CISSP-FD review questions Flashcards

1
Q
1 General-purpose control types include all the following except
A ❍ Detective
B ❍ Mandatory
C ❍ Preventive
D ❍ Compensating
A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
2 Violation reports and audit trails are examples of what type of control?
A ❍ Detective technical
B ❍ Preventive technical
C ❍ Detective administrative
D ❍ Preventive administrative
A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
3 “A user cannot deny an action” describes the concept of
A ❍ Authentication
B ❍ Accountability
C ❍ Non-repudiation
D ❍ Plausible deniability
A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
4 Authentication can be based on any combination of the following factors
except
A ❍ Something you know
B ❍ Something you have
C ❍ Something you need
D ❍ Something you are
A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
5 Unauthorized users that are incorrectly granted access in biometric systems
are described as the
A ❍ False Reject Rate (Type II error)
B ❍ False Accept Rate (Type II error)
C ❍ False Reject Rate (Type I error)
D ❍ False Accept Rate (Type I error)
A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
6 All the following devices and protocols can be used to implement one-time
passwords except
A ❍ Tokens
B ❍ S/Key
C ❍ Diameter
D ❍ Kerberos
A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
7 Which of the following PPP authentication protocols transmits passwords in
clear text?
A ❍ PAP
B ❍ CHAP
C ❍ MS-CHAP
D ❍ FTP
A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
8 Which of the following is not considered a method of attack against access
control systems?
A ❍ Brute force
B ❍ Dictionary
C ❍ Denial of Service
D ❍ Buffer overflow
A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
9 Sensitivity labels are a fundamental component in which type of access control
systems?
A ❍ Mandatory access control
B ❍ Discretionary access control
C ❍ Access control lists
D ❍ Role-based access control
A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
10 Which of the following access control models addresses availability issues?
A ❍ Bell-La Padula
B ❍ Biba
C ❍ Clark-Wilson
D ❍ None of the above
A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
1 A data network that operates across a relatively large geographic area defines
what type of network?
A ❍ LAN
B ❍ MAN
C ❍ CAN
D ❍ WAN
A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
2 The process of wrapping protocol information from one layer in the data section
of another layer describes
A ❍ Data encryption
B ❍ Data encapsulation
C ❍ Data hiding
D ❍ TCP wrappers
A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
3 The LLC and MAC are sub-layers of what OSI model layer?
A ❍ Data Link
B ❍ Network
C ❍ Transport
D ❍ Session
A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
4 The Ethernet protocol is defined at what layer of the OSI model and in which
IEEE standard?
A ❍ Data Link Layer, 802.3
B ❍ Network Layer, 802.3
C ❍ Data Link Layer, 802.5
D ❍ Network Layer, 802.5
A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
5 All the following are examples of packet-switched WAN protocols, except
A ❍ X.25
B ❍ Frame Relay
C ❍ ISDN
D ❍ SMDS
A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
6 Which of the following is an example of a Class C IP address?
A ❍ 17.5.5.1
B ❍ 127.0.0.1
C ❍ 192.167.4.1
D ❍ 224.0.0.1
A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

7 The TCP/IP Protocol Model consists of the following four layers:
A ❍ Application, Presentation, Session, Transport
B ❍ Application, Session, Network, Physical
C ❍ Application, Session, Transport, Internet
D ❍ Application, Transport, Internet, Link

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
8 Which of the following firewall architectures employs external and internal
routers, as well as a bastion host?
A ❍ Screening router
B ❍ Screened-subnet
C ❍ Screened-host gateway
D ❍ Dual-homed gateway
A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
9 Which of the following is not a common VPN protocol standard?
A ❍ IPSec
B ❍ PPTP
C ❍ TFTP
D ❍ L2TP
A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
10 A type of network attack in which TCP packets are sent from a spoofed source
address with the SYN bit set describes
A ❍ Smurf
B ❍ Fraggle
C ❍ Teardrop
D ❍ SYN flood
A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

1 The three elements of the C-I-A triad include
A ❍ Confidentiality, integrity, authentication
B ❍ Confidentiality, integrity, availability
C ❍ Confidentiality, integrity, authorization
D ❍ Confidentiality, integrity, accountability

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

2 Which of the following government data classification levels describes
information that, if compromised, could cause serious damage to national
security?
A ❍ Top Secret
B ❍ Secret
C ❍ Confidential
D ❍ Sensitive but Unclassified

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

3 The practice of regularly transferring personnel into different positions or
departments within an organization is known as
A ❍ Separation of duties
B ❍ Reassignment
C ❍ Lateral transfers
D ❍ Job rotations

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
4 The individual responsible for assigning information classification levels for
assigned information assets is
A ❍ Management
B ❍ Owner
C ❍ Custodian
D ❍ User
A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
``` 5 Most security policies are categorized as A ❍ Informative B ❍ Regulatory C ❍ Mandatory D ❍ Advisory ```
D
26
``` 6 A baseline is a type of A ❍ Policy B ❍ Guideline C ❍ Procedure D ❍ Standard ```
D
27
``` 7 ALE is calculated by using the following formula: A ❍ SLE × ARO × EF = ALE B ❍ SLE × ARO = ALE C ❍ SLE + ARO = ALE D ❍ SLE – ARO = ALE ```
B
28
``` 8 Which of the following is not considered a general remedy for risk management? A ❍ Risk reduction B ❍ Risk acceptance C ❍ Risk assignment D ❍ Risk avoidance ```
D
29
9 Failure to implement a safeguard may result in legal liability if A ❍ The cost to implement the safeguard is less than the cost of the associated loss. B ❍ The cost to implement the safeguard is more than the cost of the associated loss. C ❍ An alternate but equally effective and less expensive safeguard is implemented. D ❍ An alternate but equally effective and more expensive safeguard is implemented.
A
30
``` 10 A cost-benefit analysis is useful in safeguard selection for determining A ❍ Safeguard effectiveness B ❍ Technical feasibility C ❍ Cost-effectiveness D ❍ Operational impact ```
C
31
``` 1 Masquerading as another person in order to obtain information illicitly is known as A ❍ Hacking B ❍ Social engineering C ❍ Extortion D ❍ Exhumation ```
B
32
``` 2 Viruses, rootkits, and Trojan horses are known as A ❍ Maniacal code B ❍ Fractured code C ❍ Infectious code D ❍ Malicious code ```
D
33
``` 3 Antivirus software that detects viruses by watching for anomalous behavior uses what technique? A ❍ Signature matching B ❍ Fleuristics C ❍ Heroistics D ❍ Heuristics ```
D
34
4 A developer, suspecting that he may be fired soon, modifies an important program that will corrupt payroll files long after he is gone. The developer has created a(n) A ❍ Delayed virus B ❍ Logic bomb C ❍ Applet bomb D ❍ Trojan horse
B
35
``` 5 A SYN flood is an example of a A ❍ Dictionary attack B ❍ High Watermark attack C ❍ Buffer Overflow attack D ❍ Denial of Service attack ```
D
36
``` 6 The process of recording changes made to systems is known as A ❍ Change Review Board B ❍ System Maintenance C ❍ Change Management D ❍ Configuration Management ```
D
37
``` 7 A system that accumulates knowledge by observing events’ inputs and outcomes is known as a(n) A ❍ Expert system B ❍ Neural network C ❍ Synaptic network D ❍ Neural array ```
B
38
``` 8 The logic present in an object is known as A ❍ Encapsulation B ❍ Personality C ❍ Behavior D ❍ Method ```
D
39
``` 9 The restricted environment that Java applets occupy is known as a A ❍ Sandbox B ❍ Workbox C ❍ Trusted Zone D ❍ Instantiation ```
A
40
10 An attacker has placed a URL on a website that, if clicked, will cause malicious javascript to execute on victims’ browsers. This is known as a A ❍ Phishing attack B ❍ Script injection attack C ❍ Cross-site scripting attack D ❍ Cross-site request forgery attack
C
41
``` 1 The four modes of DES include all the following except A ❍ ECB B ❍ ECC C ❍ CFB D ❍ CBC ```
B
42
2 A type of cipher that replaces bits, characters, or character blocks with alternate bits, characters, or character blocks to produce ciphertext is known as a A ❍ Permutation cipher B ❍ Block cipher C ❍ Transposition cipher D ❍ Substitution cipher
D
43
``` 3 Which of the following is not an advantage of symmetric key systems? A ❍ Scalability B ❍ Speed C ❍ Strength D ❍ Availability ```
A
44
``` 4 The Advanced Encryption Standard (AES) is based on what symmetric key algorithm? A ❍ Twofish B ❍ Knapsack C ❍ Diffie-Hellman D ❍ Rijndael ```
D
45
5 A message that’s encrypted with only the sender’s private key, for the purpose of authentication, is known as a(n) A ❍ Secure message format B ❍ Signed and secure message format C ❍ Open message format D ❍ Message digest
C
46
``` 6 All the following are examples of asymmetric key systems based on discrete logarithms except A ❍ Diffie-Hellman B ❍ Elliptic Curve C ❍ RSA D ❍ El Gamal ```
C
47
``` 7 The four main components of a Public Key Infrastructure (PKI) include all the following except A ❍ Directory Service B ❍ Certification Authority C ❍ Repository D ❍ Archive ```
A
48
8 Which of the following Internet specifications provides secure e-commerce by using symmetric key systems, asymmetric key systems, and dual signatures? A ❍ Public Key Infrastructure (PKI) B ❍ Secure Electronic Transaction (SET) C ❍ Secure Sockets Layer (SSL) D ❍ Secure Hypertext Transfer Protocol (S-HTTP)
B
49
9 The minimum number of SAs required for a two-way IPSec session between two communicating hosts using both AH and ESP is A ❍ 1 B ❍ 2 C ❍ 4 D ❍ 8
C
50
``` 10 An IPSec SA consists of the following parameters, which uniquely identify it in an IPSec session, except A ❍ Source IP Address B ❍ Destination IP Address C ❍ Security Protocol ID D ❍ Security Parameter Index (SPI) ```
A
51
``` 1 The four CPU operating states include all the following except A ❍ Operating B ❍ Problem C ❍ Wait D ❍ Virtual ```
D
52
2 A computer system that alternates execution of multiple subprograms on a single processor describes what type of system? A ❍ Multiprogramming B ❍ Multitasking C ❍ Multiuser D ❍ Multiprocessing
B
53
``` 3 An address used as the origin for calculating other addresses describes A ❍ Base addressing B ❍ Indexed addressing C ❍ Indirect addressing D ❍ Direct addressing ```
A
54
``` 4 The four main functions of the operating system include all the following except A ❍ Process management B ❍ BIOS management C ❍ I/O device management D ❍ File management ```
B
55
5 The total combination of protection mechanisms within a computer system, including hardware, firmware, and software, which is responsible for enforcing a security policy defines A ❍ Reference monitor B ❍ Security kernel C ❍ Trusted Computing Base D ❍ Protection domain
C
56
``` 6 A system that continues to operate following failure of a network component describes which type of system? A ❍ Fault-tolerant B ❍ Fail-safe C ❍ Fail-soft D ❍ Failover ```
A
57
``` 7 Which of the following access control models addresses availability issues? A ❍ Bell-LaPadula B ❍ Biba C ❍ Clark-Wilson D ❍ None of the above ```
D
58
``` 8 The four basic control requirements identified in the Orange Book include all the following except A ❍ Role-based access control B ❍ Discretionary access control C ❍ Mandatory access control D ❍ Object reuse ```
A
59
9 The purpose of session management in a web application is A ❍ To prevent Denial of Service attacks B ❍ To collect session-based security metrics C ❍ To control the number of concurrent sessions D ❍ To protect sessions from unauthorized access
D
60
``` 10 Which of the following ITSEC classification levels is equivalent to TCSEC level B3? A ❍ E3 B ❍ E4 C ❍ E5 D ❍ E6 ```
C
61
1 The two types of intrusion detection are A ❍ Attack-based systems and response-based systems B ❍ Signature-based systems and anomaly-based systems C ❍ Knowledge-based systems and scripture-based systems D ❍ Passive monitoring systems and active monitoring systems
B
62
``` 2 Recording data traveling on a network is known as A ❍ Promiscuous mode B ❍ Packet sniffing C ❍ Packet snoring D ❍ Packing sneaking ```
B
63
``` 3 Which of the following is NOT an example of penetration testing? A ❍ Radiation monitoring B ❍ War driving C ❍ Port scanning D ❍ War diving ```
D
64
4 Trusted recovery is concerned with A ❍ The ability of a system to be rebuilt B ❍ The vulnerability of a system while it’s being rebuilt C ❍ The ability of a system to rebuild itself D ❍ The willingness of a system to rebuild itself
B
65
``` 5 The third-party inspection of a system is known as a(n) A ❍ Confidence check B ❍ Integrity trail C ❍ Audit trail D ❍ Audit ```
D
66
6 One of the primary concerns with long-term audit log retention is A ❍ Whether anyone will be around who can find them B ❍ Whether any violations of privacy laws have occurred C ❍ Whether anyone will be around who understands them D ❍ Whether any tape/disk drives will be available to read them
D
67
``` 7 The required operating state of a network interface on a system running a sniffer is A ❍ Open mode B ❍ Promiscuous mode C ❍ Licentious mode D ❍ Pretentious mode ```
B
68
``` 8 Filling a system’s hard drive so that it can no longer record audit records is known as a(n) A ❍ Audit lock-out B ❍ Audit exception C ❍ Denial of Facilities attack D ❍ Denial of Service attack ```
D
69
``` 9 An investigator who needs to have access to detailed employee event information may need to use A ❍ Keystroke monitoring B ❍ Intrusion detection C ❍ Keystroke analysis D ❍ Trend analysis ```
A
70
10 Which of the following is NOT true about a signature-based IDS? A ❍ It reports a low number of false-positives. B ❍ It requires periodic updating of its signature files. C ❍ It reports a high number of false-positives. D ❍ It can’t detect anomalies based on trends.
