Exam SET A Flashcards

Question 1

Q

Which of the following items is NOT used to determine the types of
access controls to be applied in an organization?
A. Separation of duties
B. Organizational policies
C. Least privilege
D. Relational categories

Answer

A

Answer: D
Explanation: The item, relational categories, is a distracter. The other options are important determinants of access control implementations in an organization

Question 2

Q

Which choice below is NOT a generally accepted benefit of security awareness, training, and education?
A. A security awareness and training program can help an organization reduce the number and severity of errors and omissions.
B. A security awareness and training program will help prevent natural disasters from occurring.
C. A security awareness program can help operators understand the value of the information.
D. A security education program can help system administrators recognize unauthorized intrusion attempts.

Answer

A

Answer: B
Explanation: An effective computer security awareness and training program requires proper planning, implementation, maintenance, and periodic evaluation. In general, a computer security awareness and training program should encompass the following seven steps:
1. Identify program scope, goals, and objectives.
2 Identify training staff.
3. Identify target audiences.
4. Motivate management and employees.
5. Administer the program.
6. Maintain the program.
7. Evaluate the program.
Source: NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems.

Question 3

Q

In biometrics, a one-to-one search to verify an individual's claim of an 
identity is called:  
A. Audit trail review. 
B. Accountability. 
C. Authentication. 
D. Aggregation.

Answer

A

Answer: C
Explanation: The correct answer is Authentication. Answer “Audit trail review.” is a review of audit system data, usually done after the fact. Answer “Accountability” is holding individuals responsible for their actions, and answer d is obtaining higher-sensitivity information from a number of pieces of information of lower sensitivity.

Question 4

Q

Which one of the following statements is TRUE concerning the Terminal
Access Controller Access Control System (TACACS) and TACACS+?
A. TACACS supports prompting for a password change.
B. TACACS+ employs a user ID and static password.
C. TACACS+ employs tokens for two-factor, dynamic password authentication.
D. TACACS employs tokens for two-factor, dynamic password authentication.

Answer

A

Answer: C
Explanation: The correct answer is “TACACS+ employs tokens for two-factor, dynamic password authentication”. TACACS employs a user ID and static password and does not support prompting for password change or the use of dynamic password tokens.

Question 5

Q

Which statement below is NOT correct about safeguard selection in the
risk analysis process?
A. The most commonly considered criteria is the cost effectiveness of the safeguard.
B. The best possible safeguard should always be implemented, regardless of cost.
C. Maintenance costs need to be included in determining the total cost of the safeguard.
D. Many elements need to be considered in determining the total cost of the safeguard.

Answer

A

Answer: B
Explanation: The correct answer is “The best possible safeguard should always be implemented, regardless of cost.”. Performing a cost-benefit analysis of the proposed safeguard before implementation is vital. The level of security afforded could easily outweigh the value of a proposed safeguard. Other factors need to be considered in the safeguard selection process, such as accountability, auditability, and the level of manual operations needed to maintain or operate the safeguard.

Question 6

Q

Which answer below is the BEST description of a Single Loss Expectancy (SLE)?
A. An algorithm that determines the expected annual loss to an organization from a threat
B. An algorithm that represents the magnitude of a loss to an asset from a threat
C. An algorithm used to determine the monetary impact of each occurrence of a threat
D. An algorithm that expresses the annual frequency with which a threat is expected to occur

Answer

A

Answer: C
Explanation: The correct answer is “An algorithm used to determine the monetary impact of each occurrence of a threat”. The Single Loss Expectancy (or Exposure) figure may be created as a result of a Business Impact Assessment (BIA). The SLE represents only the estimated monetary loss of a single occurrence of a specified threat event. The SLE is determined by multiplying the value of the asset by its exposure factor. This gives the expected loss the threat will cause for one occurrence. Answer a describes the Exposure Factor (EF). The EF is expressed as a percentile of the expected value or functionality of the asset to be lost due to the realized threat event. This figure is used to calculate the SLE, above.
Answer “An algorithm that expresses the annual frequency with which a threat is expected to occur” describes the Annualized Rate of Occurrence (ARO). This is an estimate of how often a given threat event may occur annually. For example, a threat expected to occur weekly would have an ARO of 52. A threat expected to occur once every five years has an ARO of 1/5 or .2. This figure is used to determine the ALE. Answer d describes the Annualized Loss Expectancy (ALE). The ALE is derived by multiplying the SLE by its ARO. This value represents the expected risk factor of an annual threat event. This figure is then integrated into the risk management process.

Question 7

Q

Which of the following is NOT a type of data network?  
A. WAN 
B. MAN 
C. LAN 
D. GAN

Answer

A

Answer: D
Explanation: The correct answer is d. GAN does not exist. LAN stands for Local Area Network, WAN stands for Wide Area Network, and MAN stands for Metropolitan Area Network

Question 8

Q

Which choice below is NOT a concern of policy development at the high level?
A. Identifying the key business resources
B. Defining roles in the organization
C. Determining the capability and functionality of each role
D. Identifying the type of firewalls to be used for perimeter security

Answer

A

Answer: D
Explanation: The other options are elements of policy development at the highest level. Key business resources would have been identified during the risk assessment process. The various roles are then defined to determine the various levels of access to those resources. Answer “Determining the capability and functionality of each role” is the final step in the policy creation process and combines steps a and “Defining roles in the organization”. It determines which group gets access to each resource and what access privileges its members are assigned. Access to resources should be based on roles, not on individual identity. Source: Surviving Security: How to Integrate People, Process, and Technology by Mandy Andress (Sams Publishing, 2001).

Question 9

Q

Which is NOT a standard type of DSL?  
A. HDSL 
B. FDSL 
C. ADSL 
D. VDSL

Answer

A

Answer: B
Explanation: The correct answer is FDSL. FDSL does not exist

Question 10

Q

A back door into a network refers to what?
A. Mechanisms created by hackers to gain network access at a later time
B. Monitoring programs implemented on dummy applications to lure intruders
C. Undocumented instructions used by programmers to debug applications
D. Socially engineering passwords from a subject

Answer

A

Answer: A
Explanation: Back doors are very hard to trace, as an intruder will often create several avenues into a network to be exploited later. The only real way to be sure these avenues are closed after an attack is to restore the operating system from the original media, apply the patches, and restore all data and applications. * social engineering is a technique used to manipulate users into revealing information like passwords. * Answer “Undocumented instructions used by programmers to debug applications”refers to a trap door, which are undocumented hooks into an application to assist programmers with debugging. Although intended innocently, these can be exploited by intruders. * “Monitoring programs implemented on dummy applications to lure intruders” is a honey pot or padded cell. A honey pot uses a dummy server with bogus applications as a decoy for intruders. Source: Fighting Computer Crime by Donn B. Parker (Wiley, 1998).

Question 11

Q

A type of access control that supports the management of access rights for groups of subjects is:  
A. Discretionary 
B. Rule-based 
C. Role-based 
D. Mandatory

Answer

A

Answer: C
Explanation: Role-based access control assigns identical privileges to groups of users. This approach simplifies the management of access rights, particularly when members of the group change. Thus, access rights are assigned to a role, not to an individual. Individuals are entered as members of specific groups and are assigned the access privileges of that group. In answer Discretionary, the access rights to an object are assigned by the owner at the owner’s discretion. For large numbers of people whose duties and participation may change frequently, this type of access control can become unwieldy. Mandatory access control, answer c, uses security labels or classifications assigned to data items and clearances assigned to users. A user has access rights to data items with a classification equal to or less than the user’s clearance. Another restriction is that the user has to have a need-to-know the information; this requirement is identical to the principle of least privilege. Answer ‘rule-based access control’ assigns access rights based on stated rules. An example of a rule is Access to trade-secret data is restricted to corporate officers, the data owner and the legal department.

Question 12

Q

Which of the following is NOT a property of CSMA?
A. The workstation continuously monitors the line.
B. Workstations are not permitted to transmit until they are given permission from the primary host.
C. It does not have a feature to avoid the problem of one workstation dominating the conversation.
D. The workstation transmits the data packet when it thinks that the line is free.

Answer

A

Answer: B
Explanation: The correct answer is “Workstations are not permitted to transmit until they are given permission from the primary host”. The polling transmission type uses primary and secondary hosts, and the secondary must wait for permission from the primary before transmitting.

Question 13

Q

Which choice below is NOT one of NIST’s 33 IT security principles?
A. Assume that external systems are insecure.
B. Minimize the system elements to be trusted.
C. Implement least privilege.
D. Totally eliminate any level of risk.

Answer

A

Answer: D
Explanation: Risk can never be totally eliminated. NIST IT security principle #4 states: Reduce risk to an acceptable level. The National Institute of Standards and Technology’s (NIST) Information Technology Laboratory (ITL) released NIST Special Publication (SP) 800-27, Engineering Principles for Information Technology Security (EP-ITS) in June 2001 to assist in the secure design, development, deployment, and life-cycle of information systems. It presents 33 security principles which start at the design phase of the information system or application and continue until the system’s retirement and secure disposal. Some of the other 33 principles are: Principle 1. Establish a sound security policy as the foundation for design.
Principle 2. Treat security as an integral part of the overall system design.
Principle 5. Assume that external systems are insecure.
Principle 6. Identify potential trade-offs between reducing risk and increased costs and decrease in other aspects of operational effectiveness.
Principle 7. Implement layered security (ensure no single point of vulnerability).
Principle 11. Minimize the system elements to be trusted.
Principle 16. Isolate public access systems from mission critical resources (e.g., data, processes, etc.).
Principle 17. Use boundary mechanisms to separate computing systems and network infrastructures.
Principle 22. Authenticate users and processes to ensure appropriate access control decisions both within and across domains.
Principle 23. Use unique identities to ensure accountability.
Principle 24. Implement least privilege.
Source: NIST Special Publication 800-27, Engineering Principles for Infor- mation Technology Security (A Baseline for Achieving Security), and Federal Systems Level Guidance for Securing Information Systems, James Corrie, August 16, 2001 .

Question 14

Q

What is probing used for?
A. To induce a user into taking an incorrect action
B. To use up all of a target’s resources
C. To covertly listen to transmissions
D. To give an attacker a road map of the network

Answer

A

Answer: D
Explanation: The correct answer is “To give an attacker a road map of the network”. Probing is a procedure whereby the intruder runs programs that scan the network to create a network map for later intrusion.
Answer “To induce a user into taking an incorrect action” is spoofing, c is the objective of a DoS attack, and d is passive eavesdropping.

Question 15

Q

Clipping levels are used to:
A. Reduce the amount of data to be evaluated in audit logs.
B. Limit errors in callback systems.
C. Limit the number of letters in a password.
D. Set thresholds for voltage variations.

Answer

A

Answer: A
Explanation: The correct answer is reducing the amount of data to be evaluated by definition. Answer “Limit the number of letters in a password” is incorrect because clipping levels do not relate to letters in a password. Answer “Set thresholds for voltage variations” is incorrect because clipping levels in this context have nothing to do with controlling voltage levels. Answer “Limit errors in callback syste” is incorrect because they are not used to limit callback errors.

Question 16

Q

An attack that can be perpetrated against a remote user's callback access 
control is:  
A. Redialing. 
B. Call forwarding. 
C. A maintenance hook. 
D. A Trojan horse.

Answer

A

Answer: B
Explanation: The correct answer is Call forwarding. A cracker can have a person’s call forwarded to another number to foil the callback system. Answer “A Trojan horse” is incorrect because it is an example of malicious code embedded in useful code. Answer “A maintenance hook” is incorrect because it might enable bypassing controls of a system through a means used for debugging or maintenance. Answer Redialing is incorrect because it is a distracter.

