CISSP certification: Full 125 question practice test #4 - test 1 (Anthony Today) Flashcards

1
Q

Looking at the logical ring model, where would we find a VM hypervisor?

A. -1
B. 3
C. 2
D. 0

A

A. -1

Explanation:
The Ring Model: 4 ring model that separates Users (Untrusted) from the Kernel (Trusted). The full model is slow and rarely used; most OS’ only use rings 0 and 3. The applications are at layer 3. There is a new addition to the Ring Model: Hypervisor mode is called Ring -1 and is for VM Hosts. Ring -1 sits below the Client kernel in Ring 0.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In software testing, we are doing synthetic transaction. What does that mean?

A. Passively test the code, but not run it
B. Build scripts and tools that would simulate normal user activity
C. Submit random malformed input to crash the software or elevate privileges
D. Test the code while executing it

A

B. Build scripts and tools that would simulate normal user activity

Explanation:
Synthetic transactions (synthetic monitoring): Website monitoring using a Web browser emulation or scripted recordings of Web transactions. Behavioral scripts/paths are created to simulate an action or path that a customer or end-user would take on a site. The paths are continuously monitored at specified intervals for performance, functionality, availability, and response time.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

During a security audit, we found some security issues that we need to address. The IT Security team has been asked to suggest mitigation strategies using the OSI model. What could we implement to mitigate layer 2 threats?

A. Access Lists
B. Start using firewalls
C. Shut down open unused ports
D. Installing UPS’ in the data center

A

C. Shut down open unused ports

Explanation:
Layer 2 devices: Switches are bridges with more than 2 ports. Each port is it’s own collision domain, fixing some of the issues with collisions. Uses MAC addresses to direct traffic. Good switch security includes: Shutting unused ports down. Put ports in specific VLANs. Using the MAC Sticky command to only allow that MAC to use the port, either with a warning or shut command if another MAC accesses the port. Use VLAN pruning for Trunk ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

John has installed a backdoor to your system and he is using it to send spam emails to thousands of people. He is using a C&C structure. What is your system?

A. A standalone bot
B. A botnet
C. A bot herder in a botnet
D. A bot in a botnet

A

D. A bot in a botnet

Explanation:
Bots and botnets (short for robot): Bots are a system with malware controlled by a botnet. The system is compromised by an attack or the user installing a Remote Access Trojan (game or application with a hidden payload). They often use IRC, HTTP or HTTPS. Some are dormant until activated. Others are actively sending data from the system (Credit card/bank information for instance). Active bots can also can be used to send spam emails. Botnets is a C&C (Command and Control) network, controlled by people (bot-herders). There can often be 1,000’s or even 100,000’s of bots in a botnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

If we are using a qualitative risk analysis approach, which of these would we use?

A. Asset value
B. Cost per incident
C. Exposure factor
D. Risk analysis matrix

A

D. Risk analysis matrix

Explanation:
Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A HMAC-based one-time password (HOTP) is an example of which type of authentication method?

A. Something you know
B. Something you have
C. Somewhere you are
D. Something you are

A

B. Something you have

Explanation:
Something you have - Type 2 Authentication: HOTP (HMAC-based one-time password): Shared secret and incremental counter, generate code when asked, valid till used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

On our workstations, we are implementing new security measures. As part of that, we will start blocking TCP port 20. Which protocol are we blocking?

A. SSH
B. FTP Data Transfer
C. FTP Control
D. Telnet

A

B. FTP Data Transfer

Explanation:
FTP (File Transfer Protocol): Uses TCP Port 20 for the data transfer - the actual data is sent here.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

If we look at our Disaster Recovery Plan (DRP) for what to do when we are attacked, in which phase of incident management do we shut system access down?

A. Detection
B. Response
C. Preparation
D. Recovery

A

B. Response

Explanation:
Response: The response phase is when the incident response team begins interacting with affected systems and attempts to keep further damage from occurring as a result of the incident. This can be taking a system off the network, isolating traffic, powering off the system, or however our plan dictates to isolate the system to minimize both the scope and severity of the incident. Knowing how to respond, when to follow the policies and procedures to the letter and when not to, is why we have senior staff handle the responses. We make bit level copies of the systems, as close as possible to the time of incidence to ensure they are a true representation of the incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In the TCP/IP model, packets are the Protocol Data Units (PDUs) of which layer?

A. Transport
B. Application
C. Internetworks
D. Link and Physical

A

C. Internetworks

Explanation:
Packets are the Protocol Data Units (PDUs) of the Internetwork layer of the TCP/IP model. (OSI layer 3 - Networking layer).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of these are COMMON attacks on trade secrets?

A. Software piracy
B. Industrial espionage, trade secrets are security through obscurity, if discovered nothing can be done
C. Counterfeiting
D. Someone using your protected design in their products

A

B. Industrial espionage, trade secrets are security through obscurity, if discovered nothing can be done

Explanation:
Trade Secrets. While a organization can do nothing if their Trade Secret is discovered, how it is done can be illegal. You tell no one about your formula, your secret sauce. If discovered anyone can use it; you are not protected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Using highly targeted emails to senior management, an attacker has sent an email threatening a lawsuit if attached documents are not filled out and returned by a certain date. What is this an example of?

A. Vishing
B. Whale Phishing
C. MITM
D. Social Engineering

A

B. Whale Phishing

Explanation:
This is whale phishing, which is a social engineering attack. Whale Phishing (Whaling): Spear phishing targeted at senior leadership of an organization. This could be: “Your company is being sued if you don’t fill out the attached documents (With Trojan in them) and return them to us within 2 weeks”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Our networking department is recommending we use a baseband solution for an implementation. Which of these is a KEY FEATURE of those?

A. Only one system on the network can send one signal at a time
B. Both systems can send and receive at the same time
C. One way communication, one system transmits the other received, direction can be reversed
D. One way communication, one system transmits the other receives, direction cant be reversed

A

A. Only one system on the network can send one signal at a time

Explanation:
Baseband networks have one channel, and can only send one signal at a time. Ethernet is baseband: “1000baseT” STP cable is a 1000 megabit, baseband, Shielded Twisted Pair cable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

We are using one-time passwords that are pushed every 30 seconds to an application on our technical staff’s phones. Which type of tokens are we using?

A. TOTP
B. HOTP
C. ROTP
D. BOTP

A

A. TOTP

Explanation:
Something you have - Type 2 Authentication: TOTP (Time-based One-Time Password): Time based with shared secret, often generated every 30 or 60 seconds, synchronized clocks are critical.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

We have a company doing a penetration test for us. In which phase would the tester try to gain higher level access, and ultimately, if they can, admin access?

