Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

PJWSTK BSI > BSI_question_answer_only.csv - BSI_question_answer_only.csv > Flashcards

BSI_question_answer_only.csv - BSI_question_answer_only.csv Flashcards

1
Q

A risk is the likelihood of a threat source taking advantage of a vulnerability to an information system. Risks left over after implementing safeguards is known as:

A

Residual risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Copyright provides what form of protection:

A

Protects the right of an author to prevent unauthorized use of his/her works.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

As an information systems security professional, what is the highest amount would you recommend to a corporation to invest annually on a countermeasure for protecting their assets valued at $1 million from a potential threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 10% :

A

$20,000.00

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following describes the first step in establishing an encrypted session using a Data Encryption Standard (DES) key?

A

Key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In a typical information security program, what is the primary responsibility of information (data) owner?

A

Determine the information sensitivity or classification level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following is not a component of “chain of evidence”:

A

Identification of person who left the evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When an employee transfers within an organization …

A

All access permission should be reviewed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A system security engineer is evaluation methods to store user passwords in an information system, so what may be the best method to store user passwords and meeting the confidentiality security objective?

A

One-way encrypted file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the inverse of confidentiality, integrity, and availability (C.I.A.) triad in risk management?

A

disclosure, alteration, destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A CISSP may face with an ethical conflict between their company’s policies and the (ISC)2 Code of Ethics. According to the (ISC)2 Code of Ethics, in which order of priority should ethical conflicts be resolved?

A

Duty to public safety, principals, individuals, and profession.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Company X is planning to implement rule based access control mechanism for controlling access to its information assets, what type of access control is this usually related to?

A

Discretionary Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

In the Common Criteria Evaluation and Validation Scheme (CCEVS), requirements for future products are defined by:

A

Protection Profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

As an information systems security manager (ISSM), how would you explain the purpose for a system security policy?

A

A brief, high-level statement defining what is and is not permitted during the operation of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Configuration management provides assurance that changes…?

A

do not adversely affect implementation of the security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Under what circumstance might a certification authority (CA) revoke a certificate?

A

The certificate owner’ private key has been compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following entity is ultimately responsible for information security within an organization?

A

Senior Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What type of cryptanalytic attack where an adversary has the least amount of information to work with?

A

Ciphertext-only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

In business continuity planning, which of the following is an advantage of a “hot site” over a “cold site”

A

A&C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which of the following is the most effective method for reducing security risks associated with building entrances?

A

Minimize the number of entrances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

All of the following methods ensure the stored data are unreadable except…?

A

removing the volume header information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Prior to installation of an intrusion prevention system (IPS), a network engineer would place a packet sniffer on the network, what is the purpose for using a packet sniffer?

A

It monitors network traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What determines the assignment of data classifications in a mandatory access control(MAC) philosophy?

A

The organization’s published security policy for data classification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A type cryptographic attack where it is based on the probability of two different messages using the same hash function to produce the same message digest is?

A

Birthday attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

An access control system that grants users only those rights necessary for them to perform their work is operating on which security principle?

A

Least Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which of the following is the primary goal of a security awareness program?

A

It provides a clear understanding of potential risk and exposure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following evidence collection method is most likely accepted in a court case?

A

Provide a mirror image of the hard drive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following characteristics is not of a good stream cipher?

A

Statistically predictable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

When a security administrator wants to conduct regular test on the strength of user passwords, what may be the best setup for this test?

A

A standalone workstation with Rainbow table and a copied password database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

When engaging an external contractor for a software development project, source code escrow can be used to protect against…?

A

vendor bankruptcy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Which answer lists the proper steps required to develop a disaster recovery andbusiness continuity plan (DRP/BCP)?

A

Project initiation, business impact analysis, strategy development, plan development, testing, maintenance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Which of the followings is an example of simple substitution algorithm?

A

Caesar cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

An information security program should include the following elements:

A

Security policy implementation, assignment of roles and responsibilities, and

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following refers to a series of characters used to verify a user’s identity?