C
71
``` 1 The longest period of time that a business can survive without a critical function is called A ❍ Downtime Tolerability Period B ❍ Greatest Tolerable Downtime C ❍ Maximum Survivable Downtime D ❍ Maximum Tolerable Downtime ```
D
72
``` 2 Which of the following is not a natural disaster? A ❍ Avalanche B ❍ Stock market crash C ❍ Fire D ❍ Water supply storage drought ```
B
73
``` 3 The impact of a disaster on business operations is contained in A ❍ Local newspapers and online media B ❍ The Business Impact Assessment C ❍ The Operations Impact Assessment D ❍ The Vulnerability Assessment ```
B
74
``` 4 The decision whether to purchase an emergency generator is based on A ❍ Wholesale electric rates B ❍ Retail electric rates C ❍ The duration of a typical outage D ❍ The income rate of affected systems ```
C
75
5 The purpose of a UPS is A ❍ To provide instantaneous power cutover when utility power fails B ❍ A lower cost for overnight shipping following a disaster C ❍ The need to steer an unresponsive vehicle after it’s moving again D ❍ To restore electric power within 24 hours
A
76
6 The Business Impact Assessment A ❍ Describes the impact of disaster recovery planning on the budget B ❍ Describes the impact of a disaster on business operations C ❍ Is a prerequisite to the Vulnerability Assessment D ❍ Is the first official statement produced after a disaster
B
77
7 To maximize the safety of backup media, it should be stored A ❍ At a specialized off-site media storage facility B ❍ At the residences of various senior managers C ❍ In the operations center in a locked cabinet D ❍ Between 50°F and 60°F
A
78
8 An alternate information-processing facility with all systems, patches, and data mirrored from live production systems is known as a A ❍ Warm site B ❍ Hot site C ❍ Recovery site D ❍ Mutual Aid Center
B
79
``` 9 The greatest advantage of a cold site is A ❍ It can be built nearly anywhere B ❍ Its high responsiveness C ❍ Its low cost D ❍ Its close proximity to airports ```
C
80
``` 10 The most extensive test for a Disaster Recovery Plan A ❍ Has dual failover B ❍ Is a waste of paper C ❍ Is known as a parallel test D ❍ Is known as an interruption test ```
D
81
``` 1 Penalties for conviction in a civil case can include A ❍ Imprisonment B ❍ Probation C ❍ Fines D ❍ Community service ```
C
82
``` 2 Possible damages in a civil case are classified as all the following except A ❍ Compensatory B ❍ Punitive C ❍ Statutory D ❍ Financial ```
D
83
``` 3 Computer attacks motivated by curiosity or excitement describe A ❍ “Fun” attacks B ❍ Grudge attacks C ❍ Business attacks D ❍ Financial attacks ```
A
84
``` 4 Intellectual property includes all the following except A ❍ Patents and trademarks B ❍ Trade secrets C ❍ Copyrights D ❍ Computers ```
D
85
5 Under the Computer Fraud and Abuse Act of 1986 (as amended), which of the following is not considered a crime? A ❍ Unauthorized access B ❍ Altering, damaging, or destroying information C ❍ Trafficking child pornography D ❍ Trafficking computer passwords
C
86
``` 6 Which of the following is not considered one of the four major categories of evidence? A ❍ Circumstantial evidence B ❍ Direct evidence C ❍ Demonstrative evidence D ❍ Real evidence ```
A
87
``` 7 In order to be admissible in a court of law, evidence must be A ❍ Conclusive B ❍ Relevant C ❍ Incontrovertible D ❍ Immaterial ```
B
88
8 What term describes the evidence-gathering technique of luring an individual toward certain evidence after that individual has already committed a crime; is this considered legal or illegal? A ❍ Enticement/Legal B ❍ Coercion/Illegal C ❍ Entrapment/Illegal D ❍ Enticement/Illegal
A
89
9 In a civil case, the court may issue an order allowing a law enforcement official to seize specific evidence. This order is known as a(n) A ❍ Subpoena B ❍ Exigent circumstances doctrine C ❍ Writ of Possession D ❍ Search warrant
C
90
10 When should management be notified of a computer crime? A ❍ After the investigation has been completed B ❍ After the preliminary investigation C ❍ Prior to detection D ❍ As soon as it has been detected
D
91
``` 1 The three elements of the fire triangle necessary for a fire to burn include all the following except A ❍ Fuel B ❍ Oxygen C ❍ Heat D ❍ Nitrogen ```
D
92
``` 2 Electrical fires are classified as what type of fire and use what extinguishing methods? A ❍ Class B; CO2 or soda acid B ❍ Class B; CO2 or FM-200 C ❍ Class C; CO2 or FM-200 D ❍ Class A; water or soda acid ```
C
93
``` 3 A prolonged drop in voltage describes what electrical anomaly? A ❍ Brownout B ❍ Blackout C ❍ Sag D ❍ Fault ```
A
94
``` 4 What type of cabling should be used below raised floors and above drop ceilings? A ❍ CAT-5 B ❍ Plenum C ❍ PVC D ❍ Water-resistant ```
B
95
``` 5 In order to deter casual trespassers, fencing should be a minimum height of A ❍ 1 to 3 feet B ❍ 3 to 4 feet C ❍ 6 to 7 feet D ❍ 8 feet or higher ```
B
96
6 Three types of intrusion detection systems (IDSs) used for physical security include photoelectric sensors, dry contact switches, and which of the following? A ❍ Motion detectors B ❍ Anomaly-based C ❍ Host-based D ❍ Network-based
A
97
7 A water sprinkler system in which no water is initially present in the pipes and which, at activation, delivers a large volume of water describes what type of system? A ❍ Wet-pipe B ❍ Dry-pipe C ❍ Deluge D ❍ Preaction
C
98
``` 8 Portable CO2 fire extinguishers are classified as what type of extinguishing system? A ❍ Gas-discharge systems B ❍ Water sprinkler systems C ❍ Deluge systems D ❍ Preaction systems ```
A
99
9 Which of the following extinguishing agents fights fires by separating the elements of the fire triangle, rather than by simply removing one element? A ❍ Water B ❍ Soda acid C ❍ CO2 D ❍ FM-200
D
100
10 Production of Halon has been banned for what reason? A ❍ It is toxic at temperatures above 900°F. B ❍ It is an ozone-depleting substance. C ❍ It is ineffective. D ❍ It is harmful if inhaled.
B
101
1 The number-one priority of disaster planning should always be: A Preservation of capital B Personnel evacuation and safety C Resumption of core business functions D Investor relations
1 B. See Chapter 11. People and their safety always come first!
102
2 An access control system that grants access to information based on that information’s classification and the clearance of the individual is known as: A Identity-based access control B Mandatory access control C Role-based access control D Clearance-based access control
2 B. See Chapter 4. Mandatory access control is based on the user’s clearance level, the classification of the information, and the user’s need-to-know.
103
``` 3 A database that contains the data structures used by an application is known as: A A data encyclopedia B A data dictionary C Metadata D A schema ```
3 B. See Chapter 7. A data dictionary contains information about an application’s data structures, including table names, field names, indexes, and so on.
104
``` 4 The process of breaking the key and/or plaintext from an enciphered message is known as: A Decryption B Steganography C Cryptanalysis D Extraction ```
4 C. See Chapter 8. Cryptanalysis is the process of getting the key and/or the original message the hard way.
105
``` 5 The Internet Worm incident of 1988 was perpetrated by: A The 414 Gang B Robert Morris C Kevin Mitnick D Gene Spafford ```
5 B. See Chapter 7. Robert Tappan Morris wrote and released what’s now known as the Internet Worm in 1988. Researcher Gene Spafford wrote several papers on the topic.
106
``` 6 Access controls and card key systems are examples of: A Detective controls B Preventive controls C Corrective controls D Trust controls ```
6 B. See Chapter 10. Preventive controls are designed to prevent a security incident.
107
7 Why should a datacenter’s walls go all the way to the ceiling and not just stop as high as the suspended ceiling? A The walls will be stronger. B The HVAC will run more efficiently. C An intruder could enter the datacenter by climbing over the low wall. D The high wall will block more noise.
7 C. See Chapter 13. The primary concern here is to keep intruders out, which is why computer room walls should extend from the true floor to the true ceiling.
108
``` 8 Memory that’s used to store computer instructions and data is known as: A UART B SIMM C Cache D ROM ```
8 C. See Chapter 9. Cache memory holds instructions and data that are likely to be frequently accessed. Cache memory is faster than RAM, so it can contribute to faster performance.
109
9 Of what value is separation of authority in an organization? A It limits the capabilities of any single individual. B It provides multiple paths for fulfilling critical tasks. C It accommodates the requirement for parallel audit trails. D It ensures that only one person is authorized to perform each task.
9 A. See Chapter 6. Separation of authority makes it difficult for an individual to steal an organization’s assets because it requires others to cooperate with the would-be criminal.
110
10 UDP is sometimes called the “unreliable data protocol” because: A It works only on low-speed wireless LANs. B UDP packets rarely get through because they have a lower priority. C Few know how to program UDP. D UDP does not guarantee delivery.
10 D. See Chapter 5. UDP has no guarantee of delivery, nor sequencing or acknowledgement.
111
11 Which of the following is NOT a goal of a Business Impact Assessment (BIA)? A To inventory mutual aid agreements B To identify and prioritize business critical functions C To determine how much downtime the business can tolerate D To identify resources required by critical processes
11 A. See Chapter 11. Mutual aid agreements aren’t a significant concern of a Business Impact Assessment (BIA). They’re instead a part of contingency planning.
112
``` 12 An access control system that grants access to information based on the identity of the user is known as: A Identity-based access control B Mandatory access control C Role-based access control D Clearance-based access control ```
12 A. See Chapter 4. Identity-based access control is used to grant access to information based on the identity of the person requesting access.
113
13 The purpose of a Service-Level Agreement is: A To guarantee a minimum quality of service for an application or function B To guarantee the maximum quality of service for an application or function C To identify gaps in availability of an application D To correct issues identified in a security audit
13 A. See Chapter 7. A Service-Level Agreement (SLA) defines minimum performance metrics of an application or service.
114
``` 14 The method of encryption in which both sender and recipient possess a common encryption key is known as: A Message digest B Hash function C Public key cryptography D Secret key cryptography ```
14 D. See Chapter 8. Secret key cryptography is used when all parties possess a common key.
115
15 Forensics is the term that describes: A Due process B Tracking hackers who operate in other countries C Taking steps to preserve and record evidence D Scrubbing a system in order to return it to service
15 C. See Chapter 12. Forensics is the activity of discovering, preserving, and recording evidence.
116
``` 16 Audit trails and security cameras are examples of: A Detective controls B Preventive controls C Corrective controls D Trust controls ```
16 A. See Chapter 10. Detective controls are designed to record security events.
117
17 How does water aid in fire suppression? A It reduces the fire’s oxygen supply. B It isolates the fire’s fuel supply. C It lowers the temperature to a degree at which the fire can’t sustain itself. D It extinguishes the fire through a chemical reaction.
17 C. See Chapter 13. Water cools the fuel to the point where the fire can’t continue. Also, to some extent, water is a physical barrier between the fuel and oxygen.
