CISSP certification: Full 125 question practice test #4 - test 1 (Anthony Today)

Question 1

Looking at the logical ring model, where would we find a VM hypervisor?

A. -1
B. 3
C. 2
D. 0

Answer 1

A. -1

Explanation:
The Ring Model: 4 ring model that separates Users (Untrusted) from the Kernel (Trusted). The full model is slow and rarely used; most OS’ only use rings 0 and 3. The applications are at layer 3. There is a new addition to the Ring Model: Hypervisor mode is called Ring -1 and is for VM Hosts. Ring -1 sits below the Client kernel in Ring 0.

Question 2

In software testing, we are doing synthetic transaction. What does that mean?

A. Passively test the code, but not run it
B. Build scripts and tools that would simulate normal user activity
C. Submit random malformed input to crash the software or elevate privileges
D. Test the code while executing it

Answer 2

B. Build scripts and tools that would simulate normal user activity

Explanation:
Synthetic transactions (synthetic monitoring): Website monitoring using a Web browser emulation or scripted recordings of Web transactions. Behavioral scripts/paths are created to simulate an action or path that a customer or end-user would take on a site. The paths are continuously monitored at specified intervals for performance, functionality, availability, and response time.

Question 3

During a security audit, we found some security issues that we need to address. The IT Security team has been asked to suggest mitigation strategies using the OSI model. What could we implement to mitigate layer 2 threats?

A. Access Lists
B. Start using firewalls
C. Shut down open unused ports
D. Installing UPS’ in the data center

Answer 3

C. Shut down open unused ports

Explanation:
Layer 2 devices: Switches are bridges with more than 2 ports. Each port is it’s own collision domain, fixing some of the issues with collisions. Uses MAC addresses to direct traffic. Good switch security includes: Shutting unused ports down. Put ports in specific VLANs. Using the MAC Sticky command to only allow that MAC to use the port, either with a warning or shut command if another MAC accesses the port. Use VLAN pruning for Trunk ports.

Question 4

John has installed a backdoor to your system and he is using it to send spam emails to thousands of people. He is using a C&C structure. What is your system?

A. A standalone bot
B. A botnet
C. A bot herder in a botnet
D. A bot in a botnet

Answer 4

D. A bot in a botnet

Explanation:
Bots and botnets (short for robot): Bots are a system with malware controlled by a botnet. The system is compromised by an attack or the user installing a Remote Access Trojan (game or application with a hidden payload). They often use IRC, HTTP or HTTPS. Some are dormant until activated. Others are actively sending data from the system (Credit card/bank information for instance). Active bots can also can be used to send spam emails. Botnets is a C&C (Command and Control) network, controlled by people (bot-herders). There can often be 1,000’s or even 100,000’s of bots in a botnet.

Question 5

If we are using a qualitative risk analysis approach, which of these would we use?

A. Asset value
B. Cost per incident
C. Exposure factor
D. Risk analysis matrix

Answer 5

D. Risk analysis matrix

Explanation:
Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.

Question 6

A HMAC-based one-time password (HOTP) is an example of which type of authentication method?

A. Something you know
B. Something you have
C. Somewhere you are
D. Something you are

Answer 6

B. Something you have

Explanation:
Something you have - Type 2 Authentication: HOTP (HMAC-based one-time password): Shared secret and incremental counter, generate code when asked, valid till used.

Question 7

On our workstations, we are implementing new security measures. As part of that, we will start blocking TCP port 20. Which protocol are we blocking?

A. SSH
B. FTP Data Transfer
C. FTP Control
D. Telnet

Answer 7

B. FTP Data Transfer

Explanation:
FTP (File Transfer Protocol): Uses TCP Port 20 for the data transfer - the actual data is sent here.

Question 8

If we look at our Disaster Recovery Plan (DRP) for what to do when we are attacked, in which phase of incident management do we shut system access down?

A. Detection
B. Response
C. Preparation
D. Recovery

Answer 8

B. Response

Explanation:
Response: The response phase is when the incident response team begins interacting with affected systems and attempts to keep further damage from occurring as a result of the incident. This can be taking a system off the network, isolating traffic, powering off the system, or however our plan dictates to isolate the system to minimize both the scope and severity of the incident. Knowing how to respond, when to follow the policies and procedures to the letter and when not to, is why we have senior staff handle the responses. We make bit level copies of the systems, as close as possible to the time of incidence to ensure they are a true representation of the incident.

Question 9

In the TCP/IP model, packets are the Protocol Data Units (PDUs) of which layer?

A. Transport
B. Application
C. Internetworks
D. Link and Physical

Answer 9

C. Internetworks

Explanation:
Packets are the Protocol Data Units (PDUs) of the Internetwork layer of the TCP/IP model. (OSI layer 3 - Networking layer).

Question 10

Which of these are COMMON attacks on trade secrets?

A. Software piracy
B. Industrial espionage, trade secrets are security through obscurity, if discovered nothing can be done
C. Counterfeiting
D. Someone using your protected design in their products

Answer 10

B. Industrial espionage, trade secrets are security through obscurity, if discovered nothing can be done

Explanation:
Trade Secrets. While a organization can do nothing if their Trade Secret is discovered, how it is done can be illegal. You tell no one about your formula, your secret sauce. If discovered anyone can use it; you are not protected.

Question 11

Using highly targeted emails to senior management, an attacker has sent an email threatening a lawsuit if attached documents are not filled out and returned by a certain date. What is this an example of?

A. Vishing
B. Whale Phishing
C. MITM
D. Social Engineering

Answer 11

B. Whale Phishing

Explanation:
This is whale phishing, which is a social engineering attack. Whale Phishing (Whaling): Spear phishing targeted at senior leadership of an organization. This could be: “Your company is being sued if you don’t fill out the attached documents (With Trojan in them) and return them to us within 2 weeks”.

Question 12

Our networking department is recommending we use a baseband solution for an implementation. Which of these is a KEY FEATURE of those?

A. Only one system on the network can send one signal at a time
B. Both systems can send and receive at the same time
C. One way communication, one system transmits the other received, direction can be reversed
D. One way communication, one system transmits the other receives, direction cant be reversed

Answer 12

A. Only one system on the network can send one signal at a time

Explanation:
Baseband networks have one channel, and can only send one signal at a time. Ethernet is baseband: “1000baseT” STP cable is a 1000 megabit, baseband, Shielded Twisted Pair cable.

Question 13

We are using one-time passwords that are pushed every 30 seconds to an application on our technical staff’s phones. Which type of tokens are we using?

