Exam 2 Flashcards
At which part of the OSI model does the encapsulation process begin?
application
Which 2 layers of the OSI model are represented by the Link layer of the TCP/IP model?
Data Link and Physical
Which of the following represents the range of port numbers that are referred to a “well-known” port numbers?
0-1023
What is the port number for HTTP?
80
HTTPS=443
Telnet=23
POP3=110
which of the following is NOT and example of a knowledge authentication
A) password
B) mother’s maiden name
C) city of birth
D) smart card
D) smart card
which of the following statements about memory cards and smart cards is false?
A) a memory card is a swipe card that contains user authentication information
B) memory cards are also known as integrated circuit cards
C) smart cards contain memory and an embedded chip
D) smart card systems are more reliable than memory card systems
B) memory cards are not also known as integrated circuit cards smart cards are also known as integrated circuit cards
which biometric method is most effective?
A) Iris scan
B) retina scan
C) Fingerprint
D) handprint
A) Iris scan
What protocol in the TCP/IP suite resolves IP addresses and MAC addresses?
Address Revolution Protocol(ARP)
How many bits are contained in an IPv4 address?
32 bits in either binary or dotted decimal format.
IPv6 are 128 bits and in hexadecimal format.
Which of the following is a Class C address? A. 172.16.5.6 B. 192.168.5.54 C. 10.6.5.8 D. 224.6.6.6
B
Class C addresses range from 192.0.0.0-223.255.255.255
Which of the following is not a valid private IP address? A. 10.2.6.6 B. 172.15.6.6 C. 191.6.6.6 D. 223.54.5.5
A
Class A ranges from 10.0.0.0-10.255.255.255
Class B 172.16.0.0-172.31.255.255
Class C 192.168.0.0-192.168.255.255
Which service converts private IP addresses to public IP addresses? A. DHCP B. DNS C. NAT D. WEP
C, Network Address Translation
Which type of transmission uses stop and start bits? A. Asynchronous B. Unicast C. Multicast D. Synchronous
A
Which protocol encapsulates Fibre Channel frames over Ethernet networks? A. MPLS B. FCoE C. iSCSI D. VoIP
B
Fibre Channel over Ethernet
Which protocol uses port 14? A. RDP B. AFP C. IMAP D. SSH
C
Which of the following best describes NFS?
A. A file-sharing protocol
B. A directory query protocol that is based on X 500
C. An application layer protocol that is used to retrieve information from network devices
D. A client/server file-sharing protocol uses in UNIX/Linux
D
Which of the following is a multi-layer protocol that is used between components in process automation systems in electric and water companies? A. DNP3 B. VoIP C. WPA D. WPA2
A
Which wireless implementation includes MU MIMO? A. 802.11a B.802.11ac C. 802.11g D. 802.11n
B
what is a Type I error in a biometric system?
A) crossover error rate (CER)
B) false rejection rate (FRR)
C) false acceptance rate (FAR)
D) throughput rate
B) false rejection rate (FRR)
a Type 2 error is false acceptance rate (FAR)
which Access Control model is most often used by routers and firewalls to control access to network?
A) discretionary access control
B) mandatory access control
C) rule-based access control
D) role-based access control
C) rule-based access control
which thread is NOT considered a social engineering?
A) Phishing
B) Pharming
C) DoS attack
D) Dumpster diving
C) denial-of-service (DoS) attack
which of the following statements best describes an IDaaS implementation?
A) ensures that any instance of identification and Authentication to a resource is man properly
B) collects and verifies information about an individual to prove that the person who has a valid account is who he or she claims to be
C) provides a set of identity and access management functions to Target system on customers promises and/or in the cloud
D) it isn’t an SAML standard that exchanges authentication and authorization data between organizations or security domains
C) an identity as a service implementation provides a set of identity and access management functions to Target systems on customers
which of the following is an example of multi-factor Authentication?
