AIO book review questions

Question 1

1. Use the following scenario to answer Questions 1–3. Josh has discovered that an organized hacking ring in China has been targeting his company’s research and development department. If these hackers have been able to uncover his company’s research finding, this means they probably have access to his company’s intellectual property. Josh thinks that an e-mail server in their DMZ may have been successfully compromised and a rootkit loaded.

Based upon this scenario, what is most likely the biggest risk Josh?s company needs to be concerned with?

A. Market share drop if the attackers are able to bring the specific product to market more quickly than Josh?s company.
B. Confidentiality of e-mail messages. Attackers may post all captured e-mail messages to the Internet.
C. Impact on reputation if the customer base finds out about the attack.
D. Depth of infiltration of attackers. If attackers have compromised other systems, more confidential data could be at risk.

Answer 1

A

Question 2

2. Use the following scenario to answer Questions 1–3. Josh has discovered that an organized hacking ring in China has been targeting his company’s research and development department. If these hackers have been able to uncover his company’s research finding, this means they probably have access to his company’s intellectual property. Josh thinks that an e-mail server in their DMZ may have been successfully compromised and a rootkit loaded.

The attackers in this situation would be seen as which of the following?

A. Vulnerability
B. Threat
C. Risk
D. Threat agent

Answer 2

D

Question 3

3. Use the following scenario to answer Questions 1–3. Josh has discovered that an organized hacking ring in China has been targeting his company’s research and development department. If these hackers have been able to uncover his company’s research finding, this means they probably have access to his company’s intellectual property. Josh thinks that an e-mail server in their DMZ may have been successfully compromised and a rootkit loaded.

If Josh is correct in his assumptions, which of the following best describes the vulnerability, threat, and exposure, respectively?

A. e-mail server is hardened, an entity could exploit programming code flaw, server is compromised and leaking data.
B. e-mail server is not patched, an entity could exploit a vulnerability, server is hardened.
C. e-mail server misconfiguration, an entity could exploit misconfiguration, server is compromised and leaking data.
D. DMZ firewall misconfiguration, an entity could exploit misconfiguration, internal e-mail server is compromised.

Answer 3

C

Question 4

4. Aaron is a security manager who needs to develop a solution to allow his company?s mobile devices to be authenticated in a standardized and centralized manner using digital certificates. The applications these mobile clients use require a TCP connection. Which of the following is the best solution for Aaron to implement?

A. SESAME using PKI
B. RADIUS using EAP
C. Diameter using EAP
D. RADIUS using TTLS

Answer 4

C

Question 5

5. Terry is a security manager for a credit card processing organization. His company uses internal DNS servers, which are placed within the LAN, and external DNS servers, which are placed in the DMZ. The company also relies upon DNS servers provided by their service provider. Terry has found out that attackers have been able to manipulate several DNS server caches, which point employee traffic to malicious websites. Which of the following best describes the solution this company should implement?

A. IPSec
B. PKI
C. DNSSEC
D. MAC-based security

Answer 5

C

Question 6

6. It is important to deal with the issue of ?reasonable expectation of privacy? (REP) when it comes to employee monitoring. In the U.S. legal system the expectation of privacy is used when defining the scope of the privacy protections provided by _____________________.

A. Federal Privacy Act
B. PATRIOT Act
C. The Fourth Amendment of the Constitution
D. The Bill of Rights

Answer 6

C

Question 7

7. Jane is suspicious that an employee is sending sensitive data to one of the company?s competitors. The employee has to use these data for daily activities, thus it is difficult to properly restrict the employee?s access rights. In this scenario, which best describes the company?s vulnerability, threat, risk, and necessary control?

A. Vulnerability is employee access rights, threat is internal entities misusing privileged access, risk is the business impact of data loss, and the necessary control is detailed network traffic monitoring.
B. Vulnerability is lenient access rights, threat is internal entities misusing privileged access, risk is the business impact of data loss, and the necessary control is detailed user monitoring.
C. Vulnerability is employee access rights, threat is internal employees misusing privileged access, risk is the business impact of confidentiality, and the necessary control is multifactor authentication.
D. Vulnerability is employee access rights, threat is internal users misusing privileged access, risk is the business impact of confidentiality, and the necessary control is CCTV.

Answer 7

B

Question 8

8. Which of the following best describes what role-based access control offers companies in reducing administrative burdens?

A. It allows entities closer to the resources to make decisions about who can and cannot access resources.
B. It provides a centralized approach for access control, which frees up department managers.
C. User membership in roles can be easily revoked and new ones established as job assignments dictate.
D. It enforces an enterprise-wide security policy, standards, and guidelines.

Answer 8

C

Question 9

9. Mark needs to ensure that the physical security program he develops for his company increases performance, decreases risk in a cost-effective manner, and allows management to make informed decisions. Which of the following best describes what he needs to put into place?

A. Performance-based program
B. Defense-in-depth program
C. Layered program
D. Security through obscurity

Answer 9

A

Question 10

10. A software development company released a product that committed several errors that were not expected once deployed in their customers? environments. All of the software code went through a long list of tests before being released. The team manager found out that after a small change was made to the code, the program was not tested before it was released. Which of the following tests was most likely not conducted?

A. Unit
B. Compiled
C. Integration
D. Regression

Answer 10

D

Question 11

11. It is important to choose the right risk analysis methodology to meet the goals of the organization?s needs. Which of the following best describes when the risk management standard AS/NZS 4360 should be used?

A. When there is a need to assess items of an organization that are directly related to information security.
B. When there is a need to assess items of an organization that are not just restricted to information security.
C. When a qualitative method is needed to prove the compliance levels as they pertain to regulations.
D. When a qualitative method is needed to prove the compliance levels as they pertain to laws.

Answer 11

B

Question 12

12. Companies should follow certain steps in selecting and implementing a new computer product. Which of the following sequences is ordered correctly?

A. Evaluation, accreditation, certification
B. Evaluation, certification, accreditation
C. Certification, evaluation, accreditation
D. Certification, accreditation, evaluation

Answer 12

B

Question 13

13. Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence.

Which of the following approaches has been implemented in this scenario?

A. Defense-in-depth
B. Security through obscurity
C. Information security management system
D. BS 17799

Answer 13

B

Question 14

14. Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence.

Which ISO/IEC standard would be best for Jack to follow to meet his goals?

A. ISO/IEC 27002
B. ISO/IEC 27004
C. ISO/IEC 27005
D. ISO/IEC 27006

Answer 14

C

Question 15

15. Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence.

Which standard should Jack suggest to his boss for compliance?

A. BS 17799
B. ISO/IEC 27004
C. ISO/IEC 27799
D. BS 7799:2011

Answer 15

C

Question 16

16. An operating system maintains several processes in memory at the same time. The processes can only interact with the CPU during its assigned time slice since there is only one CPU and many processes. Each process is assigned an interrupt value to allow for this type of time slicing to take place. Which of the following best describes the difference between maskable and nonmaskable interrupts?

A. A maskable interrupt is assigned to a critical process, and a nonmaskable interrupt is assigned to a noncritical process.
B. A maskable interrupt is assigned to a process in ring 0, and a nonmaskable interrupt is assigned to a process in ring 3.
C. A maskable interrupt is assigned to a process in ring 3, and a nonmaskable interrupt is assigned to a process in ring 4.
D. A maskable interrupt is assigned to a noncritical process, and a nonmaskable interrupt is assigned to a critical process.

Answer 16

D

Question 17

17. Cable telecommunication networks used to provide a security risk in that neighbors could commonly access each other?s Internet-based traffic because the traffic was not encrypted and protected. Which of the following is an international telecommunications standard that addresses these issues?