118
``` 18 Firmware is generally stored on: A ROM or EPROM B Tape C RAM D Any removable media ```
18 A. See Chapter 9. Firmware is software that’s seldom changed. Firmware is generally used to control low-level functions in computer hardware and embedded systems.
119
19 The term open view refers to what activity? A Reclassifying a document so that anyone can view it B Viewing the contents of one’s private encryption key C Leaving classified information where unauthorized people can see it D Using a decryption key to view the contents of a message
19 C. See Chapter 6. Open view is the act of leaving a classified document out in the open so that it can be viewed by anyone.
120
20 TCP is a poor choice for streaming video because: A It is too bursty for large networks. B Acknowledgment and sequencing add significantly to its overhead. C Checksums in video packets are meaningless. D TCP address space is nearly exhausted.
20 B. See Chapter 5. TCP adds unnecessary overhead. Streaming video can afford to lose a packet now and then.
121
``` 21 The longest period of time that an organization can accept a critical outage is known as: A Maximum Acceptable Downtime B Greatest Tolerated Downtime C Maximum Tolerable Downtime D Recovery Time Objective ```
21 C. See Chapter 11. Maximum Tolerable Downtime (MTD) is the length of time that an organization can tolerate critical processes being inoperative.
122
``` 22 An access control system that gives the user some control over who has access to information is known as: A Identity-based access control B User-directed access control C Role-based access control D Clearance-based access control ```
22 B. See Chapter 4. User-directed access control, a form of discretionary access control, permits the user to grant access to information based on certain limitations.
123
``` 23 CRCs, parity checks, and checksums are examples of: A Corrective application controls B Message digests C Preventive application controls D Detective application controls ```
23 D. See Chapter 4. Cyclical Redundancy Checks (CRCs), parity checks, and checksums are examples of detective application controls because they’re designed to help discover security breaches (as well as network malfunctions and other undesired events) in a network.
124
24 Why would a user’s public encryption key be widely distributed? A So that cryptographers can attempt to break it B Because it’s encrypted C Because the user’s private key can’t be derived from his or her public key D So that the user can decrypt messages from any location
24 C. See Chapter 8. In public key cryptography, the value of the public key doesn’t in any way betray the value of the secret key.
125
25 An expert witness: A Offers an opinion based on the facts of a case and on personal expertise B Is someone who was present at the scene of the crime C Has direct personal knowledge about the event in question D Can testify in criminal proceedings only
25 A. See Chapter 12. An expert witness offers his or her opinion based on the facts of the case and on personal expertise.
126
``` 26 Reboot instructions and file restore procedures are examples of: A Detective controls B Preventive controls C Corrective controls D Trust controls ```
26 C. See Chapter 10. Corrective controls are used to resume business operations after a security incident.
127
``` 27 Drain pipes that channel liquids away from a building are called: A Positive drains B Tight lines C Storm drains D Negative drains ```
27 A. See Chapter 13. Positive drains are those that carry liquids away from a building.
128
28 What’s the purpose of memory protection? A It protects memory from malicious code. B It prevents a program from being able to access memory used by another program. C Memory protection is another term used to describe virtual memory backing store. D It assures that hardware refresh happens frequently enough to maintain memory integrity.
28 B. See Chapter 9. Memory protection is a machine-level security feature that prevents one program from being able to read or alter memory assigned to another program.
129
``` 29 Which individual is responsible for classifying information? A Owner B Custodian C Creator D User ```
29 A. See Chapter 6. The information owner is ultimately responsible for the information asset and for its initial classification.
130
``` 30 How many layers does the TCP/IP protocol model have? A 4 B 5 C 6 D 7 ```
30 A. See Chapter 5. There are four layers in the TCP/IP model: Network Access, Internet, Transport, and Application.
131
31 The primary difference between a hot site and a warm site is: A The hot site is closer to the organization’s datacenters than the warm site. B The warm site’s systems don’t have the organization’s software or data installed. C The warm site doesn’t have computer systems in it. D The warm site is powered down, but the hot site is powered up and ready to go.
31 B. See Chapter 11. Warm sites are mostly like hot sites, except that the organization’s software and data aren’t on the warm site’s systems.
132
``` 32 Encryption, tokens, access control lists, and smart cards are known as: A Discretionary access controls B Physical controls C Technical controls D Administrative controls ```
32 C. See Chapter 4. Encryption, tokens, access control lists, and smart cards are examples of technical, or logical, controls.
133
33 Data mining: A Can be performed by privileged users only B Is generally performed after hours because it’s resource-intensive C Refers to searches for correlations in a data warehouse D Is the term used to describe the activities of a hacker who has broken into a database
33 C. See Chapter 7. Data mining is the term used to describe searches for correlations, patterns, and trends in a data warehouse.
134
``` 34 Reading down the columns of a message that has been written across is known as: A A columnar transposition cipher B Calculating the hash C Calculating the checksum D Calculating the modulo ```
34 A. See Chapter 8. In this cipher, the cryptographer writes across but reads down.
135
35 A witness: A Offers an opinion based on the facts of a case and on personal expertise B Is someone who was present at the scene of the crime C Has direct personal knowledge about the event in question D Can testify in criminal proceedings only
35 C. See Chapter 12. A witness testifies the facts as he or she understands them.
136
``` 36 Covert channel analysis is used to: A Detect and understand unauthorized communication B Encipher unauthorized communications C Decipher unauthorized communications D Recover unauthorized communications ```
36 A. See Chapter 10. Covert channel analysis is used to detect, understand, and help security personnel to prevent the creation and operation of covert channels.
137
37 Of what value is pre-employment screening? A Undesirable medical or genetic conditions could diminish productivity. B Only certain personality types can work effectively in some organizations. C Employees need to have knowledge of security. D Background checks could uncover undesirable qualities.
37 D. See Chapter 6. It’s infinitely better to find undesirable qualities, such as a criminal history, prior to making an employment decision.
138
``` 38 The mapping of existing physical memory into a larger, imaginary memory space is known as: A Virtual memory B Swapping C Thrashing D Spooling ```
38 A. See Chapter 9. The virtual memory model is used to create a memory space that’s larger than the available physical memory.
139
``` 39 Which individual is responsible for protecting information? A Owner B Custodian C Creator D User ```
39 B. See Chapter 6. The custodian protects the information on behalf of its owner.
140
``` 40 ARP is: A Access Routing Protocol B Address Resolution Protocol C Access Resolution Protocol D Address Recovery Protocol ```
40 B. See Chapter 5. ARP is the Address Resolution Protocol.
141
41 Which of the following is NOT a concern for a hot site? A Programs and data at the hot site must be protected. B A widespread disaster will strain the hot site’s resources. C A hot site is expensive because of the controls and patches required. D Computer equipment must be shipped quickly to the hot site for it to be effective.
41 D. See Chapter 11. The hot site already has computer equipment.
142
``` 42 Supervision, audits, procedures, and assessments are known as: A Discretionary access controls B Safeguards C Physical controls D Administrative controls ```
42 D. See Chapter 4. Administrative access controls consist of all the policies and procedures that are used to mitigate risk.
143
``` 43 Object-oriented, relational, and network are examples of: A Types of database tables B Types of database records C Types of database queries D Types of databases ```
43 D. See Chapter 7. Object-oriented, relational, and network are types of databases.
144
``` 44 An asymmetric cryptosystem is also known as a: A Message digest B Hash function C Public key cryptosystem D Secret key cryptosystem ```
44 C. See Chapter 8. Asymmetric cryptosystems are also known as public key cryptosystems.
145
45 Entrapment is defined as: A Leading someone to commit a crime that they wouldn’t otherwise have committed B Monitoring with the intent of recording a crime C Paying someone to commit a crime D Being caught with criminal evidence in one’s possession
45 A. See Chapter 12. Entrapment refers to the activities that lure an individual into committing a crime that he or she wouldn’t have otherwise committed.
146
46 Least privilege means: A Analysis that determines which privileges are required to complete a task. B People who have high privileges delegate some of those privileges to others. C The people who have the fewest access rights do all the work. D Users should have the minimum privileges required to perform required tasks.
46 D. See Chapter 10. Least privilege is the principle that states users should have access only to the data and functions required for their stated duties.
147
``` 47 Which of the following is NOT a part of a building’s automated access audit log? A Time of the attempted entry B The reason for the attempted entry C Location of attempted entry D Entry success or failure ```
47 B. See Chapter 13. Building access systems don’t know why people are coming and going.
148
``` 48 Systems that have published specifications and standards are known as: A Open source B Copyleft C Freeware D Open systems ```
48 D. See Chapter 9. Open systems are those in which specifications are published and freely available, permitting any vendor to develop components that can be used with it.
149
``` 49 Which of the following is NOT a criterion for classifying information? A Marking B Useful life C Value D Age ```
49 A. See Chapter 6. Useful life, value, and age are some of the criteria used to classify information.
150
50 What is the purpose of ARP? A When given an IP address, ARP returns a MAC address. B When given a MAC address, ARP returns an IP address. C It calculates the shortest path between two nodes on a network. D It acquires the next IP address on a circular route.
50 A. See Chapter 5. ARP is used to translate an IP address into a MAC address.
151
51 The Disaster Recovery Plan (DRP) needs to be continuously maintained because: A The organization’s software versions are constantly changing. B The organization’s business processes are constantly changing. C The available software patches are constantly changing. D The organization’s data is constantly changing.
51 B. See Chapter 11. The Disaster Recovery Plan (DRP) must contain an up-todate record of all critical business processes.
152
``` 52 Security guards, locked doors, and surveillance cameras are known as: A Site-access controls B Safeguards C Physical access controls D Administrative controls ```
52 C. See Chapter 4. Physical access controls include security guards, locked doors, and surveillance cameras, as well as other controls such as backups, protection of cabling, and card-key access.
153
53 Neural networking gets its name from: A The make and model of equipment in a network B Patterns thought to exist in the brain C Its inventor, Sigor Neura D Observed patterns in neural telepathy
53 B. See Chapter 7. Neural networks are systems that can detect patterns after a period of training.
154
``` 54 The process of hiding a message inside a larger dataset is known as: A Decryption B Steganography C Cryptanalysis D Extraction ```
54 B. See Chapter 8. Steganography is the science of inserting messages into larger datasets so that the existence of the message is unknown.
155
55 Enticement is defined as: A Being caught with criminal evidence in one’s possession B Leading someone to commit a crime that they wouldn’t otherwise have committed C Monitoring with the intent of recording a crime D Keeping the criminal at the scene of the crime long enough to gather evidence
55 D. See Chapter 12. Enticement is used to keep a criminal at the scene of the crime. In the context of electronic crime, a honeypot is a great way to keep an intruder sniffing around while his or her origin is traced.
156
56 The practice of separation of duties: A Is used to provide variety by rotating personnel among various tasks B Helps to prevent any single individual from compromising an information system C Is used to ensure that the most experienced persons get the best tasks D Is used in large 24x7 operations shops
56 B. See Chapter 10. Separation of duties is used to ensure that no single individual has too much privilege, which could lead to a security incident or fraud.
157
57 Tailgating is a term describing what activity? A Logging in to a server from two or more locations B Causing a PBX to permit unauthorized long distance calls C Following an employee through an uncontrolled access D Following an employee through a controlled access
57 D. See Chapter 13. Tailgating is a common method used by someone who wants to enter a controlled area but has no authorization to do so.
158
58 Which of the following is NOT a security issue with distributed architectures? A Lack of security awareness by some personnel. B Difficulty in controlling the distribution and use of software. C Protection of centrally stored information. D Backups might not be performed on some systems, risking loss of data.
58 C. See Chapter 9. In a distributed architecture, information isn’t centrally stored, but rather stored in a multitude of locations. The other answers are security issues in distributed architectures.
159
59 What’s the purpose of a senior management statement of security policy? A It defines who’s responsible for carrying out a security policy. B It states that senior management need not follow a security policy. C It emphasizes the importance of security throughout an organization. D It states that senior management must also follow a security policy.
59 C. See Chapter 6. A senior management statement of security policy underscores the importance of and support for security.
160
60 What is the purpose of RARP? A When given an IP address, RARP returns a MAC address. B When given a MAC address, RARP returns an IP address. C It traces the source address of a spoofed packet. D It determines the least cost route through a multipath network.
