CISMP Questions Flashcards

Question 1

Q

Which of the following provides an incorrect characteristic of a memory leak?

A. Common programming error

B. Common when languages that have no built-in automatic
garbage collection are used

C. Common in applications written in Java

D. Common in applications written in C++

Answer

A

Option C. provides an incorrect characteristic of a memory leak.

Memory leaks are common programming errors that occur when dynamic memory allocation is not managed properly, especially in languages that have no built-in automatic garbage collection, such as C and C++. Java, on the other hand, has built-in automatic garbage collection, which can help prevent memory leaks. Therefore, Option C is incorrect.

Question 2

Q

Which of the following is the best description of the security kernel and the reference monitor?

A. The reference monitor is a piece of software that runs on top of the security kernel. The reference monitor is accessed by every security call of the security kernel. The security kernel is too large to test and verify.

B. The reference monitor concept is a small program that is not related to the security kernel. It will enforce access rules upon subjects who attempt to access specific objects. This program is regularly used with modern operating systems.

C. The reference monitor concept is used strictly for database access control and is one of the key components in maintaining referential integrity within the system. It is impossible for the user to circumvent the reference monitor.

D. The reference monitor and security kernel are core components of modern operating systems. They work together to mediate all access between subjects and objects. They should not be able to be circumvented and must be called upon for every access attempt.

Answer

A

D. The reference monitor and security kernel are core components of modern operating systems. They work together to mediate all access between subjects and objects. They should not be able to be circumvented and must be called upon for every access attempt.

Question 3

Q

Which of the following statements describes the concept of non-repudiation?

A The ability to prove that an event occurred.

B The use of public key cryptography to prevent the republishing of keys.

C A technology-based non-disclosure agreement.

D Cyber security insurance to help reduce reputational harm.

Answer

A

A The ability to prove that an event occurred.

Non-repudiation is the concept in cybersecurity that ensures that the parties involved in a transaction or communication cannot deny their involvement in the exchange and cannot refute the authenticity of the message or action. It provides a way to prove the integrity of the transaction or communication and that it occurred as intended, without the possibility of one party later denying their involvement. This is typically achieved through the use of digital signatures or other cryptographic methods to create a tamper-evident record of the exchange. Option A, “the ability to prove that an event occurred,” accurately describes the concept of non-repudiation.

Question 4

Q

Which term describes the concept used in information security in which multiple layers of security controls are placed within a system?

A Defence in depth.

B Honeypot.

C Fail safe.

D Anti-malware.

Answer

A

A. Defence in depth

Defence in depth is a concept used in information security in which multiple layers of security controls are placed throughout an information technology system.

Question 5

Q

Which two terms are used in combination to define levels of risk?

A Threat and Impact.

B Threat and Vulnerability.

C Impact and Likelihood.

D Likelihood and Vulnerability.

Answer

A

C Impact and Likelihood.

The level of risk is determined by evaluating the potential impact of a threat and the likelihood of that threat occurring. Impact refers to the potential harm that could result from a threat, while likelihood refers to the probability of that threat occurring. By considering both factors together, an organization can determine the level of risk associated with a particular threat and take appropriate measures to manage or mitigate that risk.

Question 6

Q

Which of the following is NOT a principle of information security management?

a) Confidentiality

b) Integrity

c) Availability

d) Accountability

Answer

A

D. Accountability

The CIA principles consist of:
Confidentiality
Integrity
Availability

Question 7

Q

Ursula recently discovered that a group of developers are sharing information over a messaging tool provided by a cloud vendor but not sanctioned by her organisation. What term best describes this use of technology?

A) Shadow IT

B) System integration

C) Vendor management

D) Data exfiltration

Answer

A

A) Shadow IT

The term that best describes this use of technology is “Shadow IT.” Shadow IT refers to the use of technology, such as applications or services, by employees within an organization without the knowledge, approval, or oversight of the IT department or organization’s management. In this case, the developers are using a messaging tool provided by a cloud vendor that is not sanctioned or approved by Ursula’s organization. This unauthorized use of technology falls under the category of Shadow IT.

Question 8

Q

Adam is conducting software testing by reviewing the source code of the application. What type is code testing is Adam conducting?

A) Mutation testing

B) Static code analysis

C) Dynamic code analysis

D) Fuzzing

Answer

A

B) Static Code Analysis

The type of code testing that Adam is conducting by reviewing the source code of the application is “Static code analysis.” Static code analysis is a type of code testing that involves analysing the source code without actually executing it. It aims to identify potential coding issues, security vulnerabilities, coding standards violations, and other defects in the codebase. By reviewing the source code, Adam is performing a static analysis to identify any potential issues or areas that require improvement in the code.

Question 9

Q

Which of the following code testing techniques involves analysing the behaviour of a software application during its execution?

A) Mutation testing

B) Static code analysis

C) Dynamic code analysis

D) Fuzzing

Answer

A

C) Dynamic code analysis

Explanation: Dynamic code analysis, also known as runtime analysis, focuses on analysing the behaviour of a software application during its execution. It involves monitoring the application’s runtime characteristics, such as input data, function calls, and interactions with external systems, to detect runtime errors, performance issues, and security vulnerabilities. This technique provides insights into the application’s behaviour that may not be apparent from static code analysis or other testing techniques.

Question 10

Q

Which of the following best describes the purpose of fuzzing in software testing?

A) Verifying code syntax and formatting.

B) Assessing the performance and scalability of an application.

C) Identifying vulnerabilities and defects through unexpected input.

D) Evaluating user experience and interface design.

Answer

A

C) Identifying vulnerabilities and defects through unexpected input.

Fuzzing is a software testing technique that involves sending random or malformed data as input to an application to discover potential vulnerabilities or weaknesses in its handling of such input. By subjecting the application to unexpected or invalid input, fuzzing helps identify bugs, crashes, or security vulnerabilities that may not have been discovered through traditional testing methods. Well done!

Question 11

Q

What is the primary objective of mutation testing?

A) To identify defects in the source code

B) To generate random test cases for the application

C) To evaluate the effectiveness of the test suite

D) To measure the performance of the application

Answer

A

C) To evaluate the effectiveness of the test suite.

Mutation testing is specifically designed to assess the quality of the test suite by introducing small changes or mutations to the code and checking if the existing test cases can detect these mutations. It helps identify weaknesses in the test suite and improve its ability to catch potential defects in the code.

Question 12

Q

Wendy is scanning cloud based repositories for sensitive information. Which one of the following should concern her most if discovered in a public repository?

A) Product manuals

B) Secure code

C) API keys

D) Open source data

Answer

A

C) API (application programming interface) keys

If Wendy discovers API keys in a public repository, it should be a significant concern. API keys are sensitive credentials that provide access to various services and resources in an application or system. If exposed to the public, malicious actors could potentially misuse these API keys to gain unauthorized access, manipulate data, or launch attacks.

API keys are typically used for authentication and authorization purposes, allowing applications to interact securely with APIs and services. Exposing API keys in a public repository increases the risk of unauthorized access and potential data breaches.

It is important to protect API keys and keep them confidential. Best practices include storing them securely, using encryption, and restricting access to authorized individuals or systems.

Question 13

Q

What is a repository in the context of software development?

A) A secure storage facility for physical documents

B) A web-based platform for hosting and sharing code

C) A tool for tracking and managing project tasks

D) A programming language used for software development

Answer

A

B) A web-based platform for hosting and sharing code.

A repository in software development is a centralized location where developers can store, manage, and collaborate on code, making it easier to track changes, review code, and ensure version control. Examples of popular repositories include GitHub, Bitbucket, and GitLab.

Question 14

Q

What type of malware connects to a command and control system allowing attackers to manage, control and update it remotely?

A) Bot

B) Drone

C) Vampire

D) Worm

Answer

A

A) Bot.

A bot is a type of malware that connects to a command and control (C&C) system, allowing attackers to remotely manage, control, and update the infected device or network of devices. Bots can be used for various malicious activities, such as launching distributed denial-of-service (DDoS) attacks, stealing sensitive information, or spreading malware to other systems.

Question 15

Q

Which of the following metrics describes the type of information disclosure that might occur if an attacker successfully exploits the vulnerability?

A) Integrity

B) Availability

C) Scope

D) Confidentiality

Answer

A

D) Confidentiality

Confidentiality, in the context of information security, refers to the property of ensuring that data is accessible only to authorized individuals or entities. It involves protecting sensitive or classified information from unauthorized disclosure or access.

When an attacker successfully exploits a vulnerability, the type of information disclosure that occurs typically relates to confidentiality. It means that the attacker gains unauthorized access to sensitive information, such as personal data, financial records, intellectual property, or any other confidential information that should be protected.

Maintaining confidentiality is crucial to prevent unauthorized disclosure and protect the privacy and confidentiality of sensitive information. Organizations implement various security measures such as encryption, access controls, data classification, and secure communication protocols to ensure the confidentiality of their data.

Question 16

Q

Which of the following is a malicious program that self-copies and self-replicates?

A) Spyware

B) Bot

C) Virus

D) Rootkit

Answer

A

C) Virus

A virus is a type of malicious program that has the ability to self-copy and self-replicate by inserting its code into other legitimate programs or files. It spreads from one system to another by attaching itself to executable files, documents, or other data files. When the infected file is executed, the virus code is activated, allowing it to reproduce and infect other files or systems.

Viruses can cause various types of harm, such as data corruption, system instability, unauthorized access, and spreading to other connected devices or networks. They often have malicious payloads that can perform actions like deleting files, stealing information, or disrupting system operations.

To prevent virus infections, it is important to have up-to-date antivirus software, regularly scan systems and files for viruses, avoid downloading files from untrusted sources, and exercise caution when opening email attachments or clicking on suspicious links.

Question 17

Q

Renee is configuring her vulnerability management solution to perform credentialed scans of servers on her network. What type of account should she provide to the scanner?

A) Domain administrator

B) Local administrator

C) Root

D) Read-only

Answer

A

D) Read-only

Credentialed scans only require read-only access to target servers. Using a local administrator account would have similar issues but the problems caused by the scanner would be limited to the local system. The root account is just another name for the local administrator account. Renee should follow the principle of least privilege and limit the access available to the scanner by using a read-only account. Using a domain administrator account would provide far more privileges than necessary, allowing the scanner to potentially disrupt almost any device on the network.

Question 18

Q

Which role in the organisational structure is responsible for developing and implementing an information security program and providing guidance on cyber strategy at a strategic level?

A) CFO (Chief Financial Officer)
B) CIO (Chief Information Officer)
C) COO (Chief Operating Officer)
D) CISO (Chief Information Security Officer)

Answer

A

D) CISO (Chief Information Security Officer).

The CISO is responsible for developing and implementing an information security program and providing guidance on cyber strategy at a strategic level. This role ensures that information assurance is prioritized and accounted for within the organization’s structure.

Question 19

Q

Which senior leadership role is responsible for managing the finances and records of the company, ensuring financial reporting, and making business decisions based on sound financial criteria?

A) CEO (Chief Executive Officer)
B) CFO (Chief Financial Officer)
C) CIO (Chief Information Officer)
D) COO (Chief Operating Officer)

Answer

A

B) CFO (Chief Financial Officer)

The senior leadership role responsible for managing the finances and records of the company, ensuring financial reporting, and making business decisions based on sound financial criteria is the CFO (Chief Financial Officer).

Question 20

Q

In an organizational structure, which senior leadership role is responsible for managing the day-to-day operations of the company?

a) CEO (Chief Executive Officer)
b) CFO (Chief Financial Officer)
c) COO (Chief Operating Officer)
d) CISO (Chief Information Security Officer)

Answer

A

C) COO (Chief Operating Officer)

The senior leadership role responsible for managing the day-to-day operations of the company is the COO (Chief Operating Officer).

Question 21

Q

Which roles in the organizational structure are typically responsible for information security at a strategic level? Select two.

A) CEO (Chief Executive Officer)
B) CIO (Chief Information Officer)
C) CISO (Chief Information Security Officer)
D) CFO (Chief Financial Officer)

Please select two options from the provided choices.

Answer

A

B and C

The roles of CIO (Chief Information Officer) and CISO (Chief Information Security Officer) are typically responsible for information security at a strategic level. Well done!

Question 22

Q

Which roles are responsible for managing the financial aspects of a company? Select two options.

A) CEO (Chief Executive Officer)
B) CFO (Chief Financial Officer)
C) CIO (Chief Information Officer)
D) CISO (Chief Information Security Officer)

Answer

A

A) CEO (Chief Executive Officer)
B) CFO (Chief Financial Officer)

CEO (Chief Executive Officer): The CEO is the head of the company or organization and is responsible for overall management and decision-making. While the CEO may not directly handle financial matters on a day-to-day basis, they have the ultimate responsibility for financial performance and strategic financial decision-making.
CFO (Chief Financial Officer): The CFO is specifically responsible for managing the financial aspects of the company. This includes overseeing financial planning, budgeting, financial reporting, and ensuring compliance with financial regulations. The CFO plays a key role in making financial decisions that impact the organization’s operations and long-term financial health.

Both the CEO and CFO have important roles in managing the financial aspects of a company, with the CFO specifically focusing on financial management and reporting while the CEO holds the overall responsibility for the organization’s financial performance.

Question 23

Q

Which of the following responsibilities is typically assigned to an Information Security Manager (ISM)? (Select 2 possible answers)

A) Developing business strategies and financial planning

B) Conducting vulnerability assessments and penetration testing

C) Managing the organization’s human resources and personnel

D) Establishing and maintaining physical security controls

Remember, we are looking for the responsibility typically assigned to an Information Security Manager.

Answer

A

B) Conducting vulnerability assessments and penetration testing.
D) Establishing and maintaining physical security controls

The responsibility of an Information Security Manager typically involves overseeing the implementation of security controls and practices, including conducting assessments to identify vulnerabilities and performing penetration testing to assess the effectiveness of security measures. This helps ensure the organization’s systems and data are adequately protected against potential threats.

Establishing and maintaining physical security controls (option D) may fall under the responsibility of a different role, such as a Facilities Manager or a Physical Security Manager.

Question 24

Q

Which of the following responsibilities is typically associated with an Information Security Manager?

A) Designing network architectures and infrastructure

B) Developing and implementing security policies and procedures

C) Managing software development projects

D) Conducting forensic investigations

Answer

A

B) Developing and implementing security policies and procedures.

An Information Security Manager is primarily responsible for overseeing the development and implementation of security policies and procedures within an organization. This includes creating and enforcing security standards, guidelines, and best practices to protect the organization’s information assets. While network architecture and infrastructure (option A) may fall under the purview of an IT or network specialist, managing software development projects (option C) typically belongs to a software development or project management role. Conducting forensic investigations (option D) is often handled by a dedicated forensic analyst or incident response team.

Question 25

Q

Who typically chairs the Security Steering Committee within an organization?

A) Chief Executive Officer (CEO)

B) Chief Information Security Officer (CISO)

C) Chief Financial Officer (CFO)

D) Chief Operating Officer (COO)

Answer

A

Answer: B

The Security Steering Committee is usually chaired by the Chief Information Security Officer (CISO). This committee serves as a high-level forum to discuss security matters and support the security function within the organization. While other roles such as CEO, CFO, and COO may have involvement or participation in security-related decisions, the CISO is typically responsible for leading the Security Steering Committee.

Question 26

Q

What is one of the main functions of a Security Steering Committee within an organization?

A) Managing day-to-day security operations

B) Developing information security policies

C) Conducting security awareness training for employees

D) Implementing technical security controls

Answer

A

Answer: B

One of the main functions of a Security Steering Committee is to develop information security policies. This committee serves as a forum to discuss and approve documentation such as policies, standards, and procedures related to information security. While the committee may have oversight and involvement in various security-related activities, its primary role is to ensure the development and approval of effective policies that guide security practices within the organization.

Question 27

Q

Which of the following statements best describes the role of a Security Steering Committee in the context of information security governance?

A) The committee is responsible for performing daily security operations and incident response.

B) The committee serves as a centralized authority for approving and overseeing security projects and initiatives.

C) The committee is tasked with conducting vulnerability assessments and penetration testing.

D) The committee focuses on providing technical support for implementing security controls.

Answer

A

Answer: B

The role of a Security Steering Committee in information security governance is primarily focused on serving as a centralized authority for approving and overseeing security projects and initiatives. This committee ensures that security efforts align with the organization’s objectives, reviews and approves security-related documentation, and provides guidance and direction for security initiatives. While the committee may have oversight and involvement in other security-related activities, its primary responsibility lies in strategic decision-making and governance rather than daily operational tasks or technical support.

Question 28

Q

Which of the following is an essential element of a security awareness training program?

A) Limited to specific job roles within the organization

B) Outdated and irrelevant content

C) Tailored to senior management only

D) Promotes a security culture and behaviour change

Answer

A

D) Promotes a security culture and behaviour change.

Explanation: A security awareness training program should aim to create a security culture within the organization. It should not be limited to specific job roles but should be organization-wide. The content should be up to date, relevant, and tailored to the audience, including all staff members. The main objective of the program is to promote a change in behaviour, encouraging individuals to think before they act and to be more vigilant about security risks. By promoting a security culture, organizations can create a collective responsibility for security and improve their overall security posture.

Question 29

Q

What is an important aspect of a security awareness training program?

A) It should only be mandatory for employees in high-risk roles.

B) It should be a one-time event without any follow-up sessions.

C) It should be tailored to the specific needs and roles of individuals.

D) It should focus solely on compliance requirements.

Answer

A

C) It should be tailored to the specific needs and roles of individuals.

Explanation: Security awareness training programs should be designed to address the unique needs and roles of individuals within an organization. Different employees have varying levels of access to information assets and face different security risks based on their job responsibilities. Tailoring the training ensures that employees receive relevant and applicable knowledge to their specific roles, increasing the effectiveness of the program. It helps employees understand their personal responsibilities, recognize security threats relevant to their work, and adopt appropriate security behaviours.

Question 30

Q

Which of the following are important considerations when implementing a security awareness training program? (Select two.)

A) Making the training mandatory for all employees

B) Customizing the training content for different departments

C) Conducting periodic assessments to measure training effectiveness

D) Providing rewards and incentives for completing the training

E) Including technical jargon and complex concepts in the training materials

Answer

A

A) Making the training mandatory for all employees
C) Conducting periodic assessments to measure training effectiveness

When implementing a security awareness training program, it is important to make the training mandatory for all employees to ensure widespread participation and consistent knowledge. Additionally, conducting periodic assessments helps measure the effectiveness of the training program and identifies areas that may require further attention or improvement. Customizing the training content for different departments can also be beneficial, but it is not one of the required considerations mentioned in the question. Providing rewards and incentives can be helpful in motivating employees to complete the training, but it is not a universal requirement. Including technical jargon and complex concepts in the training materials may hinder understanding and should be avoided to ensure clear communication.

Question 31

Q

Which of the following best describes statutory requirements in information security?

A) Voluntary guidelines recommended for good security practices.

B) Best practices issued by industry associations.

C) Mandatory requirements imposed by governments or the legal system.

D) Standards developed by international organizations.

Answer

A

C) Mandatory requirements imposed by governments or the legal system.

Statutory requirements in information security refer to legal obligations that organizations must adhere to as prescribed by laws or regulations set by governments or the legal system. These requirements are not voluntary or optional, but rather mandatory for compliance. Well done!

Question 32

Q

Which of the following is an example of a statutory requirement in information security?

A) Best practice guidelines suggested by industry associations.

B) Recommendations from cybersecurity experts.

C) Data protection laws imposed by the government.

D) Internal policies and procedures developed by the organization.

Answer

A

C) Data protection laws imposed by the government.

Statutory requirements in information security refer to legal obligations imposed by government entities or the legal system. Data protection laws, such as the General Data Protection Regulation (GDPR), mandate how organizations should handle and protect personal data. Compliance with these laws is necessary to ensure the organization operates within the legal framework and protects individuals’ privacy rights. Well done!

Question 33

Q

Which of the following is an example of a jurisdictional statutory requirement in information security?

A) ISO 27001 certification

B) Payment Card Industry Data Security Standard (PCI DSS)

C) Health Insurance Portability and Accountability Act (HIPAA)

D) International Organization for Standardization (ISO) guidelines

Answer

A

C) Health Insurance Portability and Accountability Act (HIPAA).

HIPAA is a statutory requirement in the United States that sets standards for the protection of sensitive patient health information. It specifically applies to the healthcare industry and mandates the secure handling and storage of protected health information (PHI). Compliance with HIPAA is legally required for healthcare organizations and their business associates to ensure the privacy and security of patient data.

The other options listed in the question are not jurisdictional statutory requirements. Therefore, the correct answer is C) Health Insurance Portability and Accountability Act (HIPAA) as it represents a jurisdictional statutory requirement in information security.

(In the context of information security, jurisdictional statutory requirements may include laws, regulations, or acts that organizations must comply with to ensure the security and protection of data within a specific region. These requirements are legally enforceable and may cover various aspects such as data privacy, data protection, incident reporting, or specific industry regulations.)

Question 34

Q

Which of the following regulatory standards is specifically designed to govern the handling of payment card transactions?

A) HIPAA

B) FCA

C) GDPR

D) PCI-DSS

Answer

A

D)PCI-DSS

PCI-DSS specifically focuses on the security measures for handling payment card transactions.

Question 35

Q

Which regulatory standard is primarily concerned with safeguarding the privacy and security of individuals’ healthcare information in the United States?

A) FCA

B) PCI-DSS

C) GDPR

D) HIPAA

Answer

A

D) HIPAA,

HIPAA is the regulatory standard that governs the protection of healthcare records and ensures the privacy and security of individuals’ health information in the United States.

Question 36

Q

Which of the following is true about Advisory Requirements?

A) They are legally binding and enforceable by regulatory bodies.

B) They offer advice and suggested practices but are not legally binding.

C) They are issued by the government to penalize non-compliant companies.

D) They provide mandatory guidelines that businesses must adhere to.

Answer

A

B) They offer advice and suggested practices but are not legally binding.

Advisory Requirements provide recommendations and guidance to businesses but do not carry legal obligations or enforceability. They serve as valuable sources of information and best practices for organizations to enhance their security measures.

Question 37

Q

Which organization is known for providing advisory requirements and guidance on cybersecurity best practices in the United Kingdom?

A) National Cyber Security Centre (NCSC)

B) International Organization for Standardization (ISO)

C) Federal Trade Commission (FTC)

D) Health Insurance Portability and Accountability Act (HIPAA)

Answer

A

A) National Cyber Security Centre (NCSC).

The NCSC is known for providing advisory requirements and guidance on cybersecurity best practices in the United Kingdom. They act as a computer security incident response team (CSIRT) and provide support to businesses, disseminate information, conduct threat assessments, and offer general technical support in the field of cybersecurity.

Question 38

Q

Which of the following bodies serves as a computer security incident response team (CSIRT) and provides early warnings of threats, threat assessments, and technical support to various entities?

A) National Cyber Security Centre (NCSC)

B) Payment Card Industry Security Standards Council (PCI SSC)

C) Financial Conduct Authority (FCA)

D) International Organization for Standardization (ISO)

Answer

A

A) National Cyber Security Centre (NCSC)

The National Cyber Security Centre (NCSC) serves as a CSIRT and provides early warnings of threats, threat assessments, and technical support, making it the most suitable answer.

Question 39

Q

Which source provides guidance on best practices for implementing security measures and supports businesses in dealing with certain events?

A) Government agencies

B) Industry trade bodies

C) Vendors

D) All of the above

Answer

A

D) All of the above

Government agencies, industry trade bodies, and vendors frequently issue guidance and advice on implementing security measures and dealing with specific events, making all the options correct.

Question 40

Q

Which professional body is known for its focus on IT governance and offers certifications in audit, risk management, privacy, and information security?

A) ISSA

B) ISACA

C) ISC2

D) IISP

Answer

A

B) ISACA.

ISACA stands for Information Systems Audit and Control Association

ISACA is an international professional association focused on IT governance and offers certifications in various areas including audit, risk management, privacy, and information security.

Question 41

Q

Which professional organization specializes in training and certification for cybersecurity professionals, and is best known for the CISSP certification?

A) ISSA - International Systems Security Association

B) ISACA - Information Systems Audit and Control Association

C) ISC2 - International Information Systems Security Certification Consortium

D) IISP - Institute of Information Security Professionals

Answer

A

C) ISC2 - International Information Systems Security Certification Consortium.

ISC2 specializes in training and certification for cybersecurity professionals, and they are well-known for offering the CISSP (Certified Information Systems Security Professional) certification.

Question 42

Q

Which document provides step-by-step instructions for performing specific tasks related to information security?

A) Policies

B) Standards

C) Procedures

D) Guidelines

Answer

A

C) Procedures

Procedures are the documents that outline detailed instructions or steps to be followed when carrying out specific tasks related to information security. They provide specific guidance on how to perform actions in a consistent and secure manner.

Question 43

Q

Which document sets the overarching principles and expectations for information security within an organization?

A) Policies

B) Standards

C) Procedures

D) Guidelines

Answer

A

A) Policies

Policies are high-level documents that establish the overall principles, rules, and expectations for information security within an organization. They outline the goals, objectives, and acceptable behaviours related to information security and serve as a foundation for developing more detailed standards, procedures, and guidelines.

Question 44

Q

Which of the following characteristics should an Information Security Policy possess?

A) Detailed instructions on implementing security controls

B) A statement of intent and high-level guidance

C) Technical specifications for network infrastructure

D) Guidelines for incident response procedures

Answer

A

B) A statement of intent and high-level guidance.

The Information Security Policy is designed to provide a broad overview and direction for information security within an organization, outlining the business objectives and demonstrating senior management commitment to security. It provides high-level guidance rather than detailed instructions or technical specifications.

Question 45

Q

Which type of policy specifically outlines the rules and guidelines for the appropriate use of organization’s computer systems and networks?

A) Information Security Policy

B) Acceptable Use Policy

C) Password Policy

D) Privacy Policy

Answer

A

B) Acceptable Use Policy.

It specifically focuses on defining the acceptable and unacceptable use of an organization’s computer systems and networks by its employees and other authorized users. Well done!

Question 46

Q

Which of the following statements about standards is true?

A) Internal standards are derived from external organizations.

B) External standards require internal audits for verification.

C) ISO 27001 is an example of an internal standard.

D) Compliance with external standards promotes information security commitment.

Answer

A

D) Compliance with external standards promotes information security commitment.

External standards, such as ISO 27001, provide a recognized framework for information security management and demonstrate a commitment to maintaining a robust security posture.

Question 47

Q

Which of the following statements is true regarding procedures in an organization’s information security framework?

A) Procedures are optional and can be bypassed if needed.

B) Procedures provide high-level guidance and are not mandatory.

C) Procedures outline step-by-step instructions for carrying out processes.

D) Procedures are only applicable to technical aspects of information security.

Answer

A

C) Procedures outline step-by-step instructions for carrying out processes.

Procedures provide detailed instructions on how to perform specific tasks or processes within an organization, ensuring that they are carried out consistently and in the correct manner.

Question 48

Q

Which of the following characteristics best describes guidelines in the context of information security documentation?

A) Mandatory and must be followed strictly.

B) Prescriptive controls derived from industry best practice.

C) Step-by-step instructions for carrying out processes.

D) Discretionary information on how something could be achieved.

Answer

A

D) Discretionary information on how something could be achieved.

Guidelines in the context of information security documentation provide recommendations or suggestions on how to achieve certain goals or objectives, but they are not mandatory like policies, standards, and procedures.

Question 49

Q

Which of the following statements accurately describes the role of guidelines in information security documentation?

A) Guidelines are mandatory documents that must be followed by all employees.