A. TOTP
B. HOTP
C. ROTP
D. BOTP

Answer 13

A. TOTP

Explanation:
Something you have - Type 2 Authentication: TOTP (Time-based One-Time Password): Time based with shared secret, often generated every 30 or 60 seconds, synchronized clocks are critical.

Question 14

We have a company doing a penetration test for us. In which phase would the tester try to gain higher level access, and ultimately, if they can, admin access?

A. Gaining Access
B. Discovery
C. Escalate privileges
D. System Browsing

Answer 14

C. Escalate privileges

Explanation:
Escalate Privileges: Get higher level access, ultimately we want admin access.

Question 15

Which of these could be an example of a type of corrective access control?

A. Patches
B. Encryption
C. Backups
D. Alarms

Answer 15

A. Patches

Explanation:
Corrective: Controls that Correct an attack – Anti-virus, Patches, IPS.

Question 16

Which software development methodology uses prototypes in addition to, or instead of, design specifications.

A. XP
B. Prototyping
C. Scrum
D. RAD

Answer 16

D. RAD

Explanation:
RAD (Rapid Application Development): Puts an emphasize adaptability and the necessity of adjusting requirements in response to knowledge gained as the project progresses. Prototypes are often used in addition to or sometimes even in place of design specifications. Very suited for developing software that is driven by user interface requirements. GUI builders are often called rapid application development tools.

Question 17

What would we call social engineering through emails that target specific individuals, where the attacker has specific knowledge about the company?

A. Vishing
B. Phishing
C. Whale phishing
D. Spear phishing

Answer 17

D. Spear phishing

Explanation:
Spear Phishing: Targeted Phishing, not just random spam, but targeted at specific individuals. Sent with knowledge about the target (person or company); familiarity increases success.

Question 18

Which of these is NOT a downside to enforcing software tokens on phones for multifactor authentication?

A. It is user friendly
B. Phones has to be changed
C. SIM Cloning
D. Phones can be lost

Answer 18

A. It is user friendly

Explanation:
Software tokens on phones are easy, user friendly, but also comes with some challenges. What can a user do if they lose the phone, if their SIM card is cloned, the phone is not charged, …

Question 19

For our new startup, we are looking at different types of identity and access management. Which of these are COMMON types of that? (Select all that apply).

A. RBAC (Role Based Access Control) 
B. RUBAC (Rule Based Access Control)
C. DAC (Discretionary Access Control) 
D. TRAC (Trust Ratio Access Control) 
E. MAC (Mandatory Access Control)

Answer 19

A. RBAC (Role Based Access Control)
C. DAC (Discretionary Access Control)
E. MAC (Mandatory Access Control)

Explanation:
In Identity and Access Management we can use DAC (Discretionary Access Control), which is often used when Availability is most important. Access to an object is assigned at the discretion of the object owner. MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important. RBAC (Role Based Access Control): Often used when Integrity is most important. Policy neutral access control mechanism defined around roles and privileges. A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position. RUBAC is based on IF/THEN statements (think older firewalls), and is not a type of Identity and Access Management. TRAC is .. well nothing, I made it up 0_o

Question 20

What handles all access between objects and subjects in the computer kernel?

A. Superuser mode
B. Supervisor mode
C. Reference Monitor
D. User mode

Answer 20

C. Reference Monitor

Explanation:
The Kernel At the core of the OS is the Kernel. At ring 0 (or 3), it interfaces between the operating system (and applications) and the hardware. Microkernels are modular kernels. The reference monitor is a core function of the kernel; it handles all access between subjects and objects. It is always on and can’t be bypassed.

Question 21

We are blocking unused ports on our servers as part of our server hardening. When we block TCP port 143, what are we blocking?

A. NetBIOS name service
B. Microsoft Terminal Server (RDP)
C. NetBIOS datagram service
D. IMAP

Answer 21

D. IMAP

Explanation:
Internet Message Access Protocol (IMAP) uses TCP port 143.

Question 22

In which type of software testing would we test the functionality of the code?

A. Regression Testing
B. Unit Testing
C. Integration Testing
D. Installation Testing

Answer 22

B. Unit Testing

Explanation:
Unit testing: Tests that verify the functionality of a specific section of code. In an object-oriented environment, this is usually at the class level, and the minimal unit tests include the constructors and destructors. Usually written by developers as they work on code (white-box), to ensure that the specific function is working as expected.

Question 23

Which type of authentication can also be used for identification?

A. Password
B. Fingerprint
C. PIN
D. Passport

Answer 23

D. Passport

Explanation:
In this case the passport is both something you have and something that can be used for identification. For multiple factor authentication we would still want a knowledge factor or a biometric factor.

Question 24

As part of our disaster recovery planning, we are looking at an alternate site. We would want it to take us somewhere between 4 hours and 2-3 days to be back up operating on critical applications. Which type of Disaster Recovery site are we considering?

A. Cold Site
B. Warm Site
C. Hot Site
D. Redundant Site

Answer 24

B. Warm Site

Explanation:
Warm site: Similar to the hot site, but not with real or near-real time data, often restored with backups. A smaller but full data center, with redundant UPS’, HVACs, ISP’s, generators, … We manually fail traffic over, a full switch and restore can take 4-24 hrs.+.

Question 25

An IPv4 address consists of how many bits?

A. 32 bit
B. 4 bit
C. 128 bit
D. 8 bit

Answer 25

A. 32 bit

Explanation:
IPv4 (Internet Protocol version 4) addresses: IPv4 addresses are made up of 4 octets (dotted-decimal notation) and broken further down in a 32 bit integer binary.

Question 26

Which of these could be a countermeasure we have in place that could help us recover after an incident?

A. Patches
B. Encryption
C. Intrusion detection systems
D. Backups

Answer 26

D. Backups

Explanation:
Recovery: Controls that help us Recover after an attack – DR Environment, Backups, HA Environments .

Question 27

How would a US government agency be allowed to access company emails?

A. Anything done online
B. Your emails
C. Your internet history
D. Anything turned over voluntary

Answer 27

D. Anything turned over voluntary

Explanation:
Anything subpoena, search warranted, turned over voluntary and in exigent circumstances (immediate danger of being destroyed), can allow law enforcement to bypass the 4th amendment. If it was legal will be decided in a court of law later. We need ensure our evidence is acquired in legal manner remember the US Constitution 4th amendment. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.

Question 28

Which type of hacker is skilled and often alerts companies to vulnerabilities before publishing them?

A. Gray hat
B. Script kiddie
C. Black hat
D. White hat

Answer 28

A. Gray hat

Explanation:
Gray/Grey Hat hackers: They are somewhere between the white and black hats, they often alert the company so they can fix the flaw, if the company does nothing they then publish it flaw.

Question 29

In which order does the CPU process work?