Question 17

Q

The definition of CHAP is:
A. Confidential Hash Authentication Protocol.
B. Challenge Handshake Approval Protocol.
C. Confidential Handshake Approval Protocol.
D. Challenge Handshake Authentication Protocol.

Answer

A

Answer: D
Explanation:

Question 18

Q

Which of the following is NOT a remote computing technology?  
A. xDSL 
B. ISDN 
C. Wireless 
D. PGP

Answer

A

Answer: D
Explanation: The correct answer is PGP. PGP stands for Pretty Good Privacy, an email encryption technology.

Question 19

Q

A relational database can provide security through view relations. Views enforce what information security principle?  
A. Least privilege 
B. Inference 
C. Aggregation 
D. Separation of duties

Answer

A

Answer: A
Explanation: The principle of least privilege states that a subject is permitted to have access to the minimum amount of information required to perform an authorized task. When related to government security clearances, it is referred to as need-to-know. * aggregation, is defined as assembling or compiling units of information at one sensitivity level and having the resultant totality of data being of a higher sensitivity level than the individual components. *Separation of duties requires that two or more subjects are necessary to authorize an activity or task. *inference, refers to the ability of a subject to deduce information that is not authorized to be accessed by that subject from information that is authorized to that subject.

Question 20

Q

Which statement below is accurate about the reasons to implement a
layered security architecture?
A. A layered approach doesn’t really improve the security posture of the organization.
B. A layered security approach is intended to increase the work-factor for an attacker.
C. A good packet-filtering router will eliminate the need to implement a layered security architecture.
D. A layered security approach is not necessary when using COTS products.

Answer

A

Answer: B
Explanation: Security designs should consider a layered approach to address or protect against a specific threat or to reduce a vulnerability. For example, the use of a packet-filtering router in conjunction with an application gateway and an intrusion detection system combine to increase the work-factor an attacker must expend to successfully attack the system. The need for layered protections is important when commercialoff- the-shelf (COTS) products are used. The current state-of-the-art for security quality in COTS products do not provide a high degree of protection against sophisticated attacks. It is possible to help mitigate this situation by placing several controls in levels, requiring additional work by attackers to accomplish their goals. Source: NIST Special Publication 800-27, Engineering Principles for Infor- mation Technology Security (A Baseline for Achieving Security).

Question 21

Q

Which of the choices below is NOT an OSI reference model Session Layer protocol, standard, or interface?  
A. SQL 
B. DNA SCP 
C. RPC 
D. MIDI 
E. ASP

Answer

A

Answer: D
Explanation: The Musical Instrument Digital Interface (MIDI) standard is a Presentation Layer standard for digitized music. The other answers are all Session layer protocols or standards. SQL refers to the Structured Query Language database standard originally developed by IBM.
Answer RPC refers to the Remote Procedure Call redirection mechanism for remote clients. ASP is the AppleTalk Session Protocol. DNA SCP refers to DECnet’s Digital Network Architecture Session Control Protocol. Source: Introduction to Cisco Router Configuration edited by Laura Chappell (Cisco Press, 1999).

Question 22

Q

An acceptable biometric throughput rate is:  
A. One subject per two minutes. 
B. Five subjects per minute. 
C. Ten subjects per minute. 
D. Two subjects per minute.

Answer

A

Answer: C
Explanation:

Question 23

Q

Authentication is:
A. Not accomplished through the use of a password.
B. The presentation of a user’s ID to the system.
C. The verification that the claimed identity is valid.
D. Only applied to remote users.

Answer

A

Answer: C
Explanation: The correct answer is “The verification that the claimed identity is valid.”. Answer “The presentation of a user’s ID to the system” is incorrect because it is an identification act. Answer c is incorrect because authentication can be accomplished through the use of a password. Answer “Only applied to remote users” is incorrect because authentication is applied to local and remote users.

Question 24

Q

Which statement about a VPN tunnel below is incorrect?
A. It can be created by implementing node authentication systems.
B. It can be created by implementing IPSec devices only.
C. It can be created by implementing key and certificate exchange systems.
D. It can be created by installing software or hardware agents on the client or network.

Answer

A

Answer: B
Explanation: The correct answer is “It can be created by implementing IPSec devices only”. IPSec-compatible and non-IPSec compatible devices are used to create VPNs. The other three answers are all ways in which VPNs can be created.

Question 25

Q

What is NOT true of a star-wired topology?
A. It has more resiliency than a BUS topology.
B. 10BaseT Ethernet is star-wired.
C. Cabling termination errors can crash the entire network.
D. The network nodes are connected to a central LAN device.

Answer

A

Answer: C
Explanation: The correct answer is “Cabling termination errors can crash the entire network”. Cabling termination errors are an inherent issue with bus topology networks.

Question 26

Q

What are the detailed instructions on how to perform or implement a 
control called?  
A. Guidelines 
B. Standards 
C. Policies 
D. Procedures

Answer

A

Answer: D
Explanation:

Question 27

Q

Which category of UTP wiring is rated for 100BaseT Ethernet networks?  
A. Category 5 
B. Category 1 
C. Category 2 
D. Category 3 
E. Category 4

Answer

A

Answer: A
Explanation: Category 5 unshielded twisted-pair (UTP) wire is rated for transmissions of up to 100 Mbps and can be used in 100BaseT Ethernet networks. It is the most commonly installed type of UTP at this time. See Table.
Category 1 twisted-pair wire was used for early analog telephone communications and is not suitable for data.
Category 2 twisted-pair wire, was used in AS/400 and IBM 3270 networks. Derived from IBM Type 3 cable specification. Category 3 twisted-pair wire, is rated for 10 Mbps and was used in 802.3 10Base-T Ethernet
networks, and 4 Mbps Token Ring networks. Category 4 twisted-pair wire, is rated for 16 Mbps and is used in 4/16 Mbps Token Ring LANs. Source: The Electrical Industry Alliance (EIA/TIA-568).

Question 28

Q

How is an SLE derived?  
A. ARO × EF 
B. AV × EF 
C. (Cost - benefit) × (% of Asset Value) 
D. % of AV - implementation cost

Answer

A

Answer: B
Explanation: The correct answer is AV × Ef. A Single Loss Expectancy is derived by multiplying the Asset Value with its Exposure Factor. The other answers do not exist.

Question 29

Q

The Simple Security Property and the Star Property are key principles in which type of access control?  
A. Mandatory 
B. Discretionary 
C. Rule-based 
D. Role-based

Answer

A

Answer: A
Explanation: Two properties define fundamental principles of mandatory access control. These properties are: Simple Security Property. A user at one clearance level cannot read data from a higher classification level. Star Property. A user at one clearance level cannot write data to a lower classification level

Question 30

Q

A token that generates a unique password at fixed time intervals is called:
A. A synchronous dynamic password token.
B. A challenge-response token.
C. A time-sensitive token.
D. An asynchronous dynamic password token.

Answer

A

Answer: A
Explanation: The correct answer is “A synchronous dynamic password token”.

Question 31

Q

Astatistical anomaly-based intrusion detection system:
A. Acquires data to establish a normal system operating profile.
B. Will detect an attack that does not significantly change the system’s operating characteristics.
C. Does not report an event that caused a momentary anomaly in the system.
D. Refers to a database of known attack signatures.

Answer

A

Answer: A
Explanation: The correct answer is “Acquires data to establish a normal system operating profile”. A statistical anomaly-based intrusion detection system acquires data to establish a normal system operating profile. Answer “Refers to a database of known attack signatures” is incorrect because it is used in signature-based intrusion detection. Answer “Will detect an attack that does not significantly change the system’s operating characteristics.” is incorrect because a statistical anomaly-based intrusion detection system will not detect an attack that does not significantly change the system operating characteristics. Similarly, answer “Does not report an event that caused a momentary anomaly in the system.” is incorrect because the statistical anomaly-based IDS is susceptible to reporting an event that caused a momentary anomaly in the system.

Question 32

Q

When logging on to a workstation, the log-on process should:
A. Provide a Help mechanism that provides log-on assistance.
B. Not provide information on the previous successful log-on and on previous unsuccessful log-on attempts.
C. Place no limits on the time allotted for log-on or on the number of unsuccessful log-on attempts.
D. Validate the log-on only after all input data has been supplied.

Answer

A

Answer: D
Explanation: This approach is necessary to ensure that all the information required for a log-on has been submitted and to avoid providing information that would aid a cracker in trying to gain unauthorized access to the workstation or network. If a log-on attempt fails, information as to which part of the requested log-on information was incorrect should not be supplied to the user.
Answer “Provide a Help mechanism that provides log-on assistance” is incorrect since a Help utility would provide help to a cracker trying to gain unauthorized access to the network.
For answer “Place no limits on the time allotted for log-on or on the number of unsuccessful log-on attempts”, maximum and minimum time limits should be placed on the log-on process. Also, the log-on process should limit the number of unsuccessful log-on attempts and temporarily suspend the log-on capability if that number is exceeded. One approach is to progressively increase the time interval allowed between unsuccessful log-on attempts.
Answer “Not provide information on the previous successful log-on and on previous unsuccessful log-on attempts” is incorrect since providing such information will alert an authorized user if someone has been attempting to gain unauthorized access to the network from the user’s workstation.

Question 33

Q

Which choice below BEST describes the difference between the System
Owner and the Information Owner?
A. The System Owner is responsible for establishing the rules for appropriate use of the information.
B. The Information Owner is responsible for defining the system’s operating parameters.
C. One system could have multiple information owners.
D. There is a one-to-one relationship between system owners and information owners.

Answer

A

Answer: C
Explanation: The System Owner is responsible for ensuring that the security plan is prepared and for implementing the plan and monitoring its effectiveness. The System Owner is responsible for defining the system’s operating parameters, authorized functions, and security requirements. The information owner for information stored within, processed by, or transmitted by a system may or may not be the same as the System Owner. Also, a single system may utilize information from multiple Information Owners. The Information Owner is responsible for establishing the rules for appropriate use and protection of the subject data/information (rules of behavior). The Information Owner retains that responsibility even when the data/information are shared with other organizations. Source: NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems.

Question 34

Q

Which choice below is NOT an accurate statement about the visibility of IT security policy?
A. Include the IT security policy as a regular topic at staff meetings at all levels of the organization.
B. The IT security policy should not be afforded high visibility.
C. The IT security policy could be visible through panel discussions with guest speakers.
D. The IT security policy should be afforded high visibility.

Answer

A

Answer: B
Explanation: Especially high visibility should be afforded the formal issuance of IT security policy. This is because nearly all employees at all levels will in some way be affected, major organizational resources are being addressed, and many new terms, procedures, and activities will be introduced. Including IT security as a regular topic at staff meetings at all levels of the organization can be helpful. Also, providing visibility through such avenues as management presentations, panel discussions, guest speakers, question/answer forums, and newsletters can be beneficial.

Question 35

Q

Which choice below does NOT relate to analog dial-up hacking?  
A. War Walking 
B. War Dialing 
C. Demon Dialing 
D. ToneLoc

Answer

A

Answer: A
Explanation: War Walking (or War Driving) refers to scanning for 802.11-based wireless network information, by either driving or walking with a laptop, a wireless adapter in promiscuous mode, some type of scanning software such as NetStumbler or AiroPeek, and a Global Positioning System (GPS).
* War Dialing, is a method used to hack into computers by using a software program to automatically call a large pool of telephone numbers to search for those that have a modem attached. * Demon Dialing, similar to War Dialing, is a tool used to attack one modem using brute force to guess the password and gain access. * ToneLoc, was one of the first war-dialing tools used by phone phreakers. Sources: Hacking Exposed by Stuart McClure, Joel Scambray, and George Kurtz (Osborne, 1999) and War Driving by the Bay by Kevin Poulsen, The Register, April 13, 2001.