A. Gaining Access
B. Discovery
C. Escalate privileges
D. System Browsing

A

C. Escalate privileges

Explanation:
Escalate Privileges: Get higher level access, ultimately we want admin access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of these could be an example of a type of corrective access control?

A. Patches
B. Encryption
C. Backups
D. Alarms

A

A. Patches

Explanation:
Corrective: Controls that Correct an attack – Anti-virus, Patches, IPS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which software development methodology uses prototypes in addition to, or instead of, design specifications.

A. XP
B. Prototyping
C. Scrum
D. RAD

A

D. RAD

Explanation:
RAD (Rapid Application Development): Puts an emphasize adaptability and the necessity of adjusting requirements in response to knowledge gained as the project progresses. Prototypes are often used in addition to or sometimes even in place of design specifications. Very suited for developing software that is driven by user interface requirements. GUI builders are often called rapid application development tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What would we call social engineering through emails that target specific individuals, where the attacker has specific knowledge about the company?

A. Vishing
B. Phishing
C. Whale phishing
D. Spear phishing

A

D. Spear phishing

Explanation:
Spear Phishing: Targeted Phishing, not just random spam, but targeted at specific individuals. Sent with knowledge about the target (person or company); familiarity increases success.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which of these is NOT a downside to enforcing software tokens on phones for multifactor authentication?

A. It is user friendly
B. Phones has to be changed
C. SIM Cloning
D. Phones can be lost

A

A. It is user friendly

Explanation:
Software tokens on phones are easy, user friendly, but also comes with some challenges. What can a user do if they lose the phone, if their SIM card is cloned, the phone is not charged, …

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

For our new startup, we are looking at different types of identity and access management. Which of these are COMMON types of that? (Select all that apply).

A. RBAC (Role Based Access Control) 
B. RUBAC (Rule Based Access Control)
C. DAC (Discretionary Access Control) 
D. TRAC (Trust Ratio Access Control) 
E. MAC (Mandatory Access Control)
A

A. RBAC (Role Based Access Control)
C. DAC (Discretionary Access Control)
E. MAC (Mandatory Access Control)

Explanation:
In Identity and Access Management we can use DAC (Discretionary Access Control), which is often used when Availability is most important. Access to an object is assigned at the discretion of the object owner. MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important. RBAC (Role Based Access Control): Often used when Integrity is most important. Policy neutral access control mechanism defined around roles and privileges. A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position. RUBAC is based on IF/THEN statements (think older firewalls), and is not a type of Identity and Access Management. TRAC is .. well nothing, I made it up 0_o

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What handles all access between objects and subjects in the computer kernel?

A. Superuser mode
B. Supervisor mode
C. Reference Monitor
D. User mode

A

C. Reference Monitor

Explanation:
The Kernel At the core of the OS is the Kernel. At ring 0 (or 3), it interfaces between the operating system (and applications) and the hardware. Microkernels are modular kernels. The reference monitor is a core function of the kernel; it handles all access between subjects and objects. It is always on and can’t be bypassed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

We are blocking unused ports on our servers as part of our server hardening. When we block TCP port 143, what are we blocking?

A. NetBIOS name service
B. Microsoft Terminal Server (RDP)
C. NetBIOS datagram service
D. IMAP

A

D. IMAP

Explanation:
Internet Message Access Protocol (IMAP) uses TCP port 143.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

In which type of software testing would we test the functionality of the code?

A. Regression Testing
B. Unit Testing
C. Integration Testing
D. Installation Testing

A

B. Unit Testing

Explanation:
Unit testing: Tests that verify the functionality of a specific section of code. In an object-oriented environment, this is usually at the class level, and the minimal unit tests include the constructors and destructors. Usually written by developers as they work on code (white-box), to ensure that the specific function is working as expected.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which type of authentication can also be used for identification?

A. Password
B. Fingerprint
C. PIN
D. Passport

A

D. Passport

Explanation:
In this case the passport is both something you have and something that can be used for identification. For multiple factor authentication we would still want a knowledge factor or a biometric factor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

As part of our disaster recovery planning, we are looking at an alternate site. We would want it to take us somewhere between 4 hours and 2-3 days to be back up operating on critical applications. Which type of Disaster Recovery site are we considering?

A. Cold Site
B. Warm Site
C. Hot Site
D. Redundant Site

A

B. Warm Site

Explanation:
Warm site: Similar to the hot site, but not with real or near-real time data, often restored with backups. A smaller but full data center, with redundant UPS’, HVACs, ISP’s, generators, … We manually fail traffic over, a full switch and restore can take 4-24 hrs.+.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

An IPv4 address consists of how many bits?

A. 32 bit
B. 4 bit
C. 128 bit
D. 8 bit

A

A. 32 bit

Explanation:
IPv4 (Internet Protocol version 4) addresses: IPv4 addresses are made up of 4 octets (dotted-decimal notation) and broken further down in a 32 bit integer binary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of these could be a countermeasure we have in place that could help us recover after an incident?

A. Patches
B. Encryption
C. Intrusion detection systems
D. Backups

A

D. Backups

Explanation:
Recovery: Controls that help us Recover after an attack – DR Environment, Backups, HA Environments .

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How would a US government agency be allowed to access company emails?

A. Anything done online
B. Your emails
C. Your internet history
D. Anything turned over voluntary

A

D. Anything turned over voluntary

Explanation:
Anything subpoena, search warranted, turned over voluntary and in exigent circumstances (immediate danger of being destroyed), can allow law enforcement to bypass the 4th amendment. If it was legal will be decided in a court of law later. We need ensure our evidence is acquired in legal manner remember the US Constitution 4th amendment. The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Which type of hacker is skilled and often alerts companies to vulnerabilities before publishing them?

A. Gray hat
B. Script kiddie
C. Black hat
D. White hat

A

A. Gray hat

Explanation:
Gray/Grey Hat hackers: They are somewhere between the white and black hats, they often alert the company so they can fix the flaw, if the company does nothing they then publish it flaw.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

In which order does the CPU process work?

A. Fetch, decode, store, execute
B. Fetch, execute, decode, store
C. Fetch, decode, execute, store
D. Execute, fetch, decode, store

A

C. Fetch, decode, execute, store

Explanation:
CPU (Central Processing Unit): Fetch, Decode, Execute, Store. Fetch - Gets the instructions from memory into the processor. Decode - Internally decodes what it is instructed to do. Execute - Takes the add or subtract values from the registers. Store - Stores the result back into another register (retiring the instruction).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

In our Disaster Recovery Plan (DRP), we could have listed the minimum hardware requirements for a certain system to function. What would that be called?