A

Password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which e-mail standard relies on “Web of Trust”?

A

Pretty Good Privacy (PGP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Security of an automated information system is most effective and economical if the system is…?

A

designed originally to meet the information protection needs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Act of obtaining information of a higher level of sensitivity by combining information from lower level of sensitivity is called?

A

Aggregation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following virus types changes its characteristics as it spreads?

A

Polymorphic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

It is important that information about an ongoing computer crime investigation be…?

A

limited to as few people as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Which answer is not true for Diffie-Hellman algorithm?

A

Security stems from the difficulty of calculating the product of two large prime numbers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

After signing out a laptop computer from the company loaner pool, you discovered there is a memorandum stored in the loaner laptop written to a competitor containing sensitive information about a new product your company is about to release. Based on the (ISC)² Code of Ethics, what is the first action you should take?

A

Immediately inform your company’s management of your findings and its potential ramifications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Job rotation…?

A

requires that more than one person fulfill the tasks of one position within the company, thereby providing both backup and redundancy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Which of the following is the least important information to record when logging a security violation?

A

User’s name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Which of the following mechanism is used to achieve non-repudiation of a message delivery?

A

Sender gets a digitally signed acknowledgment from the recipient containing a copy or digest of the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is the trusted registry that guarantees the authenticity of client and server public keys?

A

Certification authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

The concept that all accesses must be mediated, protected from unauthorized modification, and verifiable as correct is implemented through what?

A

A security kernel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

For what reason would a network administrator leverages promiscuous mode on a network interface?

A

To monitor the network to gain a complete statistical picture of activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which has the flag used for a TCP 3-way handshake?

A

Syn ->: Syn-Ack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

During a disaster or emergency, how does a closed-circuit television (CCTV) help management and security to minimize loss?

A

It helps the management to direct resources to the hardest hit area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

The goal of cryptanalysis is to…?

A

forge coded signals that will be accepted as authentic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Which one of the followings cannot be identified by a business impact analysis(BIA)?

A

Determining team members associated with disaster planning.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

The three primary methods for authenticating users to a system or network are…?

A

passwords, tokens, and biometrics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Pretty Good Privacy (PGP) provides…?

A

confidentiality, integrity, and authenticity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Which of the following can be identified when exceptions occur using operations security detective controls?

A

Authorized operations people performing unauthorized functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

When downloading software from Internet, why do vendors publish MD5 hash values when they provide software to customers?

A

Recipients can verify the software’s integrity after downloading.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

From a legal perspective, which rule must be addressed when investigating a computer crime?

A

Evidence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Before powering off a computer system, a computer crime investigator should record contents of the monitor and…?

A

dump the memory contents to a disk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Which of the following transaction processing properties ensures once a transaction completes successfully (commits), the updates survive even if there is a system failure?

A

Durability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which of the following is not a symmetric key algorithm?

A

RSA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

A security planning process must defines: how security will be managed, who will be responsible, and…?

A

what practices are reasonable and prudent for the enterprise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

A security policy provides a way to…?

A

identify and clarify security goals and objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Which of the following feature does a digital signature provide?

A

It identifies the source and verifies the integrity of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Computer security is generally considered to be the responsibility of…?

A

everyone in the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

The practice of embedding a message in a document, image, video or sound recording so that its very existence is hidden is called?

A

Steganography.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What characteristic of Digital Encryption Standard (DES) used in Electronic Code Book (ECB) mode makes it unsuitable for long messages?

A

Repeated message blocks produce repeated cipher text blocks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Separation of duties should be…?

A

cost justified for the potential for loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What is the advantage of Rivest, Shamir, Adelman (RSA) public key system over the Digital Signature Algorithm (DSA)?

A

It can be used for encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

In IPsec, what is the standard format that helps to establish and manage the security association (SA) between two internetworking entities?

A

Internet Key Exchange (IKE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

When securing Internet connections which of the following should be used to protect internal routing and labeling schemes?

A

Network Address Translation (NAT)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Which of the following describes the step prior to an encrypted session using Data Encryption Standard (DES)?