Question 36

Q

Which is NOT a property of or issue with tape backup?
A. One large disk created by using several disks
B. Slow data transfer during backups and restores
C. Server disk space utilization expands
D. The possibility that some data re-entry might need to be performed after a crash

Answer

A

Answer: A
Explanation: The correct answer is “One large disk created by using several disks”. RAID level 0 striping is the process of creating a large disk out of several smaller disks.

Question 37

Q

In mandatory access control, the authorization of a subject to have access 
to an object is dependent upon:  
A. Roles. 
B. Labels. 
C. Tasks. 
D. Identity.

Answer

A

Answer: B
Explanation: The correct answer is Labels. Mandatory access controls use labels to determine whether subjects can have access to objects, depending on the subjects’ clearances. Answer roles is applied in non-discretionary access control as is tasks. Identity, is used in discretionary access control.

Question 38

Q

In a relational database, the domain of a relation is the set of allowable values:  
A. That tuples can take. 
B. Of the primary key. 
C. That an attribute can take. 
D. That a record can take.

Answer

A

Answer: C
Explanation:

Question 39

Q

In addition to accuracy, a biometric system has additional factors that determine its effectiveness. Which one of the following listed items is NOT one of these additional factors?  
A. Corpus 
B. Throughput rate 
C. Enrollment time 
D. Acceptability

Answer

A

Answer: A
Explanation: A corpus is a biometric term that refers to collected biometric images. The corpus is stored in a database of images. Potential sources of error are the corruption of images during collection and mislabeling or other transcription problems associated with the database. Therefore, the image collection, process and storage must be performed carefully with constant checking. These images are collected during the enrollment process and thus, are critical to the correct operation of the biometric device. In enrollment, images are collected and features are extracted, but no comparison occurs. The information is stored for use in future comparison steps. Answer a, the throughput rate, refers to the rate at which individuals, once enrolled, can be processed by a biometric system. If an individual is being authenticated, the biometric system will take a sample of the individual’s characteristic to be evaluated and compare it to a template. A metric called distance is used to determine if the sample matches the template. Distance is the difference between the quantitative measure of the sample and the template. If the distance falls within a threshold value, a match is declared. If not, there is no match. * Answer “acceptability” is determined by privacy issues, invasiveness, and psychological and physical comfort when using the biometric system. *“Enrollment time” is the time it takes to initially register with a system by providing samples of the biometric characteristic to be evaluated.

Question 40

Q

Which choice below is NOT a way to get Windows NT passwords?
A. Obtain root access to the /etc/passwd file.
B. Use pwdump2 to dump the password hashes directly from the registry.
C. Obtain the backup SAM from the repair directory.
D. Boot the NT server with a floppy containing an alternate operating system.

Answer

A

Answer: A
Explanation: The /etc/passwd file is a Unix system file. The NT Security Accounts Manager, SAM, contains the usernames and encrypted passwords of all local (and domain, if the server is a domain controller) users. The SAM uses an older, weaker LanManager hash that can be broken easily by tools like L0phtcrack. Physical access to the NT server and the rdisks must be controlled. The Sam._ file in the repair directory must be deleted after creation of an rdisk. Pwdump and pwdump2 are utilities that allow someone with Administrator rights to target the Local Security Authority Subsystem, isass.exe, from a remote system. Source: Hacking Exposed by Stuart McClure, Joel Scambray, and George Kurtz (Osborne, 1999).

Question 41

Q

Which choice below is usually the number one used criterion to determine the classification of an information object?
A. Age
B. Personal association
C. Useful life D. Value

Answer

A

Answer: D
Explanation: The correct answer is Value. Value of the information asset to the organization is usually the first and foremost criteria used in determining its classification. Answer Useful lif refers to declassification of an information object due to some change in situation.

Question 42

Q

To what does logon abuse refer?
A. Legitimate users accessing networked services that would normally be restricted to them
B. Nonbusiness or personal use of the Internet
C. Intrusions via dial-up or asynchronous external network connections
D. Breaking into a network primarily from an external source

Answer

A

Answer: A
Explanation: The correct answer is “Legitimate users accessing networked services that would normally be restricted to them”. Logon abuse entails an otherwise proper user attempting to access areas of the network that are deemed offlimits. Answer “Breaking into a network primarily from an external source” is called network intrusion, and d refers to backdoor remote access.

Question 43

Q

How often should an independent review of the security controls be performed, according to OMB Circular A-130?  
A. Never 
B. Every five years 
C. Every three years 
D. Every year

Answer

A

Answer: C
Explanation: The correct answer is “Every three years”. OMB Circular A-130 requires that a review of the security controls for each major government application be performed at least every three years. For general support systems, OMB Circular A-130 requires that the security controls be reviewed either by an independent audit or self review. Audits can be selfadministered or independent (either internal or external). The essential difference between a self-audit and an independent audit is objectivity; however, some systems may require a fully independent review. Source: Office of Management and Budget Circular A-130, revised November 30, 2000 .

Question 44

Q

Kerberos is an authentication scheme that can be used to implement:  
A. Hash functions. 
B. Single Sign-On (SSO). 
C. Public key cryptography. 
D. Digital signatures.

Answer

A

Answer: B
Explanation: The correct answer is “Single Sign-On (SSO).”. Kerberos is a third-party authentication
protocol that can be used to implement SSO. Answer “Public key cryptography” is incorrect because public key cryptography is not used in the basic Kerberos protocol. Answer “Digital signatures” is a public key-based capability, and answer “Hash functions” is a one-way transformation used to disguise passwords or to implement digital signatures.

Question 45

Q

The concept of limiting the routes that can be taken between a workstation and a computer resource on a network is called:  
A. Path limitation 
B. A trusted path 
C. An enforced path 
D. A security perimeter

Answer

A

Answer: C
Explanation: Individuals are authorized access to resources on a network through specific paths and the enforced path prohibits the user from accessing a resource through a different route than is authorized to that particular user. This prevents the individual from having unauthorized access to sensitive information in areas off limits to that individual. Examples of controls to implement an enforced path include establishing virtual private networks (VPNs) for specific groups within an organization, using firewalls with access control lists, restricting user menu options, and providing specific phone numbers or dedicated lines for remote access. Answer a is a distracter. Answer c, security perimeter, refers to the boundary where security controls are in effect to protect assets. This is a general definition and can apply to physical and technical (logical) access controls. In physical security, a fence may define the security perimeter. In technical access control, a security perimeter can be defined in terms of a Trusted Computing Base (TCB). A TCB is the total combination of protection mechanisms within a computer system. These mechanisms include the firmware, hardware, and software that enforce the system security policy. The security perimeter is the boundary that separates the TCB from the remainder of the system. In answer “A trusted path” a trusted path is a path that exists to permit the user to access the TCB without being compromised by other processes or users.

Question 46

Q

The data transmission method in which data is sent continuously and doesn't use either an internal clocking source or start/stop bits for timing is known as:  
A. Asynchronous 
B. Pleisiochronous 
C. Synchronous 
D. Isochronous

Answer

A

Answer: D
Explanation: Isochronous data is synchronous data transmitting without a clocking source, with the bits sent continuously and no start or stop bits. All bits are of equal importance and are anticipated to occur at regular time intervals. * asynchronous, is a data transmission method using a start bit at the beginning of the data value, and a stop bit at the end of the value. * synchronous, is a messageframed transmission method that uses clocking pulses to match the speed of the data transmission. * pleisiochronous, is a transmission method that uses more than one timing source, sometimes running at different speeds. This method may require master and slave clock devices. Source: Communications Systems and Networks by Ray Horak (M&T Books, 2000).

Question 47

Q

What is a server cluster?
A. A tape array backup implementation
B. A group of WORM optical jukeboxes
C. A primary server that mirrors its data to a secondary server
D. A group of independent servers that are managed as a single system

Answer

A

Answer: D
Explanation: The correct answer is “A group of independent servers that are managed as a single system”. A server cluster is a group of servers that appears to be a single server to the user. Answer “A primary server that mirrors its data to a secondary server” refers to redundant servers.

Question 48

Q

Which choice MOST closely depicts the difference between qualitative and quantitative risk analysis?
A. Aquantitative RAdoes not use the hard costs of losses, and a qualitative RAdoes.
B. Aquantitative RAcannot be automated.
C. Aqualitative RAuses many complex calculations.
D. Aquantitative RAuses less guesswork than a qualitative RA.

Answer

A

Answer: D
Explanation: The correct answer is “Aquantitative RAuses less guesswork than a qualitative RA”. The other answers are incorrect.

Question 49

Q

Identity-based access control is a subset of which one of the following access control categories?  
A. Discretionary access control 
B. Lattice-based access control 
C. Non-discretionary access control 
D. Mandatory access control

Answer

A

Answer: A
Explanation: The correct answer is “Discretionary access control”. Identity-based access control is a type of discretionary access control that grants access privileges based on the user’s identity. A related type of discretionary access control is user-directed access control that gives the user, with certain limitations, the right to alter the access control to certain objects

Question 50

Q

What is the Network Layer of the OSI reference model primarily responsible for?  
A. SMTP Gateway services 
B. LAN bridging 
C. Internetwork packet routing 
D. Signal regeneration and repeating

Answer

A

Answer: C
Explanation: Although many routers can perform most of the functions above, the OSI Network layer is primarily responsible for routing.
* LAN bridging, is a Data Link Layer function. * gateways, most commonly function at the higher layers. * signal regeneration and repeating, is primarily a Physical layer function. Source: CCNA Study Guide by Todd Lammle, Donald Porter, and James Chellis (Sybex, 1999).

Question 51

Q

Which level of RAID is commonly referred to as disk mirroring?  
A. RAID 5 
B. RAID 1 
C. RAID 3 
D. RAID 0

Answer

A

Answer: B
Explanation: Redundant Array of Inexpensive Disks (RAID) is a method of enhancing hard disk fault tolerance, which can improve performance (see Table A.8). RAID 1 maintains a complete copy of all data by duplicating each hard drive. Performance can suffer in some implementations of RAID 1, and twice as many drives are required. Novell developed a type of disk mirroring called disk duplexing, which uses multiple disk controller cards increasing both performance and reliability.
*RAID 0, gives some performance gains by striping the data across multiple drives, but reduces fault tolerance, as the failure of any single drive disables the whole volume. * RAID 3, uses a dedicated error-correction disk called a parity drive, and stripes the data across the other data drives. * RAID 5 uses all disks in the array for both data and error correction, increasing both storage capacity and performance.

Question 52

Q

In biometrics, a good measure of performance of a system is the:  
A. False detection. 
B. Positive acceptance rate. 
C. Sensitivity. 
D. Crossover Error Rate (CER).

Answer

A

Answer: D
Explanation: The correct answer is “Crossover Error Rate (CER)”. The other items are made-up distracters.

Question 53

Q

Which is a property of a circuit-switched network as opposed to a packetswitched network?
A. Physical, permanent connections exist from one point to another in a circuit-switched network.
B. The data is broken up into packets.
C. Packets are reassembled according to their originally assigned sequence numbers.
D. The data is sent to the next destination, which is based on the router’s understanding of the best available route.

Answer

A

Answer: A
Explanation: The correct answer is “Physical, permanent connections exist from one point to another in a circuit-switched network”. Permanent connections are a feature of circuit-switched networks.
Note: strictly speaking they aren’t physical and they aren’t permanent. A phone call is circuit-switched (well, historically). The circuit wasn’t permanent, just for the duration of the call.