A. Minimum Operating Requirements (MOR)
B. MTTR
C. MTD
D. MTBF

A

A. Minimum Operating Requirements (MOR)

Explanation:
Minimum Operating Requirements (MOR) (Minimum Operating Requirements): The minimum environmental and connectivity requirements for our critical systems to function, can also at times have minimum system requirements for DR sites. We may not need a fully spec’d system to resume the business functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

When assigning sensitivity to our data, which of these should NOT be a factor?

A. What the data is worth
B.Where we will store the data
C. Who will have access to the data
D. How bad a data exposure would be

A

B.Where we will store the data

Explanation:
Who will access it, the value of the data and how impactful a disclosure would be should all factor into our sensitivity labels, where we store the data should not. If it is sensitive it should be stored in an appropriate location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What can we do we do when a type 1 authentication is compromised?

A. Issue a new password
B. Issue a new ID Card
C. Stop use of that type of biometric for that employee or use another finger if fingerprint
D. Revoke the token

A

A. Issue a new password

Explanation:
Type 1 Authentication is something you know, this could be passwords, pass phrase, PIN etc. We would issue a new different password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

As part of our ongoing Disaster Recovery Planning, Bob is working on categorizing incidents. Which category would misconfigurations fall under?

A. Human
B. Environmental
C. All of these
D. Natural

A

A. Human

Explanation:
Human: Done intentionally or unintentionally by humans, these are by far the most common.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which programming language uses short mnemonics like ADD and SUB, which is then matched to its full-length binary code?

A. Source code
B. Machine code
C. Assembler language
D. Compiler language

A

C. Assembler language

Explanation:
Assembler Language: Short mnemonics like ADD/SUB/JMP which is matched with the full length binary machine code, an assembler converts assembly language into machine language, a disassembler does the reverse.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

When physically storing sensitive data in a secure way, which of these has slots where staff can easily slip sensitive paperwork into?

A. Data center
B. Depository
C. Vault
D. Wall Safe

A

B. Depository

Explanation:
A depository is a safe with slots or an opening where staff can add sensitive physical data. Think depositing money at the bank outside of their operating hours in the envelopes at the ATMs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

In our risk analysis, we know there is a risk, but we do not analyze how bad an impact would be. Which type of risk response is that an example of?

A. Risk avoidance
B. Risk transference
C. Risk rejection
D. Risk mitigation

A

C. Risk rejection

Explanation:
Risk Rejection – You know the risk is there, but you are ignoring it. This is never acceptable. (You are liable).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

In our risk analysis, we are looking at the risk. What would that comprise of?

A. Threat x vulnerability
B. Threat * vulnerability * asset value
C. Threat + vulnerability
D. (threat * vulnerability * asset value) - countermeasures

A

A. Threat x vulnerability

Explanation:
Risk = Threat x Vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

In a risk analysis, we are looking at the upfront cost and ongoing support of a mitigation solution. What would that be called?

A. ARO
B. ALE
C. SLE
D. TCO

A

D. TCO

Explanation:
Total Cost of Ownership (TCO) – The mitigation cost: upfront + ongoing cost (Normally Operational)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

In software testing, component interface testing would test what?

A. The functionality of a specific section of code
B. Processes and security alerts when encountering errors
C. Data handling passed between different units or subsystems
D. Interfaces between components against the software design

A

C. Data handling passed between different units or subsystems

Explanation:
Component interface testing: Testing can be used to check the handling of data passed between various units, or subsystem components, beyond full integration testing between those units.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What is the relationship between plaintext and ciphertext is called?

A. Diffusion
B. Substition
C. Confusion
D. Permutation

A

C. Confusion

Explanation:
Confusion is the relationship between the plaintext and ciphertext; it should be as random (confusing) as possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Why would we choose to delete a user account after the employee leaves the organization?

A. Accountability traceability for events discovered later
B. Regulations
C. User’s privacy protection
D. Retention policy

A

C. User’s privacy protection

Explanation:
We would want to keep accounts deactivated when they leave, the only reason to delete the accounts would be if required by law or regulation, which would be in place to protect their privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

In our business improvement process, we are using the Capability Maturity Model (CMM). In which stages of the CMM model are processes defined? (Select all that apply).

A. Level 2
B. Level 5
C. Level 4
D. Level 3
E. Level 1
A

B. Level 5
C. Level 4
D. Level 3

Explanation:
CMM (Capability Maturity Model): The maturity relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined repeatable steps, to managed result metrics, to active optimization of the processes. From level and upwards we have clearly defined processes. Level 1: Initial Processes at this level that they are normally undocumented and in a state of dynamic change, tending to be driven in an ad hoc, uncontrolled and reactive manner by users or events. Level 2: Repeatable. Process discipline is unlikely to be rigorous, but where it exists it may help to ensure that existing processes are maintained during times of stress.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

We have part of our infrastructure migrated to cloud computing. We are responsible for the applications and the data. Which type of cloud computing are we using?

A. Infrastructure as a Service (IaaS)
B. Software as a Service (SaaS)
C. Identity as a Service (IDaaS)
D. Platform as a Service (PaaS)

A

D. Platform as a Service (PaaS)

Explanation:
In public cloud PaaS - (Platform as a Service) The vendor provides pre-configured OSs, then the customer adds all programs and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

In which part of the computer are all the calculations done?

A. CPU
B. ALU
C. ROM
D. CU

A

B. ALU

Explanation:
Arithmetic logic unit (ALU) performs arithmetic and logic operations. It’s a processor that registers that supply operands (Object of a Mathematical Operation) to the ALU and stores the results of ALU operations. It does all the math.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

If you see any IPv4 address in the 127.0.0.0/8 range, what type of IPv4 address is that?|

A. Private
B. Link-local
C. Loopback
D. Public

A

C. Loopback

Explanation:
IPv4 network standards reserve the entire 127.0.0.0/8 address block for loopback purposes. That means any packet sent to one of those 16,777,214 addresses (127.0.0.1 through 127.255.255.254) is looped back. IPv6 has just a single address, ::1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What are Programmable Logic Controllers (PLCs) used for?

A. Controlling manufacturing processes
B. Computerized control system for a process or plant
C. High level control supervisory management
D. Monitor our servers, workstations and network devices

A

A. Controlling manufacturing processes

Explanation:
PLC (Programmable Logic Controllers) is an industrial digital computer which has been ruggedized and adapted for the control of manufacturing processes such as assembly lines, robotic devices or any activity that requires high reliability control, ease of programming and process fault diagnosis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

How can we safely we dispose of damaged SSD drives and ensure there is no data remanence?

A. Formatting
B. All of these
C. Shredding
D. Overwriting

A

C. Shredding

Explanation:
SSD drives: Formatting just deletes the file structure, most if not all files are recoverable. Since the drive is damaged we can’t overwrite it, we would need to rely on just shredding it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

We want our employees to be connected without interruptions wherever they go: break rooms, meeting rooms, and their desks. What would be the BEST to use?