A) username and password
B) username, retina scan, and smart card
C) retina scan and Fingerprint scan
D) smart card and security token
B) username, retina scan, and smart card
you decide to implement an access control policy that requires the user log on from a certain work stations within your Enterprise. Which type of authentication Factor are you implementing
A) knowledge factor
B) location factor
C) ownership factor
D) characteristic factor
B) Location factor
which threat is considered a password threat?
A) buffer overflow
B) sniffing
C) spoofing
D) brute-force attack
D) a brute-force attack is considered a password threat
which session management mechanisms are often used to manage dekstop sessions?
A) screensavers and timeouts
B) FIPS 201.2 and NIST SP 809-79-2
C) bollards and locks
D) KDC, THAT, and TGS
A) screensavers and timeouts
which of the following is a major disadvantage of implementing an SSO system?
A) Users are able to use stronger passwords
B) Users need to remember the login credentials for a single system
C) User and password administration are simplified
D) If a user’s credentials are comprised, attacker can access all resources
D) if a user’s credentials are compromised in a single sign-on environment at actors have access to all resources
For which of the following penetration tests does the testing team know an attack is coming but have limited knowledge of network systems and devices and only publicly available information? A. Target test B. Physical test C. Blind test D. Double-blind test
C
Which of the following is NOT a guideline according to NIST SP 800-92?
A. Organization should establish policies and procedures for log management
B. Organizations should create and maintain a log management infrastructure
C. Organizations should prioritize log management appropriately throughout the organization
D. Choose auditors with security experience
D
According to NIST SP 800-92, which of the following are facts of log management infrastructure?(Choose all that apply)
A. General function(log parsing, event filtering, and event aggregation)
B. Storage(log rotation, log archival, log reduction, log conversion, log normalization, and log integrity checking)
C. Log analysis(event correlation, log viewing, and log reporting)
D. Log disposal(log clearing)
All of them
Where are the 2 ways of collecting logs using security information and event management(SIEM) products, according to NIST SP 800-92? A. Passive and Active B. Agentless and agent-based C. Push and pull D. Throughput and rate
B
which type of attack is carried out from multiple locations using zombies and botnets?
A) TEMPEST
B) DDoS
C) Backdoor
D) Emanating
B) a distributed DDoS attack is a DDoS attack that is carried out from multiple attack locations
what is the first step of the incident response process
A) respond to the incident
B) detect the incident
C) report the incident
D) recover the incident
B) detect the incident
respond to the incident report the incident to the appropriate personnel recover from the incident remediate all components review the incident
what is the second step of the forensic investigations process
A) identification
B) collection
C) preservation
D) examination
C) preservation
identification preservation collection examination analysis presentation decision
which of the following is NOT one of the five rules of evidence?
A) be accurate
B) be complete
C) be admissible
D) be volatile
D) be volatile
rules are be authentic be accurate be complete be convincing be admissible
What investigation type specifically refers to litigation or government investigation that deal with the exchange of information in electronic format as part of the discovery process? A. Data Loss Prevention(DLP) B. Regulatory C. eDiscovery D. Operations
C
An organizations firewall is monitoring the outbound flow of information from one network to another. What specific type of monitoring is this? A. Egress monitoring B. Continuous monitoring C. CMaaS D. Resource provisioning
A
Which of the following are considered virtual assets?(Choose all that apply) A. Software-defined networks B. Virtual storage-area networks C. Guest OSs deployed on VMs D. Virtual routers
All of them
Which of the following describes the ability of a system, device, or a data center to recover quickly and continue operating after an equipment failure, power outage, or other disruption? A. Quality of Service(QoS) B. Recovery Time Objective(RTO) C. Recovery Point Objective(RPO) D. Systems Relliance
D
Which of the following are the main factors that affect the selection of an alternate location during the development of a DRP?(Choose all that apply) A. Geographic location B. Organizational needs C. Locations cost D. Locations restoration effort
All of them
which of the following refers to allowing user’s access only to the resources required to do their jobs?