Question 54

Q

Which answer below is true about the difference between TCP and UDP?
A. UDP is considered a connectionless protocol and TCP is connectionoriented.
B. TCP is considered a connectionless protocol, and UDP is connectionoriented.
C. TCP is sometimes referred to as an unreliable protocol.
D. UDP acknowledges the receipt of packets, and TCP does not.

Answer

A

Answer: A
Explanation: The correct answer is “UDP is considered a connectionless protocol and TCP is connectionoriented”. As opposed to the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP) is a connectionless protocol. It does not sequence the packets, acknowledge the receipt of packets, and is referred to as an unreliable protocol.

Question 55

Q

In a Kerberos exchange involving a message with an authenticator, the authenticator contains the client ID and which of the following?  
A. Client network address 
B. Ticket Granting Ticket (TGT) 
C. Timestamp 
D. Client/TGS session key

Answer

A

Answer: C
Explanation: A timestamp, t, is used to check the validity of the accompanying request since a Kerberos ticket is valid for some time window, v, after it is issued. The timestamp indicates when the ticket was issued. * The TGT, is comprised of the client ID, the client network address, the starting and ending time the ticket is valid (v), and the client/TGS session key. This ticket is used by the client to request the service of a resource on the network from the TGS. * The client/TGS session key, Kc, tgs, is the symmetric key used for encrypted communication between the client and TGS for this particular session. * the client network address is included in the TGT and not in the authenticator.

Question 56

Q

Which of the following is NOT a valid database model?  
A. Hierarchical 
B. Relational 
C. Object-relational 
D. Relational-rational

Answer

A

Answer: D
Explanation: The correct answer is “Relational-rational”, a distracter. The other answers are valid database models. Additional valid models include network and object-oriented databases.

Question 57

Q

Which statement is correct about ISDN Basic Rate Interface?
A. It offers 30 B channels and 1 D channel.
B. It offers 23 B channels and 1 D channel.
C. It offers 2 B channels and 1 D channel.
D. It offers 1 B channel and 2 D channels.

Answer

A

Answer: C
Explanation:
Integrated Services Digital Network (ISDN) Basic Rate Interface (BRI) offers two B channels which carry user data at 64 Kbps each, and one control and signaling D channel operating at 16 Kbps. Answer “It offers 23 B channels and 1 D channel.” describes ISDN Primary Rate Interface (PRI) for NorthAmerica and Japan , with 23 B channels at 64 Kbps and one 64 Kbps D channel, for a total throughput of 1.544 Mbps.
Answer “It offers 30 B channels and 1 D channel.” Describes ISDN PRI for Europe , Australia , and other parts of the world, with 30 64 Kbps B channels and one D channel, for a total throughput of 2.048 Mbps.
Answer “It offers 1 B channel and 2 D channels.” is a distracter. Source: Internetworking Technologies Handbook, Second Edition (Cisco Press, 1998).

Question 58

Q

A persistent collection of data items that form relations among each other is called a:  
A. Schema 
B. Database management system (DBMS) 
C. Database 
D. Data description language (DDL)

Answer

A

Answer: C
Explanation: For a database to be viable, the data items must be stored on nonvolatile media and be protected from unauthorized modification. For answer a, a DBMS provides access to the items in the database and main- tains the information in the database. *The Data description language (DDL) provides the means to define the database and schema is the description of the database.

Question 59

Q

Which of the following is NOT a network cabling type?  
A. Coaxial 
B. Token Ring 
C. Twisted Pair 
D. Fiber Optic

Answer

A

Answer: B
Explanation: The correct answer Token Ring. Token Ring is a LAN media access method, not a cabling type.

Question 60

Q

Which choice below is the BEST definition of advisory policies?
A. Non-mandated policies, but strongly suggested
B. Mandatory policies implemented as a consequence of legal action
C. Policies implemented due to public regulation
D. Policies implemented for compliance reasons

Answer

A

Answer: A
Explanation: The correct answer is “Non-mandated policies, but strongly suggested”. Advisory policies might have consequences of failure attached to them, but they are still considered nonmandatory. The other three answers are examples of mandatory, regulatory policies.

Question 61

Q

Which of the following is NOT a true statement about Network Address Translation (NAT)?
A. Private addresses can easily be routed globally.
B. NAT is used when corporations want to use private addressing ranges for internal networks.
C. NAT is designed to mask the true IP addresses of internal systems.
D. NAT translates private IP addresses to registered real IP addresses.

Answer

A

Answer: A
Explanation: The correct answer is “Private addresses can easily be routed globally” Private addresses are not easily routable; hence the reason for using NAT.

Question 62

Q

Which choice MOST accurately describes the differences between standards,
guidelines, and procedures?
A. Procedures are the general recommendations for compliance with mandatory guidelines.
B. Standards are recommended policies, and guidelines are mandatory policies.
C. Procedures are step-by-step recommendations for complying with mandatory guidelines.
D. Procedures are step-by-step instructions for compliance with mandatory standards.

Answer

A

Answer: D
Explanation: The correct answer is “Procedures are step-by-step instructions for compliance with mandatory standards”. The other answers are incorrect.

Question 63

Q

In a biometric system, the time it takes to register with the system by providing samples of a biometric characteristic is called:  
A. Set-up time. 
B. Enrollment time. 
C. Log-in time. 
D. Throughput time.

Answer

A

Answer: B
Explanation: The correct answer is “Enrollment time”.
Answers Set-up time and Log-in time are distracters.
Answer throughput, refers to the rate at which individuals once enrolled can be processed and identified or authenticated by a biometric system.

Question 64

Q

Identification is:
A. Auser providing a shared secret to the system.
B. Auser professing an identity to the system.
C. Auser providing a password to the system.
D. Auser being authenticated by the system.

Answer

A

Answer: B
Explanation: The correct answer is “Auser professing an identity to the system”. A user presents an ID to the system as identification. Answer a is incorrect because presenting an ID is not an authentication act. Answer “Auser providing a password to the system” is incorrect because a password is an authentication mechanism. Answer “Auser providing a shared secret to the system” is incorrect because it refers to cryptography or authentication.

Answer 65

A

Answer: B
Explanation: Various officials and organizational offices are typically involved with computer security. They include the following groups: Senior management Program/functional managers/application owners Computer security management Technology providers Supporting organizations Users Senior management has the final responsibility through due care and due diligence to preserve the capital of the organization and further its business model through the implementation of a security program. While senior management does not have the functional role of managing security procedures, it has the ultimate responsibility to see that business continuity is preserved.

Answer 66

A

Answer: A
Explanation: The correct answer is “To quantify the impact of potential threats”. The main purpose of performing a risk analysis is to put a hard cost or value onto the loss of a business function. The other answers are benefits of risk management but not its main purpose.

Answer 67

A

Explanation: Achecksum that is derived from a Kerberos message is used to verify the integrity of the message. This checksum may be a message digest resulting from the application of a hash function to the message. At the receiving end of the transmission, the receiving party can calculate the message digest of the received message using the identical hash algorithm as the sender. Then the message digest calculated by the receiver can be compared with the message digest appended to the message by the sender. If the two message digests match, the message has not been modified en route, and its integrity has been preserved. For answers Credentials and Tickets are authenticators used in the process of granting user access to services on the network. Answer “A trusted, third-party authentication server” is the AS or authentication server that conducts the ticket-granting process.

Answer 68

A

Answer: D
Explanation: The correct answer is T1. A T1 line is a type of leased line, which uses a dedicated, point-to-point technology.

Answer 69

A

Answer: D
Explanation: Common types of self-testing techniques include: Network Mapping Vulnerability Scanning Penetration Testing Password Cracking Log Review Virus Detection War Dialing Some testing techniques are predominantly human-initiated and conducted, while other tests are highly automated and require less human involvement. The staff that initiates and implements in-house security testing should have significant security and networking knowledge. These testing techniques are often combined to gain a more comprehensive assessment of the overall network security posture. For example, penetration testing almost always includes network mapping and vulnerability scanning to identify vulnerable hosts and services that may be targeted for later penetration. None of these tests by themselves will provide a complete picture of the network or its security posture. Source: NIST Special Publication 800-42, DRAFT Guideline on Network Security Testing.

Answer 70

A

Answer: C
Explanation: The correct answer is “There are frequent personnel changes in an organization.”. Role-based access control is part of nondiscretionary access control. The other options relate to mandatory access control.

Answer 71

A

Answer: B
Explanation: The correct answer is “The testing or reconciliation of evidence of a user’s identity”. Answer “The means by which a user provides a claim of his or her identity to a system” is identification, “A system’s capability to determine the actions and behavior of a single individual within a system” is accountability, and “The rights and permissions granted to an individual to access a computer resource” is authorization.

Answer 72

A

Answer: B
Explanation: The correct answer is IP. IP operates at the network layer of the OSI model and at the Internet layer of the TCP/IP model. FTP operates at the application layer of the TCP/IP model, which is roughly similar to the top three layers of the OSI model: the Application, Presentation, and Session layers. TCP and UDP both operate at the OSI Transport layer, which is similar to the TCP/IP Host-to-host layer.

Answer 73

A

Answer: A
Explanation: The correct answer is “Coax consists of a hollow outer cylindrical conductor surrounding a single, inner conductor”. Coax consists of a hollow outer cylindrical conductor surrounding a single, inner wire conductor. Answer “Coax consists of two insulated wires wrapped around each other in a regular spiral pattern” describes UTP. Coax requires fixed spacing between connections, and answer “Coax carries signals as light waves” describes fiber-optic cable.

Answer 74

A

Answer: B
Explanation: The other three address ranges can be used for Network Address Translation (NAT). While NAT is, in itself, not a very effective security measure, a large network can benefit from using NAT with Dynamic Host Configuration Protocol (DHCP) to help prevent certain internal routing information from being exposed. The address 127.0.0.1 is called the loopback address. Source: Designing Network Security by Merike Kaeo (Cisco Press, 1999).

Answer 75

A

Answer: D
Explanation:

Answer 76

A

Answer: B
Explanation: The correct answer is “Analog signals cannot be used for data communications”. The other
answers are all properties of analog or digital signals.

Answer 77

A

Answer: C
Explanation: The correct answer is “Takes an IP address and finds out the MAC address to which it belongs”. ARP starts with an IP address, then queries the network to find the MAC or hardware address of the workstation to which it belongs.
ICMP performs “Sends messages to the devices regarding the health of the network”. RARP performs “Takes a MAC address and finds an IP address to match”. FTP performs “Facilitates file transfers”.

Answer 78

A

Answer: B
Explanation: In answer a, an access control list (ACL) is a list denoting which users have what privileges to a particular resource. Table illustrates an ACL. The table shows the subjects or users that have access to the object, FILE X and what privileges they have with respect to that file. For answer “An access control triple”, an access control triple consists of the user, program, and file with the corresponding access privileges noted for each user.
The TCB, of answer “A Trusted Computing Base (TCB”, is defined in the answers as the total combination of protection mechanisms within a computer system. These mechanisms include the firmware, hardware, and software that enforce the system security policy.

Answer 79

A

Answer: D
Explanation: The correct answer is “Least privilege”. Least privilege, in the database context, requires that subjects be granted the most restricted set of access privileges to the data in the database that are consistent with the performance of their tasks.
Separation of duties, assigns parts of security-sensitive tasks to several individuals.
Entity integrity requires that each row in the relation table must have a non-NULL attribute. Relational integrity, answer d, refers to the requirement that for any foreign key attribute, the referenced relation must have the same value for its primary key.

Answer 80

A

Answer: B
Explanation: Any combination of the following techniques can be used in gathering information relevant to the IT system within its operational boundary: Questionnaire. The questionnaire should be distributed to the applicable technical and nontechnical management personnel who are designing or supporting the IT system. On-site Interviews. On-site visits also allow risk assessment personnel to observe and gather information about the physical, environmental, and operational security of the IT system. Document Review. Policy documents, system documentation, and security-related documentation can provide good information about the security controls used by and planned for the IT system. Use of Automated Scanning Tools. Proactive technical methods can be used to collect system information efficiently. Source: NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems.