A. Safe Harbor Encryption Requirements
B. Data-Over-Cable Service Interface Specifications
C. Privacy Service Requirements
D. Telecommunication Privacy Protection Standard

Answer 17

B

Question 18

18. There are different categories for evidence depending upon what form it is in and possibly how it was collected. Which of the following is considered supporting evidence?

A. Best evidence
B. Corroborative evidence
C. Conclusive evidence
D. Direct evidence

Answer 18

B

Question 19

19. _____________ is the graphical representation of data commonly used on websites. It is a skewed representation of characteristics a person must enter to prove that the subject is a human and not an automated tool, as in a software robot.

A. Anti-spoofing
B. CAPTCHA
C. Spam anti-spoofing
D. CAPCHAT

Answer 19

B

Question 20

20. Mark has been asked to interview individuals to fulfill a new position in his company. The position is a chief privacy officer (CPO). What is the function of this type of position?

A. Ensuring that company financial information is correct and secure
B. Ensuring that customer, company, and employee data are protected
C. Ensuring that security policies are defined and enforced
D. Ensuring that partner information is kept safe

Answer 20

B

Question 21

21. A risk management program must be developed properly and in the right sequence. Which of the following provides the correct sequence for the steps listed?

i. Developed a risk management team
ii. Calculated the value of each asset
iii. Identified the vulnerabilities and threats that can affect the identified assets
iv. Identified company assets to be assessed

A. i, iii, ii, iv
B. ii, i, iv, iii
C. iii, i, iv, ii
D. i, iv, ii, iii

Answer 21

D

Question 22

22. Jack needs to develop a security program for a medical organization. He has been instructed by the security steering committee to follow the ISO/IEC international standards when constructing and implementing this program so that certification can be accomplished. Which of the following best describes the phases Jack should follow?

A. ?Plan? by defining scope and policy. ?Do? by managing identified risks. ?Check? by carrying out monitoring procedures and audits. ?Act? by implementing corrective actions.
B. ?Plan? by defining scope and policy. ?Do? by creating an implementation risk mitigation plan and implementing controls. ?Check? by carrying out monitoring procedures and audits. ?Act? by implementing corrective actions.
C. ?Plan? by identifying controls. ?Do? by creating an implementation risk mitigation plan. ?Check? by carrying out monitoring procedures and audits. ?Act? by implementing corrective actions.
D. ?Plan? by defining scope and policy. ?Do? by creating an implementation risk mitigation plan and implementing controls. ?Check? by carrying out monitoring procedures and audits. ?Act? by implementing risk management.

Answer 22

B

Question 23

23. Which of the following best describes the core reasons the Department of Defense Architecture Framework and the British Ministry of Defense Architecture Framework were developed?

A. Data need to be captured and properly presented so that decision makers understand complex issues quickly, which allows for fast and accurate decisions.
B. Modern warfare is complex and insecure. Data need to be properly secured against enemy efforts to ensure decision makers can have access to it.
C. Critical infrastructures are constantly under attack in warfare situations. These frameworks are used to secure these types of environments.
D. Weapon systems are computerized and must be hardened and secured in a standardized manner.

Answer 23

A

Question 24

24. George is the security manager of a large bank, which provides online banking and other online services to its customers. George has recently found out that some of their customers have complained about changes to their bank accounts that they did not make. George worked with the security team and found out that all changes took place after proper authentication steps were completed. Which of the following describes what most likely took place in this situation?

A. Web servers were compromised through cross-scripting attacks.
B. SSL connections were decrypted through a man-in-the-middle attack.
C. Personal computers were compromised with Trojan horses that installed keyloggers.
D. Web servers were compromised and masquerading attacks were carried out.

Answer 24

C

Question 25

25. Internet Protocol Security (IPSec) is actually a suite of protocols. Each protocol within the suite provides different functionality. Which of the following is not a function or characteristic of IPSec?

A. Encryption
B. Link layer protection
C. Authentication
D. Protection of packet payloads and the headers

Answer 25

B

Question 26

26. A typical PKI infrastructure would have which of the following transactions?
27. Receiver decrypts and obtains session key.
28. Sender requests receiver?s public key.
29. Public key is sent from a public directory.
30. Sender sends a session key encrypted with receiver’s public key.

A. 4, 3, 2, 1
B. 2, 1, 3, 4
C. 2, 3, 4, 1
D. 2, 4, 3, 1

Answer 26

C

Question 27

27. Use the following scenario to answer Questions 27–28. Tim is the CISO for a large distributed financial investment organization. The company’s network is made up of different network devices and software applications, which generate their own proprietary logs and audit data. Tim and his security team have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Another issue Tim’s team needs to deal with is that many of the network devices have automated IPv6-to-IPv4 tunneling enabled by default.

Which of the following is the best solution for this company to implement as it pertains to the first issue addressed in the scenario?

A. Event correlation tools
B. Intrusion detection systems
C. Security information and event management
D. Security event correlation management tools

Answer 27

C

Question 28

28. Use the following scenario to answer Questions 27–28. Tim is the CISO for a large distributed financial investment organization. The company’s network is made up of different network devices and software applications, which generate their own proprietary logs and audit data. Tim and his security team have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Another issue Tim’s team needs to deal with is that many of the network devices have automated IPv6-to-IPv4 tunneling enabled by default.

Which of the following best describes why Tim should be concerned about the second issue addressed in the scenario?

A. Software and devices that are scanning traffic for suspicious activity may only be configured to evaluate one system type.
B. Software and devices that are monitoring traffic for illegal activity may only be configured to evaluate one service type.
C. Software and devices that are monitoring traffic for illegal activity may only be configured to evaluate two protocol types.
D. Software and devices that are monitoring traffic for suspicious activity may only be configured to evaluate one traffic type.

Answer 28

D

Question 29

29. Which of the following is not a characteristic of the Sherwood Applied Business Security Architecture framework?

A. Model and methodology for the development of information security enterprise architectures
B. Layered model, with its first layer defining business requirements from a security perspective
C. Risk-driven enterprise security architecture that maps to business initiatives, similar to the Zachman framework
D. Enterprise architecture framework used to define and understand a business environment

Answer 29

D

Question 30

30. What type of rating system is used within the Common Criteria structure?

A. PP
B. EPL
C. EAL
D. A?D

Answer 30

C

Question 31

31. ___________________ a declarative access control policy language implemented in XML and a processing model, describes how to interpret security policies. _________________ is an XML-based framework being developed by OASIS for exchanging user, resource, and service provisioning information between cooperating organizations.

A. Service Provisioning Markup Language (SPML), Extensible Access Control Markup Language (XACML)
B. Extensible Access Control Markup Language (XACML), Service Provisioning Markup Language (SPML)
C. Extensible Access Control Markup Language (XACML), Security Assertion Markup Language (SAML)
D. Security Assertion Markup Language (SAML), Service Provisioning Markup Language (SPML)

Answer 31

B

Question 32

32. Doors configured in fail-safe mode assume what position in the event of a power failure?

A. Open and locked
B. Closed and locked
C. Closed and unlocked
D. Open

Answer 32

C

Question 33

33. Packet-filtering firewalls have limited capabilities. Which of the following is not a common characteristic of these firewall types?

i. They cannot prevent attacks that employ application-specific vulnerabilities or functions.
ii. The logging functionality present in packet-filtering firewalls is limited.
iii. Most packet-filtering firewalls do not support advanced user authentication schemes.
iv. Many packet-filtering firewalls can detect spoofed addresses.
v. May not be able to detect packet fragmentation attacks.

A. ii
B. iii
C. iv
D. v

Answer 33

C

Question 34

34. BS 25999 is the BSI (British Standards Institute?s) standard for Business Continuity Management (BCM). The BS standard has two main parts. Which of the following properly defines one of these parts correctly?

