CBKR

Question 1

2. Copyright provides what form of protection:
   A. Protects an author’s right to distribute his/her works.
   B. Protects information that provides a competitive advantage.
   C. Protects the right of an author to prevent unauthorized use of his/her works.
   D. Protects the right of an author to prevent viewing of his/her works.

Answer 1

C. Protects the right of an author to prevent unauthorized use of his/her works.

Question 2

4. Which of the following describes the first step in establishing an encrypted session
   using a Data Encryption Standard (DES) key?
   A. Key clustering
   B. Key compression
   C. Key signing
   D. Key exchange

Answer 2

D. Key exchange

Question 3

10. A CISSP may face with an ethical conflict between their company’s policies and the (ISC)2 Code of Ethics. According to the (ISC)2 Code of Ethics, in which order of
    priority should ethical conflicts be resolved?
    A. Duty to principals, profession, public safety, and individuals.
    B. Duty to public safety, principals, individuals, and profession.
    C. Duty to profession, public safety, individuals, and principals.
    D. Duty to public safety, profession, individuals, and principals.

Answer 3

B. Duty to public safety, principals, individuals, and profession.

Question 4

11. Company X is planning to implement rule based access control mechanism for controlling access to its information assets, what type of access control is this usually related to?
A.  Discretionary Access Control
B.  Task-initiated Access Control
C.  Subject-dependent Access Control
D.  Token-oriented Access Control

Answer 4

A. Discretionary Access Control

Question 5

12. In the Common Criteria Evaluation and Validation Scheme (CCEVS), requirements 
for future products are defined by:
A. Protection Profile.
B.  Target of Evaluation.
C.  Evaluation Assurance Level 3.
D. Evaluation Assurance Level 7.

Answer 5

A. Protection Profile.

Question 6

14. Configuration management provides assurance that changes…?
    A. to application software cannot bypass system security features.
    B. do not adversely affect implementation of the security policy.
    C. to the operating system are always subjected to independent validation and verification.
    D. in technical documentation maintain an accurate description of the Trusted Computer Base.

Answer 6

B. do not adversely(不利地) affect implementation of the security policy.

Question 7

20. All of the following methods ensure the stored data are unreadable except…?
    A. writing random data over the old file.
    B. physical alteration of media.
    C. degaussing the disk or tape.
    D. removing the volume header information.

Answer 7

D. removing the volume header information.

Question 8

22. What determines the assignment of data classifications in a mandatory access control
    (MAC) philosophy?
    A. The analysis of the users in conjunction with the audit department
    B. The assessment by the information security department
    C. The user’s evaluation of a particular information element
    D. The organization’s published security policy for data classification

Answer 8

D. The organization’s published security policy for data classification

Question 9

25. Which of the following is the primary goal of a security awareness program?
    A. It provides a vehicle for communicating security procedures.
    B. It provides a clear understanding of potential risk and exposure.
    C. It provides a forum for disclosing exposure and risk analysis.
    D. It provides a forum to communicate user responsibilities.

Answer 9

B.  It provides a clear understanding of potential risk and exposure.
#
A：它提供了一種傳達安全程序的工具。
B.它提供了對潛在風險和暴露的清晰了解。
C.它提供了一個公開暴露和風險分析的論壇。
D.它提供了一個交流用戶責任的論壇。

Question 10

26. Which of the following evidence collection method is most likely accepted in a court case?
    A. Provide a full system backup inventory.
    B. Create a file-level archive of all files.
    C. Provide a mirror image of the hard drive.
    D. Copy all files accessed at the time of the incident.

Answer 10

C. Provide a mirror image of the hard drive.

Question 11

27. Which of the following characteristics is not of a good stream cipher?
    A. Long periods of no repeating patterns.
    B. Statistically predictable.
    C. Keystream is not linearly related to the key.
    D. Statistically unbiased keystream.