A. Fetch, decode, store, execute
B. Fetch, execute, decode, store
C. Fetch, decode, execute, store
D. Execute, fetch, decode, store

Answer 29

C. Fetch, decode, execute, store

Explanation:
CPU (Central Processing Unit): Fetch, Decode, Execute, Store. Fetch - Gets the instructions from memory into the processor. Decode - Internally decodes what it is instructed to do. Execute - Takes the add or subtract values from the registers. Store - Stores the result back into another register (retiring the instruction).

Question 30

In our Disaster Recovery Plan (DRP), we could have listed the minimum hardware requirements for a certain system to function. What would that be called?

A. Minimum Operating Requirements (MOR)
B. MTTR
C. MTD
D. MTBF

Answer 30

A. Minimum Operating Requirements (MOR)

Explanation:
Minimum Operating Requirements (MOR) (Minimum Operating Requirements): The minimum environmental and connectivity requirements for our critical systems to function, can also at times have minimum system requirements for DR sites. We may not need a fully spec’d system to resume the business functionality.

Question 31

When assigning sensitivity to our data, which of these should NOT be a factor?

A. What the data is worth
B.Where we will store the data
C. Who will have access to the data
D. How bad a data exposure would be

Answer 31

B.Where we will store the data

Explanation:
Who will access it, the value of the data and how impactful a disclosure would be should all factor into our sensitivity labels, where we store the data should not. If it is sensitive it should be stored in an appropriate location.

Question 32

What can we do we do when a type 1 authentication is compromised?

A. Issue a new password
B. Issue a new ID Card
C. Stop use of that type of biometric for that employee or use another finger if fingerprint
D. Revoke the token

Answer 32

A. Issue a new password

Explanation:
Type 1 Authentication is something you know, this could be passwords, pass phrase, PIN etc. We would issue a new different password.

Question 33

As part of our ongoing Disaster Recovery Planning, Bob is working on categorizing incidents. Which category would misconfigurations fall under?

A. Human
B. Environmental
C. All of these
D. Natural

Answer 33

A. Human

Explanation:
Human: Done intentionally or unintentionally by humans, these are by far the most common.

Question 34

Which programming language uses short mnemonics like ADD and SUB, which is then matched to its full-length binary code?

A. Source code
B. Machine code
C. Assembler language
D. Compiler language

Answer 34

C. Assembler language

Explanation:
Assembler Language: Short mnemonics like ADD/SUB/JMP which is matched with the full length binary machine code, an assembler converts assembly language into machine language, a disassembler does the reverse.

Question 35

When physically storing sensitive data in a secure way, which of these has slots where staff can easily slip sensitive paperwork into?

A. Data center
B. Depository
C. Vault
D. Wall Safe

Answer 35

B. Depository

Explanation:
A depository is a safe with slots or an opening where staff can add sensitive physical data. Think depositing money at the bank outside of their operating hours in the envelopes at the ATMs.

Question 36

In our risk analysis, we know there is a risk, but we do not analyze how bad an impact would be. Which type of risk response is that an example of?

A. Risk avoidance
B. Risk transference
C. Risk rejection
D. Risk mitigation

Answer 36

C. Risk rejection

Explanation:
Risk Rejection – You know the risk is there, but you are ignoring it. This is never acceptable. (You are liable).

Question 37

In our risk analysis, we are looking at the risk. What would that comprise of?

A. Threat x vulnerability
B. Threat * vulnerability * asset value
C. Threat + vulnerability
D. (threat * vulnerability * asset value) - countermeasures

Answer 37

A. Threat x vulnerability

Explanation:
Risk = Threat x Vulnerability.

Question 38

In a risk analysis, we are looking at the upfront cost and ongoing support of a mitigation solution. What would that be called?

A. ARO
B. ALE
C. SLE
D. TCO

Answer 38

D. TCO

Explanation:
Total Cost of Ownership (TCO) – The mitigation cost: upfront + ongoing cost (Normally Operational)

Question 39

In software testing, component interface testing would test what?

A. The functionality of a specific section of code
B. Processes and security alerts when encountering errors
C. Data handling passed between different units or subsystems
D. Interfaces between components against the software design

Answer 39

C. Data handling passed between different units or subsystems

Explanation:
Component interface testing: Testing can be used to check the handling of data passed between various units, or subsystem components, beyond full integration testing between those units.

Question 40

What is the relationship between plaintext and ciphertext is called?

A. Diffusion
B. Substition
C. Confusion
D. Permutation

Answer 40

C. Confusion

Explanation:
Confusion is the relationship between the plaintext and ciphertext; it should be as random (confusing) as possible.

Question 41

Why would we choose to delete a user account after the employee leaves the organization?

A. Accountability traceability for events discovered later
B. Regulations
C. User’s privacy protection
D. Retention policy

Answer 41

C. User’s privacy protection

Explanation:
We would want to keep accounts deactivated when they leave, the only reason to delete the accounts would be if required by law or regulation, which would be in place to protect their privacy.

Question 42

In our business improvement process, we are using the Capability Maturity Model (CMM). In which stages of the CMM model are processes defined? (Select all that apply).

A. Level 2
B. Level 5
C. Level 4
D. Level 3
E. Level 1

Answer 42

B. Level 5
C. Level 4
D. Level 3

Explanation:
CMM (Capability Maturity Model): The maturity relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined repeatable steps, to managed result metrics, to active optimization of the processes. From level and upwards we have clearly defined processes. Level 1: Initial Processes at this level that they are normally undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. Level 2: Repeatable. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.

Question 43

We have part of our infrastructure migrated to cloud computing. We are responsible for the applications and the data. Which type of cloud computing are we using?

A. Infrastructure as a Service (IaaS)
B. Software as a Service (SaaS)
C. Identity as a Service (IDaaS)
D. Platform as a Service (PaaS)

Answer 43

D. Platform as a Service (PaaS)

Explanation:
In public cloud PaaS - (Platform as a Service) The vendor provides pre-configured OSs, then the customer adds all programs and applications.

Question 44

In which part of the computer are all the calculations done?

A. CPU
B. ALU
C. ROM
D. CU

Answer 44

B. ALU

Explanation:
Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math.

Question 45

If you see any IPv4 address in the 127.0.0.0/8 range, what type of IPv4 address is that?|

A. Private
B. Link-local
C. Loopback
D. Public

Answer 45

C. Loopback

Explanation:
IPv4 network standards reserve the entire 127.0.0.0/8 address block for loopback purposes. That means any packet sent to one of those 16,777,214 addresses (127.0.0.1 through 127.255.255.254) is looped back. IPv6 has just a single address, ::1.