B) Guidelines provide step-by-step instructions on how to carry out specific processes.

C) Guidelines are prescriptive controls that must be implemented to ensure compliance.

D) Guidelines offer discretionary information on how something could be achieved.

Answer

A

D) Guidelines offer discretionary information on how something could be achieved.

Guidelines provide suggestions, recommendations, or best practices on how to accomplish a task or objective, but they are not mandatory and allow for flexibility in implementation. Well done!

Question 50

Q

Which of the following best describes the purpose of an end user code of practice and acceptable use policy?

A) To establish guidelines for senior management’s ethical behaviour
.
B) To outline the responsibilities of employees in managing company resources.

C) To define the requirements for network infrastructure and security measures.

D) To provide training programs for end users on IT best practices.

Answer

A

B) To outline the responsibilities of employees in managing company resources.

The end user code of practice and acceptable use policy define the expected behaviour and guidelines for employees, contractors, and visitors when using company assets and resources. It helps ensure responsible and secure use of these resources. Well done!

Question 51

Q

Which of the following is a key purpose of an Acceptable Use Policy (AUP)?

A) Providing guidelines for senior management’s ethical behaviour

B) Defining the acceptable standards of conduct for end users

C) Outlining the technical specifications for company resources

D) Establishing the network infrastructure for remote access

Answer

A

B) Defining the acceptable standards of conduct for end users

An Acceptable Use Policy (AUP) is a document that defines the acceptable standards of conduct for end users when using company assets and resources. It outlines the rules and guidelines for appropriate and responsible use of technology within the organization. Well done!

Question 52

Q

What is an essential aspect of handling policy violations in an organization?

A) Granting exceptions to employees based on their position within the organization.

B) Consistently enforcing policies regardless of an employee’s position.

C) Ignoring policy violations if they occur at the C-level executive level.

D) Dealing with policy violations informally without involving legal and HR departments.

Answer

A

B) Consistently enforcing policies regardless of an employee’s position.

Policies should apply to all members of staff, regardless of their position within the organization, and the process for dealing with policy violations should be applied equally across the board.

Question 53

Q

What are some important considerations when dealing with policy violations within an organization?

A) Granting exceptions based on employee seniority

B) Applying consistent enforcement regardless of employee position

C) Ignoring minor policy violations to maintain employee morale

D) Allowing policy violations for employees with high performance

Answer

A

B) Applying consistent enforcement regardless of employee position.

It is essential to ensure that policy violations are dealt with consistently and fairly across all levels of the organization, from C-level executives to regular employees. This helps maintain a strong culture of compliance and reinforces the importance of adhering to organizational policies.

Question 54

Q

When should policies be reviewed?

A) Only when there are changes to systems and technologies.

B) After a defined time through periodic reviews.

C) Only in response to audits or incidents/breaches.

D) When there is a lack of compliance with policies.

Answer

A

B) After a defined time through periodic reviews.

Policies should be reviewed after a defined time through periodic reviews to ensure they remain current, relevant, and effective. Well done!

Question 55

Q

When should policies be reviewed in response to changes in working processes, systems, or legal requirements?

A) Only after a defined time through periodic reviews.

B) Only when there is a notification of new threats and vulnerabilities.

C) Only as a result of an incident or breach.

D) When there are changes to working processes, systems, or legal requirements.

Answer

A

D) When there are changes to working processes, systems, or legal requirements.

Policies should be reviewed and updated to reflect any changes that may impact their effectiveness or compliance. Well done!

Question 56

Q

What is the main purpose of security governance in an organization?

A) Enforcing compliance with internal policies
B) Reviewing and updating security documentation
C) Monitoring and responding to security incidents
D) Ensuring alignment with government regulations

Answer

A

D) Ensuring alignment with government regulations.

Security governance involves ensuring that the organization follows all relevant government regulations, in addition to compliance with internal policies and standards. It includes monitoring and oversight to validate compliance and may involve external accreditation bodies to verify the organization’s adherence to security measures.

Question 57

Q

Which of the following is a key aspect of security governance that ensures compliance with legal and regulatory requirements?

A) Incident response planning
B) Security awareness training
C) Risk assessment and management
D) Monitoring and oversight

Answer

A

D) Monitoring and oversight.

Monitoring and oversight are essential components of security governance to ensure compliance with legal and regulatory requirements.

Question 58

Q

Which of the following statements accurately describes the purpose of an audit in the context of governance and information security?

A) Audits ensure that policies and standards are created and documented.

B) Audits focus primarily on technology infrastructure and hardware.

C) Audits are conducted solely by internal personnel to maintain confidentiality.

D) Audits assess the compliance, effectiveness, and efficiency of security activities and processes.

Answer

A

D) Audits assess the compliance, effectiveness, and efficiency of security activities and processes.

Question 59

Q

Which of the following is a key characteristic of an effective audit process?

A) Conducted by internal stakeholders only

B) Biased towards specific departments or individuals

C) Limited to technological aspects of security

D) Independent and impartial evaluation of all aspects including technology, processes, and people

Answer

A

D) Independent and impartial evaluation of all aspects including technology, processes, and people.

An effective audit process should be conducted by an independent entity and cover all relevant aspects of security, including technology, processes, and people, without bias or favouritism.

Question 60

Q

Which of the following standards specifically focuses on privacy and the transfer of privacy data to third parties or other jurisdictions?

A) ISO 27000 series
B) GDPR
C) PCI-DSS
D) SOX

Answer

A

B) GDPR.

GDPR stands for General Data Protection Regulation and it specifically addresses privacy and the transfer of personal data to third parties or other jurisdictions. Well done!

Question 61

Q

Which industry standard deals with the financial oversight of publicly listed corporations?

A) ISO 27001
B) GDPR
C) PCI-DSS
D) SOX

Answer

A

D) SOX.

Sarbanes Oxley (SOX) is an industry standard that deals with the financial oversight of publicly listed corporations. It focuses on ensuring the accuracy and reliability of financial reporting and includes provisions for internal controls and audit requirements.

Question 62

Q

Which step of the PDCA cycle involves studying the results and comparing them with the expected outcomes?

A) Plan
B) Do
C) Check
D) Act

Answer

A

C) Check.

In the PDCA cycle, the Check step involves studying the results and comparing them with the expected outcomes to assess whether the objectives and processes are being achieved as planned. Well done!

Question 63

Q

Which step of the PDCA cycle involves establishing the objectives and processes necessary to deliver the expected results?

A) Plan
B) Do
C) Check
D) Act

Answer

A

A) Plan.

In the PDCA cycle, the “Plan” step involves establishing the objectives and processes necessary to deliver the expected results. Well done!

Question 64

Q

Which of the following is a key step in implementing an information security framework?

A) Conducting a one-time risk assessment

B) Implementing security controls without monitoring their effectiveness

C) Setting short-term goals for immediate results

D) Periodically re-evaluating risk and continually improving the process

Answer

A

D) Periodically re-evaluating risk and continually improving the process

Periodically re-evaluating risk and continually improving the process is a key step in implementing an information security framework. It ensures that the framework remains effective and aligned with the changing risk landscape and business requirements.

Answer 65

A

D) Identifying controls for reducing risk to acceptable levels.

Implementing an information security framework involves identifying and implementing appropriate controls to mitigate risks and ensure the security of the organization’s information assets.

Answer 66

A

A) To analyse the gaps between the current state and the desired state.

During the gap analysis stage of implementation, the focus is on identifying the gaps or discrepancies between the current state of the organization’s security practices and the desired state as defined by the information security framework. This analysis helps in understanding what needs to be done to bridge those gaps and align the organization with the desired security objectives.

Answer 67

A

D) Realistic and achievable, addresses business needs, reaches objectives within agreed timescales, and provides a return on investment.

A successful plan for information assurance is realistic and achievable, addresses the needs of the business, reaches its objectives within agreed timescales, and provides a return on investment. Well done!

Answer 68

A

B) Tailoring benefits to individual stakeholder requirements.

When selling the benefits of a security program, it is important to understand the needs and expectations of different stakeholders and communicate the advantages of the program in a way that resonates with them individually. This approach increases the chances of gaining their support and buy-in.

Answer 69

A

C) An event that disrupts the normal functioning of the business.

In the context of information security, an incident refers to an event that has an adverse impact on the operation of the business, such as a security breach, data breach, physical security breach, or denial of service attack. These incidents disrupt the normal functioning of the business and require appropriate management and response.

Answer 70

A

C) Planning and preparing for incidents in advance.

Incident management involves having predefined procedures, protocols, and plans in place to effectively respond to and manage incidents when they occur. By planning and preparing in advance, organizations can minimize the impact of incidents and mitigate risks effectively.

Answer 71

A

C) Containment

The BCS (British Computer Society) highlights the following steps: Reporting, Investigation, Assessment, Corrective Action, and Review.

Answer 72

A

D) To evaluate the effectiveness of the incident response and identify areas for improvement

The purpose of the “Review” stage in the incident management process is to evaluate the effectiveness of the incident response and identify areas for improvement. It involves analysing the incident, assessing the response actions taken, and determining if any changes or enhancements are needed to prevent similar incidents in the future.

Answer 73

A

C) Privacy issues with personal data.

Privacy regulations and requirements can vary from one jurisdiction to another, so organizations need to ensure they comply with the specific privacy laws and regulations applicable in the regions where they operate. Well done!

Answer 74

A

D) Trademarks and patents.

Intellectual property refers to creations of the mind, such as inventions, artistic works, designs, symbols, and names used in commerce. Trademarks and patents are specific types of intellectual property that are protected by legal frameworks to prevent unauthorized use or copying.

Answer 75

A

C) Common law

In the context of UK and international law, common law refers to a legal system based on the law of precedence. It is predominantly a jury-based system, where decisions and interpretations of the law are influenced by previous court rulings. Under common law, judges have the authority to make legal decisions and set legal precedents that other courts can follow in similar cases.

Answer 76

A

C) GDPR (General Data Protection Regulation).

GDPR is a regulation that was implemented by the European Union to protect the personal data and privacy of individuals within the EU. It establishes guidelines for the collection, processing, and storage of personal data by organizations. GDPR imposes strict requirements on organizations, including the need to obtain explicit consent for data processing, the right to access and delete personal data, and the obligation to implement appropriate security measures. It applies to all EU member states and has extraterritorial reach, meaning that it also applies to organizations outside the EU that handle the personal data of EU citizens.

Answer 77

A

B) HIPAA (Health Insurance Portability and Accountability Act).

HIPAA is a regulation in the United States that sets standards for protecting sensitive patient health information, ensuring its privacy and security. It applies to entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. The primary goal of HIPAA is to safeguard the confidentiality, integrity, and availability of protected health information (PHI) while allowing for the necessary exchange of healthcare data.

Answer 78

A

A) Security.

The principle of security states that personal data should be processed in a manner that ensures appropriate security, integrity, and confidentiality of the data. This means implementing measures to protect the data from unauthorized access, disclosure, alteration, or destruction. Security measures may include encryption, access controls, secure storage, and regular security assessments.

Answer 79

A

B) Purpose limitation.

The principle of purpose limitation states that personal data should be collected for a specific and legitimate purpose and should not be further processed in a manner that is incompatible with those purposes. Data minimization (option C) refers to collecting only the necessary and relevant data, while purpose limitation specifically focuses on the purposes of data processing.

Answer 80

A

C) Security

The principle that emphasizes the importance of handling personal data securely and implementing appropriate technical measures is the principle of “Security.” Well done!

Answer 81

A

C) Gaining unauthorized access to a computer system with the intention to steal sensitive data.

Gaining unauthorized access to a computer system with the intention to steal sensitive data is considered a violation of the Computer Misuse Act 1990 in the UK. This act prohibits unauthorized access, hacking, and misuse of computer systems without authority

Answer 82

A

A) Identity theft

Answer 83

A

A) Unauthorized access to a computer system.

This is considered an offense under computer misuse legislation, as it involves accessing a computer system without proper authorization or permission.

Answer 84

A

C) Legal requirements and industry regulations.

When defining a data retention policy, it is crucial to consider the legal requirements and regulations specific to the industry in which the company operates. Compliance with applicable laws ensures that the company retains data for the required duration and avoids any legal consequences.

Answer 85

A

D) The sensitivity and classification of the data.

When implementing a data retention policy, it is important to consider the sensitivity and classification of the data. Different types of data may have different retention requirements based on their sensitivity and the legal or regulatory obligations associated with them. By considering the sensitivity and classification of the data, organizations can ensure that appropriate retention periods and security measures are applied to protect the data effectively.

Answer 86

A

C) Trade secrets.

Trade secrets protect confidential information that gives a business a competitive edge, such as formulas, processes, customer lists, or other valuable proprietary information. Well done!

Answer 87

A

B) Trademark.

Trademarks are specifically designed to protect the visual identification of a product or organization, such as logos, symbols, or specific designs that help distinguish a brand from others in the market.

Answer 88

A

B) Duration of the contract and payment terms.

Answer 89

A

C) To ensure that sensitive information shared between the parties remains confidential.

Including a confidentiality clause in a contract helps protect the sensitive information exchanged between the parties involved. It establishes the obligation for both parties to maintain the confidentiality of any proprietary or confidential information disclosed during the course of their business relationship. This clause helps safeguard trade secrets, customer data, intellectual property, and other confidential information from unauthorized disclosure or misuse.

Answer 90

A

C) ISO (International Organisation for Standardisation).

ISO is responsible for developing a wide range of standards, including ISO 27001 for Information Security Management System.

Answer 91

A

D) ISO (International Organisation for Standardisation)

ISO, specifically ISO/IEC 27001 and ISO/IEC 27002, provides internationally recognized standards and guidelines for information security management systems (ISMS) and best practices for information security and risk management. These standards provide organizations with a framework to establish, implement, maintain, and continually improve their information security controls and processes. ISO/IEC 27001 is focused on the requirements for establishing an ISMS, while ISO/IEC 27002 provides guidance on implementing specific information security controls.

Answer 92

A

A) EAL 7.

EAL 7 represents the highest level of evaluation in the Common Criteria for product certification. It involves formal design review and testing, indicating a more thorough evaluation process. EAL 1 represents the lowest level, focusing on pure functionality, while EAL 4 is a commonly accredited level for modern operating systems and firewalls. ISO 15408 is the standard that embodies the Common Criteria.

Answer 93

A

D) EAL 7.

EAL 7 involves formally verified design and testing.

Answer 94

A

D) EAL 4

EAL 4 involves methodical design, testing, and review of the product. EAL 1 is functionally tested, EAL 3 is methodically tested and checked, and EAL 5 is semi-formally designed and tested. EAL 4 is a higher level that includes comprehensive design, testing, and review processes.

Answer 95

A

B) EAL 3

EAL 3: Methodically tested and checked.

Answer 96

A

A) IETF (Internet Engineering Task Force)

-IETF (Internet Engineering Task Force): Develops and promotes standards for the Internet. The standards are documented in RFCs (Request for Comment), which cover various aspects of Internet protocols and technologies.

Answer 97

A

A) ITU (International Telecommunications Union)

ITU (International Telecommunications Union): Responsible for technical specifications in information and communications technologies. ITU-T deals with telecommunications and defines standards using numerical titles, such as X.500 for Directory Services and X.509 for Digital Certificates.

Answer 98

A

C) NIST.

The National Institute of Standards and Technology (NIST) is an American non-regulatory body that provides guidance and best practices for American commercial organizations.

Answer 99

A

C. Content reviews

Alyssa can put in place content reviews (option C) as a control to protect against the risk of outdated security awareness program content. Content reviews involve regularly evaluating and updating the program’s materials, resources, and training materials to ensure they remain relevant and aligned with current technology trends and security practices. This control allows Alyssa to identify any outdated or inaccurate information and make necessary updates to keep the security awareness program up to date.

While options A, B, and D (gamification, computer-based training, and live training) are methods or approaches that can be used within a security awareness program, they do not directly address the specific risk of content becoming outdated. Content reviews are specifically focused on evaluating and updating the content itself to ensure its accuracy and relevance.

Answer 100

A

B. Residual risk

Residual risk is the risk that remains after efforts to identify and eliminate some or all types of risk have been made. Residual risk is important for several reasons. First to consider is that residual risk is the risk “left over” after security controls and process improvements have been applied.

Answer 101

A

E. Evaluated against the Common Criteria

When choosing a technical product to protect classified information, it is best to select one that has been evaluated against the Common Criteria. The Common Criteria is an internationally recognized standard for evaluating the security capabilities of information technology products. It provides a framework for assessing the security features and assurance levels of these products.

While other options mentioned in the question may also be important considerations, such as industry ratings, ISO27000 certification, recommendations by IT professionals, or guarantees, the Common Criteria evaluation holds particular significance when it comes to security products for classified information. It ensures that the product has undergone rigorous testing and evaluation to meet specific security requirements and standards.

Answer 102

A

A. A message digest calculated from a set of data

A hash function is a mathematical algorithm that takes an input (data) and produces a fixed-size string of characters, which is often referred to as a “hash” or “message digest.” The purpose of a hash function is to provide a unique representation of the input data. Even a small change in the input will produce a significantly different hash value. Hash functions are commonly used in various areas, such as data integrity checks, password storage, digital signatures, and data indexing.

Answer 103

A

A. Bobs Private Key

Bob can use his private key to digitally sign the email, which creates a digital signature unique to him. The digital signature ensures the integrity of the email, as any modifications to the email would invalidate the signature.

Answer 104

A

B) Code which is maliciously introduced into executable code.

A Trojan Horse refers to malicious software that appears to be legitimate or harmless but contains hidden malicious code or functionality. It is named after the ancient Greek story of the Trojan Horse, where a deceptive wooden horse was used to gain access to the city of Troy.

Trojans are typically disguised as legitimate files or programs and are often spread through social engineering techniques, such as email attachments, software downloads, or deceptive links. Once the Trojan is executed, it can perform various malicious activities, such as stealing sensitive information, modifying or deleting files, providing unauthorized access to the system, or facilitating further attacks.

Option B accurately describes the nature of a Trojan Horse, as it involves the malicious introduction of code into executable files or programs. The other options, such as a boot sector virus (A), code triggered by certain times or events (C), a virus that moves autonomously across a system (D), or a backdoor into a system (E), do not specifically capture the characteristics of a Trojan Horse.

Answer 105

A

D) Identification and Prioritization of critical business processes.

In the BCP (Business continuity planning) process, it is crucial to identify and prioritize the critical business processes within an organization. This involves analysing and understanding the dependencies, interconnections, and impact of each process on the overall functioning of the business. By identifying critical processes, organizations can allocate appropriate resources, develop strategies for their continuity, and prioritize recovery efforts in case of disruptions or disasters.

Answer 106

A

C) Senior Executives.

Gaining support from senior executives is essential for the successful implementation of Information Security Standards within an organization. Senior executives hold the authority and influence to allocate resources, set priorities, and make decisions that impact the organization as a whole. Their support is vital in establishing a culture of security, ensuring the necessary budget and resources are allocated, and driving the implementation of security standards throughout the organization.

Answer 107

A

A) When local legislation determines it as a requirement.

The reporting of security incidents to law enforcement agencies is typically determined by local legislation and regulations. Many countries have laws that mandate the reporting of certain types of security incidents, especially those involving significant breaches, data theft, cyberattacks, or illegal activities.

It is important for organizations to be aware of and comply with applicable laws and regulations regarding incident reporting. Failure to report incidents as required by law may result in legal consequences, penalties, or other adverse outcomes.

Answer 108

A

B) The Employer.

In general, when an employee develops an application during company working hours, even if it is relevant to the business but not directly related to their employment, the intellectual property rights are often assigned to the employer. This is because the work was created within the scope of employment and is considered a “work made for hire.” As such, the employer typically holds the rights to any intellectual property created by employees as part of their job responsibilities or during company time.

It’s important to note that intellectual property laws and employment agreements can vary, so it is always advisable for employees and employers to refer to specific contracts, policies, and local laws to determine the ownership of intellectual property rights in such situations. Consulting with legal professionals is recommended to ensure a clear understanding of rights and obligations related to intellectual property ownership.

Answer 109

A

D) Business Impact Analysis.

A Business Impact Analysis (BIA) assesses the potential impact of a threat or incident on critical business operations, processes, and objectives. By evaluating the potential consequences, such as financial losses, operational disruptions, reputational damage, regulatory non-compliance, or harm to human safety, a BIA helps prioritize threats based on their potential impact.

The severity of the threat’s potential impact on the organization’s ability to function and achieve its goals will often determine the priority given to addressing it. Threats that pose a higher risk to critical business functions or have the potential for significant negative consequences will typically be treated with a higher priority.

Answer 110

A

B) Request a User ID and Password to enable logon rights.

Requiring a user to provide a valid User ID and Password is a common method for authenticating users and granting access to a computer operating system. The user is prompted to enter their unique User ID (username) and a corresponding password that verifies their identity. If the provided credentials match the authorized user’s information stored in the system, access is granted.

Answer 111

A

E) Information Security Team, System Developers, and relevant Operational Staff.

The development of System Security Test and Evaluation Plans typically involves collaboration between multiple stakeholders to ensure comprehensive coverage and effective evaluation of the system’s security. The Information Security Team, System Developers, and relevant Operational Staff all play important roles in this process.

The Information Security Team is responsible for assessing and managing the security risks associated with the system. They have the expertise to identify the necessary security controls, define testing requirements, and ensure that the system meets the desired security objectives.

The System Developers are responsible for designing and implementing the system. They have in-depth knowledge of the system architecture, functionality, and potential vulnerabilities. Their input is crucial in identifying the areas that require testing and evaluation.

The relevant Operational Staff, such as system administrators or end-users, have operational insights and understand the practical aspects of using the system. Their involvement ensures that the test and evaluation plans align with the system’s operational requirements and real-world scenarios.

Answer 112

A

A) So that users understand the level of Confidentiality

C) So that users understand how to dispose of the document

E) So that users understand the contents of the document

Answer 113

A

A) Assurance.

Assurance is the concept that describes the amount of confidence an organization has in the effectiveness and adequacy of its security controls to meet the necessary security requirements. It is about having trust and belief that the implemented controls are operating as intended and providing the desired level of security.

Assurance is achieved through various activities such as security testing, audits, assessments, and evaluations. These processes help evaluate the effectiveness of controls, identify any vulnerabilities or weaknesses, and ensure that the organization’s security requirements are being met.

By having assurance in the security controls, organizations can have greater confidence in the protection of their assets, data, and systems, reducing the risk of security breaches and maintaining the desired security posture.

Answer 114

A

C) Defence in Depth.

Defence in Depth is the information security principle that requires an organization to implement overlapping security controls wherever feasibly possible. This principle emphasizes the use of multiple layers of security controls to provide a more robust and effective defence against potential threats and attacks.

By implementing overlapping security controls, an organization adds redundancy and diversity to its security measures. This approach ensures that even if one control fails or is bypassed, there are additional layers of defence in place to mitigate risks and protect the organization’s assets and information.

Defence in Depth helps to minimize the likelihood of a single point of failure and provides a comprehensive security strategy that addresses various attack vectors and vulnerabilities. It involves a combination of technical controls, policies, procedures, and awareness programs to create a layered defence approach.

Overall, implementing overlapping security controls based on the principle of Defence in Depth enhances the organization’s overall security posture and increases the difficulty for adversaries to breach the system or gain unauthorized access.

Answer 115

A

A) Understanding that different countries have differing legislation with respect to how information can be handled

With the increasing global operation of corporate organizations, understanding the differing legislation in different countries regarding information handling is likely to be the more important consideration for information security. This is because each country may have its own specific laws and regulations regarding data protection, privacy, and security.

By understanding and complying with the applicable legislation in each country of operation, organizations can ensure that they handle information in a manner that is legally compliant and aligned with the specific requirements of each jurisdiction. This may include considerations such as data storage, data transfer, consent requirements, breach notification, and other relevant aspects.

Failure to comply with the applicable legislation in any country can lead to legal and regulatory consequences, reputational damage, and loss of customer trust. Therefore, understanding and adhering to different countries’ legislation is crucial for maintaining strong information security practices and ensuring compliance in the global operating environment of corporate organizations.

Answer 116

A

B) The policy must be integral to all areas of an organization

When drafting a company’s information security policy, an important consideration is that the policy should be integral to all areas of the organization. Information security is a collective responsibility that involves all employees, departments, and functions within the organization. Therefore, the policy should reflect this by being inclusive and applicable to everyone.

Having the information security policy integrated throughout the organization helps to create a culture of security awareness and promotes consistent implementation of security practices. It ensures that all employees understand their roles and responsibilities in protecting the organization’s information assets and helps to establish a strong security posture across the board.

By making the policy integral to all areas of the organization, it becomes a guiding framework for decision-making, risk management, and day-to-day operations related to information security. This helps to minimize security vulnerabilities, maintain compliance with relevant standards and regulations, and protect the organization’s valuable data and resources.

Answer 117

A

D) The removal of confidential information from desks reduces the chances of opportunistic theft and keeps it available to the business.

An organization’s “clear desk” policy can be seen as a good example of “security as an enabler” because it enhances security while enabling the smooth functioning of the business. By implementing a clear desk policy, confidential information and sensitive documents are removed from desks when not in use, reducing the chances of opportunistic theft.

This security measure ensures that sensitive information remains protected and confidential, mitigating the risk of unauthorized access and data breaches. It also contributes to maintaining compliance with data protection regulations and standards.

Furthermore, by keeping desks clear of confidential information, it becomes readily available to the business and authorized individuals who require access to it. This promotes efficiency, productivity, and collaboration within the organization.

Overall, the “clear desk” policy not only improves security but also enables the organization to maintain a well-organized work environment, enhances compliance with data protection laws, and supports the smooth operation of day-to-day activities.

Answer 118

A

D) Corporate Board

The ultimate responsibility for risk management, as strengthened by legislation such as the Sarbanes-Oxley Act and the Companies Act, lies with the Corporate Board. The board of directors of an organization holds the highest level of responsibility for overseeing and managing risk-related matters within the company. They are accountable for establishing risk management strategies, setting risk appetite, ensuring compliance with applicable laws and regulations, and making critical decisions regarding risk mitigation and governance.

While other roles, such as IT managers, IT security teams, and supervisors, may play important roles in implementing and supporting risk management initiatives, the ultimate responsibility rests with the Corporate Board as they have the authority and fiduciary duty to protect the organization’s interests and ensure sound risk management practices are in place.

Answer 119

A

A) All staff

From an information assurance perspective, ensuring the security of information is not solely the responsibility of a specific department or role. It is a collective responsibility that extends to all staff members within the organization. Every individual, regardless of their position or role, has a role to play in protecting information assets, following security policies and procedures, and being vigilant against potential security risks.

Regarding the “security culture” perspective, fostering a culture of security within the organization is a shared responsibility among all staff members. This involves promoting security awareness, training employees on security best practices, encouraging reporting of security incidents, and actively participating in maintaining a secure work environment.

While roles such as the IT department, Chief Executive Officer (CEO), and Data Protection Officer (DPO) may have specific responsibilities related to information security, the overall responsibility for information security is shared by all staff members to ensure a comprehensive and effective security posture throughout the organization.

Answer 120

A

D) A disgruntled employee destroying backup files

Anyone deliberately destroying property or data is never an accident.

Answer 121

A

C) Risk = Impact * Likelihood

The relationship that best describes how a risk is determined is that the risk is equal to the impact multiplied by the likelihood. In risk assessment and management, the impact refers to the potential harm or damage that could result from a threat exploiting a vulnerability, while the likelihood represents the probability or chance of the threat actually occurring. Multiplying these two factors together provides a measure of the overall risk associated with a specific threat scenario. By considering both the potential impact and the likelihood, organizations can prioritize and allocate resources to effectively manage and mitigate risks.