60 B. See Chapter 5. RARP is used to translate a MAC address into an IP address.
161
61 How is the organization’s DRP best kept up-to-date? A With regular audits to ensure that changes in business processes are known B By maintaining lists of current software versions, patches, and configurations C By maintaining personnel contact lists D By regularly testing the DRP
61 A. See Chapter 11. Audits will uncover changes that are needed in the DRP.
162
``` 62 Role-based access control and task-based access control are examples of: A Mandatory access controls B Administrative controls C Discretionary access controls D Non-discretionary access controls ```
62 D. See Chapter 4. Role-based access control and task-based access control are known as non-discretionary controls, which match information to roles or tasks, not individual users.
163
``` 63 The verification activity associated with coding is called: A Unit testing B Design review C System testing D Architecture review ```
63 A. See Chapter 7. Unit testing is the testing of small modules of code, which is used to verify that the coding was done correctly.
164
64 Steganography isn’t easily noticed because: A Monitor and picture quality are so good these days. B Most PCs’ speakers are turned off or disabled. C The human eye often can’t sense the noise that steganography introduces. D Checksums can’t detect most steganographed images.
64 C. See Chapter 8. Steganography can be difficult to detect visually in an image.
165
65 The purpose of a honeypot is to: A Log an intruder’s actions. B Act as a decoy to keep the intruder interested while his or her origin and identity are traced. C Deflect Denial of Service attacks away from production servers. D Provide direct evidence of a break-in.
65 B. See Chapter 12. A honeypot is designed to keep an intruder sniffing around long enough for investigators to determine his or her origin and identity.
166
``` 66 Which of the following tasks would NOT be performed by a security administrator? A Changing file permissions B Configuring user privileges C Installing system software D Reviewing audit data ```
66 C. See Chapter 10. Installing system software is a system administrator function; the rest are security administrator functions.
167
67 What does fail open mean in the context of controlled building entrances? A Controlled entrances permit no one to pass. B Controlled entrances permit people to pass without identification. C A power outage won’t affect control of the entrance. D A pass key is required to enter the building.
67 B. See Chapter 13. Fail open refers to any controlling mechanism that remains in the unlocked position when it fails. In the case of controlled building entrances, anyone can enter the building.
168
``` 68 TCB is an acronym for: A Trusted Computing Baseline B Trusted Computing Base C Tertiary Computing Base D Trusted Cache Base ```
68 B. See Chapter 9. TCB stands for Trusted Computing Base.
169
69 What is the purpose of an “advisory policy”? A This is an optional policy that can be followed. B This is an informal offering of advice regarding security practices. C This is a temporary policy good only for a certain period of time. D This is a policy that must be followed but is not mandated by regulation.
69 D. See Chapter 6. An advisory policy is required by the organization but is not mandated by a local or national government.
170
``` 70 132.116.72.5 is a: A MAC address B IPv4 address C Subnet mask D IPv6 address ```
70 B. See Chapter 5. This is an IPv4 address.
171
71 An organization that’s developing its DRP has established a 20 minute Recovery Time Objective (RTO). Which solution will best support this objective? A Cluster B Cold site C Hot site D Virtualization
71 C. See Chapter 11. A short Recovery Time Objective (RTO) usually requires a hot site because you have very little time available for setting up replacement systems.
172
``` 72 Audits, background checks, video cameras, and listening devices are known as: A Discretionary controls B Physical controls C Preventive controls D Detective controls ```
72 D. See Chapter 4. Detective controls are those controls that are designed to detect security events, but can’t prevent them in the way that preventive controls can.
173
``` 73 What’s the primary input of a high-level product design? A Feasibility study B Integration rules C Unit testing D Requirements ```
73 D. See Chapter 7. Requirements are the single largest input used in the highlevel product design phase.
174
``` 74 What historic event was the backdrop for breakthroughs in strategic cryptography? A The Gulf War B World War I C World War II D The Six-Day War ```
74 C. See Chapter 8. World War II saw a significant advancement in the science of cryptography. World War II became a war of cryptanalysis wherein each participant was sometimes able to break the code of the others, resulting in strategic advantages.
175
75 Which of the following is NOT a precaution that needs to be taken before monitoring e-mail? A Establishing strict procedures that define under what circumstances e-mail may be searched B Posting a visible notice that states e-mail is company information subject to search C Issuing monitoring tools to all e-mail administrators D Making sure that all employees know that e-mail is being monitored
75 C. See Chapter 12. Issuing monitoring tools to all e-mail administrators isn’t a precaution at all — it’s not even a step that would be considered. The other items do need to occur before any monitoring is performed.
176
76 What’s the potential security benefit of rotation of duties? A It reduces the risk that personnel will perform unauthorized activities. B It ensures that all personnel are familiar with all security tasks. C It’s used to detect covert activities. D It ensures security because personnel aren’t very familiar with their duties.
76 A. See Chapter 10. Rotation of duties is used to keep mixing up the teams in order to prevent situations in which individuals are tempted to perform unauthorized acts.
177
77 What does fail closed mean in the context of controlled building entrances? A Controlled entrances permit no one to pass. B Controlled entrances permit people to pass without identification. C The access control computer is down. D Everyone is permitted to enter the building.
77 A. See Chapter 13. Fail closed refers to any controlling mechanism that remains in the locked position when it fails. In the case of controlled building entrances, no one can enter the building by normal means.
178
``` 78 The sum total of all protection mechanisms in a system is known as a: A Trusted Computing Base B Protection domain C Trusted path D SPM (Summation Protection Mechanism) ```
78 A. See Chapter 9. A Trusted Computing Base is the complete picture of protection used in a computer system.
179
79 What is the definition of a “threat”? A Any event that produces an undesirable outcome. B A weakness present in a control or countermeasure. C An act of aggression that causes harm. D An individual likely to violate security policy.
79 A. See Chapter 6. A threat is a possible undesirable event that may cause harm or damage.
180
``` 80 04:c6:d1:45:87:E8 is a: A MAC address B IPv4 address C Subnet mask D IPv6 address ```
80 A. See Chapter 5. This is a MAC address.
181
``` 81 Which of the following is NOT a natural disaster? A Tsunami B Pandemic C Flood D Communications outage ```
81 D. See Chapter 11. A communications outage is considered a man-made disaster (although it can be caused by a naturally occurring event).
182
``` 82 Smart cards, fences, guard dogs, and card key access are known as: A Mandatory controls B Physical controls C Preventive controls D Detective controls ```
82 C. See Chapter 4. Preventive controls are controls that are used to prevent security events.
183
83 The main improvement of the Waterfall software life cycle model over earlier process models is: A System and software requirements are combined into one step. B Developers can back up one step in the process for rework. C Coding and testing is combined into one step. D The need for rework was eliminated.
83 B. See Chapter 7. Going back one step for rework (of requirements, design, coding, testing — whatever the step is that needs to be reworked) was the main improvement of the Waterfall model. This is important because sometimes any of the steps may fail to consider something that the next step uncovers.
184
84 Non-repudiation refers to: A The technology that shoots down the “I didn’t send that message” excuse B Re-verification of all Certificate Authority (CA) certificate servers C The annual competency review of system authentication mechanisms D The annual competency review of network authentication mechanisms
84 A. See Chapter 8. Non-repudiation helps to prove that a specific individual did create or sign a document, or did transmit data to or receive data from another individual.
185
``` 85 Intellectual property laws apply to: A Trade secrets, trademarks, copyrights, and patents B Trademarks, copyrights, and patents C Trademarks only D Patents only ```
85 A. See Chapter 12. Intellectual property laws apply to trade secrets, trademarks, copyrights, and patents.
186
``` 86 The process of reviewing and approving changes in production systems is known as: A Availability management B Configuration management C Change management D Resource control ```
86 C. See Chapter 10. Change management is the complete management function that controls changes made to a production environment.
187
``` 87 A water sprinkler system that’s characterized as always having water in the pipes is known as: A Dry-pipe B Wet-pipe C Preaction D Discharge ```
87 B. See Chapter 13. Wet-pipe is the sprinkler system type in which water is always in the pipe.
188
``` 88 The mechanism that overlaps hardware instructions to increase performance is known as: A RISC B Pipeline C Pipe dream D Multitasking ```
88 B. See Chapter 9. Pipelining is the mechanism used to overlap the steps in machine instructions in order to complete them faster.
189
``` 89 A weakness in a security control is called a: A Risk B Vulnerability C Threat D Hole ```
89 B. See Chapter 6. A vulnerability is a weakness that can permit an undesirable event.
190
``` 90 The “ping” command sends: A IGRP Echo Reply packets B IGRP Echo Request packets C ICMP Echo Request packets D UDP Echo Request packets ```
90 C. See Chapter 5. Ping uses ICMP Echo Requests.
191
91 The term remote journaling refers to: A A mechanism that transmits transactions to an alternative processing site B A procedure for maintaining multiple copies of change control records C A procedure for maintaining multiple copies of configuration management records D A mechanism that ensures the survivability of written records
91 A. See Chapter 11. Remote journaling keeps data at an alternative site up-todate at all times.
192
92 Is identification weaker than authentication? A Yes: Identity is based only on the assertion of identity without providing proof. B Yes: Identification uses ASCII data, whereas authentication uses binary data. C No: Identification and authentication provide the same level of identity. D No: They are used in different contexts and have nothing to do with each other.
92 A. See Chapter 4. Identification is only the assertion of identity, whereas authentication is the proof of identity.
193
93 A project team is at the beginning stages of a new software development project. The team wants to ensure that security features are present in the completed software application. In what stage should security be introduced? A Requirements development B Test plan development C Application coding D Implementation plan development
93 A. See Chapter 7. Security should be included in the earliest possible phases of a software development project. The requirements phase is the earliest among the choices offered.
194
``` 94 The amount of effort required to break a given ciphertext is known as: A The Work function B The Effort function C Cryptanalysis D Extraction ```
94 A. See Chapter 8. Work function is the term used to describe the amount of time and/or money required to break a ciphertext.
195
95 In order to be admissible, electronic evidence must: A Be legally permissible B Not be copied C Have been in the custody of the investigator at all times D Not contain viruses
95 A. See Chapter 12. Evidence gathered in violation of any laws can’t be admitted in court.
196
``` 96 The process of maintaining and documenting software versions and settings is known as: A Availability management B Configuration management C Change management D Resource control ```
96 B. See Chapter 10. Configuration management is the support function that’s used to store version information about its systems.
197
97 A water sprinkler system that charges the pipes when it receives a heat or smoke alarm, and then discharges the water when a higher ambient temperature is reached, is known as: A Dry-pipe B Wet-pipe C Preaction D Discharge
97 C. See Chapter 13. Preaction, a combination of dry-pipe and wet-pipe, is increasingly popular in datacenters because it reduces the likelihood that a water discharge will actually occur — and a discharge will be limited to a small area in the datacenter.
198
``` 98 FORTRAN, BASIC, and C are known as: A Structured languages B Nested languages C Second-generation languages D Third-generation languages ```
98 D. See Chapter 9. FORTRAN, BASIC, and C are third-generation languages.
199
``` 99 A security control intended to reduce risk is called a: A Safeguard B Threat C Countermeasure D Partition ```
99 A. See Chapter 6. Safeguards exist to reduce risk in some way.
200
``` 100 SMTP is used to: A Manage multiple telnet sessions. B Tunnel private sessions through the Internet. C Simulate modems. D Transport e-mail. ```
100 D. See Chapter 5. SMTP, or Simple Mail Transport Protocol, is used to send and receive e-mail messages.
201
``` 101 Backing up data by sending it through a communications line to a remote location is known as: A Transaction journaling B Off-site storage C Electronic vaulting D Electronic journaling ```
101 C. See Chapter 11. Electronic vaulting is the term that describes backing up data over a communications line to another location.
202
102 Two-factor authentication is so called because: A It requires two of the three authentication types. B Tokens use two-factor encryption to hide their secret algorithms. C Authentication difficulty is increased by a factor of two. D It uses a factor of two prime numbers algorithm for added strength.
102 A. See Chapter 4. Two-factor authentication requires any two of Type 1 (something you know), Type 2 (something you have), and Type 3 (something you are) authentication methods.
203
103 Which of the following is NOT a value of change control in the software development life cycle? A Changes are documented and subject to approval. B Scope creep is controlled. C It gives the customer veto power over proposed changes. D The cost of changes is considered.
103 C. See Chapter 7. Veto power is unlikely, but the other choices listed are value-added features of change control.
204
104 What’s one disadvantage of an organization signing its own certificates? A The certificate-signing function is labor intensive. B Anyone outside the organization will receive warning messages. C The user-identification process is labor intensive. D It’s much more expensive than having certificates signed by a Certification Authority (CA).
104 B. See Chapter 8. The lack of a top-level (root) signature on a certificate results in warning messages stating that the certificate lacks a top-level signature.