A

Key exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is a set of step-by-step instructions used to satisfy control requirements called?

A

Procedure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

The accounting branch of a large organization requires an application to process expense vouchers. Each voucher must be input by one of many accounting clerks, verified by the clerk’s applicable supervisor, then reconciled by an auditor before the reimbursement check is produced. Which access control technique should be built into the application to best serve these requirements?

A

Role-based Access Control (RBAC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What principle recommends division of responsibilities so that one person cannot commit an undetected fraud?

A

Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

In what situation would TEMPEST risks and technologies be of most interest?

A

Where the consequences of disclosure are very high

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Which of the following is true about information that is designated with the highest level of confidentiality in a private sector organization?

A

It is limited to named individuals and creates an audit trail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

When verifying key control objectives of a system design, the security specialist should ensure that the…?

A

vulnerability assessment has been completed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

What type of controls is not utilized to achieve management directives to protect company assets?

A

Financial controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

All of the followings are hashing algorithms except…?

A

IDEA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Security management practice focuses on the continual protection of:

A

Company assets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

The likelihood of a threat source taking advantage of a vulnerability is called?

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

An instance of being exposed to losses is called?

A

Exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Reference monitor requires which of the following conditions?

A

Isolation, completeness and verifiability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

A person in possession of a sample of ciphertext and corresponding plaintext is capable of what type of attack?

A

Known-plaintext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

Methods of handling risk include all of the followings except:

A

Selling risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Which of the following is not true regarding security policy?

A

It is promulgated by senior IT security staff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

Which of the following describes the activities that assure protection mechanisms are maintained and operational?

A

Due diligence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

When there is a “separation of duties”, parts of tasks are assigned to different people so that:

A

Collusion is required to perform an unauthorized act.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Which of the following is not a generally accepted benefit of security awareness, training and education?

A

A security awareness and training program will help prevent natural disasters from occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which statement below is an incorrect description of a security control?

A

Corrective controls reduce the likelihood of a deliberate attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is not a component that achieves this type of security?

A

Integrity control mechanisms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

In a typical information security program, who would be responsible for providing reports to the corporate executives and senior management on the effectiveness of the instituted program controls?

A

Auditors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

What is the difference between quantitative and qualitative risk analysis?

A

Quantitative analysis provides formal cost/benefit information while qualitative analysis does not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

If risk is defined as “the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets” the risk has all of the following elements except?

A

Controls addressing the threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Which statement below most accurately reflects the goal of risk mitigation?

A

Defining the acceptable level of risk the organization can tolerate, then reduce risk to that level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Risk analysis allows you to do all of the following except:

A

Prevent risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Which of the following is not true with respect to qualitative risk analysis?

A

Results in concrete probability percentages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Which choice below is an accurate statement about standards?

A

Standards are the first element created in an effective security policy program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

A memory address location specified in a program instruction that contains the address of final memory location is known as:

A

Indexed addressing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

Which one of the following hardware devices can be re-programmed? 1 Read Only Memory (ROM). 2 Programmable Read Only Memory (PROM). 3 Erasable Programmable Read Only Memory (EPROM). 4 Electrically Erasable Programmable Read Only Memory (EEPROM).

A

3 and 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

A processing methodology that executes two or more tasks on a single processor is known as:

A

Multitasking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

Which of the following is a high-level language?

A

BASIC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

Which of the followings are security concerns with distributed systems?

A

A, B, and C.

102
Q

Trusted Computing Base (TCB) is comprised of what combination of system components? 1 Hardware 2 Firmware 3 Software

A

All of the above.

103
Q

Reference monitor _______.

A

controls objects access by subjects.

104
Q

Which security mode best defines where users have both the required clearance and the need-to-know for all data on a system?

A

Dedicated.

105
Q

Otherwise known as a “trap door”, this vulnerability is often built into a system.

A

Maintenance hook.

106
Q

What criteria went into the Common Criteria standard?

A

All of the above.

