Exam Set C Flashcards
QUESTION NO: 1844 Which of the following languages is NOT an object-oriented language? A. Lisp B. C++ C. Simula 67 D. Smalltalk
Answer: A Explanation: Lisp, for list processing, is a functional language that processes symbolic expressions rather than numbers. It is used in the artificial intelligence field. The languages cited in the other answers are object-oriented languages.
QUESTION NO: 1845 What does the prudent man rule require? A. Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur B. Senior officials to post performance bonds for their actions C. Senior officials to perform their duties with the care that ordinary, prudent people would exercise under similar circumstances D. Senior officials to follow specified government standards
Answer: C Explanation: *Answer “Senior officials to post performance bonds for their actions” is a distracter and is not part of the prudent man rule. * Answer “Senior officials to guarantee that all precautions have been taken and that no breaches of security can occur” is incorrect because it is not possible to guarantee that breaches of security can never occur. * Answer “Senior officials to follow specified government standards” is incorrect because the prudent man rule does not refer to a specific government standard but relates to what other prudent persons would do.
QUESTION NO: 1846 A standard that uses the Object Request Broker (ORB) to implement exchanges among objects in a heterogeneous, distributed environment is called: A. An Interface Definition Language (IDL) B. Open Architecture C. The Object Management Group (OMG) Object Model D. A Common Object Request Broker Architecture (CORBA)
Answer: D Explanation: * the OMG Object Model provides standard means for describing the externally visible characteristics of objects. *Answer Open Architecture is a distracter. *IDL is a standard interface language that is used by clients to request services from objects.
QUESTION NO: 1847 Which choice below is the BEST description of the criticality prioritization goal of the Business Impact Assessment (BIA) process? A. The identification and prioritization of every critical business unit process B. The estimation of the maximum down time the business can tolerate C. The presentation of the documentation of the results of the BIA D. The identification of the resource requirements of the critical business unit processes
Answer: A Explanation: The correct answer is “The identification and prioritization of every critical business unit process”. The three primary goals of a BIA are criticality prioritization, maximum down time estimation, and identification of critical resource requirements. *Answer “The presentation of the documentation of the results of the BIA” is a distracter.
QUESTION NO: 1848 Conducting a search without the delay of obtaining a warrant if destruction of evidence seems imminent is possible under: A. Exigent Circumstances. B. Proximate Causation. C. Prudent Man Rule. D. Federal Sentencing Guidelines.
Answer: A Explanation: The other answers refer to other principles, guidelines, or rules.
QUESTION NO: 1849 Which TCSEC security class category below specifies trusted recovery controls? A. B3 B. C2 C. B2 D. B1
Answer: A Explanation: TCSEC security categories B3 and A1 require the implementation of trusted recovery. Trusted recovery is the procedures and/or mechanisms provided to assure that, after an ADP system failure or other discontinuity, recovery without a protection compromise is obtaineD. A system failure represents a serious security risk because security controls may be bypassed when the system is not functioning normally. Trusted recovery has two primary activities: preparing for a system failure (backup) and recovering the system. Source: DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria.
QUESTION NO: 1850 Which of the following would NOT be considered a penetration testing technique? A. Sniffing B. Scanning C. War dialing D. Data manipulation
Answer: D Explanation: The correct answer is Data manipulation. Data manipulation describes the corruption of data integrity to perform fraud for personal gain or other reasons. External penetration testing should not alter the data in any way. The other three are common penetration techniques.
QUESTION NO: 1851 Which choice below is the BEST description of an audit trail? A. Audit trails are used to detect penetration of a computer system and to reveal usage that identifies misuse. B. An audit trail is a device that permits simultaneous data processing of two or more security levels without risk of compromise. C. An audit trail mediates all access to objects within the network by subjects within the network. D. Audit trails are used to prevent access to sensitive systems by unauthorized personnel.
Answer: A Explanation: An audit trail is a set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions. Audit trails may be limited to specific events or may encompass all of the activities on a system. User audit trails can usually log: All commands directly initiated by the user All identification and authentication attempts Files and resources accessed It is most useful if options and parameters are also recorded from commands. It is much more useful to know that a user tried to delete a log file (e.g., to hide unauthorized actions) than to know the user merely issued the delete command, possibly for a personal data file. *Answer “An audit trail is a device that permits simultaneous data processing of two or more security levels without risk of compromise.” is a description of a multilevel devicE. A multilevel device is a device that is used in a manner that permits it to process data of two or more security levels simultaneously without risk of compromisE. To accomplish this, sensitivity labels are normally stored on the same physical medium and in the same form (i.e., machine-readable or human-readable) as the data being processed. *Answer “An audit trail mediates all access to objects within the network by subjects within the network.” refers to a network reference monitor, an access control concept that refers to an abstract machine that mediates all access to objects within the network by subjects within the network. * Answer “Audit trails are used to prevent access to sensitive systems by unauthorized personnel.” is incorrect, because audit trails are detective, and the answer describes a preventative process, access control. Source: NCSC-TG-001 A Guide to Understanding Audit in Trusted Systems and DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria.