Answer 11

B. Statistically predictable.

Question 12

28. When a security administrator wants to conduct regular test on the strength of user passwords, what may be the best setup for this test?
    A. A networked laptop with Rainbow table that have direct access to the live password database.
    B. A standalone workstation with Rainbow table and a copied password database.
    C. A networked workstation with Rainbow table and a copied password database.
    D. This is not possible, because the password database is encrypted.

Answer 12

B. A standalone workstation with Rainbow table and a copied password database.

Question 13

0. Which answer lists the proper steps required to develop a disaster recovery and business continuity plan (DRP/BCP)?
   A. Project initiation, business impact analysis, strategy development, plan development, testing, maintenance.
   B. Strategy development, project initiation, business impact analysis, plan development, testing, maintenance.
   C. Business impact analysis, project initiation, strategy development, plan development, testing, maintenance.
   D. Project initiation, plan development, business impact analysis, strategy development, testing, maintenance.

Answer 13

A. Project initiation, business impact analysis, strategy development, plan development, testing, maintenance.

Question 14

32. An information security program should include the following elements:
    A. Disaster recovery and business continuity planning, and definition of access control requirements and human resources policies.
    B. Business impact, threat and vulnerability analysis, delivery of an information security awareness program, and physical security of key installations.
    C. Security policy implementation, assignment of roles and responsibilities, and information asset classification.
    D. Senior management organizational structure, message distribution standards, and procedures for the operation of security management systems.

Answer 14

C. Security policy implementation, assignment of roles and responsibilities, and information asset classification.

Question 15

35. Security of an automated information system is most effective and economical if the system is…?
    A. optimized prior to addition of security.
    B. customized to meet the specific security threat.
    C. subjected to intense security testing.
    D. designed originally to meet the information protection needs.

Answer 15

D. designed originally to meet the information protection needs.

Question 16

38. It is important that information about an ongoing computer crime investigation be…?
    A. destroyed as soon after trial as possible.
    B. reviewed by upper management before being released.
    C. replicated to a backup system to ensure availability.
    D. limited to as few people as possible.

Answer 16

D. limited to as few people as possible.

Question 17

39. Which answer is not true for Diffie-Hellman algorithm?
    A. Security stems from the difficulty of calculating the product of two large prime numbers.
    B. It was the first public key exchange algorithm.
    C. It is vulnerable to man-in-the-middle attacks.
    D. It is used for distribution of a shared key, not for message encryption and decryption.

Answer 17

A. Security stems from the difficulty of calculating the product of two large prime numbers.

Question 18

40. After signing out a laptop computer from the company loaner pool, you discovered there is a memorandum stored in the loaner laptop written to a competitor containing sensitive information about a new product your company is about to release. Based on the (ISC)2 Code of Ethics, what is the first action you should take?
    A. Delete the memorandum from the laptop to ensure no one else will see it.
    B. Contact the author of the memorandum to let him/her know the memorandum was on the laptop.
    C. Immediately inform your company’s management of your findings and its potential ramifications.
    D. Inform the security awareness trainers that data disclosure prevention in a mobile computing environment needs to be added to their classes.

Answer 18

C. Immediately inform your company’s management of your findings and its potential ramifications.

Question 19

44. What is the trusted registry that guarantees the authenticity of client and server public keys?
A.  Public key notary.
B.  Certification authority.
C.  Key distribution center.
D.  Key revocation certificate.

Answer 19

B. Certification authority.

Question 20

45. The concept that all accesses must be mediated, protected from unauthorized modification, and verifiable as correct is implemented through what?
A.  A security model. 
B.  A reference monitor.
C.  A security kernel.
D.  A trusted computing base.

Answer 20

C. A security kernel.

Question 21

48. During a disaster or emergency, how does a closed-circuit television (CCTV) help management and security to minimize loss?
    A. It helps the management to direct resources to the hardest hit area.
    B. It records instances of looting and other criminal activities.
    C. It documents shortcomings of plans and procedures.
    D. It captures the exposure of assets to physical risk.