A) job rotation
B) separation of duties
C) need to know/least privilege
D) mandatory vacation
C) need to know/ least privilege
which of the following is an example of an intangible asset?
A) disc drive
B) recipe
C) people
D) server
B) recipe
it’s not a physical object
which of the following is not a step in incident response management?
A) detect
B) response
C) monitor
D) report
C) monitor
- detect
- respond
- report
- recover
- remediate
- review
which of the following is NOT a backup type?
A) full
B) incremental
C) grandfather/father/son
D) transaction log
C) grandfather/father/son
this is a backup rotation
which term is used for a leased facility that contains all the resources needed for full operation?
A) cold site
B) hot site
C) warm site
D) tertiary site
B) hot site
which electronic backup type stores data on optical discs and uses robotics to load and unload the optical discs as needed
A) optical jukebox
B) hierarchical storage management
C) tape vaulting
D) replication
A) optical jukebox
what is failsoft?
A) the capacity of a system to switch over to a backup system if a failure in the primary system occurs
B) the capability of a system to terminate non-critical processes when a failure occurs
C) a software product that provides load balancing services
D) high capacity storage devices that are connected by a high-speed private network using Storage Pacific switches
B) spell soft is the capability of a system to terminate non-critical processes when a failure occurs
which of the following is the last step in the System Development Life Cycle
A) Operate/maintain
B) Dispose
C) Acquire/Develop
D) Initiate
B) Dispose
In which of the following stages of the Software Development Life Cycle is the Software actually coded.
A) Gather Requirements
B) Design
C) Develpment
D) Test/Validate
C) Develpment
Which of the following initiatives was developed by the Department of Homeland Security
A) WASC
B) BSI
C) OWASP
D) ISO
B) BSI
Which of the following development models includes no formal control mechanisms to provide feedback
A) Waterfall
B) V-Shaped
C) Build and Fix
D) Spiral
C) Build and Fix
Which language type delivers instructions directly to the Processor
A) Assembly languages
B) High-level Languages
C) Machine languages
D) Natural languages
C) Machine Languages
Which term describes how many different tasks a module can carry out
A) Polymorphism
B) Cohesion
C) Coupling
D) Data structures
B) Cohesion
Which term describes a standard for communication between processes on the same computer
A) CORBA
B) DCOM
C) COM
D) SOA
C) COM
Which of the following is a Microsoft technology
A) ActiveX
B) Java
C) SOA
D) CORBA
A) ActiveX
Which of the following is the dividing line between the trusted parts of the system and those that are untrusted
A) Security perimeter
B) Reference monitor
C) Trusted computer base (TCB)
D) Security kernel
A) Security perimeter
Which of the following is a system component that enforces access controls on an object
A) Security perimeter
B) Reference monitor
C) Trusted computer base (TCB)
D) Security kernel
B) Reference monitor
Which of the following ensures that the customer (either internal or external) is satisfied with the functionality of the software
A) Integration testing
B) Acceptance testing
C) Regression testing
D) Accreditation
B) Acceptance testing
In which of the following models is less time spent on the upfront analysis and more emphasis placed on learning from the process feedback and incorporating lessons learned in real time
A) Agile
B) Rapid Application Development
C) Cleanroom
D) Modified Waterfall
A) Agile
Which of the following software development risk analysis and mitigation strategy guidlines should security professionals follow
A) Integrate
B) Use
C) Track
D) Encasulate
A)
B)
C)
Which of the following are valid guidelines for providing API security
A) Same security controls
B) High based
C) Encryption
D) Implement password
A)
B)
C)
D)
Which of the following is NOT one of the four phases of acquiring software
A) Planning
B) Contracting
C) Development
D) Monitoring and accepting
C) Developing
Which monitoring method captures and analyzes every transaction of every application or website user?
A) RUM
B) synthetic transaction monitoring
C) code review and testing
D) Misuse case testing
A) RUM
What is the second step of the information security continuous monitoring (ISCM) plan, according to NIST SP 800-137?