QUESTION NO: 1852 In object-oriented programming, when all the methods of one class are passed on to a subclass, this is called: A. Delegation B. Inheritance C. Multiple Inheritance D. Forward chaining
Answer: B Explanation: In inheritance, all the methods of one class, called a superclass, are inherited by a subclass. Thus, all messages understood by the superclass are understood by the subclass. In other words, the subclass inherits the behavior of the superclass. *Answer Forward chaining is a distracter and describes data-driven reasoning used in expert systems. *Multiple inheritancedescribes the situation where a subclass inherits the behavior of multiple superclasses. *Answer delegation, is an alternative to inheritance in an object-oriented system. With delegation, if an object does not have a method to satisfy a request it has received, it can delegate the request to another object.
QUESTION NO: 1853 What type of security controls operate on the input to a computing system, on the data being processed, and the output of the system? A. Numerical controls B. Data controls C. Normative controls D. Application controls
Answer: D Explanation: The correct answer is Application controls. The other answers are distracters.
QUESTION NO: 1854 Which choice below refers to a business asset? A. Protection devices or procedures in place that reduce the effects of threats B. Events or situations that could cause a financial or operational impact to the organization C. Competitive advantage, credibility, or good will D. Personnel compensation and retirement programs
Answer: C Explanation: Assets are considered the physical and financial assets that are owned by the company. Examples of business assets that could be lost or damaged during a disaster are: Revenues lost during the incident On-going recovery costs Fines and penalties incurred by the event. Competitive advantage, credibility, or good will damaged by the incident *Answer “Events or situations that could cause a financial or operational impact to the organization” is a definition for a threat. *Answer “Protection devices or procedures in place that reduce the effects of threats” is a description of mitigating factors that reduce the effect of a threat, such as a UPS, sprinkler systems, or generators. *Answer “Personnel compensation and retirement programs” is a distracter. Source: Contingency Planning and Management, Contingency Planning 101 by Kelley Goggins, March, 1999.
QUESTION NO: 1855 A distributed object model that has similarities to the Common Object Request Broker Architecture (CORBA) is: A. Distributed Data Model B. Inference Model C. Distributed Component Object Model (DCOM) D. The Chinese Wall Model
Answer: C Explanation: DCOM is the distributed version of COM that supports remote objects as if the objects reside in the clients address space. ACOM client can access a COM object through the use of a pointer to one of the objects interfaces and, then, invoking methods through that pointer. As discussed in Question 24, CORBA is a distributed object framework developed by the Object Management Group. * the Chinese Wall Model (D.C. Brewer & M.J. Nash, Chinese Wall Model, Proceedings of the 1989 IEEE Computer Society Symposium on Security and Privacy, pp. 215-228, 1989), uses internal rules to compartmentalize areas in which individuals may work to prevent disclosure of proprietary information and to avoid conflicts of interest. The Chinese Wall model also incorporates the principle of separation of duty. * Answers Inference Model and Distributed Data Model are distracters.
QUESTION NO: 1856 The process of analyzing large data sets in a data warehouse to find non-obvious patterns is called: A. Data scanning B. Data administration C. Derived data D. Data mining
Answer: D Explanation: For example, mining of consumer-related data may show a correlation between the number of children under four years old in a household and the fathers preferences in aftershave lotion. *Answer Data scanning is a distracter. *Data administrationdescribes the degree of managements dedication to the data warehouse concept. *Answer derived data, is data that is obtained through the processing of raw data.
QUESTION NO: 1857 In an expert system, the process of beginning with a possible solution and using the knowledge in the knowledge base to justify the solution based on the raw input data is called: A. Forward chaining B. Dynamic reasoning C. A blackboard solution D. Backward chaining
Answer: D Explanation: Backward chaining is generally used when there are a large number of possible solutions relative to the number of inputs. *Answer Dynamic reasoning is a distracter. Answer forward chaining, is the reasoning approach that can be used when there is a small number of solutions relative to the number of inputs. The input data is used to reason forward to prove that one of the possible solutions in a small solution set is the correct one. *The blackboard is an expert system reasoning methodology in which a solution is generated by the use of a virtual blackboard wherein information or potential solutions are placed on the blackboard by a plurality of individuals or expert knowledge sources. As more information is placed on the blackboard in an iterative process, a solution is generated.
QUESTION NO: 1858 Which of the following are alid legal issues associated with computer crime? Select three A. It may be difficult to prove criminal intent. B. It may be difficult to obtain a trail of evidence of activities performed on the computer. C. It may be difficult to show causation. D. Electronic Data Interchange (EDI) makes it easier to relate a crime to an individual.