Answer 122

A

B) Compromised supplier connected to an organization’s order system

Answer 123

A

C) In the database connected to the organization’s ecommerce website

When customer PII has been stolen from an organization’s online store using SQL Injection, the vulnerability that led to this exploit is typically found in the database connected to the organization’s ecommerce website. SQL Injection is a type of attack that exploits vulnerabilities in the way user inputs are handled in SQL queries. Attackers can inject malicious SQL code through user inputs, tricking the application into executing unintended database commands. If the website’s database is not properly secured or does not have sufficient input validation and sanitization mechanisms in place, it becomes susceptible to SQL Injection attacks, leading to unauthorized access and theft of sensitive information such as customer PII.

Answer 124

A

A) Loss of confidence by financial investors

When a financial institution experiences a cyberattack, it can result in a loss of confidence by financial investors. Cyberattacks can undermine trust in the institution’s security and ability to protect sensitive financial information. Investors may become concerned about the potential risks and vulnerabilities associated with the institution’s systems and operations. This loss of confidence can have significant impacts on the institution’s reputation, financial stability, and future investment prospects.

Answer 125

A

A) Identify, Analyse, Treat, and Monitor

The four main components of a risk management process, in the correct life-cycle order, are:

Identify: This involves identifying and recognizing potential risks and threats to the organization.

Analyse: Once risks are identified, they need to be analysed to understand their likelihood, potential impacts, and vulnerabilities.

Treat: After analysis, appropriate risk treatment strategies are implemented to mitigate or manage the identified risks.

Monitor: The risk management process should include ongoing monitoring and evaluation of the effectiveness of the implemented risk treatments, as well as the identification of new risks that may emerge.

This life-cycle order ensures a systematic and proactive approach to risk management, starting from risk identification, moving to analysis and treatment, and finally incorporating continuous monitoring to adapt and respond to changing risk landscapes.

Answer 126

A

C) Statistical chance of another attack recurring

In a quantitative risk assessment, various factors are considered to determine the likelihood and impact of a denial of service threat to an information system. One of the important pieces of evidence in this assessment is the statistical chance of another attack recurring. This involves analysing historical data and trends related to denial of service attacks to assess the probability of a similar attack happening again. By examining past occurrences and patterns, organizations can gain insights into the likelihood of future attacks and incorporate this information into their risk assessment process.

Answer 127

A

C) Encrypting the data

Encrypting the data strongly enough means that even if the data is lost it is potentially impossible to actually understand it.

(Risk Mitigation: The act of applying controls to reduce risk, sometimes called modification or risk reduction.)

Answer 128

A

B) Qualitative

The risk assessment approach that uses a risk matrix mapping risk likelihood against impact, typically represented as a 2x2, 3x3, or up to 5x5 sectors representing low, medium, or high risk levels, is the qualitative risk assessment. In qualitative risk assessment, risks are assessed based on subjective judgments rather than precise numerical values. The risk matrix provides a visual representation of the risk levels, allowing for a quick and intuitive understanding of the overall risk profile. The likelihood and impact of each risk are typically categorized into qualitative descriptors, such as low, medium, or high, and are then mapped onto the risk matrix to determine the risk level. This approach is useful for organizations that prioritize risk management based on general risk levels and do not require precise quantitative measurements.

Qualitative Risk Assessment: A subjective form of risk assessment that does not use specific values. May use words such as low, medium, high.

Quantitative Risk Assessment: an objective form of risk assessment based upon numerical values.

Answer 129

A

C) Impact

When conducting a qualitative risk assessment, the two most important risk elements that should form a major part of the analysis are likelihood and impact. Likelihood refers to the probability or chance of a risk event occurring, while impact refers to the potential consequences or severity of that event if it were to occur.

Assessing the likelihood and impact of risks allows organizations to prioritize and focus their efforts on addressing the most significant and potentially harmful risks. By understanding the likelihood of a risk event happening and the potential impact it could have on the organization, appropriate risk management strategies can be developed to mitigate or minimize the negative effects.

Answer 130

A

A) Single Point of Responsibility for Information Assurance

One of the key reasons for appointing a Chief Information Security Officer (CISO) at the Boardroom level is to establish a single point of responsibility for information assurance. The CISO is responsible for overseeing the organization’s information security program, including the development and implementation of policies, procedures, and controls to protect the organization’s information assets. By having a dedicated CISO at the Boardroom level, there is clear accountability and authority for information security matters. This helps ensure that information security is given the necessary attention and priority at the highest level of the organization and that it is integrated into strategic decision-making processes. The CISO’s role is crucial in managing and mitigating information security risks and aligning security initiatives with business objectives.

Answer 131

A

A) PCI-DSS

In the given scenario, where the e-commerce company has experienced a data breach on its credit card payment systems, the first priority for the company’s compliance audit would likely be the Payment Card Industry Data Security Standard (PCI-DSS). PCI-DSS is a set of security standards established by major credit card companies to ensure the protection of cardholder data. It outlines specific requirements for organizations that handle credit card transactions, including measures for securing payment systems, protecting customer data, and maintaining a secure network infrastructure. Given the nature of the data breach in the scenario, ensuring compliance with PCI-DSS would be crucial to address any vulnerabilities, protect customer information, and demonstrate adherence to industry security standards.

Answer 132

A

C) A policy sets out what needs to be done - a standard sets out how the policy should be implemented

The main difference between a security policy and a standard is that a policy outlines the objectives, goals, and requirements for information security within an organization, specifying what needs to be done to achieve a secure environment. On the other hand, a standard provides more specific and detailed guidance on how the policy should be implemented. Standards define the specific technical and operational measures, procedures, and controls that need to be followed to meet the requirements outlined in the policy. In summary, the policy sets the “what” of information security, while the standard defines the “how.”

Answer 133

A

D) Corrective Action

In the incident response process, the phase that involves designing new security controls to prevent the reoccurrence of a previous incident is the Corrective Action phase. This phase focuses on addressing the root causes and vulnerabilities that led to the incident. The security administrator, along with relevant stakeholders, will analyse the incident, identify the weaknesses in the existing security measures, and develop and implement corrective actions to mitigate those vulnerabilities. This may involve designing and implementing new security controls, updating policies and procedures, enhancing training programs, or implementing technical solutions to strengthen the overall security posture of the organization. The goal is to prevent similar incidents from happening in the future by addressing the underlying issues and improving the organization’s overall security resilience.

Answer 134

A

D) Log of recent security incidents

When developing an information security strategy, a log of recent security incidents would not typically be a direct consideration. While the organization can learn from past incidents to improve security measures, the focus of developing a strategy is on proactive planning and prevention rather than reacting to specific incidents. The strategy would typically address preventive measures, risk assessment, compliance requirements, emerging threats, and other proactive considerations rather than being solely based on the log of recent security incidents.

Answer 135

A

B) Illegal interception of information

From a legal perspective, illegal interception of information is considered to be a misuse of a computer. This refers to unauthorized access to someone else’s data or communications without their consent or lawful authority. It is a violation of privacy and often a criminal offense, as it involves unauthorized access and potential misuse of sensitive information. The specific laws and regulations regarding illegal interception may vary by jurisdiction.

Answer 136

A

A) When a statement is included in the organization’s information assurance policy or employee’s contract of employment

Under certain circumstances, it may be legal for an employer to monitor an employee’s online communication if there is a clear statement in the organization’s information assurance policy or the employee’s contract of employment explicitly stating that such monitoring may occur. This ensures that employees are aware of the possibility of monitoring and provides a legal basis for the employer to conduct such monitoring. It is important for organizations to follow applicable laws and regulations regarding employee privacy and data protection when implementing monitoring practices.

Answer 137

A

B) Any digital forensics investigator handling digital evidence must be competent to do so

The principle that any digital forensics investigator handling digital evidence must be competent to do so is considered best practice for several reasons:

Preservation of integrity: Digital evidence is often fragile and susceptible to alteration or damage. Competent investigators are trained to handle and preserve digital evidence without compromising its integrity. They understand the proper procedures for acquiring, documenting, and analysing digital evidence while minimizing the risk of unintentional changes or tampering.

Admissibility in court: In legal proceedings, digital evidence must meet certain standards of admissibility. Courts require that evidence is collected and handled by qualified individuals who can demonstrate their expertise and adherence to recognized forensic practices. Having competent investigators ensures that the evidence can withstand scrutiny in court and increases the likelihood of its acceptance as valid and reliable.

Accuracy and reliability: Competent investigators possess the necessary knowledge and skills to perform thorough and accurate examinations of digital evidence. They understand the technical aspects involved in data recovery, analysis, and interpretation. Their expertise helps ensure that the evidence is properly understood, evaluated, and presented, enhancing its reliability and credibility.

Chain of custody: Competent investigators are well-versed in maintaining a proper chain of custody for digital evidence. They document each step of the handling process, including its collection, storage, and transportation, to ensure its integrity and prevent any claims of tampering or mishandling. A reliable chain of custody strengthens the evidentiary value of the digital evidence and maintains its credibility in court.

By adhering to the principle that only competent digital forensics investigators should handle digital evidence, organizations and legal authorities can ensure the preservation, reliability, and admissibility of the evidence in legal proceedings.

Answer 138

A

B) Restrictions on the transmission of symmetric and/or asymmetric keys over communication networks

When transferring encrypted information or cryptography-based tools between legal jurisdictions, it is essential to consider various factors to ensure compliance with regulations and legal requirements. Restrictions on the transmission of encryption keys over communication networks are a critical factor to be considered.

Encryption keys are crucial for decrypting encrypted information, and their transmission can pose security risks if not properly regulated. Many countries have specific laws and regulations governing the transmission of encryption keys to prevent unauthorized access to sensitive information. Therefore, understanding and complying with the restrictions related to the transmission of encryption keys is an important consideration during the transfer process.

By adhering to these regulations, organizations can ensure the secure transfer of encrypted information and cryptography-based tools while complying with the legal requirements of different jurisdictions.

Answer 139

A

C) Copyright law.

Copyright law grants exclusive rights to the creator or owner of the software, including the right to reproduce, distribute, and control derivative works. By obtaining copyright protection, the software’s source code is legally protected, and unauthorized copying or use can be addressed through legal action.

Answer 140

A

C) ISO.

ISO (International Organization for Standardization) is a standards body that develops and publishes international standards. ISO 27001 is the standard specifically related to information security management systems (ISMS).

Answer 141

A

D) IETF (Internet Engineering Task Force)

Internet Engineering Task Force produce standards called RFC’s on IP and associated applications.

The Internet Engineering Task Force (IETF) is responsible for publishing technical standards and protocols that ensure interoperability of internet protocols and applications. It is a global community of network designers, operators, vendors, and researchers who work together to develop and evolve internet standards. The standards produced by the IETF play a crucial role in enabling different devices, networks, and applications to communicate and function effectively on the internet. These standards are open and freely available, allowing for widespread adoption and implementation across various platforms and systems.

Answer 142

A

B) ISO15408

ISO15408 in its entirety is meant to be used as the basis for evaluation of security properties of IT products.

ISO15408, commonly referred to as Common Criteria, is an internationally recognized standard for evaluating the security functions of IT products. It provides a framework for assessing the security features and capabilities of various software and hardware components. The goal of Common Criteria is to ensure that IT products meet specific security requirements and offer sufficient protection against potential threats.

Common Criteria employs a rigorous evaluation process that involves testing and analysis to determine if the security mechanisms implemented in the product are reliable and effective. It considers various aspects such as access control, authentication, data protection, and secure communication. The evaluation is performed by independent and accredited evaluation laboratories.

By adhering to the Common Criteria standard, organizations can have confidence in the security of the IT products they procure. It helps ensure that the products meet specific security requirements and can be trusted to handle sensitive information securely. Common Criteria provides a consistent and internationally recognized approach to assessing the security of IT products, making it an essential framework for evaluating the design and implementation of security functions.

Answer 143

A

B) ISO/IEC13335

ISO/IEC 13335 covers the concepts and models fundamental to a basic understanding of IT security, and addresses the general management issues that are essential to the successful planning, implementation and operation of IT security.

ISO/IEC 13335 is an international standard that specifically deals with the management of IT security, focusing on the technical security control measures. It provides guidance on the implementation of security controls, risk assessment, and security incident management. This standard helps organizations establish and maintain effective security practices to protect their information assets. It covers a wide range of topics related to IT security, including network security, system security, application security, and security operations. ISO/IEC 13335 is widely recognized and used by organizations worldwide as a reference for implementing effective IT security measures.

Answer 144

A

A) ITIL

ITIL, formerly an acronym for Information Technology Infrastructure Library, is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business.

ITIL (Information Technology Infrastructure Library) is a widely recognized framework for IT Service Management. It provides guidance and best practices for managing IT services, including processes such as configuration management, change control, and service level agreements.

Answer 145

A

B) Create, Store, Retrieve, Use, Remove

The life span of data/information expressed in the five phases of creation, storage, retrieval, use and final disposition.

CSUSAD:
Create – just another word for acquisition

Store – stored upon a disk or other persistent medium

Use – we use it, process it as part of our job

Share – we may share it with others -securely

Archive – a different one, at the end of its working life we may need to retain the data so we store it in archive where we can retrieve it when necessary

Destroy – this can be at end of life or after the retention period in the archive has expired

Answer 146

A

D) Printing a document

To print a document, the information has already been created.

Printing a document is not a form of generating or acquiring information as part of the information lifecycle. It is a process of producing a physical copy of existing digital or physical information. In the context of the information lifecycle, the stages typically involve creating or generating information, storing or capturing it, retrieving or accessing it, and using or processing it. Printing a document is a means of output or dissemination rather than a method of generating or acquiring new information.

Answer 147

A

C) Sending a tweet advertising an event

Tweeting information is publishing the data to a wider audience.

Answer 148

A

A) Software Development, Quality Assurance, and Operations

The DevOps model emphasizes collaboration and integration between software development teams, quality assurance teams, and operations teams.

Software Development involves the creation and coding of software applications and systems.

Quality Assurance (QA) focuses on testing and ensuring the quality and functionality of the software.

Operations involve the deployment, monitoring, and maintenance of the software in production environments.

By combining these three components, the DevOps model aims to streamline the software development lifecycle, improve communication and collaboration, and enhance the overall efficiency and reliability of software delivery.

Answer 149

A

D) Technology, data, application, and business

The Open Group Architecture Framework (TOGAF) is a framework for enterprise architecture that provides an approach for designing, planning, implementing, and governing an enterprise information technology architecture. It is typically modelled at four levels: Business, Application, Data, and Technology.

The four architecture domains commonly accepted in the overall enterprise architecture supported by TOGAF are:

Technology: This domain focuses on the hardware, software, and technology infrastructure required to support the organization’s operations. It includes defining technology standards, platforms, and infrastructure components.

Data: This domain deals with the management and governance of data within the organization. It includes data modelling, data architecture, data governance, and data management practices.

Application: This domain addresses the design, development, and management of software applications that support the organization’s business processes. It includes application architecture, application portfolio management, and application integration.

Business: This domain focuses on understanding the organization’s business strategy, goals, processes, and organizational structure. It includes defining business functions, business capabilities, and business processes.

These four domains provide a holistic approach to enterprise architecture, covering technology, data, applications, and business aspects. They help organizations align their IT systems with business objectives, ensure efficient data management, enable effective application development, and support overall business operations.

Answer 150

A

B) Change Control

Change control is a process used to manage and control changes to a system or environment. In the given scenario, the organization should adopt the change control process to ensure that the firewall rules are thoroughly tested before deployment on a production system.

Change control involves a systematic approach to reviewing, approving, and implementing changes. It typically includes steps such as documenting the proposed changes, assessing the potential impact of the changes, obtaining approvals from relevant stakeholders, testing the changes in a controlled environment, and implementing the changes in a controlled manner.

By following the change control process, the organization can ensure that any new firewall rules are properly tested before being deployed in a production system. This helps identify and address any access problems or compatibility issues that may arise due to the changes. It also helps maintain the stability and security of the system by ensuring that changes are properly reviewed and controlled.

Answer 151

A

A) Audit Logging

Audit logging is a logging mechanism that captures and records security-related events and actions, providing a detailed record of activities for review and analysis. It helps track and monitor user activities, system changes, and access attempts, allowing administrators to investigate and analyse events related to remote console connections.

By enabling audit logging, the administrator can track and review information such as who accessed the console, when the access occurred, and any actions performed during the session. This information can be crucial for security analysis, troubleshooting, compliance, and forensic purposes.

Other logging forms mentioned in the options, such as flow logging, route logging, and trace logging, are more focused on specific network operations or data flow analysis and may not provide the detailed information required for monitoring remote console connections. Audit logging, on the other hand, is specifically designed for capturing security-related events and is well-suited for monitoring and analysing console connection activities.

Answer 152

A

A) Open source

Open source software refers to software programs that provide the complete source code to the public, allowing anyone to view, modify, and distribute it freely. Open source software is typically developed in a collaborative manner by a community of developers who contribute to its improvement. This openness encourages transparency, innovation, and collaboration among developers. Users have the freedom to inspect, modify, and distribute the software according to their needs. Examples of popular open source software include Linux operating system, Apache web server, and the Firefox web browser.

Answer 153

A

C) Dynamic Testing

Dynamic Testing is a methodology that involves testing an application or system by executing it and observing its behaviour in real-time. It focuses on evaluating the system’s response to inputs and interactions, without requiring knowledge of the underlying source code or vulnerabilities. This type of testing simulates real-world usage scenarios to identify issues such as functional errors, performance bottlenecks, security vulnerabilities, and other behaviour-related problems. It is particularly effective in uncovering runtime issues that may not be apparent during static analysis or code review.

Answer 154

A

D) Risk that in-house development routines have not been patched

When using third-party libraries in software development, there are several risks associated with them. Let’s analyse each option:

A) Risk that malware toolkits can be written into untrusted libraries: Third-party libraries may contain malicious code or vulnerabilities that can introduce malware into the application.

B) Risk that common cryptographic routines may reveal secure data: Third-party libraries may implement cryptographic algorithms incorrectly, leading to security vulnerabilities that could compromise the confidentiality of sensitive data.

C) Risk that software libraries have not been tested by the user community: Third-party libraries may lack proper testing and validation, increasing the likelihood of undiscovered bugs or vulnerabilities.

D) Risk that in-house development routines have not been patched: This option does not directly relate to the use of third-party libraries. It refers to the organization’s internal development routines and the need to keep them up to date with necessary patches and updates.

Therefore, option D is the one that is NOT specifically associated with using third-party libraries.

Answer 155

A

A) Security clearance and vetting.

Explanation: When an employer wants a high degree of confidence in the trustworthiness of an individual who will be handling confidential data, the process of security clearance and vetting is typically adopted. This involves conducting background checks, verifying credentials, and assessing the individual’s trustworthiness, integrity, and reliability. Security clearance may involve various levels depending on the sensitivity of the data being handled. By implementing security clearance and vetting procedures, employers can mitigate the risk of unauthorized access, data breaches, and insider threats.

Answer 156

A

A) Contract of Employment.

The contract of employment is a legal document that outlines the terms and conditions of employment between the employer and the employee. It typically includes clauses related to the employee’s responsibilities, including their responsibilities regarding information security. The contract of employment sets the expectations and obligations of both parties and serves as a legally binding agreement. Therefore, it is the document that should be the final arbitrator when considering an employee’s personal responsibility for information security. The other options, such as the annual tax return, service level agreement, and acceptable use policy, may be relevant in certain contexts but do not have the same legal weight and authority as the contract of employment.

Answer 157

A

B) Segregation of Duties.

Segregation of Duties is a principle in information security and internal control that aims to prevent conflicts of interest and ensure accountability. It involves distributing tasks and associated privileges among multiple individuals to create a system of checks and balances. By separating key administrative tasks and responsibilities, no single individual has complete control or authority over critical functions, reducing the risk of fraud, errors, and unauthorized activities. This helps to ensure that no single person can abuse their privileges or manipulate systems for malicious purposes.

Answer 158

A

C) An employee’s individual contractual hours.

The End User Code of Practice typically focuses on guidelines and expectations related to the use of technology, security practices, and acceptable behaviour within the organization. It is not directly related to an employee’s contractual hours, which are usually governed by employment contracts or policies separate from the code of practice. The other options (A, B, and D) are all relevant topics for inclusion in an End User Code of Practice as they pertain to the appropriate use of technology resources, security measures, and reporting obligations.

Answer 159

A

A) Ability to audit a third-party supplier complying with contractual security requirements.

When managing the risks associated with third-party suppliers’ information security, it is important for a business to have the ability to audit the supplier’s compliance with contractual security requirements. This ensures that the supplier is adhering to the agreed-upon security measures and protocols, reducing the risk of data breaches or other security incidents. By conducting audits, the business can assess the supplier’s security practices and identify any potential vulnerabilities or areas for improvement. This helps in maintaining a higher level of information security within the business’s supply chain.

Answer 160

A

D) Software Tokens.

Software tokens are a type of multi-factor authentication technique that provides a combination of flexibility and low management overhead. Software tokens are typically implemented as mobile apps or software applications installed on a user’s device. They generate one-time passwords (OTPs) that can be used for authentication.

Compared to other options listed, such as synchronous and asynchronous hardware tokens or biometrics, software tokens offer greater flexibility as they can be easily deployed and managed without the need for physical tokens or specialized hardware. They can be installed on a wide range of devices, including smartphones and computers, making them convenient for users. Additionally, software tokens can be easily updated or revoked by the administrator, reducing management overhead.

Overall, software tokens strike a balance between security and convenience, making them a suitable choice for organizations seeking multi-factor authentication with flexibility and minimal management requirements.

Answer 161

A

C) Decentralised access control.

Decentralised access control refers to a model where access control decisions and enforcement are distributed across multiple locations or entities. In this system, each office or location has its own access control mechanisms and is responsible for managing access to its resources independently. This approach allows each office to have more control over its own access control policies and decisions, making it suitable for organizations with dispersed offices and limited connectivity between them.

Decentralised access control offers flexibility because it allows local administrators or office managers to adapt access control policies to their specific needs and requirements. It does not rely heavily on centralized infrastructure or constant connectivity between offices, which can be challenging in situations with poor Internet connectivity.

By implementing decentralised access control, each office can independently manage access to its resources, reducing dependence on central systems and providing greater flexibility in adapting to local conditions and requirements.

Answer 162

A

B) Authorization Permissions.

In the context of a Linux file system, the combinations of “rwx” represent the authorization permissions associated with each file and directory. Each character in the combination represents a specific permission:

“r” stands for read permission, allowing the user to view the contents of a file or list the contents of a directory.
“w” stands for write permission, allowing the user to modify or delete a file or create, delete, or rename files within a directory.
“x” stands for execute permission, allowing the user to execute a file (if it is a program or script) or access a directory and its contents.

These permissions can be assigned to three categories of users: the owner of the file, the group that the file belongs to, and others (all users not falling into the previous two categories). The combinations of “rwx” are displayed in sequence for each category, indicating the respective permissions for each.

For example, “rwxr-xr–” indicates that the owner has read, write, and execute permissions, the group has read and execute permissions, and others have only read permission.

By examining these permission combinations, users can determine who has what level of access to a particular file or directory and can manage access control accordingly.

Answer 163

A

C) Use well-remembered names or phrases from a social media profile.

Using well-remembered names or phrases from a social media profile can make passwords more vulnerable to guessing or dictionary attacks. It is generally recommended to use complex and unique passwords that are not easily guessable or associated with personal information.

Answer 164

A

B) Media is labelled at the highest level of classification of the information it contains.

Media might contain many different data objects so must be treated as its highest classification.

When an organization labels its media based on the classification of the data it contains, the typical practice is to assign the label at the highest level of classification. This ensures that the media is appropriately marked with the highest level of sensitivity associated with the information it holds. By labelling at the highest level, it helps enforce access controls and security measures that are appropriate for handling and protecting the classified information.

Answer 165

A

C) Social Engineering.

Penetration Testing: The process of evaluating the security footprint of computer systems by simulating the methods of a hacker.

Social engineering is a penetration testing technique that involves manipulating individuals through psychological manipulation or deception to gain unauthorized access to information systems. In the context of security training and awareness, social engineering tests the organization’s employees’ ability to identify and respond appropriately to social engineering attacks, such as phishing emails, phone scams, or impersonation attempts. By simulating these attacks, an organization can assess the effectiveness of its security training programs and identify areas for improvement in employee awareness and response to potential threats.

Answer 166

A

A) Everyone within the organisation

In preparing an organization for a potential disaster recovery situation, it is crucial that everyone within the organization receives initial business continuity training. This ensures that all employees have a basic understanding of their roles and responsibilities in the event of a disaster and are equipped with the necessary knowledge to take appropriate actions. By providing training to all employees, the organization can create a culture of preparedness and ensure that everyone has a shared understanding of the organization’s disaster recovery plans and procedures. This inclusive approach helps to maximize the organization’s overall readiness and response capabilities in the face of a disaster.

Answer 167

A

B) “Capture the Flag” competitions.

“Capture the Flag” (CTF) competitions are widely recognized as a legitimate and ethical way for individuals involved in penetration testing to apply their training and skills. In CTF competitions, participants are presented with various challenges that simulate real-world security scenarios. They are tasked with identifying vulnerabilities, exploiting systems, and retrieving “flags” or pieces of information. CTF competitions provide a controlled environment where participants can practice their ethical hacking techniques and demonstrate their abilities while abiding by the law and respecting the rules set by the competition organizers.

Answer 168

A

D) Watching industry webinars held by a security professional body

Watching industry webinars conducted by reputable security professional bodies is an effective way for professionals to stay informed about the latest technical cyber threats. These webinars are typically conducted by experts in the field and provide valuable insights, updates, and best practices related to cybersecurity. They offer reliable and up-to-date information that is relevant to the industry, making them a trusted and authoritative source for staying informed about emerging threats and security trends.

On the other hand, options A, B, and C may provide some information, but they are not considered as authoritative sources for technical cyber threats. Social media posts may lack credibility and accuracy, dark web forums are often associated with illegal activities and may not provide reliable information, and internal company security awareness courses may not cover the broader industry-specific threats.

Answer 169

A

A) Secure coding training never finishes and always needs refreshing.

Secure coding is a critical skill for application developers to ensure that their software is resilient against security vulnerabilities. However, the field of application security is constantly evolving, with new threats and attack techniques emerging regularly. Therefore, it is essential for developers to continuously update their knowledge and skills to stay current with the latest security practices. Secure coding training should be an ongoing process, and developers should regularly refresh their knowledge and stay informed about new security vulnerabilities, best practices, and mitigation techniques. This helps ensure that the applications they develop remain secure and resilient over time.

Answer 170

A

B) Worm.

A worm is a type of malicious software that can spread across computer networks without requiring any user intervention. It is capable of replicating itself and spreading from one system to another by taking advantage of vulnerabilities in network protocols or operating systems. Unlike viruses, worms do not need to attach themselves to host files or programs to propagate. They can independently move through a network, infecting vulnerable systems and potentially causing widespread damage.

Answer 171

A

C) This is a phishing attack

A phishing attack is a type of cyber attack where the attacker disguises themselves as a trustworthy entity in order to trick individuals into revealing sensitive information such as login credentials, financial details, or personal information. In this scenario, the suspicious email from the organization’s suppliers, requesting payment of an attached invoice, is a common tactic used in phishing attacks. The goal is to deceive the accounts clerk into opening the attachment or clicking on a malicious link, which could lead to the compromise of sensitive information or the installation of malware. It is important for individuals to be cautious and verify the authenticity of such emails before taking any action to prevent falling victim to phishing attacks.