Answer 81

A

Answer: D
Explanation: The correct answer is “Altering elements of the enterprise in response to a risk analysis”. Answer “Removing all risk to the enterprise at any cost” is not possible or desirable, “Assigning any costs associated with risk to a third party” is risk transference, and “Assuming all costs associated with the risk internally” is risk acceptance.

Answer 82

A

Answer: D
Explanation: The correct answer is “They are statements that indicate a senior management’s intention to support InfoSec”. High-level policies are senior management statements of recognition of the importance of InfoSec controls.

Answer 83

A

Answer: A
Explanation: The correct answer is “Acontrol designed to counteract a threat”. Answer “Aguideline for policy recommendations” is a guideline, “Astep-by-step instructional procedure” is a procedure, and “Acontrol designed to counteract an asset” is a distracter.

Answer 84

A

Answer: D
Explanation: The correct answer is “Takes a MAC address and finds an IP address to match”, the reverse of ARP. The Reverse Address Resolution Protocol knows a MAC (Media Access Control) address and asks the RARP server to match it with an IP address.

Answer 85

A

Answer: B
Explanation: The correct answer is “Operates at Layer 3, the Network Layer”. A bridge operates at Layer 2 and therefore does not use IP addressing to make routing decisions.

Answer 86

A

Answer: A
Explanation: Biometrics applied to identification of an individual is a one-tomany search where an individual’s physiological or behavioral characteristics are compared to a database of stored information. An example would be trying to match a person’s fingerprints to a set in a national database of fingerprints. This search differs from the biometrics search for authentication in answer “Biometrics for authentication”. That search would be a one-toone comparison of a person’s physiological or behavioral characteristics with their corresponding entry in an authentication database. Answer “motion detectors” is a type of detective physical control and answer d is a detective/technical control.

Answer 87

A

Answer: B
Explanation: The correct answer is “The percentage of loss that a realized threat event would have on a specific asset”. Answer “Adollar figure that is assigned to a single event” is an SLE, “Anumber that represents the estimated frequency of the occurrence of an expected threat” is an ARO, and “The annual expected financial loss to an organization from a threat” is an ALE.

Answer 88

A

Answer: C
Explanation: The correct answer is Third-generation firewall. A stateful inspection firewall is considered a thirdgeneration firewall.

Answer 89

A

Answer: B
Explanation: The correct answer is Reactive. Reactive is not a backup method.

Answer 90

A

Answer: A
Explanation: The rows of an access control matrix indicate the capabilities that users have to a number of resources. An example of a row in the access control matrix showing the capabilities of user JIM is given in Table. Answer columns, columns in the access control matrix, define the access control list. Answer “Rows and columns” is incorrect since capabilities involve only the rows of the access control matrix. Answer “Access control list”
is incorrect since an ACL, again, is a column in the access control matrix.

Answer 91

A

Answer: A
Explanation: The correct answer is Regulatory. Answer Advisory, advisory policies, might specify penalties for non-compliance, but regulatory policies are required to be followed by the organization. Answers Guidelines and Informative are informational or recommended policies only.

Answer 92

A

Answer: A
Explanation: The correct answer is SLE × ARO. Answer Asset Value (AV) × EF is the formula for an SLE, and answers ARO × EF - SLE and % of ARO ×AV are nonsense.

Answer 93

A

Answer: C
Explanation:

Answer 94

A

Answer: D
Explanation: Computer security policy is often defined as the documentation of computer security decisions. The term policy has more than one meaning. Policy is senior management’s directives to create a computer security program, establish its goals, and assign responsibilities. The term policy is also used to refer to the specific security rules for particular systems. Additionally, policy may refer to entirely different matters, such as the specific managerial decisions setting an organization’s e-mail privacy policy or fax security policy. A security policy is an important document to develop while designing an information system, early in the System Development Life Cycle (SDLC). The security policy begins with the organization’s basic commitment to information security formulated as a general policy statement. The policy is then applied to all aspects of the system design or security solution. Source: NIST Special Publication 800-27, Engineering Principles for Information Technology Security (A Baseline for Achieving Security).

Answer 95

A

Answer: C
Explanation: The first three bytes (or first half) of the six-byte MAC address is the manufacturer’s identifier (see Table). This can be a good troubleshooting aid if a network device is acting up, as it will isolate the brand of the failing device. The other answers are distracters. Source: Mastering Network Security by Chris Brenton (Sybex, 1999).

Answer 96

A

Answer: A
Explanation: While Kerberos is the primary mechanism, system administrators may also use alternative authentication services running under the Security Support Provider Interface (SSPI). Answer hash
functions, are used for digital signature implementations. Answer SESAME is incorrect. It is the Secure European System for Applications in a Multivendor Environment. SESAME performs similar functions to Kerberos, but uses public key cryptography to distribute the secret keys. Answer “Public key certificates” is incorrect, since public key certificates are not used in the Windows 2000 primary authentication approach.

Answer 97

A

Answer: C
Explanation: The correct answer is “Assurance procedures”.
Accountability, answer a, refers to the ability to determine the actions and behaviors of a single individual within a system and to identify that individual. Answer “Authentication procedures” involves testing or reconciling of evidence of a user’s identity in order to establish that identity. Answer “Trustworthy procedures” is a distracter.

Answer 98

A

Answer: D
Explanation:

Answer 99

A

Answer: B
Explanation: The correct answer is Views. Candidate keys, are the set of unique keys from which the primary key is selected. Answer joins indicates operations that can be performed on the database, and the attributes denote the columns in the relational table.

Answer 100

A

Answer: A
Explanation: User configuration of nonuser-configured authentication mechanisms is not supported by the Open Group SSO interface objectives. Authentication mechanisms include items such as smart cards and magnetic badges. Strict controls must be placed to prevent a user from changing configurations that are set by another authority. Objective a supports the incorporation of a variety of authentication schemes and technologies. Answer c states that the interface functional objectives do not require that all sign-on operations be performed at the same time as the primary sign on. This prevents the creation of user sessions with all the available services even though these services are not needed by the user.
The creation of a default user profile will make the sign-on more efficient and less time-consuming. In summary, the scope of the Open Group Single Sign-On Standards is to define services in support of: The development of applications to provide a common, single end-user sign-on interface for an enterprise. The development of applications for the coordinated management of multiple user account management information bases maintained by an enterprise.

Answer 101

A

Answer: C
Explanation: An organization should address computer security incidents by developing an incident-handling capability. The incident-handling capability should be used to: Provide the ability to respond quickly and effectively. Contain and repair the damage from incidents. When left unchecked, malicious software can significantly harm an organization’s computing, depending on the technology and its connectivity. Containing the incident should include an assessment of whether the incident is part of a targeted attack on the organization or an isolated incident. Prevent future damage. An incident-handling capability should assist an organization in preventing (or at least minimizing) damage from future incidents. Incidents can be studied internally to gain a better understanding of the organization’s threats and vulnerabilities. Source: NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems.

Answer 102

A

Answer: B
Explanation: The correct answer is Internet. The Internet Layer is a TCP/IP architecture model layer.

Answer 103

A

Answer: B
Explanation: The correct answer is SQL. All other answers do not apply.

Answer 104

A

Answer: D
Explanation: Feature extraction algorithms are a subset of signal/image processing and are used to extract the key biometric information from a sample that has been taken from an individual. Usually, the sample is taken in an environment that may have noise and other conditions that may affect the raw sample image. Neural networks are an example of a feature extraction approach.
Answer “enrollment” refers to the process of collecting samples that are averaged and then stored to use as a reference base against which future samples are compared.
Answer “False rejection” refers to the false rejection in biometrics. False rejection is the rejection of an authorized user because of a mismatch between the sample and the reference template. Conversely, false acceptance is the acceptance of an unauthorized user because of an incorrect match to the template of an authorized user. The corresponding measures in percentage are the False Rejection Rate (FRR) and False Acceptance Rate (FAR).
For answer diagraphs refer to sets of average values compiled in the biometrics area of keystroke dynamics. Keystroke dynamics involves analyzing the characteristics of a user typing on a keyboard. Keystroke duration samples as well as measures of the latency between keystrokes are taken and averaged. These averages for all pairs of keys are called diagraphs. Tri- graphs, sample sets for all key triples, can also be used as biometric samples.

Answer 105

A

Answer: C
Explanation: SESAME uses public key cryptography for the distribution of secret keys. In addition, SESAME employs the MD5 and crc32 oneway hash functions. A weakness in SESAME is that, similar to Kerberos, it is subject to password guessing.

Answer 106

A

Answer: D
Explanation: The correct answer is “Session keys”. Session keys are temporary keys assigned by the KDC and used for an allotted period of time as the secret key between two entities. Answer a is incorrect because it refers to asym- metric encryption that is not used in the basic Kerberos protocol. Answer Passwords is incorrect because it is not a key, and answer Tokens is incorrect because a token generates dynamic passwords.

Answer 107

A

Answer: D
Explanation: The correct answer is Employees. Internal personnel far and away constitute the largest amount of dollar loss due to unauthorized or inappropriate computer use.

Answer 108

A

Answer: C
Explanation: The security kernel implements the reference model concept. The reference model must have the following characteristics: It must mediate all accesses. It must be protected from modification. It must be verifiable as correct. Answer “the authorization database” is used by the reference monitor to mediate accesses by subjects to objects. When a request for access is received, the reference monitor refers to entries in the authorization database to verify that the operation requested by a subject for application to an object is permitted. The authorization database has entries or authorizations of the form subject, object, access mode.
In answer “Identification and authentication (I & A) mechanisms”, the I & A operation is separate from the reference monitor. The user enters his/her identification to the I & A function. Then the user must be authenticated. Authentication is verification that the user’s claimed identity is valid. Authentication is based on the following three factor types: Type 1. Something you know, such as a PIN or password Type 2. Something you have, such as an ATM card or smart card Type 3. Something you are (physically), such as a fingerprint or retina scan
Answer “The auditing subsystem” is a key complement to the reference monitor. The auditing subsystem is used by the reference monitor to keep track of the reference monitor’s activities. Examples of such activities include the date and time of an access request, identification of the subject and objects involved, the access privileges requested and the result of the request.

Answer 109

A

Answer: C
Explanation: The Layer Two Tunneling Protocol (L2TP) is a layer two tunneling protocol that allows a host to establish a virtual connection. Although L2TP, an enhancement to Layer Two Forwarding Protocol (L2F) and supporting some features of Point to Point Tunneling Protocol (PPTP), may coexist with IPSec, it is not natively an IPSec component. Answer a, the Authentication Header (AH), is an authenticating protocol that uses a hash signature in the packet header to validate the integrity of the packet data and the authenticity of the sender.
* the Security Association (SA), is a component of the IPSec architecture that contains the information the IPSec device needs to process incoming and outbound IPSec packets. IPSec devices embed a value called the Security Parameter Index (SPI) in the header to associate a datagram with its SA, and store SAs in a Security Association Database (SAD). * the Encapsulating Security Payload (ESP), is an authenticating and encrypting protocol that provides integrity, source authentication, and confidentiality services. Source: Implementing IPSec by Elizabeth Kaufman and Andrew Newman (Wiley, 1999)

Answer 110

A

Answer: C
Explanation: System audits and monitoring are the two methods organizations use to maintain operational assurance. Although the terms are used loosely within the computer security community, a system audit is a one-time or periodic event to evaluate security, whereas monitoring refers to an ongoing activity that examines either the system or the users. In general, the more real-time an activity is, the more it falls into the category of monitoring. Source: NIST Special Publication 800- 14, Generally Accepted Principles and Practices for Securing Information Technology Systems.