A) Establish an ISCM program.
B) Define the ISCM strategy.
C) Implement an ISCM program.
D) Analyze the data collected.
A) Establish an ISCM program.
Which of the following is NOT a guideline for internal and third-party audits?
A) Choose auditors with security experience.
B) Involve business unit managers early in the process.
C) At minimum, perform bi-annual audits to establish a security baseline.
D) Ensure that the audit covers all systems and all policies and procedures.
C) At minimum, perform bi-annual audits to establish a security baseline.
Which SOC report should be shared with the general public?
A) SOC 1, Type 1
B) SOC 1, Type 2
C) SOC 2
D) SOC 3
D) SOC 3
What is vulnerability
A) the entity that carries out a threat
B) The exposure of an organization
C) An absence or weakness of a countermeasure that is in place
D) A control that reduces risk
C) An absence or weakness of a countermeasure that is in place
What is risk avoidance?
A) risk that is left over after safeguards have been implemented
B) Terminating the activity that causes a risk or choosing an alternative that is not as risky
C) Passing the risk on to a third party
D) Defining the acceptable risk level the organization can tolerate and reducing the risk to that level
B) Terminating the activity that causes a risk or choosing an alternative that is not as risky
What is the first stage of the security program life cycle
A) Plan and organize
B) Implement
C) Operate and maintain
D) Monitor and evaluate
A) Plan and organize
What is the first step of CRAMM
A) identify threats ans vulnerabilities
B) Identify and value assets
C) Identify countermeasures
D) Prioritize countermeasures
B) Identify and value assets
What is the legal term used to describe an organization taking all reasonable measures to prevent security breaches and also taking steps to mitigate damages caused by successful breaches?
A) Due care
B) Due dilligence
C) Default stance
D) Qualitative risk analysis
A) Due care
Which access control type reduces the effect of an attack or another undesirable event?
A) Compensative control
B) Preventive control
C) Detective control
D) Corrective control
D) Corrective control
Which framework uses the six communication questions (What, Where, When, Why, Who, and How) that intersect with six layers (operational, component, physical, logical, conceptual, and contextual)?
A) Six sigma
B) SABSA
C) ITIL
D) ISO/IEC 27000 series
B) SABSA
Which group of threat agents includes hardware and software failure, malicious code, and new technologies?
A) Human
B) Natural
C) Enviromental
D) Technical
D) Technical
Which security policies provide instruction on acceptable and unacceptable activities
A) Information security policies
B) Regulatory security policies
C) System-specific security policies
D) Advisory security policies
D) Advisory security policies
Which term indicates the monetary impact of each threat occurrence
A) ARO
B) ALE
C) EF
D) SLE
D) SLE
Which type of access control type is an acceptable use policy (AUP) most likely considered
A) Corrective
B) Detective
C) Compensative
D) Directive
D) Directive
Issues to be considered by the security practitioner when establishing a data policy include:
A) Cost, Due Care and Due Diligence, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process
B) Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Future Law & Policy Requirements, Policy and Process
C) Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Procedure
D) Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process
D) Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process
The best way to ensure that there is no data remanence of sensitive information that was once stored on a DVD-R media is by
A) Deletion
B) Degaussing
C) Destruction
D) Overwriting
C) Destruction
The information owner typically has the following responsibilities:
A) Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be archived.
B) Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.
C) Determine the impact the information has on the policies of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should not be released, know when the information is inaccurate or no longer needed and should be destroyed.
D) Determine the impact the information has on the mission of the organization, understand the creation cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.
B) Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.
When sensitive information is no longer critical but still within scope of a record retention policy, that information is BEST
A) Destroy
B) Re-categorized
C) Degaussed
D) Released
B) Re-catigorized
Which of the following BEST determines the employment suitability of an individual?
A) Job rank or title
B) Partnership with the security team
C) Role
D) Background investigation
D) Background investigation
Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?
A) Incident management
B) Problem Management
C) Change Management
D) Configuration Managment
B) Problem management