107
Q

Which of the following is the European evaluation criteria standard?

A

B. ITSEC.

108
Q

In the following top-down Common Criteria evaluation process, what is the missing component: Protection Profile ïƒ Target of Evaluation ïƒ ??> ïƒ Security Functionality/Assurance Requirements ïƒ Evaluation ïƒ Evaluation Assurance Level

A

Security Target.

109
Q

A cipher that scrambles letters into different positions is referred to as what?

A

Transposition

110
Q

The HAVAL algorithms perform what function?

A

Hashing

111
Q

Which security model focuses on confidentiality only?

A

Bell-LaPadula.

112
Q

Which of the following includes the definition of procedures for emergency response?

A

Business Continuity Planning

113
Q

Which of the following team should be part of the disaster recovery procedures?

A

Salvage Team

114
Q

A characteristic of security model that enforces information flow in only one direction is:

A

Star property.

115
Q

The business continuity planning (BCP) project management and initiation phase does not involve?

A

Performing a business impact analysis (BIA).

116
Q

In what way does the RSA algorithm differs from the Data Encryption Standard (DES)?

A

It uses a public key for encryption.

117
Q

Information flow models:

A

Ensure that data moves in a way that does not violate security policy.

118
Q

Which type of network is more likely to include Frame Relay, Switched Multi-megabit Data Services (SMDS), and X.25?

A

D. Internet

119
Q

Which device can Forward, Filter, and Flood?

A

C. Hub

120
Q

Which of the following is not a good description of Pretty Good Privacy (PGP)?

A

B. It uses a hierarchical trust model

121
Q

Match the correct network connection speed to the correct standard. 802.11 - ? 802.11b - ? 802.11g - ? 1. 1 & 2 Mbps 2. 4 & 8 Mbps 3. 11 Mbps 4. 54 Mbps

A

A. 1-3-4

122
Q

Which is not a type of service available with ATM?

A

A. MBR (Minimum Bit Rate)

123
Q

MAC (Media Access Control) and LLC (Logical Link Control) have been designated to which layer by the IEEE?

A

B. Data-Link Layer

124
Q

____ is when a layer 3 packet is modified to fit into a layer 2 network with different characteristics.

A

B. Fragmentation

125
Q

What is the role of asymmetric key cryptography in public key infrastructure (PKI) applications?

A

A. It is used for key management.

126
Q

Which routing protocol is used to allow hosts to participate in multicasting?

A

B. IGMP (Internet Group Management Protocol)

127
Q

ARP and RARP are used to map which?

A

B. MAC address to IP address

128
Q

Use the unique response from a given system to identify the operating system running on a host is also known as _____.

A

B. OS fingerprinting

129
Q

Which is the best defense against network sniffing?

A

D. Encryption

130
Q

A Smurf attack takes advantage of which of the following?

A

A. ICMP messages to a network’s broadcast address.

131
Q

Which is not true about fair cryptosystems?

A

D. It uses a tamper proof chip.

132
Q

A system where a user authenticates, is disconnected, and the receiving system connects back to a number in a pre-defined database is also known as which?

A

A. Callback

133
Q

What does Advanced Encryption Standard (AES) do?

A

C. It performs bulk data encryption

134
Q

A Sockets (SOCKS) gateways can be classified as which type of firewall?

A

C. Circuit-level

135
Q

RFC 1918 extended IPv4 with the introduction of non-routable addresses in support of which technology below?

A

B. NAT

136
Q

In configuration management, a configuration item is?

A

B. A component whose state is to be recorded and against which changes are to be progressed.

137
Q

In software development life cycle, the Waterfall Model assumes that…?

A

B. Each step can be completed and finalized without any effect from the later stages that may require rework.

138
Q

What does the Spiral SDLC Model depicts?

A

A. A spiral that incorporates various phases of software development

139
Q

What can best be described as an abstract machine which it must mediate all access of subjects to objects?

A

A. The reference monitor

140
Q

Which provides a physical connection between the network cabling and the computer’s internal bus?

