08092017_Wiley_Test2

Question 1

Trademark can be renewed for ____ years

Answer 1

10

Question 2

Best intellectual property protection ..

Answer 2

Trade Secret

Question 3

How many rounds of encryption for DES

Answer 3

DES uses 16 rounds

Question 4

Waterfall allow you to return the last previous ____

Answer 4

State

Question 5

3DES effective key length

Answer 5

168bit

Question 6

What uses passwords for a challenge-response mechanism to create a one-time password

Answer 6

Asynchronous One Time Password

Question 7

Disaster ________involves restoring a business facility and environment to a workable state

Answer 7

restoration

Question 8

The ________ evidence rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement

Answer 8

parol

Question 9

_____ _____ ____viruses infect the system’s boot sector and load when the system is started

Answer 9

Master boot record (MBR)

Question 10

__________ espionage is usually considered a business attack

Answer 10

Industrial

Question 11

The Agile ________ says that you should build projects around motivated individuals and give them the support they need

Answer 11

Manifesto

Question 12

A custodian is someone who has been assigned to or delegated the _____ to _____responsibility of proper storage and protection of objects.

Answer 12

day-to-day

Question 13

_________ tests are similar to the structured walk-throughs. In this test, disaster recovery team members are presented with a scenario and asked to develop an appropriate response

Answer 13

Simulation

Question 14

Systems are usually disconnected from the network during the _______ and _______process

Answer 14

isolation and recovery

Question 15

RESTORATION phase of incident response includes these steps:

Answer 15

Restoring backup data

Rebuilding compromised systems

Supplementing existing security controls

Question 16

____________ XORs the plain text with a separate subkey before the first round of encryption. Used in TWOFISH

Answer 16

Prewhitening

Question 17

The US Geological Survey provides detailed _________ risk data for locations in the United States

Answer 17

earthquake

Question 18

__________ occurs when a person presents him- or herself as another user, typically to gain access to unauthorized information or processes.

Answer 18

Masquerading. Keyword is UNAUTHORIZED.

THis includes physical access

Question 19

Loss expectancies are a measure of impact and are calculated during the ______ assessment phase

Answer 19

IMPACT

Question 20

You are concerned about the risk that a tornado poses to your corporate headquarters in Indiana. The building itself is valued at $10 million. After consulting with the National Weather Service, you determine that there is a 2 percent likelihood that a tornado will strike over the course of a year. You hired a team of architects and engineers who determined that the average tornado would destroy approximately 25 percent of the building. What is the annualized loss expectancy (ALE)?

Answer 20

The ALE is computed by multiplying the SLE ($2,500,000) by the annualized rate of occurrence (2%) to get $50,000.

Question 21

A ______ access control model is based on job functions such as a sales person or a sales manager, and it groups users into roles. .

Answer 21

role-based

Question 22

A ______access control model is an identity-based access control model. This is also OWNER based

Answer 22

discretionary

Question 23

A ________access control model is based on rules within an ACL

Answer 23

rule-based

Question 24

A ______ access control model uses assigned labels to identify access.

Answer 24

mandatory

Question 25

The _____ ______process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.

Answer 25

request control

Question 26

S/MIME supports these symmetric encryption algorithms.

Answer 26

RC2, RSA, DES and 3DES

Question 27

The ________ phase includes the restoration of the normal business operations of an organization

