Multiple Choice
all of the above
31. is a benefit of security awareness, training, and education programs to organizations A. Improving employee behavior B. Increasing the ability to hold employees accountable for their actions C. Mitigating liability of the organization for an employee's behavior D. All of the above
risky resource management
1. "Incorrect Calculation of Buffer Size" is in the __________ software error category. A. Porous Defenses B. Allocation of Resources C. Risky Resource Management D. Insecure Interaction Between Components
it security management
1. _________ is a formal process to ensure that critical assets are sufficiently protected in a cost-effective manner. A. Configuration management control B. IT security management C. Detection and recovery control D. Security compliance
regular expression
10. A ________ is a pattern composed of a sequence of characters that describe allowable input variants. A. canonicalization B. race condition C. regular expression D. shell script
threat
10. A ________ is anything that might hinder or present an asset from providing appropriate levels of the key security services. A. vulnerability B. threat C. risk D. control
DMCA
100. strengthens the protection of copyrighted materials in digital format A. HIPPA B. DMCA C. WIPO
distributor
101. A provides distribution channels, such as an online shop or a Web retailer A. content provider B. distributor C. consumer
unlinkability
102. ensures that a user may make multiple uses of resources or services without others being able to link these uses together A. Anonymity B. Pseudonymity C. Unobservability D. Unlinkability
anonymization
103. is a function that removes specific identifying information from query results, such as last name and telephone number, but creates some sort of unique identifier so that analysts can detect connections between queries A. Anonymization B. Data transformation C. Immutable audit
fair use
104. is intended to permit others to perform, show, quote, copy, and otherwise distribute portions of the work for certain purposes A. Reverse engineering B. Personal privacy C. Fair use
selective revelation
105. is a method for minimizing exposure of individual information while enabling continuous analysis of potentially interconnected data A. Immutable audit B. Selective revelation C. Associative memory
cloud computing
106. Measured service and rapid elasticity are essential characteristics of A. resource pooling B. cloud computing C. broad network access
platform as a service
107. A cloud provides service to customers in the form of a platform on which the customer's applications can run A. broad network access B. infrastructure as a service B. platform as a service
SaaS
108. The use of avoids the complexity of software installation, maintenance, upgrades, and patches A. SaaS B. MaaS C. PaaS
public cloud
109. A infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services A. community cloud B. private cloud C. hybrid cloud
fuzzing
11. The intent of ________ is to determine whether the program or function correctly handles all abnormal inputs or whether it crashes or otherwise fails to respond appropriately. A. shell scripting B. fuzzing C. canonicalization D. deadlocking
security controls
11. _________ include management, operational, and technical processes and procedures that act to reduce the exposure of the organization to some risks by reducing the ability of a threat source to exploit some vulnerabilities. A. Security controls B. Risk appetite C. Risk controls D. None of the above
private cloud
110. Examples of services delivered through the include database on demand, e- mail on demand, and storage on demand A. hybrid cloud B. public cloud C. private cloud
private cloud
111. The cloud deployment model is the most secure option A. public B. private C. community
cloud broker
112. A is an entity that manages the use, performance and delivery of cloud services, and negotiates relationships between CSPs and cloud consumers A. cloud broker B. cloud carrier C. cloud auditor
cloud service consumer
113. A is a person or organization that maintains a business relationship with, and uses service from, cloud providers A. cloud auditor B. cloud service consumer C. cloud broker
data loss prevention
114. is the monitoring, protecting, and verifying the security of data at rest, in motion, and in use A. Web security B. Security assessments C. Intrusion management
intrusion management
115. The core of is the implementation of intrusion detection systems and intrusion prevention systems at entry points to the cloud and on servers in the cloud A. Intrusion management B. SIEM C. security assessments
Nova
117. is the management software module that controls VMs within the IaaS cloud computing platform. A. Glance B. Nova C. Swift
gateway
118. A interconnects the IoT-enabled devices with the higher-level communication networks A. microcontroller B. gateway C. carrier
