AIO book review questions Flashcards by Josh Selkirk

Use the following scenario to answer Questions 1–3. Josh has discovered that an organized hacking ring in China has been targeting his company’s research and development department. If these hackers have been able to uncover his company’s research finding, this means they probably have access to his company’s intellectual property. Josh thinks that an e-mail server in their DMZ may have been successfully compromised and a rootkit loaded.

Based upon this scenario, what is most likely the biggest risk Josh?s company needs to be concerned with?

A. Market share drop if the attackers are able to bring the specific product to market more quickly than Josh?s company.
B. Confidentiality of e-mail messages. Attackers may post all captured e-mail messages to the Internet.
C. Impact on reputation if the customer base finds out about the attack.
D. Depth of infiltration of attackers. If attackers have compromised other systems, more confidential data could be at risk.

How well did you know this?

Not at all

Perfectly

Use the following scenario to answer Questions 1–3. Josh has discovered that an organized hacking ring in China has been targeting his company’s research and development department. If these hackers have been able to uncover his company’s research finding, this means they probably have access to his company’s intellectual property. Josh thinks that an e-mail server in their DMZ may have been successfully compromised and a rootkit loaded.

The attackers in this situation would be seen as which of the following?

A. Vulnerability
B. Threat
C. Risk
D. Threat agent

How well did you know this?

Not at all

Perfectly

Use the following scenario to answer Questions 1–3. Josh has discovered that an organized hacking ring in China has been targeting his company’s research and development department. If these hackers have been able to uncover his company’s research finding, this means they probably have access to his company’s intellectual property. Josh thinks that an e-mail server in their DMZ may have been successfully compromised and a rootkit loaded.

If Josh is correct in his assumptions, which of the following best describes the vulnerability, threat, and exposure, respectively?

A. e-mail server is hardened, an entity could exploit programming code flaw, server is compromised and leaking data.
B. e-mail server is not patched, an entity could exploit a vulnerability, server is hardened.
C. e-mail server misconfiguration, an entity could exploit misconfiguration, server is compromised and leaking data.
D. DMZ firewall misconfiguration, an entity could exploit misconfiguration, internal e-mail server is compromised.

How well did you know this?

Not at all

Perfectly

Aaron is a security manager who needs to develop a solution to allow his company?s mobile devices to be authenticated in a standardized and centralized manner using digital certificates. The applications these mobile clients use require a TCP connection. Which of the following is the best solution for Aaron to implement?

A. SESAME using PKI
B. RADIUS using EAP
C. Diameter using EAP
D. RADIUS using TTLS

How well did you know this?

Not at all

Perfectly

Terry is a security manager for a credit card processing organization. His company uses internal DNS servers, which are placed within the LAN, and external DNS servers, which are placed in the DMZ. The company also relies upon DNS servers provided by their service provider. Terry has found out that attackers have been able to manipulate several DNS server caches, which point employee traffic to malicious websites. Which of the following best describes the solution this company should implement?

A. IPSec
B. PKI
C. DNSSEC
D. MAC-based security

How well did you know this?

Not at all

Perfectly

It is important to deal with the issue of ?reasonable expectation of privacy? (REP) when it comes to employee monitoring. In the U.S. legal system the expectation of privacy is used when defining the scope of the privacy protections provided by _____________________.

A. Federal Privacy Act
B. PATRIOT Act
C. The Fourth Amendment of the Constitution
D. The Bill of Rights

How well did you know this?

Not at all

Perfectly

Jane is suspicious that an employee is sending sensitive data to one of the company?s competitors. The employee has to use these data for daily activities, thus it is difficult to properly restrict the employee?s access rights. In this scenario, which best describes the company?s vulnerability, threat, risk, and necessary control?

A. Vulnerability is employee access rights, threat is internal entities misusing privileged access, risk is the business impact of data loss, and the necessary control is detailed network traffic monitoring.
B. Vulnerability is lenient access rights, threat is internal entities misusing privileged access, risk is the business impact of data loss, and the necessary control is detailed user monitoring.
C. Vulnerability is employee access rights, threat is internal employees misusing privileged access, risk is the business impact of confidentiality, and the necessary control is multifactor authentication.
D. Vulnerability is employee access rights, threat is internal users misusing privileged access, risk is the business impact of confidentiality, and the necessary control is CCTV.

How well did you know this?

Not at all

Perfectly

Which of the following best describes what role-based access control offers companies in reducing administrative burdens?

A. It allows entities closer to the resources to make decisions about who can and cannot access resources.
B. It provides a centralized approach for access control, which frees up department managers.
C. User membership in roles can be easily revoked and new ones established as job assignments dictate.
D. It enforces an enterprise-wide security policy, standards, and guidelines.

How well did you know this?

Not at all

Perfectly

Mark needs to ensure that the physical security program he develops for his company increases performance, decreases risk in a cost-effective manner, and allows management to make informed decisions. Which of the following best describes what he needs to put into place?

A. Performance-based program
B. Defense-in-depth program
C. Layered program
D. Security through obscurity

How well did you know this?

Not at all

Perfectly

A software development company released a product that committed several errors that were not expected once deployed in their customers? environments. All of the software code went through a long list of tests before being released. The team manager found out that after a small change was made to the code, the program was not tested before it was released. Which of the following tests was most likely not conducted?

A. Unit
B. Compiled
C. Integration
D. Regression

How well did you know this?

Not at all

Perfectly

It is important to choose the right risk analysis methodology to meet the goals of the organization?s needs. Which of the following best describes when the risk management standard AS/NZS 4360 should be used?

A. When there is a need to assess items of an organization that are directly related to information security.
B. When there is a need to assess items of an organization that are not just restricted to information security.
C. When a qualitative method is needed to prove the compliance levels as they pertain to regulations.
D. When a qualitative method is needed to prove the compliance levels as they pertain to laws.

How well did you know this?

Not at all

Perfectly

Companies should follow certain steps in selecting and implementing a new computer product. Which of the following sequences is ordered correctly?

A. Evaluation, accreditation, certification
B. Evaluation, certification, accreditation
C. Certification, evaluation, accreditation
D. Certification, accreditation, evaluation

How well did you know this?

Not at all

Perfectly

Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence.

Which of the following approaches has been implemented in this scenario?

A. Defense-in-depth
B. Security through obscurity
C. Information security management system
D. BS 17799

How well did you know this?

Not at all

Perfectly

Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence.

Which ISO/IEC standard would be best for Jack to follow to meet his goals?

A. ISO/IEC 27002
B. ISO/IEC 27004
C. ISO/IEC 27005
D. ISO/IEC 27006

How well did you know this?

Not at all

Perfectly

Use the following scenario to answer Questions 13–15. Jack has just been hired as the security officer for a large hospital. The organization develops some of its own proprietary applications. The organization does not have as many layers of controls when it comes to the data processed by these applications, since external entities will not understand the internal logic of the applications. One of the first things that Jack wants to carry out is a risk assessment to determine the organization’s current risk profile. He also tells his boss that the hospital should become ISO certified to bolster its customers’ and partners’ confidence.

Which standard should Jack suggest to his boss for compliance?

A. BS 17799
B. ISO/IEC 27004
C. ISO/IEC 27799
D. BS 7799:2011

How well did you know this?