A. BS 25999-1:2006 Business Continuity Management Code of Practice?General guidance that provides principles, processes, and requirements for BCM.
B. BS 25999-2:2007 Specification for Business Continuity Management?Specifies objective, regulatory requirements for executing, operating, and enhancing a BCM system.
C. BS 25999-1:2006 Business Continuity Management Code of Practice?General specifications that provide principles, deadlines, and terminology for BCM.
D. BS 25999-2:2007 Specification for Business Continuity Management?Specifies objective, auditable requirements for executing, operating, and enhancing a BCM system.

Answer 34

D

Question 35

35. Use the following scenario to answer Questions 35–36. Zack is a security consultant who has been hired to help an accounting company improve some of their current e-mail security practices. The company wants to ensure that when their clients send the company accounting files and data, the clients cannot later deny sending these messages. The company also wants to integrate a more granular and secure authentication method for their current mail server and clients.

Which of the following best describes how client messages can be dealt with and addresses the first issue outlined in the scenario?

A. Company needs to integrate a public key infrastructure and the Diameter protocol.
B. Clients must encrypt messages with their public key before sending them to the accounting company.
C. Company needs to have all clients sign a formal document outlining nonrepudiation requirements.
D. Client must digitally sign messages that contain financial information.

Answer 35

D

Question 36

36. Use the following scenario to answer Questions 35–36. Zack is a security consultant who has been hired to help an accounting company improve some of their current e-mail security practices. The company wants to ensure that when their clients send the company accounting files and data, the clients cannot later deny sending these messages. The company also wants to integrate a more granular and secure authentication method for their current mail server and clients.

Which of the following would be the best solution to integrate to meet the authentication requirements outlined in the scenario?

A. TLS
B. IPSec
C. 802.1x
D. SASL

Answer 36

D

Question 37

37. Rennie needs to ensure that the BCP project will be successful. His manager has asked him to carry out a SWOT analysis to ensure that the defined objectives within the scope can be accomplished and to identify issues that could impede upon the necessary success and productivity required of the project as a whole. Which of the following is not considered to be a basic tenet of a SWOT analysis?

A. Strengths: characteristics of the project team that give it an advantage over others
B. Weaknesses: characteristics that place the team at a disadvantage relative to others
C. Opportunities: elements that could contribute to the project?s success
D. Trends: elements that could contribute to the project?s failure

Answer 37

D

Question 38

38. A ___________________ is the amount of time it should take to recover from a disaster, and a ____________________ is the amount of data, measured in time, that can be lost and be tolerable from that same event.

A. Recovery time objective, recovery point objective
B. Recovery point objective, recovery time objective
C. Maximum tolerable downtime, work recovery time
D. Work recovery time, maximum tolerable downtime

Answer 38

A

Question 39

39. Mary is playing around on her computer late at night and discovers a way to hack into a small company?s personnel files. She decides to take a look around, but does not steal any information. Is she still committing a crime even if she does not steal any of the information?

A. No, since she does not steal any information, she is not committing a crime.
B. Yes, she has gained unauthorized access.
C. No, the system was easily hacked; therefore, entry is allowed.
D. Yes, she could jeopardize the system without knowing it.

Answer 39

B

Question 40

40. In the structure of Extensible Access Control Markup Language (XACML) a Subject element is the ______________, a Resource element is the ___________, and an Action element is the ___________.

A. Requesting entity, requested entity, types of access
B. Requested entity, requesting entity, types of access
C. Requesting entity, requested entity, access control
D. Requested entity, requesting entity, access control

Answer 40

A

Question 41

41. The Mobile IP protocol allows location-independent routing of IP datagrams on the Internet. Each mobile node is identified by its ______________ disregarding its current location in the Internet. While away from its home network, a mobile node is associated with a ___________.

A. Prime address, care-of address
B. Home address, care-of address
C. Home address, secondary address
D. Prime address, secondary address

Answer 41

B

Question 42

42. Instead of managing and maintaining many different types of security products and solutions, Joan wants to purchase a product that combines many technologies into one appliance. She would like to have centralized control, streamlined maintenance, and a reduction in stove pipe security solutions. Which of the following would best fit Joan?s needs?

A. Dedicated appliance
B. Centralized hybrid firewall applications
C. Hybrid IDS\IPS integration
D. Unified threat management

Answer 42

D

Question 43

43. Why is it important to have a clearly defined incident-handling process in place?

A. To avoid dealing with a computer and network threat in an ad hoc, reactive, and confusing manner
B. In order to provide a quick reaction to a threat so that a company can return to normal operations as soon as possible
C. In order to provide a uniform approach with certain expectations of the results
D. All of the above

Answer 43

D

Question 44

44. Which of the following is an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy and provides guidelines on the protection of privacy and transborder flows of personal data rules?

A. Council of Global Convention on Cybercrime
B. Council of Europe Convention on Cybercrime
C. Organisation for Economic Co-operation and Development
D. Organisation for Cybercrime Co-operation and Development

Answer 44

C

Question 45

45. System ports allow different computers to communicate with each other?s services and protocols. Internet Corporation for Assigned Names and Numbers has assigned registered ports to be ____________________ and dynamic ports to be ____________.

A. 0?1024, 49152?65535
B. 1024?49151, 49152?65535
C. 1024?49152, 49153?65535
D. 0?1024, 1025?49151

Answer 45

B

Question 46

46. When conducting a quantitative risk analysis, items are gathered and assigned numeric values so that cost/benefit analysis can be carried out. Which of the following provides the correct formula to understand the value of a safeguard?

A. (ALE before implementing safeguard) ? (ALE after implementing safeguard) ? (annual cost of safeguard) = value of safeguard to the company
B. (ALE before implementing safeguard) ? (ALE during implementing safeguard) ? (annual cost of safeguard) = value of safeguard to the company
C. (ALE before implementing safeguard) ? (ALE while implementing safeguard) ? (annual cost of safeguard) = value of safeguard to the company
D. (ALE before implementing safeguard) ? (ALE after implementing safeguard) ? (annual cost of asset) = value of safeguard to the company

Answer 46

A

Question 47

47. Patty is giving a presentation next week to the executive staff of her company. She wants to illustrate the benefits of the company using specific cloud computing solutions. Which of the following does not properly describe one of these benefits or advantages?

i. Organizations have more flexibility and agility in IT growth and functionality.
ii. Cost of computing can be increased since it is a shared delivery model.
iii. Location independence can be achieved because the computing is not centralized and tied to a physical data center.
iv. Applications and functionality can be more easily migrated from one physical server to another because environments are virtualized.
v. Scalability and elasticity of resources can be accomplished in near realtime through automation.
vi. Performance can increase as processing is shifted to available systems during peak loads.

A. i
B. ii
C. iii
D. v

Answer 47

B

Question 48

48. Use the following scenario to answer Questions 48–49. Frank is the new manager over in-house software designers and programmers. He has been telling his team that before design and programming on a new product begins, a formal architecture needs to be developed. He also needs this team to understand security issues as they pertain to software design. Frank has shown the team how to follow a systematic approach, which allows them to understand how different compromises could take place with the software products they develop.

Which of the following best describes what an architecture is in the context of this scenario?

A. Tool used to conceptually understand the structure and behavior of a complex entity through different views
B. Formal description and representation of a system and the components that make it up
C. Framework used to create individual architectures with specific views
D. Framework that is necessary to identify needs and meet all of the stakeholder requirements

Answer 48

A

Question 49

49. Use the following scenario to answer Questions 48–49. Frank is the new manager over in-house software designers and programmers. He has been telling his team that before design and programming on a new product begins, a formal architecture needs to be developed. He also needs this team to understand security issues as they pertain to software design. Frank has shown the team how to follow a systematic approach, which allows them to understand how different compromises could take place with the software products they develop.

Which of the following best describes the approach Frank has shown his team as outlined in the scenario?