Answer 21

A. It helps the management to direct resources to the hardest hit area.

Question 22

49. The goal of cryptanalysis is to…?
    A. forge coded signals that will be accepted as authentic.
    B. ensure that the key has no repeating segments.
    C. reduce the system overhead for cryptographic functions.
    D. determine the number of encryption permutations required.

Answer 22

A. forge coded signals that will be accepted as authentic.

Question 23

50. Which one of the followings cannot be identified by a business impact analysis (BIA)?
    A. Analyzing the threats associated with each functional area.
    B. Determining risks associated with threats.
    C. Identifying major functional areas of information.
    D. Determining team members associated with disaster planning.

Answer 23

D. Determining team members associated with disaster planning.

Question 24

52. Pretty Good Privacy (PGP) provides…?
    A. confidentiality, integrity, and authenticity.
    B. integrity, availability, and authentication.
    C. availability, authentication, and non-repudiation.
    D. authorization, non-repudiation, and confidentiality.

Answer 24

D. authorization, non-repudiation, and confidentiality.

Question 25

53. Which of the following can be identified when exceptions occur using operations security detective controls?
    A. Unauthorized people seeing printed confidential reports.
    B. Unauthorized people destroying confidential reports.
    C. Authorized operations people performing unauthorized functions.
    D. Authorized operations people not responding to important console messages.

Answer 25

C. Authorized operations people performing unauthorized functions.

Question 26

56. Before powering off a computer system, a computer crime investigator should record contents of the monitor and…?
    A. save the contents of the spooler queue.
    B. dump the memory contents to a disk.
    C. backup the hard drive.
    D. collect the owner’s boot up disks.

Answer 26

B. dump the memory contents to a disk.

Question 27

59. A security planning process must defines: how security will be managed, who will be responsible, and…?
    A. what practices are reasonable and prudent(謹慎) for the enterprise.
    B. who will work in the security department.
    C. what impact security will have on the intrinsic value of data.
    D. how security measures will be tested for effectiveness.

Answer 27

A. what practices are reasonable and prudent(謹慎) for the enterprise.

Question 28

60. A security policy provides a way to…?
    A. establish a cost model for security activities.
    B. allow management to define system recovery requirements.
    C. identify and clarify security goals and objectives.
    D. enable management to define system access rules.

Answer 28

C. identify and clarify security goals and objectives.

Question 29

65. Separation of duties should be…?
    A. enforced in all organizational areas.
    B. cost justified for the potential for loss.
    C. enforced in the program testing phase of application development.
    D. determined by the availability of trained staff.

Answer 29

B. cost justified for the potential for loss.

Question 30

67. In IPsec, what is the standard format that helps to establish and manage the security association (SA) between two internetworking entities?
    A. Internet Security Association and Key Management Protocol (ISAKMP)
    B. Internet Key Exchange (IKE)
    C. Diffie-Hellman Key Exchange
    D. Authentication Header (AH)

Answer 30

B. Internet Key Exchange (IKE)

Question 31

74. Which of the following is true about information that is designated with the highest level of confidentiality in a private sector organization?
    A. It is limited to named individuals and creates an audit trail.
    B. It is restricted to those in the department of origin for the information.
    C. It is available to anyone in the organization whose work relates to the subject and requires authorization for each access.
    D. It is classified only by the information security officer and restricted to those who have made formal requests for access.

Answer 31

A. It is limited to named individuals and creates an audit trail.

Question 32

75. When verifying key control objectives of a system design, the security specialist should ensure that the…?
    A. final system design has security administrator approval.
    B. auditing procedures have been defined.
    C. vulnerability assessment has been completed.
    D. impact assessment has been approved.