A

D. Network interface cards (NICs)

141
Q

What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?

A

A. Protection rings

142
Q

Critical areas should be lighted:

A

D. Eight feet high and two feet out.

143
Q

The percentage of loss a realized threat could have on a certain asset is known as the:

A

C. Exposure factor (EF)

144
Q

Why does buffer overflow happen?

A

C. Because input data is not checked for appropriate length at time of input

145
Q

Referential integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following?

A

D. primary key

146
Q

What type of malware is self-contained and it does not need to be part of another computer program to propagate?

A

C. Computer worm

147
Q

Which of the following represents a prolonged high voltage?

A

A. A power surge

148
Q

What type of malware that is capable of infect a file with an encrypted copy of itself, then modify itself when decoded to make almost impossible to detect by signature-based virus scanner?

A

D. Polymorphic virus

149
Q

A timely review of system access records would be an example of which basic security function?

A

C. Prevention

150
Q

Which of the following is a reasonable response from the intrusion detection system when it detects Internet Protocol (IP) packets where the IP source address is the same as the IP destination address?

A

B. Record selected information about the item and delete the packet

151
Q

A major disadvantage of single sign-on (SSO) is:

A

B. A compromised password exposes all authorized resources.

152
Q

Which of the following can be identified when exceptions occur using operations security detective controls?

A

C. Authorized operations people performing unauthorized functions.

153
Q

An access system that grants users only those rights necessary for them to perform their work is operating on follows which security principle?

A

B. Least Privilege

154
Q

Three principal schemes that provide a framework for managing access control are

A

A. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC).

155
Q

When a communication link is subject to monitoring, what is the advantage for using an end-to-end encryption solution over link encryption solution?

A

A. Cleartext is only available to the sending and receiving entities.

156
Q

To which form of access control is a rule based control mechanism usually related?

A

A. Discretionary Access Control

157
Q

Which of the following does a digital signature provide?

A

C. It identifies the source and verifies the integrity of data.

158
Q

What role does biometrics have in logical access control?

A

C. Authentication

159
Q

When establishing a violation tracking and analysis process, which one of the following parameters is used to keep the quantity of data to manageable levels?

A

D. Clipping levels

160
Q

The accounting branch of a large organization requires an application to process expense vouchers. Each voucher must be input by one of many accounting clerks, verified by the clerk’s applicable supervisor, then reconciled by an auditor before the reimbursement check is produced. What access control technique should be built into the application to meet the information protection needs?

A

C. Role-based Access Control (RBAC)

161
Q

What best describes two-factor authentication?

A

D. A combination of two listed above

162
Q

A timely review of system access records would be an example of which basic security function?

A

D. Detection

163
Q

Which protocol makes use of an electronic wallet on a customer’s PC and sends encrypted credit card information to merchant’s Web server, which digitally signs it and sends it on to its processing bank?

A

D. SET

164
Q

Risk management helps you do all of the followings except:

A

D. Completely avoid risk

165
Q

Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard (AES)?

A

C. Rijndael

166
Q

What is the role of internet key exchange (IKE) within the IPsec protocol?

A

D. Peer authentication and key exchange.

167
Q

Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?

A

D. Birthday attack

168
Q

Which of the following encryption methods is considered unbreakable?

A

B. One-time pads

169
Q

The Clipper Chip utilizes which concept in public key cryptography?

A

A. Key Escrow

170
Q

Public Key algorithms are:

A

C. 1,000 to 10,000 times slower than secret key algorithms

171
Q

Cryptography does not concern itself with:

A

A. Availability

172
Q

Which of the following protects Kerberos against replay attacks?

A

C. Time stamps

173
Q

Which network topology offers the highest reliability and availability?

A

D. Mesh

174
Q

A public key algorithm that does both encryption and digital signature is which of the following?

A

A. RSA

175
Q

Which of the following is the correct calculation?

A

B. Asset value ($) x exposure factor (%) = single loss expectancy ($)

176
Q

Copies of the original discs and other media are considered as what type of evidence?