Question 46

What are Programmable Logic Controllers (PLCs) used for?

A. Controlling manufacturing processes
B. Computerized control system for a process or plant
C. High level control supervisory management
D. Monitor our servers, workstations and network devices

Answer 46

A. Controlling manufacturing processes

Explanation:
PLC (Programmable Logic Controllers) is an industrial digital computer which has been ruggedized and adapted for the control of manufacturing processes such as assembly lines, robotic devices or any activity that requires high reliability control, ease of programming and process fault diagnosis.

Question 47

How can we safely we dispose of damaged SSD drives and ensure there is no data remanence?

A. Formatting
B. All of these
C. Shredding
D. Overwriting

Answer 47

C. Shredding

Explanation:
SSD drives: Formatting just deletes the file structure, most if not all files are recoverable. Since the drive is damaged we can’t overwrite it, we would need to rely on just shredding it.

Question 48

We want our employees to be connected without interruptions wherever they go: break rooms, meeting rooms, and their desks. What would be the BEST to use?

A. Copper Ethernet
B. Wireless
C. Fiber Ethernet
D. Coax Copper

Answer 48

B. Wireless

Explanation:
To stay connected with employees roaming we need to not be connected to cables, wireless is the only option.

Question 49

In CASE programming, designers use these categories of tools, EXCEPT which?

A. References
B. Environments
C. Tools
D. Workbenches

Answer 49

A. References

Explanation:
CASE (Computer-Aided Software Engineering): Similar to and were partly inspired by computer-aided design (CAD) tools used for designing hardware products. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process. CASE software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle.

Question 50

Type 2 authentication includes all these, EXCEPT which?

A. Password
B. Cookie
C. Passport
D. TOTP token

Answer 50

A. Password

Explanation:
Something you have - Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). A password is something you know (type 1 factor).

Question 51

Under which of these open source software license agreements, is it allowed to alter the original software and sell the altered software?

A. CKR
B. BSD
C. Apache
D. GNU

Answer 51

B. BSD

Explanation:
BSD (Berkeley Software Distribution): A family of permissive free software licenses, imposing minimal restrictions on the use and redistribution of covered software. This is different than copyleft licenses, which have reciprocity share-alike requirements.

Question 52

Which type of IPv4 address is the range 172.31.0.0/24?

A. Private
B. Public
C. Loopback
D. Link-local

Answer 52

A. Private

Explanation:
172.16.0.0 – 172.31.255.255 are private IP’s, we can use them on our internal network, they are not routable on the internet.

Question 53

With which of these is your work NOT be protected if someone were to copy your work?

A. Patent
B. Trademark
C. Copyright
D. Trade Secret

Answer 53

D. Trade Secret

Explanation:
Trade Secrets. You tell no one about your formula, your secret sauce. If discovered, anyone can use it; you are not protected.

Question 54

Prior to us deploying honeypots and honeynets, who should sign off on the deployment?

A. Senior Management
B. Our HR and payroll team
C. A judge
D. The engineer deploying it

Answer 54

A. Senior Management

Explanation:
Get approval from senior management and your legal department before deploying honeypots or honey nets, legal would know the legal ramifications and senior management are ultimately liable. Both can pose legal and practical risks.

Question 55

Which phase could a penetration tester go to after they are finished with one of the “System browsing” phases? (Select all that apply).

A. Discovery
B. Install additional tools
C. Gaining access
D. Escalate privileges

Answer 55

A. Discovery
B. Install additional tools

Explanation:
After system browsing, the pen tester would either try to install additional tools or go back to the discovery/planning phase.

Question 56

If an attacker is using a digraph attack, what is the attacker looking for? ​

A. How often messages are sent
B. How many messages are sent
C. How often pairs of letters are used
D. How often certain letters are used

Answer 56

C. How often pairs of letters are used

Explanation:
Digraph attack: Similar to frequency analysis/attacks, but looks at common pairs of letters (TH, HE, IN, ER).

Question 57

For our servers, we are using Random Access Memory (RAM). What is one of the KEY FEATURES of RAM?

A. Predictive
B. Volatile
C. Non-volatile
D. Flash memory

Answer 57

B. Volatile

Explanation:
RAM (Random Access memory) is volatile memory. It loses the memory content after a power loss (or within a few minutes). This can be memory sticks or embedded memory.

Question 58

When a penetration tester is trying to gain access to sensitive information from one of our servers, she is testing which type of access control?

A. Detective
B. Technical
C. Administrative
D. Physical

Answer 58

B. Technical

Explanation:
Technical Controls: Hardware/Software/Firmware – Firewalls, Routers, Encryption. Trying to access and gain information from a server would compromise our technical or logical security.

Question 59

You are talking to a new manager of our helpdesk. You are explaining how we do risk analysis. They ask you: “How do you define a vulnerability?”

A. A potential harmful incident
B. How bad is it if we are compromised?
C. The total risk after we have implemented our countermeasures
D. A weakness that can be possibly be exploited

Answer 59

D. A weakness that can be possibly be exploited

Explanation:
Vulnerability – A weakness that can allow the threat to do harm. Having a Data Center in the Tsunami flood area, not Earthquake resistant, not applying patches and antivirus, …

Question 60

A penetration tester is calling one of our employees, and they are talking about friends they have in common. The penetration tester then asks for help from the employee. This is which type of social engineering?

A. Scarcity
B. Familiarity
C. Intimidation
D. Authority

Answer 60

B. Familiarity

Explanation:
Social engineering uses people skills to bypass security controls. Familiarity (Have a common ground, or build it) - Knowing something about the victim ahead of time and then reference it can raises chances of a successful attack drastically. People want to be helpful, if they feel like they know you they want to even more. Often successful with vishing and in-person social engineering.

Question 61

We have started issuing cell phones to our employees and we want a centralized way of managing them. What could be something we should consider implementing?

A. DRM
B. MDM
C. MGM
D. AMA

Answer 61

B. MDM

Explanation:
Using a centralized management system: MDM (Mobile Device Management) we can controls a lot of settings. App Black/White list, Storage Segmentation, Remote Access Revocation, Configuration Pushes, Backups. More controversial: Track the location of employees, monitor their data traffic and calls.

Question 62

When a computer uses more than one processor at a time for a task, it is called what?

A. Multiprogramming
B. Multitasking
C. Multithreading
D. Multiprocessing

Answer 62

D. Multiprocessing

Explanation:
Multiprocessing - A computer using more than one CPU at a time for a task.

Question 63

Which of these protocols is vendor neutral?