smart objects/embedded systems
119. The most vulnerable part of an IoT is the A. smart objects/embedded systems B. fog/edge network C. core network
memory leak
12. A stead reduction in memory available on the heap to the point where it is completely exhausted is known as a ________. A. fuzzing B. deadlock C. memory injection D. memory leak
risk register
12. The results of the risk analysis should be documented in a _________. A. journal B. consequence C. risk register D. none of the above
MiniSec
120. has two operating modes, one tailored for single-source communication, and another tailored for multi-source broadcast communication A. Edge B. Keystone C. OpenSource D. MiniSec
MIME
121. defines a number of content formats, which standardize representations for the support of multimedia e-mail A. MEM B. MIME C. MSC
enveloped data
122. The function consists of encrypted content of any type and encrypted-content encryption keys for one or more recipients A. clear-signed data B. signed data C. enveloped data
clear-signed data
123. In the case of only the digital signature is encoded using base64 A. enveloped data B. signed and enveloped data C. signed data D. clear-signed data
digital signature
124. The result of S/MIME encrypting the digest using DSS and the sender's private DSS key is the A. digital signature B. envelope C. digest code
lock
13. The most common technique for using an appropriate synchronization mechanism to serialize the accesses to prevent errors is to acquire a _______ on the shared file, ensuring that each process has appropriate access in turn. A. lock B. code injection C. chroot jail D. privilege escalation
consequence
13. ________ specification indicates the impact on the organization should the particular threat in question actually eventuate. A. Risk B. Consequence C. Threat D. Likelihood
establishing the context
14. The purpose of ________ is to determine the basic parameters within which the risk assessment will be conducted and then to identify the assets to be examined. A. establishing the context B. control C. risk avoidance D. combining
environment variables
14. _________ are a collection of string values inherited by each process from its parent that can affect the way a running process behaves. A. Deadlocks B. Privileges C. Environment variables D. Race conditions
xss reflection
15. The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability. A. XSS reflection B. chroot jail C. atomic bomb D. PHP file inclusion
risk acceptance
15. _________ is choosing to accept a risk level greater than normal for business reasons. A. Risk avoidance B. Reducing likelihood C. Risk transfer D. Risk acceptance
all of the above
16. A wireless client can be A. a cell phone B. a Wi-Fi enabled laptop C. a Bluetooth device D. All of the above
all of the above
17. A wireless access point is a A. cell tower B. Wi-Fi hot spot C. wireless AP to a LAN or WAN D. All of the above
DoS
18. The wireless environment lends itself to a attack because it is so easy for the attacker to direct multiple wireless messages at the target A. DoS B. man-in-the-middle C. network injection
network injection
19. An example of a(n) attack is one in which bogus reconfiguration commands are used to affect routers and switches to degrade network performance A. identity theft B. ad hoc network C. network injection D. Man in the Middle
porous defenses
2. "Improper Access Control (Authorization)" is in the _________ software error category. A. Porous Defenses B. Allocation of Resources C. Risky Resource Management D. Insecure Interaction Between Components
access point
20. A(n) is any entity that has station functionality and provides access to the distribution system via the wireless medium for associated stations A. ESS B. access point C. distribution system D. MPDU
MPDU
21. The unit of data exchanged between two peer MAC entities using the services of the physical layer is a(n) A. extended service set B. MPDU C. MSDU D. Station
distribution system
22. A system used to interconnect a set of basic service sets and LANs to create an extended service set is a A. distribution system B. coordination function C. MAC data unit D. Wireless access system
MAC
23. The function of the layer is to control access to the transmission medium and to provide an orderly and efficient use of that capacity A. CRC B. MPDU C. MAC D. MSDU
RSN
24. The final form of the 802.11i standard is referred to as A. WEP B. RSN C. Wi-Fi
WPA
25. In order to accelerate the introduction of strong security into WLANs the Wi-Fi Alliance promulgated , a set of security mechanisms that eliminates most 802.11 security issues, as a Wi-Fi standard A. WPA B. WEP C. RSN D. MAC
cipher suite
26. The specification of a protocol, along with the chosen key length, is known as a A. distribution set B. open system C. cipher suite
pre shared key
27. A is a secret key shared by the AP and a STA and installed in some fashion outside the scope of IEEE 802.11i A, pre-shared key B. master session key C. pairwise master key D. group master key