Not at all

Perfectly

An operating system maintains several processes in memory at the same time. The processes can only interact with the CPU during its assigned time slice since there is only one CPU and many processes. Each process is assigned an interrupt value to allow for this type of time slicing to take place. Which of the following best describes the difference between maskable and nonmaskable interrupts?

A. A maskable interrupt is assigned to a critical process, and a nonmaskable interrupt is assigned to a noncritical process.
B. A maskable interrupt is assigned to a process in ring 0, and a nonmaskable interrupt is assigned to a process in ring 3.
C. A maskable interrupt is assigned to a process in ring 3, and a nonmaskable interrupt is assigned to a process in ring 4.
D. A maskable interrupt is assigned to a noncritical process, and a nonmaskable interrupt is assigned to a critical process.

How well did you know this?

Not at all

Perfectly

Cable telecommunication networks used to provide a security risk in that neighbors could commonly access each other?s Internet-based traffic because the traffic was not encrypted and protected. Which of the following is an international telecommunications standard that addresses these issues?

A. Safe Harbor Encryption Requirements
B. Data-Over-Cable Service Interface Specifications
C. Privacy Service Requirements
D. Telecommunication Privacy Protection Standard

How well did you know this?

Not at all

Perfectly

There are different categories for evidence depending upon what form it is in and possibly how it was collected. Which of the following is considered supporting evidence?

A. Best evidence
B. Corroborative evidence
C. Conclusive evidence
D. Direct evidence

How well did you know this?

Not at all

Perfectly

_____________ is the graphical representation of data commonly used on websites. It is a skewed representation of characteristics a person must enter to prove that the subject is a human and not an automated tool, as in a software robot.

A. Anti-spoofing
B. CAPTCHA
C. Spam anti-spoofing
D. CAPCHAT

How well did you know this?

Not at all

Perfectly

Mark has been asked to interview individuals to fulfill a new position in his company. The position is a chief privacy officer (CPO). What is the function of this type of position?

A. Ensuring that company financial information is correct and secure
B. Ensuring that customer, company, and employee data are protected
C. Ensuring that security policies are defined and enforced
D. Ensuring that partner information is kept safe

How well did you know this?

Not at all

Perfectly

A risk management program must be developed properly and in the right sequence. Which of the following provides the correct sequence for the steps listed?

i. Developed a risk management team
ii. Calculated the value of each asset
iii. Identified the vulnerabilities and threats that can affect the identified assets
iv. Identified company assets to be assessed

A. i, iii, ii, iv
B. ii, i, iv, iii
C. iii, i, iv, ii
D. i, iv, ii, iii

How well did you know this?

Not at all

Perfectly

Jack needs to develop a security program for a medical organization. He has been instructed by the security steering committee to follow the ISO/IEC international standards when constructing and implementing this program so that certification can be accomplished. Which of the following best describes the phases Jack should follow?

A. ?Plan? by defining scope and policy. ?Do? by managing identified risks. ?Check? by carrying out monitoring procedures and audits. ?Act? by implementing corrective actions.
B. ?Plan? by defining scope and policy. ?Do? by creating an implementation risk mitigation plan and implementing controls. ?Check? by carrying out monitoring procedures and audits. ?Act? by implementing corrective actions.
C. ?Plan? by identifying controls. ?Do? by creating an implementation risk mitigation plan. ?Check? by carrying out monitoring procedures and audits. ?Act? by implementing corrective actions.
D. ?Plan? by defining scope and policy. ?Do? by creating an implementation risk mitigation plan and implementing controls. ?Check? by carrying out monitoring procedures and audits. ?Act? by implementing risk management.

How well did you know this?

Not at all

Perfectly

Which of the following best describes the core reasons the Department of Defense Architecture Framework and the British Ministry of Defense Architecture Framework were developed?

A. Data need to be captured and properly presented so that decision makers understand complex issues quickly, which allows for fast and accurate decisions.
B. Modern warfare is complex and insecure. Data need to be properly secured against enemy efforts to ensure decision makers can have access to it.
C. Critical infrastructures are constantly under attack in warfare situations. These frameworks are used to secure these types of environments.
D. Weapon systems are computerized and must be hardened and secured in a standardized manner.

How well did you know this?

Not at all

Perfectly

George is the security manager of a large bank, which provides online banking and other online services to its customers. George has recently found out that some of their customers have complained about changes to their bank accounts that they did not make. George worked with the security team and found out that all changes took place after proper authentication steps were completed. Which of the following describes what most likely took place in this situation?

A. Web servers were compromised through cross-scripting attacks.
B. SSL connections were decrypted through a man-in-the-middle attack.
C. Personal computers were compromised with Trojan horses that installed keyloggers.
D. Web servers were compromised and masquerading attacks were carried out.

How well did you know this?

Not at all

Perfectly

25. Internet Protocol Security (IPSec) is actually a suite of protocols. Each protocol within the suite provides different functionality. Which of the following is not a function or characteristic of IPSec? A. Encryption B. Link layer protection C. Authentication D. Protection of packet payloads and the headers

26. A typical PKI infrastructure would have which of the following transactions? 1. Receiver decrypts and obtains session key. 2. Sender requests receiver?s public key. 3. Public key is sent from a public directory. 4. Sender sends a session key encrypted with receiver's public key. A. 4, 3, 2, 1 B. 2, 1, 3, 4 C. 2, 3, 4, 1 D. 2, 4, 3, 1

27. Use the following scenario to answer Questions 27–28. Tim is the CISO for a large distributed financial investment organization. The company’s network is made up of different network devices and software applications, which generate their own proprietary logs and audit data. Tim and his security team have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Another issue Tim’s team needs to deal with is that many of the network devices have automated IPv6-to-IPv4 tunneling enabled by default. Which of the following is the best solution for this company to implement as it pertains to the first issue addressed in the scenario? A. Event correlation tools B. Intrusion detection systems C. Security information and event management D. Security event correlation management tools

28. Use the following scenario to answer Questions 27–28. Tim is the CISO for a large distributed financial investment organization. The company’s network is made up of different network devices and software applications, which generate their own proprietary logs and audit data. Tim and his security team have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Another issue Tim’s team needs to deal with is that many of the network devices have automated IPv6-to-IPv4 tunneling enabled by default. Which of the following best describes why Tim should be concerned about the second issue addressed in the scenario? A. Software and devices that are scanning traffic for suspicious activity may only be configured to evaluate one system type. B. Software and devices that are monitoring traffic for illegal activity may only be configured to evaluate one service type. C. Software and devices that are monitoring traffic for illegal activity may only be configured to evaluate two protocol types. D. Software and devices that are monitoring traffic for suspicious activity may only be configured to evaluate one traffic type.