Answer 172

A

A) Gather intelligence from dark web malware forums

Open source intelligence is derived from data and information that is available to the general public

Dark web malware forums can provide valuable insights into the latest malware attacks and techniques used by cybercriminals. These forums are typically hidden and require specific tools or access to reach them. However, they can be a valuable source of information for cybersecurity professionals to gather intelligence on new virus malware attacks.

In dark web malware forums, cybercriminals may share information about newly discovered vulnerabilities, exploit kits, malware variants, and techniques for evading detection. By monitoring these forums, security professionals can gain insights into emerging threats and understand the tactics used by attackers.

It is important to note that accessing and participating in dark web forums may raise legal and ethical concerns. It should only be done by authorized individuals with the appropriate knowledge and permissions. Additionally, relying solely on dark web forums may not provide a comprehensive understanding of the threat landscape, and it should be complemented with other sources of information, such as security advisories, research reports, and collaboration with cybersecurity communities.

Answer 173

A

B) OWASP.

OWASP (Open Web Application Security Project) is an organization that focuses on improving the security of web applications. They provide valuable resources, tools, and guidance for web application security. Their materials, such as the OWASP Top 10 list of web application vulnerabilities, can help security analysts understand the common attack vectors and the controls necessary to protect web servers and applications.

PCIDSS (Payment Card Industry Data Security Standard) is a set of security standards specifically designed for organizations that handle payment card data. While it includes requirements for securing web applications, its scope is primarily focused on the protection of payment card information.

IETF (Internet Engineering Task Force) is an organization that develops and promotes Internet standards. While they may contribute to the development of security standards and protocols, their materials may not specifically address the controls necessary for protecting web servers and applications.

CSA (Cloud Security Alliance) is an organization that focuses on promoting best practices for secure cloud computing. While they may provide guidance on securing web-based applications within a cloud environment, their materials may not cover the full range of controls needed for all web servers and applications.

Answer 174

A

B) Reflected Input.

Cross-site scripting (XSS) is a type of security vulnerability that allows attackers to inject malicious scripts into web pages viewed by users. Reflected Input refers to the situation where user-supplied input is immediately reflected back to the user without proper validation or sanitization. This can occur when input provided by a user is not properly encoded or escaped before being displayed on a web page. Attackers can exploit this vulnerability by injecting malicious code that gets executed in the context of other users’ browsers, potentially leading to unauthorized actions or theft of sensitive information.

Input Validation (option A) is a general security practice to ensure that user inputs meet the expected format, type, or range. While it is important for overall application security, it alone does not specifically address the vulnerability of XSS.

Token Injection (option C) refers to a different type of attack where an attacker manipulates authentication tokens to gain unauthorized access. It is not directly related to XSS.

Man in the Middle (option D) is a type of attack where an attacker intercepts and alters communication between two parties. Although it can be used to exploit vulnerabilities in web applications, it is not specific to XSS.

Therefore, the most relevant condition that increases the vulnerability to a cross-site scripting attack is B) Reflected Input.

Answer 175

A

A) Use of a demilitarised zone.

A demilitarised zone (DMZ) is a network segment that is positioned between an internal network and an external network, such as the internet. It acts as a buffer zone, separating the internal network from the untrusted external network. Firewalls are configured to control the traffic flow between the internal network, the DMZ, and the external network. By using a DMZ, the network is partitioned and staggered, providing an additional layer of security by limiting direct access from external networks to the internal network. This helps protect sensitive resources and data from unauthorized access and potential attacks.

Answer 176

A

B) IPS (Intrusion Prevention System).

Explanation: When trying to block an attack on a well-known vulnerability that may have breached the outer defences of an organization’s network infrastructure, an Intrusion Prevention System (IPS) is the best form of control. An IPS is a security solution that monitors network traffic in real-time and actively blocks or prevents malicious activities or attacks from occurring. It can detect and respond to known vulnerabilities and attack patterns, providing an additional layer of protection beyond traditional firewalls. By analysing network traffic and applying predefined rules or signatures, an IPS can identify and block suspicious or malicious behaviour, helping to mitigate the impact of an attack and protect the organization’s network and systems.

Answer 177

A

D) SSH.

Telnet, Rsh, and EIA232 are not recommended for secure network transmission of console traffic. Telnet is an insecure protocol that transmits data in clear text, making it susceptible to eavesdropping and unauthorized access. Rsh is also an insecure protocol that lacks encryption and authentication mechanisms. EIA232, also known as RS-232, is a serial communication standard and not specifically designed for secure network transmission.

On the other hand, SSH (Secure Shell) is a widely used cryptographic network protocol that provides secure remote access to network devices. It encrypts the communication between the client and server, ensuring the confidentiality and integrity of the console traffic. SSH also supports strong authentication mechanisms, protecting against unauthorized access.

Therefore, when securing network management for an organization’s network infrastructure, using SSH for secure network transmission of console traffic is the recommended choice.

Answer 178

A

A) IPSec

IPSec (Internet Protocol Security) is a widely used VPN technology that provides a secure and encrypted communication channel over an untrusted network such as the internet. It offers strong security features, including encryption and authentication, to protect the confidentiality, integrity, and authenticity of data transmitted between the remote worker’s home office network and the organisation’s headquarters network.

TLS/SSL (Transport Layer Security/Secure Sockets Layer) is commonly used to secure web-based communications but may not be the best choice for securing the entire network transmission between the remote worker’s network and the headquarters network.

GRE (Generic Routing Encapsulation) is a tunnelling protocol used for encapsulating packets but does not provide encryption or strong security features on its own.

RDP (Remote Desktop Protocol) is a protocol used for remote desktop access and not specifically designed for securing network transmissions between networks.

Therefore, IPSec is the most appropriate VPN technology for securing the network transmission in this scenario.

Answer 179

A

A) Wireless LANs cannot be accessed outside of the buildings they are installed in.

This statement is not valid because wireless LANs (WLANs) can be accessed beyond the physical boundaries of the buildings they are installed in. Wireless signals can extend beyond the intended coverage area, allowing unauthorized individuals to potentially connect to the WLAN from outside the buildings. To secure wireless networks, organizations should implement appropriate security measures such as strong authentication methods (e.g., WPA2-Enterprise), encryption (e.g., WPA2), and network segmentation to restrict access and protect the confidentiality and integrity of the network traffic.

Answer 180

A

C) Ability to remotely remove corporate applications provided by an enterprise app store

BYOD - Bring your own device (BYOD) refers to the trend of employees using personal devices to connect to their organizational networks and access work-related systems and potentially sensitive or confidential data.

This control allows the organization to have control over the applications installed on the employee’s devices. By utilizing an enterprise app store, the organization can remotely remove any corporate applications that may pose a security risk or violate the organization’s policies. This helps in maintaining the integrity and security of the organization’s data and ensures that only authorized and approved applications are used on the devices.

Answer 181

A

A) WAF (Web Application Firewall)

A Web Application Firewall (WAF) is designed specifically to protect web applications from various types of attacks, such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). It operates at the application layer of the network stack and helps to filter and monitor incoming and outgoing web traffic. A WAF can detect and block malicious requests, providing an additional layer of security to web applications. It is considered one of the most effective controls for securing web servers and web applications against web-based attacks.

Answer 182

A

A) Use of a Web Proxy.

A Web Proxy acts as an intermediary between clients and web servers, allowing it to intercept and inspect the content of web traffic. By routing the web traffic through a Web Proxy, the organization can apply security controls, such as scanning for malicious content or enforcing access policies, to ensure the security of the communication.

Key Declaration Policy (B) is not directly related to inspecting web-based communication but rather pertains to the management and declaration of cryptographic keys.

A VPN (C) provides a secure encrypted tunnel for communication between two endpoints but does not specifically focus on inspecting the payload of web-based communication.

Packet Sniffing (D) refers to capturing and analysing network traffic at the packet level. While it can provide visibility into the content of network traffic, it is not specifically tailored for secure web-based communication inspection.

Therefore, the most appropriate choice in this scenario is A) Use of a Web Proxy.

Answer 183

A

B) Denial of Service attacks on the call manager

VOIP - Voice Over Internet Protocol

Denial of Service (DoS) attacks on the call manager can disrupt or completely disable the VOIP system, rendering it unavailable for communication. These attacks overload the call manager with a high volume of malicious traffic, causing it to become unresponsive. This can result in significant disruption to the organization’s communication capabilities. Protecting against DoS attacks on the call manager involves implementing robust security measures, such as traffic filtering, rate limiting, and intrusion detection systems, to detect and mitigate such attacks effectively.

Answer 184

A

B) SIP (Session Initiation Protocol).

SIP is a commonly used protocol in VoIP systems for initiating, modifying, and terminating multimedia communication sessions. It is responsible for establishing the necessary communication channels, negotiating the supported media formats, and handling call setup and teardown processes. SIP enables the establishment of voice and video calls over IP networks and is widely adopted in VoIP systems for its versatility and compatibility with various devices and platforms.

SIP - session initiation protocol ( to manage the voip call)

RTP - Real time transport protocol ( to send the voice packet)

Answer 185

A

A) Nominative.

The accepted classifications of security controls are commonly categorized as preventive, detective, and corrective. These classifications describe the different types and purposes of security controls in managing and mitigating risks.

1) Preventive controls are designed to prevent or deter security incidents from occurring. They focus on proactively implementing measures to minimize vulnerabilities and protect against potential threats.

2) Detective controls are aimed at identifying and detecting security incidents or breaches after they have occurred. These controls help in monitoring and alerting the organization about suspicious activities or anomalies.

3) Corrective controls involve taking actions to address and mitigate the impact of a security incident or breach. These controls focus on restoring normal operations, fixing vulnerabilities, and recovering from security events.

The option A) Nominative is not an accepted classification of security controls. It is not commonly recognized as a standard classification in the field of information security.

Answer 186

A

A) Authentication, Availability, and Accounting.

The AAA Triad in information security refers to three fundamental principles: Authentication, Availability, and Accounting.

Authentication: This involves verifying the identity of users or entities trying to access a system or resource. It ensures that only authorized individuals or systems are granted access.
Availability: This refers to ensuring that resources and services are accessible and usable when needed. It involves implementing measures to prevent or mitigate disruptions, downtime, or denial-of-service attacks.
Accounting: This involves tracking and recording activities and events related to the use of resources or access to systems. It includes monitoring and logging user actions, generating audit trails, and maintaining records for accountability and forensic purposes.

These three characteristics are crucial for maintaining the security and proper functioning of information systems. By ensuring proper authentication, availability, and accounting, organizations can protect their resources, manage access effectively, and track and analyse system activities for security and compliance purposes.

Answer 187

A

D) Defence in depth.

Redundancy: The inclusion of extra components to provide for fault tolerance in the event of failure.

Defence in depth is a security concept that involves implementing multiple layers of security controls to provide redundancy and protection against security breaches. It acknowledges that no single security control is fool proof, and by employing multiple layers of defence, the organization can mitigate the impact of control failures or vulnerabilities being exploited. Each layer adds an additional barrier, making it more difficult for attackers to penetrate the system.

By implementing defence in depth, organizations can increase the overall security posture and resilience of their systems. If one control fails or a vulnerability is exploited, there are still additional layers of protection in place to prevent further compromise and limit the potential damage. It is a proactive approach to security that recognizes the need for multiple safeguards to defend against sophisticated and evolving threats.

Answer 188

A

A) Managed security services permit organizations to absolve themselves of responsibility for security.

Managed security services (MSS) can help organizations shift the responsibility of managing their security to a third-party provider. By outsourcing security to an MSS, organizations can rely on the expertise and capabilities of the service provider to handle various security tasks, such as monitoring, threat detection, incident response, and vulnerability management.

By engaging an MSS, organizations can offload the burden of maintaining an in-house security team and infrastructure. The MSS assumes the responsibility for implementing and managing security controls, staying updated with the latest threats and vulnerabilities, and ensuring compliance with security standards and regulations.

This allows organizations to focus on their core business operations while benefiting from the specialized knowledge and resources of the MSS. However, it’s important to note that even with the use of managed security services, organizations still retain some level of responsibility for their overall security posture and should actively collaborate with the service provider to ensure effective security measures are in place.

Answer 189

A

D) Don’t touch any evidence until a senior digital investigator arrives.

When preserving a crime scene for digital evidence, it is important for first responders to exercise caution and not disturb any potential evidence until a senior digital investigator arrives. Digital evidence is highly sensitive and can be easily tampered with or destroyed, so it is crucial to follow proper procedures and protocols. Waiting for a senior digital investigator ensures that an experienced professional with specialized knowledge in handling digital evidence is present to guide the process. They will have the expertise to properly collect, document, and analyse the evidence without compromising its integrity. Touching or handling the evidence without appropriate training and guidance may lead to contamination or the unintentional alteration of crucial evidence. Therefore, it is essential to wait for a senior digital investigator before taking any further actions.

Answer 190

A

B) Formal certification to ISO/IEC 27001 and alignment with ISO 17025.

Formal certification to ISO/IEC 27001 is important as it demonstrates that the service provider has implemented a comprehensive information security management system. This certification ensures that the provider has established appropriate controls to protect the confidentiality, integrity, and availability of digital evidence.

Alignment with ISO 17025, the standard for testing and calibration laboratories, is also valuable. It ensures that the service provider follows internationally recognized guidelines for quality assurance in forensic analysis.

Considering these attributes helps ensure that the chosen service provider has the necessary qualifications, competence, and commitment to perform digital forensics services effectively and maintain the integrity of the evidence throughout the process.

Answer 191

A

B) Unshielded cabling.

Unshielded cabling refers to network cables that do not have additional shielding to protect against electromagnetic interference (EMI). These cables are more susceptible to emitting electromagnetic signals, including unintentional or “false” emanations, which can mask the presence of true electromagnetic emanations from genuine computing equipment.

By using unshielded cabling, the electromagnetic emissions from computing equipment can mix with the emissions from the cables, making it difficult to distinguish the true emanations from the equipment. This can potentially confuse or mislead individuals who are attempting to detect or intercept the electromagnetic signals.

Unshielded cabling can be used as a physical security control in scenarios where it is desirable to mask the true emanations of computing equipment. However, it is important to note that this technique has limitations and may not provide a foolproof solution. Additionally, the use of unshielded cabling can introduce other security risks, such as increased vulnerability to eavesdropping or signal interference.

Answer 192

A

D) RSA

RSA (Rivest-Shamir-Adleman) is an example of an asymmetric encryption algorithm. Unlike symmetric encryption algorithms such as DES (Data Encryption Standard) and AES (Advanced Encryption Standard), which use the same key for both encryption and decryption, RSA employs a pair of keys: a public key for encryption and a private key for decryption. This characteristic of RSA allows for secure communication between two parties without the need to share a common secret key.

Other Asymmetric encryption algorithms Include:
ECC - Elliptic Curve Cryptography
ElGamal
Diffie Hellman - A key exchange algorithm

Symmetric encryption algorithms Include:
DES - Data Encryption Standard
3DES - Triple DES
AES - Advanced Encryption Standard
RC5 - Rivest Cipher 5

Answer 193

A

A. Packet Sniffing.

Packet sniffing is an attack technique where an attacker intercepts and captures network traffic, allowing them to view and analyze the contents of the packets being transmitted over the network. In the case of an unencrypted VoIP network, packet sniffing can directly compromise the confidentiality of the communication. By capturing and analyzing the voice packets, an attacker can potentially listen to the conversations and gather sensitive information.

Brute force attacks involve systematically trying all possible combinations of passwords or encryption keys until the correct one is found. While a successful brute force attack could potentially compromise the confidentiality of an encrypted VoIP network, it is not directly applicable to an unencrypted network.

Ransomware is a type of malware that encrypts files on a victim’s system and demands a ransom for their decryption. While ransomware attacks can have severe consequences for data confidentiality, they do not specifically target VoIP networks.

Vishing (voice phishing) is a social engineering attack where an attacker attempts to deceive individuals over the phone to obtain sensitive information. While vishing attacks can impact the confidentiality of the information shared during a VoIP call, they are not specific to the network itself.

Answer 194

A

C. Secure Sockets Layer (SSL).

SSL was developed by Netscape in the mid-1990s as a protocol to provide secure communication over the internet. It was widely used for securing network connections, particularly in web browsers and web servers. Later, TLS was introduced as an upgraded version of SSL to address some of its security vulnerabilities and limitations.

TLS builds upon the foundation of SSL and includes improvements and additional features to enhance security and cryptographic capabilities. Today, TLS is the more commonly used protocol for securing internet communication, including HTTPS, which is the secure version of HTTP.

Answer 195

A

A. Whaling.

Whaling, also known as whale phishing, is a specific form of phishing that targets high-level executives or senior individuals in organizations. The term “whaling” is derived from the concept of targeting the “big fish” or high-value targets. Attackers use personalized and sophisticated techniques to deceive and manipulate these individuals into divulging sensitive information, making unauthorized transactions, or taking other actions that can lead to financial loss or compromise of the organization’s security.

Spear-phishing is another term used to describe targeted phishing attacks that focus on specific individuals or groups. However, whaling specifically refers to the targeting of senior individuals in an organization.

C-suite spamming and trawling are not commonly used terms in the context of targeted attacks on senior individuals in organizations.

Answer 196

A

D. Turning on SSID broadcasts to advertise security levels.

Turning on SSID broadcasts to advertise security levels.

SSID (Service Set Identifier) is the name of a wireless network. By default, wireless access points broadcast their SSIDs to make it easier for devices to discover and connect to the network. However, hiding the SSID by disabling the broadcast is often recommended as a security measure. It makes the network less visible to unauthorized devices and potential attackers.

The other options listed are generally considered best practices:

Using WPA (Wi-Fi Protected Access) encryption on the wireless network is essential for securing the communication between devices and the access point.

Using MAC (Media Access Control) filtering on a small office/home office (SOHO) network can provide an additional layer of security by allowing only specific devices with approved MAC addresses to connect.

Dedicating an access point on a dedicated VLAN (Virtual Local Area Network) connected to a firewall helps isolate and protect the wireless network traffic from other parts of the network.

It’s worth noting that while hiding the SSID can add a layer of obscurity, it is not a fool proof security measure on its own. Other security measures such as strong encryption, authentication methods, and regular firmware updates should also be implemented to ensure a robust wireless network security posture.

Answer 197

A

Injection Flaws.

Injection Flaws: Injection flaws occur when untrusted data is sent to an interpreter as part of a command or query, leading to unintended execution of malicious commands. This includes SQL injection, NoSQL injection, OS command injection, and others.

Security Misconfiguration: Security misconfiguration refers to insecure configurations of web applications, frameworks, servers, or other components. It can include default or weak configurations, unnecessary features or services enabled, missing security patches, and more.

Cross-Site Scripting (XSS): XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. This can lead to unauthorized actions, data theft, or session hijacking.

Broken Authentication: Broken authentication vulnerabilities involve weaknesses in authentication and session management mechanisms. This includes issues like weak password policies, session fixation attacks, insecure session storage, and more.

Sensitive Data Exposure: Sensitive data exposure occurs when sensitive information, such as passwords, credit card details, or personal data, is not properly protected. This can result from insufficient encryption, insecure storage, or inadequate access controls.

While poor password management and insecure deserialization are important security concerns, they are not included in the current OWASP Top 10 list of the most prevalent web application vulnerabilities. The OWASP Top 10 is regularly updated to reflect the changing landscape of web application security risks.

Answer 198

A

C. The software has been designed from its inception to be secure.

Answer 199

A

D. CSRF - (Cross-Site Request Forgery).

CSRF is an attack that takes advantage of the trust relationship between a user’s browser and a website. In a CSRF attack, an attacker tricks a victim into unknowingly submitting a malicious request to a website they are authenticated with. The request is usually sent to a third-party website that the victim has visited or is tricked into visiting.

The attack works because many websites rely solely on the user’s authentication credentials (such as cookies) to determine the validity of a request, without additional checks to ensure the request originated from the same site. Since the victim’s browser automatically includes the necessary authentication credentials, the request appears legitimate to the targeted website.

The attacker can exploit this trust relationship to perform malicious actions on behalf of the victim, such as changing account settings, making unauthorized transactions, or accessing sensitive information.

To prevent CSRF attacks, websites typically implement countermeasures such as adding anti-CSRF tokens to each request, requiring additional confirmation for sensitive actions, and ensuring requests originate from the same site through referer validation or same-origin policies.

Other options mentioned in the question:

XSS (Cross-Site Scripting) is a different type of attack that involves injecting malicious scripts into web pages viewed by other users.
Parameter Tampering refers to modifying the parameters of a request to manipulate the intended behavior of an application.
SQL Injection is an attack where an attacker inserts malicious SQL code into a query to manipulate or extract data from a database.

Answer 200

A

D. Undertaking vishing attacks.

Vishing (voice phishing) attacks involve using telephone calls or voice messages to deceive individuals into divulging sensitive information or performing certain actions. While vishing attacks are a common tactic employed by attackers, they typically do not involve leveraging botnets.

On the other hand, the other options mentioned in the question are common ways in which attackers leverage botnets:

A. Generating and distributing spam messages: Botnets can be used to send out massive volumes of spam emails, often promoting scams, phishing attempts, or malware distribution.

B. Conducting DDoS attacks: Botnets can be harnessed to launch Distributed Denial of Service (DDoS) attacks, overwhelming a target system or network with a flood of traffic and rendering it inaccessible to legitimate users.

C. Scanning for system & application vulnerabilities: Botnets can be used to automate the scanning of networks and systems for known vulnerabilities, allowing attackers to identify potential targets for exploitation.

By controlling a network of compromised computers (botnet), attackers can carry out these malicious activities at scale, making it harder to trace back to their original source.

Answer 201

A

D) SMTPS.

SMTPS (Simple Mail Transfer Protocol Secure) is the protocol that enables secure communication between email servers. It adds a layer of encryption to the standard SMTP protocol, ensuring that the email transmission is protected from unauthorized access or interception. By using SMTPS, the email data is encrypted, providing confidentiality and integrity during transmission. This helps prevent eavesdropping and tampering with sensitive email content, making it an effective control for protecting secure email exchange.

Answer 202

A

A. Customer’s security team

In IaaS, all virtual infrastructure components including security are the responsibility of the customer.

Answer 203

A

A) Data could be stored in any geographic destination

One of the major considerations when storing data in a cloud environment is that it can be stored in various geographic locations depending on the cloud service provider. Unlike conventional on-premises data storage, where the physical location of the data is known and controlled by the organization, cloud storage allows for data to be distributed across multiple data centres or regions. This flexibility can bring benefits in terms of scalability, redundancy, and accessibility but also raises concerns about data privacy, regulatory compliance, and jurisdictional issues. Organizations must carefully consider the potential implications of data storage in different geographic destinations when adopting cloud services.

Answer 204

A

B) Reduces the complexity of desktops as only a browser is needed.

When adopting Software as a Service (SaaS) cloud environments, the client desktops can benefit from improved security. By leveraging SaaS applications, the complexity of desktop environments can be reduced as users primarily require a web browser to access the applications. This means that organizations can focus their security efforts on securing the browser and the connection to the cloud environment, rather than managing and securing multiple applications and components on individual desktops. By reducing the attack surface and simplifying the desktop environment, it becomes easier to implement and maintain security controls, leading to improved overall security for the organization’s client desktop environments.

Answer 205

A

A) Termination of service by cloud service provider.

When organizations adopt a cloud service, they rely on the cloud service provider to deliver the service consistently and reliably. However, the termination of service by the cloud service provider poses a significant risk. If the provider suddenly terminates the service, it can disrupt the organization’s operations, result in loss of data, and create a need for rapid migration to an alternative provider. This risk highlights the importance of considering the contractual agreements and service level agreements with the cloud service provider to ensure continuity and mitigation of such risks.

Answer 206

A

C) As Cloud computing is entirely on-premise, all vulnerabilities associated with Internet applications are associated with the local hardware.

Option C is not a valid statement because it states that Cloud computing is entirely on-premise and all vulnerabilities associated with Internet applications are associated with the local hardware. This statement is incorrect as Cloud computing involves the use of remote servers and resources accessed over the internet, and it is not limited to on-premise infrastructure. Cloud computing introduces its own set of security considerations and vulnerabilities, which may be different from those associated with traditional on-premise environments.

Options A, B, and D are valid statements regarding the technical controls necessary for cloud computing. Option A discusses the use of proxy and brokerage services to separate clients from direct access to shared cloud storage, which can enhance security and access control. Option B highlights the increased attack surface of distributed applications in comparison to LAN environments. Option D points out the security risk associated with the hypervisor, which is a key component of virtualization in cloud computing environments.

Answer 207

A

B) SIEM (Security Information and Event Management).

SIEM (Security Information and Event Management) systems provide a centralized event logging capability that allows security operations teams to collect, monitor, and analyze security events and incidents across an organization’s infrastructure. SIEM solutions aggregate logs and data from various sources, such as network devices, servers, applications, and security devices, and provide real-time analysis and correlation of events.

By utilizing a SIEM system, security operations teams can have a comprehensive view of all security events and incidents, enabling them to detect and respond to potential threats in a timely manner. SIEM systems also provide features like log management, threat intelligence, and reporting, which further enhance an organization’s ability to monitor and manage its security posture.

Answer 208

A

B. Threat categorisation.

The acronym STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service & Elevation of Privilege) is particularly useful in the threat categorisation phase of a threat modelling process. It helps in identifying and categorizing different types of threats or attacks that can target a system or application. By considering each aspect of STRIDE, security professionals can systematically analyse the potential threats and their impact on the system’s security. This categorization aids in understanding the specific risks and vulnerabilities associated with the system, enabling the development of appropriate security controls and countermeasures.

Answer 209

A

A) Access Control List

Access Control Lists (ACLs) are used as a security mechanism to enforce authorization in various systems. An ACL is a list of permissions associated with an object, such as a file, folder, or resource. It specifies which users or groups have access rights and what operations they can perform on the object. By using ACLs, organizations can control and manage access to their resources, ensuring that only authorized individuals or entities are granted permissions.

Answer 210

A

D) Using security baselines.

Creating benchmarks from the collected list of security controls is an example of using security baselines. Security baselines are standardized sets of security configurations and controls that are considered best practices for specific systems or environments. By establishing security baselines, organizations can define a minimum level of security requirements and ensure that their systems are configured consistently and in line with industry standards. These baselines help in maintaining a secure posture across various areas such as operating systems, server software, and network devices, providing a foundation for effective security management and reducing the risk of vulnerabilities and attacks.

Answer 211

A

A) Keep multiple copies of the backup media

To mitigate the risk of data loss, organizations should implement robust backup practices such as keeping multiple copies of the backup media (Option A). This ensures that even if one copy is lost or becomes inaccessible, there are additional copies available for data recovery.

Best practice is always to have multiple copies of backup media stored in different locations.

Answer 212

A

B) CCTV and motion detectors

CCTV (Closed-circuit television) systems provide visual surveillance through video cameras, allowing real-time monitoring and recording of activities within the facility. Motion detectors can detect movement or unauthorized access in restricted areas and trigger alerts. Together, CCTV and motion detectors offer effective monitoring and evidence collection capabilities, enabling remote security management and timely response to any suspicious or unauthorized activities. This combination provides a robust physical security measure to ensure the safety and integrity of the data center environment.

Answer 213

A

A) Locate only in areas regularly patrolled by security staff

Security staff might never visit an area where a wiring closet is based or it may be impractical to locate a wiring closet in main access areas.

Answer 214

A

C) Ensuring the device is crushed and reduced to small particles.