A. Attack surface analysis
B. Threat modeling
C. Penetration testing
D. Double-blind penetration testing

Answer 49

B

Question 50

50. Barry was told that the IDS product that is being used on the network has heuristic capabilities. Which of the following best describes this functionality?

A. Gathers packets and reassembles the fragments before assigning anomaly values
B. Gathers data to calculate the probability of an attack taking place
C. Gathers packets and compares their payload values to a signature engine
D. Gathers packet headers to determine if something suspicious is taking place within the network traffic

Answer 50

B

Question 51

51. System assurance evaluations have gone through many phases. First, TCSEC was used, but it was considered too narrow. Next, ITSEC was developed to be flexible, but in the process became extremely complicated. Now, products are evaluated through the use of a new list of requirements. What is this list of requirements called?

A. International Evaluation Criteria System
B. Universal Evaluation Standards
C. Common Criteria
D. National Security Standards

Answer 51

C

Question 52

52. Don is a senior manager of an architectural firm. He has just found out that a key contract was renewed, allowing the company to continue developing an operating system that was idle for several months. Excited to get started, Don begins work on the operating system privately, but cannot tell his staff until the news is announced publicly in a few days. However, as Don begins making changes in the software, various staff members notice changes in their connected systems, even though they work in a lower security level. What kind of model could be used to ensure this does not happen?

A. Biba
B. Bell-LaPadula
C. Noninterference
D. Clark-Wilson

Answer 52

C

Question 53

53. Betty has received several e-mail messages from unknown sources that try and entice her to click a specific link using a ?Click Here? approach. Which of the following best describes what is most likely taking place in this situation?

A. DNS pharming attack
B. Embedded hyperlink is obfuscated
C. Malware back-door installation
D. Bidirectional injection attack

Answer 53

B

Question 54

54. Rebecca is the network administrator of a large retail company. The company has Ethernet-based distributed networks throughout the northwest region of the United States. Her company would like to move to an Ethernet-based multipoint communication architecture that can run over their service provider?s IP/MPLS network. Which of the following would be the best solution for these requirements?

A. Metro-Ethernet
B. L2TP/IPSec
C. Virtual Private LAN Services
D. SONET

Answer 54

C

Question 55

55. Which of the following multiplexing technologies analyzes statistics related to the typical workload of each input device and makes real-time decisions on how much time each device should be allocated for data transmission?

A. Time-division multiplexing
B. Wave-division multiplexing
C. Frequency-division multiplexing
D. Statistical time-division multiplexing

Answer 55

D

Question 56

56. In a VoIP environment, the Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) are commonly used. Which of the following best describes the difference between these two protocols?

A. RTCP provides a standardized packet format for delivering audio and video over IP networks. RTP provides out-of-band statistics and control information to provide feedback on QoS levels.
B. RTP provides a standardized packet format for delivering data over IP networks. RTCP provides control information to provide feedback on QoS levels.
C. RTP provides a standardized packet format for delivering audio and video over MPLS networks. RTCP provides control information to provide feedback on QoS levels.
D. RTP provides a standardized packet format for delivering audio and video over IP networks. RTCP provides out-of-band statistics and control information to provide feedback on QoS levels.

Answer 56

D

Question 57

57. ISO/IEC 27031:2011 is an international standard for business continuity that organizations can follow. Which of the following is a correct characteristic of this standard?

A. Guidelines for information and communications technology readiness for business continuity
B. ISO/IEC standard that is a component of the overall BS 7999 series
C. Standard that was developed by NIST and evolved to be an international standard
D. Component of the Safe Harbor requirements

Answer 57

A

Question 58

58. Fran is the CSO of a new grocery and retail store. Her company paid for a physical security consultant to assess their current controls and security program that is in place to ensure that the company is carrying out due care efforts. The security consultant told Fran that the areas in front of the stores need to have two foot-candle illumination. Which of the following best describes the consultant?s advice?

A. Lights must be placed two feet apart.
B. The area being lit must be illuminated two feet high and two feet out.
C. This is an illumination metric used for lighting.
D. Each lit area must be within two feet of the next lit area.

Answer 58

C

Question 59

59. IPSec?s main protocols are AH and ESP. Which of the following services does AH provide?

A. Confidentiality and authentication
B. Confidentiality and availability
C. Integrity and accessibility
D. Integrity and authentication

Answer 59

D

Question 60

60. When multiple databases exchange transactions, each database is updated. This can happen many times and in many different ways. To protect the integrity of the data, databases should incorporate a concept known as an ACID test. What does this acronym stand for?

A. Availability, confidentiality, integrity, durability
B. Availability, consistency, integrity, durability
C. Atomicity, confidentiality, isolation, durability
D. Atomicity, consistency, isolation, durability

Answer 60

D

Question 61

61. Use the following scenario to answer Questions 61–62. Jim works for a power plant, and senior management just conducted a meeting with Jim’s team explaining that the upgrades that will be made to the surrounding power grid and its components will allow for better self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. The senior management also expressed concerns about the security of these changes.

Which of the following best describes the changes the organization in the scenario will be moving forward with?

A. Integrating natural gas production with their current coal activities
B. Integrating a smart grid
C. Integrating the power grid with the existing SONET rings
D. Integrating authentication technologies into power metering devices

Answer 61

B

Question 62

62. Use the following scenario to answer Questions 61–62. Jim works for a power plant, and senior management just conducted a meeting with Jim’s team explaining that the upgrades that will be made to the surrounding power grid and its components will allow for better self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. The senior management also expressed concerns about the security of these changes.

Which of the following best describes the security concerns addressed in this scenario?

A. Allows for direct attacks through Ethernet over Power
B. Increased embedded software and computing capabilities
C. Does not have proper protection against common web-based attacks
D. Power fluctuation and outages directly affect computing systems

Answer 62

B

Question 63

63. Henry is the team leader of a group of software designers. They are at a stage in their software development project where they need to reduce the amount of code running, reduce entry points available to untrusted users, reduce privilege levels as much as possible, and eliminate unnecessary services. Which of the following best describes the first step they need to carry out to accomplish these tasks?

A. Attack surface analysis
B. Software development life cycle
C. Risk assessment
D. Unit testing

Answer 63

A

Question 64

64. Jenny needs to engage a new software development company to create her company?s internal banking software. It will need to be created specifically for her company?s environment, so it must be proprietary in nature. Which of the following would be useful for Jenny to use as a gauge to determine how advanced and mature the various software development companies are in their processes?

A. SaS 70
B. Capability Maturity Model Integration level
C. Auditing results
D. Key performance metrics

Answer 64

B

Question 65

65. Which of the following is a representation of the logical relationship between elements of data and dictates the degree of association among elements, methods of access, processing alternatives, and the organization of data elements?

A. Data element
B. Array
C. Secular component
D. Data structure

Answer 65

D

Question 66

66. Kerberos is a commonly used access control and authentication technology. It is important to understand what the technology can and cannot do and its potential downfalls. Which of the following is not a potential security issue that must be addressed when using Kerberos?

i. The KDC can be a single point of failure.
ii. The KDC must be scalable.
iii. Secret keys are temporarily stored on the users? workstations.
iv. Kerberos is vulnerable to password guessing.
A. i, iv
B. iii
C. All of them
D. None of them

Answer 66

D

Question 67

67. If the ALE for a specific asset is $100,000, and after implementation of the control the new ALE is $45,000 and the annual cost of the control is $30,000, should the company implement this control?

A. Yes
B. No
C. Not enough information
D. It depends on the ARO

Answer 67

A

Question 68

68. ISO/IEC 27000 is a growing family of ISO/IEC Information Security Management Systems (ISMS) standards. It comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following provides an incorrect mapping of the individual standards that make up this family of standards?

