacations b. job rotations c. separation of duties d. implicit deny e. least privilege

seperation of duties

4.1.11 Which of the following is defined as a contract which prescribes the technical support or business parameters that a provider will bestow to its client? a. mutual aid agreement b. certificate practice statement c. final audit report d. service level agreement

service level agreement

2.9.4 What is the effect of the following command? chage -M 60 -W 10 jsmith a. sets the password for jsmith to expire after 6 days and gives a warning 10 days before it expires. b. sets the password for jsmith to expire after 6 days and gives a warning 10 days before it expires. c. sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires. d. deletes the jsmith user account after 60 days and gives a warning 10 days before it expires. e. forces jsmith to keep the password 60 days before changing it and gives a warning 10 days before changing it.

sets the password for jsmith to expire after 60 days and gives a warning 10 days before it expires

4.1.11 You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to best prevent extracting data from the discs? a. shredding b. delete the data on the discs c. degaussing d. write junk data over the discs 7 times

shredding

2.2.7 Which of the following is a hardware device that contains identification information and which can be used to control building access or computer logon? a. SSID b. Smart card c. Biometric d. WAP e. Security Policy

smart card

4.6.6 Which type of social engineering attack uses peer pressure to persuade someone to help an attacker? a. social validation b. reciprocity c. persuasive d. friendship

social validation

4.8.5 In which phase of the system life cycle is software testing performed? a. functional design analysis and planning b. system design specifications c. installation d. software development

software development

2.15.3 In an Identity Management System, what is the function of the Authoritative Source? a. coordinate the management of user identity across system boundaries. b. remove a user from the system and revoke user rights to system resources. c. obtain the current password for a user through the p-sync system. d. specify the owner of a data item.

specify the owner of a data item.

3.1.5 Which form of cryptanalysis focuses on the weaknesses in the supporting computer platform as a means to exploit and defeat encryption? a. statistical attack b. implementation attack c. analytic attack d. ciphertext only attack

statistical attack

3.1.5 What is the cryptography mechanism which hides secret communications with various forms of data? a. polyinstantiation b. steganography c. signals d. codes

steganography

4.8.5 Which of the following development modes is a method used by programmers while writing programs that allows for optimal control over coherence, security, accuracy, and comprehensibility? a. clean room b. waterfall planning c. object-oriented programming d. structured programming

structured programming

3.1.5 The Enigma machine, a cryptographic tool introduced in 1944 and used in WW2, encrypted messages by replacing characters for plain text. Which type of cipher does the Enigma machine use? a. substitution b. block c. steam d. transposition

substitution

3.6.4 What form of cryptography is not scalable as a stand-alone system for use in very large and ever expanding environments where data is frequently exchanged between different communication partners? a. symmetric cryptography b. asymmetric cryptography c. hashing cryptography d. public key cryptography

symmetric cryptography

2.2.7 A device which is synchronized to an authentication server uses which type of authentication? a. swipe card b. asynchronous token c. smart card d. synchronous token

synchronous token

4.3.4 You are a database administrator and the first responder for database attacks. You have decided to test one part of your current Business Continuity Plan (BCP) with two other database professionals. Which type of BCP test is this considered? a. medium exercise b. succession planning c. complex exercise d. tabletop exercise

tabletop exercise

4.7.4 Which of the following best describes the Security Target (ST) in the Common Criteria (CC) evaluation system? a. the ST is a document that describes the security requirements for a targeted application or environment. b. the ST is a document that describes the security properties of a security product. c. the ST is a description of a specific security feature provided by the product. d. the ST is a security product that is to be evaluated.

the ST is a document that describes the security properties of a security product.

2.11.11 You have implemented account lockout with a clipping level of 4. What will be the effect of this setting? a. incorrect logon attempts during the past 4 hours will be tracked. b. locked accounts will remain locked for 4 hours. c. password hashes will be generated using a salt value of 4. d. the account will be locked after 4 incorrect attempts.

the account will be locked after 4 incorrect attempts

3.1.5 Which of the following best describes a side-channel attack? a. the attack exploits weaknesses in a cryptosystem such as inability to produce random numbers or floating point errors. b. the attack is based on information gained from the physical implementation of a cryptosystem. c. the attack targets a weakness in the software, protocol, or encryption algorithm. d. the attack targets the key containing a small data set.

the attack is based on information gained from the physical implementation of a cryptosystem.