When disposing of IT equipment, especially those with data retention capabilities, it is crucial to ensure that no data remains on the device to prevent unauthorized access or data breaches. While options such as multiple data wipes and removing the hard drive may provide some level of data erasure, they still carry a risk of potential data recovery. However, physically crushing the device and reducing it to small particles effectively destroys the storage media, making data recovery virtually impossible. This control provides a higher level of assurance that sensitive data is securely erased before disposal.

Answer 215

A

D) Use of a diamond shredder before managed disposal takes place

Using a diamond shredder, which is a high-security shredding device capable of producing extremely small paper particles, ensures that the confidential information is thoroughly destroyed. This significantly reduces the risk of sensitive data being reconstructed or accessed by unauthorized individuals. After shredding, the managed disposal of the shredded material should be carried out in a secure manner to maintain the confidentiality of the information.

Answer 216

A

A) RFID

RFID (Radio Frequency Identification) technology uses radio waves to identify and track objects. It consists of tags that are attached to the components or goods and readers that can wirelessly communicate with the tags. RFID provides a secure and efficient way to track items throughout the supply chain, allowing for real-time visibility and monitoring. It offers advantages over other options such as barcodes as RFID tags can be read without line-of-sight, can store more information, and enable automated tracking and data capture.

Answer 217

A

C) Implementing a RAID system

RAID (Redundant Array of Independent Disks) is a technology that provides fault tolerance and data redundancy. Implementing a RAID system can help protect against data loss and ensure that critical data remains accessible even if one or more disks fail.

Business continuity plans detail what steps should be taken to keep business going in advance of an event happening rather than recovering from a disaster.

Hence implementing RAID means business carries on even if part of a storage systems fails.

Answer 218

A

A) Cold site

A cold site is an alternative data processing facility that provides essential infrastructure such as HVAC (Heating, Ventilation, and Air Conditioning), power, and communications infrastructure, but does not have any computing hardware in place. In the event of a disaster, the organization would need to install and configure their own computing hardware at the cold site to resume operations. Cold sites are typically less expensive than warm or hot sites but require longer recovery times as they lack pre-configured computing equipment.

Answer 219

A

B. 1 and 2
1. Within a secure cloud storage service
2. Offsite within a firesafe

Within a secure cloud storage service: Storing backup data in a secure cloud storage service ensures that the data is protected from physical disasters and provides the advantage of offsite storage. Cloud storage services often offer robust security measures and redundancy to safeguard the data.

Offsite within a firesafe: Storing backup data offsite within a firesafe adds an extra layer of protection against physical disasters, such as fire or water damage. Firesafes are designed to withstand high temperatures and provide a secure environment for storing important documents or data.

Answer 220

A

E. All of the Above

All of these scenarios are disasters, natural or manmade.

Answer 221

A

D. Simulation test

A Simulation test involves simulating a disaster scenario without actually disrupting the live facility. It allows the organisation to assess the effectiveness of their disaster recovery plan by going through the motions of responding to a simulated disaster event. This can include activities such as role-playing, tabletop exercises, or using specialized software tools to simulate the disaster and evaluate the response.

By conducting a Simulation test, the organisation can identify any weaknesses or gaps in their disaster recovery plan and make necessary adjustments without impacting the live facility. It provides an opportunity to train and educate the disaster recovery team, test communication channels and procedures, and ensure the plan is robust and effective.

Answer 222

A

B. Chain of custody.

When handling digital evidence, maintaining a clear and documented chain of custody is crucial. The chain of custody refers to the chronological documentation of the possession, control, transfer, and analysis of the evidence. It ensures that the integrity and authenticity of the evidence are preserved, and it establishes a clear trail of who had access to the evidence at all times. Adhering to a proper chain of custody helps maintain the admissibility and reliability of the digital evidence in legal proceedings and ensures accountability and trustworthiness in the handling of the evidence.

Answer 223

A

1,2 and 4

All points apart from 3 apply as civilians can undertake forensic investigations under the control of a senior investigating law enforcement officer.

Answer 224

A

A) Open Source Intelligence.

Open Source Intelligence (OSINT) refers to the collection and analysis of information from publicly available sources. It is a technique used by law enforcement and commercial organizations to gather data and insights from the Internet, Deep web, and the Dark Web. OSINT involves accessing and analyzing information from sources such as social media platforms, websites, forums, blogs, news articles, and more.

By leveraging OSINT, organizations can gather valuable threat intelligence, identify potential risks, and understand the tactics, techniques, and procedures employed by threat actors. It helps in assessing the security posture, identifying vulnerabilities, and making informed decisions regarding cybersecurity and risk mitigation strategies. OSINT is a vital tool for gathering information and staying updated on emerging threats in the digital landscape.

Answer 225

A

A) Non-repudiation

Non-repudiation is the attribute of cryptography that ensures the sender of a message cannot deny having sent it. In the given scenario, Alice wants to provide evidence to a third party, Fred, that the message received originated from Bob and cannot be repudiated by him. Non-repudiation mechanisms, such as digital signatures, can be used to provide proof of the message’s origin and integrity, making it difficult for the sender to deny their involvement. This attribute helps establish trust and accountability in communication transactions.

Answer 226

A

C) Shared secret key to decrypt the message.

In symmetric cryptography, the same secret key is used for both encryption and decryption. Since Valerie encrypted the message using symmetric cryptography, she would have used a shared secret key that Betty must also possess in order to decrypt the message successfully. Using Betty’s or Valerie’s public key (options A and B) would not be suitable for symmetric encryption. Valerie’s private key (option D) is not used for message decryption in symmetric cryptography.

Answer 227

A

The company has a zero-day vulnerability.
The company was compromised by a zero-day exploit.

When a vulnerability exists but there is no patch to fix it, it is a zero-day vulnerability. When exploit code exists to take advantage of a zero-day vulnerability, it is called a zero-day exploit. In this scenario, because the computer was up to date on patches, we can conclude that there was a zero-day vulnerability and a zero-day exploit.

Answer 228

A

Quality of service

Quality of service provides priority service to a specified application or type of communication. In this scenario, call quality is being impacted by other services on the network. By prioritizing the network communication for the IP phones, you can maximize their performance (though that might impact something else).

Answer 229

A

Parallel

The first key requirement in this scenario is that the data centre must not be impacted by the testing. This eliminates the partial interruption and full interruption tests because those impact the data centre. The other key requirement is that IT teams must perform recovery steps. This requirement eliminates the tabletop testing because tabletop testing involves walking through the plans, but not performing recovery operations.

Answer 230

A

B. Deterrent

Deterrent frameworks are technology-related and used to discourage malicious activities.

For example, an intrusion prevention system or a firewall would be appropriate in this framework. There are three other primary control frameworks. A preventative framework helps establish security policies and security awareness training. A detective framework is focused on finding unauthorized activity in your environment after a security incident. A corrective framework focuses on activities to get your environment back after a security incident. There isn’t an assessment framework.

Answer 231

A

B. Quantitative

You have three risk analysis methods to choose from: qualitative (which uses a risk analysis matrix), quantitative (which uses money or metrics to compute), or hybrid (a combination of qualitative and quantitative but not an answer choice in this scenario). Because the ISP has monitoring and log data, you should use a quantitative approach; it will help quantify the chances of additional customers experiencing a security risk.

STRIDE is used for threat modelling. A market approach is used for asset valuation. A reduction analysis attempts to eliminate duplicate analysis and is tied to threat modelling.

Answer 232

A

B. Recovery point objective (RPO)

The RTO establishes the maximum amount of time the organization will be down (or how long it takes to recover), the RPO establishes the maximum data loss that is tolerable, the MTD covers the maximum tolerable downtime, and MDT is just a made-up phrase used as a distraction. In this scenario, with the focus on the data loss, the correct answer is RPO.

Answer 233

A

B. Layer 3

In this scenario, the information indicates that the issue is with the routing of the network communication. Routing occurs at Layer 3 of the OSI model. Layer 3 is typically handled by a router or the routing component of a network device.

Application Layer
The application layer is used by end-user software such as web browsers and email clients. It provides protocols that allow software to send and receive information and present meaningful data to users. A few examples of application layer protocols are the Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), and Domain Name System (DNS).
Presentation Layer
The presentation layer prepares data for the application layer. It defines how two devices should encode, encrypt, and compress data so it is received correctly on the other end. The presentation layer takes any data transmitted by the application layer and prepares it for transmission over the session layer.
Session Layer
The session layer creates communication channels, called sessions, between devices. It is responsible for opening sessions, ensuring they remain open and functional while data is being transferred, and closing them when communication ends. The session layer can also set checkpoints during a data transfer—if the session is interrupted, devices can resume data transfer from the last checkpoint.
Transport Layer
The transport layer takes data transferred in the session layer and breaks it into “segments” on the transmitting end. It is responsible for reassembling the segments on the receiving end, turning it back into data that can be used by the session layer. The transport layer carries out flow control, sending data at a rate that matches the connection speed of the receiving device, and error control, checking if data was received incorrectly and if not, requesting it again.
Network Layer
The network layer has two main functions. One is breaking up segments into network packets, and reassembling the packets on the receiving end. The other is routing packets by discovering the best path across a physical network. The network layer uses network addresses (typically Internet Protocol addresses) to route packets to a destination node.
Data Link Layer
The data link layer establishes and terminates a connection between two physically-connected nodes on a network. It breaks up packets into frames and sends them from source to destination. This layer is composed of two parts—Logical Link Control (LLC), which identifies network protocols, performs error checking and synchronizes frames, and Media Access Control (MAC) which uses MAC addresses to connect devices and define permissions to transmit and receive data.
Physical Layer
The physical layer is responsible for the physical cable or wireless connection between network nodes. It defines the connector, the electrical cable or wireless technology connecting the devices, and is responsible for transmission of the raw data, which is simply a series of 0s and 1s, while taking care of bit rate control.

Answer 234

A

B. Collision avoidance

In this scenario, collision avoidance is used. Wireless networks use collision avoidance specifically to address the issue described in the scenario (which is known as the “hidden node problem”).

Answer 235

A

E. SIP

SIP is a communications protocol used for multimedia communication such as internal voice calls. In this scenario, you need to capture SIP traffic to ensure that you are only capturing traffic related to the phone calls.

SIP - Session Initiation Protocol is a signalling protocol used for initiating, maintaining, and terminating communication sessions that include voice, video and messaging applications.

VoIP - Voice over Internet Protocol is a type of phone system that uses an internet connection to make and receive calls, rather than traditional landlines. E.G. Skype, discord, WhatsApp, Teams.

Answer 236

A

B Risk Appetite.

Risk Appetite: The amount of risk a business is prepared to accept in pursuit of its mission. This level will be below the risk capacity.

Risk Capacity: The risk capacity of a business is the maximum amount of risk the business could absorb without its viability being affected. This is a level we do not go anywhere near if possible.

Risk Acceptance: This is the lowest level, being the amount of risk the business will accept on a daily basis after risk treatments have been applied. Controls have reduced to an economically feasible level, and the business accepts what remains.

Risk Tolerance: This is a level that sits between the risk acceptance level and the risk appetite. Risk tolerance is the variation in risk that a business may accept when there is a particular target to be reached. Risk tolerance is where the business may go beyond the risk appetite in the short term, call it wiggle room.

Answer 237

A

A) Improved resilience against and recovery time from a harmful incident.

Implementing appropriate information security measures helps an organization enhance its ability to withstand and recover from harmful incidents such as security breaches, cyberattacks, natural disasters, or operational disruptions. By having robust security controls, incident response plans, and business continuity strategies in place, the organization can minimize the impact of such incidents, reduce downtime, and ensure a quicker recovery, thus improving its overall resilience. This benefit is crucial for maintaining the continuity of operations and minimizing potential financial, operational, and reputational damages.

Answer 238

A

D. Accidental.

The threats of human error, malfunctions, fire, and flood are classified as accidental threats. These threats are typically unintentional and can arise due to mistakes, system failures, natural disasters, or accidents. While they may have significant consequences for an organization’s operations and security, they are not caused by malicious intent or external factors. It is important for organizations to consider these accidental threats in their risk assessments and implement appropriate preventive measures and mitigation strategies to minimize their impact.

Answer 239

A

C. Ransomware.

Ransomware is a form of malicious software that encrypts a victim’s files or locks their computer until a ransom is paid. It is a deliberate threat because it is intentionally designed to cause harm and extort money from the victim.

Answer 240

A

B. Open Source Intelligence (OSINT).

Open Source Intelligence refers to the collection and analysis of information that is publicly available from various sources, such as websites, social media, news articles, and other publicly accessible information. It is an important technique used in information security to gather insights and intelligence about potential threats, vulnerabilities, and risks.

Answer 241

A

A. Avoidance.

Avoidance is a strategic option for dealing with information risk. It involves taking actions to eliminate or minimize the risk by avoiding the activities or situations that could lead to the risk. In the context of information risk, avoidance may include avoiding the use of certain technologies or practices that pose a high level of risk, or avoiding engagement with certain types of data or activities that could expose the organization to potential risks. By avoiding the risk altogether, organizations can reduce their exposure and potential impact of adverse events.

Answer 242

A

D. Determine the classification programme objectives

The first step in setting out an information classification strategy is to determine the classification program objectives. By determining the classification program objectives, you establish the goals and desired outcomes of the classification process. This step helps define the purpose of the classification, such as protecting sensitive information, ensuring regulatory compliance, or facilitating data sharing. Once the objectives are clear, you can proceed with identifying relevant information, developing classification labels and policies, and assigning ownership and responsibilities.

Answer 243

A

C. A specification for an Information Security Management System.

ISO/IEC 27001 is an internationally recognized standard that provides a systematic approach to managing information security within an organization. It sets out the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). The standard provides a comprehensive framework for managing the security of information assets, including risk management processes, control implementation, and ongoing monitoring and evaluation. It is widely used to guide organizations in implementing effective information security practices and ensuring the confidentiality, integrity, and availability of their information assets.

Answer 244

A

A. Intellectual Property.

Intellectual property refers to the creations of the mind, such as inventions, literary and artistic works, symbols, names, images, and designs, for which exclusive rights are recognized. These exclusive rights enable individuals or organizations to benefit from their creative or intellectual endeavours by granting them the authority to control and protect their creations. Intellectual property rights include patents, copyrights, trademarks, and trade secrets, providing legal protection and incentives for innovation, creativity, and economic growth.

Answer 245

A

D. Preventing an individual from having sole responsibility for payments.

By implementing segregation of duties, critical tasks and responsibilities are divided among multiple individuals. In the context of financial transactions and payments, no single individual has complete control over the entire process, including initiation, authorization, and recording of transactions. This prevents any one person from having the ability to carry out fraudulent or unauthorized actions without detection. Segregation of duties introduces checks and balances, ensuring that there is independent oversight and review of financial activities. It reduces the risk of fraud, errors, and unauthorized transactions by requiring the involvement of multiple individuals and ensuring accountability and transparency in the process.

Answer 246

A

A. ISO/IEC 27017.

ISO/IEC 27017 is a standard specifically focused on providing guidance and implementing information security controls within the context of cloud computing. It provides additional controls and guidance to be used in conjunction with ISO/IEC 27002, which is a broader standard for information security management systems. ISO/IEC 27017 addresses the unique risks and considerations associated with cloud-based services, helping organizations establish and maintain effective security measures to protect their information assets in cloud environments. It covers areas such as cloud-specific risks, cloud service management, and the relationship between cloud service providers and customers.

Answer 247

A

B. Infrastructure-as-a-Service.

IaaS provides virtualized computing resources such as virtual machines, storage, and networks, allowing users to manage and control their own operating systems and applications. With IaaS, the responsibility for managing and securing the underlying infrastructure lies with the cloud service provider, while the users have more control over the applications and data they deploy on the infrastructure.

In contrast, services such as Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS) involve higher levels of abstraction and may include pre-built software applications or development platforms. This can introduce potential legal issues related to Intellectual Property Rights (IPR), such as licensing agreements, copyright infringements, or unauthorized use of proprietary software or intellectual property.

However, it’s important to note that while IaaS may be less likely to directly cause legal problems relating to IPR, the responsibility for ensuring compliance with IPR laws still lies with the user or customer who deploys their applications and data on the infrastructure. It’s always advisable to carefully review and adhere to the terms and conditions of the cloud service provider and any applicable licensing agreements to avoid any potential legal issues.

Answer 248

A

C. Focus on management of contracts rather than technology.

In a traditional IT management setup, the focus is primarily on owning and managing the infrastructure, hardware, and software internally. IT support staff are responsible for maintaining and supporting the infrastructure and ensuring its availability and security.

When transitioning to a cloud-based approach, organizations rely on external cloud service providers for infrastructure, platforms, or software services. This shift requires a change in mindset from managing technology internally to managing contracts and relationships with the cloud service providers. Organizations need to focus on selecting the right cloud service providers, negotiating and managing contracts, and ensuring compliance with service-level agreements (SLAs) and security requirements.

While some aspects of IT support may still be necessary in a cloud-based approach, the responsibilities and tasks of IT support staff may change. Instead of managing and maintaining physical infrastructure, the focus may shift towards monitoring service performance, incident management, and ensuring the effective utilization of cloud resources.

It’s important to note that the other options mentioned in the question are not the core change required when moving to a cloud-based approach. Redeployment or removal of current IT support staff (option A) is not necessarily required, as their roles may evolve rather than being eliminated. Dismantling of all physical security controls (option B) is not accurate, as security considerations are still important in a cloud environment. Immediate certification to ISO/IEC 27001 (option D) is not a core change but rather a potential step for demonstrating compliance with information security standards in the cloud environment

Answer 249

A

A. CMDB (Configuration Management Database).

A CMDB is a central repository that contains information about all the configuration items (CIs) in an organization’s IT infrastructure. This includes hardware, software, networks, and other IT assets. The CMDB helps in managing and tracking the configuration items throughout their lifecycle, including details about their attributes, relationships, and dependencies.

As part of managing information security, organizations maintain a list of information assets within their CMDB. This list includes all the important information assets that need to be protected, such as databases, servers, applications, network devices, and sensitive data repositories. It provides a comprehensive view of the organization’s information assets and helps in identifying and managing security risks associated with those assets.

The other options mentioned in the question are not typically associated with maintaining a list of information assets within an organization:

ISMS (Option B) refers to an Information Security Management System, which is a framework of policies, procedures, and controls for managing information security within an organization. While an ISMS may include asset management as one of its components, it does not specifically provide a list of information assets.

BCDR (Option C) stands for Business Continuity and Disaster Recovery, which focuses on planning and preparedness for managing disruptions and recovering from disasters. While it may involve identifying critical information assets, it does not provide a comprehensive list of all information assets within an organization.

CISO (Option D) refers to the Chief Information Security Officer, who is responsible for overseeing the organization’s information security program. While a CISO may be involved in asset management, the role itself does not provide a specific list of information assets.

Answer 250

A

B. Onion skin.

The concept of onion skin security is derived from the layers of an onion, where each layer provides an additional level of protection. In the context of information security, onion skin security refers to the practice of implementing multiple layers of physical security controls to create a comprehensive and robust defense mechanism.

Each layer in the onion skin security model represents a different security control, such as access controls, surveillance systems, intrusion detection systems, alarms, locks, and barriers. By combining these layers, organizations create a defense-in-depth strategy, making it more challenging for unauthorized individuals to breach the security perimeter and gain access to sensitive information assets.

The term “thermal layering” (Option A) is not commonly used in the context of information security and does not specifically describe the use of multiple physical security controls.

“Security through obscurity” (Option C) refers to the practice of relying on secrecy or the lack of public knowledge about the security measures in place. It is generally considered a weak security approach and should not be solely relied upon.

“Asset dispersal” (Option D) typically refers to the practice of distributing or spreading out information assets across different locations to mitigate the risk of a single point of failure. While it is a valid strategy for reducing risk, it does not specifically refer to the use of multiple physical security controls.

Answer 251

A

C. Armoured cable.

Armoured cable, also known as armoured fibre cable or armoured Ethernet cable, is a type of cable that is designed with additional protection to enhance its durability and resistance to physical damage. It typically consists of a metallic armour layer, such as steel, that provides a barrier around the internal wires or fibres.

In the context of protecting information in transit, using armoured cable can help safeguard the transmission of data across physically unprotected environments. The armour layer adds an extra level of protection, making the cable more resistant to impacts, crushing, cuts, and other physical hazards that could potentially disrupt or compromise the transmission of information.

Options A, B, and D (Coaxial cable, Cat 5 Ethernet, and Twisted pair) are all types of cables commonly used for data transmission, but they do not provide the same level of physical protection as armoured cable. While they may have their own benefits and characteristics suitable for specific environments, they may not be as effective in physically unprotected environments where the risk of damage or interference is higher.

Therefore, when the transmission of information needs to traverse a physically unprotected environment, using armoured cable is a recommended countermeasure to ensure the integrity and reliability of the data being transmitted.

Answer 252

A

D. ISO 22301.

ISO 22301, titled “Security and resilience – Business continuity management systems – Requirements,” provides a framework and set of requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and continually improving a business continuity management system (BCMS). It helps organizations prepare for, respond to, and recover from disruptive incidents that may cause interruptions to their normal operations.

ISO 22301 outlines the key components and best practices for effective business continuity management, including risk assessment, business impact analysis, development of business continuity plans and strategies, communication and coordination during disruptions, and regular testing and exercising of the BCMS. It provides a systematic approach to identifying and managing risks, ensuring the availability of critical resources, and minimizing the impact of disruptions on the organization’s ability to deliver its products or services.

While the other options mentioned, such as COBIT, ISO/IEC 27001, and NIST SP 800-53, are also important standards in the field of information security and governance, they are not specifically focused on business continuity management like ISO 22301. COBIT provides a framework for IT governance and management, ISO/IEC 27001 focuses on information security management systems, and NIST SP 800-53 provides security and privacy controls for federal information systems in the United States.

Therefore, when it comes to business continuity, ISO 22301 is the international standard that organizations can refer to for guidance on establishing and maintaining effective business continuity management systems.

Answer 253

A

A. Business continuity is about ensuring an organisation continues to operate during a disruptive event, while disaster recovery is the process of resolving the disruption itself.

Business continuity and disaster recovery are related concepts but have distinct purposes.

Business continuity refers to the proactive planning and preparations that an organization undertakes to ensure its critical functions and operations can continue during and after a disruptive event. It involves identifying potential risks, developing strategies to mitigate those risks, and implementing measures to ensure the continuity of essential services. Business continuity aims to minimize downtime, maintain customer service, and protect the organization’s reputation and revenue streams.

Disaster recovery, on the other hand, is the reactive process of recovering and restoring the organization’s IT infrastructure, systems, and data after a disruptive event has occurred. It involves executing predefined recovery plans, restoring backups, rebuilding systems, and ensuring that the organization can resume normal operations as quickly as possible. Disaster recovery focuses on the technical aspects of recovering from the disruption, such as restoring IT systems, networks, and data.

While business continuity encompasses a broader scope and includes proactive planning to ensure business operations can continue, disaster recovery specifically deals with the reactive measures to recover from a disruption and restore normal operations.

Option B is incorrect because although the terms are related, they are not interchangeable. Options C and D are incorrect because they do not accurately describe the differences between business continuity and disaster recovery.

Therefore, option A is the most accurate description of the difference between business continuity and disaster recovery.

Answer 254

A

B. The core purpose of a PKI (Public Key Infrastructure) is to facilitate the secure electronic transfer of information for a range of network activities.

A PKI is a system of hardware, software, policies, and procedures that enable the creation, distribution, management, and revocation of digital certificates and public-private key pairs. It provides a framework for secure communication and authentication over networks.

PKI plays a crucial role in ensuring the confidentiality, integrity, and authenticity of data transferred over networks. It achieves this by using asymmetric encryption, where each user has a pair of cryptographic keys: a public key and a private key. The public key is widely distributed and used for encryption, while the private key is kept secret and used for decryption.

The core purpose of a PKI is to establish trust and enable secure communication by verifying the authenticity of digital certificates and facilitating the encryption and decryption of data. It enables activities such as secure email communication, digital signatures, secure web browsing, and other network transactions.

Option A is incorrect because while encryption is one of the functions enabled by a PKI, its core purpose extends beyond encrypting large databases. Option C is incorrect because although PKI can contribute to national security, its primary purpose is not limited to that. Option D is incorrect because while PKI can be used to protect intellectual property rights, its core purpose extends beyond organizations in the government and defense sectors.

Therefore, option B best describes the core purpose of a PKI.

Answer 255

A

C. 12

A MAC address consists of 12 hexadecimal characters. It is made up of 6 groups of 2 hexadecimal characters each, separated by colons or hyphens. Each hexadecimal character represents 4 bits, resulting in a total of 48 bits for a MAC address.

Answer 256

A

C) A hardware address assigned to a network interface controller

A MAC address, or Media Access Control address, is a unique identifier assigned to a network interface controller (NIC) of a network device. It is a hardware address that is embedded into the network interface card and used to uniquely identify devices on a local network. MAC addresses are used at the data link layer of the OSI model.

Answer 257

A

B) A vulnerability that allows an attacker to execute malicious scripts in a user’s web browser.

Cross-Site Scripting (XSS) is a type of security vulnerability that occurs when a web application does not properly sanitize user input, allowing an attacker to inject malicious scripts into web pages viewed by other users. These scripts can be used to steal sensitive information, such as login credentials or session cookies, or to perform other malicious actions on the user’s behalf. XSS attacks typically target websites that allow user-generated content or fail to properly validate and sanitize input data.

Answer 258

A

C) Injection of malicious code into the website.

Cross-Site Scripting (XSS) attacks involve injecting malicious code into a website, which can then be executed by unsuspecting users in their web browsers. This injected code can be used to steal sensitive information, such as login credentials or personal data, redirect users to malicious websites, or perform other unauthorized actions on the user’s behalf. By injecting and executing malicious code, attackers can exploit the trust and privileges of the affected website to achieve their malicious objectives.

Answer 259

A

B) The risk that remains after implementing risk mitigation measures.

Residual risk refers to the level of risk that remains after implementing risk mitigation measures or controls. Risk mitigation measures are implemented to reduce the likelihood or impact of identified risks. However, even with these measures in place, there may still be some level of risk that remains. This residual risk represents the remaining exposure that an organization has to potential threats and vulnerabilities. It is important to assess and manage residual risk to ensure that any remaining risks are within acceptable tolerance levels and that appropriate actions are taken to mitigate or manage them effectively.

Answer 260

A

B) A discussion-based exercise involving key stakeholders to assess the plan’s viability.

In the context of a business continuity plan, a tabletop exercise is typically a scenario-based discussion involving key stakeholders. It is designed to evaluate the plan’s effectiveness, identify potential gaps or weaknesses, and assess the organization’s preparedness for various disruptive events. During a tabletop exercise, participants discuss their roles and responsibilities, explore decision-making processes, and evaluate the plan’s viability in a simulated environment. This exercise helps improve coordination, communication, and decision-making capabilities without the need for a full-scale, real-time incident.

Answer 261

A

B. cost-effective decisions are made with regard to which assets need protection

An information security risk analysis helps an organization in making cost-effective decisions regarding which assets need protection the most. Risk analysis involves identifying and assessing potential risks and vulnerabilities, estimating the likelihood and impact of those risks, and prioritizing them based on their significance to the organization. By conducting a risk analysis, an organization can allocate its resources and investments more effectively, focusing on areas that pose the greatest threats and require the most attention. It enables the organization to prioritize security measures and implement appropriate controls to mitigate the identified risks.

Answer 262

A

D. requirements of local regulations take precedence.

In a multinational organization, local security regulations should be implemented over global security policy because the requirements of local regulations take precedence. Each country or region may have its own specific laws, regulations, and compliance requirements regarding information security. These local regulations must be followed to ensure legal compliance and avoid penalties or legal issues. While global security policies provide a framework for overall security management, they may not cover all the specific requirements of each local jurisdiction. Therefore, it is important to prioritize and implement local security regulations to meet the specific legal and regulatory obligations of each region where the organization operates.

