Exam 2

Question 1

At which part of the OSI model does the encapsulation process begin?

Answer 1

application

Question 2

Which 2 layers of the OSI model are represented by the Link layer of the TCP/IP model?

Answer 2

Data Link and Physical

Question 3

Which of the following represents the range of port numbers that are referred to a “well-known” port numbers?

Answer 3

0-1023

Question 4

What is the port number for HTTP?

Answer 4

80
HTTPS=443
Telnet=23
POP3=110

Question 5

which of the following is NOT and example of a knowledge authentication

A) password
B) mother’s maiden name
C) city of birth
D) smart card

Answer 5

D) smart card

Question 6

which of the following statements about memory cards and smart cards is false?

A) a memory card is a swipe card that contains user authentication information
B) memory cards are also known as integrated circuit cards
C) smart cards contain memory and an embedded chip
D) smart card systems are more reliable than memory card systems

Answer 6

B) memory cards are not also known as integrated circuit cards smart cards are also known as integrated circuit cards

Question 7

which biometric method is most effective?

A) Iris scan
B) retina scan
C) Fingerprint
D) handprint

Answer 7

A) Iris scan

Question 8

What protocol in the TCP/IP suite resolves IP addresses and MAC addresses?

Answer 8

Address Revolution Protocol(ARP)

Question 9

How many bits are contained in an IPv4 address?

Answer 9

32 bits in either binary or dotted decimal format.

IPv6 are 128 bits and in hexadecimal format.

Question 10

Which of the following is a Class C address?
A. 172.16.5.6
B. 192.168.5.54
C. 10.6.5.8
D. 224.6.6.6

Answer 10

B

Class C addresses range from 192.0.0.0-223.255.255.255

Question 11

Which of the following is not a valid private IP address?
A. 10.2.6.6
B. 172.15.6.6
C. 191.6.6.6
D. 223.54.5.5

Answer 11

A
Class A ranges from 10.0.0.0-10.255.255.255
Class B 172.16.0.0-172.31.255.255
Class C 192.168.0.0-192.168.255.255

Question 12

Which service converts private IP addresses to public IP addresses?
A. DHCP
B. DNS
C. NAT
D. WEP

Answer 12

C, Network Address Translation

Question 13

Which type of transmission uses stop and start bits?
A. Asynchronous 
B. Unicast
C. Multicast
D. Synchronous

Answer 13

A

Question 14

Which protocol encapsulates Fibre Channel frames over Ethernet networks?
A. MPLS
B. FCoE
C. iSCSI
D. VoIP

Answer 14

B

Fibre Channel over Ethernet

Question 15

Which protocol uses port 14?
A. RDP
B. AFP
C. IMAP
D. SSH

Answer 15

C

Question 16

Which of the following best describes NFS?
A. A file-sharing protocol
B. A directory query protocol that is based on X 500
C. An application layer protocol that is used to retrieve information from network devices
D. A client/server file-sharing protocol uses in UNIX/Linux

Answer 16

D

Question 17

Which of the following is a multi-layer protocol that is used between components in process automation systems in electric and water companies?
A. DNP3
B. VoIP
C. WPA
D. WPA2

Answer 17

A

Question 18

Which wireless implementation includes MU MIMO?
A. 802.11a
B.802.11ac
C. 802.11g
D. 802.11n

Answer 18

B

Question 19

what is a Type I error in a biometric system?

A) crossover error rate (CER)
B) false rejection rate (FRR)
C) false acceptance rate (FAR)
D) throughput rate

Answer 19

B) false rejection rate (FRR)

a Type 2 error is false acceptance rate (FAR)

Question 20

which Access Control model is most often used by routers and firewalls to control access to network?

A) discretionary access control
B) mandatory access control
C) rule-based access control
D) role-based access control

Answer 20

C) rule-based access control

Question 21

which thread is NOT considered a social engineering?

A) Phishing
B) Pharming
C) DoS attack
D) Dumpster diving

Answer 21

C) denial-of-service (DoS) attack

Question 22

which of the following statements best describes an IDaaS implementation?

A) ensures that any instance of identification and Authentication to a resource is man properly
B) collects and verifies information about an individual to prove that the person who has a valid account is who he or she claims to be
C) provides a set of identity and access management functions to Target system on customers promises and/or in the cloud
D) it isn’t an SAML standard that exchanges authentication and authorization data between organizations or security domains

Answer 22

C) an identity as a service implementation provides a set of identity and access management functions to Target systems on customers

Question 23

which of the following is an example of multi-factor Authentication?