A. VTP
B. LDAP
C. AD
D. EIGRP

Answer 63

B. LDAP

Explanation:
LDAP (The Lightweight Directory Access Protocol): Open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Application layer protocol and use TCP and UDP port 389. LDAP is commonly used for central usernames and passwords storage, many different applications and services can connect to the LDAP server to validate users.

Question 64

Jane has determined our Annualized Loss Expectancy (ALE) for laptops is $250,000. She is recommending we implement full disk encryption and remote wiping capabilities on all our laptops. The $1,000 laptop value is still lost, but the $9,000 value loss from Personally identifiable information (PII) exposure would be mitigated. How many laptops do we lose per year?

A. 15
B. 50
C. 10
D. 25

Answer 64

D. 25

Explanation:
With an current ALE of $250,000 and a AV of $10,000 ($1,000 + $9,000) we lose 25 laptops per year.

Question 65

Where would we store the Basic Input/output System (BIOS)?

A. Flash memory
B. Non-volatile memory
C. Volatile memory
D. Referential memory

Answer 65

B. Non-volatile memory

Explanation:
The BIOS on a computer, router or switch is the low-level operating system and configuration. The firmware is stored on an non-volatile embedded device like PROM, EPROM or EEPROM.

Question 66

We have applied for a trademark and it has been approved. How are we protected?

A. Protected 10 years at a time, and it can be renewed indefinitely
B. Protected for 20 years after filing
C. You tell no one, if discovered you are not protected
D. Protected for 70 years after the creators death or 95 years for corporations

Answer 66

A. Protected 10 years at a time, and it can be renewed indefinitely

Explanation:
Trademarks ™ and ® (Registered Trademark). Brand Names, Logos, Slogans – Must be registered, is valid for 10 years at a time, can be renewed indefinitely.

Question 67

When would be a time we should update our Business Continuity Plan (BCP) and its sub plans outside of our annual cycle?

A. When we add a new server
B. We wouldnt every 12 months is fine
C. We had a disaster and we had a lot of gaps in our plans
D. When we patch our Windows server

Answer 67

C. We had a disaster and we had a lot of gaps in our plans

Explanation:
The plans needs to be continually updated, it is an iterative process. Plans should be reviews and updated at least every 12 month. If our organization has had a major change we also update the plans. This could be: We acquired another company or we split off into several companies. We changed major components of our systems (new backup solution, new IP scheme, …). We had a disaster and we had a lot of gaps in our plans. A significant part of senior leadership has changed.

Question 68

We are using the scrum project management methodology on one of our projects. For that project who would be responsible for the analysis, design, and documentation?

A. All of these
B. The development team
C. The scrum master
D. The product owner

Answer 68

B. The development team

Explanation:
Development team: Responsible for delivering the product at the end of each sprint (sprint goal). The team is made up of 3–9 individuals who do the actual work (analysis, design, develop, test, technical communication, document, etc.). Development teams are cross-functional, with all of the skills as a team necessary to create a product increment.

Question 69

To ensure our compliance before we pay for a structured audit, we want to do an “unstructured” audit. What would that entail?

A. Internal auditors looking for flaws
B. External auditors comes in
C. Testing against a published standard
D. Internal IT Security Employees double checking their work

Answer 69

A. Internal auditors looking for flaws

Explanation;
Unstructured audits: Internal auditors to improve our security and find flaws; often done before an external audit.

Question 70

We are in the process of developing some new software. On some of our previous releases of different software we have had security problems. We are considering releasing the source code for the new software, what would that make our software?

A. Prevented software
B. Cloud source
C. Open Source
D. Proprietary Software

Answer 70

C. Open Source

Explanation:
Open source: We release the code publicly, where it can be tested, improved and corrected, but it also allows attackers to find the flaws in the code.

Question 71

We would backup all changes since the last backup and clear the archive bit using which kind of backup?

A. Full
B. Differential
C. Incremental
D. Copy

Answer 71

C. Incremental

Explanation:
Incremental backups: Backs up everything that has changed since the last backup. Clears the archive bits. Incrementals are often fast to do, they only backup what has changed since the last incremental or full. The downside to them is if we do a monthly full backup and daily incrementals, we can have to get a full restore have to use up to 30 tapes, this would take a lot longer than with 1 Full and 1 Differential.

Question 72

Which of the different types of logical intrusion systems would only use alerts, and sends the alerts if it sees traffic matching certain signatures?

A. Pattern
B. Heuristic
C. Behavioral based
D. IPS

Answer 72

A. Pattern

Explanation:
Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns.

Question 73

As part of the annual board retreat, senior management is wanting to put a face on the IT organization and thinks Jane is a great candidate for it. They have asked her to talk briefly about native XML vulnerabilities. Which type of database does XML use?

A. Relational
B. Document-oriented
C. Object-oriented
D. Hierarchial

Answer 73

B. Document-oriented

Explanation:
A document-oriented database, or document store, is a computer program designed for storing, retrieving and managing document-oriented information. XML databases are a subclass of document-oriented databases that are optimized to work with XML documents.

Question 74

Looking at different database query languages, which of them would use these statements? SELECT, DELETE, INSERT, and UPDATE.

A. DDL
B. DML.
C. BGP.
D. DRP.

Answer 74

B. DML.

Explanation:
Data Manipulation Language (DML): Used for selecting, inserting, deleting and updating data in a database. Common DML statements are SELECT, DELETE, INSERT, UPDATE.

Question 75

In a MAC/EUI-64 mac addresses, how many bits is the manufacturer identifier?

A. 48
B. 24
C. 40
D. 12

Answer 75

B. 24

Explanation:
EUI/MAC-64 Mac addresses are 64 bits. The first 24 are the manufacturer identifier. The last 40 are unique and identifies the host.

Question 76

In our Redundant Array of Independent Disks (RAID) configuration, we are using striping with redundancy. At least how many disks would we need?

A. 3
B. 4
C. 2
D. 1

Answer 76

A. 3

Explanation:
Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

Question 77

Which subplan would we look at in our Business Continuity Plan (BCP) for dealing with the press and alerting employees about disasters?

A. Computer Incident Response Plan (CIRP)
B. Crisis Communications Plan (CCP )
C. Occupant Emergency Plan (OEP)
D. Continuity of Operations Plan (COOP)

Answer 77

B. Crisis Communications Plan (CCP )

Explanation:
Crisis Communications Plan: A subplan of the CMP. How we communicate internally and externally during a disaster. Who is permitted to talk to the press? Who is allowed to communicate what to whom internally?

Question 78

As part of our server hardening, we have chosen to block TCP port 25. What are we blocking on the servers?

A. HTTP
B. HTTPS
C. SMTP
D. POP3

Answer 78

C. SMTP

Explanation:
Simple Mail Transfer Protocol (SMTP), uses TCP port 25, but can also use port 2525.