Answer: A,B,C Explanation: EDI makes it more difficult to tie an individual to transactions since EDI involves computer-to-computer data interchanges and this makes it more difficult to trace the originator of some transactions. *Answer “It may be difficult to prove criminal intent” is a valid legal issue since it may be very difficult to prove criminal intent by a person perusing computer files and then causing damage to the files. The damage may have not been intentional. *Answer “It may be difficult to obtain a trail of evidence of activities performed on the computer” describes the situation of trying to track activities on a computer where the information is volatile and may have been destroyed. * In answer “It may be difficult to show causation”, common law refers to causation of the criminal act. Causation is particularly difficult to show in instances where a virus or other malicious code erases itself after causing damage to vital information.
QUESTION NO: 1859 The Kennedy-Kassebaum Act is also known as: A. HIPAA B. RICO C. EU Directive D. OECD
Answer: A Explanation: The others refer to other laws or guidelines.
QUESTION NO: 1860 Which choice below is NOT an element of BCP plan approval and implementation? A. Executing a disaster scenario and documenting the results B. Obtaining senior management approval of the results C. Creating an awareness of the plan D. Updating the plan regularly and as needed
Answer: A Explanation: Answer “Executing a disaster scenario and documenting the results” is a distracter, although it could be considered a loose description of disaster recovery plan testing. The other three choices are primary elements of BCP approval, implementation, and maintenance.
QUESTION NO: 1861 Which statement below MOST accurately describes configuration control? A. Assuring that only the proposed and approved system changes are implemented B. Tracking the status of current changes as they move through the configuration control process C. Verifying that all configuration management policies are being followed D. The decomposition process of a verification system into CIs
Answer: A Explanation: Configuration control is a means of assuring that system changes are approved before being implemented, only the proposed and approved changes are implemented, and the implementation is complete and accuratE. This involves strict procedures for proposing, monitoring, and approving system changes and their implementation. Configuration control entails central direction of the change process by personnel who coordinate analytical tasks, approve system changes, review the implementation of changes, and supervise other tasks such as documentation. *Answer “The decomposition process of a verification system into CIs” is configuration identification. The decomposition process of a verification system into Configuration Items (CIs) is called configuration identification. A CI is a uniquely identifiable subset of the system that represents the smallest portion to be subject to independent configuration control procedures. Answer “Tracking the status of current changes as they move through the configuration control process” is configuration accounting. Configuration accounting documents the status of configuration control activities and, in general, provides the information needed to manage a configuration effectively. It allows managers to trace system changes and establish the history of any developmental problems and associated fixes. Configuration accounting also tracks the status of current changes as they move through the configuration control process. Configuration accounting establishes the granularity of recorded information and thus shapes the accuracy and usefulness of the audit function. *Answer “Verifying that all configuration management policies are being follow” is configuration audit. Configuration audit is the quality assurance component of configuration management. It involves periodic checks to determine the consistency and completeness of accounting information and to verify that all configuration management policies are being followeD. A vendors configuration management program must be able to sustain a complete configuration audit by an NCSC review team. Source: NCSC-TG-014, Guidelines for Formal Verification Systems.
QUESTION NO: 1862 Which of the following best defines social engineering? A. Gathering information from discarded manuals and printouts B. Illegal copying of software C. Destruction or alteration of data D. Using people skills to obtain proprietary information
Answer: D Explanation: Using people skills to obtain proprietary information. *Answer “Illegal copying of software” is software piracy * answer “Gathering information from discarded manuals and printouts” is dumpster diving; *answer “Destruction or alteration of data” is a violation of integrity.
QUESTION NO: 1863 18 USC. ß2001 (1994) refers to: A. Article 18, US Code, Section 2001, 1994 edition. B. Title 18, University of Southern California, Article 2001, 1994 edition. C. Title 2001 of the US Code, Section 18, 1994 edition. D. Title 18, Section 2001 of the US Code, 1994 edition.
Answer: D
QUESTION NO: 1864 Asystem that exhibits reasoning similar to that of humans knowledgeable in a particular field to solve a problem in that field is called: A. An expert system. B. A data warehouse. C. A neural network. D. A smart system.
Answer: A Explanation: Answer a smart system is a distracter. A data warehouse, is a repository of information from heterogeneous databases that is available to users for making queries. A neural network is a self-learning system that bases its operation on the model of the functioning of biological neurons.
QUESTION NO: 1865 Which choice below is NOT a recommended step to take when resuming normal operations after an emergency? A. Conduct an investigation. B. Re-occupy the damaged building as soon as possible. C. Account for all damage-related costs. D. Protect undamaged property.
Answer: B Explanation: Re-occupying the site of a disaster or emergency should not be undertaken until a full safety inspection has been done, an investigation into the cause of the emergency has been completed, and all damaged property has been salvaged and restored. During and after an emergency, the safety of personnel must be monitored, any remaining hazards must be assessed, and security must be maintained at the scene. After all safety precautions have been taken, an inventory of damaged and undamaged property must be done to begin salvage and restoration tasks. Also, the site must not be re-occupied until all investigative processes have been completed. Detailed records must be kept of all disaster-related costs and valuations must be made of the effect of the business interruption. Source: Emergency Management Guide for Business and Industry, Federal Emergency Management Agency, August 1998.