Answer 111

A

Answer: C
Explanation: The correct answer is “Discretionary access control”. Answers “Mandatory access control” and “Rule-based access control.” require strict adherence to labels and clearances. Answer “Sensitivity-based access control.” is a made-up distracter.

Answer 112

A

Answer: C
Explanation: The correct answer is “The type of workstation used.”. The type of workstation used as the platform is not the determining factor. The other options are determining factors.

Answer 113

A

Answer: B
Explanation: The correct answer is “Threats, vulnerabilities, and risks”. Threats define the possible source of security policy violations; vulnerabilities describe weaknesses in the system that might be exploited by the threats; and the risk determines the probability of threats being realized. All three items must be present to meaningfully apply access control. Therefore, the other answers are incorrect

Answer 114

A

Answer: B
Explanation:  In answer "Context-dependent", access is determined by the context of the decision as opposed to the information contained in the item being accessed. The latter is referred to as content-dependent access control. In content- dependent access control, for example, the manager of a department may be authorized to access employment records of a department employee, but may not be permitted to view the health records of the employee. * The term positive in access control refers to positive access rights, such as read or write. Denial rights, such as denial to write to a file, can also be conferred upon a subject. * Information flowdescribes a class of access control models. An informa- tion flow model is described by the set consisting of object, flow policy, states, and rules describing the transitions among states.

Answer 115

A

Answer: A
Explanation: The correct answer is “Using a hidden, unauthorized network connection to communicate unauthorized information”. A Covert Channel is a connection intentionally created to transmit unauthorized information from inside a trusted network to a partner at an outside, untrusted node.
Answer “Socially engineering passwords from an ISP” is called masquerading.

Answer 116

A

Answer: A
Explanation: The correct answer is candidate keys by definition. Answer Foreign keys is incorrect because a foreign key in one table refers to a primary key in another. Answer Secondary keys is a made-up distracter, and answer Cryptographic key refers to keys used in encipherment and decipherment.

Answer 117

A

Answer: D
Explanation: The other options are the three principles of integrity. Answer “Prevention of authorized modifications by unauthorized users” is a distracter and does not make sensE. * Internal consistency ensures that internal data correlate. For example, the total number of a particular data item in the database should be the sum of all the individual, non-identical occurrences of that data item in the database. External consistency requires that the database content be consistent with the real world items that it represents.

Answer 118

A

Answer: C
Explanation: The correct answer is “10 Mbps thicknet coax cabling rated to 500 meters maximum length”. Answer “10 Mbps thinnet coax cabling rated to 185 meters maximum length” refers to 10Base-2. 10 Mbps baseband optical fiber refers to 10Base-F. 100 Mbps unshielded twisted pair cabling to 100Base-T.

Answer 119

A

Answer: A
Explanation: Answer “An estimate of how often a given threat event may occur annually” describes the Annualized Rate of Occurrence (ARO). Answer “The percentile of the value of the asset expected to be lost, used to calculate the SLE” describes the Exposure Factor (EF). Answer “A value determined by multiplying the value of the asset by its exposure factor” describes the algorithm to determine the Single Loss Expectancy (SLE) of a threat.

Answer 120

A

Answer: C
Explanation: Often, managerial computer system security policies are categorized into three basic types: Program policy used to create an organization’s computer security program Issue-specific policies used to address specific issues of concern to the organization System-specific policies technical directives taken by management to protect a particular system Program policy and issue-specific policy both address policy from a broad level, usually encompassing the entire organization. However, they do not provide sufficient information or direction, for example, to be used in establishing an access control list or in training users on what actions are permitted. System-specific policy fills this need. System-specific policy is much more focused, since it addresses only one system. Table A.1 helps illustrate the difference between these three types of policies. Source: National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special Publica- tion 800-12.

Answer 121

A

Answer: B
Explanation: The Challenge Handshake Authentication Protocol (CHAP) is used at the startup of a remote link to verify the identity of a remote node.
* The Simple Mail Transfer Protocol (RFCs 821 and 1869), is used by a server to deliver e-mail over the Internet. * the Post Office Protocol (RFC 1939), enables users to read their email by downloading it from a remote server on to their local computer.
* the Internet Message Access Protocol (RFC 2060), allows users to read their e-mail on a remote server, without downloading the mail locally. Source: Handbook of Computer Crime Investigation Edited by Eoghan Casey (Academic Press, 2002).

Answer 122

A

Answer: A
Explanation: Kerberos directly addresses the confidentiality and also the integrity of information.
* attacks such as frequency analysis are not considered in the basic Kerberos implementation. In addition, the Kerberos protocol does not directly address availability issues. (Answer Availability.) For answer “Physical attac”, since the Kerberos TGS and the authentication servers hold all the secret keys, these servers are vulnerable to both physical attacks and attacks from malicious code. In the Kerberos exchange, the client workstation temporarily holds the client’s secret key, and this key is vulnerable to compromise at the workstation.

Answer 123

A

Answer: D
Explanation: The correct answer is “Features extracted from the fingerprint are store”. The features extracted from the fingerprint are stored. Answer “The full fingerprint is stored” is incorrect because the equivalent of the full fingerprint is not stored in finger scan technology. Answers “More storage is required than in fingerprint technology” and “The technology is applicable to large, one-to-many database searches” are incorrect because the opposite is true of finger scan technology.

Answer 124

A

Answer: D
Explanation: The correct answer is UTP. UTP stands for unshielded twisted pair wiring.

Answer 125

A

Answer: B
Explanation: The correct answer is “Carrier Sense Multiple Access”. The other acronyms do not exist.

Answer 126

A

Answer: C
Explanation: The correct answer is SNMP, Simple Mail Transport Protocol. It queues and transfers email. SNMP stands for Simple Network Management Protocol. ICMP stands for Internet Control Message Protocol. RARP stands for Reverse Address Resolution Protocol

Answer 127

A

Answer: C
Explanation: The correct answer is Relation. The fundamental entity in a relational database is the relation in the form of a table. Answer Domain is the set of allowable attribute values, and answers Pointer and Cost are distracters.

Answer 128

A

Answer: C
Explanation: The correct answer is “Connection-oriented network”. Packet-switched networks are considered connectionless networks; circuit-switched networks are considered connection-oriented.

Answer 129

A

Answer: A
Explanation:

Answer 130

A

Answer: B
Explanation: An example is the use of a GPRS-enabled laptop that connects to a corporate intranet via a VPN. The laptop is given an IP address and a RADIUS server authenticates the user. IPSEC is used to create the VPN. As background, GPRS is a second-generation (2G) packet data technology that is overlaid on existing Global System for Mobile communications (GSM). GSM is the wireless analog of the ISDN landline system. The key features of GPRS are that it is always on line (no dial-up needed), existing GSM networks can be upgraded with GPRS, and it can serve as the packet data core of third generation (3G) systems.
Answers SSL and TLS are similar security protocols that are used on the Internet side of the Wireless Application Protocol (WAP) Gateway.
For answer WTP is the Wireless Transaction Protocol that is part of the WAP suite of protocols. WTP is a lightweight, message-oriented, transaction protocol that provides more reliable connections than UDP, but does not have the robustness of TCP.

Answer 131

A

Answer: B
Explanation: Monitoring employee performance is not an example of security management, or a job function of the Information Security Officer. Employee performance issues are the domain of human resources and the employee’s manager. The other three choices are appropriate practice for the information security area.

Answer 132

A

Answer: C
Explanation: The correct answer is “A weakness in a system that could be exploited”. Answer “A company resource that could be lost due to an incident” describes an asset, answer “The minimization of loss associated with an incide” describes risk management, and answer “A potential incident that could cause harm”describes a threat.

Answer 133

A

Answer: A
Explanation: The correct answer is Schema. The other answers are portions of a relation or table.

Answer 134

A

Answer: D
Explanation: Organizations should ensure effective administration of users’ computer access to maintain system security, including user account management, auditing, and the timely modification or removal of access. This includes: User Account Management. Organizations should have a process for requesting, establishing, issuing, and closing user accounts, tracking users and their respective access authorizations, and managing these functions. Management Reviews. It is necessary to periodically review user accounts. Reviews should examine the levels of access each individual has, conformity with the concept of least privilege, whether all accounts are still active, whether management authorizations are up-to-date, and whether required training has been completed. Detecting Unauthorized/Illegal Activities. Mechanisms besides auditing and analysis of audit trails should be used to detect unauthorized and illegal acts, such as rotating employees in sensitive positions, which could expose a scam that required an employee’s presence, or periodic re-screening of personnel. Source: NIST Special Publication 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems.

Answer 135

A

Answer: B
Explanation: The correct answer is RING. FDDI is a RING topology, like Token Ring

Answer 136

A

Answer: D
Explanation: A brute force attack is an attempt to use all combinations of key patterns to decipher a message. The other three attacks are commonly used to create a Denial of Service (DoS).
* Ping of Death, exploits ICMP by sending an illegal ECHO packet of >65K octets of data, which can cause an overflow of system variables and lead to a system crash. * SMURF, is a type of attack using spoofed ICMP ECHO requests to broadcast addresses, which the routers attempt to propagate, congesting the network. Three participants are required for a SMURF attack: the attacker, the amplifying network, and the victim. * a TCP SYN flood attack, generates phony TCP SYN packets from random IP addresses at a rapid rate to fill up the connection queue and stop the system from accepting legitimate users. Source: Hacking Exposed by Stuart McClure, Joel Scambray, and George Kurtz (Osborne, 1999)

Answer 137

A

Answer: A 
Explanation:  Table shows the correspondence between the two models. In comparing the two models, a class is similar to a relation; however, a relation does not have the inheritance property of a class. An attribute in the object model is similar to the column of a relational table. The column has limitations on the data types it can hold while an attribute in the object model can use all data types that are supported by the Java and C++ languages. An instance object in the object model corresponds to a tuple in the relational model. Again  the data structures of the tuple are limited while those of the instance object can use data structures of Java and C++.

Answer 138

A

Answer: A
Explanation: The 802.1D spanning tree protocol is an Ethernet link-management protocol that provides link redundancy while preventing routing loops. Since only one active path can exist for an Ethernet network to route properly, the STP algorithm calculates and manages the best loop-free path through the network.
IEEE 802.5 specifies a token-passing ring access method for LANs. IEEE 802.3 specifies an Ethernet bus topology using Carrier Sense Multiple Access Control/Carrier Detect (CSMA/CD). IEEE 802.11 is the IEEE standard that specifies 1 Mbps and 2 Mbps wireless connectivity in the 2.4 MHz ISM (Industrial, Scientific, Medical) band. Source: Designing Network Security by Merike Kaeo (Cisco Press, 1999).

Answer 139

A

Answer: C
Explanation: The correct answer is “Wraps data from one layer around a data packet from an adjoining layer”. Data Encapsulation attaches information from one layer to the packet as it travels from an adjoining layer. The OSI-layered architecture model creates seven layers. The TCP/IP protocol UDP provides best effort packet delivery, and a tokenpassing transmission scheme creates a deterministic network because it is possible to compute the maximum predictable delay.

Answer 140

A

Answer: A
Explanation: The correct answer is “Are useful in storing and manipulating complex data, such as images and graphics”. The other answers are false, because for answer “Are ideally suited for text-only information” relational databases are ideally suited to text-only information, “Require minimal learning time for programmers” and “Consume minimal system resources”. OODB systems have a steep learning curve and consume a large amount of system resources.

Answer 141

A

Answer: A
Explanation: The correct answer is “Accountability of responsible individuals”. Accountability is holding individuals responsible for their actions. The other options are the three goals of integrity.