Question 79

Which type of Random-Access memory (RAM) could be embedded in the Central Processing Unit (CPU)?

A. SRAM
B. DDR SDRAM
C. DRAM
D. SDRAM

Answer 79

A. SRAM

Explanation:
SRAM (Static RAM): Fast and Expensive. Uses latches to store bits (Flip-Flops). Does not need refreshing to keep data, keeps data until power is lost. This can be embedded on the CPU.

Question 80

With the Open Systems Interconnection (OSI) model in mind, which of these are COMMON layer 4 threats?

A. SYN Floods
B. ARP Spoofing
C. Eavesdropping
D. Ping of death

Answer 80

A. SYN Floods

Explanation:
SYN floods – half open TCP sessions, client sends 1,000’s of SYN requests, but replies with the 3rd ACK. The Transmission Control Protocol is an OSI level 4 protocol.

Question 81

In software acceptance testing, what is the purpose of compliance acceptance testing?

A. To ensure the software is functional for and tested by the end user and the application manager
B. To ensure the software is as secure or more secure than the rules, laws and regulations of the industry
C. To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities
D. To ensure the software perform as expected in our live environment vs our development environment

Answer 81

B. To ensure the software is as secure or more secure than the rules, laws and regulations of the industry

Explanation:
Compliance acceptance testing: Is the software compliant with the rules, regulations and laws of our industry?

Question 82

Using Mandatory Access Control (MAC), we would use clearance for assigning which of these?

A. Authentication
B. Authorization
C. Availability
D. Auditing

Answer 82

B. Authorization

Explanation:
The level of clearance determines what a subject is authorized to access.

Question 83

What can we implement that could help DECREASE identity theft online?

A. Saving usernames and passwords on your computer
B. Single factor authentication
C. Multifactor authentication
D. Usernames and passwords

Answer 83

C. Multifactor authentication

Explanation:
Multifactor authentication is a good way to decrease online identity theft, passwords and usernames are easily compromised, adding a possession based factor to it makes it much more secure.

Question 84

What could be used to provide audit log integrity during an attack?

A. Local logging accessible with administrator privileges
B. Centralized logging pushed every hour
C. Using WORM media for audit logs
D. Localized logging with push to a centralized server every 24 hours

Answer 84

C. Using WORM media for audit logs

Explanation:
WORM (Write Once - Read Many) is media you can’t erase the content once it is written without destroying the media.

Question 85

During our risk analysis, we are rating our incident likelihood as rare, unlikely, possible, likely, and certain. Which type of risk analysis are we using?

A. Cumulative risk analysis
B. Quantitative risk analysis
C. Qualitative risk analysis
D. Quadratic risk analysis

Answer 85

C. Qualitative risk analysis

Explanation:
Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.

Question 86

If we are using Mandatory Access Control (MAC) and we are looking at the BIBA’s * integrity axiom, what can’t we do?

A. Read down
B. Read up
C. Write up
D. Write downWhat could be a security concern we would need to address in a procurement situation?

Answer 86

C. Write up

Explanation:
BIBA: Integrity (Mandatory Access Control): * Integrity Axiom : “No Write UP”. Subjects with Secret clearance can’t write Secret information to Top Secret folders. We don’t want wrong or lacking lower level information to propagate to a higher level.

Question 87

What could be a security concern we would need to address in a procurement situation?

A. How we do ensure their security standards are high enough?
B. Who gets the IT infrastructure?
C. Security is part of the SLA
D. All of these

Answer 87

C. Security is part of the SLA

Explanation:
Procurement: When we buy products or services from a 3rd party, security part of the SLA.

Question 88

Which organization is responsible for delegating IP addresses to ISPs in the Caribbean and Latin America?

A. RIPE NNC
B. ARIN
C. APNIC
D. LACNIC

Answer 88

D. LACNIC

Explanation:
The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. LACNIC (Latin America and Caribbean Network Information Centre): Latin America and parts of the Caribbean region.

Question 89

Jane is doing quantitative risk analysis for our senior management team. They want to know what a data center flooding will cost us. The data center is valued at $10,000,000. We would lose 10% of our infrastructure and the flooding happens on average every 4 years. How much would the annualized loss expectancy be?

A. 100000
B. 2500000
C. 250000
D. 1000000

Answer 89

C. 250000

Explanation:
The data center is valued at $10,000,000, we would lose 10% per incident and it happens every 4 years. $10,000,000 * 0.1 (10%) * 0.25 (happens every 4 years, we need to know the chance per year) = $250,000.

Question 90

When Jane is designing the specifications in our Disaster Recovery Plan (DRP), she is including technology and countermeasures for unauthorized use of USB ports on servers. Which type of disasters is she focusing on? ​

A. All of these
B. Man made
C. Environmental
D. Natural

Answer 90

B. Man made

Explanation:
Human: Done intentionally or unintentionally by humans, these are by far the most common.

Question 91

We are using read-only memory for our low-level operating systems. Which of these is NOT a type of Read-Only memory (ROM)?

A. PROM
B. EEPROM
C. DPROM
D. EPROM

Answer 91

C. DPROM

Explanation:
ROM (Read Only memory) is nonvolatile (retains memory after power loss); most common use is the BIOS. PROM (Programmable Read Only memory) – Can only be written once, normally at the factory. EPROM (Erasable Programmable Read Only memory) – Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil). EEPROM (Electrically Erasable Programmable Read Only memory) – These are Electrically Erasable, you can use a flashing program. This is still called Read Only. The ability to write to the BIOS makes it vulnerable to attackers.

Question 92

One of our engineers has found a virus on one of our systems that keeps changing signature. What type of virus is it?

A. Macro virus
B. Stealth virus
C. Polymorphic
D. Multipart

Answer 92

C. Polymorphic

Explanation:
Polymorphic Viruses: Change their signature to avoid the antivirus signature definitions. Well-written polymorphic viruses have no parts which remain identical between infections, making it very difficult to detect directly using antivirus signatures.

Question 93

Implementing our access control model, you are asked, “In which type of access management would you use access lists?” What do you answer?

A. Radius Access Control (RAC)
B. Discretionary Access Control (DAC)
C. Role-Based Access Control
D. Mandatory Access Control (MAC)

Answer 93

B. Discretionary Access Control (DAC)

Explanation:
DAC (Discretionary Access Control): Often used when Availability is most important. Uses DACLs (Discretionary access lists), based on user identity. Access to an object is assigned at the discretion of the object owner. The owner can add, remove rights, commonly used by most OS’.

Question 94

What is the FIRST stage of the information lifecycle?