QUESTION NO: 1866 In the software life cycle, validation: A. Refers to the work product satisfying software maturity levels. B. Refers to the work product satisfying the real-world requirements and concepts. C. Refers to the work product satisfying generally accepted principles. D. Refers to the work product satisfying derived specifications.
Answer: B Explanation: In the software life cycle, validation is the work product satisfying the real-world requirements and concepts. The other answers are distracters.
QUESTION NO: 1867 What is the responsibility of the contingency planner regarding LAN backup and recovery if the LAN is part of a building server environment? A. Recovering client/server systems owned and supported by internal staff B. Identifying essential business functions C. Classifying the recovery time frame of the business unit LAN D. Getting a copy of the recovery procedures from the building server administrator
Answer: D Explanation: When any part of the LAN is not hosted internally, and is part of a building server environment, it is the responsibility of the contingency planner to identify the building server administrator, identify for him the recovery time frame required for your business applications, obtain a copy of the recovery procedures, and participate in the validation of the buildings server testing. If all or part of the business is not in the building server environment, then the other three choices are also the responsibility of the contingency planner. Source: Contingency Planning and Management, Contingency Planning 101, by Kelley Goggins, March 1999.
QUESTION NO: 1868 Which standard defines the International Standard for the Common Criteria? A. CSC-STD-002-85 B. IS15408 C. BS7799 D. DoD 5200.28-STD
Answer: B Explanation: ISO/IEC 15408-1 is the International Standards version of the Common CriteriA. The ISO approved and published the CC text as the new International Standard (IS) 15408 on December 1, 19994. As of this writing the Common Criteria version is 2.1. Answer b is the Code of Practice for Information Security Management (BS7799) developed by the British Standards Institute. The BS7799 standard effectively comes in two parts: ISO/IEC 17799:2000 (Part 1) is the standard code of practice and can be regarded as a comprehensive catalogue of recommended security policy. BS7799-2:1999 (Part 2) is a standard specification for an Information Security Management System (ISMS). An ISMS is the means by which Senior Management monitors and controls their security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer, and legal requirements.5 *Answer DoD 5200.28-STD is the Orange Book, the DoD Trusted Computer System Evaluation Criteria. *Answer CSC-STD-002-85 is the Green Book, the DoD Password Management Guidelines. Source: The Common Criteria Project.
QUESTION NO: 1869 Which task below would normally be a function of the security administrator, not the system administrator? A. Reviewing audit data B. Managing print queues C. Adding and removing system users D. Installing system software
Answer: A Explanation: Reviewing audit data should be a function separate from the day-to-day administration of the system.
QUESTION NO: 1870 Which statement below is accurate about the concept of Object Reuse? A. Object reuse protects against physical attacks on the storage medium. B. Object reuse applies to removable media only. C. Object reuse controls the granting of access rights to objects. D. Object reuse ensures that users do not obtain residual information from system resources.
Answer: D Explanation: Object reuse mechanisms ensure system resources are allocated and reassigned among authorized users in a way that prevents the leak of sensitive information, and ensure that the authorized user of the system does not obtain residual information from system resources. Object reuse is defined as The reassignment to some subject of a storage medium (e.g., page frame, disk sector, magnetic tape) that contained one or more objects. To be securely reassigned, no residual data can be available to the new subject through standard system mechanisms.7 The object reuse requirement of the TCSEC is intended to assure that system resources, in particular storage media, are allocated and reassigned among system users in a manner which prevents the disclosure of sensitive information. Answer a is incorrect. Object reuse does not necessarily protect against physical attacks on the storage medium. Answer c is also incorrect, as object reuse applies to all primary and secondary storage media, such as removable media, fixed media, real and virtual main memory (including registers), and cache memory. Answer d refers to authorization, the granting of access rights to a user, program, or process. Source: NCSC-TG-018, A Guide To Understanding Object Reuse in Trusted Systems [Light Blue Book].
QUESTION NO: 1871 Relative to legal evidence, which one of the following correctly describes the difference between an expert and a nonexpert in delivering an opinion? A. An expert can offer an opinion based on personal expertise and facts, but a nonexpert can testify only as to facts. B. Anonexpert can offer an opinion based on personal expertise and facts, but an expert can testify only as to facts. C. An expert can offer an opinion based on personal expertise and facts, but a nonexpert can testify only as to personal opinion. D. An expert can offer an opinion based on facts only, but a nonexpert can testify only as to personal opinion.
Answer: A Explanation: The other answers are distracters.