Answer 142

A

Answer: C
Explanation: The correct answer is “Defining the acceptable level of risk the organization can tolerate, and reducing risk to that level “. The goal of risk mitigation is to reduce risk to a level acceptable to the organization. Therefore risk needs to be defined for the organization through risk analysis, business impact assessment, and/or vulnerability assessment. Answer “Analyzing and removing all vulnerabilities and threats to security within the organization” is not possible. Answer “Defining the acceptable level of risk the organization can tolerate, and assigning any costs associated with loss or disruption to a third party, such as an insurance carrier” is called risk transference. Answer “Analyzing the effects of a business disruption and preparing the company’s response “ is a distracter.

Answer 143

A

Answer: A
Explanation: Abase relation exists in the database while a view is a virtual relation that is not stored in the database. A view is derived by the SQL definition and is developed from base relations or, possibly, other views. An attribute, is a column in a relation table and a domain is the set of permissible values of an attribute.

Answer 144

A

Answer: C
Explanation: The correct answer is “The ability to recover from a reset with the permissions set to cllow all”. Permissions should be set to deny all during reset.

Answer 145

A

Explanation: The correct answer is a. UTP Category 4 cabling is common in later Token Ring networks and is rated for up to 16 Mbps.
Answer b, category 5, is rated for 100Mbps; answer c is rated for 155 Mbps; and answer d is rated for 1Gbps.

Answer 146

A

Answer: B
Explanation: When querying a database for statistical information, individually identifiable information should be protected. Thus, requiring a minimum size for the query set (greater than one) offers protection against gathering information on one individual. However, an attack may consist of gathering statistics on a query set size M, equal to or greater than the minimum query set size, and then requesting the same statistics on a query set size of M + 1. The second query set would be designed to include the individual whose information is being sought surreptitiously.
*Thus with answer “Specifying a minimum query set size, but prohibiting the querying of all but one of the records in the database”, this type of attack could not take place. * Answer “Specifying a minimum query set size” is, therefore, incorrect since it leaves open the loophole of the M+1 set size query. Answers “Specifying a maximum query set size” and “Specifying a maximum query set size, but prohibiting the querying of all but one of the records in the database” are incorrect since the critical metric is the minimum query set size and not the maximum size. Obviously, the maximum query set size cannot be set to a value less than the minimum set size.

Answer 147

A

Answer: C
Explanation: Friendly terminations should be accomplished by implementing a standard set of procedures for outgoing or transferring employees. This normally includes: Removal of access privileges, computer accounts, authentication tokens. The control of keys. The briefing on the continuing responsibilities for confidentiality and privacy. Return of property. Continued availability of data. In both the manual and the electronic worlds this may involve documenting procedures or filing schemes, such as how documents are stored on the hard disk, and how they are backed up. Employees should be instructed whether or not to clean up their PC before leaving. If cryptography is used to protect data, the availability of cryptographic keys to management personnel must be ensured. Given the potential for adverse consequences during an unfriendly termination, organizations should do the following: System access should be terminated as quickly as possible when an employee is leaving a position under less-than-friendly terms. If employees are to be fired, system access should be removed at the same time (or just before) the employees are notified of their dismissal. When an employee notifies an organization of the resignation and it can be reasonably expected that it is on unfriendly terms, system access should be immediately terminated. During the notice of termination period, it may be necessary to assign the individual to a restricted area and function. This may be particularly true for employees capable of changing programs or modifying the system or applications. In some cases, physical removal from the offices may be necessary. Source: NIST Special Publication 800-14 Generally Accepted Principles and Practices for Securing Information Technology Systems.

Answer 148

A

Answer: B
Explanation: The other options describe policies. Guidelines, standards, and procedures often accompany policy, but always follow the senior level management’s statement of policy. Procedures, standards, and guidelines are used to describe how these policies will be implemented within an organization. Simply put, the three break down as follows: Standards specify the use of specific technologies in a uniform way (for example, the standardization of operating procedures). Guidelines are similar to standards but are recommended actions. Procedures are the detailed steps that must be performed for any task.

Answer 149

A

Answer: B
Explanation: The correct answer is “Definition of business recovery roles”. The first three answers are common results of a risk analysis to determine the probability and effect of threats to company assets. Answer “Definition of business recovery roles”is a distracter.

Answer 150

A

Answer: C
Explanation: Keystroke monitoring is associated with the auditing function and not access control. For answer a, the identity of the user is a criterion for access control. The identity must be authenticated as part of the I & A process.
Answer Role refers to role-based access control where access to information is determined by the user’s job function or role in the organization. Transactions refer to access control through entering an account number or a transaction number, as may be required for bill payments by telephone, for example.

Answer 151

A

Answer: A
Explanation: Risk is a function of the likelihood of a given threat-source’s exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization. Risk assessment is the first process in the risk management methodology. The risk assessment process helps organizations identify appropriate controls for reducing or eliminating risk during the risk mitigation process. To determine the likelihood of a future adverse event, threats to an IT system must be analyzed in conjunction with the potential vulnerabilities and the controls in place for the IT system. The likelihood that a potential vulnerability could be exercised by a given threatsource can be described as high, medium, or low. Impact refers to the magnitude of harm that could be caused by a threat’s exploitation of a vulnerability. The determination of the level of impact produces a relative value for the IT assets and resources affected. Source: NIST Special Publication 800-30, Risk Management Guide for Information Tech- nology Systems.

Answer 152

A

Answer: A
Explanation: The correct answer is multicast. Unicast describes a packet sent from a single source to a single destination. Broadcast describes a packet sent to all nodes on the network segment. Anycast, refers to communication between any sender and the nearest of a group of receivers in a network.

Answer 153

A

Answer: B
Explanation: The correct answer is “Data alterer”. Data owners, custodians, and users all have defined roles in the process of information classification. Answer “Data alterer” is a distracter.

Answer 154

A

Answer: B
Explanation: The correct answer is “APIN and an ATM card”. These items are something you know and something you have. Answer “A password and an ID” is incorrect because essentially, only one factor is being used: something you know (password.).
Answer “An ID and a PIN” is incorrect for the same reason. Answer “A finger print” is incorrect because only one biometric factor is being used.

Answer 155

A

Answer: B
Explanation: A cut-through switch provides less latency than a store-and forward switch, as it forwards the frame before it has received the complete frame. However, cut-through switches may also forward defective or empty packets. Source: Virtual LANs by Mariana Smith (McGraw-Hill, 1998).

Answer 156

A

Answer: B
Explanation: Answer “The ISO establishes the overall goals of the organization’s computer security program” is a responsibility of senior management. Answer “The ISO is responsible for examining systems to see whether they are meeting stated security requirements” is a description of the role of auditing. Answer “The ISO is responsible for following security procedures and reporting security problems” is the role of the user, or consumer, of security in an organization.

Answer 157

A

Answer: B
Explanation: The correct answer is “Static password.”. In answer a, the password changes at each logon. For answer Passphrase, a passphrase is a long word or phrase that is converted by the system to a password. In answer “One-time pad”, a one-time pad refers to a using a random key only once when sending a cryptographic message.

Answer 158

A

Answer: C
Explanation: The correct answer is Redundant Arrays of Intelligent Disks. The other acronyms do not exist.

Answer 159

A

D. Single sign-on
Answer: B
Explanation: In general, security credentials produced by one EAM solution are not recognized by another implementation. Thus, reauthentication is required when linking from one Web site to another related Web site if the sites have different EAM implementations.
Answer “Single sign-on” (SSO) is approached in a number of ways. For example, SSO can be implemented on Web applications in the same domain residing on different servers by using nonpersistent, encrypted cookies on the client interface. This is accomplished by providing a cookie to each application that the user wishes to access. Another solution is to build a secure credential for each user on a reverse proxy that is situated in front of the Web server. The credential is, then, presented at each instance of a user attempting to access protected Web applications. For answer b, most EAM solutions accommodate a variety of authentication technologies, including tokens, ID/passwords and digital certificates. Similarly, for answer c, EAM solutions support role-based access controls, albeit they may be implemented in different fashions. Enterprise-level roles should be defined in terms that are universally accepted across most ecommerce applications.

Answer 160

A

Answer: C
Explanation: The correct answer is VoIP. VoIP stands for Voice-Over-IP, a digital telephony technology.

Answer 161

A

Answer: C
Explanation: The correct answer is “Reduce the risk to a tolerable level. Risk can never be eliminated, and Risk Management must find the level of risk the organization can tolerate and still function effectively.

Answer 162

A

Answer: A
Explanation: The correct answer is “Replaces older Frame Relay-switched networks”. TACACS+ has nothing to do with Frame Relay networks.

Answer 163

A

Answer: B
Explanation: The Routing Information Protocol (RIP) bases its routing path on the distance (number of hops) to the destination. RIP maintains optimum routing paths by sending out routing update messages if the network topology changes. For example, if a router finds that a particular link is faulty, it will update its routing table, then send a copy of the modified table to each of its neighbors.
* the Open Shortest Path First (OSPF) is a link-state hierarchical routing algorithm intended as a successor to RIP. It features least-cost routing, multipath routing, and load balancing. * the Internet Gateway Routing Protocol (IGRP) is a Cisco protocol that uses a composite metric as its routing metric, including bandwidth, delay, reliability, loading, and maximum transmission unit. * the Extensible Authentication Protocol (EAP), is a general protocol for PPP authentication that supports multiple remote authentication mechanisms. Source: Introduction to Cisco Router Configuration edited by Laura Chappell (Cisco Press, 1999).

Answer 164

A

Answer: D
Explanation: The correct answer is “Trivial File Transfer Protocol”. The other acronyms do not exist.

Answer 165

A

Answer: B
Explanation: One attack that can be applied when call back is used for remote, dial-up connections is that the caller may not hang up. If the caller had been previously authenticated and has completed his/her session, a live connection into the remote network will still be maintained. Also, an unauthenticated remote user may hold the line open, acting as if call-back authentication has taken place. Thus, an active disconnect should be effected at the computing resource’s side of the line. Answer “Breaking of a dial-up connection at the remote user’s side of the line” is not correct since it involves the caller hanging up. Answer “call forwarding” is a feature that should be disabled, if possible, when used with call-back schemes. With call back, a cracker can have a call forwarded from a valid phone number to an invalid phone number during the call-back process. Answer “Call enhancement” is a distracter.

Answer 166

A

Answer: C
Explanation: The correct answer is “Data normalization”. Normalization includes eliminating redundant data and eliminating attributes in a table that are not dependent on the primary key of that table. In answer a, a database management system (DBMS) provides access to the database and is used for maintaining the database. Answers “Data integrity” and “Data reuse” are distracters.

Answer 167

A

Answer: D
Explanation: The correct answer is 802.11a. Answer . 802.5 defines a token-passing ring access method. Answer 802.11b defines a wireless LAN in the 2.4 GHz band with speeds up to 11 Mbps. Answer 802.3 describes a bus topology using CSMA/CD at 10 Mbps.