A. Copper Ethernet
B. Wireless
C. Fiber Ethernet
D. Coax Copper

A

B. Wireless

Explanation:
To stay connected with employees roaming we need to not be connected to cables, wireless is the only option.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

In CASE programming, designers use these categories of tools, EXCEPT which?

A. References
B. Environments
C. Tools
D. Workbenches

A

A. References

Explanation:
CASE (Computer-Aided Software Engineering): Similar to and were partly inspired by computer-aided design (CAD) tools used for designing hardware products. Used for developing high-quality, defect-free, and maintainable software. Often associated with methods for the development of information systems together with automated tools that can be used in the software development process. CASE software is classified into 3 categories: Tools support specific tasks in the software life-cycle. Workbenches combine two or more tools focused on a specific part of the software life-cycle. Environments combine two or more tools or workbenches and support the complete software life-cycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Type 2 authentication includes all these, EXCEPT which?

A. Password
B. Cookie
C. Passport
D. TOTP token

A

A. Password

Explanation:
Something you have - Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.). A password is something you know (type 1 factor).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Under which of these open source software license agreements, is it allowed to alter the original software and sell the altered software?

A. CKR
B. BSD
C. Apache
D. GNU

A

B. BSD

Explanation:
BSD (Berkeley Software Distribution): A family of permissive free software licenses, imposing minimal restrictions on the use and redistribution of covered software. This is different than copyleft licenses, which have reciprocity share-alike requirements.

52
Q

Which type of IPv4 address is the range 172.31.0.0/24?

A. Private
B. Public
C. Loopback
D. Link-local

A

A. Private

Explanation:
172.16.0.0 – 172.31.255.255 are private IP’s, we can use them on our internal network, they are not routable on the internet.

53
Q

With which of these is your work NOT be protected if someone were to copy your work?

A. Patent
B. Trademark
C. Copyright
D. Trade Secret

A

D. Trade Secret

Explanation:
Trade Secrets. You tell no one about your formula, your secret sauce. If discovered, anyone can use it; you are not protected.

54
Q

Prior to us deploying honeypots and honeynets, who should sign off on the deployment?

A. Senior Management
B. Our HR and payroll team
C. A judge
D. The engineer deploying it

A

A. Senior Management

Explanation:
Get approval from senior management and your legal department before deploying honeypots or honey nets, legal would know the legal ramifications and senior management are ultimately liable. Both can pose legal and practical risks.

55
Q

Which phase could a penetration tester go to after they are finished with one of the “System browsing” phases? (Select all that apply).

A. Discovery
B. Install additional tools
C. Gaining access
D. Escalate privileges

A

A. Discovery
B. Install additional tools

Explanation:
After system browsing, the pen tester would either try to install additional tools or go back to the discovery/planning phase.

56
Q

If an attacker is using a digraph attack, what is the attacker looking for? ​

A. How often messages are sent
B. How many messages are sent
C. How often pairs of letters are used
D. How often certain letters are used

A

C. How often pairs of letters are used

Explanation:
Digraph attack: Similar to frequency analysis/attacks, but looks at common pairs of letters (TH, HE, IN, ER).

57
Q

For our servers, we are using Random Access Memory (RAM). What is one of the KEY FEATURES of RAM?

A. Predictive
B. Volatile
C. Non-volatile
D. Flash memory

A

B. Volatile

Explanation:
RAM (Random Access memory) is volatile memory. It loses the memory content after a power loss (or within a few minutes). This can be memory sticks or embedded memory.

58
Q

When a penetration tester is trying to gain access to sensitive information from one of our servers, she is testing which type of access control?

A. Detective
B. Technical
C. Administrative
D. Physical

A

B. Technical

Explanation:
Technical Controls: Hardware/Software/Firmware – Firewalls, Routers, Encryption. Trying to access and gain information from a server would compromise our technical or logical security.

59
Q

You are talking to a new manager of our helpdesk. You are explaining how we do risk analysis. They ask you: “How do you define a vulnerability?”

A. A potential harmful incident
B. How bad is it if we are compromised?
C. The total risk after we have implemented our countermeasures
D. A weakness that can be possibly be exploited

A

D. A weakness that can be possibly be exploited

Explanation:
Vulnerability – A weakness that can allow the threat to do harm. Having a Data Center in the Tsunami flood area, not Earthquake resistant, not applying patches and antivirus, …

60
Q

A penetration tester is calling one of our employees, and they are talking about friends they have in common. The penetration tester then asks for help from the employee. This is which type of social engineering?

A. Scarcity
B. Familiarity
C. Intimidation
D. Authority

A

B. Familiarity

Explanation:
Social engineering uses people skills to bypass security controls. Familiarity (Have a common ground, or build it) - Knowing something about the victim ahead of time and then reference it can raises chances of a successful attack drastically. People want to be helpful, if they feel like they know you they want to even more. Often successful with vishing and in-person social engineering.

61
Q

We have started issuing cell phones to our employees and we want a centralized way of managing them. What could be something we should consider implementing?

A. DRM
B. MDM
C. MGM
D. AMA

A

B. MDM

Explanation:
Using a centralized management system: MDM (Mobile Device Management) we can controls a lot of settings. App Black/White list, Storage Segmentation, Remote Access Revocation, Configuration Pushes, Backups. More controversial: Track the location of employees, monitor their data traffic and calls.

62
Q

When a computer uses more than one processor at a time for a task, it is called what?

A. Multiprogramming
B. Multitasking
C. Multithreading
D. Multiprocessing

A

D. Multiprocessing

Explanation:
Multiprocessing - A computer using more than one CPU at a time for a task.

63
Q

Which of these protocols is vendor neutral?

A. VTP
B. LDAP
C. AD
D. EIGRP

A

B. LDAP

Explanation:
LDAP (The Lightweight Directory Access Protocol): Open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an IP network. Application layer protocol and use TCP and UDP port 389. LDAP is commonly used for central usernames and passwords storage, many different applications and services can connect to the LDAP server to validate users.

64
Q

Jane has determined our Annualized Loss Expectancy (ALE) for laptops is $250,000. She is recommending we implement full disk encryption and remote wiping capabilities on all our laptops. The $1,000 laptop value is still lost, but the $9,000 value loss from Personally identifiable information (PII) exposure would be mitigated. How many laptops do we lose per year?

A. 15
B. 50
C. 10
D. 25

A

D. 25

Explanation:
With an current ALE of $250,000 and a AV of $10,000 ($1,000 + $9,000) we lose 25 laptops per year.