Answer 32

C. vulnerability assessment has been completed.

Question 33

80. An instance of being exposed to losses is called?
A. Vulnerably
B.  Threat
C.  Risk
D. Exposure

Answer 33

D. Exposure

Question 34

81. Reference monitor requires which of the following conditions?
    A. Policy, mechanism and assurance
    B. Isolation, layering and abstraction
    C. Isolation, completeness and verifiability
    D. Confidentiality, availability and integrity

Answer 34

C. Isolation, completeness and verifiability

Question 35

82. A person in possession of a sample of ciphertext and corresponding plaintext is capable of what type of attack? 
A. Known-plaintext  
B.  Ciphertext only 
C.  Chosen-plaintext 
D. Plaintext

Answer 35

A. Known-plaintext

Question 36

86. When there is a “separation of duties”, parts of tasks are assigned to different people
    so that:
    A. Collusion is required to perform an unauthorized act.
    B. Better planning is required to break into systems.
    C. Defense-in-depth is achieved by creating multiple layers an attacker must circumvent.
    D. The weakest link, people, are not easily flipped.

Answer 36

A. Collusion is required to perform an unauthorized act.

Question 37

90. In a typical information security program, who would be responsible for providing reports to the corporate executives and senior management on the effectiveness of the instituted program controls?
    A. Auditors
    B. Information systems security manager (ISSM)
    C. Information systems security officer (ISSO)
    D. Information systems security professionals

Answer 37

A. Auditors

Question 38

92. If risk is defined as “the potential that a given threat will exploit vulnerabilities of an asset or group of assets to cause loss or damage to the assets” the risk has all of the following elements except?
    A. An impact of assets based on threats and vulnerabilities.
    B. Controls addressing the threats.
    C. Threats to and vulnerabilities of processes and/or assets.
    D. Probabilities of the threats.

Answer 38

B. Controls addressing the threats.

Question 39

96. Which choice below is an accurate statement about standards?
    A. Standards are the high-level statements made by senior management in support of information systems security.
    B. Standards are the first element created in an effective security policy program.
    C. Standards are used to describe how policies will be implemented within an organization.
    D. Standards are senior management’s directives to create a computer security program.

Answer 39

C. Standards are used to describe how policies will be implemented within an organization.

Question 40

97. A memory address location specified in a program instruction that contains the address of final memory location is known as: 
A. Implied addressing.
B. Indexed addressing.
C. Indirect addressing.
D. Register addressing.

Answer 40

C. Indirect addressing.

Question 41

104.  Which security mode best defines where users have both the required clearance and the need-to-know for all data on a system? 
A. Dedicated.
B.  Limited access.
C.  Controlled.
D. Compartmented.

Answer 41

A. Dedicated(專用).

Question 42

106. What criteria went into the Common Criteria standard?
     A. TCSEC.
     B. ITSEC.
     C. Canadian Trusted Computer Evaluation Criteria.
     D. All of the above.

Answer 42

D. All of the above.

Question 43

107.  Which of the following is the European evaluation criteria standard?
A. TCSEC.
B.  ITSEC.
C.  IPSec.
D. CTCEC.

Answer 43

B. ITSEC.

Question 44

108. In the following top-down Common Criteria evaluation process, what is the missing component:
     Protection Profile > Target of Evaluation > ??> > Security
     Functionality/Assurance Requirements > Evaluation > Evaluation Assurance Level
     A. Certification Domain.
     B. Integrity Assessment.
     C. Security Domain.
     D. Security Target.

Answer 44

D. Security Target.

Question 45

112.  Which of the following includes the definition of procedures for emergency response?
A. Operations Planning
B.  Disaster Recovery Planning
C.  Business Continuity Planning
D. Backup Planning

Answer 45

C. Business Continuity Planning

Question 46

113.  Which of the following team should be part of the disaster recovery procedures?
A. Test Team
B.  Management Team
C.  Salvage Team
D. IT Team

Answer 46

C. Salvage Team

Question 47

115. The business continuity planning (BCP) project management and initiation phase does not involve?
     A. Establishing members of the BCP team.
     B. Determining the need for automated data collection tools.
     C. Performing a business impact analysis (BIA).
     D. Preparing and presenting status reports.