QUESTION NO: 1872 Which choices below are commonly accepted definitions for a disaster? Select three. A. A suddenly occurring event that has a long-term negative impact on social life B. An emergency that is beyond the normal response resources of the entity C. An occurrence or imminent threat to the entity of widespread or severe damage, injury, loss of life, or loss of property D. An occurrence that is outside the normal computing function
Answer: A,B,C Explanation: The disaster/emergency management and business continuity community consists of many different types of entities, such as governmental (federal, state, and local), nongovernmental (business and industry), and individuals. Each entity has its own focus and its own definition of a disaster. The correct answers are examples of these various definitions of disasters. A very common definition of a disaster is a suddenly occurring or unstoppable developing event that: Claims loss of life, suffering, loss of valuables, or damage to the environment. Overwhelms local resources or efforts. Has a long-term impact on social or natural life that is always negative in the beginning. Source: NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition.
QUESTION NO: 1873 What principle requires corporate officers to institute appropriate protections regarding the corporate intellectual property? A. Least privilege B. Need-to-know C. Separation of duties D. Due care
Answer: C Explanation: The correct answer is Separation of duties. The Federal Sentencing Guidelines state, The officers must exercise due care or reasonable care to carry out their responsibilities to the organization. The other answers are information security principles but are distracters in this instance.
QUESTION NO: 1874 Which choice below is an example of a potential hazard due to a technological event, rather than a human event? A. Enemy attack B. Financial collapse C. Sabotage D. Mass hysteria
Answer: B Explanation: A financial collapse is considered a technological potential hazard, the other three are human events. Of the three categories of potential hazards (natural, technological, and human), technological events could include: Hazard material release (HazMat) Explosion or fire (non-arson) Fuel shortage Structure collapse Utility failure Severe air pollution Source: NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition.
QUESTION NO: 1875 In a distributed environment, a surrogate program that performs services in one environment on behalf of a principal in another environment is called: A. A proxy. B. A slave. C. An agent. D. A virtual processor.
Answer: C Explanation: The correct answer is An agent. * Proxy is similar in nature but might hide the characteristics of the principal it is representing. Answers A slave and A virtual processor are distracters.
QUESTION NO: 1876 When is the disaster considered to be officially over? A. When the organization has processing up and running at the alternate site B. When all of the elements of the business have returned to normal functioning at the original site C. When the danger has passed and the disaster has been contained D. When all employees have been financially reimbursed for their expenses
Answer: B Explanation: The correct answer is: when all of the elements of the business have returned to normal functioning at the original site. Its important to remember that a threat to continuity exists when processing is being returned to its original site after salvage and cleanup has been done.
QUESTION NO: 1877 What could be a major disadvantage to a mutual aid or reciprocal type of backup service agreement? A. The use of prefabricated buildings makes recovery easier. B. It is free or at a low cost to the organization. C. Annual testing by the Info Tech department is required to maintain the site. D. In a major emergency, the site might not have the capacity to handle the operations required.
Answer: D Explanation: The site might not have the capacity to handle the operations required during a major disruptive event. While mutual aid might be a good system for sharing resources during a small or isolated outage, a major natural or other type of disaster can create serious resource contention between the two organizations.
QUESTION NO: 1878 Which of the following are computer investigation issues? S A. The time frame for investigation is compressed. B. An expert may be required to assist. C. The information is intangible. D. Evidence is easy to obtain.
Answer: A,B,C Explanation: In many instances, evidence is difficult to obtain in computer crime investigations.
QUESTION NO: 1879 Which choice below BEST describes a threat as defined in the Operations Security domain? A. A potential incident that could cause harm B. A weakness in a system that could be exploited C. A company resource that could be lost due to an incident D. The minimization of loss associated with an incident
Answer: A Explanation: Incorrect answer: * “A weakness in a system that could be exploited” describes a vulnerability * “A company resource that could be lost due to an incident” describes an asset * “The minimization of loss associated with an incident” describes risk management.
QUESTION NO: 1880 What key professional or professionals are required to develop an expert system? A. Domain expert and object designer B. Knowledge engineer and object designer C. Knowledge engineer and domain expert D. Domain expert
Answer: C Explanation: The knowledge engineer usually has a computer-related and expert system background, but does not have the knowledge of the specific discipline or domain being addressed by the expert system. For example, the expert system being developed may be a medical diagnostic system requiring input from diagnostic specialists and other types of physicians. These individuals are the domain experts. It is the job of the knowledge engineer to elicit the critical knowledge from the domain expert and incorporate it into the expert system knowledge base. The term object designer in the answers is a distracter.
QUESTION NO: 1881 Which choice below is NOT a common element of user account administration? A. Establishing, issuing, and closing user accounts B. Authorizing the request for a users system account C. Tracking users and their respective access authorizations D. Periodically verifying the legitimacy of current accounts and access authorizations
Answer: B Explanation: For proper separation of duties, the function of user account establishment and maintenance should be separated from the function of initiating and authorizing the creation of the account. User account management focuses on identification, authentication, and access authorizations. This is augmented by the process of auditing and otherwise periodically verifying the legitimacy of current accounts and access authorizations. Also, there are considerations involved in the timely modification or removal of access and associated issues for employees who are reassigned, promoted, or terminated, or who retire. Source: National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special Publication 800-12.