Answer 27

CLOSURE

Question 28

What are the Incident response steps

Answer 28

``` Response Mitigation Reporting Recovery Remediation ```

Question 29

_________extended infrastructure mode exists when a wireless network is designed to support a large physical environment through the use of a single SSID but numerous access points

Answer 29

Enterprise

Question 30

Phil Zimmerman's Pretty Good Privacy (PGP) package relies on the construction of a _____ of ___between system users.

Answer 30

web of trust

Question 31

Which BCP (business continuity plan) task requires that you create a comprehensive list of business processes?

Answer 31

Criticality prioritization OR Priority Identification task

Question 32

What organization created the Ten Commandments of Computer Ethics

Answer 32

Computer Ethics Institute

Question 33

_____-______ access control is focused on the internal data of each field

Answer 33

Content-dependent A database view is a content-dependent control. A view retrieves specifi c columns from one or more tables, creating a virtual table.

Question 34

The following items are critical pieces of information in the chain of evidence?

Answer 34

General description of the evidence . Name of the person collecting the evidence Time and date the evidence was collected

Question 35

What cryptographic goal does the challenge-response protocol support?

Answer 35

Authentication

Question 36

What type of access control system is deployed to physically deter unwanted or unauthorized activity and access?

Answer 36

Preventive access control is deployed to stop unwanted or unauthorized activity from occurring.

Question 37

What database security feature uses a locking mechanism to prevent simultaneous edits of cells?

Answer 37

Concurrency

Question 38

Christopher would like to send Renee a message using a digital signature. What key should he use to create the digital signature?

Answer 38

Christopher's private key

Question 39

Tunneling prevents security control devices from __________ the actual content of the transmitted data.

Answer 39

inspecting

Question 40

When audit trails legally prove accountability, then you also reap the benefit of ________.

Answer 40

nonrepudiation

Question 41

Which one of the following is not a required component of a digital certificate?

Answer 41

Serial number Validity period X.509 version

Question 42

Process __________ allows a process to read from and write to only certain memory locations and resources.

Answer 42

confinement

Question 43

annualized loss expectancy FORMULA

Answer 43

Asset value * exposure factor * annualized rate of occurrence ALE = AV x EF x ARO

Question 44

What term describes the processor mode used to run the system tools used by administrators seeking to make configuration changes to a machine?

Answer 44

USER MODE All user applications, regardless of the security permissions assigned to the user, execute in user mode. Supervisory mode, kernel mode, and privileged mode are all terms that describe the mode used by the processor to execute instructions that originate from the operating system.

Question 45

Role-based access control restricts access to roles by grouping _________ (such as users).

Answer 45

SUBJECTS Role-based access control restricts access to roles by grouping subjects (such as users). Groups are assigned privileges but privileges aren't grouped in roles. Programs aren't grouped in roles. Objects such as files are often grouped within folders, but objects are not assigned as roles.

Question 46

What attack involves an interruptive malicious user positioned between a client and server attempting to TAKE OVER?

Answer 46

HIJACK

Question 47

This attack is the abundance of unsolicited messages arriving to the extent it prevents legitimate activity.

Answer 47

Denial of service

Question 48

Malicious code or instruction as part of program input

Answer 48

Buffer-overflow

Question 49

What technique may be used if an individual wants to prove knowledge of a fact to another individual without revealing the fact itself?

Answer 49

Zero-knowledge

Question 50

__________ proof confirm that an individual possesses certain factual knowledge without revealing the knowledge.

Answer 50

Zero-knowledge

Question 51

Tunneling is an _______ means of communicating because all protocols include their own error detection, error handling, acknowledgment, and session management features, and using more than one protocol at a time just compounds the overhead required to communicate a single message.

Answer 51

inefficient

Question 52

In what type of attack does the intruder initiate connections to both a client and a server

Answer 52

Man in the Middle

Question 53

________ access control is deployed to restore systems to normal after an unwanted or unauthorized activity has occurred

Answer 53

Corrective

Question 54

The following are features of packet switching?

Answer 54

Bursty traffic focused Sensitive to data loss Supports any type of traffic

Question 55

circuit switching has _______ known delays.

Answer 55

fixed

Question 56

Packet switching has ______ traffic, ______ to data loss, supports ______ traffic.

Answer 56

Bursty traffic focused Sensitive to data loss Supports any type of traffic

Question 57

circuit switching has _______ known delays.

Answer 57

fixed

Question 58

What is the CLIENT source port of a secured web communication?

Answer 58

DYNAMIC port randomly selected port number between 1024–65,535

Question 59

Which security role is ultimately responsible for due diligence in protecting a company's data?

Answer 59

Data Owner

Question 60

_________ are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts.

Answer 60

Dictionary word lists

Question 61

What form of password attack utilizes a preassembled lexicon of terms and their permutations?

Answer 61

Dictionary Word List

Question 62

On what port do DHCP clients request a configuration?

Answer 62

68

Question 63

Port 68

Answer 63

DHCP

Question 64

Accountability is the ultimate goal of a process started by ________.

Answer 64

identification

Question 65

______ is a weakness in cryptography where a plain-text message generates identical cipher-text messages using the same algorithm but different keys

Answer 65

Clustering (aka key clustering)

Question 66

The ___________ model is based on predetermining the set or domain of objects that a subject can access. The set or domain is a list of those objects that a subject can access. This model is based on automation theory and domain separation. This means subjects are able to perform only predetermined actions against predetermined objects.

Answer 66

Goguen-Meseguer

Question 67

In _____________ mode, each block of unencrypted text is XORed with the block of cipher text IMMEDIATELY PROCEEDING it before it is encrypted using the DES algorithm.

Answer 67

Cipher Block Chaining (CBC)

Question 68

______ _______ use an iterative series of precomputed password hashes. These are precomputed password hashes kept as a series of iterative inputs are known as what

Answer 68

Rainbow tables

Question 69

_______removes the malicious code but does not repair the damage caused by it.

Answer 69

Removal

Question 70

_________not only removes the code, but it also repairs any damage the code has caused.

Answer 70

Cleaning

Question 71

Wifi 802.11__ can use the 2.4 GHz and 5 GHz frequencies

Answer 71

802.11n

Question 72

C++, Java, and Fortran are _______languages

Answer 72

compiled

Question 73

AES supports what length?

Answer 73

The strongest keys supported by the Advanced Encryption Standard are 256 bits. The valid AES key lengths are 128, 192, and 256 bits.

Question 74

Which networking technology assumes traffic collisions will occur and thus requires collision detection and avoidance mechanisms?

Answer 74

eTHERNET

Question 75

What database element is equivalent to a single attribute?

Answer 75

Column

Question 76

The five elements of AAA services in order are :

Answer 76