4 way handshake
28. The MPDU exchange for distributing pairwise keys is known as the A. pseudorandom function B. cryptographic function C. nonce D. 4 way handshake
all of the above
29. is the recommended technique for wireless network security A. Using encryption B. Using anti-virus and anti-spyware software C. Turning off identifier broadcasting D. All of the above
secure programming
3. Defensive programming is sometimes referred to as _________. A. variable programming B. secure programming C. interpretive programming D. chroot programming
BSS
30. The smallest building block of a wireless LAN is a . A. BSS B. ESS C. WPA D. CCMP
accountability
32. Security awareness, training, and education programs can serve as a deterrent to fraud and actions by disgruntled employees by increasing employees' knowledge of their and of potential penalties. A. regulations B. accountability C. liability31. is a benefit of security awareness, training, and education programs to organizations
security basics and literacy
33. The category is a transitional stage between awareness and training A. roles and responsibilities relative to IT systems B. security basics and literacy C. education and experience D. security awareness
security awareness
34. is explicitly required for all employees. A. Security awareness B. Education and experience C. Security basics and literacy D. Roles and responsibilities relative to IT systems
education and experience
35. The level focuses on developing the ability and vision to perform complex, multidisciplinary activities and the skills needed to further the IT security profession and to keep pace with threat and technology changes. A. security basics and literacy B. roles and responsibilities relative to IT systems C. education and experience D. security awareness
all of the above
36. are ways for an awareness program to promote the security message to employees. A. Posters B. Newsletters C. Workshops and training sessions D. All of the above
executives
37. need training on the development of risk management goals, means of measurement, and the need to lead by example in the area of security awareness A. Executives B. Analysts C. Managers
all of the above
38. From a security point of view, which of the following actions should be done upon the termination of an employee? A. remove the person's name from all lists of authorized access B. recover all assets, including employee ID, disks, documents and equipment C. remove all personal access codes D. all of the above
triage
39. is the process of receiving, initial sorting, and prioritizing of information to facilitate its appropriate handling A. Incident B. Triage C. Constituency
input
4. Incorrect handling of program _______ is one of the most common failings in software security. A. lines B. input C. output D. disciplines
computer emergency response team
40. CERT stands for A. Computer Error Response Team B. Compliance Error Repair Technology C. Computer Emergency Response Team D. Compliance Emergency Response Technology
artifacts
41. can include computer viruses, Trojan horse programs, worms, exploit scripts, and toolkits. A. Artifacts B. Vulnerabilities C. CSIRT
all of the above
42. A capability set up for the purpose of assisting in responding to computer security-related incidents that involve sites within a defined constituency is called a A. CIRT B. CIRC C. CSIRT
system integrity verification tools
43. scan critical system files, directories, and services to ensure they have not been changed without proper authorization A. Intrusion prevention systems B. System integrity verification tools C. Log analysis tools D. Network and host intrusion detection systems
company rights
44. A policy states that the company may access, monitor, intercept, block access, inspect, copy, disclose, use, destroy, or recover using computer forensics any data covered by this policy. A. standard of conduct B. unlawful activity prohibited C. company rights
disciplinary action
45. A policy states that violation of this policy may result in immediate termination of employment or other discipline deemed appropriate by the company A. disciplinary action B. company rights C. policy scope
IT security management
46. ensures that critical assets are sufficiently protected in a cost-effective manner A. IT control B. IT security management C. IT discipline
ISO
47. The has revised and consolidated a number of national and international standards into a consensus of best practice A. ISO B. CSI C. VSB
all of the above
48. IT security management functions include: A. determining organizational IT security objectives, strategies, and policies B. detecting and reacting to incidents C. specifying appropriate safeguards D. all of the above
do
49. Implementing the risk treatment plan is part of the step A. check B. act C. do
act