QUESTION NO: 1882 Which choice does NOT describe an element of configuration management? A. Configuration management reports the status of change processing. B. Configuration management is the decomposition process of a verification system into Configuration Items (CIs). C. Configuration management documents the functional and physical characteristics of each configuration item. D. Configuration management involves information capture and version control.
Answer: B Explanation: Configuration management is a discipline applying technical and administrative direction to: Identify and document the functional and physical characteristics of each configuration item for the system Manage all changes to these characteristics Record and report the status of change processing and implementation Configuration management involves process monitoring, version control, information capture, quality control, bookkeeping, and an organizational framework to support these activities. The configuration Answer: B Explanation: Configuration management is a discipline applying technical and administrative direction to: Identify and document the functional and physical characteristics of each configuration item for the system Manage all changes to these characteristics Record and report the status of change processing and implementation Configuration management involves process monitoring, version control, information capture, quality control, bookkeeping, and an organizational framework to support these activities. The configuration
QUESTION NO: 1883 A database management system (DBMS) is useful in situations where: A. Rapid development of applications is required and preprogrammed functions can be used to provide those applications along with other support features such as security, error recovery, and access control. B. The operations to be performed on the data are modified infrequently and the operations are relatively straightforward. C. Data are processed infrequently and results are not urgently needed. D. Large amounts of data are to be processed in time-critical situations.
Answer: A Explanation: A DBMS is called for when the required skilled programming resources are not available, information to be stored and accessed is common to many organizational business units, the processing requirements change frequently and timely responses are required for queries on the data.
QUESTION NO: 1884 In an object-oriented system, the situation wherein objects with a common name respond differently to a common set of operations is called: A. Polyinstantiation. B. Delegation. C. Polyresponse. D. Polymorphism.
Answer: D Explanation: Delegation is the forwarding of a request by one object to another object. Answer Polyresponse is a distracter. Polyinstantiationis the development of a detailed version of an object from another object. The new object uses values that are different from those in the original object.
QUESTION NO: 1885 The simplistic model of software life cycle development assumes that: A. Each phase is identical to a completed milestone. B. Iteration will be required among the steps in the process. C. Software development requires reworking and repeating some of the phases. D. Each step can be completed and finalized without any effect from the later stages that might require rework.
Answer: D Explanation: Each step can be completed and finalized without any effect from the later stages that might require rework. *Answer “Iteration will be required among the steps in the process” is incorrect because no iteration is allowed for in the model. *Answer “Each phase is identical to a completed milestone” is incorrect because it applies to the modified Waterfall model. *Answer “Software development requires reworking and repeating some of the phase” is incorrect because no iteration or reworking is considered in the model.
QUESTION NO: 1886 Why are maintenance accounts a threat to operations controls? A. Maintenance might require physical access to the system by vendors or service providers. B. Maintenance accounts are commonly used by hackers to access network devices. C. Maintenance personnel could slip and fall and sue the organization. D. Maintenance account information could be compromised if printed reports are left out in the open.
Answer: B Explanation: Maintenance accounts are login accounts to systems resources, primarily networked devices. They often have the factory-set passwords that are frequently distributed through the hacker community.
QUESTION NO: 1887 The security term that is concerned with the same primary key existing at different classification levels in the same database is: A. Polymorphism. B. Inheritance. C. Polyinstantiation. D. Normalization.
Answer: C Explanation: The security term that is concerned with the same primary key existing at different classification levels in the same database is polyinstantiation. Answer Polymorphism is incorrect because polymorphism is defined as objects of many different classes that are related by some common superclass; thus, any object denoted by this name is able to respond to some common set of operations in a different way. Answer Normalization is incorrect because normalization refers to removing redundant or incorrect data from a database. Answer Inheritance is incorrect because inheritance refers to methods from a class inherited by another subclass.
QUESTION NO: 1888 Which general TCSEC security class category describes that mandatory access policies be enforced in the TCB? Exhibit: D - Minimal Protection C - Discretionary Protection C1 - Discretionary Security Protection C2 - Controlled Access Protection B - Mandatory Protection B1 - Labeled security protection B2 - Structured protection B3 - Security Domains A1 - Verified Protection A. A B. B C. C D. D
Answer: B Explanation: The Trusted Computer System Evaluation Criteria [Orange Book] defines major hierarchical classes of security by the letters D (least secure) through A (most secure): D. Minimal protection C. Discretionary protection (C1&C2) B. Mandatory protection (B1, B2, B3) A. Verified protection; formal methods (A1) Source: DoD 5200.28-STD Department of Defense Trusted Computer System Evaluation Criteria.
QUESTION NO: 1889 What does the Spiral Model depict? A. Aspiral that incorporates various phases of software development B. Aspiral that models the behavior of biological neurons C. The operation of expert systems D. Information security checklists
Answer: A Explanation: The correct answer is a a spiral that incorporates various phases of software development. The other answers are distracters.