A

C. Hearsay evidence

177
Q

Which of the following statement is most accurate of digital signature?

A

A. It allows the recipient of data to prove the source and integrity of data.

178
Q

The Diffie-Hellman algorithm is primarily used to provide which of the following?

A

A. Key exchange

179
Q

Of the following, which is most true?

A

B. El Gamal gets its strength from the complexity of using discrete logarithms in a finite field

180
Q

Which security model addresses integrity? 1. Bell-LaPadula. 2. Clark-Wilson. 3. Biba. 4. Chinese Wall.

A

C. 2 and 3.

181
Q

Of the followings, which is the best description of a digital signature?

A

B. The sender encrypts a message digest with his/her private key

182
Q

What encryption operation is used when AES uses S-boxes during the process of encryption?

A

A. Substitution

183
Q

Which item is the responsibility of key management?

A

A. Key generation and destruction

184
Q

How many bits make up the effective Data Encryption Standard (DES) key?

A

A. 56

185
Q

The estimated frequency a threat will occur within a year is known as the:

A

B. Annualized rate of occurrence (ARO)

186
Q

What is the Clipper Chip key size?

A

A. 80 bit

187
Q

When an organization is determining which data is sensitive, it must consider all of the following except:

A

C. Quantity of data

188
Q

Data Encryption Standard (DES) uses which algorithm?

A

C. Lucifer

189
Q

To speed up RAID disk access, an organization can:

A

B. Stripe the data across several drives.

190
Q

Which choice below most accurately describes the organization’s responsibilities during an unfriendly termination?

A

A. System access should be removed as quickly as possible after termination.

191
Q

The concept of least privilege…?

A

D. assures that individuals only have the permissions and rights necessary for them to do their job.

192
Q

Which is most likely to help a company detect fraudulent activity:

A

A. Mandatory vacations

193
Q

Clipping level is all of the followings except:

A

D. Recorded for further review once they have been exceeded.

194
Q

Proper change control management involves:

A

B. Having a well-structured change management process.

195
Q

All of the followings are acceptable for sanitizing data except:

A

A. Deleting it.

196
Q

Trusted recovery may be defined as:

A

A. Procedures that restore a system and its data in a trusted manner after the system was disrupted or a system failure occurred.

197
Q

Which of the following is incorrect with respect to a system cold start:

A

B. Occurs when recovery procedure cannot recover the system to a more consistent state.

198
Q

Which of the following statements is incorrect:

A

B. Fax machines are more secure than fax servers.

199
Q

____ tunnels NetBEUI and IPX protocols.

A

A. PPTP

200
Q

Which of the following statements regarding session hijacking is incorrect:

A

Cannot be safeguarded against, not even through mutual authentication using protocols such as IPsec.

201
Q

Separation of duty can be defeated by:

A

Collusion

202
Q

Recovery controls attempt to:

A

Return to normal operations

203
Q

Which of the following questions is less likely to help in assessing physical and environmental protection?

A

Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information?

204
Q

Security guards are appropriate whenever the function required by the security program involves which of the following?

A

The use of discriminating judgment.

205
Q

______ communications rely on clocking systems at the sending and receiving ends to sync, rather than stop and start bits.

A

Synchronous

206
Q

Which of the following is a “Class A” fire?

A

Common combustibles

207
Q

This IPsec mode encapsulates the entire IP packet between IPsec nodes. A. Transport

A

Tunnel

208
Q

A momentary power outage is a:

A

Fault

209
Q

Which security measure would be the best deterrent to the theft of corporate information from a laptop which was left in a hotel room?

A

Remove the batteries and power supply from the laptop and store them separately from the computer.

210
Q

Which of the following is not EPA-approved replacements for Halon?

A

Bromine

211
Q

Which of the following statements pertaining to fire suppression systems is true?

A

CO2 systems are effective because they suppress the oxygen supply required to sustain the fire.

212
Q

Which of the following suppresses combustion through a chemical reaction that kills the fire?

A

Halon

213
Q

Which of the following is a “Class C” fire?