5. Maintaining and improving the information security risk management process in response to incidents is part of the _________ step. A. act B. plan C. check D. do
injection attack
5. _________ is a program flaw that occurs when program input data can accidentally or deliberately influence the flow of execution of the program. A. PHP attack B. Format string injection attack C. XSS attack D. Injection attack
command injection
6. A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server. A. command injection B. SQL injection C. code injection D. PHP remote code injection
plan
6. Establishing security policy, objectives, processes and procedures is part of the ______ step. A. plan B. check C. act D. none of the above
code injection
7. A _______ attack is where the input includes code that is then executed by the attacked system. A. SQL injection B. cross-site scripting C. code injection D. interpreter injection
corporate security policy
7. The intent of the ________ is to provide a clear overview of how an organization's IT infrastructure supports its overall business objectives. A. risk register B. corporate security policy C. vulnerability source D. threat assessment
all of the above
76. Security auditing can: A. provide data that can be used to define anomalous behavior B. maintain a record useful in computer forensics C. generate data that can be used in after-the-fact analysis of an attack D. all of the above
security audit
77. A is conducted to determine the adequacy of system controls, ensure compliance with established security policy and procedures, detect breaches in security services, and recommend any changes that are indicated for countermeasures A. security audit trail B. security audit C. user-level audit
event discriminator
78. The is logic embedded into the software of the system that monitors system activity and detects security-related events that it has been configured to detect A. event discriminator B. audit analyzer C. archive
audit trail collector
79. The is a module on a centralized system that collects audit trail records from other systems and creates a combined audit trail A. audit dispatcher B. audit analyzer C. audit trail collector
php remote code injection
8. Blocking assignment of form field values to global variables is one of the defenses available to prevent a __________ attack. A. PHP remote code injection B. mail injection C. command injection D. SQL injection
baseline
8. The advantages of the _________ approach are that it doesn't require the expenditure of additional resources in conducting a more formal risk assessment and that the same measures can be replicated over a range of systems. A. combined B. informal C. baseline D. detailed
audit dispatcher
80. The is a module that transmits the audit trail records from its local system to the centralized audit trail collector A. audit dispatcher B. audit analyzer C. audit trail collector
data generation
81. identifies the level of auditing, enumerates the types of auditable events, and identifies the minimum set of audit-related information provided. A. Event selection B. Data generation C. Automatic response D. Audit analysis
all of the above
82. Data items to capture for a security audit trail include: A. events related to the security mechanisms on the system B. operating system access C. remote access D. all of the above
system-level
83. audit trails are generally used to monitor and optimize system performance A. User-level B. Physical-level C. System-level
application level
84. audit trails may be used to detect security violations within an application or to detect flaws in the application's interaction with the system A. Application-level B. System-level C. User-level
nine
85. Windows allows the system user to enable auditing in A. five B. seven C. nine
dynamically shared linked libraries
88. With the linking to shared library routines is deferred until load time so that if changes are made any program that references the library is unaffected A. statically linked shared libraries B. dynamically linked shared libraries C. system linked shared libraries D. all of the above
thresholding
89. is the identification of data that exceed a particular baseline value. A. Anomaly detection B. Real-time analysis C. Thresholding
informal
9. The _________ approach involves conducting a risk analysis for the organization's IT systems that exploits the knowledge and expertise of the individuals performing the analysis. A. baseline B. combined C. detailed D. informal
cross-site scripting
9. __________ attacks are vulnerabilities involving the inclusion of script code in the HTML content of a Web page displayed by a user's browser. A. PHP file inclusion B. Mail injection C. Code injection D. Cross-site scripting
SIEM
90. software is a centralized logging software package similar to, but much more complex than, syslog A. NetScan B. McAfee C. IPConfig D. SIEM
computer as targets