QUESTION NO: 1890 Which choice describes the Forest Green Book? A. It is a Rainbow series book that defines the secure handling of storage media. B. It is a Rainbow series book that defines guidelines for implementing access control lists. C. It does not exist; there is no Forest Green Book. D. It is a tool that assists vendors in data gathering for certifiers.
Answer: A Explanation: The Forest Green book is a Rainbow series book that defines the secure handling of sensitive or classified automated information system memory and secondary storage media, such as degaussers, magnetic tapes, hard disks, floppy disks, and cards. The Forest Green book details procedures for clearing, purging, declassifying, or destroying automated information system (AIS) storage media to prevent data remanence. Data remanence is the residual physical representation of data that has been erased in some way. After storage media is erased there may be some physical characteristics that allow data to be reconstructed. * Answer “It is a tool that assists vendors in data gathering for certifiers.” is the Blue Book, NCSCTG- 019 Trusted Product Evaluation Questionnaire Version-2. The Blue book is a tool to assist system developers and vendors in gathering data to assist evaluators and certifiers assessing trusted computer systems. * Answer “It is a Rainbow series book that defines guidelines for implementing access control lists.” is the Grey/Silver Book, NCSC-TG-020A, the Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control. The Grey/Silver book defines guidelines for implementing access control lists (ACLs) in the UNIX system. Source: NCSC-TG- 025 A Guide to Understanding Data Remanence in Automated Information Systems, NCSC-TG-020A Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Access Control, and NCSC-TG-019 Trusted Product Evaluation Questionnaire Version-2.
QUESTION NO: 1891 Which choice below is incorrect regarding when a BCP, DRP, or emergency management plan should be evaluated and modified? A. Annually, in a scheduled review. B. Never; once it has been tested it should not be changed. C. After an emergency or disaster response. D. After training drills, tests, or exercises.
Answer: B Explanation: Emergency management plans, business continuity plans, and disaster recovery plans should be regularly reviewed, evaluated, modified, and updated. At a minimum, the plan should be reviewed at an annual audit. It should also be re-evaluated: After tests or training exercises, to adjust any discrepancies between the test results and the plan After a disaster response or an emergency recovery, as this is an excellent time to amend the parts of the plan that were not effective When personnel, their responsibilities, their resources, or organizational structures change, to familiarize new or reorganized personnel with procedures When polices, procedures, or infrastructures change Source: Emergency Management Guide for Business and Industry Federal Emergency Management Agency, August, 1998 and NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity National Fire Protection Association, 2000 edition.
QUESTION NO: 1892 Which one of the following are recommended practices regarding electronic monitoring of employees email? Select three. A. Inform all that e-mail is being monitored by means of a prominent log-in banner. B. Explain who is authorized to read monitored email. C. Provide individuals being monitored with a guarantee of email privacy. D. Apply monitoring in a consistent fashion.
Answer: A,B,D Explanation: No guarantee of e-mail privacy should be provided or implied by the employer.
QUESTION NO: 1893 What is configuration control? A. Identifying and documenting the functional and physical characteristics of each configuration item B. Recording the processing of changes C. Controlling the quality of the configuration management procedures D. Controlling changes to the configuration items and issuing versions of configuration items from the software library
Answer: D Explanation: Configuration control is controlling changes to the configuration items and issuing versions of configuration items from the software library. Answer “Identifying and documenting the functional and physical characteristics of each configuration item” is the definition of configuration identification. Answer “Recording the processing of changes” is the definition of configuration status accounting, and answer “Controlling the quality of the configuration management procedures” is the definition of configuration audit.
QUESTION NO: 1894 Which statement below is NOT true about the post-disaster salvage team? A. The salvage team identifies sources of expertise to employ in the recovery of equipment or supplies. B. The salvage team may be given the authority to declare when operations can resume at the disaster site. C. The salvage team must return to the site as soon as possible regardless of the residual physical danger. D. The salvage team manages the cleaning of equipment after smoke damage.
Answer: C Explanation: Salvage cannot begin until all physical danger has been removed or mitigated and emergency personnel have returned control of the site to the organization.
QUESTION NO: 1895 Which statement is true regarding the disbursement of funds during and after a disruptive event? A. Authorized, signed checks should be stored securely off-site for access by lower-level managers in the event senior-level or financial management is unable to disburse funds normally. B. In the event senior-level or financial management is unable to disburse funds normally, the company will need to file for bankruptcy. C. No one but the finance department should ever disburse funds during or after a disruptive event. D. Because access to funds is rarely an issue during a disaster, no special arrangements need to be made.
Answer: A
QUESTION NO: 1896 When should security isolation of the incident scene start? A. As soon as the disaster plan is implemented B. Immediately after the emergency is discovered C. After all personnel have been evacuated D. When hazardous materials have been discovered at the site
Answer: B Explanation: Isolation of the incident scene should begin as soon as the emergency has been discovered. Authorized personnel should attempt to secure the scene and control access; however, no one should be placed in physical danger to perform these functions. Its important for life safety that access be controlled immediately at the scene, and only by trained personnel directly involved in the disaster response. Additional injury or exposure to recovery personnel after the initial incident must be tightly controlled. Source: Emergency Management Guide for Business and Industry, Federal Emergency Management Agency, August, 1998.