``` The five elements of AAA services in order are identification, authentication, authorization, auditing, accounting. ```

Question 77

________ the media is the best choice of the available answers to protect against mishandling media.

Answer 77

Marking (or labeling)

Question 78

________is the process by which online activities of user accounts and processes are tracked and recorded.

Answer 78

Auditing

Question 79

The security management task in which critical, significant, and sensitive work tasks are divided among several individual administrators or high-level operators is ________ __ ______.

Answer 79

separation of duties

Question 80

_________ access control enables the enforcement of systemwide restrictions that override object-specific access control.

Answer 80

Nondiscretionary

Question 81

_______viruses use filenames that mimic the filenames of legitimate system files.

Answer 81

Companion

Question 82

Companion Virus is...

Answer 82

viruses that use filenames that mimic the filenames of legitimate system files

Question 83

the ______and the cost/benefit equation—produce results that are primarily used to prioritize security efforts

Answer 83

ALE

Question 84

___is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems

Answer 84

S-RPC

Question 85

__________ ATTACKS are coordinated efforts between cooperative machines using traffic in an entirely legitimate manner

Answer 85

DISTRIBUTED REFLECTIVE DENIAL OF SERVICE

Question 86

The ________of database transactions requires transaction execution in an all-or-nothing fashion.

Answer 86

atomicity

Question 87

______access control is deployed to provide various options to existing controls to help enforce and support a security policy

Answer 87

Compensation

Question 88

The ~ symbol represents the NOT function, which inverts the bits of the affected variable. In this case, the X value is not used.

Answer 88

X: 0 1 1 0 1 0 Y: 0 0 1 1 0 1 ~Y: 1 1 0 0 1 0

Question 89

_______ control is any hardware, software, or organizational administrative policy or procedure that grants or restricts access, monitors and records attempts to access, identifies users attempting to access, and determines whether access is authorized

Answer 89

Access

Question 90

Cryptographic salt values are added to the passwords in password files before hashing to protect from which two attacks?

Answer 90

rainbow table and dictionary attacks.