A. ISO/IEC 27002 Code of practice for information security management.
B. ISO/IEC 27003 Guideline for ISMS implementation.
C. ISO/IEC 27004 Guideline for information security management measurement and metrics framework.
D. ISO/IEC 27005 Guideline for bodies providing audit and certification of information security management systems.

Answer 68

D

Question 69

69. When a CPU is passed an instruction set and data to be processed and the program status word (PSW) register contains a value indicating that execution should take place in privileged mode, which of the following would be considered true?

A. Operating system is executing in supervisory mode
B. Request came from a trusted process
C. Functionality that is available in user mode is not available
D. An untrusted process submitted the execution request

Answer 69

B

Question 70

70. Encryption and decryption can take place at different layers of an operating system, application, and network stack. End-to-end encryption happens within the _______. SSL encryption takes place at the _________ layer. PPTP encryption takes place at the ______ layer. Link encryption takes place at the _________ and ___________ layers.

A. Applications, network, data link, data link and physical
B. Applications, transport, network, data link and physical
C. Applications, transport, data link, data link and physical
D. Network, transport, data link, data link and physical

Answer 70

C

Question 71

71. Which of the following best describes the difference between hierarchical storage management (HSM) and storage area network (SAN) technologies?

A. HSM uses optical or tape jukeboxes, and SAN is a network of connected storage systems.
B. SAN uses optical or tape jukeboxes, and HSM is a network of connected storage systems.
C. HSM and SAN are one and the same. The difference is in the implementation.
D. HSM uses optical or tape jukeboxes, and SAN is a standard of how to develop and implement this technology.

Answer 71

A

Question 72

72. The Anticybersquatting Consumer Protection Act (ACPA) was enacted to protect which type of intellectual property?

A. Trade secrets
B. Copyrights
C. Trademarks
D. Patents

Answer 72

C

Question 73

73. The International Organization on Computer Evidence (IOCE) was appointed to draw up international principles for procedures relating to what type of evidence?

A. Information evidence
B. Digital evidence
C. Conclusive evidence
D. Real evidence

Answer 73

B

Question 74

74. A fraud analyst with a national insurance company uses database tools every day to help identify violations and identify relationships between the captured data through the uses of rule discovery. These tools help identify relationships among a wide variety of information types. What kind of knowledge discovery in database (KDD) is this considered?

A. Probability
B. Statistical
C. Classification
D. Behavioral

Answer 74

B

Question 75

75. Which of the following is an XML-based protocol that defines the schema of how web service communication takes place over HTTP transmissions?

A. Service-Oriented Protocol
B. Active X Protocol
C. Simple Object Access Protocol
D. JVEE

Answer 75

C

Question 76

76. Which of the following has an incorrect definition mapping?

i. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Team-oriented approach that assesses organizational and IT risks through facilitated workshops.
ii. AS/NZS 4360 Australia and New Zealand business risk management assessment approach.
iii. ISO/IEC 27005 International standard for the implementation of a risk management program that integrates into an information security management system (ISMS).
iv. Failure Modes and Effect Analysis Approach that dissects a component into its basic functions to identify flaws and those flaws? effects.
v. Fault tree analysis Approach to map specific flaws to root causes in complex systems.

A. None of them
B. ii
C. iii, iv
D. v

Answer 76

A

Question 77

77. For an enterprise security architecture to be successful in its development and implementation, which of the following items must be understood and followed?

i. Strategic alignment
ii. Process enhancement
iii. Business enablement
iv. Security effectiveness

A. i, ii
B. ii, iii
C. i, ii, iii, iv
D. iii, iv

Answer 77

C

Question 78

78. Which of the following best describes the purpose of the Organisation for Economic Co-operation and Development (OECD)?

A. An international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy.
B. A national organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy.
C. An international organization that helps different organizations come together and tackle the economic, social, and governance challenges of a globalized economy.
D. A national organization that helps different organizations come together and tackle the economic, social, and governance challenges of a globalized economy.

Answer 78

A

Question 79

79. There are many enterprise architecture models that have been developed over the years for specific purposes. Some of them can be used to provide structure for information security processes and technology to be integrated throughout an organization. Which of the following provides an incorrect mapping between the architect types and the associated definitions?

A. Zachman framework Model and methodology for the development of information security enterprise architectures.
B. TOGAF Model and methodology for the development of enterprise architectures developed by The Open Group.
C. DoDAF U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals.
D. MODAF Architecture framework used mainly in military support missions developed by the British Ministry of Defence.

Answer 79

A

Question 80

80. Which of the following best describes the difference between the role of the ISO/IEC 27000 series and CobiT?

A. The CobiT provides a high-level overview of security program requirements, while the ISO/IEC 27000 series provides the objectives of the individual security controls.
B. The ISO/IEC 27000 series provides a high-level overview of security program requirements, while CobiT provides the objectives of the individual security controls.
C. CobiT is process oriented, and the ISO/IEC standard is solution oriented.
D. The ISO/IEC standard is process oriented, and CobiT is solution oriented.

Answer 80

B

Question 81

81. The Capability Maturity Model Integration (CMMI) approach is being used more frequently in security program and enterprise development. Which of the following provides an incorrect characteristic of this model?

A. A model that provides a pathway for how incremental improvement can take place.
B. Provides structured steps that can be followed so an organization can evolve from one level to the next and constantly improve its processes.
C. It was created for process improvement and developed by Carnegie Mellon.
D. It was built upon the SABSA model.

Answer 81

D

Question 82

82. If Joe wanted to use a risk assessment methodology that allows the various business owners to identify risks and know how to deal with them, what methodology would he use?

A. Qualitative
B. COSO
C. FRAP
D. OCTAVE

Answer 82

D

Question 83

83. Information security is a field that is maturing and becoming more organized and standardized. Organizational security models should be based upon a formal architecture framework. Which of the following best describes what a formal architecture framework is and why it would be used?

A. Mathematical model that defines the secure states that various software components can enter and still provide the necessary protection.
B. Conceptual model that is organized into multiple views addressing each of the stakeholder?s concerns.
C. Business enterprise framework that is broken down into six conceptual levels to ensure security is deployed and managed in a controllable manner.
D. Enterprise framework that allows for proper security governance.

Answer 83

B

Question 84

84. Which of the following provides a true characteristic of a fault tree analysis?

A. Fault trees are assigned qualitative values to faults that can take place over a series of business processes.
B. Fault trees are assigned failure mode values.
C. Fault trees are labeled with actual numbers pertaining to failure probabilities.
D. Fault trees are used in a stepwise approach to software debugging.

Answer 84

C

Question 85

85. Several models and frameworks have been developed by different organizations over the years to help businesses carry out processes in a more efficient and effective manner. Which of the following provides the correct definition mapping of one of these items?

i. COSO A framework and methodology for Enterprise Security Architecture and Service Management.
ii. ITIL Processes to allow for IT service management developed by the United Kingdom?s Office of Government Commerce.
iii. Six Sigma Business management strategy that can be used to carry out process improvement.
iv. Capability Maturity Model Integration (CMMI) Organizational development for process improvement developed by Carnegie Mellon.

A. i
B. i, iii
C. ii, iv
D. ii, iii, iv

Answer 85

D

Question 86

86. It is important that organizations ensure that their security efforts are effective and measurable. Which of the following is not a common method used to track the effectiveness of security efforts?