A) username and password
B) username, retina scan, and smart card
C) retina scan and Fingerprint scan
D) smart card and security token

Answer 23

B) username, retina scan, and smart card

Question 24

you decide to implement an access control policy that requires the user log on from a certain work stations within your Enterprise. Which type of authentication Factor are you implementing

A) knowledge factor
B) location factor
C) ownership factor
D) characteristic factor

Answer 24

B) Location factor

Question 25

which threat is considered a password threat?

A) buffer overflow
B) sniffing
C) spoofing
D) brute-force attack

Answer 25

D) a brute-force attack is considered a password threat

Question 26

which session management mechanisms are often used to manage dekstop sessions?

A) screensavers and timeouts
B) FIPS 201.2 and NIST SP 809-79-2
C) bollards and locks
D) KDC, THAT, and TGS

Answer 26

A) screensavers and timeouts

Question 27

which of the following is a major disadvantage of implementing an SSO system?

A) Users are able to use stronger passwords
B) Users need to remember the login credentials for a single system
C) User and password administration are simplified
D) If a user’s credentials are comprised, attacker can access all resources

Answer 27

D) if a user’s credentials are compromised in a single sign-on environment at actors have access to all resources

Question 28

For which of the following penetration tests does the testing team know an attack is coming but have limited knowledge of network systems and devices and only publicly available information?
A. Target test
B. Physical test
C. Blind test
D. Double-blind test

Answer 28

C

Question 29

Which of the following is NOT a guideline according to NIST SP 800-92?
A. Organization should establish policies and procedures for log management
B. Organizations should create and maintain a log management infrastructure
C. Organizations should prioritize log management appropriately throughout the organization
D. Choose auditors with security experience

Answer 29

D

Question 30

According to NIST SP 800-92, which of the following are facts of log management infrastructure?(Choose all that apply)
A. General function(log parsing, event filtering, and event aggregation)
B. Storage(log rotation, log archival, log reduction, log conversion, log normalization, and log integrity checking)
C. Log analysis(event correlation, log viewing, and log reporting)
D. Log disposal(log clearing)

Answer 30

All of them

Question 31

Where are the 2 ways of collecting logs using security information and event management(SIEM) products, according to NIST SP 800-92?
A. Passive and Active
B. Agentless and agent-based
C. Push and pull
D. Throughput and rate

Answer 31

B

Question 32

which type of attack is carried out from multiple locations using zombies and botnets?

A) TEMPEST
B) DDoS
C) Backdoor
D) Emanating

Answer 32

B) a distributed DDoS attack is a DDoS attack that is carried out from multiple attack locations

Question 33

what is the first step of the incident response process

A) respond to the incident
B) detect the incident
C) report the incident
D) recover the incident

Answer 33

B) detect the incident

respond to the incident
report the incident to the appropriate personnel
recover from the incident
remediate all components
review the incident

Question 34

what is the second step of the forensic investigations process

A) identification
B) collection
C) preservation
D) examination

Answer 34

C) preservation

identification
preservation 
collection
examination
analysis
presentation
decision

Question 35

which of the following is NOT one of the five rules of evidence?

A) be accurate
B) be complete
C) be admissible
D) be volatile

Answer 35

D) be volatile

rules are 
be authentic
be accurate
be complete
be convincing
be admissible

Question 36

What investigation type specifically refers to litigation or government investigation that deal with the exchange of information in electronic format as part of the discovery process?
A. Data Loss Prevention(DLP)
B. Regulatory 
C. eDiscovery
D. Operations

Answer 36

C

Question 37

An organizations firewall is monitoring the outbound flow of information from one network to another. What specific type of monitoring is this?
A. Egress monitoring 
B. Continuous monitoring 
C. CMaaS
D. Resource provisioning

Answer 37

A

Question 38

Which of the following are considered virtual assets?(Choose all that apply)
A. Software-defined networks
B. Virtual storage-area networks
C. Guest OSs deployed on VMs
D. Virtual routers

Answer 38

All of them

Question 39

Which of the following describes the ability of a system, device, or a data center to recover quickly and continue operating after an equipment failure, power outage, or other disruption?
A. Quality of Service(QoS)
B. Recovery Time Objective(RTO)
C. Recovery Point Objective(RPO)
D. Systems Relliance

Answer 39

D

Question 40

Which of the following are the main factors that affect the selection of an alternate location during the development of a DRP?(Choose all that apply)
A. Geographic location 
B. Organizational needs
C. Locations cost
D. Locations restoration effort

Answer 40

All of them

Question 41

which of the following refers to allowing user’s access only to the resources required to do their jobs?