Answer 263

A

B. conduct a risk assessment.

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST conduct a risk assessment. A risk assessment helps identify and evaluate the potential risks and vulnerabilities associated with the new regulatory requirement. It involves assessing the likelihood and potential impact of non-compliance, identifying existing controls that may already address the requirement, and determining any gaps that need to be addressed. By conducting a risk assessment, the information security manager can prioritize and plan the necessary actions to ensure compliance and mitigate any potential risks associated with the new regulatory requirement. Conducting a risk assessment provides a solid foundation for making informed decisions and taking appropriate actions to align information security controls with the regulatory requirements.

Answer 264

A

D. Risk management

When management changes the enterprise business strategy, it is important to evaluate the existing information security controls and select new ones based on the changes in the business environment and associated risks. Risk management is the process of identifying, assessing, and managing risks to achieve business objectives. It involves evaluating the potential impacts and likelihood of risks, and then implementing appropriate controls to mitigate or manage those risks.

By utilizing risk management, an organization can assess the effectiveness of existing information security controls in light of the new business strategy. It allows for the identification of any gaps or weaknesses in the current controls and provides a framework for selecting and implementing new controls that align with the revised business strategy. Risk management ensures that security measures are appropriately updated to address the evolving risks and support the organization’s objectives.

While access control management (option A), change management (option B), and configuration management (option C) are important processes in information security, they are not specifically focused on evaluating and selecting controls in response to changes in the enterprise business strategy. Risk management is the most relevant process in this context.

Answer 265

A

D. Establish incentives and a channel for staff to report risks.

(Incentives - a thing that motivates or encourages someone to do something. E.G. Extra Paid holiday, etc)

Building a risk-aware culture within an organization requires not only effective communication of threats (option B), but also establishing mechanisms that encourage and support employees to report risks they observe. By establishing incentives and a channel for staff to report risks (option D), organizations can foster a culture where employees are actively engaged in identifying and reporting potential risks. This helps in early detection and mitigation of risks, contributing to improved overall security posture.

Periodically changing risk awareness messages (option A) can be a good practice to keep security awareness fresh, but it alone does not address the fundamental aspect of employees actively reporting risks. Option C, periodically testing compliance with security controls and posting results, is important for assessing the effectiveness of controls but does not specifically focus on building a risk-aware culture.

While all the options may contribute to different aspects of managing risk and security awareness, option D is the most direct and comprehensive approach for building a risk-aware culture by encouraging employees to report risks and ensuring they have the means to do so.

Answer 266

A

C. Create an addendum to the existing contract.

(Addendum - is an item of additional material added at the end of a book or document, typically in order to correct, clarify, or supplement something.)

Creating an addendum to the existing contract (option C) allows the information security manager to address the issue by specifically identifying and including the necessary requirements for safeguarding the organization’s critical data. This ensures that the expectations for data protection are clearly defined and agreed upon by both parties.

Cancelling the outsourcing contract (option A) may be an extreme measure and should only be considered if the issue cannot be resolved through other means. Transferring the risk to the provider (option B) without clearly specifying the requirements may not provide adequate protection for the organization’s critical data.

Initiating an external audit of the provider’s data centre (option D) can be a good practice for assessing the provider’s security controls, but it does not directly address the issue of lacking requirements in the contract.

Therefore, the most appropriate and practical recommendation in this scenario would be to create an addendum to the existing contract (option C) to ensure that the organization’s critical data is adequately safeguarded

Answer 267

A

A. Controls to be monitored

Before implementing a SIEM tool, it is crucial to identify and define the controls that need to be monitored within the organization’s environment. This involves understanding the specific security requirements, regulatory compliance obligations, and the types of events and activities that should be monitored for potential security incidents. By clearly identifying the controls to be monitored, the organization can align the SIEM tool’s capabilities and configuration to effectively detect and respond to security events.

While the other options are also important considerations, they are secondary to determining the controls to be monitored. Reporting capabilities (option B) are valuable for analyzing and presenting security event data, but without a clear understanding of the controls, the reports may not be relevant or effective. The contract with the SIEM vendor (option C) is important for establishing the terms and conditions of the tool’s implementation, but it can be addressed once the controls to be monitored are defined. Available technical support (option D) is essential for ongoing maintenance and troubleshooting, but it should be considered after the controls and requirements are determined.

Therefore, the primary focus should be on identifying the controls to be monitored (option A) as the most important consideration before implementing a SIEM tool.

Answer 268

A

A. Definitions of responsibilities

An enterprise security policy serves as a high-level document that outlines the organization’s approach to information security and sets the direction for security-related activities. It typically includes various components, such as guidelines, standards, procedures, and controls. Among these components, defining responsibilities is a crucial aspect of ensuring effective security management.

By clearly defining responsibilities, the enterprise security policy outlines the roles and accountabilities of individuals or groups within the organization regarding information security. This includes specifying who is responsible for implementing security measures, enforcing policies, and handling security incidents. Defining responsibilities helps establish a clear understanding of the expectations and obligations of each stakeholder, promoting a coordinated and consistent approach to security throughout the organization.

While retention schedules (option B), system access specifications (option C), and organizational risk (option D) are all relevant aspects of information security, they are more likely to be addressed in other supporting documents, such as data retention policies, access control policies, and risk management frameworks. These specific details may be referenced or incorporated into the enterprise security policy, but they are not typically the primary focus of the policy itself.

Therefore, the item most likely to be included in an enterprise security policy is A. Definitions of responsibilities.

Answer 269

A

D. Assess the consequences of noncompliance against the cost of remediation.

This step involves evaluating the potential risks and impacts of noncompliance with the regulatory requirement and comparing them to the cost of remediating the legacy application. By conducting a thorough assessment, the information security manager can gain a clear understanding of the potential consequences the organization may face if it continues to operate the noncompliant application.

Assessing the consequences of noncompliance allows the information security manager to make an informed decision based on a risk-based approach. It provides insights into the potential legal, financial, reputational, and operational risks associated with noncompliance. The manager can then weigh these risks against the cost of remediating the application and determine the most appropriate course of action.

While developing a business case for funding remediation efforts (option A) is important, it should be done after assessing the consequences of noncompliance. This assessment helps provide the necessary information and justification to present a compelling business case for securing the budget needed to address the compliance issue.

Advising senior management to accept the risk of noncompliance (option B) is not recommended as it may expose the organization to significant liabilities and potential penalties. It is essential to assess the risks and explore options for mitigating them rather than accepting noncompliance as a viable solution.

Notifying legal and internal audit (option C) is an important step but should be done after assessing the consequences of noncompliance. Involving legal and audit functions can help gain further guidance and support in addressing the compliance issue effectively.

Therefore, the FIRST step an information security manager should take in this scenario is to assess the consequences of noncompliance against the cost of remediation (option D).

Answer 270

A

C. Ensure security is involved in the procurement process. Most Voted

By involving security in the procurement process, the organization can proactively address security concerns and ensure that security requirements are considered from the beginning. This allows security professionals to provide input, review and evaluate the third-party vendor’s security capabilities, and make informed recommendations to mitigate potential risks.

When security is involved in the procurement process, they can collaborate with the legal department (option A) to review and negotiate the contract terms related to security. This ensures that the contract includes appropriate clauses and provisions to protect the organization’s security interests.

Communicating security policy with the third-party vendor (option B) is important, but it alone may not provide sufficient assurance or address specific security concerns during contract negotiations. While it is necessary to establish a common understanding of security expectations, involving security in the procurement process goes beyond mere communication and allows for a more comprehensive evaluation and alignment of security requirements.

Conducting an information security audit on the third-party vendor (option D) is a valuable step, but it typically occurs after the contract is in place. An audit can provide assurance regarding the vendor’s security controls and practices, but it may not be feasible or practical during contract negotiations. Involving security in the procurement process allows for security considerations to be addressed before the contract is finalized, minimizing potential risks and enhancing the organization’s security posture.

Therefore, ensuring security is involved in the procurement process (option C) is the MOST effective way to address an organization’s security concerns during contract negotiations with a third party.

Answer 271

A

B. Encrypt consumer data in transit and at rest

Encrypting consumer data in transit and at rest provides a strong level of protection for the private information of consumers. This means that the data is securely encoded and can only be accessed by authorized parties with the appropriate decryption keys.

By encrypting data in transit, the information is safeguarded as it is transmitted over networks, preventing unauthorized interception and eavesdropping. This is typically achieved by using secure communication protocols such as HTTPS, which encrypts the data during transmission.

Encrypting data at rest ensures that even if the data is stored or archived on servers or databases, it remains protected from unauthorized access. This involves encrypting the data using encryption algorithms and storing it in an encrypted format. Access to the encrypted data is only granted to authorized individuals who possess the decryption keys.

While applying strong authentication to online accounts (option A) is important for verifying the identity of users, it does not directly address the protection of consumer private information. Authentication focuses on user access control, while data encryption focuses on data protection.

Using a secure encrypted transport layer (option C) is closely related to encrypting data in transit, as it refers to employing secure communication protocols to safeguard the data during transmission. This overlaps with option B and can be considered as part of the broader approach to encrypting consumer data.

Applying a masking policy to the consumer data (option D) involves hiding or obfuscating sensitive information within the data, often by replacing it with placeholder characters. While data masking can be a useful technique for certain scenarios, it may not provide the same level of protection as data encryption. Masking alone may not be sufficient to prevent unauthorized access to consumer private information.

Therefore, the BEST method to protect consumer private information for an online public website is to encrypt consumer data in transit and at rest (option B). This comprehensive approach ensures that the data remains secure both during transmission and while stored, providing a robust safeguard against unauthorized access.

Answer 272

A

B. The ability to centrally manage devices

Centrally managing devices in a BYOD program allows the organization to have control and oversight over the devices used by employees. This includes implementing security policies, enforcing data protection measures, and monitoring device usage to ensure compliance with company standards.

By having the ability to centrally manage devices, the organization can:

Enforce security policies: The organization can configure security settings, such as device encryption, strong passwords, and screen lock requirements, to protect company data. This helps prevent unauthorized access to sensitive information in the event of a device loss.

Remotely wipe or lock devices: In case of a lost or stolen device, the organization can remotely wipe or lock the device to prevent unauthorized access to company data. This feature is crucial in mitigating the risk of data breaches or unauthorized disclosure.

Implement application management: With centralized device management, the organization can restrict the use of unapproved or risky applications on employee devices. This helps maintain the integrity of company data and reduces the risk of malicious software or unauthorized access.

While the ability to remotely locate devices (option A) can be helpful in certain situations, such as tracking a lost or stolen device, it does not provide the same level of data protection as the ability to centrally manage devices. Locating a device does not prevent unauthorized access to company data if the device falls into the wrong hands.

Restricting unapproved applications (option C) is an important security measure, but it is only one aspect of device management. Without centralized management, it can be challenging to enforce application restrictions and ensure compliance across a diverse range of employee devices.

The ability to classify types of devices (option D) can be useful for categorizing devices based on their security capabilities or risk levels. However, it is not the most crucial consideration for protecting company data in the event of a loss. Centralized device management takes precedence as it enables comprehensive control and protection measures across all supported devices.

Therefore, in a BYOD program, the MOST important consideration to protect company data in the event of a loss is the ability to centrally manage devices (option B). This provides the organization with the necessary control and security measures to safeguard company data, enforce policies, and respond effectively to device loss or theft.

Answer 273

A

B. appropriate service level agreements (SLAs) are in place.

Service level agreements (SLAs) are contractual agreements between the organization and the cloud service provider that define the agreed-upon levels of service, performance, and security. By having well-defined SLAs in place, the organization can establish expectations for risk monitoring and timely response from the cloud service provider.

Here’s why option B is the correct choice:

Risk monitoring: SLAs should include provisions for regular risk monitoring by the cloud service provider. This ensures that potential security risks and vulnerabilities are identified and addressed promptly. The SLA should outline the specific risk monitoring activities, frequency, and reporting mechanisms to keep the organization informed about the security status of the cloud services.

Timely response: SLAs should also include provisions for timely response in case of security incidents or breaches. This includes defined response times, escalation procedures, and communication protocols to ensure that the cloud service provider responds promptly and effectively to any security issues that arise.

Accountability and liability: SLAs define the responsibilities and liabilities of both the organization and the cloud service provider. This ensures that the cloud service provider is accountable for the security of the services they provide and that appropriate measures are in place to mitigate risks. It also establishes the consequences if the provider fails to meet the agreed-upon security requirements.

While options A, C, and D (availability of continuous technical support, inclusion of a right-to-audit clause, and presence of internal security standards) are all important considerations in managing risk in the context of cloud services, they do not directly address the specific concern of risk monitoring and timely response. SLAs are specifically designed to define expectations, responsibilities, and accountability between the organization and the cloud service provider, making them the BEST way to address the concern of risk monitoring and timely response.

Answer 274

A

D. Cross-Site Scripting

XSS involves the insertion of malicious code into a website’s web application, which is then executed within the browsers of other clients who visit the infected website. The stolen cookies, hijacked sessions, and malware execution mentioned in the scenario are common outcomes of XSS attacks.

Answer 275

A

B. Enabling.

Enabling refers to the function of specifying user access rights/privileges to computing resources. It involves defining and configuring the permissions and privileges granted to users or user groups, allowing them to access specific resources or perform certain actions within a computing environment. By properly enabling user access rights, organizations can ensure that users have appropriate and authorized access to the resources they need, while maintaining security and preventing unauthorized access.

Answer 276

A

B. Restrictions on the transmission of symmetric and/or asymmetric keys over communication networks.

This is not a factor that needs to be considered when transferring encrypted information or cryptography-based tools between legal jurisdictions according to the ISO/IEC 27000 series.

Answer 277

A

C. Digital signatures are legal unless there is a statutory requirement that predates the digital age.

Digital signatures are generally considered legally valid and enforceable, but there may be specific statutory requirements or regulations in certain countries or industries that govern their use. These requirements could include specific rules regarding the use of digital signatures, certification authorities, key management, or other aspects of the digital signature process.

Therefore, digital signatures are typically legal unless there is a pre-existing statutory requirement or regulation that specifically prohibits or restricts their use. It is important to consider the applicable laws and regulations in each jurisdiction when using digital signatures to ensure compliance.

Answer 278

A

D. 1, 3 and 5.

Authentication: Verifying the identity of users or entities to ensure that they are who they claim to be.

Accounting: Tracking and recording the activities and events related to the use of resources and access to systems.

Authorization: Granting or restricting access to resources based on the authenticated identity and associated permissions.

These three characteristics are crucial for maintaining the security and proper functioning of information systems. By ensuring proper authentication, availability, and accounting, organizations can protect their resources, manage access effectively, and track and analyse system activities for security and compliance purposes.

Answer 279

A

C. ISO 22301

ISO 22301 (option C) is the standard that deals with the implementation of business continuity. ISO 22301 is an international standard for business continuity management systems (BCMS) that provides guidance and requirements for organizations to establish, implement, maintain, and improve their business continuity capabilities. It outlines a systematic approach to identifying potential threats, assessing their impact, and developing and implementing strategies to ensure business continuity in the face of disruptions.

ISO/IEC 27001 (option A) is a standard for information security management systems (ISMS) and focuses on protecting information assets. While it includes some requirements related to business continuity, it is not specifically dedicated to business continuity management.

COBIT (option B) is a framework for IT governance and management, which includes aspects related to risk management and control objectives. While it may touch on elements of business continuity, it is not primarily focused on its implementation.

BS5750 (option D) is an outdated British Standard for quality management systems and does not specifically address business continuity. It has been superseded by the ISO 9000 series.

Answer 280

A

A: Online retailer.

Among the given options, an online retailer would be considered the most at risk from the theft of electronic-based credit card data. Online retailers typically handle a large volume of credit card transactions, and they store and process customer payment information digitally. This makes them an attractive target for cybercriminals who seek to steal credit card data for fraudulent purposes.

Unlike traditional market traders, mail delivery businesses, or agricultural producers, online retailers have a direct involvement in electronic transactions and store sensitive customer data. They are more likely to have systems and databases that store credit card information, making them vulnerable to data breaches if proper security measures are not in place.

It’s important for online retailers to implement robust security measures, including secure payment gateways, encryption of customer data, regular security audits, and compliance with industry standards such as the Payment Card Industry Data Security Standard (PCI DSS), to mitigate the risk of credit card data theft.

Answer 281

A

A: Appointment of a Chief Information Security Officer (CISO).

To improve the security culture within an organization with a top-down approach, the appointment of a Chief Information Security Officer (CISO) at the board level is the most effective action. A CISO is a senior executive responsible for overseeing the organization’s information security program. By having a dedicated CISO in a board-level position, the organization demonstrates a strong commitment to security and establishes a clear chain of accountability for cybersecurity.

The CISO can provide leadership, strategic guidance, and direction for implementing effective security practices throughout the organization. They can collaborate with other senior executives, advise the board on security-related matters, and ensure that security considerations are integrated into business decisions and operations.

While actions like purchasing personal firewalls for senior executives, adopting a “clear desk” policy, or developing a security awareness e-learning course can contribute to enhancing security culture, appointing a CISO has a broader and more significant impact on establishing a strong security posture and driving a culture of security awareness and responsibility throughout the organization.

Answer 282

A

C: Police could previously intercept without lawful authority any communications in the course of transmission through a public post or telecoms system.

The development of specific legislation in most European countries to permit police and security services to monitor communications traffic for specific purposes, such as the detection of crime, is primarily driven by the need to establish lawful authority for such interceptions. Prior to the enactment of these laws, police could intercept communications without lawful authority, which raised concerns about privacy rights and the potential for abuse.

By implementing specific legislation, countries aim to strike a balance between protecting individual privacy rights and enabling law enforcement agencies to carry out their duties effectively. These laws establish clear guidelines and procedures for lawful interception, ensuring that privacy is respected while allowing authorities to gather necessary evidence and prevent or investigate criminal activities.

Options A, B, and D are not the primary reasons for the development of specific legislation for monitoring communications traffic in most European countries. Option A mentions the European Convention of Human Rights, which recognizes the interference with the right to privacy in the interception of telecommunications but does not explain why specific legislation was developed. Option B mentions GDPR, which focuses on data protection and privacy rights but is not directly related to the interception of communications. Option D refers to the previous illegality of surveillance based on the 1950 version of the Human Rights Convention, which is not the primary reason for the development of specific legislation.

Answer 283

A

C: Review of the risk assessment with executive management for final input

In case of disagreement between the information security manager and the business department manager regarding the evaluation of risks and identified risks, involving executive management can help in resolving the issue. Reviewing the risk assessment with executive management allows for their input and perspective on the matter. This helps in achieving a balanced and informed decision that takes into account both the security concerns of the information security manager and the business objectives of the organization.

Answer 284

A

C: Time server

A time server helps ensure that all devices on a network are synchronized with accurate time. By having consistent and accurate timestamps on log entries from different devices, it becomes easier to correlate events and identify the sequence of actions leading to a security breach. Time synchronization is crucial for accurate analysis and investigation of security incidents.

Answer 285

A

b) Governance

Governance is concerned with policy and direction, providing the framework and rules that guide the organization’s activities and ensure alignment with business goals and compliance with regulations.

Answer 286

A

(A)Minimize the number of entrances

By reducing the number of entrances, the potential points of vulnerability and unauthorized access are limited, enhancing overall security. Thank you for pointing out the mistake.

Answer 287

A

(D) It blinds the approaching intruder’s view of the scene.

By positioning projection lighting at the same height as the barbed wire topping of a fence, it creates a glare or bright light that obstructs the view of anyone attempting to climb over the fence. This makes it more difficult for intruders to assess the scene or identify potential obstacles or security measures.

Answer 288

A

(A) guidelines and practices of security controls

ISO 27002 provides guidance on information security management and serves as a comprehensive set of controls and best practices for organizations to implement in order to protect their information assets. It covers various aspects of information security, including risk management, access control, incident management, and compliance.

Answer 289

A

(C) Cold site

A cold site is a backup processing alternative that provides a computing facility with minimal data and resources. It typically includes telecommunications equipment and some systems but lacks up-to-date or synchronized data. Organizations would need to restore their data and systems in the event of a disaster or disruption when using a cold site.

Answer 290

A

(A) document recovery specialists.

When important documents have been soaked in water during fire suppression efforts, they are typically restored by document recovery specialists. These specialists have the expertise and equipment to handle water-damaged documents, assess the extent of the damage, and employ appropriate techniques to salvage and restore the documents. This may involve drying, cleaning, and dehumidifying the documents to prevent further damage and restore them as much as possible to their original condition. Human Resources personnel, document library personnel, and fire department specialists may not possess the specialized knowledge and resources required for effective document restoration in such situations.

Answer 291

A

(D) Owner

In a discretionary access control (DAC) mode, the delegation authority to grant access to information lies with the owner of the information. The owner has the discretion to determine who can access their information and can delegate access control decisions to other individuals or roles within the organization.

Answer 292

A

(B) European Union Principles

The European Union has developed comprehensive privacy regulations known as the General Data Protection Regulation (GDPR), which sets out principles and requirements for the protection of personal data within the European Union. These principles are specific to privacy and govern the handling, processing, and transfer of personal data.

Answer 293

A

(A) Spoofing

Spoofing attacks involve an attacker impersonating a legitimate entity or device to gain unauthorized access to a network or system. By implementing authentication measures, such as username and password verification or multi-factor authentication, the system can verify the identity of the entities attempting to access it and prevent spoofing attacks.

Answer 294

A

A. Phishing

Phishing involves sending deceptive emails or messages to individuals, impersonating reputable organizations or individuals, with the goal of tricking them into revealing sensitive information such as passwords, credit card numbers, or personal details.

Answer 295

A

C. Vishing

Vishing is a form of social engineering where attackers make phone calls to individuals, posing as legitimate entities such as banks or government agencies, in order to trick them into revealing sensitive information or performing certain actions.

Answer 296

A

C. Shoulder surfing

Shoulder surfing is a form of visual eavesdropping where an attacker observes or “surfs” the target’s actions, such as typing passwords or accessing sensitive information, by looking over their shoulder. This technique is used to gather confidential information without the target’s knowledge or consent.

Answer 297

A

C. Whaling

Whaling attacks are specifically aimed at senior executives, high-ranking officials, or individuals in prominent positions within an organization. The goal is to deceive and trick them into revealing sensitive information or performing actions that could compromise the organization’s security. These attacks often employ sophisticated techniques and personalized messages to increase their effectiveness.

Answer 298

A

C. Gaining unauthorized access to restricted areas by following another person.

In physical security, tailgating occurs when an individual without proper authorization follows closely behind an authorized person to gain entry to a secure area. The unauthorized person takes advantage of the authorized person’s access rights and proximity to bypass security measures such as access control systems or identification checks. This is a security vulnerability as it compromises the integrity of restricted areas and can lead to unauthorized individuals entering sensitive or secure locations.

Answer 299

A

B. Impersonation

Impersonation involves pretending to be someone else in order to deceive individuals and gain their trust or access to sensitive information. In the context of social engineering, impersonation can involve assuming the identity of a trusted individual or a representative of a legitimate organization to manipulate victims into revealing personal or confidential information. This information can then be used for identity theft purposes, such as accessing financial accounts or committing fraud.

Answer 300

A

True

Dumpster diving is a practice in which individuals search through trash or discarded materials in order to find valuable or sensitive information. In the context of computer security, dumpster diving specifically refers to searching through trash for documents or materials containing sensitive data that can be used for malicious purposes, such as social engineering attacks.

In the given statement, it is mentioned that shredding or incinerating documents before disposal can make dumpster diving less effective and mitigate the risk of social engineering attacks. This statement is true because by destroying the documents, the sensitive information they contain becomes unreadable and unusable, reducing the likelihood of it being exploited by individuals with malicious intent. Proper disposal methods, such as shredding or incineration, are recommended security practices to prevent unauthorized access to sensitive information.

Answer 301

A

True

The term “Evil twin” refers to a rogue Wireless Access Point (WAP) that is maliciously set up to deceive users. It mimics a legitimate access point by advertising the same Service Set Identifier (SSID) and tricks connecting hosts into believing it is a trusted network. The purpose of an evil twin is typically to eavesdrop on network traffic or steal sensitive user data.

Answer 302

A

B. Malware

Malware refers to harmful programs or software that are designed to disrupt computer operations, gather sensitive information, or gain unauthorized access to computer systems. It is a broad term that encompasses various types of malicious software, including viruses, worms, Trojans, spyware, adware, and ransomware. Malware can cause damage to computer systems, compromise data security, and invade user privacy. It is important to have effective security measures in place to prevent and detect malware infections.

Answer 303

A

True

A Trojan horse is a type of malware that disguises itself as a legitimate program but contains hidden malicious code. It tricks users into installing or running it, often by appearing as a useful or harmless application. Once installed, the Trojan horse can perform various harmful actions without the user’s knowledge or consent. The term “Trojan horse” refers to the Greek myth where a giant wooden horse was used to deceive and infiltrate the city of Troy. Similarly, a Trojan horse malware deceives users to gain unauthorized access or perform malicious activities on their systems.

Answer 304

A

A. Rootkit

A rootkit is a collection of software tools that are designed to conceal the presence of an intruder or malicious activity on a computer or computer network. It is typically used by hackers to gain unauthorized administrator-level access to a system and maintain control over it without being detected. Rootkits are often installed through exploit techniques and once installed, they can modify or replace operating system components to hide their presence and provide backdoor access for the attacker. Rootkits can be very difficult to detect and remove, making them a potent tool for cybercriminals.

Answer 305

A

D. Defence in depth.

(Data redundancy refers to the practice of keeping data in two or more places within a database or data storage system.)

Defence in depth is a security concept that involves implementing multiple layers of security controls to provide redundancy and mitigate the impact of security control failures or vulnerabilities being exploited. By having multiple layers of protection, if one control fails or is bypassed, other controls can still provide protection and prevent or minimize the impact of a security incident. It is a proactive approach to security that aims to provide comprehensive and layered protection for systems and data.

Answer 306

A

D. Spyware

Spyware is a type of malicious software that is designed to collect information about users without their knowledge or consent. It is typically installed on a computer or device without the user’s awareness and operates in the background, collecting data such as browsing habits, keystrokes, passwords, and personal information. The collected data is often sent to remote servers or used for unauthorized purposes, such as identity theft or targeted advertising. Spyware can be spread through various means, including malicious email attachments, infected websites, or bundled with other software. Its presence can compromise user privacy and security, making it important to have robust anti-spyware measures in place.

Answer 307

A

A. Polymorphic

Polymorphic viruses are a type of malware that can change their code or appearance to evade detection by antivirus software. They use various techniques such as encryption, obfuscation, and code mutation to alter their structure while maintaining their functionality. This ability to change their form makes it challenging for traditional signature-based antivirus programs to identify and block them effectively. Polymorphic viruses are designed to be highly adaptable and can generate multiple variations of themselves, making it difficult for security software to keep up with their constantly evolving nature.

Answer 308

A

C. application, transport, network, internet, network interface

The layers in the TCP/IP model, ordered from highest to lowest, are as follows:

Application layer: This layer includes protocols and services that enable communication between applications running on different devices, such as HTTP, FTP, SMTP, and DNS.

Transport layer: This layer is responsible for the reliable delivery of data between hosts and includes protocols like TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Network layer: Also known as the Internet layer, this layer handles the routing of data packets across different networks. It includes the IP (Internet Protocol) protocol.