A. Service level agreement
B. Return on investment
C. Balanced scorecard system
D. Provisioning system

Answer 86

D

Question 87

87. Capability Maturity Model Integration (CMMI) is a process improvement approach that is used to help organizations improve their performance. The CMMI model may also be used as a framework for appraising the process maturity of the organization. Which of the following is an incorrect mapping of the levels that may be assigned to an organization based upon this model?

i. Maturity Level 2 ? Managed
ii. Maturity Level 3 ? Defined
iii. Maturity Level 4 ? Quantitatively Managed
iv. Maturity Level 5 ? Optimizing

A. i
B. i, ii
C. All of them
D. None of them

Answer 87

D

Question 88

88. An organization?s information risk management policy should address many items to provide clear direction and structure. Which of the following is not a core item that should be covered in this type of policy?

i. The objectives of the IRM team
ii. The level of risk the organization will accept and what is considered an acceptable level of risk
iii. Formal processes of risk identification
iv. The connection between the IRM policy and the organization?s strategic planning processes
v. Responsibilities that fall under IRM and the roles to fulfill them
vi. The mapping of risk to specific physical controls
vii. The approach toward changing staff behaviors and resource allocation in response to risk analysis
viii. The mapping of risks to performance targets and budgets
ix. Key indicators to monitor the effectiveness of controls

A. ii, v, ix
B. vi
C. v
D. vii, ix

Answer 88

B

Question 89

89. More organizations are outsourcing business functions to allow them to focus on their core business functions. Companies use hosting companies to maintain websites and e-mail servers, service providers for various telecommunication connections, disaster recovery companies for co-location capabilities, cloud computing providers for infrastructure or application services, developers for software creation, and security companies to carry out vulnerability management. Which of the following items should be included during the analysis of an outsourced partner or vendor?

i. Conduct onsite inspection and interviews
ii. Review contracts to ensure security and protection levels are agreed upon
iii. Ensure service level agreements are in place
iv. Review internal and external audit reports and third-party reviews
v. Review references and communicate with former and existing customers
vi. Review Better Business Bureau reports

A. ii, iii, iv
B. iv, v, vi
C. All of them
D. i, ii, iii

Answer 89

C

Question 90

90. Privacy has become a very important component of information security over the last few years. Organizations should carry out security and privacy impact assessments to evaluate their processes. Which of the following contains an incorrect characteristic or definition of a privacy impact assessment?

i. An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy.
ii. An analysis of how information is handled to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system.
iii. An analysis of how information is handled to examine and evaluate protections and alternative processes for handling information to increase potential privacy risks.

A. None of them
B. ii, iii
C. i, ii
D. iii

Answer 90

D

Question 91

91. A financial institution has developed their internal security program based upon the ISO/IEC 27000 series. The security officer has been told that metrics need to be developed and integrated into this program so that effectiveness can be gauged. Which of the following standards should be followed to provide this type of guidance and functionality?

A. ISO/IEC 27002
B. ISO/IEC 27003
C. ISO/IEC 27004
D. ISO/IEC 27005

Answer 91

C

Question 92

92. Which of the following is not a requirement for a database based on the X.500 standard?

A. The directory has a tree structure to organize the entries using a parent-child configuration.
B. Each entry has the same name made up of attributes of a specific object.
C. The attributes used in the directory are dictated by the defined schema.
D. The unique identifiers are called distinguished names.

Answer 92

B

Question 93

93. Sue has been asked to install a web access management (WAM) product for her company?s environment. What is the best description for what WAMs are commonly used for?

A. Control external entities requesting access to internal objects
B. Control internal entities requesting access to external objects
C. Control external entities requesting access through X.500 databases
D. Control internal entities requesting access through X.500 databases

Answer 93

A

Question 94

94. A user?s digital identity is commonly made up of more than just a user name. Which of the following is not a common item that makes up a user?s identity?

A. Entitlements
B. Traits
C. Figures
D. Attributes

Answer 94

C

Question 95

95. Which of the following is a true statement pertaining to markup languages?

A. HyperText Markup Language (HTML) came from Generalized Markup Language (GML), which came from the Standard Generalized Markup Language (SGML).
B. HyperText Markup Language (HTML) came from Standard Generalized Markup Language (SGML), which came from the Generalized Markup Language (GML).
C. Standard Generalized Markup Language (SGML) came from the HyperText Markup Language (HTML), which came from the Generalized Markup Language (GML).
D. Standard Generalized Markup Language (SGML) came from the Generalized Markup Language (GML), which came from the HyperText Markup Language (HTML).

Answer 95

B

Question 96

96. What is Extensible Markup Language (XML) and why was it created?

A. A specification that is used to create various types of markup languages for specific industry requirements
B. A specification that is used to create static and dynamic websites
C. A specification that outlines a detailed markup language dictating all formats of all companies that use it
D. A specification that does not allow for interoperability for the sake of security

Answer 96

A

Question 97

97. Which access control policy is enforced in an environment that uses containers and implicit permission inheritance using a nondiscretionary model?

A. Rule-based
B. Role-based
C. Identity-based
D. Mandatory

Answer 97

B

Question 98

98. Which of the following centralized access control protocols would a security professional choose if her network consisted of multiple protocols, including Mobile IP, and had users connecting via wireless and wired transmissions?

A. RADIUS
B. TACACS+
C. Diameter
D. Kerberos

Answer 98

C

Question 99

99. Jay is the security administrator at a credit card processing company. The company has many identity stores, which are not properly synchronized. Jay is going to oversee the process of centralizing and synchronizing the identity data within the company. He has determined that the data in the HR database will be considered the most up-to-date data, which cannot be overwritten by the software in other identity stores during their synchronization processes. Which of the following best describes the role of this database in the identity management structure of the company?

A. Authoritative system of record
B. Infrastructure source server
C. Primary identity store
D. Hierarchical database primary

Answer 99

A

Question 100

100. Proper access control requires a structured user provisioning process. Which of the following best describes user provisioning?

A. The creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes.
B. The creation, maintenance, activation, and delegation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to compliance processes.
C. The maintenance of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes.
D. The creation and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes.

Answer 100

A

Question 101

101. A user?s identity can be a collection of her _________ (department, role in company, shift time, clearance); her __________ (resources available to her, authoritative rights in the company); and her ________ (biometric information, height, sex,).

A. Attributes, access, traits
B. Attributes, entitlements, access
C. Attributes, characteristics, traits
D. Attributes, entitlements, traits

Answer 101

D

Question 102

102. John needs to ensure that his company?s application can accept provisioning data from their partner?s application in a standardized method. Which of the following best describes the technology that John should implement?

A. Service Provisioning Markup Language
B. Extensible Provisioning Markup Language
C. Security Assertion Markup Language
D. Security Provisioning Markup Language

Answer 102

A

Question 103

103. Lynn logs into a website and purchases an airline ticket for her upcoming trip. The website also offers her pricing and package deals for hotel rooms and rental cars while she is completing her purchase. The airline, hotel, and rental companies are all separate and individual companies. Lynn decides to purchase her hotel room through the same website at the same time. The website is using Security Assertion Markup Language to allow for this type of federated identity management functionality. In this example which entity is the principal, which entity is the identity provider, and which entity is the service provider?

A. Portal, Lynn, hotel company
B. Lynn, airline company, hotel company
C. Lynn, hotel company, airline company
D. Portal, Lynn, airline company

Answer 103

B

Question 104

104. John is the new director of software development within his company. Several proprietary applications offer individual services to the employees, but the employees have to log into each and every application independently to gain access to these discrete services. John would like to provide a way that allows each of the services provided by the various applications to be centrally accessed and controlled. Which of the following best describes the architecture that John should deploy?

A. Service-oriented architecture
B. Web services architecture
C. Single sign-on architecture
D. Hierarchical service architecture

Answer 104

A

Question 105

105. Which security model enforces the principle that the security levels of an object should never change and is known as the ?strong tranquility? property?

A. Biba
B. Bell-LaPadula
C. Brewer-Nash
D. Noninterference

Answer 105

B

Question 106

106. In the system design phase, system requirement specifications are gathered and a modeling language is used. Which of the following best describes what a modeling language is and what it is used for?