205
105 Which agency has jurisdiction over computer crimes in the United States? A The Department of Justice B The Electronic Crimes Task Force C Federal, state, or local jurisdiction D The FBI and the Secret Service
105 C. See Chapter 12. Federal, state, and local laws cover computer crime. Depending on the crime, one or more levels of government may have jurisdiction.
206
106 Configuration Management is used to: A Document the approval process for configuration changes. B Control the approval process for configuration changes. C Ensure that changes made to an information system don’t compromise its security. D Preserve a complete history of the changes to software or data in a system.
106 D. See Chapter 10. Configuration management is used to preserve all prior settings or versions of software or hardware, as well as to provide a check out/check in capability to avoid collisions.
207
107 Why would a dry-pipe sprinkler be preferred over a wet-pipe sprinkler? A Dry-pipe systems put out a fire more quickly. B Dry-pipe systems consume less water. C Dry-pipe systems have a smaller likelihood of rust damage. D Dry-pipe systems have a potentially useful time delay before water is discharged.
107 D. See Chapter 13. Dry-pipe systems take a few moments (at least) before water discharge begins.
208
``` 108 The purpose of an operating system is to: A Manage hardware resources. B Compile program code. C Decompile program code. D Present graphic display to users. ```
108 A. See Chapter 9. An operating system (OS) manages computer hardware and presents a consistent interface to application programs and tools.
209
109 The purpose of risk analysis is: A To qualify the classification of a potential threat. B To quantify the likelihood of a potential threat. C To quantify the net present value of an asset. D To quantify the impact of a potential threat.
109 D. See Chapter 6. The purpose of risk analysis is to quantify the impact of a potential threat; in other words, to put a monetary value on the loss of information or functionality.
210
110 Which of the following is a disadvantage of SSL? A It requires a certificate on every client system. B It is CPU intensive. C All clients must be retrofitted with HTTP v3 browsers. D An eavesdropper can record and later play back an SSL session.
110 B. See Chapter 5. Because it encrypts and decrypts packets over the network, SSL consumes a lot of CPU time.
211
``` 111 Which of the following is NOT a method used to create an online redundant data set? A Remote journaling B Off-site storage C Electronic vaulting D Database mirroring ```
111 B. See Chapter 11. Off-site storage is merely an alternate location for storing back-up media.
212
``` 112 The phrase something you are refers to: A A user’s security clearance B A user’s role C Type 2 authentication D Type 3 authentication ```
112 D. See Chapter 4. Something you are refers to authentication that measures a biometric, which means something physical, such as a fingerprint, retina scan, or voiceprint.
213
113 How does the Waterfall software development life cycle help to assure that applications will be secure? A Security requirements can be included early on and verified later in testing. B The testing phase includes penetration testing. C The Risk Analysis phase will uncover flaws in the feasibility model. D A list of valid users must be approved prior to production.
113 A. See Chapter 7. The greatest value in the development life cycle is getting security requirements in at the beginning so that security will be “baked in.”
214
``` 114 The ability for a government agency to wiretap a data connection was implemented in the: A Skipjack chip B Magic lantern C Cutty chip D Clipper chip ```
114 D. See Chapter 8. The Clipper Chip implemented a capability to provide encryption for users and also provided a legal wiretap capability.
215
115 Under what circumstance may evidence be seized without a warrant? A If it’s in the public domain B If it’s believed that its destruction is imminent C In international incidents D If it’s on a computer
115 B. See Chapter 12. Evidence may be seized only if law enforcement believes that it’s about to be destroyed (which the law calls exigent circumstances).
216
``` 116 The traces of original data remaining after media erasure are known as: A Data remanence B Data traces C Leakage D Data particles ```
116 A. See Chapter 9. Erasure is seldom 100-percent effective. Despite complex and time-consuming methods, the slightest traces of data on media that have been erased may always remain.
217
117 Why should a datacenter’s walls go all the way to the ceiling and not just stop as high as the suspended ceiling? A The walls will serve as an effective fire break. B The HVAC will run more efficiently. C The walls will be stronger. D The high wall will block more noise.
117 A. See Chapter 13. Walls that go all the way up to the ceiling do a better job of keeping fires from spreading into or out of the datacenter.
218
``` 118 Protection rings are used for: A Implementing memory protection B Creating nested protection domains C Modeling layers of protection around an information object D Shielding systems from EMF ```
118 B. See Chapter 9. Protection rings are layers of protection domains, with the most protected domain in the center.
219
119 Annualized Rate of Occurrence refers to: A The exact frequency of a threat. B The estimated frequency of a threat. C The estimated monetary value of a threat. D The exact monetary value of a threat.
119 B. See Chapter 6. Annualized Rate of Occurrence (ARO) is a risk management term that describes the likelihood of the occurrence of a threat.
220
120 An access control list is NOT used by: A A firewall or screening router to determine which packets should pass through. B A router to determine which administrative nodes may access it. C A bastion host to determine which network services should be permitted. D A client system to record and save passwords.
120 D. See Chapter 5. Access control lists are used on firewalls, routers, and bastion hosts, but not on client systems (at least not for recording passwords!).
221
121 A DRP that has a high RPO and a low RTO will result in: A A system that takes more time to recover but has recent data B A system that recovers quickly but has old data C A system that recovers quickly and has recent data D A system that has never been tested
121 B. See Chapter 11. A high Recovery Point Objective (RPO) means that data on a recovered system will be older. A low Recovery Time Objective (RTO) means that the system will be recovered quickly.
222
122 Two-factor authentication is stronger than single-factor authentication because: A It uses a factor of two prime numbers algorithm for added strength. B It relies on two factors, such as a password and a smart card. C Authentication difficulty is increased by a factor of two. D The user must be physically present to authenticate.
122 B. See Chapter 4. Two-factor authentication requires any two of Type 1 (something you know), Type 2 (something you have), and Type 3 (something you are) authentication methods.
223
123 The main purpose of configuration management is to: A Require cost justification for any change in a software product. B Require approval for any desired change in a software product. C Maintain a detailed record of changes for the lifetime of a software product. D Provide the customer with a process for requesting configuration changes.
123 C. See Chapter 7. Configuration management produces a highly detailed record, including details of each and every copy of a software product that was created.
224
``` 124 The cipher device used by Germany in World War II is known as: A M-922 B M-902 C Enigma D Turing ```
124 C. See Chapter 8. The famous device used by Germany to encrypt and decrypt secret messages was the Enigma.
225
125 Motive, means, and opportunity: A Are required prior to the commission of a crime B Are the required three pieces of evidence in any criminal trial C Are the three factors that help determine whether someone may have committed a crime D Are the usual ingredients in a sting operation
125 C. See Chapter 12. Motive, means, and opportunity are the standard criteria when considering a possible suspect in a crime.
226
126 Software controls are used to: A Perform input checking to ensure that no buffer overflows occur. B Keep running programs from viewing or changing other programs’ memory. C Perform configuration management-like functions on software. D Ensure the confidentiality and integrity of software.
126 D. See Chapter 10. Software controls are used to protect software from unauthorized disclosure or tampering.
227
``` 127 Which of the following are NOT fire detectors? A Dial-up alarms B Heat-sensing alarms C Flame-sensing alarms D Smoke-sensing alarms ```
127 A. See Chapter 13. Dial-up alarms don’t detect fire; they respond to a fire detector and call the fire department by using a telephone line to play a prerecorded message.
228
128 The TCSEC document is known as the Orange Book because A It’s orange in color. B It covers the major classes of computing system security, D through A. C Its coverage of security was likened to the defoliant Agent Orange. D No adequate model of computing system security was available at the time.
128 A. See Chapter 9. The Orange Book was one of several books in the Rainbow Series, each describing various levels and contexts of computer security, and each with its own unique color.
229
129 Single Loss Expectancy refers to: A The expectation of the occurrence of a single loss. B The monetary loss realized from an individual threat. C The likelihood that a single loss will occur. D The annualized monetary loss from a single threat.
129 B. See Chapter 6. Single Loss Expectancy (SLE) is the monetary value associated with an individual threat.
230
130 What is the purpose of the DHCP protocol? A It’s used to diagnose network problems. B It assigns IP addresses to servers. C It assigns IP addresses to stations that join the network. D It’s used to dynamically build network routes.
130 C. See Chapter 5. The DHCP (dynamic host configuration protocol) is used to assign IP addresses to stations that join a network.
231
131 The purpose of a BIA is: A To determine the criticality of business processes B To determine the impact of disasters on critical processes C To determine the impact of software defects on critical business processes D To determine which software defects should be fixed first
131 B. See Chapter 11. A Business Impact Assessment (BIA) is used to determine the impact that different types of disasters have on critical business processes.
232
132 An organization has recently implemented a palm-scan biometric system to control access to sensitive zones in a building. Some employees have objected to the biometric system for sanitary reasons. The organization should: A Switch to a fingerprint-scanning biometric system. B Educate users about the inherent cleanliness of the system. C Allow users who object to the system to be able to bypass it. D Require employees to use a hand sanitizer prior to using the biometric system.
132 D. See Chapter 4. It’s reasonable for some employees to voice concerns regarding the cleanliness of a hand scanner that many employees will be using. Making hand-sanitizing agents available and requiring all users to use those hand sanitizers is a reasonable precaution to help prevent the spread of illnesses.
233
133 A security specialist has discovered that an application her company produces has a JavaScript injection vulnerability. What advice should the security specialist give to the application’s developers? A Implement input filtering to block JavaScript and other script languages. B Upgrade to the latest release of Java. C Re-compile the application with safe input filtering turned on. D Re-compile the application by using UTF-8 character set support.
133 A. See Chapter 7. An application that has a script injection vulnerability needs to be modified so that data accepted in input fields is sanitized by removing script tags and other scripting commands.
234
``` 134 Cryptography can be used for all the following situations EXCEPT: A Performance B Confidentiality C Integrity D Authentication ```
134 A. See Chapter 8. Cryptography can be used for confidentiality (by encrypting a message), integrity (through the use of digital signatures), and authentication (through the use of digital signatures to prove the origin of a message). Cryptography isn’t used for performance.
235
135 The burden of proof in U.S. civil law is: A The preponderance of the evidence B Beyond a reasonable doubt C Beyond all doubt D Based on the opinion of the presiding judge
135 A. See Chapter 12. The burden of proof in U.S. civil law is based on the preponderance of the evidence.
236
136 An organization may choose to perform periodic background checks on its employees for all the following reasons EXCEPT: A To determine whether the employee has earned any additional educational degrees B To determine whether a detrimental change in an employee’s financial situation might entice him or her to steal from the employer C To determine whether a criminal offense has occurred since the person was hired that would impact the risk of continued employment D To uncover any criminal offenses that weren’t discovered in the initial background check
136 A. See Chapter 10. Periodic background checks can be used to discover any new events in an employee’s criminal or financial background, as well as uncover any criminal records that weren’t found in the initial background check.
237
``` 137 Which class of hand-held fire extinguisher should be used in a datacenter? A Class B B Class C C Class A D Class D ```
137 B. See Chapter 13. A Class C fire extinguisher should be used in a datacenter; this type is most effective against electronics and electrical fires.
238
``` 138 All the following CPUs are CISC design EXCEPT: A PDP-11 B Intel x86 C SPARC D Motorola 68000 ```
138 C. See Chapter 9. PDP-11, Intel x86, and Motorola 68000 are CISC design CPUs. SPARC is a RISC design CPU.
239
139 A system architect has designed a system that is protected with redundant parallel firewalls. This follows which security design principle? A Avoidance of a single point of failure B Defense in depth C Fail open D Fail closed
139 A. See Chapter 6. An architecture with parallel components generally is following the avoidance of a single point of failure.
240
``` 140 The type of cable that is best suited for high RF and EMF environments is: A Fiber-optic B Shielded twisted-pair C Coaxial D Thinnet ```
140 A. See Chapter 5. Because it transmits light instead of electrical signals, fiberoptic cabling is virtually immune to RF and EMF environments.
241
141 A Disaster Recovery Planning team has been told by management that the equipment required to meet RTO and RPO targets is too costly. What’s the best course of action to take? A Classify the system as being out of scope. B Reduce the RTO and RPO targets. C Look for less expensive methods for achieving targets and report to management if no alternatives can be found. D Ask for more budget for recovery systems.
141 C. See Chapter 11. When management has determined that a proposed disaster recovery architecture is too expensive, the project team needs to find less costly alternatives. If none can be found, the project team needs to inform management, who may approve of longer RPO and RTO targets that should be less costly.