29. Which of the following is not a characteristic of the Sherwood Applied Business Security Architecture framework? A. Model and methodology for the development of information security enterprise architectures B. Layered model, with its first layer defining business requirements from a security perspective C. Risk-driven enterprise security architecture that maps to business initiatives, similar to the Zachman framework D. Enterprise architecture framework used to define and understand a business environment

30. What type of rating system is used within the Common Criteria structure? A. PP B. EPL C. EAL D. A?D

31. ___________________ a declarative access control policy language implemented in XML and a processing model, describes how to interpret security policies. _________________ is an XML-based framework being developed by OASIS for exchanging user, resource, and service provisioning information between cooperating organizations. A. Service Provisioning Markup Language (SPML), Extensible Access Control Markup Language (XACML) B. Extensible Access Control Markup Language (XACML), Service Provisioning Markup Language (SPML) C. Extensible Access Control Markup Language (XACML), Security Assertion Markup Language (SAML) D. Security Assertion Markup Language (SAML), Service Provisioning Markup Language (SPML)

32. Doors configured in fail-safe mode assume what position in the event of a power failure? A. Open and locked B. Closed and locked C. Closed and unlocked D. Open

33. Packet-filtering firewalls have limited capabilities. Which of the following is not a common characteristic of these firewall types? i. They cannot prevent attacks that employ application-specific vulnerabilities or functions. ii. The logging functionality present in packet-filtering firewalls is limited. iii. Most packet-filtering firewalls do not support advanced user authentication schemes. iv. Many packet-filtering firewalls can detect spoofed addresses. v. May not be able to detect packet fragmentation attacks. A. ii B. iii C. iv D. v

34. BS 25999 is the BSI (British Standards Institute?s) standard for Business Continuity Management (BCM). The BS standard has two main parts. Which of the following properly defines one of these parts correctly? A. BS 25999-1:2006 Business Continuity Management Code of Practice?General guidance that provides principles, processes, and requirements for BCM. B. BS 25999-2:2007 Specification for Business Continuity Management?Specifies objective, regulatory requirements for executing, operating, and enhancing a BCM system. C. BS 25999-1:2006 Business Continuity Management Code of Practice?General specifications that provide principles, deadlines, and terminology for BCM. D. BS 25999-2:2007 Specification for Business Continuity Management?Specifies objective, auditable requirements for executing, operating, and enhancing a BCM system.

35. Use the following scenario to answer Questions 35–36. Zack is a security consultant who has been hired to help an accounting company improve some of their current e-mail security practices. The company wants to ensure that when their clients send the company accounting files and data, the clients cannot later deny sending these messages. The company also wants to integrate a more granular and secure authentication method for their current mail server and clients. Which of the following best describes how client messages can be dealt with and addresses the first issue outlined in the scenario? A. Company needs to integrate a public key infrastructure and the Diameter protocol. B. Clients must encrypt messages with their public key before sending them to the accounting company. C. Company needs to have all clients sign a formal document outlining nonrepudiation requirements. D. Client must digitally sign messages that contain financial information.

36. Use the following scenario to answer Questions 35–36. Zack is a security consultant who has been hired to help an accounting company improve some of their current e-mail security practices. The company wants to ensure that when their clients send the company accounting files and data, the clients cannot later deny sending these messages. The company also wants to integrate a more granular and secure authentication method for their current mail server and clients. Which of the following would be the best solution to integrate to meet the authentication requirements outlined in the scenario? A. TLS B. IPSec C. 802.1x D. SASL

37. Rennie needs to ensure that the BCP project will be successful. His manager has asked him to carry out a SWOT analysis to ensure that the defined objectives within the scope can be accomplished and to identify issues that could impede upon the necessary success and productivity required of the project as a whole. Which of the following is not considered to be a basic tenet of a SWOT analysis? A. Strengths: characteristics of the project team that give it an advantage over others B. Weaknesses: characteristics that place the team at a disadvantage relative to others C. Opportunities: elements that could contribute to the project?s success D. Trends: elements that could contribute to the project?s failure

38. A ___________________ is the amount of time it should take to recover from a disaster, and a ____________________ is the amount of data, measured in time, that can be lost and be tolerable from that same event. A. Recovery time objective, recovery point objective B. Recovery point objective, recovery time objective C. Maximum tolerable downtime, work recovery time D. Work recovery time, maximum tolerable downtime

39. Mary is playing around on her computer late at night and discovers a way to hack into a small company?s personnel files. She decides to take a look around, but does not steal any information. Is she still committing a crime even if she does not steal any of the information? A. No, since she does not steal any information, she is not committing a crime. B. Yes, she has gained unauthorized access. C. No, the system was easily hacked; therefore, entry is allowed. D. Yes, she could jeopardize the system without knowing it.

40. In the structure of Extensible Access Control Markup Language (XACML) a Subject element is the ______________, a Resource element is the ___________, and an Action element is the ___________. A. Requesting entity, requested entity, types of access B. Requested entity, requesting entity, types of access C. Requesting entity, requested entity, access control D. Requested entity, requesting entity, access control

41. The Mobile IP protocol allows location-independent routing of IP datagrams on the Internet. Each mobile node is identified by its ______________ disregarding its current location in the Internet. While away from its home network, a mobile node is associated with a ___________. A. Prime address, care-of address B. Home address, care-of address C. Home address, secondary address D. Prime address, secondary address

42. Instead of managing and maintaining many different types of security products and solutions, Joan wants to purchase a product that combines many technologies into one appliance. She would like to have centralized control, streamlined maintenance, and a reduction in stove pipe security solutions. Which of the following would best fit Joan?s needs? A. Dedicated appliance B. Centralized hybrid firewall applications C. Hybrid IDS\IPS integration D. Unified threat management

43. Why is it important to have a clearly defined incident-handling process in place? A. To avoid dealing with a computer and network threat in an ad hoc, reactive, and confusing manner B. In order to provide a quick reaction to a threat so that a company can return to normal operations as soon as possible C. In order to provide a uniform approach with certain expectations of the results D. All of the above

44. Which of the following is an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy and provides guidelines on the protection of privacy and transborder flows of personal data rules? A. Council of Global Convention on Cybercrime B. Council of Europe Convention on Cybercrime C. Organisation for Economic Co-operation and Development D. Organisation for Cybercrime Co-operation and Development

45. System ports allow different computers to communicate with each other?s services and protocols. Internet Corporation for Assigned Names and Numbers has assigned registered ports to be ____________________ and dynamic ports to be ____________. A. 0?1024, 49152?65535 B. 1024?49151, 49152?65535 C. 1024?49152, 49153?65535 D. 0?1024, 1025?49151

46. When conducting a quantitative risk analysis, items are gathered and assigned numeric values so that cost/benefit analysis can be carried out. Which of the following provides the correct formula to understand the value of a safeguard? A. (ALE before implementing safeguard) ? (ALE after implementing safeguard) ? (annual cost of safeguard) = value of safeguard to the company B. (ALE before implementing safeguard) ? (ALE during implementing safeguard) ? (annual cost of safeguard) = value of safeguard to the company C. (ALE before implementing safeguard) ? (ALE while implementing safeguard) ? (annual cost of safeguard) = value of safeguard to the company D. (ALE before implementing safeguard) ? (ALE after implementing safeguard) ? (annual cost of asset) = value of safeguard to the company

47. Patty is giving a presentation next week to the executive staff of her company. She wants to illustrate the benefits of the company using specific cloud computing solutions. Which of the following does not properly describe one of these benefits or advantages? i. Organizations have more flexibility and agility in IT growth and functionality. ii. Cost of computing can be increased since it is a shared delivery model. iii. Location independence can be achieved because the computing is not centralized and tied to a physical data center. iv. Applications and functionality can be more easily migrated from one physical server to another because environments are virtualized. v. Scalability and elasticity of resources can be accomplished in near realtime through automation. vi. Performance can increase as processing is shifted to available systems during peak loads. A. i B. ii C. iii D. v