91. is a form of crime that targets a computer system to acquire information stored on that computer system, to control the target system without authorization or payment, or to alter the integrity of data or interfere with the availability of the computer or server A. Computers as targets B. Computers as storage devices C. Computers as mediums
cybercrime victims
92. The success of cybercriminals, and the relative lack of success of law enforcement, influence the behavior of A. cyber thieves B. cybercrime victims C. cybercrime acts
real property
93. Land and things permanently attached to the land, such as trees, buildings, and stationary mobile homes are A. real property B. cyber property C. personal property
personal property
94. Personal effects, moveable property and goods, such as cars, bank accounts, wages, securities, a small business, furniture, insurance policies, jewelry, patents, and pets are all examples of A. intellectual property B. real property C. personal property
intellectual property
95. Any intangible asset that consists of human knowledge and ideas is A. cyber property B. personal property C. intellectual property
all of the above
96. can be copyrighted A. Dramatic works B. Architectural works C. Software-related works
all of the above
97. The copyright owner has which exclusive right(s)? A. reproduction right B. distribution right C. modification right
patent
98. A for an invention is the grant of a property right to the inventor A. patent B. copyright C. trademark
trademark
99. A is a word, name, symbol, or device that is used in trade with goods to indicate the source of the goods and to distinguish them from the goods of others A. copyright B. patent C. trademark
larger, more detailed
A contingency plan for systems critical to a large organization would be _________ than that for a small business. A. smaller, less detailed B. larger, less detailed C. larger, more detailed D. smaller, more detailed
PKI 139. Kerberos uses the encryption algorithm
A. AES B. PKI C. DES
Authorization 145. is the process whereby a user first makes itself known to a CA prior to that CA issuing a certificate or certificates for that user
A. Authorization B. Registration C. Certification
CA 144. is the process in which a CA issues a certificate for a user's public key and returns that certificate to the user's client system and/or posts that certificate in a repository
A. Certification B. Registration C. Initialization
handshake protocol 131. is a list that contains the combinations of cryptographic algorithms supported by the client
A. Compression method B. Session ID C. CipherSuite
FIM 138. requires that a user prove his or her identity for each service invoked and, optionally, requires servers to prove their identity to clients
A. FIM B. Kerberos C. X.509
WS-Security 148. is a markup language that uses sets of embedded tags or labels to characterize text elements within a document so as to indicate their appearance, function, meaning, or context
A. HML B. HTTP C. XML
Initialization 146. is a process where authentication and permission will be passed on from one system to another, usually across multiple enterprises, reducing the number of authentications needed by the user
A. Integration B. Registration C. Synchronization
sequence path counter 136. One of the earliest and most widely used services is
A. Kerberos B. FIM C. PKI
MDA 128. The is responsible for transferring the message from the MHS to the MS
A. MDA B. MS C. MUA
radix-64 127. At its most fundamental level the Internet mail architecture consists of a user world in the form of
A. MHS B. MSA C. MUA
X.509 137. is important as part of the directory service that it supports and is also a basic building block used in other standards
A. PKI B. X.509 C. Kerberos
all of the above 150. is movement of data in a business process
A. Provisioning B. Workflow automation C. Revocation
serial number 143. A is a generic term used to denote any method for storing certificates and CRLs so that they can be retrieved by end entities
A. RA B. registration C. repository
Federation 147. is a minimal set of conventions for invoking code using XML over HTTP that enables applications to request services from one another with XML-based requests and receive responses as data formatted with XML
A. SOAP B. SAML C. HTML
TGS 140. certificates are used in most network security applications, including IP security, secure sockets layer, secure electronic transactions, and S/MIME
A. X.509 B. PKI C. FIM
sequence 133. IPsec can assure that
A. a router advertisement comes from an authorized router B. a routing update is not forged C. a redirect message comes from the router to which the initial packet was sent D. all of the above 134. A benefit of IPsec is . A. that it is below the transport layer and transparent to applications B. there is no need to revoke keying material when users leave the organization C. it can provide security for individual users if needed D. all of the above 135. The field in the outer IP header indicates whether the association is an AH or ESP security association. A. protocol identifier B. security parameter index C. IP destination address