242
142 A security manager is planning a new video surveillance system. The manager wants the video surveillance system to be both a detective control and a deterrent control. What aspect of the system’s design will achieve this objective? A Include a video-recording capability in the system. B Make video cameras conspicuously visible and post warning notices. C Hide video cameras and don’t post warning notices. D Make video monitors conspicuously visible.
142 B. See Chapter 4. A video surveillance system can be an effective deterrent control if its cameras are visible. Warning notices provide even greater deterrent ability.
243
143 Privacy advocacy organizations are concerned about the practice of aggregation, which involves: A Selling highly sensitive data to the highest bidder B Distributing highly sensitive data to third parties C Combining low-sensitivity data elements that results in highly sensitive data D Disclosing highly sensitive data to government agencies
143 C. See Chapter 7. Aggregation is the process of combining data, which can result in the creation of highly sensitive information.
244
144 A cipher uses a table to replace plaintext characters with ciphertext characters. This type of cipher is known as: A Stream B Block C Substitution D Transposition
144 C. See Chapter 8. A substitution cipher uses a lookup table for substituting one character for another.
245
``` 145 Under U.S. law, the amount of a fine and the length of imprisonment are based on: A The opinion of the judge B The opinion of the jury C The evidence introduced in a trial D Federal sentencing guidelines ```
145 D. See Chapter 12. Federal sentencing guidelines provide the range of possible monetary fines and length of imprisonment.
246
146 An organization has identified a high-risk activity that’s performed by a single individual. The organization will change the activity so that two or more individuals are required to perform the task. This new setup is known as: A Single point of failure B Shared custody C Split custody D Separation of duties
146 D. See Chapter 10. Separation of duties is the concept that supports a process design in which two or more individuals are required to perform a critical task. The classic example is the three activities carried out by three separate individuals in an accounting system: creating a payee, making a payment request, and making a payment.
247
147 An organization wants to erect fencing around its property to keep out determined intruders. What are the minimum specifications that the organization should consider? A Eight feet in height and three strands of barbed wire at the top B Twelve feet in height and three strands of barbed wire at the top C Eight feet in height D Twelve feet in height
147 A. See Chapter 13. To keep out determined intruders, an organization should consider fencing that’s at least eight feet in height and includes three strands of barbed wire.
248
``` 148 Which type of technology is a computer designer most likely to use for main memory? A EAROM B Dynamic RAM C Flash D Hard drive ```
148 B. See Chapter 9. Most computers’ main memory uses dynamic RAM (DRAM) or static RAM (SRAM).
249
149 A document that lists the equipment brands, programming languages, and communications protocols to be used in an organization is a: A Policy B Guideline C Requirement D Standard
149 D. See Chapter 6. A standards document defines the equipment brands, programming languages, communications protocols, and other components to be used in an organization.
250
150 Which of the following is true about Digital Subscriber Line: A Digital Subscriber Line is synonymous with DOCSIS (Digital Over Cable Services Interface Specification). B Digital Subscriber Line is a simplex protocol. C Digital Subscriber Line has been superseded by ISDN. D Digital Subscriber Line has superseded ISDN.
150 D. See Chapter 5. Digital Subscriber Line has superseded ISDN in most areas. The other statements are false.
251
151 A DRP has an RTO of 24 hours and an RPO of 56 hours. This indicates that: A The system will be operational within 24 hours and the maximum data loss is 56 hours. B The system will be operational within at least 24 hours and the maximum data loss is 56 hours. C The system will be operational within 56 hours and the maximum data loss is 24 hours. D The system will be operational within 24 hours and the maximum data loss will be 32 hours.
151 A. See Chapter 11. An RTO of 24 hours means a recovery system will be operational within 24 hours of a disaster. An RPO of 56 hours means the maximum data loss will be 56 hours.
252
``` 152 The ability to associate users with their actions is known as: A Non-repudiation B Accountability C Audit trails D Responsibility ```
152 B. See Chapter 4. When users are associated with their actions (which is usually achieved through audit logs), they’re made to be accountable.
253
153 A database administrator has tuned a transaction processing database for optimum performance. Business users now want to use the same database for business intelligence and decision support. What action should the database administrator take? A Implement a separate data warehouse that’s tuned for decision support. B Tune the transaction processing database to optimize performance of decision support queries. C Implement a database server cluster and tune the passive server for decision support. D Establish separate user IDs for transaction use and decision-support use, and tune each for their respective purposes.
153 A. See Chapter 7. It’s rarely possible to tune a database management system to provide adequate performance for both transaction processing and decision support. A separate data warehouse should be implemented, and that database tuned for that purpose. The original database should be tuned for optimum transaction processing performance.
254
``` 154 The Advanced Encryption Standard algorithm is based on: A The Rijndael block cipher B The Rijndael stream cipher C The Skipjack cipher D The triple-DES cipher ```
154 A. See Chapter 8. AES (Advanced Encryption Standard) is based on the Rijndael block cipher.
255
155 An organization has developed a new technique for compiling computer code and wants to protect that technique by using applicable intellectual property law. Which type of protection should the organization use? A Patent B Trademark C Service mark D Copyright
155 A. See Chapter 12. A patent is the type of legal protection used for the design of a mechanism.
256
156 An organization is reducing the size of its workforce and has targeted the lead database administrator for termination of employment. How should the organization handle this termination? A Terminate the employee’s user accounts within 24 hours of notification. B Terminate the employee’s user accounts immediately after notification. C Terminate the employee’s user accounts within 48 hours of notification. D Retain the employee’s user accounts until a replacement can be trained.
156 B. See Chapter 10. A position such as database administrator, network administrator, or system administrator usually has high privileges. The safest course of action when terminating employment for a person in such a position is to immediately terminate all access immediately after (or just prior to) notification.
257
157 What’s one disadvantage of the use of key cards as a building access control? A Key card readers are expensive. B The False Accept Rate (FAR) may exceed the False Reject Rate (FRR). C Any party who finds a lost key card can use it to enter a building. D A key card’s PIN code is easily decrypted.
157 C. See Chapter 13. Unless coupled with a PIN pad or biometric reader, any person can use a key card to enter a building.
258
``` 158 All the following are components of an operating system EXCEPT: A Compiler B Kernel C Device driver D Tools ```
158 A. See Chapter 9. Operating systems consist of a kernel, device drivers, and tools.
259
``` 159 A document that describes the steps to be followed to complete a task is known as a: A Process B Procedure C Guideline D Standard ```
159 B. See Chapter 6. A procedure describes the steps used to complete a task.
260
``` 160 Which routing protocol transmits its passwords in plaintext? A RIPv2 B RIPv1 C BGP D EIGRP ```
160 A. See Chapter 5. The RIP (Routing Information Protocol) version 2 transmits passwords in plaintext. RIPv1 did not use passwords at all.
261
``` 161 Damage assessment of a datacenter after an earthquake should be performed by: A The chief security officer B The datacenter manager C An unlicensed structural engineer D A licensed structural engineer ```
161 D. See Chapter 11. Only a licensed structural engineer is qualified to examine the structure of a building after an earthquake and determine whether that building can be safely used. The other parties aren’t qualified to make this assessment.
262
162 The primary reason users are encouraged to use passphrases, rather than passwords, is: A They’ll choose longer passwords that are inherently stronger than shorter ones. B Their passwords will include spaces, which make passwords more complex. C Newer systems don’t support passwords. D Passphrases can be coupled with biometric systems.
162 A. See Chapter 4. The term passphrase simply means a longer password. The longer a password, the more difficult it can be to crack.
263
163 An application that was previously written to support a single user has been changed to support multiple concurrent users. The application encounters errors when two users attempt to access the same record. What feature should be added to the application to prevent these errors? A Load balancing B Replication C Record locking D Clustering
163 C. See Chapter 7. Record locking is a mechanism used to arbitrate access to resources in multiuser applications.
264
164 Two users, A and B, have exchanged public keys. How can user A send a secret message to user B? A User A encrypts a message with user B’s public key; user B decrypts the message with user B’s private key B User A encrypts the message with user A’s private key; user B decrypts the message with user B’s private key C User A encrypts the message with user A’s private key; user B decrypts the message with user A’s public key D User A encrypts the message with user B’s public key; user B decrypts the message with user A’s public key
164 A. See Chapter 8. In public key cryptography, a sender encrypts a message with the recipient’s public key; the recipient decrypts the message with the recipient’s private key.
265
165 An intruder has been apprehended for breaking into an organization’s computer systems to steal national security secrets. Under what U.S. law will the intruder likely be charged? A Cybercrime Act of 2001 B Federal Information Security Management Act of 2002 C U.S. Computer Fraud and Abuse Act of 1986 D U.S. Computer Security Act of 1987
165 C. See Chapter 12. An intruder who steals national security secrets in the U.S. is likely to be charged with a violation of the Computer Fraud and Abuse Act of 1986.
266
``` 166 The process of including text such as Company Confidential: For Internal Use Only on a document is known as: A Branding B Classification C Watermarking D Marking ```
166 D. See Chapter 10. Classifying, or marking, is the term used to describe the action of including text such as Company Confidential on a document.
267
167 An organization wants to install a motion detector in a portion of a building that has variable ambient noise. Which type of motion detector should be considered? A Wave pattern or capacitance B Wave pattern C Capacitance D Photo-electronic
167 A. See Chapter 13. A wave pattern or capacitance motion detector would be a candidate for an area that experiences ambient noise.
268
168 An organization uses a Windows-based server to act as a file server. The owners of individual files and directories are able to grant read and write permissions to other users in the organization. This capability most closely resembles which security model? A Discretionary access control (DAC) B Mandatory access control (MAC) C Access matrix D Take-Grant
168 A. See Chapter 9. The capability for end users to grant permissions to others corresponds to the discretionary access control (DAC) model.
269
``` 169 The relationship between threat, vulnerability, and risk is defined as: A Risk = vulnerability × threat B Threat = vulnerability × risk C Vulnerability = threat × risk D Risk = vulnerability + threat ```
169 A. See Chapter 6. The basic relationship between threat, vulnerability, and risk is that the risk is equal to the threat times the vulnerability.
270
``` 170 Which of the following WiFi protocols has not been compromised: A WEP B WPA C WPA2 D TKIP ```
170 C. See Chapter 5. WPA2 with AES has not been compromised.
271
171 The purpose of software escrow is: A Secure storage of software source code in the event of a disaster or the failure of the company that produced it B Third-party confirmation of the integrity of a software application C Secure storage of software object code in the event of a disaster or the failure of the company that produced it D Third-party delivery of a software application
171 A. See Chapter 11. The purpose of a software escrow agreement (also known as a source code escrow agreement) is the secure off-site storage of software source code in the event of a disaster or the complete failure of the organization.
272
172 A system has been designed to include strong authentication and transaction logging so that subjects can’t deny having performed actions. This inability for a subject to deny having performed an action is known as: A Irresponsibility B Culpable deniability C Non-repudiation D Dissociation
172 C. See Chapter 4. Non-repudiation is a property of a system to be able to prevent a subject from denying that he or she performed an action. This is accomplished through strong authentication and audit (or transaction) logging.
273
173 An organization is considering the purchase of a business application. What should the organization develop before making a product decision? A Application code B Specifications C Design D Requirements
173 D. See Chapter 7. An organization should develop requirements that define the desired characteristics of an application that it will consider purchasing.
274
174 Two users want to establish a private communications link. The two users have never communicated before. How should a symmetric encryption key be communicated to both parties? A The encryption key should be kept by one party only. B The encryption key should be transmitted as part of initial communications. C The encryption key should be transmitted by using an in-band communications channel. D The encryption key should be transmitted by using an out-of-band communications channel.
174 D. See Chapter 8. For two parties that have not communicated before, a symmetric encryption key must be sent from one party to another through an outof- band channel. For example, an encryption key for network communications should be sent via fax or courier.
275
175 An organization has developed a new method for building a mechanical device. The organization doesn’t want to reveal the method to any third party. Which type of protection should be used? A Copyright B Patent C Trade secret D Trademark
175 C. See Chapter 12. An organization that doesn’t want to disclose a method can’t file a copyright, trademark, or patent because these filings would disclose the method. Instead, the organization must carefully guard the method and consider it a trade secret.
276
176 An intruder has broken into an organization’s computer systems to steal industrial designs. This action is known as: A Robbery B Cracking C Hacking D Espionage
176 D. See Chapter 10. Espionage is the process of spying on an organization in order to discover its military or industrial secrets.