48. Use the following scenario to answer Questions 48–49. Frank is the new manager over in-house software designers and programmers. He has been telling his team that before design and programming on a new product begins, a formal architecture needs to be developed. He also needs this team to understand security issues as they pertain to software design. Frank has shown the team how to follow a systematic approach, which allows them to understand how different compromises could take place with the software products they develop. Which of the following best describes what an architecture is in the context of this scenario? A. Tool used to conceptually understand the structure and behavior of a complex entity through different views B. Formal description and representation of a system and the components that make it up C. Framework used to create individual architectures with specific views D. Framework that is necessary to identify needs and meet all of the stakeholder requirements

49. Use the following scenario to answer Questions 48–49. Frank is the new manager over in-house software designers and programmers. He has been telling his team that before design and programming on a new product begins, a formal architecture needs to be developed. He also needs this team to understand security issues as they pertain to software design. Frank has shown the team how to follow a systematic approach, which allows them to understand how different compromises could take place with the software products they develop. Which of the following best describes the approach Frank has shown his team as outlined in the scenario? A. Attack surface analysis B. Threat modeling C. Penetration testing D. Double-blind penetration testing

50. Barry was told that the IDS product that is being used on the network has heuristic capabilities. Which of the following best describes this functionality? A. Gathers packets and reassembles the fragments before assigning anomaly values B. Gathers data to calculate the probability of an attack taking place C. Gathers packets and compares their payload values to a signature engine D. Gathers packet headers to determine if something suspicious is taking place within the network traffic

51. System assurance evaluations have gone through many phases. First, TCSEC was used, but it was considered too narrow. Next, ITSEC was developed to be flexible, but in the process became extremely complicated. Now, products are evaluated through the use of a new list of requirements. What is this list of requirements called? A. International Evaluation Criteria System B. Universal Evaluation Standards C. Common Criteria D. National Security Standards

52. Don is a senior manager of an architectural firm. He has just found out that a key contract was renewed, allowing the company to continue developing an operating system that was idle for several months. Excited to get started, Don begins work on the operating system privately, but cannot tell his staff until the news is announced publicly in a few days. However, as Don begins making changes in the software, various staff members notice changes in their connected systems, even though they work in a lower security level. What kind of model could be used to ensure this does not happen? A. Biba B. Bell-LaPadula C. Noninterference D. Clark-Wilson

53. Betty has received several e-mail messages from unknown sources that try and entice her to click a specific link using a ?Click Here? approach. Which of the following best describes what is most likely taking place in this situation? A. DNS pharming attack B. Embedded hyperlink is obfuscated C. Malware back-door installation D. Bidirectional injection attack

54. Rebecca is the network administrator of a large retail company. The company has Ethernet-based distributed networks throughout the northwest region of the United States. Her company would like to move to an Ethernet-based multipoint communication architecture that can run over their service provider?s IP/MPLS network. Which of the following would be the best solution for these requirements? A. Metro-Ethernet B. L2TP/IPSec C. Virtual Private LAN Services D. SONET

55. Which of the following multiplexing technologies analyzes statistics related to the typical workload of each input device and makes real-time decisions on how much time each device should be allocated for data transmission? A. Time-division multiplexing B. Wave-division multiplexing C. Frequency-division multiplexing D. Statistical time-division multiplexing

56. In a VoIP environment, the Real-time Transport Protocol (RTP) and RTP Control Protocol (RTCP) are commonly used. Which of the following best describes the difference between these two protocols? A. RTCP provides a standardized packet format for delivering audio and video over IP networks. RTP provides out-of-band statistics and control information to provide feedback on QoS levels. B. RTP provides a standardized packet format for delivering data over IP networks. RTCP provides control information to provide feedback on QoS levels. C. RTP provides a standardized packet format for delivering audio and video over MPLS networks. RTCP provides control information to provide feedback on QoS levels. D. RTP provides a standardized packet format for delivering audio and video over IP networks. RTCP provides out-of-band statistics and control information to provide feedback on QoS levels.

57. ISO/IEC 27031:2011 is an international standard for business continuity that organizations can follow. Which of the following is a correct characteristic of this standard? A. Guidelines for information and communications technology readiness for business continuity B. ISO/IEC standard that is a component of the overall BS 7999 series C. Standard that was developed by NIST and evolved to be an international standard D. Component of the Safe Harbor requirements

58. Fran is the CSO of a new grocery and retail store. Her company paid for a physical security consultant to assess their current controls and security program that is in place to ensure that the company is carrying out due care efforts. The security consultant told Fran that the areas in front of the stores need to have two foot-candle illumination. Which of the following best describes the consultant?s advice? A. Lights must be placed two feet apart. B. The area being lit must be illuminated two feet high and two feet out. C. This is an illumination metric used for lighting. D. Each lit area must be within two feet of the next lit area.

59. IPSec?s main protocols are AH and ESP. Which of the following services does AH provide? A. Confidentiality and authentication B. Confidentiality and availability C. Integrity and accessibility D. Integrity and authentication

60. When multiple databases exchange transactions, each database is updated. This can happen many times and in many different ways. To protect the integrity of the data, databases should incorporate a concept known as an ACID test. What does this acronym stand for? A. Availability, confidentiality, integrity, durability B. Availability, consistency, integrity, durability C. Atomicity, confidentiality, isolation, durability D. Atomicity, consistency, isolation, durability

61. Use the following scenario to answer Questions 61–62. Jim works for a power plant, and senior management just conducted a meeting with Jim’s team explaining that the upgrades that will be made to the surrounding power grid and its components will allow for better self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. The senior management also expressed concerns about the security of these changes. Which of the following best describes the changes the organization in the scenario will be moving forward with? A. Integrating natural gas production with their current coal activities B. Integrating a smart grid C. Integrating the power grid with the existing SONET rings D. Integrating authentication technologies into power metering devices

62. Use the following scenario to answer Questions 61–62. Jim works for a power plant, and senior management just conducted a meeting with Jim’s team explaining that the upgrades that will be made to the surrounding power grid and its components will allow for better self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. The senior management also expressed concerns about the security of these changes. Which of the following best describes the security concerns addressed in this scenario? A. Allows for direct attacks through Ethernet over Power B. Increased embedded software and computing capabilities C. Does not have proper protection against common web-based attacks D. Power fluctuation and outages directly affect computing systems

63. Henry is the team leader of a group of software designers. They are at a stage in their software development project where they need to reduce the amount of code running, reduce entry points available to untrusted users, reduce privilege levels as much as possible, and eliminate unnecessary services. Which of the following best describes the first step they need to carry out to accomplish these tasks? A. Attack surface analysis B. Software development life cycle C. Risk assessment D. Unit testing

64. Jenny needs to engage a new software development company to create her company?s internal banking software. It will need to be created specifically for her company?s environment, so it must be proprietary in nature. Which of the following would be useful for Jenny to use as a gauge to determine how advanced and mature the various software development companies are in their processes? A. SaS 70 B. Capability Maturity Model Integration level C. Auditing results D. Key performance metrics

65. Which of the following is a representation of the logical relationship between elements of data and dictates the degree of association among elements, methods of access, processing alternatives, and the organization of data elements? A. Data element B. Array C. Secular component D. Data structure