A. A modeling language is commonly mathematical to allow for the verification of the system components. It is used to understand what the components need to accomplish individually and when they work together.
B. A modeling language is commonly graphical to allow for threat modeling to be accomplished through the understanding of system components. It is used to understand what the components need to accomplish individually and when they work together.
C. A modeling language is commonly graphical to allow for a system architecture to be built.
D. A modeling language is commonly graphical to allow for visualization of the system components. It is used to understand what the components need to accomplish individually and when they work together.

Answer 106

D

Question 107

107. There is a specific terminology taxonomy used in the discipline of formal architecture framework development and implementation. Which of the following terms has an incorrect definition?

i. Architecture Fundamental organization of a system embodied in its components, their relationships to each other and to the environment, and the principles guiding its design and evolution.
ii. Architectural description (AD) Representation of a whole system from the perspective of a related set of concerns.
iii. Stakeholder Individual, team, or organization (or classes thereof) with interests in, or concerns relative to, a system.
iv. View Collection of document types to convey an architecture in a formal manner.
v. Viewpoint A specification of the conventions for constructing and using a view. A template from which to develop individual views by establishing the purposes and audience for a view and the techniques for its creation and analysis.

A. i, iii
B. ii, iv
C. iv, v
D. ii

Answer 107

B

Question 108

108. Operating systems may not work on systems with specific processors. Which of the following best describes why one operating system may work on a Pentium Pro processor but not on an AMD processor?

A. The operating system was not developed to work within the architecture of a specific processor and cannot use that specific processor instruction set.
B. The operating system was developed before the new processor architecture was released, thus it is not backwards compatible.
C. The operating system is programmed to use a different instruction set.
D. The operating system is platform dependent, thus it can only work on one specific processor family.

Answer 108

A

Question 109

109. Which of the following best describes how an address and a data bus are used for instruction execution?

A. CPU sends a ?fetch? request on the data bus, and the data residing at the requested address are returned on the address bus.
B. CPU sends a ?get? request on the address bus, and the data residing at the requested address are returned on the data bus.
C. CPU sends a ?fetch? request on the address bus, and the data residing at the requested address are returned on the data bus.
D. CPU sends a ?get? request on the data bus, and the data residing at the requested address are returned on the address bus.

Answer 109

C

Question 110

110. An operating system has many different constructs to keep all of the different execution components in the necessary synchronization. One construct the operating system maintains is a process table. Which of the following best describes the role of a process table within an operating system?

A. The table contains information about each process that the CPU uses during the execution of the individual processes? instructions.
B. The table contains memory boundary addresses to ensure that processes do not corrupt each other?s data.
C. The table contains condition bits that the CPU uses during state transitions.
D. The table contains I/O and memory addresses.

Answer 110

A

Question 111

111. Hanna is a security manager of a company that relies heavily on one specific operating system. The operating system is used in the employee workstations and is embedded within devices that support the automated production line software. She has uncovered that the operating system has a vulnerability that could allow an attacker to force applications to not release memory segments after execution. Which of the following best describes the type of threat this vulnerability introduces?

A. Injection attacks
B. Memory corruption
C. Denial of service
D. Software locking

Answer 111

C

Question 112

112. Which of the following architecture frameworks has a focus on command, control, communications, computers, intelligence, surveillance, and reconnaissance systems and processes?

A. DoDAF
B. TOGAF
C. CMMI
D. MODAF

Answer 112

A

Question 113

113. Many operating systems implement address space layout randomization (ASLR). Which of the following best describes this type of technology?

A. Randomly arranging memory address values
B. Restricting the types of processes that can execute instructions in privileged mode
C. Running privileged instructions in virtual machines
D. Randomizing return pointer values

Answer 113

A

Question 114

114. A company needs to implement a CCTV system that will monitor a large area of the facility. Which of the following is the correct lens combination for this?

A. A wide-angle lens and a small lens opening
B. A wide-angle lens and a large lens opening
C. A wide-angle lens and a large lens opening with a small focal length
D. A wide-angle lens and a large lens opening with a large focal length

Answer 114

A

Question 115

115. What is the name of a water sprinkler system that keeps pipes empty and doesn?t release water until a certain temperature is met and a ?delay mechanism? is instituted?

A. Wet
B. Preaction
C. Delayed
D. Dry

Answer 115

B

Question 116

116. There are different types of fire suppression systems. Which of the following answers best describes the difference between a deluge and a preaction system?

A. A deluge system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A preaction system provides similar functionality but has wide open sprinkler heads that allow a lot of water to be dispersed quickly.
B. A preaction system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system has wide open sprinkler heads that allow a lot of water to be dispersed quickly.
C. A dry pipe system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system has wide open sprinkler heads that allow a lot of water to be dispersed quickly.
D. A preaction system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system provides similar functionality but has wide open sprinkler heads that allow a lot of water to be dispersed quickly.

Answer 116

B

Question 117

117. Which of the following best describes why a Crime Prevention Through Environmental Design (CPTED) would integrate block parties and civic meetings?

A. These activities are designed to get people to work together to increase the overall crime and criminal behavior in the area.
B. These activities are designed to get corporations to work together to increase the overall awareness of acceptable and unacceptable activities in the area.
C. These activities are designed to get people to work together to increase the three strategies of this design model.
D. These activities are designed to get people to work together to increase the overall awareness of acceptable and unacceptable activities in the area.

Answer 117

D

Question 118

118. Which of the following frameworks is a two-dimensional model that uses six basic communication interrogatives intersecting with different viewpoints to give a holistic understanding of the enterprise?

A. SABSA
B. TOGAF
C. CMMI
D. Zachman

Answer 118

D

Question 119

119. Not every data transmission incorporates the session layer. Which of the following best describes the functionality of the session layer?

A. End-to-end data transmission
B. Application client/server communication mechanism in a distributed environment
C. Application-to-computer physical communication
D. Provides application with the proper syntax for transmission

Answer 119

B

Question 120

120. What is the purpose of the Logical Link Control (LLC) layer in the OSI model?

A. Provides a standard interface for the network layer protocol
B. Provides the framing functionality of the data link layer
C. Provides addressing of the packet during encapsulation
D. Provides the functionality of converting bits into electrical signals

Answer 120

A

Question 121

121. Which of the following best describes why classless interdomain routing (CIDR) was created?

A. To allow IPv6 traffic to tunnel through IPv4 networks
B. To allow IPSec to be integrated into IPv4 traffic
C. To allow an address class size to meet an organization?s need
D. To allow IPv6 to tunnel IPSec traffic

Answer 121

C

Question 122

122. John is a security engineer at a company that develops highly confidential products for various government agencies. While his company has VPNs set up to protect traffic that travels over the Internet and other nontrusted networks, he knows that internal traffic should also be protected. Which of the following is the best type of approach John’s company should take?

A. Implement a data link technology that provides 802.1AE security functionality.
B. Implement a network-level technology that provides 802.1AE security functionality.
C. Implement SSL over L2TP.
D. Implement IPSec over L2TP.

Answer 122

A

Question 123

123. IEEE ________ provides a unique ID for a device. IEEE _________ provides data encryption, integrity, and origin authentication functionality. IEEE ________ carries out key agreement functions for the session keys used for data encryption. Each of these standards provides specific parameters to work within an IEEE ________ framework.

A. 802.1AF, 802.1AE, 802.1AR, 802.1X EAP-TLS
B. 802.1AT, 802.1AE, 802.1AM, 802.1X EAP-SSL
C. 802.1AR, 802.1AE, 802.1AF, 802.1X EAP-SSL
D. 802.1AR, 802.1AE, 802.1AF, 802.1X EAP-TLS

Answer 123

D

Question 124

124. Bob has noticed that one of the network switches has been acting strangely over the last week. Bob installed a network protocol analyzer to monitor the traffic going to the specific switch. He has identified UDP traffic coming from an outside source using the destination port 161. Which of the following best describes what is most likely taking place?