A) job rotation
B) separation of duties
C) need to know/least privilege
D) mandatory vacation

Answer 41

C) need to know/ least privilege

Question 42

which of the following is an example of an intangible asset?

A) disc drive
B) recipe
C) people
D) server

Answer 42

B) recipe

it’s not a physical object

Question 43

which of the following is not a step in incident response management?

A) detect
B) response
C) monitor
D) report

Answer 43

C) monitor

1. detect
2. respond
3. report
4. recover
5. remediate
6. review

Question 44

which of the following is NOT a backup type?

A) full
B) incremental
C) grandfather/father/son
D) transaction log

Answer 44

C) grandfather/father/son

this is a backup rotation

Question 45

which term is used for a leased facility that contains all the resources needed for full operation?

A) cold site
B) hot site
C) warm site
D) tertiary site

Answer 45

B) hot site

Question 46

which electronic backup type stores data on optical discs and uses robotics to load and unload the optical discs as needed

A) optical jukebox
B) hierarchical storage management
C) tape vaulting
D) replication

Answer 46

A) optical jukebox

Question 47

what is failsoft?

A) the capacity of a system to switch over to a backup system if a failure in the primary system occurs
B) the capability of a system to terminate non-critical processes when a failure occurs
C) a software product that provides load balancing services
D) high capacity storage devices that are connected by a high-speed private network using Storage Pacific switches

Answer 47

B) spell soft is the capability of a system to terminate non-critical processes when a failure occurs

Question 48

which of the following is the last step in the System Development Life Cycle

A) Operate/maintain
B) Dispose
C) Acquire/Develop
D) Initiate

Answer 48

B) Dispose

Question 49

In which of the following stages of the Software Development Life Cycle is the Software actually coded.

A) Gather Requirements
B) Design
C) Develpment
D) Test/Validate

Answer 49

C) Develpment

Question 50

Which of the following initiatives was developed by the Department of Homeland Security

A) WASC
B) BSI
C) OWASP
D) ISO

Answer 50

B) BSI

Question 51

Which of the following development models includes no formal control mechanisms to provide feedback

A) Waterfall
B) V-Shaped
C) Build and Fix
D) Spiral

Answer 51

C) Build and Fix

Question 52

Which language type delivers instructions directly to the Processor

A) Assembly languages
B) High-level Languages
C) Machine languages
D) Natural languages

Answer 52

C) Machine Languages

Question 53

Which term describes how many different tasks a module can carry out

A) Polymorphism
B) Cohesion
C) Coupling
D) Data structures

Answer 53

B) Cohesion

Question 54

Which term describes a standard for communication between processes on the same computer

A) CORBA
B) DCOM
C) COM
D) SOA

Answer 54

C) COM

Question 55

Which of the following is a Microsoft technology

A) ActiveX
B) Java
C) SOA
D) CORBA

Answer 55

A) ActiveX

Question 56

Which of the following is the dividing line between the trusted parts of the system and those that are untrusted

A) Security perimeter
B) Reference monitor
C) Trusted computer base (TCB)
D) Security kernel

Answer 56

A) Security perimeter

Question 57

Which of the following is a system component that enforces access controls on an object

A) Security perimeter
B) Reference monitor
C) Trusted computer base (TCB)
D) Security kernel

Answer 57

B) Reference monitor

Question 58

Which of the following ensures that the customer (either internal or external) is satisfied with the functionality of the software

A) Integration testing
B) Acceptance testing
C) Regression testing
D) Accreditation

Answer 58

B) Acceptance testing

Question 59

In which of the following models is less time spent on the upfront analysis and more emphasis placed on learning from the process feedback and incorporating lessons learned in real time

A) Agile
B) Rapid Application Development
C) Cleanroom
D) Modified Waterfall

Answer 59

A) Agile

Question 60

Which of the following software development risk analysis and mitigation strategy guidlines should security professionals follow

A) Integrate
B) Use
C) Track
D) Encasulate

Answer 60

A)
B)
C)

Question 61

Which of the following are valid guidelines for providing API security

A) Same security controls
B) High based
C) Encryption
D) Implement password

Answer 61

A)
B)
C)
D)

Question 62

Which of the following is NOT one of the four phases of acquiring software

A) Planning
B) Contracting
C) Development
D) Monitoring and accepting

Answer 62

C) Developing

Question 63

Which monitoring method captures and analyzes every transaction of every application or website user?

A) RUM
B) synthetic transaction monitoring
C) code review and testing
D) Misuse case testing

Answer 63

A) RUM

Question 64

What is the second step of the information security continuous monitoring (ISCM) plan, according to NIST SP 800-137?