A

electrical

214
Q

When handling electronic evidence, what is the implementation principle for chain of custody that documents the evidence life cycle?

A

Must account for everyone who had access to the evidence.

215
Q

Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader?

A

Atransponder

216
Q

A momentary high voltage is a:

A

Spike

217
Q

A device that supplies power when the commercial utility power system fails is called?

A

uninterruptible power supply (UPS)

218
Q

The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts?

A

Static electricity

219
Q

While referring to physical security, what does positive pressurization means?

A

The air goes out of a room when a door is opened and outside air does not go into the room.

220
Q

Which of the following question is less likely to help in assessing physical access controls?

A

Is the operating system configured to prevent circumvention of the security

221
Q

The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?

A

Eight feet high and two feet out.

222
Q

Which of the following is true about a “dry pipe” sprinkler system?

A

It minimizes chances of accidental discharge of water.

223
Q

The followings are fire detector types except:

A

Acoustical-seismic detection system

224
Q

Which of the following asymmetric encryption algorithm is based on the difficulty of factoring large numbers?

A

RSA

225
Q

Under what conditions would the use of a Class C fire suppression system be preferable to the use of a Class A fire suppression system?

A

When the fire involves electrical equipment.

226
Q

Which of the following recovery issue must be considered in disaster recovery planning (DRP)?

A

PublicRelations

227
Q

A business continuity plan (BCP) should have a structure that includes:

A

What should take place in order to restore a server, its files and data after a major system failure?

228
Q

What should take place in order to restore a server, its files and data after a major system failure?

A

Restore from storage media backup

229
Q

It is recommended that your disaster recovery plan (DRP) and business continuity plan (BCP) be tested at a minimum of what intervals?

A

One year

230
Q

In addition to preventing loss of life and further injury, what other reason is there to immediately initiate an emergency plan after a disaster?

A

Secure the area to prevent any looting, fraud or vandalism.

231
Q

When shopping for an off-site backup facility that will ultimately be used to store all your backup media, what is the most important factor to consider?

A

The facility should protect against unauthorized access and entry.

232
Q

What is the primary reason for using one-way hashing algorithms on user passwords?

A

It prevents people from seeing the passwords in clear text

233
Q

What is the most critical factor in the development of a disaster recovery plan (DRP)?

A

Business impact analysis (BIA)

234
Q

What is the best description of a structured walk through test?

A

All departments receive a copy of the disaster recovery plan and walk through it.

235
Q

Which of the following backup facility is most expensive?

A

Hot

236
Q

A business impact analysis would not likely include which of the following tasks?

A

Identifying critical functions of the company

237
Q

What is the effective length of a secret key in the Data Encryption Standard (DES) algorithm?

A

56-bit

238
Q

If a site needed sporadic access to another network, which would be the best choice?

A

SVC (switched virtual circuit)

239
Q

Resuming critical business functions includes:

A

Establishing the command center

240
Q

The admissibility rule requires that evidence must be excluded if:

A

It is not legally obtained.

241
Q

Chain of custody is primarily used to:

A

Protect and account for evidence.

242
Q

A unique packaging method or symbol is a:

A

Trademark.

243
Q

Why is computer crime difficult to investigate:

A

Criminals can spoof their address.

244
Q

Privacy laws generally include which of the following provisions:

A

Government agencies may not use data for a purpose other than that for which it was initially collected.

245
Q

What is the minimum and customary practice of responsible protection of assets that affects a community or societal norm?

A

Due care

246
Q

What is the best description of a stream cipher?

A

The cipher uses a key to create a keystream and XOR’s the result with the message

247
Q

Evidence may be not detected through:

A

Accidental discovery

248
Q

Which of the following is not a valid X.509 V.3 certificate field?

A

Subject’s digital signature

249
Q

Which network protocol uses a “connected” session?

A

Transmission Control Protocol (TCP)

250
Q

What are the objectives of emergency actions taken at the beginning stage of a disaster? Preventing injuries, loss of life, and …

A

mitigating damage

PJWSTK BSI (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions