Domain 4 Flashcards
The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?
A. Well established and defined digital forensics process
B. Establishing Enterprise-owned Botnets for preemptive attacks
C. Be able to retaliate under the framework of Active Defense
D. Collaboration with law enforcement
Answer : Well established and defined digital forensics process
Which of the following is a countermeasure to prevent unauthorized database access from web applications?
A. Session encryption
B. Removing all stored procedures
C. Input sanitization
D. Library control
Answer : Input sanitization
Security related breaches are assessed and contained through which of the following?
A. The IT support team.
B. A forensic analysis.
C. Incident response
D. Physical security team.
Answer : Incident response
Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?
A. In-line hardware keyloggers don’t require physical access
B. In-line hardware keyloggers don’t comply to industry regulations
C. In-line hardware keyloggers are undetectable by software
D. In-line hardware keyloggers are relatively inexpensive
Answer : In-line hardware keyloggers are undetectable by software
Which of the following is the MAIN security concern for public cloud computing?
A. Unable to control physical access to the servers
B. Unable to track log on activity
C. Unable to run anti-virus scans
D. Unable to patch systems as needed
Answer : Unable to control physical access to the servers
Your organization provides open guest wireless access with no captive portals. What can you do to assist with law enforcement investigations if one of your guests is suspected of committing an illegal act using your network?
A. Configure logging on each access point
B. Install a firewall software on each wireless access point.
C. Provide IP and MAC address
D. Disable SSID Broadcast and enable MAC address filtering on all wireless access points.
Answer : Provide IP and MAC address
A customer of a bank has placed a dispute on a payment for a credit card account. The banking system uses digital signatures to safeguard the integrity of their transactions. The bank claims that the system shows proof that the customer in fact made the payment. What is this system capability commonly known as?
A. non-repudiation
B. conflict resolution
C. strong authentication
D. digital rights management
Answer : non-repudiation
The process of identifying and classifying assets is typically included in the
A. Threat analysis process
B. Asset configuration management process
C. Business Impact Analysis
D. Disaster Recovery plan
Answer : Business Impact Analysis
The general ledger setup function in an enterprise resource package allows for setting accounting periods. Access to this function has been permitted to users in finance, the shipping department, and production scheduling. What is the most likely reason for such broad access?
A. The need to change accounting periods on a regular basis.
B. The requirement to post entries for a closed accounting period.
C. The need to create and modify the chart of accounts and its allocations.
D. The lack of policies and procedures for the proper segregation of duties.
Answer : The lack of policies and procedures for the proper segregation of duties.
You are having a penetration test done on your company network and the leader of the team says they discovered all the network devices because no one had changed the Simple Network Management Protocol (SNMP) community strings from the defaults. Which of the following is a default community string?
A. Execute
B. Read
C. Administrator
D. Public
Answer : Public
What is the FIRST step in developing the vulnerability management program?
A. Baseline the Environment
B. Maintain and Monitor
C. Organization Vulnerability
D. Define Policy
Answer : Baseline the Environment
SQL injection is a very popular and successful injection attack method. Identify the basic SQL injection text:
A. ‘ o 1=1 - -
B. /../../../../
C. “DROPTABLE USERNAME”
D. NOPS
Answer : ‘ o 1=1 - -
While designing a secondary data center for your company what document needs to be analyzed to determine to how much should be spent on building the data center?
A. Enterprise Risk Assessment
B. Disaster recovery strategic plan
C. Business continuity plan
D. Application mapping document
Answer : Disaster recovery strategic plan
The process of creating a system which divides documents based on their security level to manage access to private data is known as
A. security coding
B. data security system
C. data classification
D. privacy protection
Answer : data classification
One of your executives needs to send an important and confidential email. You want to ensure that the message cannot be read by anyone but the recipient. Which of the following keys should be used to encrypt the message?
A. Your public key
B. The recipient’s private key
C. The recipient’s public key
D. Certificate authority key
Answer : The recipient’s public key
The process for identifying, collecting, and producing digital information in support of legal proceedings is called
A. chain of custody.
B. electronic discovery.
C. evidence tampering.
D. electronic review.
Answer : electronic discovery.
An anonymity network is a series of?
A. Covert government networks
B. War driving maps
C. Government networks in Tora
D. Virtual network tunnels
Answer : Virtual network tunnels
Network Forensics is the prerequisite for any successful legal action after attacks on your Enterprise Network. Which is the single most important factor to introducing digital evidence into a court of law?
A. Comprehensive Log-Files from all servers and network devices affected during the attack
B. Fully trained network forensic experts to analyze all data right after the attack
C. Uninterrupted Chain of Custody
D. Expert forensics witness
Answer : Uninterrupted Chain of Custody
Which of the following is a symmetric encryption algorithm?
A. 3DES
B. MD5
C. ECC
D. RSA
Answer : 3DES
What type of attack requires the least amount of technical equipment and has the highest success rate?
A. War driving
B. Operating system attacks
C. Social engineering
D. Shrink wrap attack
Answer : Social engineering
Physical security measures typically include which of the following components?
A. Physical, Technical, Operational
B. Technical, Strong Password, Operational
C. Operational, Biometric, Physical
D. Strong password, Biometric, Common Access Card
Answer : Physical, Technical, Operational
Your incident handling manager detects a virus attack in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the incident handling process will utilize the signature to resolve this incident?
A. Containment
B. Recovery
C. Identification
D. Eradication
Answer : Eradication
Which of the following backup sites takes the longest recovery time?
A. Cold site
B. Hot site
C. Warm site
D. Mobile backup site
Answer : Cold site
Which of the following statements about Encapsulating Security Payload (ESP) is true?
A. It is an IPSec protocol.
B. It is a text-based communication protocol.
C. It uses TCP port 22 as the default port and operates at the application layer.
D. It uses UDP port 22
Answer : It is an IPSec protocol.
An access point (AP) is discovered using Wireless Equivalent Protocol (WEP). The ciphertext sent by the AP is encrypted with the same key and cipher used by its stations. What authentication method is being used?
A. Shared key
B. Asynchronous
C. Open
D. None
Answer : Shared key
As a CISO you need to understand the steps that are used to perform an attack against a network. Put each step into the correct order.
1.Covering tracks
2.Scanning and enumeration
3.Maintaining Access
4.Reconnaissance
5.Gaining Access
A. 4, 2, 5, 3, 1
B. 2, 5, 3, 1, 4
C. 4, 5, 2, 3, 1
D. 4, 3, 5, 2, 1
Answer : 4, 2, 5, 3, 1
In terms of supporting a forensic investigation, it is now imperative that managers, first responders, etc., accomplish the following actions to the computer under investigation:
A. Secure the area and shut-down the computer until investigators arrive
B. Secure the area and attempt to maintain power until investigators arrive
C. Immediately place hard drive and other components in an anti-static bag
D. Secure the area.
Answer : Secure the area and attempt to maintain power until investigators arrive
Which of the following is MOST important when tuning an Intrusion Detection System (IDS)?
A. Trusted and untrusted networks
B. Type of authentication
C. Storage encryption
D. Log retention
Answer : Trusted and untrusted networks
What is the term describing the act of inspecting all real-time Internet traffic (i.e., packets) traversing a major Internet backbone without introducing any apparent latency?
A. Traffic Analysis
B. Deep-Packet inspection
C. Packet sampling
D. Heuristic analysis
Answer : Deep-Packet inspection
Which wireless encryption technology makes use of temporal keys?
A. Wireless Application Protocol (WAP)
B. Wifi Protected Access version 2 (WPA2)
C. Wireless Equivalence Protocol (WEP)
D. Extensible Authentication Protocol (EAP)
Answer : Wifi Protected Access version 2 (WPA2)