65
Q

Where would we store the Basic Input/output System (BIOS)?

A. Flash memory
B. Non-volatile memory
C. Volatile memory
D. Referential memory

A

B. Non-volatile memory

Explanation:
The BIOS on a computer, router or switch is the low-level operating system and configuration. The firmware is stored on an non-volatile embedded device like PROM, EPROM or EEPROM.

66
Q

We have applied for a trademark and it has been approved. How are we protected?

A. Protected 10 years at a time, and it can be renewed indefinitely
B. Protected for 20 years after filing
C. You tell no one, if discovered you are not protected
D. Protected for 70 years after the creators death or 95 years for corporations

A

A. Protected 10 years at a time, and it can be renewed indefinitely

Explanation:
Trademarks ™ and ® (Registered Trademark). Brand Names, Logos, Slogans – Must be registered, is valid for 10 years at a time, can be renewed indefinitely.

67
Q

When would be a time we should update our Business Continuity Plan (BCP) and its sub plans outside of our annual cycle?

A. When we add a new server
B. We wouldnt every 12 months is fine
C. We had a disaster and we had a lot of gaps in our plans
D. When we patch our Windows server

A

C. We had a disaster and we had a lot of gaps in our plans

Explanation:
The plans needs to be continually updated, it is an iterative process. Plans should be reviews and updated at least every 12 month. If our organization has had a major change we also update the plans. This could be: We acquired another company or we split off into several companies. We changed major components of our systems (new backup solution, new IP scheme, …). We had a disaster and we had a lot of gaps in our plans. A significant part of senior leadership has changed.

68
Q

We are using the scrum project management methodology on one of our projects. For that project who would be responsible for the analysis, design, and documentation?

A. All of these
B. The development team
C. The scrum master
D. The product owner

A

B. The development team

Explanation:
Development team: Responsible for delivering the product at the end of each sprint (sprint goal). The team is made up of 3–9 individuals who do the actual work (analysis, design, develop, test, technical communication, document, etc.). Development teams are cross-functional, with all of the skills as a team necessary to create a product increment.

69
Q

To ensure our compliance before we pay for a structured audit, we want to do an “unstructured” audit. What would that entail?

A. Internal auditors looking for flaws
B. External auditors comes in
C. Testing against a published standard
D. Internal IT Security Employees double checking their work

A

A. Internal auditors looking for flaws

Explanation;
Unstructured audits: Internal auditors to improve our security and find flaws; often done before an external audit.

70
Q

We are in the process of developing some new software. On some of our previous releases of different software we have had security problems. We are considering releasing the source code for the new software, what would that make our software?

A. Prevented software
B. Cloud source
C. Open Source
D. Proprietary Software

A

C. Open Source

Explanation:
Open source: We release the code publicly, where it can be tested, improved and corrected, but it also allows attackers to find the flaws in the code.

71
Q

We would backup all changes since the last backup and clear the archive bit using which kind of backup?

A. Full
B. Differential
C. Incremental
D. Copy

A

C. Incremental

Explanation:
Incremental backups: Backs up everything that has changed since the last backup. Clears the archive bits. Incrementals are often fast to do, they only backup what has changed since the last incremental or full. The downside to them is if we do a monthly full backup and daily incrementals, we can have to get a full restore have to use up to 30 tapes, this would take a lot longer than with 1 Full and 1 Differential.

72
Q

Which of the different types of logical intrusion systems would only use alerts, and sends the alerts if it sees traffic matching certain signatures?

A. Pattern
B. Heuristic
C. Behavioral based
D. IPS

A

A. Pattern

Explanation:
Signature (Pattern) matching, similar to anti virus, it matches traffic against a long list of known malicious traffic patterns.

73
Q

As part of the annual board retreat, senior management is wanting to put a face on the IT organization and thinks Jane is a great candidate for it. They have asked her to talk briefly about native XML vulnerabilities. Which type of database does XML use?

A. Relational
B. Document-oriented
C. Object-oriented
D. Hierarchial

A

B. Document-oriented

Explanation:
A document-oriented database, or document store, is a computer program designed for storing, retrieving and managing document-oriented information. XML databases are a subclass of document-oriented databases that are optimized to work with XML documents.
74
Q

Looking at different database query languages, which of them would use these statements? SELECT, DELETE, INSERT, and UPDATE.

A. DDL
B. DML.
C. BGP.
D. DRP.

A

B. DML.

Explanation:
Data Manipulation Language (DML): Used for selecting, inserting, deleting and updating data in a database. Common DML statements are SELECT, DELETE, INSERT, UPDATE.

75
Q

In a MAC/EUI-64 mac addresses, how many bits is the manufacturer identifier?

A. 48
B. 24
C. 40
D. 12

A

B. 24

Explanation:
EUI/MAC-64 Mac addresses are 64 bits. The first 24 are the manufacturer identifier. The last 40 are unique and identifies the host.

76
Q

In our Redundant Array of Independent Disks (RAID) configuration, we are using striping with redundancy. At least how many disks would we need?

A. 3
B. 4
C. 2
D. 1

A

A. 3

Explanation:
Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

77
Q

Which subplan would we look at in our Business Continuity Plan (BCP) for dealing with the press and alerting employees about disasters?

A. Computer Incident Response Plan (CIRP)
B. Crisis Communications Plan (CCP )
C. Occupant Emergency Plan (OEP)
D. Continuity of Operations Plan (COOP)

A

B. Crisis Communications Plan (CCP )

Explanation:
Crisis Communications Plan: A subplan of the CMP. How we communicate internally and externally during a disaster. Who is permitted to talk to the press? Who is allowed to communicate what to whom internally?

78
Q

As part of our server hardening, we have chosen to block TCP port 25. What are we blocking on the servers?

A. HTTP
B. HTTPS
C. SMTP
D. POP3

A

C. SMTP

Explanation:
Simple Mail Transfer Protocol (SMTP), uses TCP port 25, but can also use port 2525.

79
Q

Which type of Random-Access memory (RAM) could be embedded in the Central Processing Unit (CPU)?

A. SRAM
B. DDR SDRAM
C. DRAM
D. SDRAM

A

A. SRAM

Explanation:
SRAM (Static RAM): Fast and Expensive. Uses latches to store bits (Flip-Flops). Does not need refreshing to keep data, keeps data until power is lost. This can be embedded on the CPU.

80
Q

With the Open Systems Interconnection (OSI) model in mind, which of these are COMMON layer 4 threats?

A. SYN Floods
B. ARP Spoofing
C. Eavesdropping
D. Ping of death

A

A. SYN Floods

Explanation:
SYN floods – half open TCP sessions, client sends 1,000’s of SYN requests, but replies with the 3rd ACK. The Transmission Control Protocol is an OSI level 4 protocol.