Internet layer: This layer defines the format of IP packets and the logical addressing scheme used to identify devices on a network. It includes protocols such as IPv4 and IPv6.

Network interface layer: This layer is responsible for the physical transmission of data packets over a network and includes protocols and technologies specific to the network interface, such as Ethernet, Wi-Fi, and Bluetooth.

Answer 309

A

D. datalink

The layer of the OSI (Open Systems Interconnection) model that converts IP (Internet Protocol) addresses to MAC (Media Access Control) addresses is the datalink layer. The datalink layer is responsible for providing the means to transfer data between adjacent network nodes and is divided into two sublayers: the LLC (Logical Link Control) sublayer and the MAC (Media Access Control) sublayer.

The MAC sublayer is specifically responsible for addressing and accessing the physical media, including the conversion of logical addresses (such as IP addresses) to physical addresses (such as MAC addresses) for transmission over the network.

Answer 310

A

D. kernel, device drivers, applications

The rings of security, from innermost to outermost, typically refer to the security rings in the context of operating systems and system architecture. The most common representation of these rings is:

Kernel or Ring 0: This is the innermost ring where the core operating system components and critical system processes reside. It has the highest level of privilege and controls access to hardware resources.

Device Drivers or Ring 1/2: This ring includes device drivers and other low-level system components that interact with hardware devices. It has elevated privileges compared to user-level processes but lower privileges than the kernel.

Applications or Ring 3: This is the outermost ring where user-level applications and processes run. It has the least privilege and limited access to system resources. Most user applications operate in this ring.

Answer 311

A

C. Fraggle

In a Fraggle attack, the attacker sends a large number of User Datagram Protocol (UDP) packets with a spoofed source IP address to a network’s broadcast address. These UDP packets are typically sent to the destination port used by the ICMP Echo service (ping). As a result, the ICMP reply from the target system is flooded back to the victim, overwhelming its network connection and causing a denial-of-service (DoS) condition.

This type of attack is similar to the Smurf attack, but instead of using ICMP Echo packets, Fraggle attacks utilize UDP packets to generate excessive traffic and disrupt the target network.

Answer 312

A

A. retrovirus

A retrovirus is a specific type of virus that has the ability to attack and modify the antivirus software itself. It can alter the code or functionality of the antivirus program, making it ineffective in detecting and removing the retrovirus. Retroviruses are designed to evade detection by security measures and can be particularly challenging to remove from an infected system.

Answer 313

A

C. measure, create, analyse, identify

The stages of developing a Business Continuity Plan (BCP) ordered from last to first are as follows:

Identify: Identify critical business functions, processes, and resources that need to be protected and prioritize them based on their importance and impact on the organization.
Analyze: Conduct a risk assessment and business impact analysis to assess potential risks and vulnerabilities that could disrupt the identified critical functions. This involves evaluating the likelihood and potential impact of various threats.
Create: Develop strategies and plans for mitigating risks and addressing potential disruptions. This includes developing recovery strategies, defining incident response procedures, and establishing communication and coordination protocols.
Measure: Implement measures to monitor and measure the effectiveness of the BCP. This includes regularly reviewing and testing the plan to identify areas for improvement and ensure its ongoing relevance and effectiveness.

Answer 314

A

B. Cryptominer

Cryptominers are a type of malware that utilize the computing resources of a compromised system to mine cryptocurrency without the owner’s consent or knowledge. This malicious software can significantly impact system performance and can be challenging to detect as it operates in the background.

Answer 315

A

E. OS reinstallation

OS reinstallation is a drastic measure that can effectively remove malware, but it is time-consuming and should be considered as a last resort.

Answer 316

A

B. PKI (Public Key Infrastructure)

PKI is a hierarchical system that provides a framework for issuing, managing, and verifying digital certificates. It involves a Certificate Authority (CA) that acts as a trusted third party, issuing digital certificates to entities such as individuals, organizations, or devices, and ensuring the integrity and authenticity of those certificates. PKI plays a crucial role in establishing secure communication and enabling features like encryption, authentication, and digital signatures.

Answer 317

A

C. CA (Certificate Authority)

A Certificate Authority is a trusted third party responsible for issuing digital certificates used for creating digital signatures and public-private key pairs. The CA verifies the identity of the certificate holder and digitally signs the certificate to ensure its authenticity and integrity. The digital certificates issued by a CA play a crucial role in establishing secure communication and enabling various security features in applications and systems.

Answer 318

A

A. Accepting requests for digital certificates
C. Authenticating the entity making the request

A. Accepting requests for digital certificates: The Registration Authority (RA) plays a role in accepting requests for digital certificates from individuals or entities. The RA acts as an intermediary between the certificate requester and the Certificate Authority (CA) by receiving and verifying the certificate requests.

C. Authenticating the entity making the request: The RA is responsible for authenticating the identity of the entity making the certificate request. The RA verifies the identity of the requester and ensures that they meet the necessary criteria to obtain a digital certificate.

Answer 319

A

B. CRL (Certificate Revocation List)
C. OCSP (Online Certificate Status Protocol).

CRL (Certificate Revocation List): A CRL is a list of digital certificates that have been revoked by the Certificate Authority (CA) before their expiration date. It contains information about revoked certificates such as their serial numbers and the date of revocation. By checking the CRL, one can determine if a particular digital certificate is still valid or has been revoked.

OCSP (Online Certificate Status Protocol): OCSP is a protocol used to obtain the real-time status of a digital certificate. It allows a client to send a request to the CA or an OCSP responder to check if a specific certificate is still valid or has been revoked. The response received from the OCSP responder contains information about the certificate’s status, such as “good,” “revoked,” or “unknown.”

Answer 320

A

C. OCSP (Online Certificate Status Protocol)

OCSP allows for real-time checking of the revocation status of a digital certificate. When a client needs to verify the validity of a certificate, it sends a request to the OCSP responder, which is typically operated by the Certificate Authority (CA) or a trusted third party. The OCSP responder then responds with the current status of the certificate, such as “good,” “revoked,” or “unknown.”

Compared to CRL (Certificate Revocation List), which is a static list that needs to be downloaded and regularly updated, OCSP provides a more efficient and timely method for checking the validity of a digital certificate. With OCSP, the client can directly query the OCSP responder to obtain the certificate’s status without the need to download and process a large list of revoked certificates.

Key escrow and CSR (Certificate Signing Request) are not directly related to checking the validity of a certificate. Key escrow involves storing cryptographic keys with a trusted third party, while CSR is a file used to request a digital certificate. They do not provide a means for quickly checking the validity of a certificate.

Answer 321

A

B. CSR (Certificate Signing Request).

A CSR is a file that contains the information required for a Certification Authority (CA) to issue a digital certificate. It typically includes the public key and information about the entity (such as organization name, domain name, and contact details) for which the certificate is being requested. The entity generates the CSR and submits it to the CA as part of the certificate issuance process.

CBC (Cipher Block Chaining), CFB (Cipher Feedback), and CRL (Certificate Revocation List) are not directly related to the process of requesting a digital certificate. CBC and CFB are modes of operation used in cryptographic algorithms, while CRL is a list that contains information about revoked certificates.

Answer 322

A

Risk acceptance

Residual risk refers to the level of risk that remains after risk mitigation measures have been implemented. It represents the risk that an organization or individual is willing to accept or tolerate. Risk acceptance involves acknowledging and accepting the existence of residual risk and consciously deciding not to implement further risk mitigation measures, either because the cost of additional controls outweighs the potential impact of the risk or because it aligns with the risk appetite of the organization.

Risk deterrence, risk transference, and risk avoidance are strategies used to manage risk but are not specifically associated with residual risk. Risk deterrence focuses on discouraging potential risks through preventive measures, risk transference involves shifting the risk to a third party (such as through insurance), and risk avoidance entails avoiding activities or situations that pose a significant risk altogether.

Answer 323

A

Risk avoidance

Risk avoidance is a risk management strategy that involves taking actions to eliminate or avoid certain risks altogether. It aims to minimize exposure to potential threats by implementing measures to prevent or stop activities that could lead to adverse consequences. In the given example, the organization chooses to disable system functions or shut down the system to avoid the identified risks and mitigate their potential impact.

Risk acceptance refers to the conscious decision to accept the existence of residual risk and not implement further risk mitigation measures. Risk transference involves shifting the risk to a third party, such as through insurance or outsourcing. Risk deterrence focuses on discouraging potential risks through preventive measures.

Answer 324

A

Risk transference

Risk transference is a risk management strategy that involves shifting the responsibility for managing a risk to a third party. In the given example, the company acknowledges that their employees lack the required skills for the specialized technical component, and instead of trying to develop those skills internally, they transfer the risk by contracting out the task to a third-party vendor or service provider who possesses the necessary expertise.

Risk deterrence focuses on discouraging potential risks through preventive measures. Risk avoidance involves taking actions to eliminate or avoid certain risks altogether. Risk acceptance refers to the conscious decision to accept the existence of residual risk and not implement further risk mitigation measures.

Answer 325

A

Risk transference.

Risk transference is a risk management strategy where an organization transfers the financial impact of potential risks to an insurance provider. In the case of cybersecurity insurance, the organization transfers the risk of financial losses resulting from cyber incidents or data breaches to the insurance company. If a cyber incident occurs and causes financial damages, the organization can file a claim with their cybersecurity insurance provider to mitigate the financial impact.

Risk avoidance involves taking actions to eliminate or avoid certain risks altogether. Risk deterrence focuses on discouraging potential risks through preventive measures. Risk acceptance refers to the conscious decision to accept the existence of residual risk and not implement further risk mitigation measures.

Answer 326

A

Implementation of security controls.

Risk mitigation involves taking proactive measures to reduce the likelihood or impact of identified risks. One common approach to risk mitigation in cybersecurity is the implementation of various security controls. These controls can include measures such as firewalls, intrusion detection systems, access controls, encryption, and regular security patches and updates. By implementing these security controls, organizations aim to mitigate the risks associated with potential threats and vulnerabilities, thereby reducing the likelihood of successful attacks or minimizing their impact if they occur.

System shutdown, IT personnel outsourcing, and cybersecurity insurance are not specific examples of risk mitigation strategies. System shutdown may be a response to a risk or incident, but it is not a proactive mitigation measure. IT personnel outsourcing and cybersecurity insurance are examples of risk transference strategies, where the organization transfers the risk to external entities rather than mitigating it directly.

Answer 327

A

Risk register

A risk register is a document that systematically captures and records information about identified risks within an organization. It provides detailed information about each risk, including its description, likelihood, impact, risk owner, mitigation measures, and current status. The risk register helps in centralizing and organizing the information related to cybersecurity risks, allowing for better risk management and decision-making.

A risk heat map and risk matrix are visual representations of risks that help prioritize and assess their severity but do not typically contain detailed information. A risk repository is a broader term that can refer to a centralized storage or database of risk-related information, which may include the risk register but can also encompass other risk-related documents and artifacts.

Answer 328

A

Quantitative risk assessment

Quantitative risk assessment involves assigning numerical values to various components of risk, such as asset value, threat likelihood, and potential loss. It aims to quantify the potential impact and financial implications of risks by using mathematical calculations and data analysis. The Single Loss Expectancy (SLE) is a quantitative metric that represents the estimated monetary value associated with a single occurrence of a risk event or loss. It is calculated by multiplying the asset value by the exposure factor, which represents the percentage of loss that would occur if the risk event happens.

On the other hand, qualitative risk assessment involves a more subjective and descriptive evaluation of risks, focusing on qualitative characteristics such as likelihood, impact, and risk prioritization. Risk deterrence and risk acceptance are risk management strategies that are not directly related to the calculation of the Single Loss Expectancy.

Answer 329

A

Hub: It is a central device that connects multiple devices in a network, allowing them to communicate with each other.

Network cabling: It provides the physical medium for transmitting data signals between devices.

Repeater: It is used to regenerate and amplify signals to extend the reach of a network over longer distances.

Answer 330

A

B. AES (Advanced Encryption Standard).

AES is a widely used symmetric encryption algorithm that was established as a standard by the National Institute of Standards and Technology (NIST) in 2001. It is considered secure and efficient for encrypting electronic data. RSA (A) is an asymmetric encryption algorithm, DES (C) is an older symmetric encryption algorithm, and PGP (D) is a protocol for secure communication but not a specific encryption algorithm.

Answer 331

A

Layer 1

The physical layer of the OSI model is responsible for the physical transmission of data over a communication network. It deals with the physical medium, such as cables, connectors, and signalling, and focuses on the electrical, mechanical, and timing aspects of the communication. It is the lowest layer of the OSI model. Layer 2 is the Data Link Layer, Layer 7 is the Application Layer, and Layer 4 is the Transport Layer.

Answer 332

A

The characteristic components of the OSI data link layer are:

MAC address: The data link layer uses MAC (Media Access Control) addresses to uniquely identify devices on a local network.
Network switch: Switches operate at the data link layer and are responsible for forwarding data between devices on a local network.
Ethernet frame: The data link layer encapsulates network layer packets into frames, which include source and destination MAC addresses, as well as other control information.

Answer 333

A

Data link layer

The Data link layer, also known as Layer 2 of the OSI model, is responsible for the reliable transfer of data between directly connected network nodes. It establishes and terminates the logical link between two devices, handles error detection and correction, and controls access to the physical transmission medium. This layer is concerned with organizing and structuring data into frames and ensuring their proper delivery over the network.

Answer 334

A

Switch.

A switch is a data link layer device that receives data frames from one network segment and forwards them selectively to the appropriate destination on another network segment. It operates at Layer 2 of the OSI model and uses MAC addresses to determine the correct port to forward the frames. Switches provide improved network performance and security by reducing collisions and optimizing bandwidth usage.

Answer 335

A

Router: A router is a network layer device that forwards data packets between different networks based on the destination IP address.
IP address: An IP address is a unique identifier assigned to devices on a network, and it is used by the network layer to route data packets to their destinations.
Packet: A packet is a unit of data that is encapsulated with network layer headers and trailers, containing the necessary information for routing and delivering the data across networks.

Answer 336

A

IP (Internet Protocol).

IP is responsible for the addressing, routing, and fragmentation of packets in an interconnected network. It provides a standardized format for packet headers that include source and destination IP addresses, as well as other information necessary for the delivery of data across networks.

Answer 337

A

Layer 3

Layer 3, the network layer, is responsible for logical addressing, routing, and the fragmentation and reassembly of data packets. It provides the necessary functions to enable end-to-end communication between hosts on different networks by using IP addressing and routing protocols.

Answer 338

A

Transport layer

Layer 4 of the OSI model is known as the Transport layer. The Transport layer is responsible for the reliable delivery of data between end systems or hosts. It ensures that data is properly segmented, sequenced, and delivered without errors or loss. It also manages end-to-end communication, flow control, and error recovery mechanisms. Some common protocols operating at Layer 4 include TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).

Answer 339

A

Session layer

Layer 5 of the OSI model is referred to as the Session layer. The Session layer is responsible for establishing, managing, and terminating sessions or connections between applications on different network devices. It provides services such as session establishment, maintenance, and synchronization, as well as checkpointing and recovery of sessions in case of interruptions or failures. The Session layer ensures that data exchanges between applications are organized and coordinated.

Answer 340

A

Session layer

The OSI layer that assumes the responsibility for opening, closing, and maintaining connections between applications is the Session layer. The Session layer (Layer 5) of the OSI model manages the establishment, maintenance, and termination of sessions or connections between applications on different network devices. It provides services for session establishment, synchronization, and coordination, allowing applications to communicate and exchange data in an organized and controlled manner.

Answer 341

A

Session layer of the OSI model

Authentication and authorization typically take place at the Session layer (Layer 5) of the OSI model. The Session layer is responsible for establishing, managing, and terminating sessions between applications. It provides services such as session establishment, session maintenance, and session termination. During the session establishment phase, authentication and authorization mechanisms can be employed to verify the identity of the communicating entities and determine their access privileges. These mechanisms help ensure secure and authorized communication between applications. Thank you for pointing out the mistake.

Answer 342

A

Layer 6 of the OSI model

The term “Presentation layer” refers to Layer 6 of the OSI model. The Presentation layer is responsible for the formatting, encryption, and compression of data to be transmitted across a network. It ensures that data from the application layer is properly formatted and prepared for network transmission. This layer handles tasks such as data encryption and decryption, data compression and decompression, and data syntax conversion. Its main focus is to provide a standardized format for data exchange between different systems.

Answer 343

A

Presentation layer of the OSI model

Data format translation, data compression, and data encryption/decryption take place at the Presentation layer of the OSI model. The Presentation layer is responsible for ensuring that the data sent by the application layer is properly formatted and presented to the receiving application. This layer handles tasks such as data conversion between different data formats, data compression to reduce the size of the data for efficient transmission, and data encryption/decryption to secure the data during transmission. The Presentation layer prepares the data in a way that is independent of the application and network layers, ensuring that the data can be properly understood by the receiving application.

Answer 344

A

Layer 7

The application layer of the OSI model is also known as Layer 7. The application layer is the topmost layer of the OSI model and is responsible for providing network services and application functionality to end-user applications. It interacts directly with software applications and enables communication and data exchange between different network devices. This layer includes protocols and services that support a wide range of applications such as email, web browsing, file transfer, and remote access. The application layer protocols define the syntax and semantics of the data exchanged between applications, allowing them to communicate with each other over the network.

Answer 345

A

The protocols that reside at the application layer of the OSI model are:

HTTP (Hypertext Transfer Protocol): Used for web browsing and communication between web clients and servers.
FTP (File Transfer Protocol): Used for transferring files between a client and a server.
SMTP (Simple Mail Transfer Protocol): Used for sending and receiving email messages.

These protocols are responsible for providing application-level services and functionality to the end users.

Answer 346

A

Encryption: It involves the use of algorithms to convert data into a format that cannot be easily understood by unauthorized individuals.
Access control methods: These are mechanisms and techniques used to control and restrict access to sensitive information.
Steganography: It is the practice of hiding information within other seemingly innocuous data to maintain confidentiality.

Answer 347

A

Hashing: It is the process of using a cryptographic hash function to generate a unique hash value for a given set of data. It is used to verify the integrity of the data by comparing the computed hash value with the original hash value.
Digital signatures: They are used to ensure the integrity of digital documents or messages. A digital signature is created using the sender’s private key and can be verified using the sender’s public key, providing assurance that the content has not been altered.
Digital certificates: used to verify the authenticity and integrity of digital data. They are issued by a trusted third party called a Certification Authority (CA). A digital certificate includes information about the entity to which it is issued, such as their public key and identity information. The digital certificate is signed by the CA using their private key, creating a digital signature.
Non-repudiation: It refers to the concept of preventing someone from denying that they have performed a particular action. In the context of integrity, non-repudiation mechanisms ensure that a sender cannot deny sending a message or making a specific change to a document.

Answer 348

A

Redundancy: Redundancy is the duplication of critical components or systems to ensure that if one fails, another can take its place and maintain the availability of services.
Fault tolerance: Fault tolerance refers to the ability of a system or network to continue functioning properly even in the presence of faults or failures. It involves designing systems that can detect and recover from failures to maintain availability.
Load balancing: Load balancing is the distribution of network traffic across multiple servers or resources to ensure that no single resource is overwhelmed, optimizing resource utilization and maintaining availability.
Patch management: Patch management refers to the process of regularly applying updates and patches to software and systems to address vulnerabilities and improve system stability. Effective patch management helps mitigate risks and maintain system availability.

Answer 349

A

Insider threat

An insider threat refers to individuals within an organization who have authorized access to systems, data, or networks and misuse that access for malicious purposes. In the context of the question, the disgruntled employee is using their legitimate access to harm the company or its resources, making them an insider threat.

Answer 350

A

1.DLP system (Data Loss Prevention): A DLP system helps prevent unauthorized access, use, or distribution of sensitive data. It can monitor and control data movements, detect and block unauthorized activities, and provide visibility into data handling within the organization.

Principle of least privilege: Granting users the minimum level of access required to perform their job responsibilities helps minimize the potential damage that a malicious insider can cause. By limiting privileges, the scope of unauthorized actions is reduced.
Usage auditing and review: Regularly monitoring and reviewing user activities, system logs, and access logs can help detect any suspicious or abnormal behaviour by insiders. This enables timely identification of potential threats and allows for appropriate actions to be taken.

Answer 351

A

Improperly configured accounts

When user accounts are improperly configured, it means that they have been granted excessive privileges or permissions that go beyond what is necessary for their job functions. This violates the principle of least privilege, which states that users should only have the minimum privileges required to perform their tasks.

Improperly configured accounts can lead to security vulnerabilities and increase the risk of unauthorized access or misuse of resources. It is important to properly manage and configure user accounts to ensure that they align with the principle of least privilege, reducing the potential for security breaches.

Answer 352

A

CVE (Common Vulnerabilities and Exposures).

CVE is a widely recognized and commonly used vulnerability database that provides a standardized identifier for known vulnerabilities. It is maintained by the MITRE Corporation and serves as a comprehensive resource for tracking and documenting vulnerabilities in software and hardware systems.

CVE assigns a unique identification number to each vulnerability, making it easier for organizations and security professionals to reference and share information about specific vulnerabilities. It enables better coordination and collaboration in addressing security issues by providing a common language and reference point for vulnerability management.

DBA (Database Administrator) refers to a professional responsible for managing and maintaining databases.
DBaaS (Database as a Service) refers to a cloud-based service that provides database management and infrastructure.
AIS (Automated Information System) refers to a computer system or network used for the collection, processing, storage, and dissemination of information.

Answer 353

A

Port-based NAC (Network Access Control).

802.1X is an IEEE standard that defines the protocol for port-based network access control. It provides an authentication mechanism for controlling access to network resources, particularly in wired and wireless networks. With 802.1X, devices attempting to connect to a network are required to authenticate themselves before being granted access.

This standard is commonly used in enterprise environments to ensure that only authorized devices can connect to the network. It uses the Extensible Authentication Protocol (EAP) framework to facilitate the authentication process, which can involve methods such as username/password, digital certificates, or other authentication mechanisms.

While VLAN tagging and token ring networks are network technologies, they are not specific to the implementation of 802.1X. 802.1X is commonly used in wireless networks to secure access points and control device authentication.

Answer 354

A

Honeypot

A honeypot is a monitored host or network resource that is intentionally designed to attract and trap potential attackers. It is typically set up to appear as a valuable target with the aim of diverting the attacker’s attention from the actual corporate network or sensitive systems.

The honeypot is configured to mimic the behaviour and vulnerabilities of real systems, making it appear enticing to attackers. It can simulate various types of services, such as web servers, email servers, or database servers, to attract different types of attacks. By monitoring the activities on the honeypot, organizations can gain insights into the tactics, techniques, and tools used by attackers, helping them enhance their security defenses and protect their actual network.

A captive portal is a web page that requires users to authenticate or agree to terms and conditions before accessing a network. It is commonly used in public Wi-Fi networks or guest networks.

A rogue access point refers to an unauthorized wireless access point that has been installed on a network without proper authorization.

Flood guard, on the other hand, is a network security mechanism designed to detect and mitigate various types of flooding attacks, such as Distributed Denial of Service (DDoS) attacks.

Answer 355

A

Spam

Spam refers to unsolicited and unwanted bulk messages, typically sent via email, but it can also occur through other communication channels like instant messaging or social media. Spam messages are usually commercial in nature, promoting products, services, or fraudulent schemes. They are sent without the recipient’s consent and often in large volumes.

Spyware is malicious software designed to gather sensitive information without the user’s knowledge or consent. It is typically used for spying on user activities, capturing passwords, or collecting personal data.

Adware, on the other hand, is software that displays advertisements on a user’s device, often in the form of pop-up ads or banners. While it can be unwanted and disruptive, adware is not necessarily malicious like spyware or malware.

Malware is a general term used to describe any malicious software designed to harm or exploit computer systems. It includes various types of harmful programs such as viruses, worms, ransomware, and spyware. While some types of malware may be involved in delivering spam messages, spam itself refers specifically to unsolicited advertising messages rather than the malware itself.

Answer 356

A

SPIM (Spam over Instant Messaging)

SPIM refers to unsolicited advertising messages sent through instant messaging platforms. It involves the sending of unwanted text-based messages containing advertisements or promotional content. SPIM is similar to email spam but is specifically targeted at instant messaging services.

Answer 357

A

Traffic redirection
Fraudulent website
Credential harvesting

Traffic redirection: Users are redirected to fake websites that closely resemble legitimate websites, with the intention of stealing sensitive information such as login credentials, credit card details, or personal information.

Fraudulent website: Pharming involves the creation of counterfeit websites that mimic the appearance and functionality of legitimate websites, aiming to deceive users into providing their personal or financial information.

Credential harvesting: refers to the act of capturing and stealing user login credentials, such as usernames and passwords, usually through deceptive means or malicious techniques.

Answer 358

A

Prepending

Prepending refers to the act of adding misleading or deceptive information to a URL, typically at the beginning, in order to trick users into visiting malicious websites or disclosing sensitive information. Thank you for pointing out the error.

Answer 359

A

Virus hoax.

A virus hoax is a type of deceptive message or email that spreads false information about a non-existent computer security threat. It typically tricks users into taking unnecessary actions, such as deleting system files or sharing the message with others. The intention is to create panic or confusion rather than to deliver a genuine security warning.

Answer 360

A

Websites.

In the context of cyber attacks, a watering hole attack is a technique where the attacker compromises a legitimate and trusted website that is frequently visited by the target individuals or group. By exploiting vulnerabilities in the website, the attacker injects malicious code or content that can infect the visitors’ devices and gain unauthorized access to their systems. The compromised website serves as the platform for launching the attack, making it a crucial component of the watering hole attack strategy.

Answer 361

A

Consensus

In this scenario, the attacker creates a false sense of consensus by generating fake reviews and testimonials that appear to be from multiple sources. By presenting these fake endorsements, the attacker aims to manipulate the user’s perception of the app’s popularity and desirability. The user is more likely to trust the app and make a purchasing decision based on the belief that many others have already done so and had positive experiences. This tactic leverages the psychological principle of consensus to influence the user’s decision-making process.

Answer 362

A

Chain of custody

In forensic procedures, the chain of custody is a chronological record that documents the handling and movement of evidence from the time it is collected until it is presented in a court of law. It includes detailed information about each person who has had possession of the evidence, along with the date, time, and purpose of the transfer. The chain of custody is essential to maintain the integrity and admissibility of the evidence, ensuring that it has not been tampered with or compromised during the investigation process.

Answer 363

A

Order of volatility

In forensic procedures, the order of volatility refers to a sequence of steps or priorities in which different types of evidence should be collected and preserved based on their volatility or likelihood of being lost or altered over time. It helps investigators prioritize their actions to ensure the preservation of critical evidence before it becomes compromised or inaccessible. The order of volatility typically involves collecting volatile data first, such as live system memory, followed by data from temporary storage, logs, and finally, data from long-term storage. This approach helps maximize the chances of obtaining accurate and complete evidence during the forensic investigation.

Answer 364

A

C. Cache memory -> RAM -> Swap/Pagefile -> Temporary files -> Disk files -> Archival media

In a typical computer system, the order of volatility starts with the most volatile data and progresses to less volatile data. Cache memory is the most volatile as it holds temporary data accessed by the CPU. RAM (Random Access Memory) is the next level, where active processes and data reside. Disk files come next, representing the long-term storage on hard drives or solid-state drives. Temporary files refer to temporary storage areas used by applications. Swap/Pagefile is the virtual memory or paging file used when RAM is insufficient. Lastly, archival media refers to offline or backup storage that is less likely to change or be modified.

By following this order of volatility, forensic investigators can prioritize the collection and preservation of data that is more likely to be lost or altered over time, ensuring the integrity of the evidence during the investigation.