A) Establish an ISCM program.
B) Define the ISCM strategy.
C) Implement an ISCM program.
D) Analyze the data collected.

Answer 64

A) Establish an ISCM program.

Question 65

Which of the following is NOT a guideline for internal and third-party audits?

A) Choose auditors with security experience.
B) Involve business unit managers early in the process.
C) At minimum, perform bi-annual audits to establish a security baseline.
D) Ensure that the audit covers all systems and all policies and procedures.

Answer 65

C) At minimum, perform bi-annual audits to establish a security baseline.

Question 66

Which SOC report should be shared with the general public?

A) SOC 1, Type 1
B) SOC 1, Type 2
C) SOC 2
D) SOC 3

Answer 66

D) SOC 3

Question 67

What is vulnerability

A) the entity that carries out a threat
B) The exposure of an organization
C) An absence or weakness of a countermeasure that is in place
D) A control that reduces risk

Answer 67

C) An absence or weakness of a countermeasure that is in place

Question 68

What is risk avoidance?

A) risk that is left over after safeguards have been implemented
B) Terminating the activity that causes a risk or choosing an alternative that is not as risky
C) Passing the risk on to a third party
D) Defining the acceptable risk level the organization can tolerate and reducing the risk to that level

Answer 68

B) Terminating the activity that causes a risk or choosing an alternative that is not as risky

Question 69

What is the first stage of the security program life cycle

A) Plan and organize
B) Implement
C) Operate and maintain
D) Monitor and evaluate

Answer 69

A) Plan and organize

Question 70

What is the first step of CRAMM

A) identify threats ans vulnerabilities
B) Identify and value assets
C) Identify countermeasures
D) Prioritize countermeasures

Answer 70

B) Identify and value assets

Question 71

What is the legal term used to describe an organization taking all reasonable measures to prevent security breaches and also taking steps to mitigate damages caused by successful breaches?

A) Due care
B) Due dilligence
C) Default stance
D) Qualitative risk analysis

Answer 71

A) Due care

Question 72

Which access control type reduces the effect of an attack or another undesirable event?

A) Compensative control
B) Preventive control
C) Detective control
D) Corrective control

Answer 72

D) Corrective control

Question 73

Which framework uses the six communication questions (What, Where, When, Why, Who, and How) that intersect with six layers (operational, component, physical, logical, conceptual, and contextual)?

A) Six sigma
B) SABSA
C) ITIL
D) ISO/IEC 27000 series

Answer 73

B) SABSA

Question 74

Which group of threat agents includes hardware and software failure, malicious code, and new technologies?

A) Human
B) Natural
C) Enviromental
D) Technical

Answer 74

D) Technical

Question 75

Which security policies provide instruction on acceptable and unacceptable activities

A) Information security policies
B) Regulatory security policies
C) System-specific security policies
D) Advisory security policies

Answer 75

D) Advisory security policies

Question 76

Which term indicates the monetary impact of each threat occurrence

A) ARO
B) ALE
C) EF
D) SLE

Answer 76

D) SLE

Question 77

Which type of access control type is an acceptable use policy (AUP) most likely considered

A) Corrective
B) Detective
C) Compensative
D) Directive

Answer 77

D) Directive

Question 78

Issues to be considered by the security practitioner when establishing a data policy include:
A) Cost, Due Care and Due Diligence, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process
B) Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Future Law & Policy Requirements, Policy and Process
C) Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Procedure
D) Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process

Answer 78

D) Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process

Question 79

The best way to ensure that there is no data remanence of sensitive information that was once stored on a DVD-R media is by

A) Deletion
B) Degaussing
C) Destruction
D) Overwriting

Answer 79

C) Destruction

Question 80

The information owner typically has the following responsibilities:
A) Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be archived.
B) Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.
C) Determine the impact the information has on the policies of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should not be released, know when the information is inaccurate or no longer needed and should be destroyed.
D) Determine the impact the information has on the mission of the organization, understand the creation cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.

Answer 80

B) Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.

Question 81

When sensitive information is no longer critical but still within scope of a record retention policy, that information is BEST

A) Destroy
B) Re-categorized
C) Degaussed
D) Released

Answer 81

B) Re-catigorized

Question 82

Which of the following BEST determines the employment suitability of an individual?

A) Job rank or title
B) Partnership with the security team
C) Role
D) Background investigation

Answer 82

D) Background investigation

Question 83

Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue?

A) Incident management
B) Problem Management
C) Change Management
D) Configuration Managment

Answer 83

B) Problem management