Answer 168

A

Answer: B
Explanation: Controls are the countermeasures for vulnerabilities. There are many kinds, but generally they are categorized into four types: Deterrent controls reduce the likelihood of a deliberate attack. Preventative controls protect vulnerabilities and make an attack unsuccessful or reduce its impact. Preventative controls inhibit attempts to violate security policy. Corrective controls reduce the effect of an attack. Detective controls discover attacks and trigger preventative or corrective controls. Detective controls warn of violations or attempted violations of security policy and include such controls as audit trails, intrusion detection methods, and checksums. Source: Introduction to Risk Analysis, “Corrective controls reduce the effect of an attack” & “Detective controls discover attacks and trigger preventative or corrective controls” Security Risk Analysis Group and NIST Special Publication 800-30, Risk Management Guide for Information Technology System

Answer 169

A

Answer: C
Explanation: Awareness is used to reinforce the fact that security supports the mission of the organization by protecting valuable resources. The purpose of training is to teach people the skills that will enable them to perform their jobs more securely. Security education is more in depth than security training and is targeted for security professionals and those whose jobs require expertise in security. Management commitment is necessary because of the resources used in developing and implementing the program and also because the program affects their staff. Source: National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special Publication 800-12

Answer 170

A

Answer: A Explanation:

Answer 171

A

Answer: D
Answer: D
Explanation: The correct answer is Presentation Layer. MIDI is a Presentation layer protocol. Explanation: The correct answer is Defined-based. All the other answers are types of IDSs.

Answer 172

A

Answer: D
Explanation: The correct answer is Presentation Layer. MIDI is a Presentation layer protocol.

Answer 173

A

Answer: D
Explanation: The correct answer is “To influence the value of the company’s stock price”. Answers “Compliance with a court order”, “Upon senior-level approval after a confidentiality agreement”, and “IAW contract procurement agreements for a government project” are all examples of the need for possible external distribution of internal classified information.

Answer 174

A

Answer: D
Explanation: The correct answer is Session. The Session Layer is an OSI model layer.

Answer 175

A

Answer: B
Explanation: Answer c is an example of a system-specific policy, in this case the router’s access control lists. The other three answers are examples of issue-specific policy, as defined by NIST. Issue-specific policies are similar to program policies, in that they are not technically focused. While program policy is traditionally more general and strategic (the organization’s computer security program, for example), issue-specific policy is a nontechnical policy addressing a single or specific issue of concern to the organization, such as the procedural guidelines for checking disks brought to work or e-mail privacy concerns. System-specific policy is technically focused and addresses only one computer system or device type. Source: National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special Publication 800-12.

Answer 176

A

Answer: B
Explanation: Answer Interrupt refers to a software or hardware interrupt to a processor that causes the program to jump to another program to handle the interrupt request. Before leaving the program that was being executed at the time of the interrupt, the CPU must save the state of the computer so that the original program can continue after the interrupt has been serviced. *A physically constrained user interface is one in which a user’s operations are limited by the physical characteristics of the interface device. An example would be a keypad with the choices limited to the operations permitted by each key. *View refers to database views, which restrict access to information contained in a database through content-dependent access control.

Answer 177

A

Answer: C
Explanation: IEEE 802.11a specifies high-speed wireless connectivity in the 5 GHz band using Orthogonal Frequency Division Multiplexing with data rates up to 54 Mbps.
IEEE 802.11b specifies highspeed wireless connectivity in the 2.4 GHz ISM band up to 11 Mbps. IEEE 802.11g is a proposed standard that offers wireless transmission over relatively short distances at speeds from 20 Mbps up to 54 Mbps and operates in the 2.4 GHz range (and is therefore expected to be backward-compatible with existing 802.11b-based networks).
IEEE 802.15, defines Wireless Personal Area Networks (WPAN), such as Bluetooth, in the 2.4-2.5 GHz band. Source: IEEE Wireless Working Groups (grouper.ieee.org).

Answer 178

A

Answer: C
Explanation: Authentication is effected in GSM through the use of a common secret key, Ks, that is stored in the network operator’s Authentication Center (AuC) and in the subscriber’s SIM card. The SIM card may be in the subscriber’s laptop, and the subscriber is not privy to Ks. To begin the authentication exchange, the home location of the subscriber’s mobile station, (MS), generates a 128-bit random number (RAND) and sends it to the MS. Using an algorithm that is known to both the AuC and MS, the RAND is encrypted by both parties using the secret key, Ks. The ciphertext generated at the MS is then sent to the AuC and compared with the ciphertext generated by the Auc. If the two results match, the MS is authenticated and the access request is granted. If they do not match, the access request is denied. The other answers are, therefore, incorrect.

Answer 179

A

Answer: C Explanation:
The correct answer is “Logical controls”. The other answers are different categories of controls where preventive controls attempt to eliminate or reduce vulnerabilities before an attack occurs; detective controls attempt to determine that an attack is taking place or has taken place; and corrective controls involve taking action to restore the system to normal operation after a successful attack.

Answer 180

A

Answer: D Explanation:
In challenge-response authentication, the user enters a random value (challenge) sent by the authentication server into a token device. The token device shares knowledge of a cryptographic secret key with the authentication server and calculates a response based on the challenge value and the secret key. This response is entered into the authentication server, which uses the response to authenticate the identity of the user by performing the same calculation and comparing results.
Answer “man-in-the-middle” is a type of attack in which a cracker is interposed between the user and authentication server and attempts to gain access to packets for replay in order to impersonate a valid user.
A “one-time password” is a password that is used only once to gain access to a network or computer system. A typical implementation is through the use of a token that generates a number based on the time of day. The user reads this number and enters it into the authenticating device. The authenticating device calculates the same number based on the time of day and uses the same algorithm used by the token. If the token’s number matches that of the authentication server, the identity of the user is validated. Obviously, the token and the authentication server must be time-synchronized for this approach to work. Also, there is allowance for small values of time skew between the authorization device and the token. Answer d refers to a PIN number that is something you know used with something you have, such as an ATM card.

Answer 181

A

Answer: B
Explanation:

Answer 182

A

Answer: A
Explanation: The purpose of computer security awareness, training, and education is to enhance security by: Improving awareness of the need to protect system resources Developing skills and knowledge so computer users can perform their jobs more securely Building in-depth knowledge, as needed, to design, implement, or operate security programs for organizations and systems Making computer system users aware of their security responsibilities and teaching them correct practices helps users change their behavior. It also supports individual accountability because without the knowledge of the necessary security measures and to how to use them, users cannot be truly accountable for their actions. Source: National Institute of Standards and Technology, An Introduction to Com- puter Security: The NIST Handbook Special Publication 800-12.

Answer 183

A

Answer: B
Explanation: The correct answer is “It uses an ESP for authentication and encryptio”. The Encapsulating Security Payload, (ESP) is a component of IPSec. Socket Security (SOCKS) is a transport layer, secure networking proxy protocol. SOCKS replaces the standard network systems calls with its own calls. These calls open connections to a SOCKS proxy server for client authentication, transparently to the user. Common network utilities, like TELNET or FTP, need to be SOCKSified, or have their network calls altered to recognize SOCKS proxy calls. Source: Designing Network Security by Merike Kaeo (Cisco Press, 1999).

Answer 184

A

Answer: C
Explanation: In the DoD reference model, the Host-to-Host layer parallels the function of the OSI’s transport layer. This layer contains the Transmission Control Protocol (TCP), and the User Datagram Protocol (UDP). * the DoD Process/Application layer, corresponds to the OSI’s top three layers, the Application, Presentation, and Session layers. *The DoD Internet layer corresponds to the OSI’s Network layer. * the DoD Network Access Layer, is the equivalent of the Data Link and Physical layers of the OSI model. Source: MCSE:TCP/IP Study Guide by Todd Lammle, Monica Lammle, and John Chellis (Sybex, 1997) and Handbook of Information Security Management 1999 by Micki Krause and Harold f. Tipton (Auerbach, 1999).

Answer 185

A

Answer: A
Explanation: The correct answer is “Specific servers and locations cannot be secured”. Kerberos requires that centralized servers implementing the trusted authentication mechanism must be secured.

Answer 186

A

Answer: C
Explanation: The correct answer is “A tuple with the same value for its primary key”. Answers “A tuple with the same value for its secondary key.” and “An attribute with the same value for its secondary key.” are incorrect because a secondary key is not a valid term. Answer “An attribute with the same value for its other foreign key.” is a distracter, because referential integrity has a foreign key referring to a primary key in another relation.

Answer 187

A

Answer: B
Explanation: The correct answer is “Labeling (of sensitive materials)”. Labeling is an administrative control mechanism.

Answer 188

A

Answer: A
Explanation: Passwords should never be reused after the time limit on their use has expired. Answer “password generators” supply passwords upon request. These passwords are usually comprised of numbers, characters, and sometimes symbols. Passwords provided by password generators are, usually, not easy to remember.
For answer “password file protection” may consist of encrypting the password with a one-way hash function and storing it in a password file. A typical brute force attack against this type of protection is to encrypt trial password guesses using the same hash function and to compare the encrypted results with the encrypted passwords stored in the password file.
Answer “Limiting the number or frequency of log-on attempts” provides protection in that, after a specified number of unsuccessful log-on attempts, a user may be locked out of trying to log on for a period of time. An alternative is to progressively increase the time between permitted log-on tries after each unsuccessful log-on attempt.

Answer 189

A

Answer: B
Explanation: The correct answer is Operates at the Application Layer. A packet-filtering firewall can operate at the network or transport layers.

Answer 190

A

Answer: B
Explanation: The correct answer is “These networks were originally designed to serve sporadic and only occasionally heavy traffic”. Ethernet networks were originally designed to work with more sporadic traffic than Token Ring networks.

Answer 191

A

Answer: D
Explanation: The correct answer is “Easier to tap than copper cabling”. Fiber Optic cable is much harder to tap than copper cable.

Answer 192

A

Answer: D
Explanation: The correct answer is “A number that represents the estimated frequency of an occurrence of an expected threat”. Answer “A dollar figure assigned to a single event” is the definition of SLE, “The annual expected financial loss to an organization from a threat” is an ALE, and “The percentage of loss that a realized threat event would have on a specific asset” is an EF.

Answer 193

A

Answer: C
Explanation: Although elements of all of the systems described could require specific controls for confidentiality, given the descriptions above, system b fits the definition most closely of a system requiring a very high level of confidentiality. Answer a is an example of a system requiring high availability. Answer c is an example of a system that requires medium integrity controls. Answer d is a system that requires only a low level of confidentiality. Asystem may need protection for one or more of the following reasons: Confidentiality. The system contains information that requires protection from unauthorized disclosure. Integrity. The system contains information that must be protected from unauthorized, unanticipated, or unintentional modification. Availability. The system contains information or provides services which must be available on a timely basis to meet mission requirements or to avoid substantial losses. Source: NIST Special Publication 800-18, Guide for Developing Security Plans for Information Technology Systems

Answer 194

A

Answer: D
Explanation: The correct answer is “TFTP is less secure because session authentication does not occur”. The Trivial File Transfer Protocol (TFTP) is considered less secure than the File Transfer Protocol (FTP) because authentication does not occur during session establishment (although FTP is very insecure in its own right).

Answer 195

A

Answer: B
Explanation: Electronic monitoring is the eavesdropping on passwords that are being transmitted to the authenticating device. This issue is a technical one and is not a consideration in designing passwords. The other answers relate to very important password characteristics that must be taken into account when developing passwords. Password lifetime, in answer a, refers to the maximum period of time that a password is valid. Ideally, a password should be used only once. This approach can be implemented by token password generators and challenge response schemes. However, as a practical matter, passwords on most PC’s and workstations are used repeatedly. The time period after which passwords should be changed is a function of the level of protection required for the information being accessed. In typical organizations, passwords may be changed every three to six months. Obviously, passwords should be changed when employees leave an organization or in a situation where a password may have been compromised.
Answer “the composition of a password” defines the characters that can be used in the password. The characters may be letters, numbers, or special symbols.
“ The authentication period” defines the maximum acceptable period between the initial authentication of a user and any subsequent reauthorization process. For example, users may be asked to authenticate themselves again after a specified period of time of being logged on to a server containing critical information.

Brainscape's Knowledge GenomeTM

Exam SET A Flashcards

Brainscape's Knowledge Genome^TM