Answer 47

C. Performing a business impact analysis (BIA).

Question 48

117. Information flow models:
     A. Allow for dynamically changing access controls.
     B. Ensure one domain does not affect another domain.
     C. Ensure that data moves in a way that does not violate security policy.
     D. Ensure the system is secure through all state transitions.

Answer 48

C. Ensure that data moves in a way that does not violate security policy.

Question 49

119.  Which device can Forward, Filter, and Flood?
A. Switch
B.  Router
C.  Hub
D. Repeater

Answer 49

A. Switch

Question 50

120. Which of the following is not a good description of Pretty Good Privacy (PGP)?
     A. It uses a web of trust between the participants
     B. It uses a hierarchical trust model
     C. It was created by Phil Zimmerman
     D. It uses passphrases

Answer 50

B. It uses a hierarchical trust model

Question 51

122.  Which is not a type of service available with ATM?
A. MBR (Minimum Bit Rate)
B.  CBR (Constant Bit Rate)
C.  UBR (Unspecified Bit Rate)
D. ABR (Available Bit Rate)

Answer 51

A. MBR (Minimum Bit Rate)

Question 52

130. A Smurf attack takes advantage of which of the following?
     A. ICMP messages to a network’s broadcast address.
     B. SYN buffers on a host.
     C. Overlapping IP fragments.
     D. Oversized ICMP packets.

Answer 52

A. ICMP messages to a network’s broadcast address.

Question 53

131. Which is not true about fair cryptosystems?
     A. It splits the private key into different parts.
     B. It gives law enforcement access when legally authorized.
     C. It escrows the separate key parts with separate escrow agencies.
     D. It uses a tamper proof chip.

Answer 53

D. It uses a tamper proof chip.

Question 54

132.  A system where a user authenticates, is disconnected, and the receiving system connects back to a number in a pre-defined database is also known as which?
A. Callback
B.  Call forward
C.  Remote Access
D. Port knocking

Answer 54

A. Callback

Question 55

134.  A Sockets (SOCKS) gateways can be classified as which type of firewall?
A. Stateless filtering
B.  Stateful filtering
C.  Circuit-level
D. Application-level

Answer 55

C. Circuit-level

Question 56

136. In configuration management, a configuration item is?
     A. The version of the operating system, which is operating on the work station, that provides information security services.
     B. A component whose state is to be recorded and against which changes are to be progressed.
     C. The network architecture used by the organization.
     D. A series of files that contain sensitive information.

Answer 56

B. A component whose state is to be recorded and against which changes are to be progressed.

Question 57

139.  What can best be described as an abstract machine which it must mediate all 
access of subjects to objects?
A. The reference monitor
B.  A security domain
C.  The security kernel
D. The security perimeter

Answer 57

A. The reference monitor

Question 58

141. What is defined as the hardware, firmware and software elements of a trusted
     computing base that implement the reference monitor concept?
     A. Protection rings
     B. A security kernel
     C. A protection domain
     D. The reference monitor

Answer 58

B. A security kernel

Question 59

142.  Critical areas should be lighted: 
A. Ten feet high and six feet out. 
B.  Ten feet high and four feet out. 
C.  Eight feet high and four feet out. 
D. Eight feet high and two feet out.