81
Q

In software acceptance testing, what is the purpose of compliance acceptance testing?

A. To ensure the software is functional for and tested by the end user and the application manager
B. To ensure the software is as secure or more secure than the rules, laws and regulations of the industry
C. To ensure the backups are in place, we have a DR plan, how patching is handled and that the software is tested for vulnerabilities
D. To ensure the software perform as expected in our live environment vs our development environment

A

B. To ensure the software is as secure or more secure than the rules, laws and regulations of the industry

Explanation:
Compliance acceptance testing: Is the software compliant with the rules, regulations and laws of our industry?

82
Q

Using Mandatory Access Control (MAC), we would use clearance for assigning which of these?

A. Authentication
B. Authorization
C. Availability
D. Auditing

A

B. Authorization

Explanation:
The level of clearance determines what a subject is authorized to access.

83
Q

What can we implement that could help DECREASE identity theft online?

A. Saving usernames and passwords on your computer
B. Single factor authentication
C. Multifactor authentication
D. Usernames and passwords

A

C. Multifactor authentication

Explanation:
Multifactor authentication is a good way to decrease online identity theft, passwords and usernames are easily compromised, adding a possession based factor to it makes it much more secure.

84
Q

What could be used to provide audit log integrity during an attack?

A. Local logging accessible with administrator privileges
B. Centralized logging pushed every hour
C. Using WORM media for audit logs
D. Localized logging with push to a centralized server every 24 hours

A

C. Using WORM media for audit logs

Explanation:
WORM (Write Once - Read Many) is media you can’t erase the content once it is written without destroying the media.

85
Q

During our risk analysis, we are rating our incident likelihood as rare, unlikely, possible, likely, and certain. Which type of risk analysis are we using?

A. Cumulative risk analysis
B. Quantitative risk analysis
C. Qualitative risk analysis
D. Quadratic risk analysis

A

C. Qualitative risk analysis

Explanation:
Qualitative Risk Analysis – How likely is it to happen and how bad is it if it happens? This is vague, guessing, a feeling and relatively quick to do. Most often done to know where to focus the Quantitative Risk Analysis.

86
Q

If we are using Mandatory Access Control (MAC) and we are looking at the BIBA’s * integrity axiom, what can’t we do?

A. Read down
B. Read up
C. Write up
D. Write downWhat could be a security concern we would need to address in a procurement situation?

A

C. Write up

Explanation:
BIBA: Integrity (Mandatory Access Control): * Integrity Axiom : “No Write UP”. Subjects with Secret clearance can’t write Secret information to Top Secret folders. We don’t want wrong or lacking lower level information to propagate to a higher level.

87
Q

What could be a security concern we would need to address in a procurement situation?

A. How we do ensure their security standards are high enough?
B. Who gets the IT infrastructure?
C. Security is part of the SLA
D. All of these

A

C. Security is part of the SLA

Explanation:
Procurement: When we buy products or services from a 3rd party, security part of the SLA.

88
Q

Which organization is responsible for delegating IP addresses to ISPs in the Caribbean and Latin America?

A. RIPE NNC
B. ARIN
C. APNIC
D. LACNIC

A

D. LACNIC

Explanation:
The world is divided into RIR (Regional Internet Registry) regions and organizations in those areas delegate the address space they have control over. LACNIC (Latin America and Caribbean Network Information Centre): Latin America and parts of the Caribbean region.

89
Q

Jane is doing quantitative risk analysis for our senior management team. They want to know what a data center flooding will cost us. The data center is valued at $10,000,000. We would lose 10% of our infrastructure and the flooding happens on average every 4 years. How much would the annualized loss expectancy be?

A. 100000
B. 2500000
C. 250000
D. 1000000

A

C. 250000

Explanation:
The data center is valued at $10,000,000, we would lose 10% per incident and it happens every 4 years. $10,000,000 * 0.1 (10%) * 0.25 (happens every 4 years, we need to know the chance per year) = $250,000.

90
Q

When Jane is designing the specifications in our Disaster Recovery Plan (DRP), she is including technology and countermeasures for unauthorized use of USB ports on servers. Which type of disasters is she focusing on? ​

A. All of these
B. Man made
C. Environmental
D. Natural

A

B. Man made

Explanation:
Human: Done intentionally or unintentionally by humans, these are by far the most common.

91
Q

We are using read-only memory for our low-level operating systems. Which of these is NOT a type of Read-Only memory (ROM)?

A. PROM
B. EEPROM
C. DPROM
D. EPROM

A

C. DPROM

Explanation:
ROM (Read Only memory) is nonvolatile (retains memory after power loss); most common use is the BIOS. PROM (Programmable Read Only memory) – Can only be written once, normally at the factory. EPROM (Erasable Programmable Read Only memory) – Can be erased (flashed) and written many times, by shining an ultraviolet light (flash) on a small window on the chip (normally covered by foil). EEPROM (Electrically Erasable Programmable Read Only memory) – These are Electrically Erasable, you can use a flashing program. This is still called Read Only. The ability to write to the BIOS makes it vulnerable to attackers.

92
Q

One of our engineers has found a virus on one of our systems that keeps changing signature. What type of virus is it?

A. Macro virus
B. Stealth virus
C. Polymorphic
D. Multipart

A

C. Polymorphic

Explanation:
Polymorphic Viruses: Change their signature to avoid the antivirus signature definitions. Well-written polymorphic viruses have no parts which remain identical between infections, making it very difficult to detect directly using antivirus signatures.

93
Q

Implementing our access control model, you are asked, “In which type of access management would you use access lists?” What do you answer?

A. Radius Access Control (RAC)
B. Discretionary Access Control (DAC)
C. Role-Based Access Control
D. Mandatory Access Control (MAC)

A

B. Discretionary Access Control (DAC)

Explanation:
DAC (Discretionary Access Control): Often used when Availability is most important. Uses DACLs (Discretionary access lists), based on user identity. Access to an object is assigned at the discretion of the object owner. The owner can add, remove rights, commonly used by most OS’.

94
Q

What is the FIRST stage of the information lifecycle?

A. Use
B. Analytics
C. Disposal
D. Acquisition

A

D. Acquisition

Explanation:
We start by acquiring the information.

95
Q

If we plan to use what we find in our digital forensics in a court of law, what should the evidence NOT be?

A. Compromised
B. Admissible
C. Authentic
D. Accurate

A

A. Compromised

Explanation:
The evidence we collect must be accurate, complete, authentic, convincing, admissible.

96
Q

In our software code testing, one of the coders is mentioning the test coverage analysis. What is she talking about?