66. Kerberos is a commonly used access control and authentication technology. It is important to understand what the technology can and cannot do and its potential downfalls. Which of the following is not a potential security issue that must be addressed when using Kerberos? i. The KDC can be a single point of failure. ii. The KDC must be scalable. iii. Secret keys are temporarily stored on the users? workstations. iv. Kerberos is vulnerable to password guessing. A. i, iv B. iii C. All of them D. None of them

67. If the ALE for a specific asset is $100,000, and after implementation of the control the new ALE is $45,000 and the annual cost of the control is $30,000, should the company implement this control? A. Yes B. No C. Not enough information D. It depends on the ARO

68. ISO/IEC 27000 is a growing family of ISO/IEC Information Security Management Systems (ISMS) standards. It comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following provides an incorrect mapping of the individual standards that make up this family of standards? A. ISO/IEC 27002 Code of practice for information security management. B. ISO/IEC 27003 Guideline for ISMS implementation. C. ISO/IEC 27004 Guideline for information security management measurement and metrics framework. D. ISO/IEC 27005 Guideline for bodies providing audit and certification of information security management systems.

69. When a CPU is passed an instruction set and data to be processed and the program status word (PSW) register contains a value indicating that execution should take place in privileged mode, which of the following would be considered true? A. Operating system is executing in supervisory mode B. Request came from a trusted process C. Functionality that is available in user mode is not available D. An untrusted process submitted the execution request

70. Encryption and decryption can take place at different layers of an operating system, application, and network stack. End-to-end encryption happens within the _______. SSL encryption takes place at the _________ layer. PPTP encryption takes place at the ______ layer. Link encryption takes place at the _________ and ___________ layers. A. Applications, network, data link, data link and physical B. Applications, transport, network, data link and physical C. Applications, transport, data link, data link and physical D. Network, transport, data link, data link and physical

71. Which of the following best describes the difference between hierarchical storage management (HSM) and storage area network (SAN) technologies? A. HSM uses optical or tape jukeboxes, and SAN is a network of connected storage systems. B. SAN uses optical or tape jukeboxes, and HSM is a network of connected storage systems. C. HSM and SAN are one and the same. The difference is in the implementation. D. HSM uses optical or tape jukeboxes, and SAN is a standard of how to develop and implement this technology.

72. The Anticybersquatting Consumer Protection Act (ACPA) was enacted to protect which type of intellectual property? A. Trade secrets B. Copyrights C. Trademarks D. Patents

73. The International Organization on Computer Evidence (IOCE) was appointed to draw up international principles for procedures relating to what type of evidence? A. Information evidence B. Digital evidence C. Conclusive evidence D. Real evidence

74. A fraud analyst with a national insurance company uses database tools every day to help identify violations and identify relationships between the captured data through the uses of rule discovery. These tools help identify relationships among a wide variety of information types. What kind of knowledge discovery in database (KDD) is this considered? A. Probability B. Statistical C. Classification D. Behavioral

75. Which of the following is an XML-based protocol that defines the schema of how web service communication takes place over HTTP transmissions? A. Service-Oriented Protocol B. Active X Protocol C. Simple Object Access Protocol D. JVEE

76. Which of the following has an incorrect definition mapping? i. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Team-oriented approach that assesses organizational and IT risks through facilitated workshops. ii. AS/NZS 4360 Australia and New Zealand business risk management assessment approach. iii. ISO/IEC 27005 International standard for the implementation of a risk management program that integrates into an information security management system (ISMS). iv. Failure Modes and Effect Analysis Approach that dissects a component into its basic functions to identify flaws and those flaws? effects. v. Fault tree analysis Approach to map specific flaws to root causes in complex systems. A. None of them B. ii C. iii, iv D. v

77. For an enterprise security architecture to be successful in its development and implementation, which of the following items must be understood and followed? i. Strategic alignment ii. Process enhancement iii. Business enablement iv. Security effectiveness A. i, ii B. ii, iii C. i, ii, iii, iv D. iii, iv

78. Which of the following best describes the purpose of the Organisation for Economic Co-operation and Development (OECD)? A. An international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. B. A national organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. C. An international organization that helps different organizations come together and tackle the economic, social, and governance challenges of a globalized economy. D. A national organization that helps different organizations come together and tackle the economic, social, and governance challenges of a globalized economy.

79. There are many enterprise architecture models that have been developed over the years for specific purposes. Some of them can be used to provide structure for information security processes and technology to be integrated throughout an organization. Which of the following provides an incorrect mapping between the architect types and the associated definitions? A. Zachman framework Model and methodology for the development of information security enterprise architectures. B. TOGAF Model and methodology for the development of enterprise architectures developed by The Open Group. C. DoDAF U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals. D. MODAF Architecture framework used mainly in military support missions developed by the British Ministry of Defence.

80. Which of the following best describes the difference between the role of the ISO/IEC 27000 series and CobiT? A. The CobiT provides a high-level overview of security program requirements, while the ISO/IEC 27000 series provides the objectives of the individual security controls. B. The ISO/IEC 27000 series provides a high-level overview of security program requirements, while CobiT provides the objectives of the individual security controls. C. CobiT is process oriented, and the ISO/IEC standard is solution oriented. D. The ISO/IEC standard is process oriented, and CobiT is solution oriented.

81. The Capability Maturity Model Integration (CMMI) approach is being used more frequently in security program and enterprise development. Which of the following provides an incorrect characteristic of this model? A. A model that provides a pathway for how incremental improvement can take place. B. Provides structured steps that can be followed so an organization can evolve from one level to the next and constantly improve its processes. C. It was created for process improvement and developed by Carnegie Mellon. D. It was built upon the SABSA model.

82. If Joe wanted to use a risk assessment methodology that allows the various business owners to identify risks and know how to deal with them, what methodology would he use? A. Qualitative B. COSO C. FRAP D. OCTAVE

83. Information security is a field that is maturing and becoming more organized and standardized. Organizational security models should be based upon a formal architecture framework. Which of the following best describes what a formal architecture framework is and why it would be used? A. Mathematical model that defines the secure states that various software components can enter and still provide the necessary protection. B. Conceptual model that is organized into multiple views addressing each of the stakeholder?s concerns. C. Business enterprise framework that is broken down into six conceptual levels to ensure security is deployed and managed in a controllable manner. D. Enterprise framework that allows for proper security governance.

84. Which of the following provides a true characteristic of a fault tree analysis? A. Fault trees are assigned qualitative values to faults that can take place over a series of business processes. B. Fault trees are assigned failure mode values. C. Fault trees are labeled with actual numbers pertaining to failure probabilities. D. Fault trees are used in a stepwise approach to software debugging.