2.2.7 The mathematical algorithm used to generate, Time-based One-Time passwords (TOTP) uses a shared secret and a counter to generate unique, one-time passwords. Which event causes the counter to increment when creating TOTP passwords? a. a signal from the TPM chip on the system motherboard. b. the passage of time c. a value set in a hidden CPU register d. the creation of a new one-time password

the passage of time

2.2.7 Which of the following defines the crossover rate for evaluating biometric systems? a. the number of subjects or authentication attempts that can be validated. b. the point where the number of false positives matches the number of false negatives in a biometric system. c. the rate of people who are denied access that should be allowed access. d. the rate of people who are given access that should be denied access.

the point where the number of false positives matches the number of false negatives in a biometric system

4.3.4 The company is implementing a Disaster Recovery Plan (DRP) and a Business Continuity Plan (BCP). It is time for the control tests and the company would like to perform compliance testing. Which of the following best describes compliance testing? a. ensuring that the balances of financial statements and all supporting data and documentation are valid and accurate. b. the testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies. c. informing all new employees of the security policy, ensuring strict compliance. d. the evaluation of individual transactions, integrity of data, and the processing of information.

the testing of control procedures to see if they are working as expected and are being implemented in accordance with management policies.

4.4.5 Which of the following best defines Single Loss Expectancy (SLE)? a. the total cost of all countermeasures associated with protecting against a given vulnerability. b. the total monetary loss associated with a single occurrence of a threat. c. the monetary value of a single employee's loss of productivity due to a successful attack. d. the statistical probability of a malicious event.

the total monetary loss associated with a single occurrence of a threat.

3.1.5 Why are brute force attacks always successful? a. they are fast b. they are platform independent c. they test every possible valid combination d. they can be performed in a distributed parallel processing environment

they test every possible valid combination

4.4.5 When conducting a risk assessment, how is the Annualized Rate of Occurrence (ARO) calculated? a. through historical data provided by insurance companies and crime statistics. b. multiply the Single Loss Expectancy (SLE) by the standard deviation. c. multiply the Single Loss Expectancy (SLE) by the Annual Loss Expectancy (ALE). d. divide the static variable by the probability index.

through historical data provided by insurance companies and crime statistics.

2.14.11 When using Kerberos authentication, which of the following terms is used to describe the token that verifies the identity of the user to the target system? a. voucher b. hashkey c. ticket d. coupon

ticket

2.14.11 A user has just authenticated using Kerberos. What object is issued to the user immediately following logon? a. ticket granting ticket b. digital signature c. digital certificate d. client-to-server ticket

ticket granting ticket

4.9.5 What is the primary purpose of forcing employees to take mandatory one-week minimum vacations every year? a. to check the evidence of fraud. b. to prevent the buildup of significant vacation time. c. to cut costs on travel. d. to test their knowledge of security.

to check the evidence of fraud.

4.1.11 What is the primary purpose of source code escrow? a. to obtain change rights over software after the vendor goes out of business. b. to hold funds in reserve for unpredicted costs before paying the fees of the programmer. c. to obtain resale rights over software after the vendor goes out of business. d. to provide a backup copy of software to use for recovery in the event of a disaster

to obtain change rights over software after the vendor goes out of business.

3.5.8 What is the purpose of key escrow? a. to provide a means to recover from a lost private key. b. collection of additional fees over the life of using a public digital certificate. c. to provide a means for legal authorities to access confidential data. d. to grant the certificate authority full control over the communication environment.

to provide a means for legal authorities to access confidential data.

2.2.7 Which of the following is an example of three-factor authentication? a. smart card, digital certificate, PIN b. token device, keystroke analysis, cognitive question c. photo ID, smart card, fingerprint d. pass phrase, palm scan, voice recognition

token device, keystroke analysis, cognitive question

4.4.5 Purchasing insurance is what type of response to risk? a. rejection b. deployment of a countermeasure c. transference d. acceptance

transference

3.1.5 Which type of cipher changes the position of the characters in a plain text message? a. transposition b. block c. steam d. substitution

transposition

3.5.8 Which aspect of certificates makes them a reliable and useful mechanism for proving the identity of a person, system, or service on the Internet? a. trusted third-party b. it is a digital mechanism rather than a physical one. c. electronic signatures d. ease of use

trusted third-party

3.4.3 How many keys are used with asymmetric or public key cryptography? a. one b. two c. three d. four

two

1.1 When a cryptographic system is used to protect the confidentiality of data, what is actually protected? a. the data is available for access whenever authorized users need it. b. unauthorized users are prevented from viewing or accessing the resource. c. the data is protected from corruption or change. d. the encrypted data is restricted from being transmitted.

unauthorized users are prevented from viewing or accessing the resource

2.14.11 Your LDAP directory services solution uses simple authentication. What should you always do when using simple authentication? a. use Kerberos b. use SSL c. use IPSec and certificates d. add SASL and use TLS

use SSL

2.3.5 Which of the following information is typically not included in an access token? a. user account password b. user rights c. group membership d. user security identifier

user account password

4.1.11 What is the most effective means of improving or enforcing security in any environment? a. requiring two-factor authentication b. enforcing account lockout c. disabling Internet access d. user awareness training

user awareness training

4.9.5 You have installed anti-virus software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again? a. close unused firewall ports. b. proxy server c. account lockout d. user awareness training.

user awareness training.