A. Attacker is modifying the switch SNMP MIB.
B. Attacker is carrying out a selective DoS attack.
C. Attacker is manipulating the ARP cache.
D. Attacker is carrying out an injection attack.

Answer 124

A

Question 125

125. Larry is a seasoned security professional and knows the potential dangers associated with using an ISP?s DNS server for Internet connectivity. When Larry stays at a hotel or uses his laptop in any type of environment he does not fully trust, he updates values in his HOSTS file. Which of the following best describes why Larry carries out this type of task?

A. Reduces the risk of an attacker sending his system a corrupt ARP address which points his system to a malicious website.
B. Ensures his host-based IDS is properly updated.
C. Reduces the risk of an attacker sending his system an incorrect IP address to host mapping that points his system to a malicious website.
D. Ensures his network-based IDS is properly synchronized with his host-based IDS.

Answer 125

C

Question 126

126. John has uncovered a rogue system on the company network that emulates a switch. The software on this system is being used by an attacker to modify frame tag values. Which of the following best describes the type of attack that has most likely been taking place?

A. DHCP snooping
B. VLAN hopping
C. Network traffic shaping
D. Network traffic hopping

Answer 126

B

Question 127

127. Frank is a new security manager for a large financial institution. He has been told that the organization needs to reduce the total cost of ownership for many components of the network and infrastructure. The organization currently maintains many distributed networks, software packages, and applications. Which of the following best describes the cloud services that are most likely provided by service providers for Frank to choose from?

A. Infrastructure as a Service provides an environment similar to an operating system, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality.
B. Infrastructure as a Service provides an environment similar to a data center, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality.
C. Infrastructure as a Service provides an environment similar to a data center, Platform as a Service provides application-based functionality, and Software as a Service provides specific operating system functionality.
D. Infrastructure as a Service provides an environment similar to a database, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality.

Answer 127

B

Question 128

128. Terry is told by his boss that he needs to implement a networked-switched infrastructure that allows several systems to be connected to any storage device. What does Terry need to roll out?

A. Electronic vaulting
B. Hierarchical storage management
C. Storage area network
D. Remote journaling

Answer 128

C

Question 129

129. On a Tuesday morning, Jami is summoned to the office of the security director where she finds six of her peers from other departments. The security director gives them instructions about an event that will be taking place in two weeks. Each of the individuals will be responsible for removing specific systems from the facility, bringing them to the offsite facility, and implementing them. Each individual will need to test the installed systems and ensure the configurations are correct for production activities. What event is Jami about to take part in?

A. Parallel test
B. Full-interruption test
C. Simulation test
D. Structured walk-through test

Answer 129

A

Question 130

130. While DRP and BCP are directed at the development of ?plans,? ______________ is the holistic management process that should cover both of them. It provides a framework for integrating resilience with the capability for effective responses that protects the interests of the organization’s key stakeholders.

A. Continuity of operations
B. Business continuity management
C. Risk management
D. Enterprise management architecture

Answer 130

B

Question 131

131. The ?Safe Harbor? privacy framework was created to:

A. Ensure that personal information should be collected only for a stated purpose by lawful and fair means and with the knowledge or consent of the subject
B. Provide a streamlined means for U.S. organizations to comply with European privacy laws
C. Require the federal government to release to citizens the procedures for how records are collected, maintained, used, and distributed
D. None of the above

Answer 131

B

Question 132

132. The European Union?s Directive on Data Protection forbids the transfer of individually identifiable information to a country outside the EU, unless:

A. The receiving country grants individuals adequate privacy protection.
B. The receiving country pays a fee to the EU.
C. There are no exceptions; no information is ever transferred.
D. The receiving country is a member of the Fair Trade Organization.

Answer 132

A

Question 133

133. The main goal of the Wassenaar Arrangement is to prevent the buildup of military capabilities that could threaten regional and international security and stability. How does this relate to technology?

A. Cryptography is a dual-use tool.
B. Technology is used in weaponry systems.
C. Military actions directly relate to critical infrastructure systems.
D. Critical infrastructure systems can be at risk under this agreement.

Answer 133

A

Question 134

134. Which world legal system of law is used in continental European countries, such as France and Spain, and is rule-based law, not precedence based?

A. Civil (code) law system
B. Common law system
C. Customary law system
D. Mixed law system

Answer 134

A

Question 135

135. Which of the following is not a correct characteristic of the Failure Modes and Effect Analysis (FMEA) method?

A. Determining functions and identifying functional failures
B. Assessing the causes of failure and their failure effects through a structured process
C. Structured process carried out by an identified team to address high-level security compromises
D. Identify where something is most likely going to break and either fix the flaws that could cause this issue or implement controls to reduce the impact of the break

Answer 135

C

Question 136

136. A risk analysis can be carried out through qualitative or quantitative means. It is important to choose the right approach to meet the organization?s goals. In a quantitative analysis, which of the following items would not be assigned a numeric value?

i. Asset value
ii. Threat frequency
iii. Severity of vulnerability
iv. Impact damage
v. Safeguard costs
vi. Safeguard effectiveness
vii. Probability

A. All of them
B. None of them
C. ii
D. vii

Answer 136

B

Question 137

137. Uncovering restricted information by using permissible data is referred to as __________.

A. Inference
B. Data mining
C. Perturbation
D. Cell suppression

Answer 137

A

Question 138

138. Tim wants to deploy a server-side scripting language on his company?s web server that will allow him to provide common code that will be used throughout the site in a uniform manner. Which of the following best describes this type of technology?

A. Sandbox
B. Server-side includes
C. Cross-site scripting
D. Java applets

Answer 138

B

Question 139

139. An attacker can modify the client-side JavaScript that provides structured layout and HTML representation. This commonly takes place through form fields within compromised web servers. Which of the following best describes this type of attack?

A. Injection attack
B. DOM-based XSS
C. Persistent XSS
D. Session hijacking

Answer 139

B

Question 140

140. CobiT and COSO can be used together, but have different goals and focuses. Which of the following is incorrect as it pertains to these two models?
     i. COSO is a model for corporate governance, and CobiT is a model for IT governance.
     ii. COSO deals more at the strategic level, while CobiT focuses more at the operational level.
     iii. CobiT is a way to meet many of the COSO objectives, but only from the IT perspective.
     iv. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures.

A. None
B. All
C. i, ii
D. ii, iii

Answer 140

A

Question 141

141. Use the following scenario to answer Questions 141–142. Ron is in charge of updating his company’s business continuity and disaster recovery plans and processes. After a business impact analysis his team has told him that if the company’s e-commerce payment gateway was unable to process payments for 24 hours or more, this could drastically affect the survivability of the company. The analysis indicates that after an outage the payment gateway and payment processing should be restored within 13 hours. Ron’s team needs to integrate solutions that provide redundancy, fault tolerance, and failover capability.

In the scenario, what does the 24-hour time period represent and what does the 13-hour time period represent?

A. Maximum tolerable downtime, recovery time objective
B. Recovery time objective, maximum tolerable downtime
C. Maximum tolerable downtime, recovery data period
D. Recovery time objective, data recovery period

Answer 141

A

Question 142

142. Use the following scenario to answer Questions 141–142. Ron is in charge of updating his company’s business continuity and disaster recovery plans and processes. After a business impact analysis his team has told him that if the company’s e-commerce payment gateway was unable to process payments for 24 hours or more, this could drastically affect the survivability of the company. The analysis indicates that after an outage the payment gateway and payment processing should be restored within 13 hours. Ron’s team needs to integrate solutions that provide redundancy, fault tolerance, and failover capability.

Which of the following best describes the type of solution Ron’s team needs to implement?

A. RAID and clustering
B. Storage area networks
C. High availability
D. Grid computing and clustering

Answer 142

C