A. All interfaces exposed by the application
B. Each pair of input parameters to a system
C. The amount of errors in the code
D. How much of the code was tested in relation to the entire application

A

D. How much of the code was tested in relation to the entire application

Explanation:
Test Coverage Analysis: Identifies the how much of the code was tested in relation to the entire application.

97
Q

John is not allowed to access the organization’s network from anywhere but his home and at his desk at work. He just went on vacation and tried to log in. His access request was denied. This is a type of what?

A. Both context and content
B. Context-based access control
C. Role based access control
D. Content-based access control

A

B. Context-based access control

Explanation:
Context-based access control: Access to an object is controlled based on certain contextual parameters, such as location, time, sequence of responses, and access history. Providing the username and password combination, followed by a challenge and response mechanism such as CAPTCHA, filtering the access based on MAC addresses on wireless, or a firewall filtering the data based on packet analysis, are all examples of context-dependent access control mechanisms.

98
Q

We are discussing our risk responses and we are considering not issuing our employees laptops. What type of risk response would that be?

A. Risk avoidance
B. Risk transference
C. Risk mitigation
D. Risk rejection

A

A. Risk avoidance

Explanation:
Risk Avoidance – We don’t issue employees laptops (if possible) or we build the Data Center in an area that doesn’t flood. (Most often done before launching new projects – this could be the Data Center build).

99
Q

We have just migrated from distance vector routing protocols to link-state routing protocols. Which path would our traffic take from router A to router B?

A. The 10Mbps path
B. The 1 Gbps
C. The 1Mbps path

A

B. The 1 Gbps

Explanation:
Link-state routing protocols: Each node independently runs an algorithm over the map to determine the shortest path from itself to every other node in the network.

100
Q

We have implemented static Network address translation (NAT). How many public IP addresses do we need if we are using 5 private IP addresses and they all need internet access at the same time?

A. 10
B. 1
C. 6
D. 5

A

D. 5

Explanation:
Static NAT Translates 1-1, we need 1 Public IP per Private IP we use, not practical and not sustainable.

101
Q

We have implemented different types of anti-virus throughout our organization. Which type of anti-virus can produce a lot of false positives?

A. Signature
B. Heuristic
C. Formal
D. Embedded

A

B. Heuristic

Explanation:
Antivirus Software - tries to protect us against malware. Heuristic (Behavioral) based - looks for abnormal behavior - can result in a lot of false positives.

102
Q

In database normalization, in which form would we move data that is partially dependent on the primary key to another table?

A. 4th normal form
B. 2nd normal form
C. 1st normal form
D. 3rd normal form

A

B. 2nd normal form

Explanation:
Database normalization: Used to clean up the data in a database table to make it logically concise, organized, and consistent. Removes redundant data, and improves the integrity and availability of the database. Normalization has three forms (rules): First Normal Form: Divides the base data into tables, primary key is assigned to most or all tables. Second Normal Form: Move data that is partially dependent on the primary key to another table. Third normal Form: Remove data that is not dependent on the primary key.

103
Q

Which software project management methodology is based on 4 phases we go through over and over?

A. Agile
B. Waterfall
C. Spiral
D. Sashimi

A

C. Spiral

Explanation:
The spiral model: A risk-driven process model generator for software projects. The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A software project repeatedly passes through these phases in iterations (called Spirals in this model). The baseline spiral, starting in the planning phase, requirements are gathered and risk is assessed. Each subsequent spirals builds on the baseline spiral.

104
Q

What do we often uncover in our vulnerability scans?

A. Open ports that should not be
B. None of these
C. Attacks
D. Unauthorized users

A

A. Open ports that should not be

Explanation:
Vulnerability scanning/testing: A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching. It is very important to understand the output from a vulnerability scan, they can be 100’s of pages for some systems, and how do the vulnerabilities map to Threats and Risks (Risk = Threat x Vulnerability). When we understand the true Risk, we can then plan our mitigation.

105
Q

Why would we choose to go with an internal audit over a 3rd party audit?

A. Cost
B. To get the full picture of our organization
C. For compliance
D. To ensure it is professional and complete

A

A. Cost

Explanation:
Internal audits are much cheaper than external audits, but they are also not as complete, accredited or can be for compliance.

106
Q

Bob is working on updating our data destruction policy for senior management’s approval. Which of these would be some of the things he could include to ensure NO data remanence on spinning disk drives? (Select all that apply).

A. Overwriting the disk with all 0s
B. Degaussing the disk
C. Formatting the disk
D. Shredding the disk 
E. Crushing the disk
F. Deleting all the files on the disk
A

A. Overwriting the disk with all 0s
B. Degaussing the disk
D. Shredding the disk
E. Crushing the disk

Explanation:

Degaussing, shredding, overwriting and crushing could all be part of our spinning disk data destruction policy. We would often do more than one of them. If we format the drive or delete the files they would still be recoverable, that is NOT proper data destruction.

107
Q

After a disaster at our primary site, we are restoring functionality at our Disaster Recovery (DR) site. Which applications would we get up and running LAST?

A. The least resource intensive
B. Least critical
C. Most critical
D. The most resource intensive

A

B. Least critical

Explanation:
The BCP team has sub-teams responsible for rescue, recovery and salvage in the event of a disaster or disruption. Recovery team (failover): Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. We get the most critical systems up first.

108
Q

Which type of authentication will ask the user for something they have?

A. Type 1
B. Type 2
C. Type 4
D. Type 3

A

B. Type 2

Explanation:
Something you have - Type 2 Authentication: ID, passport, smart card, token, cookie on PC, these are called Possession factors. The subject uses these to authenticate their identity, if they have the item, they must be who they say they are.

109
Q

We have moved some of our non-critical functions to cloud hosting. We have chosen to go with an IaaS - (Infrastructure as a Service) implementation. Where would our responsibility start?

A. Between security and application
B. After the application
C. Between storage and servers
D. Between virtualization and OS

A

D. Between virtualization and OS

Explanation:
IaaS - (Infrastructure as a Service) The vendor provides infrastructure up to the OS, the customer adds the OS and up.

110
Q

If we look at our Business Continuity Plan (BCP), which team is defined as responsible for the dealing with getting our Disaster Recovery (DR) site up and running?

A. All of these
B. Rescue
C. Recovery
D. Salvage

A

C. Recovery

Explanation:
Recovery team (failover):Responsible for getting the alternate site up and running as fast as possible or for getting the systems rebuilt. We get the most critical systems up first.
111
Q

On our systems, what is the South bridge connected to?

A. Wireless
B. All of these
C. CPU
D. Mouse/Keyboard

A

D. Mouse/Keyboard

Explanation:
The south bridge is connected to the hard disks and other drives, USB ports and other peripherals (and the north bridge).