Answer 59

D. Eight feet high and two feet out.

Question 60

149.  A timely review of system access records would be an example of which basic security function?
A.  Avoidance
B.  Deterrence
C.  Prevention
D.  Detection

Answer 60

D. Detection

Question 61

150. Which of the following is a reasonable response from the intrusion detection system when it detects Internet Protocol (IP) packets where the IP source address is the same as the IP destination address?
     A. Allow the packet to be processed by the network and record the event
     B. Record selected information about the item and delete the packet
     C. Resolve the destination address and process the packet
     D. Translate the source address arid resend the packet

Answer 61

B. Record selected information about the item and delete the packet

Question 62

154. Three principal schemes that provide a framework for managing access control are
     A. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC).
     B. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Layer Based Access Protocol (LBAP).
     C. Mandatory Access Control (MAC), Layer Based Access Protocol (LBAP), and Target Based Access Protocol (TBAP).
     D. Role Based Access Control (RBAC), Layer Based Access Protocol (LBAP), and Target Based Access Protocol (TBAP).

Answer 62

A. Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role Based Access Control (RBAC).

Question 63

155. When a communication link is subject to monitoring, what is the advantage for using an end-to-end encryption solution over link encryption solution?
     A. Cleartext is only available to the sending and receiving entities.
     B. Routing information is included in the message transmission protocol.
     C. Routing information is encrypted by the originator.
     D. Each message has a unique encryption key.

Answer 63

A. Cleartext is only available to the sending and receiving entities.

Question 64

156.  To which form of access control is a rule based control mechanism usually related?
A. Discretionary Access Control
B.  Task-initiated Access Control
C.  Subject-dependent Access Control
D. Token-oriented Access Control

Answer 64

A. Discretionary Access Control

Question 65

158.  What role does biometrics have in logical access control?
A.  Certification
B.  Authorization
C.  Authentication
D.  Confirmation

Answer 65

C. Authentication

Question 66

159.  When establishing a violation tracking and analysis process, which one of the following parameters is used to keep the quantity of data to manageable levels?
A. Quantity baseline
B.  Maximum log size
C.  Circular logging
D. Clipping levels

Answer 66

D. Clipping levels

Question 67

166.  What is the role of internet key exchange (IKE) within the IPsec protocol? 
A. Enforcing quality of service.
B.  Data signature.
C.  Data encryption.
D. Peer authentication and key exchange.

Answer 67

D. Peer authentication and key exchange.

Question 68

169.  The Clipper Chip utilizes which concept in public key cryptography? 
A. Key Escrow 
B.  Substitution 
C.  An undefined algorithm 
D. Super strong encryption

Answer 68

A. Key Escrow

Question 69

176.  Copies of the original discs and other media are considered as what type of 
evidence?
A. Primary evidence
B.  Reliable evidence
C.  Hearsay evidence
D. Conclusive evidence.

Answer 69

C. Hearsay evidence

Question 70

182.  What encryption operation is used when AES uses S-boxes during the process of encryption? 
A. Substitution 
B.  Key generation 
C.  Key exchange 
D. Chaining

Answer 70

A. Substitution

Question 71

183. Which item is the responsibility of key management?
     A. Key generation and destruction
     B. Access controls and encryption
     C. Key length and algorithm propriety
     D. Access control, user authentication and authorization

Answer 71

A. Key generation and destruction

Question 72

What is the Clipper Chip key size? 
A. 80 bit 
B.  64 bit 
C.  128 bit 
D. 160 bit

Answer 72

A. 80 bit

Question 73

189. To speed up RAID disk access, an organization can:
     A. Use larger hard drives.
     B. Stripe the data across several drives.
     C. Mirror critical drives.
     D. Disallow ad hoc queries.

Answer 73

B. Stripe the data across several drives.

Question 74

194. Proper change control management involves:
     A. Having an undisciplined change control process.
     B. Having a well-structured change management process.
     C. The immediate implementation of all requested changes so as to assure ultimate customer satisfaction.
     D. Assuring that all of the CSO‘s request are immediately implemented.

Answer 74

B. Having a well-structured change management process.

Question 75

196. Trusted recovery may be defined as:
     A. Procedures that restore a system and its data in a trusted manner after the system was disrupted or a system failure occurred.
     B. Securely restoring a system after a hard drive failure.
     C. Finding missing equipment and verifying that security policies were not violated.
     D. An operating system regaining a secure state after a brief lapse into an insecure state.