85. Several models and frameworks have been developed by different organizations over the years to help businesses carry out processes in a more efficient and effective manner. Which of the following provides the correct definition mapping of one of these items? i. COSO A framework and methodology for Enterprise Security Architecture and Service Management. ii. ITIL Processes to allow for IT service management developed by the United Kingdom?s Office of Government Commerce. iii. Six Sigma Business management strategy that can be used to carry out process improvement. iv. Capability Maturity Model Integration (CMMI) Organizational development for process improvement developed by Carnegie Mellon. A. i B. i, iii C. ii, iv D. ii, iii, iv

86. It is important that organizations ensure that their security efforts are effective and measurable. Which of the following is not a common method used to track the effectiveness of security efforts? A. Service level agreement B. Return on investment C. Balanced scorecard system D. Provisioning system

87. Capability Maturity Model Integration (CMMI) is a process improvement approach that is used to help organizations improve their performance. The CMMI model may also be used as a framework for appraising the process maturity of the organization. Which of the following is an incorrect mapping of the levels that may be assigned to an organization based upon this model? i. Maturity Level 2 ? Managed ii. Maturity Level 3 ? Defined iii. Maturity Level 4 ? Quantitatively Managed iv. Maturity Level 5 ? Optimizing A. i B. i, ii C. All of them D. None of them

88. An organization?s information risk management policy should address many items to provide clear direction and structure. Which of the following is not a core item that should be covered in this type of policy? i. The objectives of the IRM team ii. The level of risk the organization will accept and what is considered an acceptable level of risk iii. Formal processes of risk identification iv. The connection between the IRM policy and the organization?s strategic planning processes v. Responsibilities that fall under IRM and the roles to fulfill them vi. The mapping of risk to specific physical controls vii. The approach toward changing staff behaviors and resource allocation in response to risk analysis viii. The mapping of risks to performance targets and budgets ix. Key indicators to monitor the effectiveness of controls A. ii, v, ix B. vi C. v D. vii, ix

89. More organizations are outsourcing business functions to allow them to focus on their core business functions. Companies use hosting companies to maintain websites and e-mail servers, service providers for various telecommunication connections, disaster recovery companies for co-location capabilities, cloud computing providers for infrastructure or application services, developers for software creation, and security companies to carry out vulnerability management. Which of the following items should be included during the analysis of an outsourced partner or vendor? i. Conduct onsite inspection and interviews ii. Review contracts to ensure security and protection levels are agreed upon iii. Ensure service level agreements are in place iv. Review internal and external audit reports and third-party reviews v. Review references and communicate with former and existing customers vi. Review Better Business Bureau reports A. ii, iii, iv B. iv, v, vi C. All of them D. i, ii, iii

90. Privacy has become a very important component of information security over the last few years. Organizations should carry out security and privacy impact assessments to evaluate their processes. Which of the following contains an incorrect characteristic or definition of a privacy impact assessment? i. An analysis of how information is handled to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy. ii. An analysis of how information is handled to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system. iii. An analysis of how information is handled to examine and evaluate protections and alternative processes for handling information to increase potential privacy risks. A. None of them B. ii, iii C. i, ii D. iii

91. A financial institution has developed their internal security program based upon the ISO/IEC 27000 series. The security officer has been told that metrics need to be developed and integrated into this program so that effectiveness can be gauged. Which of the following standards should be followed to provide this type of guidance and functionality? A. ISO/IEC 27002 B. ISO/IEC 27003 C. ISO/IEC 27004 D. ISO/IEC 27005

92. Which of the following is not a requirement for a database based on the X.500 standard? A. The directory has a tree structure to organize the entries using a parent-child configuration. B. Each entry has the same name made up of attributes of a specific object. C. The attributes used in the directory are dictated by the defined schema. D. The unique identifiers are called distinguished names.

93. Sue has been asked to install a web access management (WAM) product for her company?s environment. What is the best description for what WAMs are commonly used for? A. Control external entities requesting access to internal objects B. Control internal entities requesting access to external objects C. Control external entities requesting access through X.500 databases D. Control internal entities requesting access through X.500 databases

94. A user?s digital identity is commonly made up of more than just a user name. Which of the following is not a common item that makes up a user?s identity? A. Entitlements B. Traits C. Figures D. Attributes

95. Which of the following is a true statement pertaining to markup languages? A. HyperText Markup Language (HTML) came from Generalized Markup Language (GML), which came from the Standard Generalized Markup Language (SGML). B. HyperText Markup Language (HTML) came from Standard Generalized Markup Language (SGML), which came from the Generalized Markup Language (GML). C. Standard Generalized Markup Language (SGML) came from the HyperText Markup Language (HTML), which came from the Generalized Markup Language (GML). D. Standard Generalized Markup Language (SGML) came from the Generalized Markup Language (GML), which came from the HyperText Markup Language (HTML).

96. What is Extensible Markup Language (XML) and why was it created? A. A specification that is used to create various types of markup languages for specific industry requirements B. A specification that is used to create static and dynamic websites C. A specification that outlines a detailed markup language dictating all formats of all companies that use it D. A specification that does not allow for interoperability for the sake of security

97. Which access control policy is enforced in an environment that uses containers and implicit permission inheritance using a nondiscretionary model? A. Rule-based B. Role-based C. Identity-based D. Mandatory

98. Which of the following centralized access control protocols would a security professional choose if her network consisted of multiple protocols, including Mobile IP, and had users connecting via wireless and wired transmissions? A. RADIUS B. TACACS+ C. Diameter D. Kerberos

99. Jay is the security administrator at a credit card processing company. The company has many identity stores, which are not properly synchronized. Jay is going to oversee the process of centralizing and synchronizing the identity data within the company. He has determined that the data in the HR database will be considered the most up-to-date data, which cannot be overwritten by the software in other identity stores during their synchronization processes. Which of the following best describes the role of this database in the identity management structure of the company? A. Authoritative system of record B. Infrastructure source server C. Primary identity store D. Hierarchical database primary

100. Proper access control requires a structured user provisioning process. Which of the following best describes user provisioning? A. The creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. B. The creation, maintenance, activation, and delegation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to compliance processes. C. The maintenance of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. D. The creation and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes.

101. A user?s identity can be a collection of her _________ (department, role in company, shift time, clearance); her __________ (resources available to her, authoritative rights in the company); and her ________ (biometric information, height, sex,). A. Attributes, access, traits B. Attributes, entitlements, access C. Attributes, characteristics, traits D. Attributes, entitlements, traits

102. John needs to ensure that his company?s application can accept provisioning data from their partner?s application in a standardized method. Which of the following best describes the technology that John should implement? A. Service Provisioning Markup Language B. Extensible Provisioning Markup Language C. Security Assertion Markup Language D. Security Provisioning Markup Language

103. Lynn logs into a website and purchases an airline ticket for her upcoming trip. The website also offers her pricing and package deals for hotel rooms and rental cars while she is completing her purchase. The airline, hotel, and rental companies are all separate and individual companies. Lynn decides to purchase her hotel room through the same website at the same time. The website is using Security Assertion Markup Language to allow for this type of federated identity management functionality. In this example which entity is the principal, which entity is the identity provider, and which entity is the service provider? A. Portal, Lynn, hotel company B. Lynn, airline company, hotel company C. Lynn, hotel company, airline company D. Portal, Lynn, airline company

104. John is the new director of software development within his company. Several proprietary applications offer individual services to the employees, but the employees have to log into each and every application independently to gain access to these discrete services. John would like to provide a way that allows each of the services provided by the various applications to be centrally accessed and controlled. Which of the following best describes the architecture that John should deploy? A. Service-oriented architecture B. Web services architecture C. Single sign-on architecture D. Hierarchical service architecture

105. Which security model enforces the principle that the security levels of an object should never change and is known as the ?strong tranquility? property? A. Biba B. Bell-LaPadula C. Brewer-Nash D. Noninterference

106. In the system design phase, system requirement specifications are gathered and a modeling language is used. Which of the following best describes what a modeling language is and what it is used for? A. A modeling language is commonly mathematical to allow for the verification of the system components. It is used to understand what the components need to accomplish individually and when they work together. B. A modeling language is commonly graphical to allow for threat modeling to be accomplished through the understanding of system components. It is used to understand what the components need to accomplish individually and when they work together. C. A modeling language is commonly graphical to allow for a system architecture to be built. D. A modeling language is commonly graphical to allow for visualization of the system components. It is used to understand what the components need to accomplish individually and when they work together.