277
177 For fire suppression in a commercial datacenter, all the following types of fire-suppression systems may be considered EXCEPT: A FM-200 B Inert gas C Preaction D Deluge
177 D. See Chapter 13. Fire suppression in a commercial datacenter may include an inert gas system, FM-200 (which is one commercial brand of an inert gas system), or preaction (if local fire codes require some type of a water sprinkler system). A deluge system would never be considered.
278
``` 178 TCSEC has been superseded by which standard? A Common Criteria B ITSEC C ISO 27002 D DITSCAP ```
178 A. See Chapter 9. The Trusted Computer System Evaluation Criteria (TCSEC) has been superseded by the Common Criteria.
279
179 When is it prudent to perform a quantitative risk analysis? A When the probability of occurrence is low. B When the value of assets is high. C When the value of assets is low. D When the probability of occurrence is high.
179 B. See Chapter 6. A quantitative risk analysis is more difficult and timeconsuming to perform, and is usually done only on high-value assets.
280
180 Two users wish to establish a private communications link. The two users have never communicated before. What algorithm should be used to establish a symmetric encryption key? A Merkle B Diffie-Hellman C Babbage D RSA
180 B. See Chapter 8. The Diffie-Hellman (DH) key exchange algorithm permits the safe establishment of a symmetric encryption key over a communications channel.
281
181 The purpose of Layer 1 in the OSI model is to: A Transmit and receive bits. B Sequence packets and calculate checksums. C Perform application-to-application communications. D Transmit and receive frames.
181 A. See Chapter 5. Layer 1 of the OSI model is concerned only with sending and receiving bits.
282
``` 182 The main reason for incorporating a CAPTCHA is: A To slow down brute-force attacks. B To prevent non-human interaction. C To improve application performance. D To reduce false-positives. ```
182 B. See Chapter 4. The primary reason for using CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is to ensure that a human is interacting with an application.
283
``` 183 A set of SQL statements that are stored in the database is known as a: A Callout B Subroutine C Prepared statement D Stored procedure ```
183 D. See Chapter 7. A stored procedure is a set of one or more SQL statements that are stored in the database management system, usually in the data dictionary.
284
184 Two users have exchanged public keys. User A has encrypted a message with User B’s public key. What must User B do to read the message? A Decrypt the message with User A’s private key. B Decrypt the message with User A’s public key. C Decrypt the message with User B’s public key. D Decrypt the message with User B’s private key.
184 D. See Chapter 8. In public key cryptography, a sender encrypts a message with the recipient’s public key. The recipient decrypts the message with his own private key.
285
185 The USA PATRIOT Act: A Makes it illegal to encrypt international e-mail messages. B Makes it illegal to export strong encryption technology. C Gives law enforcement greater power of surveillance, search, and seizure. D Means judges no longer need to approve search warrants.
185 C. See Chapter 12. The USA PATRIOT Act gives law enforcement organizations greater search and seizure powers, primarily to combat terrorism.
286
186 An organization has added bank account numbers to the data it backs up to tape. The organization should: A Back up only the hashes of bank account numbers and not the numbers themselves. B Split bank account numbers so they reside on two different backup tapes. C Stop sending backup tapes off-site. D Encrypt backup tapes that are sent off-site.
186 D. See Chapter 10. An organization that backs up sensitive data such as bank account numbers should consider encrypting its backup media.
287
187 The purpose of a motion sensing request-to-exit sensor on an exterior doorway is: A Count the number of persons exiting the door. B Count the number of persons entering the door. C Unlock an exterior door and permit a person to exit. D Detect when a person is approaching an exterior exit from the inside.
187 D. See Chapter 13. The purpose of a request-to-exit (REX) sensor is to detect when a person is approaching a doorway — usually an exterior exit door from the inside. If an exterior door is opened from the outside without the use of a key card and without a person inside the door, then the door is assumed to have been opened with a key or forced open by an intruder.
288
``` 188 The risks associated with outsourcing computing to the Cloud are all of the following EXCEPT: A Data ownership. B Data jurisdiction. C Control effectiveness. D Availability. ```
188 A. See Chapter 9. Data jurisdiction, control effectiveness, and availability are risks associated with cloud computing. Data ownership is not usually an issue.
289
189 A system architect has designed a system that is protected with two layers of firewalls, where each firewall is a different make. This follows which security design principle? A Avoidance of a single point of failure B Defense in depth C Fail open D Fail closed
189 B. See Chapter 6. A network that uses two different makes of firewalls follows the principle of defense in depth. A weakness in one firewall is not likely to be present in the other.
290
``` 190 The range of all possible encryption keys is known as: A Keyrange. B Keyspace. C Elliptic curve. D Cryptospace. ```
190 B. See Chapter 8. The complete range of possible keys in a cryptosystem is known as the keyspace.
291
``` 191 2001:0F56:45E3:BA98 is a: A MAC address B IPv4 address C Subnet mask D IPv6 address ```
191 D. See Chapter 5. 2001:0F56:45E3:BA98 is an IPv6 address.
292
192 An authentication system does not limit the number of invalid login attempts. This system is: A Designed for machine interaction only. B Integrated to a single sign-on (SSO) service. C Vulnerable to brute force attacks. D Not used to store sensitive data.
192 C. See Chapter 4. A system that does not limit the number of invalid login attempts is vulnerable to mechanized password guessing attacks. The attacker can attempt to log in thousands of times until the correct password is discovered.
293
193 An attacker has discovered a way to change his permissions from an ordinary end user to an administrator. This type of attack is known as: A Back door. B Denial of Service. C Privilege injection. D Escalation of privilege.
193 D. See Chapter 7. An attack that results in increased permissions is known as escalation of privilege.
294
194 A user has lost the password to his private key. The user should: A Create a new password for his private key B Decrypt his private key C Retrieve the password from his public key D Generate a new keypair
194 D. See Chapter 8. If a user has lost the password to his private key, the key can no longer be used; the user must generate a new keypair.
295
195 The burden of proof in U.S. criminal law is: A The preponderance of the evidence B Beyond a reasonable doubt C Beyond all doubt D Based on the opinion of the presiding judge
195 B. See Chapter 12. The burden of proof in U.S. criminal law is “beyond a reasonable doubt.”
296
196 The best approach for patch management is: A Install only those patches that scanning tools specify are missing. B Install patches only after problems are experienced. C Install all available patches. D Perform risk analysis and install patches that are relevant.
196 D. See Chapter 10. The best approach for patch management is to perform risk analysis on each patch, and install those that are relevant. Applying all available patches consumes more resources and may reduce system integrity.
297
``` 197 In addition to video surveillance, how can a public reception area be best protected? A Duress alarm B Pepper spray C Hand signals D Emergency telephone numbers ```
197 A. See Chapter 13. A duress alarm can be used to signal other personnel that there is an emergency in a specific area of a building.
298
198 The main weakness of a homogeneous environment is: A A variety of systems is more difficult to manage effectively. B Inconsistent management among systems in the environment. C A vulnerability in one system is likely to be found in all systems in the environment. D Port scans will take longer to complete.
198 C. See Chapter 9. The main weakness of a homogeneous environment is that all of the systems are the same. If one system has a vulnerability or weakness, many or all of the other systems in the environment are likely to have the same vulnerability or weakness.
299
199 A security manager has designed a building entrance that will lock doors in the event of a power failure. This follows which security design principle? A Avoidance of a single point of failure B Defense in depth C Fail open D Fail closed
199 D. See Chapter 6. A system that blocks all access in the event of a power failure (or other type of failure) follows the principle of fail closed.
300
200 An effective cryptosystem is all of the following EXCEPT: A Efficient. B Easy to crack. C Easy to use. D Strong, even if its algorithm is known.
200 B. See Chapter 8. An effective cryptosystem is easy to use, strong even if its algorithm is known, and makes efficient use of resources. A cryptosystem that is easily broken is not effective.
301
``` 201 255.255.0.0 is a: A MAC address B IPv4 address C Subnet mask D IPv6 address ```
201 C. See Chapter 5. 255.255.0.0 is an IPv4 subnet mask.
302
202 The main reason for preventing password re-use is: A To increase password entropy. B To prevent a user from reverting to their old, familiar password. C To encourage users to use different passwords on different systems. D To prevent users from using the same passwords on different systems.
202 B. See Chapter 4. Preventing password re-use discourages users from trying to revert to familiar passwords, which can slightly increase the risk of system compromise.
303
203 A software developer has introduced a feature in an application that permits him to access the application without the need to log in. This feature is known as a: A Bypass B Front door C Side door D Back door
203 D. See Chapter 7. A back door is a feature that permits covert access to a system, usually through bypassing access controls.
304
``` 204 A cryptosystem uses two-digit numerals to represent each character of a message. This is a: A Concealment cipher B Vernam cipher C Substitution cipher D Transposition cipher ```
204 C. See Chapter 8. A cryptosystem where message characters are converted to two-digit numerals is a substitution cipher, because ciphertext characters are substituted for message characters.
305
205 California state law SB-1386: A Requires organizations to publish their privacy policies. B Requires organizations to encrypt bank account numbers. C Requires organizations to disclose security breaches to affected citizens. D Requires organizations to encrypt private data.
205 C. See Chapter 12. The California Security Breach Information Act, SB-1386, requires organizations to disclose security breaches of specific personal data to all affected citizens, unless that data was encrypted. The law does not require that any data be encrypted.
306
206 The purpose of penetration testing is: A Simulate an attack by insiders. B Confirm the presence of application vulnerabilities. C Confirm the effectiveness of patch management. D Simulate a real attack and identify vulnerabilities.
206 D. See Chapter 10. The purpose of penetration testing is to simulate an attack by malicious outsiders or insiders who may be attempting to compromise a target system.
307
207 An advantage of video surveillance motion sensing recording over continuous recording is: A Date and time stamping on video frames. B Improved durability of storage media. C Lower cost of storage media. D Relevant content can be retained for a longer period of time.
207 D. See Chapter 13. In a motion-sensing surveillance system, only content with actual motion is recorded. This enables content to be retained for a greater period of time (because recording of no-activity is eliminated).
308
208 The four basic requirements in the Orange Book are: A Security policy, assurance, accountability, and documentation. B Security policy, availability, accountability, and documentation. C Security policy, assurance, confidentiality, and documentation. D Security policy, assurance, accountability, and integrity.
208 A. See Chapter 9. The four basic requirements described in the Orange Book are security policy, assurance, accountability, and documentation.
309
``` 209 A document that is unclassified: A Is a threat to national security. B Is not sensitive. C Is secret and must be protected. D Is not a threat to national security. ```
209 B. See Chapter 6. A document that is unclassified does not contain sensitive information.
310
210 In a symmetric cryptosystem, two users who wish to exchange encrypted messages exchange cryptovariables. The next thing the users should do is: A Re-issue encryption keys. B Begin to exchange encrypted messages. C Change encryption algorithms. D Change to an asymmetric cryptosystem.
210 B. See Chapter 8. When two users have exchanged cryptovariables (also known as encryption keys), they may begin exchanging encrypted messages.
311
``` 211 In the resource \\usdb01\symm\dev\src\, usdb01 is a: A Server. B Directory. C File. D Network. ```
211 A. See Chapter 5. In Uniform Naming Convention (UNC) for \\usdb01\symm\ dev\src\, usdb01 is the name of a server.
312
``` 212 An attacker has obtained a file containing hashed passwords. The fastest way to crack the hashed passwords is: A Unsalt the hashes B Brute-force attack C Rainbow tables D Cryptanalysis ```
212 C. See Chapter 4. An attacker who obtains a list of hashed passwords may be able to use a rainbow table to simply find the matching hashes and learn their corresponding passwords.
313
213 The best method for defending against cross-site request forgery (CSRF) attacks is: A Encrypt traffic with SSL/TLS. B Block JavaScript execution. C Filter input fields to reject injection strings. D Include a transaction confirmation step with every critical application function.
213 D. See Chapter 7. The best defense against cross-site request forgery (CSRF) attacks is to include subsequent steps such as transaction confirmation.
314
214 A cryptosystem uses a key that is the same length of the message. The key is used only for this message. This is a: A Transformation cipher. B Transposition cipher. C Substitution cipher. D Vernam cipher.
214 D. See Chapter 8. A Vernam cipher, or one-time pad, is a cryptosystem where the encryption key is the same length of the message, and is used only one time – for that message alone.
315
215 The purpose of the Sarbanes-Oxley Act of 2002 is to: A Restore investors’ confidence in U.S. companies. B Ensure privacy of all U.S. citizens. C Increase penalties for security breaches. D Reduce securities fraud.