Answer 75

A. Procedures that restore a system and its data in a trusted manner after the system was disrupted or a system failure occurred.

Question 76

197. Which of the following is incorrect with respect to a system cold start:
     A. Occurs when an unexpected trusted computer base (TCB) or medial failure happens.
     B. Occurs when recovery procedure cannot recover the system to a more consistent state.
     C. The system, TCB, and user objects may remain in an inconsistent state while the system attempts to recover itself.
     D. Systems administrator intervention is typically not necessary to restore the system.

Answer 76

D. Systems administrator intervention is typically not necessary to restore the system.

Question 77

199.  \_\_\_\_ tunnels NetBEUI and IPX protocols.
A. PPTP
B.  IPsec
C.  SSL
D. VPN

Answer 77

A. PPTP

Question 78

204. Security guards are appropriate whenever the function required by the security program involves which of the following?
     A. The use of discriminating judgment.
     B. The need to detect unauthorized access.
     C. The use of physical force.
     D. The operation of access control devices.

Answer 78

A. The use of discriminating judgment.
The Answer: The use of discriminating judgment, a guard can make the determinations that hardware or other automated security devices cannot make due to its ability to adjust to rapidly changing conditions, to learn and alter recognizable patterns, and to respond to various conditions in the environment. Guards are better at making value decisions at times of incidents. They are appropriate whenever immediate, discriminating judgment is required by the security entity.
The following answers are incorrect:
The use of physical force This is not the best answer. A guard provides discriminating judgment, and the ability to discern the need for physical force. The operation of access control devices A guard is often uninvolved in the operations of an automated access control device such as a biometric reader, a smart lock, mantrap, etc.
The need to detect unauthorized access The primary function of a guard is not to detect unauthorized access, but to prevent unauthorized physical access attempts and may deter social engineering attempts.

Question 79

207.  This IPsec mode encapsulates the entire IP packet between IPsec nodes.
A. Transport
B.  PPP
C.  Tunnel
D. GRE

Answer 79

C. Tunnel

Question 80

209. Which security measure would be the best deterrent to the theft of corporate information from a laptop which was left in a hotel room?
     A. Install a cable lock on the laptop when it is unattended.
     B. Encrypt the data on the hard drive.
     C. Store all data on disks and lock them in an in-room safe.
     D. Remove the batteries and power supply from the laptop and store them separately from the computer.

Answer 80

B. Encrypt the data on the hard drive.

Question 81

210.  Which of the following is not EPA-approved replacements for Halon?
A. Water 
B.  NAF-S-III 
C.  Argon 
D. Bromine

Answer 81

D. Bromine

Question 82

211. Which of the following statements pertaining to fire suppression systems is true?
     A. Soda acid is an effective fire suppression method for class C (electrical) fires.
     B. CO2 systems are effective because they suppress the oxygen supply required to sustain the fire.
     C. Gas masks provide an effective protection against use of CO2 systems.
     D. Halon is commonly used because it is highly effective in the fact that it interferes with the chemical combustion of the elements within a fire.

Answer 82

B. CO2 systems are effective because they suppress the oxygen supply required to sustain the fire.

Question 83

212.  Which of the following suppresses combustion through a chemical reaction that 
kills the fire? 
A. Water
B.  soda acid 
C.  Halon 
D. CO2

Answer 83

C. Halon

Question 84

221.  The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?
A. Nine feet high and three feet out.
B.  Eight feet high and three feet out.
C.  Eight feet high and two feet out.
D. Nine feet high and two feet out.

Answer 84

C. Eight feet high and two feet out.

Question 85

225. Under what conditions would the use of a Class C fire suppression system be preferable(優於) to the use of a Class A fire suppression system?
     A. When the fire is in its incipient stage.
     B. When the fire involves electrical equipment.
     C. When the fire is caused by flammable products.
     D. When the fire is located in an enclosed area.