2.7.10 A user with an account name of larry has just been terminated from the company. There is good reason to believe that the user will attempt to access and damage the files in the system in the very near future. Which command below will disable or remove the user account from the system and remove his home directory? a. userdel -r larry b. userdel -h larry c. userdel -home larry d. userdel larry

userdel -r larry

2.7.10 One of your users, Karen Scott, has recently married and is now Karen Jones. She has requested that her username be changed from kscott to kjones, but no other values change. Which of the following commands will accomplish this? a. usermod -I kscott kjones b. usermod -u kscott kjones c. usermod -I kjones kscott d. usermod -u kjones kscott

usermod -I kjones kscott

2.7.10 You have performed an audit and have found active accounts for employees who no longer work for the company. You want to disable those accounts. What command example will disable a user account? a. usermod -L joer b. usermod -d joer c. usermod -u joer d. usermod -I joer

usermod -L joer

4.7.4 Which of the following defines layering in regards to system access control? a. constraints which restrict the ability of a program to read and write to memory according to its permissions or access level. b. various tasks are divided into a hierarchical manner to provide security. c. constraints which protect a system from exploitation by controlling the amount of a subject's access to system resources, such as memory. d. a set of permissible values for a class of objects which prevent subjects from modifying objects in ways that are't permitted.

various tasks are divided into a hierarchical manner to provide security.

4.8.5 Which of the following is an action which must take place during the release stage of the SDLC? a. the product goes into major production and is developed by programmers. b. vendors develop and release patches in response to exploited vulnerabilities that have been discovered. c. certification, accreditation, and auditing are performed.

vendors develop and release patches in response to exploited vulnerabilities that have been discovered.

4.6.6 You have just received a generic-looking e-mail that is addressed as coming from the administrator of your company. The e-mail says that as part of a system upgrade, you are to go to a Web site and enter your username and password at a new Web site so you can manage your e-mail and spam using the new service. What should you do? a. verify that the e-mail was sent by the administrator and that this new service is legitimate. b. click on the link in the e-mail and follow the directions to enter your logon information. c. delete the e-mail d. click on the link in the e-mail and look for company graphics or information before entering the logon information. e. open a Web browser and type the URL included in the e-mail, then follow the directions to enter your logon credentials.

verify that the e-mail was sent by the administrator and that this new service is legitimate.

4.6.6 You've just received an e-mail message that indicates a new serious malicious code threat is ravaging across the Internet. The message contains detailed information about the threat, its source code, and the damage it con inflict. The message states that you can easily detect whether or not you have already been a victim of this threat by the presence of three files in the \Windows\System32 folder. As a countermeasure, the message suggests that you delete these three files from your system to prevent further spread of the threat. What should your first action based on this message be? a. verify the information on well-known malicious code threat management Web sites. b. delete the indicated files if present. c. reboot the system d. distribute the message to everyone in your address book. e. perform a complete system backup.

verify the information on well-known malicious code threat management Web sites.

4.5.7 What is the best definition of a security incident? a. criminal activity b. interruption of productivity c. compromise of the CIA of resources. d. violation of security policy

violation of security policy

4.6.6 Which of the following social engineering attacks use Voice over IP (VoIP) to gain sensitive information? a. spear phishing b. vishing c. masquerading d. tailgating

vishing

3.3.5 Bob Jones used the RC5 cryptosystem to encrypt a sensitive and confidential file on his notebook. He used 32 bit blocks, a 64-bit key, and he only used the selected key once. He moved the key onto a USB hard drive which was stored in a safety deposit box. Bob's notebook was stolen. Within a few days Bob discovered the contents of his encrypted file on the Internet. What is the primary reason why Bob's file was opened so quickly? a. a birthday attack was used. b. too small of a block size c. the decryption key was used to decrypt the files. d. weak key

weak key

4.6.6 A senior executive reports that she received a suspicious email concerning a sensitive, internal project that is behind production. The email is sent from someone she doesn't know and he is asking for immediate clarification on several of the project's details so the project can get back on schedule. What type of an attack best describes the scenario? a. whaling b. passive c. MAC spoofing d. masquerading

whaling

4.4.5 When would choosing to do nothing about an identified risk be acceptable? a. when the cost of protecting the asset is greater than the potential loss. b. when the asset is an intangible asset instead of a tangible asset. c. when the threat is likely to occur less than once a year. d. when the threat is most likely to come from an internal source instead of an external source.

when the cost of protecting the asset is greater than the potential loss.

3.2.4 You have just downloaded a file. You create a hash of the file and compare it to the hash posted on the Web site. The two hashes match. What do you know about the file? a. you will be the only one able to open the downloaded file. b. your copy is the same as the copy posted on the website. c. you can prove the source of the file. d. no one has read the file contents as it was downloaded.

your copy is the same as the copy posted on the website.


Related study sets

financial crisis post COVID test

View Set

Intro To Political Psychology Final

View Set

Introduction to Computer Programming Final Exam

View Set

oth3416: the ultimate exam 2 mega-quizlet

View Set

Inv - Type/Char Cash Equivalents (1)

View Set

Finance Final, Fk Pirim (Exams1-3)

View Set