A. Use
B. Analytics
C. Disposal
D. Acquisition

Answer 94

D. Acquisition

Explanation:
We start by acquiring the information.

Question 95

If we plan to use what we find in our digital forensics in a court of law, what should the evidence NOT be?

A. Compromised
B. Admissible
C. Authentic
D. Accurate

Answer 95

A. Compromised

Explanation:
The evidence we collect must be accurate, complete, authentic, convincing, admissible.

Question 96

In our software code testing, one of the coders is mentioning the test coverage analysis. What is she talking about?

A. All interfaces exposed by the application
B. Each pair of input parameters to a system
C. The amount of errors in the code
D. How much of the code was tested in relation to the entire application

Answer 96

D. How much of the code was tested in relation to the entire application

Explanation:
Test Coverage Analysis: Identifies the how much of the code was tested in relation to the entire application.

Question 97

John is not allowed to access the organization’s network from anywhere but his home and at his desk at work. He just went on vacation and tried to log in. His access request was denied. This is a type of what?

A. Both context and content
B. Context-based access control
C. Role based access control
D. Content-based access control

Answer 97

B. Context-based access control

Explanation:
Context-based access control: Access to an object is controlled based on certain contextual parameters, such as location, time, sequence of responses, and access history. Providing the username and password combination, followed by a challenge and response mechanism such as CAPTCHA, filtering the access based on MAC addresses on wireless, or a firewall filtering the data based on packet analysis, are all examples of context-dependent access control mechanisms.

Question 98

We are discussing our risk responses and we are considering not issuing our employees laptops. What type of risk response would that be?

A. Risk avoidance
B. Risk transference
C. Risk mitigation
D. Risk rejection

Answer 98

A. Risk avoidance

Explanation:
Risk Avoidance – We don’t issue employees laptops (if possible) or we build the Data Center in an area that doesn’t flood. (Most often done before launching new projects – this could be the Data Center build).

Question 99

We have just migrated from distance vector routing protocols to link-state routing protocols. Which path would our traffic take from router A to router B?

A. The 10Mbps path
B. The 1 Gbps
C. The 1Mbps path

Answer 99

B. The 1 Gbps

Explanation:
Link-state routing protocols: Each node independently runs an algorithm over the map to determine the shortest path from itself to every other node in the network.

Question 100

We have implemented static Network address translation (NAT). How many public IP addresses do we need if we are using 5 private IP addresses and they all need internet access at the same time?

A. 10
B. 1
C. 6
D. 5

Answer 100

D. 5

Explanation:
Static NAT Translates 1-1, we need 1 Public IP per Private IP we use, not practical and not sustainable.

Question 101

We have implemented different types of anti-virus throughout our organization. Which type of anti-virus can produce a lot of false positives?

A. Signature
B. Heuristic
C. Formal
D. Embedded

Answer 101

B. Heuristic

Explanation:
Antivirus Software - tries to protect us against malware. Heuristic (Behavioral) based - looks for abnormal behavior - can result in a lot of false positives.

Question 102

In database normalization, in which form would we move data that is partially dependent on the primary key to another table?

A. 4th normal form
B. 2nd normal form
C. 1st normal form
D. 3rd normal form

Answer 102

B. 2nd normal form

Explanation:
Database normalization: Used to clean up the data in a database table to make it logically concise, organized, and consistent. Removes redundant data, and improves the integrity and availability of the database. Normalization has three forms (rules): First Normal Form: Divides the base data into tables, primary key is assigned to most or all tables. Second Normal Form: Move data that is partially dependent on the primary key to another table. Third normal Form: Remove data that is not dependent on the primary key.

Question 103

Which software project management methodology is based on 4 phases we go through over and over?

A. Agile
B. Waterfall
C. Spiral
D. Sashimi

Answer 103

C. Spiral

Explanation:
The spiral model: A risk-driven process model generator for software projects. The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A software project repeatedly passes through these phases in iterations (called Spirals in this model). The baseline spiral, starting in the planning phase, requirements are gathered and risk is assessed. Each subsequent spirals builds on the baseline spiral.

Question 104

What do we often uncover in our vulnerability scans?

A. Open ports that should not be
B. None of these
C. Attacks
D. Unauthorized users

Answer 104

A. Open ports that should not be

Explanation:
Vulnerability scanning/testing: A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching. It is very important to understand the output from a vulnerability scan, they can be 100’s of pages for some systems, and how do the vulnerabilities map to Threats and Risks (Risk = Threat x Vulnerability). When we understand the true Risk, we can then plan our mitigation.

Question 105

Why would we choose to go with an internal audit over a 3rd party audit?

A. Cost
B. To get the full picture of our organization
C. For compliance
D. To ensure it is professional and complete

Answer 105

A. Cost

Explanation:
Internal audits are much cheaper than external audits, but they are also not as complete, accredited or can be for compliance.

Question 106

Bob is working on updating our data destruction policy for senior management’s approval. Which of these would be some of the things he could include to ensure NO data remanence on spinning disk drives? (Select all that apply).

A. Overwriting the disk with all 0s
B. Degaussing the disk
C. Formatting the disk
D. Shredding the disk 
E. Crushing the disk
F. Deleting all the files on the disk

Answer 106

A. Overwriting the disk with all 0s
B. Degaussing the disk
D. Shredding the disk
E. Crushing the disk

Explanation:

Degaussing, shredding, overwriting and crushing could all be part of our spinning disk data destruction policy. We would often do more than one of them. If we format the drive or delete the files they would still be recoverable, that is NOT proper data destruction.

Question 107

After a disaster at our primary site, we are restoring functionality at our Disaster Recovery (DR) site. Which applications would we get up and running LAST?

A. The least resource intensive
B. Least critical
C. Most critical
D. The most resource intensive

Answer 107

B. Least critical

Explanation:
The BCP team has sub-teams responsible for rescue, recovery and salvage in the event of a disaster or disruption. Recovery team (failover): Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. We get the most critical systems up first.

Question 108

Which type of authentication will ask the user for something they have?

A. Type 1
B. Type 2
C. Type 4
D. Type 3

Answer 108

B. Type 2

Explanation:
Something you have - Type 2 Authentication: ID, passport, smart card, token, cookie on PC, these are called Possession factors. The subject uses these to authenticate their identity, if they have the item, they must be who they say they are.

Question 109

We have moved some of our non-critical functions to cloud hosting. We have chosen to go with an IaaS - (Infrastructure as a Service) implementation. Where would our responsibility start?

A. Between security and application
B. After the application
C. Between storage and servers
D. Between virtualization and OS

Answer 109

D. Between virtualization and OS

Explanation:
IaaS - (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up.