215 A. See Chapter 12. The purpose of the Sarbanes-Oxley Act of 2002 is to renew public trust in U.S. public companies by strengthening company controls related to financial reporting.
316
216 A disadvantage of a HIDS is all of the following EXCEPT: A A server-based HIDS system cannot be a choke point like a NIDS/ NIPS can. B A separate HIDS instance must be installed and maintained on every server. C HIDS can only perform signature-based detection, not anomaly-based detection. D It will not detect port scans on unused IP addresses.
216 C. See Chapter 10. Because it has to be installed on every host, an organization may have many HIDS systems to maintain. And, because HIDS runs on individual hosts, a HIDS system cannot act as a network choke point in the way a network-based IDS can. A HIDS system can only detect traffic sent directly to any host it’s running on.
317
217 The primary advantage for remote monitoring of datacenter access controls is: A Local monitoring cannot identify all intrusions. B Remote monitoring is more effective than local monitoring. C Reduction of costs. D It compensates for the possibility that personnel in the datacenter are unavailable or compromised.
217 D. See Chapter 13. One of the main reasons for employing remote monitoring of physical access controls in a datacenter is the ability to observe physical access controls even if local staff are unavailable or compromised.
318
218 TCSEC evaluation criteria are: A Certification, inspection, and accreditation. B Confidentiality, integrity, and availability. C Measurement, guidance, and acquisition. D System architecture, system integrity, and covert channel analysis.
218 C. See Chapter 9. TCSEC (Orange Book) system evaluation criteria are measurement, guidance, and acquisition.
319
``` 219 A document that lists approved protocols is known as a: A Process B Procedure C Guideline D Standard ```
219 D. See Chapter 6. A document that lists approved protocols, technologies, or suppliers is known as a standard.
320
``` 220 An encryption algorithm that rearranges bits, characters, or blocks of data is known as a: A Substitution cipher. B Transposition cipher. C Vernam cipher. D Concealment cipher. ```
220 B. See Chapter 8. An encryption algorithm that rearranges bits, characters, or blocks of data is known as a transposition cipher, because it transposes data.
321
221 Systems on an internal network have RFC 1918 network addresses. To permit these systems to communicate with systems on the Internet, what should be implemented on the firewall? A NAT B NAC C NAP D NAS
221 A. See Chapter 5. In order to facilitate communication to the Internet on systems with RFC 1918 (private) addresses, implement NAT (network address translation) on a firewall.
322
222 The purpose of a user account access review is: A All of these. B To ensure that employee terminations were properly processed. C To ensure that all role assignments were properly approved. D To ensure that assigned roles are still needed.
222 A. See Chapter 4. The purpose of a user account access review can serve many purposes, including making sure that employee terminations resulted in timely access terminations, that all user roles were properly approved, and that users still require their access roles.
323
``` 223 The most effective countermeasure for session hijacking is: A Two-factor authentication. B Strong passwords. C Full disk encryption. D Full session HTTPS encryption. ```
223 D. See Chapter 7. Session hijacking occurs when an attacker obtains session cookies from a victim user. Full session encryption with HTTPS is an effective countermeasure, since attackers will not be able to obtain session cookies.
324
224 A cryptologist has determined that a cryptosystem has a weak PRNG. This can lead to: A Compromise of the cryptosystem B Increased performance of the cryptosystem C Decreased performance of the cryptosystem D Collisions
224 A. See Chapter 8. A weak pseudo-random number generator (PRNG) may result in a weak cryptosystem that can be broken through cryptanalysis.
325
``` 225 Recordkeeping that is related to the acquisition and management of forensic evidence is known as: A Best evidence. B Burden of proof. C Chain of custody. D Certification. ```
225 C. See Chapter 12. The Chain of Custody is the recordkeeping that describes the handling of forensic evidence in support of an investigation.
326
``` 226 The purpose of audit trails includes all of the following EXCEPT: A Event reconstruction. B Investigation support. C Enforcement of accountability. D Data recovery. ```
226 D. See Chapter 10. Audit trails support event reconstruction, investigation support, problem identification, and enforcement of accountability. Audit trails are not used for recovery purposes.
327
227 In a datacenter that provides dual power feeds to each equipment rack, components with dual power supplies are connected to each power feed. Why should power circuits not be loaded over 40% capacity? A To permit systems to be power-cycled without overloading circuits. B To permit systems to be rebooted without overloading circuits. C To permit power supplies to be swapped out. D If one power feed fails, power draw on alternate circuits will double.
227 D. See Chapter 13. When dual power supply components are connected to different circuits, those circuits should not be loaded to a load greater than 40% of capacity. If one power circuit fails, the other circuit can expect its load to increase to 80%.
328
228 A web application that uses sequential session identifiers: A Has high resilience. B Has low resilience. C Is vulnerable to session hijacking. D Is not vulnerable to session hijacking.
228 C. See Chapter 9. A web application that uses sequential session identifiers is vulnerable to a state attack, where an attacker can easily guess other session identifiers and attempt to steal other users’ sessions.
329
229 All of the following statements about policies are true EXCEPT: A They specify what should be done. B They specify how something should be done. C They should be reviewed annually. D They are formal statements of rules.
229 B. See Chapter 6. Policies are formal statements of business rules; they specify what should be done, but not how they should be done. Policies should be reviewed periodically.
330
230 An encryption algorithm that replaces bits, characters, or blocks in plaintext with alternate bits, characters, or blocks is known as a: A Substitution cipher. B Transposition cipher. C Vernam cipher. D Concealment cipher.
230 A. See Chapter 8. An encryption algorithm that replaces bits, characters, or blocks of data is known as a substitution cipher.
331
231 Two-factor authentication is preferred for VPN because: A It is more resistant to a dictionary attack. B It is more resistant to a replay attack. C Encryption protects authentication credentials. D Encryption protects encapsulated traffic.
231 A. See Chapter 5. Two-factor authentication is preferred for VPN because it is more resistant to a dictionary attack.
332
232 An audit of user access has revealed that user accounts are not being locked when employees leave the organization. The best way to mitigate this finding is: A Reset all account passwords. B Lock all user accounts and require users to re-apply for access. C Improve the termination process and perform monthly access reviews. D Discipline the culpable personnel.
232 C. See Chapter 4. When it has been discovered that many user accounts were not locked for users who left the organization, the termination process should be improved by whatever means necessary. Monthly access reviews will help to ensure that process changes are effective.
333
233 A blogging site allows users to embed JavaScript in the body of blog entries. This will allow what type of attack? A Cross-frame scripting B Cross-site request forgery C Non-persistent cross-site scripting D Persistent cross-site scripting
233 D. See Chapter 7. Any site that permits users to embed JavaScript is susceptible to cross-site scripting (XSS) attacks.
334
``` 234 A system designer needs to choose a stream cipher to encrypt data. The designer should choose: A 3DES B AES C RC1 D RC4 ```
234 D. See Chapter 8. A system designer in need of a stream cipher should choose RC4. The other ciphers are block ciphers.
335
235 Evidence that is obtained through illegal means: A May be used in a legal proceeding. B May be used as indirect evidence. C Cannot be used in a legal proceeding. D Must be returned to its owner.
235 C. See Chapter 12. Any evidence obtained through illegal means cannot be used in any legal proceeding.
336
236 A particular type of security incident occurs frequently in an organization. What should be performed to reduce the frequency of these incidents? A Audit log correlation B Root cause analysis C Incident forensics D Six Sigma analysis
236 B. See Chapter 10. If a specific type of incident occurs over and over, root cause analysis should be performed so that the factors responsible for incident recurrence can be corrected.
337
237 What procedure should be followed by personnel in case of fire in a datacenter? A All personnel should remain to fight the fire. B One person should remain behind and fight the fire. C Collect backup media and evacuate. D Immediate evacuation.
237 D. See Chapter 13. In case of a fire in a datacenter, personnel should evacuate immediately. Personnel safety is the highest priority in a datacenter.
338
238 The following statements about the Common Criteria are true EXCEPT: A It is the European version of ITSEC. B It has been adopted as international standard ISO 15408. C It contains eight levels of evaluation assurance. D It supersedes TCSEC and ITSEC.
238 A. See Chapter 9. The Common Criteria has been adopted as international standard ISO 15408, it contains eight levels of evaluation assurance, and it supersedes TCSEC and ITSEC.
339
239 An organization has employees in many countries, where laws vary on the type of background checks that can be performed. The best approach for background checks is: A Perform background checks only in those countries that permit reasonable checks. B Perform the best background check in each country as permitted by law. C Perform the same background check in all countries by performing only what is allowed in all of them. D Do not perform background checks.
239 B. See Chapter 6. An organization should perform the best background check available and permitted by law in each country.
340
240 A disadvantage of a symmetric cryptosystem is: A It is far less efficient than an asymmetric cryptosystem. B Users who do not know each other will have difficulty securely exchanging keys. C It is difficult to publish a public key. D It is easy to publish a public key.
240 B. See Chapter 8. In a symmetric cryptosystem, both users must possess the same encryption key. If these users do not know each other, it may be difficult to securely exchange a key.
341
241 Two organizations exchange data via FTP. The best choice to make this more secure is: A Change the FTP protocol to SFTP or FTPS. B Encrypt transferred files with PGP. C Change password more frequently. D Change to longer, complex passwords.
241 A. See Chapter 5. The best choice for making an FTP connection more secure is to change to FTPS or SFTP. Encrypting the payload does not protect authentication credentials.
342
``` 242 An attacker is capturing a user’s keystrokes during authentication. The attacker may be preparing to launch a: A Brute-force attack. B Cryptanalysis attack. C Replay attack. D Denial of service attack. ```
242 C. See Chapter 4. An attacker who is able to record the keystrokes of a user logging in to a system is preparing to launch a replay attack.
343
243 Users in a company have received e-mail messages claiming to be from the company’s IT department with instructions on installing a security patch. The URL points to a page that resembles the company’s IT Helpdesk home page. This may be a: A Whaling attack. B Pharming attack. C Phishing attack. D Spear phishing attack.
243 D. See Chapter 7. An e-mail-based attack that points users to a website that resembles a company’s own website is a spear phishing attack, because it is targeting users in a specific organization.
344
``` 244 A laptop containing several private encryption keys has been stolen. The owner of the encryption keys should: A Generate new key pairs B Change the keys’ passwords C Change encryption algorithms D No action is necessary ```
244 A. See Chapter 8. If a laptop containing private encryption keys has been stolen, the attacker may be able to guess the passwords for private keys and compromise the cryptosystem. The owner of the encryption keys should generate new key pairs.
345
245 A company outsources its credit card processing to a third-party organization. The company should: A Require the third-party organization to be PCI-compliant. B Require the third-party organization to be GLBA-compliant. C Sign a contract with the third-party organization. D Perform penetration tests on the third party’s systems.
245 A. See Chapter 12. Any company that outsources credit card processing to another organization should require the organization to be PCI-compliant.
346
246 Administration of a centralized audit log server should be performed by: A Database administrators. B IT auditors. C The same administrators who manage servers being logged. D Separate administrators from those who administer servers being logged.
246 D. See Chapter 10. Personnel who administer centralized audit log servers should be separate personnel from those who administer systems being logged. Otherwise administrators would be able to manipulate the contents of audit log servers and cover up their activities.
347
``` 247 The ideal level of relative humidity for datacenter computing equipment is: A Between 0% and 20%. B Between 20% and 40%. C 0%. D Between 40% and 60%. ```
247 D. See Chapter 13. The ideal level for relative humidity in a datacenter is between 40% and 60%. If humidity falls below 40%, there is risk of static discharge that can damage computing equipment. If the humidity rises above 60%, condensation can damage computing equipment.
348
248 A security manager wishes to establish a set of access control rules that specify which organization job titles are permitted to have which roles in a system. The model that the security manager should use as a model is: A Access Matrix. B Information Flow. C Non-Interference. D Biba.
248 A. See Chapter 9. The access model described here is the Access Matrix, which specifies which persons (or job titles) are permitted to access which system roles.
349
``` 249 A decision on how to resolve an identified risk is known as: A Risk control. B Risk treatment. C Risk management. D Risk mitigation. ```
249 B. See Chapter 6. A decision on how to resolve an identified risk is known as risk treatment.
350
250 The advantage of Cipher Block Chaining (CBC) is: A Each block of ciphertext has a less random result. B Each block of ciphertext has a more random result. C Each block of ciphertext is encrypted separately. D Each block of ciphertext is decrypted separately.
250 B. See Chapter 8. In Cipher Block Chaining (CBC), each plaintext block is XORed with the ciphertext of the preceding block, making it more random.