Answer 365

A

Hashing & Checksums

Hashing involves generating a unique hash value based on the content of a file, and checksums involve calculating a numerical value based on the contents of a file. By comparing the hash or checksum of the original evidence with the hash or checksum of the acquired evidence, one can verify that the data has not been tampered with or altered. Thank you for pointing out the correct answer.

Answer 366

A

E-discovery.

E-discovery refers to the process of searching, collecting, and securing electronic data for the purpose of using it as evidence in a legal proceeding or investigation. It involves identifying, preserving, and analysing electronically stored information (ESI) that may be relevant to a case. OSINT (Open Source Intelligence) is the process of gathering information from publicly available sources, while white-hat hacking refers to ethical hacking performed by security professionals. Active reconnaissance involves actively scanning and probing a target system or network to gather information.

Answer 367

A

Memdump.

Memdump is a forensic utility used to extract the contents of RAM (Random Access Memory) from a computer system. It allows forensic investigators to capture and analyse volatile data stored in the computer’s memory, which can be valuable in investigating security incidents and gathering evidence. WinHex and FTK Imager are forensic tools that offer a wide range of capabilities, including disk imaging and data analysis. Autopsy is an open-source digital forensics platform that provides a comprehensive set of tools for analysing disk images and other digital evidence, but it does not specifically focus on RAM extraction.

Answer 368

A

Bypasses security controls
Actively tests security controls
Exploits vulnerabilities

Here’s a brief explanation for each point:

Bypasses security controls: Penetration testing aims to simulate real-world attack scenarios, which may involve bypassing or circumventing security controls to gain unauthorized access. This helps identify any weaknesses or gaps in the security infrastructure.
Actively tests security controls: Penetration testing involves active and intentional attempts to exploit vulnerabilities and test the effectiveness of security controls. It goes beyond passive assessment by actively probing the system for potential weaknesses.
Exploits vulnerabilities: The primary objective of penetration testing is to identify vulnerabilities that can be exploited by attackers. By deliberately exploiting these vulnerabilities, the penetration tester can provide insights into the potential impact and risks associated with the identified weaknesses.

Overall, penetration testing is a proactive approach to assess the security posture of a system or network. It helps organizations identify vulnerabilities, validate the effectiveness of security measures, and take proactive measures to mitigate risks and enhance their overall security stance.

Answer 369

A

White-box testing

White-box testing is a form of penetration testing where the tester has full knowledge and access to the internal workings of the system being tested. This includes information about the system’s architecture, source code, network infrastructure, and any other relevant details. With this insider knowledge, the tester can conduct a comprehensive analysis of the system’s security controls, identify potential vulnerabilities, and simulate real-world attack scenarios.

Unlike black-box testing, where the tester has no prior knowledge of the system, white-box testing allows for a more thorough and targeted assessment. It enables the tester to focus on specific areas of concern, perform in-depth analysis, and validate the effectiveness of security measures in place. White-box testing is typically conducted by authorized professionals, commonly known as “white-hat hackers,” who adhere to ethical guidelines and work in collaboration with the organization being tested.

Answer 370

A

Gray-box testing

Gray-box testing is a type of penetration testing where the tester has limited knowledge and access to information about the internal workings of the targeted system. The tester has some level of understanding about the system’s architecture, design, or specific components, but not the full insider knowledge that would be available in white-box testing.

In gray-box testing, the tester aims to simulate the perspective of an attacker with some knowledge of the system. This allows them to better understand potential attack vectors, identify vulnerabilities, and assess the effectiveness of security controls from an external standpoint. Gray-box testing strikes a balance between the comprehensive analysis of white-box testing and the external perspective of black-box testing.

Gray-box testing can provide valuable insights into the security posture of a system, as it combines elements of both internal and external assessments. It is often conducted by professional penetration testers or security consultants who work closely with the organization being tested to ensure a thorough evaluation while maintaining a degree of realism.

Answer 371

A

War driving

War driving refers to the act of searching for and mapping wireless networks by driving around with a device equipped with Wi-Fi capabilities. It is typically done with the intent of identifying vulnerable or unprotected networks for malicious purposes.

An optimal Wireless Access Point (WAP) antenna placement can help mitigate the risk of war driving. By strategically positioning the WAP antennas, the wireless network’s signal strength and coverage can be optimized within the desired area, while minimizing the signal leakage beyond the intended boundaries. This makes it more difficult for war drivers to detect and access the network from outside the designated areas.

While war chalking, spoofing, and insider threats are all valid security concerns in the context of wireless networks, an optimal antenna placement specifically addresses the risk of war driving.

Answer 372

A

Active reconnaissance in penetration testing

OSINT (Open Source Intelligence) refers to the collection and analysis of information from publicly available sources. It involves gathering information from sources such as websites, social media platforms, public records, news articles, and other publicly accessible information.

OSINT is typically conducted in a passive manner, meaning that the information is gathered without directly interacting with the target or system being assessed. It focuses on observing, collecting, and analyzing existing information.

On the other hand, active reconnaissance in penetration testing involves actively probing and interacting with the target system to gather information. This can include activities like port scanning, vulnerability scanning, or network probing. Active reconnaissance is typically part of the overall penetration testing process and goes beyond the scope of traditional OSINT.

Therefore, while OSINT can provide valuable information for penetration testing, it is a passive process that does not involve active reconnaissance activities.

Answer 373

A

An attacker

Answer 374

A

Blue team

Answer 375

A

White team

Answer 376

A

Also known as administrative controls
Focused on managing risk
Documented in written policies

Managerial security controls, also known as administrative controls, are a category of controls that focus on managing and mitigating risks within an organization. They involve the development and implementation of policies, procedures, and guidelines to guide the day-to-day operations of an organization and ensure compliance with security requirements. These controls are typically documented in written policies and are aimed at reducing risks and improving the overall security posture of the organization. They are implemented and enforced by management and play a crucial role in establishing a security framework and governance structure within an organization.

Answer 377

A

Organizational security policy
Risk assessments
Vulnerability assessments

Managerial security controls are focused on managing and mitigating risks within an organization. They involve the development and implementation of policies, procedures, and guidelines to guide the day-to-day operations of an organization and ensure compliance with security requirements. Examples of managerial security controls include:

Organizational security policy: This is a documented policy that outlines the organization’s approach to security, including objectives, responsibilities, and guidelines for implementing security measures.
Risk assessments: These are systematic processes for identifying, analyzing, and evaluating potential risks to the organization’s assets and operations. Risk assessments help identify areas of vulnerability and inform decision-making regarding security controls.
Vulnerability assessments: These involve the systematic identification and evaluation of vulnerabilities within the organization’s systems, networks, and infrastructure. Vulnerability assessments help identify weaknesses that could be exploited by attackers and inform the implementation of appropriate security controls.

Configuration management and data backups, on the other hand, fall into the category of technical security controls rather than managerial controls. Configuration management involves managing and controlling changes to system configurations to ensure security and stability. Data backups are a protective measure to create copies of important data to prevent data loss in case of incidents or disasters.

Answer 378

A

Configuration management
Data backups
Awareness training

Operational security controls are focused on the day-to-day procedures and practices within an organization to ensure the ongoing security of systems and data. They involve the implementation and management of specific measures to protect against threats and vulnerabilities. Examples of operational security controls include:

Configuration management: This involves establishing and maintaining a secure configuration for systems and devices. It includes practices such as securely configuring operating systems, applications, and network devices, as well as managing changes to configurations to prevent unauthorized access or unintended changes that could compromise security.
Data backups: Data backups are an essential operational control that involves regularly creating copies of important data and storing them securely. Data backups ensure that in the event of data loss due to system failure, human error, or malicious activity, the organization can restore the data and resume normal operations.
Awareness training: Awareness training programs are designed to educate employees about various aspects of security, including best practices, policies, and procedures. These programs aim to raise awareness about potential threats and vulnerabilities, teach employees how to identify and respond to security incidents, and promote a security-conscious culture within the organization.

These operational security controls help organizations mitigate risks and ensure the ongoing protection of their systems, data, and assets.

Answer 379

A

Focused on the day-to-day procedures of an organization
Used to ensure that the equipment continues to work as specified
Primarily implemented and executed by people (as opposed to systems)

Operational security controls are concerned with the practical implementation and execution of security measures within an organization. They involve the day-to-day procedures, practices, and actions that help maintain the security of systems, networks, and data. Examples of operational security controls include:

Focused on the day-to-day procedures of an organization: Operational controls are designed to address the specific operational aspects of security. They include activities such as user management, incident response, access control, security awareness training, and security monitoring. These controls are implemented to ensure that security measures are consistently followed in daily operations.
Used to ensure that the equipment continues to work as specified: Operational controls also include activities related to the maintenance, monitoring, and upkeep of hardware and software systems. This includes tasks such as patch management, system updates, configuration management, and regular system backups. These controls aim to ensure that the equipment and systems function as intended and remain secure.
Primarily implemented and executed by people (as opposed to systems): Operational controls heavily rely on the actions and decisions of individuals within the organization. They require proper training, awareness, and adherence to security policies and procedures by employees. Examples include access control procedures, incident response protocols, and security awareness training programs.

Operational security controls are essential for maintaining the security posture of an organization and reducing risks associated with day-to-day operations. They complement other categories of security controls, such as technical and physical controls, to create a comprehensive security framework.

Answer 380

A

Sometimes called logical security controls
Executed by computer systems (instead of people)
Implemented with technology

Technical security controls are implemented using technology and systems to protect against security threats and vulnerabilities. They focus on the technical aspects of security and utilize various mechanisms to ensure the confidentiality, integrity, and availability of systems and data. Examples of technical security controls include:

Sometimes called logical security controls: Technical controls are often referred to as logical security controls because they involve the use of logical measures to protect systems and data. These controls include access control mechanisms, encryption, intrusion detection systems, firewalls, and secure coding practices.
Executed by computer systems (instead of people): Technical controls are executed and enforced by computer systems, software applications, and network infrastructure. These controls operate automatically without requiring direct human intervention. Examples include access control lists (ACLs) implemented on network devices, automated security scanning tools, and security event logging systems.
Implemented with technology: Technical controls rely on the use of technology and tools to enforce security measures. This includes the deployment of security software, hardware devices, and other technological solutions. Examples include antivirus software, data loss prevention (DLP) systems, encryption algorithms, and secure network protocols.

Technical security controls work in conjunction with administrative and operational controls to create a comprehensive security framework. They provide mechanisms for protecting systems and data from unauthorized access, mitigating risks, and detecting and responding to security incidents.

Answer 381

A

Encryption protocols
Firewall ACLs
Authentication protocols

Technical security controls utilize technology and mechanisms to protect systems and data. They focus on implementing safeguards at a technical level to ensure the confidentiality, integrity, and availability of information. Examples of technical security controls include:

Encryption protocols: Encryption is a technique used to transform data into a secure form that can only be accessed with the appropriate decryption key. Encryption protocols, such as SSL/TLS for secure web communication or PGP for email encryption, are used to protect data during transmission and storage.
Firewall ACLs: Firewalls are network security devices that monitor and control incoming and outgoing network traffic based on predetermined rules. Access Control Lists (ACLs) are a component of firewalls that specify which network traffic is allowed or denied based on factors like IP addresses, ports, and protocols.
Authentication protocols: Authentication protocols verify the identity of users or systems attempting to access a network or resource. Examples include protocols like the Remote Authentication Dial-In User Service (RADIUS) or the Lightweight Directory Access Protocol (LDAP) used for centralized user authentication.

Security audits, organizational security policy, and configuration management are important aspects of overall security, but they are more closely associated with administrative or operational controls rather than technical controls.

Answer 382

A

Security guards
System hardening
Separation of duties

Preventive security controls are measures implemented to proactively prevent security incidents or unauthorized access to systems and data. They aim to minimize the likelihood of threats being successful.

Security guards: Physical security controls include measures such as security guards. These controls are designed to physically protect the premises, assets, and infrastructure from unauthorized access, theft, vandalism, or other physical threats.
System hardening: System hardening involves implementing security configurations and measures to reduce vulnerabilities and enhance the security of systems. This can include actions such as applying patches and updates, disabling unnecessary services and accounts, configuring strong passwords, and implementing security protocols like encryption.
Separation of duties: Separation of duties is a practice that involves dividing critical tasks and responsibilities among multiple individuals. This ensures that no single person has complete control or authority over a process or system. By separating duties, the risk of unauthorized access, fraud, and errors is reduced, as multiple individuals are required to work together to complete a task.

These preventive security controls work together to minimize the likelihood of security incidents and unauthorized access. Physical security measures protect against physical threats, system hardening strengthens the security posture of systems, and separation of duties limits the potential for unauthorized actions by individuals.

Answer 383

A

The examples of detective security controls are log monitoring, security audits, CCTV, and intrusion detection systems (IDS).

Log monitoring: This involves the continuous monitoring and analysis of system logs and event records to detect and investigate any suspicious activities or security breaches. By reviewing log entries from various systems and applications, organizations can identify potential security incidents.
Security audits: Security audits are comprehensive assessments of an organization’s security controls, policies, and procedures. They are conducted to identify vulnerabilities, weaknesses, and compliance gaps in the security infrastructure. Through security audits, organizations can detect and address potential security issues.
CCTV (Closed-Circuit Television): CCTV refers to video surveillance systems that use cameras to monitor and record activities in specific areas. It is a detective security control as it provides visual monitoring and recording capabilities, allowing organizations to review footage for identifying security incidents or suspicious behaviour.
Intrusion Detection Systems (IDS): IDS is a technology that monitors network traffic, system activities, and behaviours to identify signs of unauthorized access, intrusion attempts, or malicious activities. It analyses network packets, log files, and other data sources to detect and alert on potential security threats.

Answer 384

A

Corrective security controls include:

IPS (Intrusion Prevention System): An IPS actively monitors network traffic and takes immediate action to prevent and correct potential intrusions or security threats. It detects and blocks malicious activities, helping to correct security incidents in real-time.
Backups and system recovery: Regular backups and system recovery processes are crucial for correcting security incidents or data loss. By having up-to-date backups and well-defined recovery procedures, organizations can restore data and systems to a known good state after a security breach or system failure.
Alternative site: An alternative site, also known as a disaster recovery site or backup site, is a location where critical systems and data can be transferred and restored in the event of a disaster or significant disruption. It provides a means to correct the impact of a security incident by ensuring continuity of operations at an alternate location.
Fire suppression system: A fire suppression system is a corrective security control designed to detect and suppress fires in facilities or data centres. By quickly responding to fire incidents, it helps to minimize damage and correct the situation, allowing for the resumption of normal operations.

These controls are specifically implemented to correct and mitigate the impact of security incidents, breaches, or disruptions in order to restore normalcy and protect the organization’s assets.

Answer 385

A

The examples of deterrent security controls include:

Warning signs: Displaying warning signs in visible locations can deter potential intruders or unauthorized individuals from attempting to breach security measures. These signs may indicate the presence of surveillance, restricted areas, or consequences for unauthorized access.
Lighting: Adequate lighting in and around premises can serve as a deterrent by increasing visibility and reducing hiding spots. Well-lit areas are less attractive to potential intruders and can make it easier to detect suspicious activities.
Login banners: Login banners are messages displayed before the authentication process on computer systems or networks. They can serve as a deterrent by warning users about acceptable use policies, legal consequences, or monitoring activities, discouraging unauthorized access or misuse.

Deterrent security controls are designed to discourage potential threats or unauthorized activities by creating an environment that appears difficult or risky to exploit. They aim to influence behaviour and prevent security incidents from occurring in the first place.

Answer 386

A

Compensating security controls are additional measures implemented to compensate for the limitations or gaps in primary security controls. Examples of compensating security controls include:

Backup power system: A backup power system ensures that critical systems and infrastructure remain operational during power outages or disruptions, mitigating the risk of service interruptions and data loss.
Sandboxing: Sandboxing isolates potentially malicious software or processes in a controlled environment, preventing them from affecting the overall system. It compensates for the risk of executing unknown or untrusted applications by containing them within a secure sandbox.
Temporary port blocking: Temporary port blocking involves selectively blocking or restricting specific network ports temporarily to prevent unauthorized access or to address security vulnerabilities. It serves as a compensatory measure when traditional security controls are insufficient to mitigate specific risks.
Temporary service disablement: Temporary service disablement involves temporarily disabling certain services or functionalities to mitigate immediate security risks. It can be applied in situations where vulnerabilities or threats are identified, providing a compensatory action until a permanent solution is implemented.

These compensating security controls help mitigate risks and enhance the overall security posture by providing additional layers of protection or addressing specific vulnerabilities when the primary controls are inadequate or unavailable.

Answer 387

A

Physical security control

Physical security controls involve the use of physical measures, such as security personnel, access controls, video surveillance, and alarms, to protect physical assets, facilities, and people. These controls are designed to prevent unauthorized access, deter potential threats, and ensure the physical security and safety of an organization’s resources.

Answer 388

A

Cable lock

A cable lock is a device that allows you to secure your laptop to a fixed object, such as a desk or table, using a strong cable and lock. This helps prevent opportunistic theft by making it difficult for someone to grab and walk away with the laptop. Cable locks are commonly used in office settings, libraries, and other public spaces to enhance the physical security of laptops and deter theft.

Answer 389

A

USB data blocker

The physical security control that can be implemented as a Data Loss Prevention (DLP) solution is the USB data blocker.

A USB data blocker is a device that allows charging of a device via a USB port while blocking data transfer. It ensures that only power flows through the USB connection while preventing unauthorized data access or potential malware infections. By using a USB data blocker, organizations can mitigate the risk of data loss or theft through unauthorized USB connections.

Visitor logs, CCTV (Closed-Circuit Television), and motion detection are physical security controls that are not directly related to DLP solutions but are commonly used for overall physical security and surveillance purposes.

Answer 390

A

Proximity card reader: A proximity card reader is a device that reads access control cards or key fobs when they are presented within close proximity. It verifies the card’s unique identifier and grants access to individuals with authorized cards, helping to restrict entry to authorized personnel only.
Smart card reader: A smart card reader is a device that reads and processes data stored on a smart card. Smart cards are embedded with integrated circuits and can store more information compared to proximity cards. By using a smart card reader, access to a door can be restricted to individuals who possess a valid smart card and have the necessary credentials.

Air gap, CCTV, and industrial camouflage are not directly related to securing door access but may be applicable to other aspects of physical security.

Answer 391

A

Physical security control type: A Faraday cage is classified as a physical security control. It is a structure or enclosure designed to physically restrict access and provide protection to the contents inside.
Provides protection against RFI (Radio Frequency Interference): A Faraday cage effectively blocks and attenuates external radio frequency signals, preventing them from entering the enclosed space and interfering with sensitive electronic devices or signals.
Provides protection against EMI (Electromagnetic Interference): Similarly, a Faraday cage shields against electromagnetic interference, preventing external electromagnetic waves from penetrating the enclosure and disrupting the functioning of electronic equipment within.

These characteristics make the Faraday cage an effective physical security measure for mitigating the risks associated with RFI and EMI.

Answer 392

A

Degaussing

Degaussing provides the most effective way for permanent removal of data stored on a magnetic drive. Degaussing involves using a strong magnetic field to disrupt the magnetic domains on the drive, rendering the data unrecoverable. It erases the entire drive, including the data stored in individual sectors and files. Degaussing is considered a secure method for data destruction as it eliminates the possibility of data recovery.

Answer 393

A

Air gap

An air gap refers to a complete physical separation between a computer or network and any external networks. It means that the system or network is not connected to any external network, including the internet. This isolation helps to prevent unauthorized access, data breaches, and malware infections that may occur through network connections.

Answer 394

A

Copyright Law.

Copyright law provides the creator of an original work, such as software code, with exclusive rights to reproduce, distribute, and display the work. By obtaining copyright protection for the source code, the software developer can legally prevent others from copying or using their code without permission. It provides a strong legal basis for enforcing intellectual property rights and pursuing legal action against those who infringe upon the copyright.

Answer 395

A

D. Standard operating procedure

A standard operating procedure (SOP) is a set of documented instructions that outlines the steps, actions, and considerations required to perform a specific task or process in a consistent and standardized manner. In this case, having an SOP would assist Donna and others in her organization by providing clear guidelines on how to handle requests for accessing employee email accounts. The SOP would outline the necessary steps, approval processes, and considerations to ensure that access is granted only when there is a valid business need and in accordance with organizational policies and legal requirements. It helps ensure consistency, transparency, and accountability in decision-making related to granting access to sensitive resources like email accounts.

Answer 396

A

C. Stateful inspection

Stateful inspection is a firewall technology that keeps track of the state of network connections. It monitors the stages of the TCP handshake, including the initial connection setup, and maintains a record of the connection’s state. By doing so, it can make more informed decisions about allowing or blocking packets that are part of an active connection. Stateful inspection firewalls offer improved security and performance compared to stateless firewalls, which do not maintain information about the connection state.

Answer 397

A

B. Detective

Tuning an Intrusion Detection System (IDS) to reduce the false positive rate is an activity associated with improving its ability to detect and identify potential security incidents. The primary purpose of an IDS is to detect and analyse suspicious activities or events within a network. By reducing false positives, the IDS becomes more accurate in identifying genuine security threats, enhancing its effectiveness as a detective control.

Answer 398

A

D. Twice as strong

Increasing the length of a key by a single bit doubles the number of possible combinations that an attacker would need to try in a brute force attack. Each additional bit doubles the number of possible key combinations. Therefore, the key becomes twice as strong against a brute force attack.

Answer 399

A

D. APT (Advanced Persistent Threat)

An APT, or Advanced Persistent Threat, is an attacker type that typically engages in sophisticated and targeted attacks. They are known for exploiting zero-day vulnerabilities, which are vulnerabilities that are unknown to the public and for which no patch or fix is available. APT attackers invest significant resources and time in their attacks and aim to maintain long-term access to a target network for intelligence gathering or other malicious activities.

Answer 400

A

Synchronous replication

Waiting for acknowledgement of receipt after duplicating a system is typically associated with synchronous replication.

Synchronous replication is a data replication method that ensures that data is simultaneously written to multiple locations in real-time, providing strong consistency and durability.

Answer 401

A

B. information security code of practice

ISO/IEC 27002, also known as ISO/IEC 27002:2013, is an information security code of practice. It provides detailed guidance and best practices for implementing and managing information security controls within an organization. It covers a wide range of security areas, including risk assessment, security policy, organization of information security, asset management, access control, cryptography, physical and environmental security, security incident management, business continuity, and more. ISO/IEC 27002 is designed to assist organizations in establishing and maintaining effective information security management systems, ensuring the confidentiality, integrity, and availability of their information assets.

Answer 402

A

B. is granted access rights to a directory

When a user authorization occurs, the system verifies and grants the user the necessary access rights to a specific directory. This means that the user is given permission to perform certain actions, such as reading, writing, or modifying files within that directory. The system ensures that the user has the necessary privileges and credentials to access and interact with the directory securely and according to the defined permissions and restrictions set by the system administrator.

Answer 403

A

Mirroring

RAID 1, also known as “mirroring,” describes a configuration where data is duplicated across multiple drives. In this setup, two or more disks are used, and data is written simultaneously to each disk, creating an exact copy or mirror of the data. RAID 1 provides fault tolerance as it allows for the continued operation of the system even if one of the drives fails. It is commonly used to enhance data redundancy and improve data availability in storage systems.

Answer 404

A

warm standby

In a warm standby setup, a duplicate system is maintained and kept in a partially operational state. The system is configured and prepared with the necessary software and configurations, but the data is typically not synchronized in real-time. Instead, data is loaded to a known backup point, which is usually a recent backup or snapshot of the data. This setup allows for a faster recovery process in case of a failure or system outage.

Answer 405

A

PKI is the framework for deploying asymmetric cryptography systems.

PKI is a framework that provides the necessary infrastructure for managing and deploying public key cryptography. It includes components such as certificate authorities, digital certificates, and protocols like X.509 for establishing trust and secure communication. Asymmetric cryptography, which involves the use of public and private key pairs, is a fundamental aspect of PKI.

Answer 406

A

B) RADIUS (Remote Authentication Dial-In User Service).

RADIUS is a widely adopted networking protocol that provides AAA services for network access. It is a standard and open protocol, making it a suitable choice to avoid proprietary solutions. RADIUS facilitates centralized authentication, authorization, and accounting for various network services, including wireless and remote access.

Using RADIUS as the AAA solution, the security analyst can ensure consistent and secure access control across wireless and remote access network services without relying on proprietary technologies.

Option A, TACACS+ (Terminal Access Controller Access-Control System Plus), is a proprietary protocol that offers similar functionality to RADIUS but is not explicitly mentioned as a requirement to avoid proprietary solutions.

Option C, OAuth (Open Authorization), is an authorization framework primarily used for granting access to third-party applications using tokens. While it plays a role in access control, it is not a dedicated AAA solution for network services.

Option D, MS Access Database, is not a suitable technology for providing AAA services in an organization’s network infrastructure. It is a relational database management system and does not offer the necessary functionality for AAA services like authentication, authorization, and accounting.

Answer 407

A

C. MDM. (Mobile Device Management

Mobile Device Management (MDM) is a technology that allows organizations to manage and secure mobile devices used by their employees. It provides centralized control and administration over various aspects of mobile devices, including security settings, configuration, application management, and data protection.

Answer 408

A

D) Patch the OS to the latest version.

Patching the operating system (OS) to the latest version is the most critical initial step when setting up a new web server. This action ensures that the server benefits from the latest security updates, bug fixes, and improvements provided by the OS vendor.

Answer 409

A

A) By ensuring appropriate data isolation and logical storage segregation.

To maintain data confidentiality and prevent unauthorized access in a shared server environment, a cloud service provider should implement effective data isolation and logical storage segregation practices. Here’s how this can be achieved:

Data Isolation: The cloud service provider should implement measures to ensure that each client’s data is stored separately and isolated from other clients’ data. This can be achieved through techniques such as virtualization, where each client’s data resides in separate virtual environments or containers.

Logical Storage Segregation: The provider should employ logical controls to segregate and restrict access to client data. This includes using access control mechanisms, strong authentication, and authorization protocols to ensure that only authorized users have access to specific data.

By implementing these measures, the cloud service provider can prevent unauthorized access and minimize the risk of one client accessing data belonging to another in a shared server environment.

Answer 410

A

B) Hypervisor.

The hypervisor, also known as a virtual machine monitor (VMM), is the core component in a virtualized environment that enables the creation and management of multiple virtual machines (guest machines) on a single physical host machine.

Answer 411

A

A) Public.

In a public cloud delivery model, the cloud infrastructure and services are provided by a third-party cloud service provider and made available to the general public or multiple organizations. The key characteristic of a public cloud is that it operates on shared infrastructure, where multiple clients share the same underlying resources.

Answer 412

A

Anomaly based intrusion detection.

Zero-day attacks are characterized by exploiting vulnerabilities that are unknown to the software vendor, hence there are no specific signatures or patterns to detect them. In such cases, anomaly-based intrusion detection systems are often more effective.

Answer 413

A

Integrity.

Integrity in information security refers to maintaining the accuracy, completeness, and consistency of data throughout its lifecycle. It ensures that data remains unaltered and reliable, preventing unauthorized or unintended modifications.

Answer 414

A

Windows Desktop Systems.

Syslog is a standard protocol used for logging and sending system log messages in a network. While Linux-based systems, such as Linux Web Server Appliances (option C), typically have native support for syslog and can generate syslog events, Windows Desktop Systems (option B) do not natively support syslog.

Brainscape's Knowledge GenomeTM

CISMP Questions Flashcards

Brainscape's Knowledge Genome^TM