Answer 85

B. When the fire involves electrical equipment.

Question 86

227. A business continuity plan (BCP) should have a structure that includes:
     A. A detailed section on incident and risk assessment covering all the organization’s key business activities.
     B. A detailed section on incident and risk assessment covering all the organization’s business activities.
     C. A brief section on incident and risk assessment covering all the organization’s key business activities.
     D. A brief section on incident and risk assessment covering all the organization’s business activities.

Answer 86

A. A detailed section on incident and risk assessment covering all the organization’s key business activities.

Question 87

228.  What should take place in order to restore a server, its files and data after a major system failure?
A. Restore from storage media backup
B.  Perform a parallel test
C.  Implement recovery procedures
D. Perform a check list test

Answer 87

A. Restore from storage media backup

Question 88

230. In addition to preventing loss of life and further injury, what other reason is there to immediately initiate an emergency plan after a disaster?
     A. Secure the area to prevent any looting, fraud or vandalism.
     B. Reduce likelihood of further damage
     C. Protect the site for forensic evidence
     D. Investigate the extent of the damages

Answer 88

A. Secure the area to prevent any looting, fraud or vandalism.

Question 89

231. When shopping for an off-site backup facility that will ultimately be used to store all your backup media, what is the most important factor to consider?
     A. The backup facility should be within 15 minutes of the original facility.
     B. The facility should contain an adequate number of PCs and servers and have raised flooring.
     C. The facility should have at least one armed guard.
     D. The facility should protect against unauthorized access and entry.

Answer 89

D. The facility should protect against unauthorized access and entry.

Question 90

234. What is the best description of a structured walk through test?
     A. It is a test to ensure that the critical systems will run at the alternate site.
     B. All departments receive a copy of the disaster recovery plan and walk through it.
     C. Representatives from each department come together and go through the test collectively.
     D. Operations are shifted to the emergency site and senior management reviews
     the plan on a line item by line item basis.

Answer 90

B. All departments receive a copy of the disaster recovery plan and walk through it.

Question 91

236. A business impact analysis would not likely include which of the following tasks?
     A. Calculating risk
     B. Identifying threats
     C. Selecting team members
     D. Identifying critical functions of the company

Answer 91

A. Calculating risk

Question 92

239.  Resuming critical business functions includes:
A. Determining the extent of damage
B.  Declaring a disaster
C.  Establishing the command center 
D. Contacting recovery team members

Answer 92

C. Establishing the command center

Question 93

244. Privacy laws generally include which of the following provisions:
     A. Individuals have the right to remove data that they do not wish disclosed.
     B. Government agencies must ensure that their data is accurate.
     C. Government agencies must provide access to all other government agencies.
     D. Government agencies may not use data for a purpose other than that for which it was initially collected.

Answer 93

D. Government agencies may not use data for a purpose other than that for which it was initially collected

Question 94

245.  What is the minimum and customary practice of responsible protection of assets that affects a community or societal norm?
A.  Due diligence
B.  Risk mitigation
C.  Asset protection
D.  Due care

Answer 94

D. Due care

Question 95

247.  Evidence may be not detected through:
A. Out of band communications
B.  Accidental discovery
C.  Audit trail review
D. Real-time intrusion monitoring.

Answer 95

B. Accidental discovery

Question 96

248.  Which of the following is not a valid X.509 V.3 certificate field?
A.  Subject’s public key information
B.  Subject’s X.500 name
C.  Issuer’s unique identifier
D.  Subject’s digital signature

Answer 96

D. Subject’s digital signature

Question 97

250.  What are the objectives of emergency actions taken at the beginning stage of a disaster? Preventing injuries, loss of life, and …
A.  determining damage.
B.  protecting evidence.
C.  relocating operations.
D.  mitigating damage.

Answer 97

D. mitigating damage.