107. There is a specific terminology taxonomy used in the discipline of formal architecture framework development and implementation. Which of the following terms has an incorrect definition? i. Architecture Fundamental organization of a system embodied in its components, their relationships to each other and to the environment, and the principles guiding its design and evolution. ii. Architectural description (AD) Representation of a whole system from the perspective of a related set of concerns. iii. Stakeholder Individual, team, or organization (or classes thereof) with interests in, or concerns relative to, a system. iv. View Collection of document types to convey an architecture in a formal manner. v. Viewpoint A specification of the conventions for constructing and using a view. A template from which to develop individual views by establishing the purposes and audience for a view and the techniques for its creation and analysis. A. i, iii B. ii, iv C. iv, v D. ii

108. Operating systems may not work on systems with specific processors. Which of the following best describes why one operating system may work on a Pentium Pro processor but not on an AMD processor? A. The operating system was not developed to work within the architecture of a specific processor and cannot use that specific processor instruction set. B. The operating system was developed before the new processor architecture was released, thus it is not backwards compatible. C. The operating system is programmed to use a different instruction set. D. The operating system is platform dependent, thus it can only work on one specific processor family.

109. Which of the following best describes how an address and a data bus are used for instruction execution? A. CPU sends a ?fetch? request on the data bus, and the data residing at the requested address are returned on the address bus. B. CPU sends a ?get? request on the address bus, and the data residing at the requested address are returned on the data bus. C. CPU sends a ?fetch? request on the address bus, and the data residing at the requested address are returned on the data bus. D. CPU sends a ?get? request on the data bus, and the data residing at the requested address are returned on the address bus.

110. An operating system has many different constructs to keep all of the different execution components in the necessary synchronization. One construct the operating system maintains is a process table. Which of the following best describes the role of a process table within an operating system? A. The table contains information about each process that the CPU uses during the execution of the individual processes? instructions. B. The table contains memory boundary addresses to ensure that processes do not corrupt each other?s data. C. The table contains condition bits that the CPU uses during state transitions. D. The table contains I/O and memory addresses.

111. Hanna is a security manager of a company that relies heavily on one specific operating system. The operating system is used in the employee workstations and is embedded within devices that support the automated production line software. She has uncovered that the operating system has a vulnerability that could allow an attacker to force applications to not release memory segments after execution. Which of the following best describes the type of threat this vulnerability introduces? A. Injection attacks B. Memory corruption C. Denial of service D. Software locking

112. Which of the following architecture frameworks has a focus on command, control, communications, computers, intelligence, surveillance, and reconnaissance systems and processes? A. DoDAF B. TOGAF C. CMMI D. MODAF

113. Many operating systems implement address space layout randomization (ASLR). Which of the following best describes this type of technology? A. Randomly arranging memory address values B. Restricting the types of processes that can execute instructions in privileged mode C. Running privileged instructions in virtual machines D. Randomizing return pointer values

114. A company needs to implement a CCTV system that will monitor a large area of the facility. Which of the following is the correct lens combination for this? A. A wide-angle lens and a small lens opening B. A wide-angle lens and a large lens opening C. A wide-angle lens and a large lens opening with a small focal length D. A wide-angle lens and a large lens opening with a large focal length

115. What is the name of a water sprinkler system that keeps pipes empty and doesn?t release water until a certain temperature is met and a ?delay mechanism? is instituted? A. Wet B. Preaction C. Delayed D. Dry

116. There are different types of fire suppression systems. Which of the following answers best describes the difference between a deluge and a preaction system? A. A deluge system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A preaction system provides similar functionality but has wide open sprinkler heads that allow a lot of water to be dispersed quickly. B. A preaction system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system has wide open sprinkler heads that allow a lot of water to be dispersed quickly. C. A dry pipe system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system has wide open sprinkler heads that allow a lot of water to be dispersed quickly. D. A preaction system provides a delaying mechanism that allows someone to deactivate the system in case of a false alarm or if the fire can be extinguished by other means. A deluge system provides similar functionality but has wide open sprinkler heads that allow a lot of water to be dispersed quickly.

117. Which of the following best describes why a Crime Prevention Through Environmental Design (CPTED) would integrate block parties and civic meetings? A. These activities are designed to get people to work together to increase the overall crime and criminal behavior in the area. B. These activities are designed to get corporations to work together to increase the overall awareness of acceptable and unacceptable activities in the area. C. These activities are designed to get people to work together to increase the three strategies of this design model. D. These activities are designed to get people to work together to increase the overall awareness of acceptable and unacceptable activities in the area.

118. Which of the following frameworks is a two-dimensional model that uses six basic communication interrogatives intersecting with different viewpoints to give a holistic understanding of the enterprise? A. SABSA B. TOGAF C. CMMI D. Zachman

119. Not every data transmission incorporates the session layer. Which of the following best describes the functionality of the session layer? A. End-to-end data transmission B. Application client/server communication mechanism in a distributed environment C. Application-to-computer physical communication D. Provides application with the proper syntax for transmission

120. What is the purpose of the Logical Link Control (LLC) layer in the OSI model? A. Provides a standard interface for the network layer protocol B. Provides the framing functionality of the data link layer C. Provides addressing of the packet during encapsulation D. Provides the functionality of converting bits into electrical signals

121. Which of the following best describes why classless interdomain routing (CIDR) was created? A. To allow IPv6 traffic to tunnel through IPv4 networks B. To allow IPSec to be integrated into IPv4 traffic C. To allow an address class size to meet an organization?s need D. To allow IPv6 to tunnel IPSec traffic

122. John is a security engineer at a company that develops highly confidential products for various government agencies. While his company has VPNs set up to protect traffic that travels over the Internet and other nontrusted networks, he knows that internal traffic should also be protected. Which of the following is the best type of approach John's company should take? A. Implement a data link technology that provides 802.1AE security functionality. B. Implement a network-level technology that provides 802.1AE security functionality. C. Implement SSL over L2TP. D. Implement IPSec over L2TP.

123. IEEE ________ provides a unique ID for a device. IEEE _________ provides data encryption, integrity, and origin authentication functionality. IEEE ________ carries out key agreement functions for the session keys used for data encryption. Each of these standards provides specific parameters to work within an IEEE ________ framework. A. 802.1AF, 802.1AE, 802.1AR, 802.1X EAP-TLS B. 802.1AT, 802.1AE, 802.1AM, 802.1X EAP-SSL C. 802.1AR, 802.1AE, 802.1AF, 802.1X EAP-SSL D. 802.1AR, 802.1AE, 802.1AF, 802.1X EAP-TLS

124. Bob has noticed that one of the network switches has been acting strangely over the last week. Bob installed a network protocol analyzer to monitor the traffic going to the specific switch. He has identified UDP traffic coming from an outside source using the destination port 161. Which of the following best describes what is most likely taking place? A. Attacker is modifying the switch SNMP MIB. B. Attacker is carrying out a selective DoS attack. C. Attacker is manipulating the ARP cache. D. Attacker is carrying out an injection attack.