112
Q

An attacker is using low bandwidth coordinated attacks to avoid our Intrusion Prevention Systems (IPS). What is the attacker doing?

A, Sending traffic on a well-known TCP port, where we would not expect the malicious traffic
B. Have many different agents use different IPs and ports
C. Change the attack signature
D. Breaking the data into segments

A

B. Have many different agents use different IPs and ports

Explanation:
Low-bandwidth coordinated attacks: A number of attackers (or agents) allocate different ports or hosts to different attackers making it difficult for the IDS to correlate the captured packets and deduce that a network scan is in progress.

113
Q

In quantitative risk analysis, what does the ALE tell us?

A. How often that asset type is compromised per year
B. How much of the asset is lost per incident
C. The value of the asset
D. What it will cost us per year if we do nothing

A

D. What it will cost us per year if we do nothing

Explanation:
Annualized Loss Expectancy (ALE) – This is what it cost per year if we do nothing.

114
Q

In building a new system, we need to ensure we protect the Protected Health Information (PHI) in accordance with the Health Insurance Portability and Accountability Act (HIPAA) standard. Which of these is protected under the HIPAA standard?

A. IP addresses
B. Full dates
C. All of these
D. URLs

A

C. All of these

Explanation:
Under the US Health Insurance Portability and Accountability Act (HIPAA), Protected Health Information (PHI) that is linked based on the following list of 18 identifiers must be treated with special care: 1 Names. 2 All geographical identifiers smaller than a state. 3 Dates (other than year). 4 Phone numbers. 5 Fax numbers. 6 Email addresses. 7 Social Security numbers. 8 Medical record numbers. 9 Health insurance beneficiary numbers. 10 Account numbers. 11 Certificate/license numbers. 12 Vehicle identifiers and serial numbers, including license plate numbers. 13 Device identifiers and serial numbers. 14 Web Uniform Resource Locators (URLs). 15 Internet Protocol (IP) address numbers. 16 Biometric identifiers, including finger, retinal and voice prints. 17 Full face photographic images and any comparable images. 18 Any other unique identifying number, characteristic, or code except the unique code assigned by the investigator to code the data.

115
Q

As part of our disaster recovery response, we are paying a provider to keep a copy of our servers and data. The servers are to remain down always, with the exception of patches and database syncs, and are only to be spun up if we have a disaster. What would this be called?

A. Reciprocal
B. Mobile site
C. Subscription site
D. Redundant

A

C. Subscription site

Explanation:
Subscription/cloud site: We pay someone else to have a minimal or full replica of our production environment up and running within a certain number of hours (SLA). They have fully built systems with our applications and receive backups of our data, if we are completely down we contact them and they spin the systems up and apply the latest backups. How fast and how much is determined by our plans and how much we want to pay for this type of insurance.

116
Q

Which of these protocols is the MOST commonly used for remote management of routers and switches?

A. RADIUS
B. Kerberos
C. DIAMETER
D. LDAP

A

A. RADIUS

Explanation:
RADIUS (Remote Authentication Dial-In User Service): A networking protocol that provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service. Widely used by ISPs (Internet service providers) and large organizations to manage access to IP networks, APs, VPNs, Servers, 802.1x, etc. Uses a client/server protocol that runs in the application layer, and can use either TCP or UDP as transport. Network access servers, the gateways that control access to a network, usually contain a RADIUS client component that communicates with the RADIUS server. Use UDP ports 1812 for authentication and 1813 for accounting, can use TCP as the transport layer with TLS for security.

117
Q

Which type of hacker is NOT very skilled but can be dangerous because of their lack of knowledge and understanding of what they are doing?

A. Black hat
B. White hat
C. Gray hat
D. Script kiddie

A

D. Script kiddie

Explanation:
Script Kiddies: They have little or no coding knowledge, but many sophisticated hacking tools are available and easy to use. They pose a very real threat. They are just as dangerous as skilled hackers; they often have no clue what they are doing.

118
Q

The TACACS+ protocol as default uses which TCP port?

A. 80
B. 23
C. 49
D. 443

A

C. 49

Explanation:
TACACS+: Provides better password protection by using two-factor strong authentication. Not backwards compatible with TACACS. Uses TCP port 49 for authentication with the TACACS+ server. Similar to RADIUS, but RADIUS only encrypts the password TACACS+, encrypts the entire data package.

119
Q

In which type of access management would we use labels for objects?

A. Role-Based Access Control (RBAC)
B. Discretionary Access Control (DAC)
C. Radius Access Control (RAC)
D. Mandatory Access Control (MAC)

A

D. Mandatory Access Control (MAC)

Explanation:
MAC (Mandatory Access Control): Often used when Confidentiality is most important. Access to an object is determined by labels and clearance, this is often used in the military or in organizations where confidentiality is very important. Labels: Objects have Labels assigned to them, the subjects clearance must dominate the objects label. The label is used to allow Subjects with the right clearance access them. Labels are often more granular than just “Top Secret”, they can be “Top Secret – Nuclear”.

120
Q

What are we dealing with when we talk about data retention?

A. The data content
B. The data in use
C. How long we keep the data
D. Data remanence

A

C. How long we keep the data

Explanation:
Our data retention periods tells us how long we need to keep certain data for.

121
Q

In our access management, we would NEVER want to use group user accounts. Why is that?

A. No accountability
B. No availability
C. No authentication
D. No authorization

A

A. No accountability

Explanation:
Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity: Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability.

122
Q

For which type of data would we want to use end-to-end encryption?

A. All of these
B. Data at rest
C. Data in motion
D. Data in use

A

C. Data in motion

Explanation:
Data in Motion (Data being transferred on a Network). We encrypt our network traffic, end to end encryption, this is both on internal and external networks.

123
Q

In our Disaster Recovery Plan (DRP) we have distinct phases. In which phase would we act on our Disaster Recovery procedures?

A. Recovery
B. Mitigation
C. Response
D. Preparation

A

C. Response

Explanation:
Response: How we react in a disaster, following the procedures.

124
Q

Our Intrusion Prevention Systems (IPS) has blocked permitted traffic. What is this an example of?

A. True negative
B. False positive
C. False negative
D. True positive

A

B. False positive

Explanation:
False Positive: Normal traffic and the system detects it and acts.

125
Q

As part of our defense in depth, we are looking at what we can do to specifically mitigate Distributed Denial Of Service (DDOS) attacks. Which of these would be MOST effective against Distributed Denial Of Service (DDOS) attacks?

A. NIDS
B. HIPS
C. HIDS
D. NIPS

A

D. NIPS

Explanation:
To block Distributed Denial Of Service (DDOS) attacks we would use network intrusion prevention systems.