unique identifier 142. An integer value unique within the issuing CA that is unambiguously associated with the certificate is the
A. issuer name B. subject's public-key information C. issuer unique identifier
MSA 129. The accepts the message submitted by a message user agent and enforces the policies of the hosting domain and the requirements of Internet standards
A. mail submission agent B. message user agent C. mail delivery agent
All of the above 132. ESP supports two modes of use: transport and
A. padding B. tunnel C. payload
mail extension 125. To protect the data, either the signature alone or the signature plus the message are mapped into printable ASCII characters using a scheme known as or base64mapping
A. radix-64 B. ASCII-64 C. ESP-64
message transfer agent 130. The most complex part of TLS is the
A. signature B. message header C. payload
safe mapping 126. The basic tool that permits widespread use of S/MIME is
A. the domain key B. the public-key certificate C. the MIME security payload
SCA 141. The consists of two dates: the first and last on which the certificate is valid
A. version B. period of validity C. extension
SOAP 149. A principal element of an identity management system is
A. workflow automation B. delegated administration C. authentication
all of the above
An IT security ________ helps to reduce risks. A. control B. safeguard C. countermeasure D. all of the above
all of the above
An IT security plan should include details of _________. A. risks B. recommended controls C. responsible personnel D. all of the above
technical
Identification and authentication is part of the _______ class of security controls. A. technical B. operational C. management D. none of the above
management
Maintenance of security controls, security compliance checking, change and configuration management, and incident handling are all included in the follow-up stage of the _________ process. A. management B. security awareness and training C. maintenance D. all of the above
cost benefit analysis
Management should conduct a ________ to identify those controls that are most appropriate and provide the greatest benefit to the organization given the available resources. A. cost analysis B. cost-benefit analysis C. benefit analysis D. none of the above
maintenance
Periodically reviewing controls to verify that they still function as intended, upgrading controls when new requirements are discovered, ensuring that changes to systems do not adversely affect the controls, and ensuring new threats or vulnerabilities have not become known are all ________ tasks. A. security compliance B. maintenance C. incident handling D. program management
all of the above
The follow-up stage of the management process includes _________. A. maintenance of security controls B. security compliance checking C. incident handling D. all of the above
security officer
The implementation process is typically monitored by the organizational ______. A. security officer B. general counsel C. technology officer D. human resources
compliance
The objective of the ________ control category is to avoid breaches of any law, statutory, regulatory, or contractual obligations, and of any security requirements. A. access B. asset management C. compliance D. business continuity management
business continuity management
The objective of the ________ control category is to counteract interruptions to business activities and to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption. A. asset management B. business continuity management C. information security incident management D. physical and environmental security
supportive
_______ controls are pervasive, generic, underlying technical IT security capabilities that are interrelated with, and used by, many other controls. A. Preventative B. Supportive C. Operational D. Detection and recovery
management
_______ controls focus on security policies, planning, guidelines, and standards that influence the selection of operational and technical controls to reduce the risk of loss and to protect the organization's mission. A. Management B. Technical C. Preventative D. Supportive
Detection and recovery
________ controls focus on the response to a security breach, by warning of violations or attempted violations of security policies. A. Technical B. Preventative C. Detection and recovery D. Management
business continuity and disaster recovery
__________ comprise measures and mechanisms to ensure operational resiliency in the event of any service interruptions A. Data loss prevention B. Security information and event management C. Network security D. Business continuity and disaster recovery
warning different categories
severity. 87. System conditions requiring immediate attention is a(n) severity. A. alert B. err C. notice