125. Larry is a seasoned security professional and knows the potential dangers associated with using an ISP?s DNS server for Internet connectivity. When Larry stays at a hotel or uses his laptop in any type of environment he does not fully trust, he updates values in his HOSTS file. Which of the following best describes why Larry carries out this type of task? A. Reduces the risk of an attacker sending his system a corrupt ARP address which points his system to a malicious website. B. Ensures his host-based IDS is properly updated. C. Reduces the risk of an attacker sending his system an incorrect IP address to host mapping that points his system to a malicious website. D. Ensures his network-based IDS is properly synchronized with his host-based IDS.

126. John has uncovered a rogue system on the company network that emulates a switch. The software on this system is being used by an attacker to modify frame tag values. Which of the following best describes the type of attack that has most likely been taking place? A. DHCP snooping B. VLAN hopping C. Network traffic shaping D. Network traffic hopping

127. Frank is a new security manager for a large financial institution. He has been told that the organization needs to reduce the total cost of ownership for many components of the network and infrastructure. The organization currently maintains many distributed networks, software packages, and applications. Which of the following best describes the cloud services that are most likely provided by service providers for Frank to choose from? A. Infrastructure as a Service provides an environment similar to an operating system, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality. B. Infrastructure as a Service provides an environment similar to a data center, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality. C. Infrastructure as a Service provides an environment similar to a data center, Platform as a Service provides application-based functionality, and Software as a Service provides specific operating system functionality. D. Infrastructure as a Service provides an environment similar to a database, Platform as a Service provides operating systems and other major processing platforms, and Software as a Service provides specific application-based functionality.

128. Terry is told by his boss that he needs to implement a networked-switched infrastructure that allows several systems to be connected to any storage device. What does Terry need to roll out? A. Electronic vaulting B. Hierarchical storage management C. Storage area network D. Remote journaling

129. On a Tuesday morning, Jami is summoned to the office of the security director where she finds six of her peers from other departments. The security director gives them instructions about an event that will be taking place in two weeks. Each of the individuals will be responsible for removing specific systems from the facility, bringing them to the offsite facility, and implementing them. Each individual will need to test the installed systems and ensure the configurations are correct for production activities. What event is Jami about to take part in? A. Parallel test B. Full-interruption test C. Simulation test D. Structured walk-through test

130. While DRP and BCP are directed at the development of ?plans,? ______________ is the holistic management process that should cover both of them. It provides a framework for integrating resilience with the capability for effective responses that protects the interests of the organization's key stakeholders. A. Continuity of operations B. Business continuity management C. Risk management D. Enterprise management architecture

131. The ?Safe Harbor? privacy framework was created to: A. Ensure that personal information should be collected only for a stated purpose by lawful and fair means and with the knowledge or consent of the subject B. Provide a streamlined means for U.S. organizations to comply with European privacy laws C. Require the federal government to release to citizens the procedures for how records are collected, maintained, used, and distributed D. None of the above

132. The European Union?s Directive on Data Protection forbids the transfer of individually identifiable information to a country outside the EU, unless: A. The receiving country grants individuals adequate privacy protection. B. The receiving country pays a fee to the EU. C. There are no exceptions; no information is ever transferred. D. The receiving country is a member of the Fair Trade Organization.

133. The main goal of the Wassenaar Arrangement is to prevent the buildup of military capabilities that could threaten regional and international security and stability. How does this relate to technology? A. Cryptography is a dual-use tool. B. Technology is used in weaponry systems. C. Military actions directly relate to critical infrastructure systems. D. Critical infrastructure systems can be at risk under this agreement.

134. Which world legal system of law is used in continental European countries, such as France and Spain, and is rule-based law, not precedence based? A. Civil (code) law system B. Common law system C. Customary law system D. Mixed law system

135. Which of the following is not a correct characteristic of the Failure Modes and Effect Analysis (FMEA) method? A. Determining functions and identifying functional failures B. Assessing the causes of failure and their failure effects through a structured process C. Structured process carried out by an identified team to address high-level security compromises D. Identify where something is most likely going to break and either fix the flaws that could cause this issue or implement controls to reduce the impact of the break

136. A risk analysis can be carried out through qualitative or quantitative means. It is important to choose the right approach to meet the organization?s goals. In a quantitative analysis, which of the following items would not be assigned a numeric value? i. Asset value ii. Threat frequency iii. Severity of vulnerability iv. Impact damage v. Safeguard costs vi. Safeguard effectiveness vii. Probability A. All of them B. None of them C. ii D. vii

137. Uncovering restricted information by using permissible data is referred to as __________. A. Inference B. Data mining C. Perturbation D. Cell suppression

138. Tim wants to deploy a server-side scripting language on his company?s web server that will allow him to provide common code that will be used throughout the site in a uniform manner. Which of the following best describes this type of technology? A. Sandbox B. Server-side includes C. Cross-site scripting D. Java applets

139. An attacker can modify the client-side JavaScript that provides structured layout and HTML representation. This commonly takes place through form fields within compromised web servers. Which of the following best describes this type of attack? A. Injection attack B. DOM-based XSS C. Persistent XSS D. Session hijacking

140. CobiT and COSO can be used together, but have different goals and focuses. Which of the following is incorrect as it pertains to these two models? i. COSO is a model for corporate governance, and CobiT is a model for IT governance. ii. COSO deals more at the strategic level, while CobiT focuses more at the operational level. iii. CobiT is a way to meet many of the COSO objectives, but only from the IT perspective. iv. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. A. None B. All C. i, ii D. ii, iii

141. Use the following scenario to answer Questions 141–142. Ron is in charge of updating his company’s business continuity and disaster recovery plans and processes. After a business impact analysis his team has told him that if the company’s e-commerce payment gateway was unable to process payments for 24 hours or more, this could drastically affect the survivability of the company. The analysis indicates that after an outage the payment gateway and payment processing should be restored within 13 hours. Ron’s team needs to integrate solutions that provide redundancy, fault tolerance, and failover capability. In the scenario, what does the 24-hour time period represent and what does the 13-hour time period represent? A. Maximum tolerable downtime, recovery time objective B. Recovery time objective, maximum tolerable downtime C. Maximum tolerable downtime, recovery data period D. Recovery time objective, data recovery period

142. Use the following scenario to answer Questions 141–142. Ron is in charge of updating his company’s business continuity and disaster recovery plans and processes. After a business impact analysis his team has told him that if the company’s e-commerce payment gateway was unable to process payments for 24 hours or more, this could drastically affect the survivability of the company. The analysis indicates that after an outage the payment gateway and payment processing should be restored within 13 hours. Ron’s team needs to integrate solutions that provide redundancy, fault tolerance, and failover capability. Which of the following best describes the type of solution Ron's team needs to implement? A. RAID and clustering B. Storage area networks C. High availability D. Grid computing and clustering