Question 110

If we look at our Business Continuity Plan (BCP), which team is defined as responsible for the dealing with getting our Disaster Recovery (DR) site up and running?

A. All of these
B. Rescue
C. Recovery
D. Salvage

Answer 110

C. Recovery

Explanation:
Recovery team (failover):Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. We get the most critical systems up first.

Question 111

On our systems, what is the South bridge connected to?

A. Wireless
B. All of these
C. CPU
D. Mouse/Keyboard

Answer 111

D. Mouse/Keyboard

Explanation:
The south bridge is connected to the hard disks and other drives, USB ports and other peripherals (and the north bridge).

Question 112

An attacker is using low bandwidth coordinated attacks to avoid our Intrusion Prevention Systems (IPS). What is the attacker doing?

A, Sending traffic on a well-known TCP port, where we would not expect the malicious traffic
B. Have many different agents use different IPs and ports
C. Change the attack signature
D. Breaking the data into segments

Answer 112

B. Have many different agents use different IPs and ports

Explanation:
Low-bandwidth coordinated attacks: A number of attackers (or agents) allocate different ports or hosts to different attackers making it difficult for the IDS to correlate the captured packets and deduce that a network scan is in progress.

Question 113

In quantitative risk analysis, what does the ALE tell us?

A. How often that asset type is compromised per year
B. How much of the asset is lost per incident
C. The value of the asset
D. What it will cost us per year if we do nothing

Answer 113

D. What it will cost us per year if we do nothing

Explanation:
Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing.

Question 114

In building a new system, we need to ensure we protect the Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) standard. Which of these is protected under the HIPAA standard?

A. IP addresses
B. Full dates
C. All of these
D. URLs

Answer 114

C. All of these

Explanation:
Under the US Health Insurance Portability and Accountability Act (HIPAA), Protected Health Information (PHI) that is linked based on the following list of 18 identifiers must be treated with special care: 1 Names. 2 All geographical identifiers smaller than a state. 3 Dates (other than year). 4 Phone numbers. 5 Fax numbers. 6 Email addresses. 7 Social Security numbers. 8 Medical record numbers. 9 Health insurance beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web Uniform Resource Locators (URLs). 15 Internet Protocol (IP) address numbers. 16 Biometric identifiers, including finger, retinal and voice prints. 17 Full face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.

Question 115

As part of our disaster recovery response, we are paying a provider to keep a copy of our servers and data. The servers are to remain down always, with the exception of patches and database syncs, and are only to be spun up if we have a disaster. What would this be called?

A. Reciprocal
B. Mobile site
C. Subscription site
D. Redundant

Answer 115

C. Subscription site

Explanation:
Subscription/cloud site: We pay someone else to have a minimal or full replica of our production environment up and running within a certain number of hours (SLA). They have fully built systems with our applications and receive backups of our data, if we are completely down we contact them and they spin the systems up and apply the latest backups. How fast and how much is determined by our plans and how much we want to pay for this type of insurance.

Question 116

Which of these protocols is the MOST commonly used for remote management of routers and switches?

A. RADIUS
B. Kerberos
C. DIAMETER
D. LDAP

Answer 116

A. RADIUS

Explanation:
RADIUS (Remote Authentication Dial-In User Service): A networking protocol that provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service. Widely used by ISPs (Internet service providers) and large organizations to manage access to IP networks, APs, VPNs, Servers, 802.1x, etc. Uses a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server. Use UDP ports 1812 for authentication and 1813 for accounting, can use TCP as the transport layer with TLS for security.

Question 117

Which type of hacker is NOT very skilled but can be dangerous because of their lack of knowledge and understanding of what they are doing?

A. Black hat
B. White hat
C. Gray hat
D. Script kiddie

Answer 117

D. Script kiddie

Explanation:
Script Kiddies: They have little or no coding knowledge, but many sophisticated hacking tools are available and easy to use. They pose a very real threat. They are just as dangerous as skilled hackers; they often have no clue what they are doing.

Question 118

The TACACS+ protocol as default uses which TCP port?

A. 80
B. 23
C. 49
D. 443

Answer 118

C. 49

Explanation:
TACACS+: Provides better password protection by using two-factor strong authentication. Not backwards compatible with TACACS. Uses TCP port 49 for authentication with the TACACS+ server. Similar to RADIUS, but RADIUS only encrypts the password TACACS+, encrypts the entire data package.

Question 119

In which type of access management would we use labels for objects?

A. Role-Based Access Control (RBAC)
B. Discretionary Access Control (DAC)
C. Radius Access Control (RAC)
D. Mandatory Access Control (MAC)

Answer 119

D. Mandatory Access Control (MAC)

Explanation:
MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important. Labels: Objects have Labels assigned to them, the subjects clearance must dominate the objects label. The label is used to allow Subjects with the right clearance access them. Labels are often more granular than just “Top Secret”, they can be “Top Secret – Nuclear”.

Question 120

What are we dealing with when we talk about data retention?

A. The data content
B. The data in use
C. How long we keep the data
D. Data remanence

Answer 120

C. How long we keep the data

Explanation:
Our data retention periods tells us how long we need to keep certain data for.

Question 121

In our access management, we would NEVER want to use group user accounts. Why is that?

A. No accountability
B. No availability
C. No authentication
D. No authorization

Answer 121

A. No accountability

Explanation:
Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity: Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability.

Question 122

For which type of data would we want to use end-to-end encryption?

A. All of these
B. Data at rest
C. Data in motion
D. Data in use

Answer 122

C. Data in motion

Explanation:
Data in Motion (Data being transferred on a Network). We encrypt our network traffic, end to end encryption, this is both on internal and external networks.

Question 123

In our Disaster Recovery Plan (DRP) we have distinct phases. In which phase would we act on our Disaster Recovery procedures?

A. Recovery
B. Mitigation
C. Response
D. Preparation

Answer 123

C. Response

Explanation:
Response: How we react in a disaster, following the procedures.

Question 124

Our Intrusion Prevention Systems (IPS) has blocked permitted traffic. What is this an example of?

A. True negative
B. False positive
C. False negative
D. True positive

Answer 124

B. False positive

Explanation:
False Positive: Normal traffic and the system detects it and acts.

Question 125

As part of our defense in depth, we are looking at what we can do to specifically mitigate Distributed Denial Of Service (DDOS) attacks. Which of these would be MOST effective against Distributed Denial Of Service (DDOS) attacks?

A. NIDS
B. HIPS
C. HIDS
D. NIPS

Answer 125

D. NIPS

Explanation:
To block Distributed Denial Of Service (DDOS) attacks we would use network intrusion prevention systems.