QUESTION NO: 1897 Which choice below is NOT a common example of exercising due care or due diligence in security practices? A. Implementing employee casual Friday B. Implementing security awareness and training programs C. Implementing controls on printed documentation D. Implementing employee compliance statements
Answer: A Explanation: The correct answer is “Implementing employee casual Friday”. The concepts of due care and due diligence require that an organization engage in good security practices relative to industry standards.
QUESTION NO: 1898 Another model that allows two software components to communicate with each other independent of their platforms operating systems and languages of implementation is: A. Basic Object Model (BOM) B. Sandbox C. Common Object Model (COM) D. Spiral Model
Answer: C Explanation: As in the object-oriented paradigm, COM works with encapsulated objects. Communications with a COM object are through an interface contract between an object and its clients that defines the functions that are available in the object and the behavior of the object when the functions are calleD. *Answer a sandbox, is an access control-based protection mechanism. It is commonly applied to restrict the access rights of mobile code that is downloaded from a Web site as an applet. The code is set up to run in a sandbox that blocks its access to the local workstations hard disk, thus preventing the code from malicious activity. The sandbox is usually interpreted by a virtual machine such as the Java Virtual MachinE. *Answer BOM is a distracter. * Spiral Model refers to the software development life cycle.
QUESTION NO: 1899 Which choice below would NOT be a good reason to test the disaster recovery plan? A. Testing allows processing to continue at the database shadowing facility. B. Testing prepares and trains the personnel to execute their emergency duties. C. Testing identifies deficiencies in the recovery procedures. D. Testing verifies the processing capability of the alternate backup site.
Answer: A Explanation: The correct answer is “Testing allows processing to continue at the database shadowing facility.”. It is a distracter. The other three answers are good reasons to test the disaster recovery plan.
QUESTION NO: 1900 In general, computer-based evidence is considered: A. Secondary. B. Conclusive. C. Hearsay. D. Circumstantial.
Answer: C Explanation: The correct answer is Hearsay. Answer Conclusive refers to incontrovertible evidence; answer Circumstantial refers to inference from other, intermediate facts; and answer Secondary refers to a copy of evidence or oral description of its content.
QUESTION NO: 1901 In general, computer crimes fall into two major categories and two additional related categories. Which of the following categories are of these four? Select three. A. Crimes using the computer B. Crimes associated with the prevalence of computers C. The computer as a target of the crime D. Malfeasance by computer
Answer: A,B,C Explanation: Malfeasance by computer is an act involving a computer that is technically and ethically improper, but may or may not be illegal. Some of these activities may not be considered illegal by the user and may be unintentional. Examples of such behavior are: Using a password that you have been given by someone else to have access to their computer and using that password to view files that were not intended for your perusal Giving a copy of a software package that you purchased to a member of your family for personal use (In most instances, this is illegal based on software licenses.) Using the computer at your place of employment to store some information related to an outside business activity Answers a, b, and d are valid categories of computer crime. The fourth category is a crime where the computer is incidental to other crimes. Examples in these four categories are: The computer is a target of the crime. Sabotage or theft of intellectual property, disruption of business operations, illegal access to government and personal information, and falsifying or changing records. Crimes using the computer. Theft of money from financial accounts, credit card fraud, fraud involving stock transfers, billing charges illegally to another party, and telecommunications fraud. Crimes associated with the prevalence of computers. Violation of copyright restrictions on commercial software packages, software piracy and software counterfeiting. The computer is incidental to other crimes. (In this category, the crime could be committed without the computer, but the computer permits the crime to be committed more efficiently and in higher volume.) Money laundering, keeping records and books of illegal activity and illegal gambling.
QUESTION NO: 1902 Which choice below most accurately describes a business impact analysis (BIA)? A. Activities designed to return an organization to an acceptable operating condition B. A management-level analysis that identifies the impact of losing an entitys resources C. A prearranged agreement between two or more entities to provide assistance D. A program that implements the strategic goals of the organization
Answer: B Explanation: A business impact analysis (BIA) measures the effect of resource loss and escalating losses over time in order to provide the entity with reliable data upon which to base decisions on hazard mitigation and continuity planning. A BIA is performed as one step during the creation of a Business Continuity Plan (BCP). A common five-step approach to a BCP could consist of: BCP project scope creation Business impact assessment Recovery strategy development Recovery plan development Implementation, testing, and maintenance. Answer a is a definition of a disaster/emergency management program. Answer c describes a mutual aid agreement. Answer d is the definition of a recovery program. Source: NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition and Handbook of Information Security Management, by Micki Krause and Harold F. Tipton, Auerback, 1999 edition.
QUESTION NO: 1903 Which statement is accurate about trusted facility management? A. The TCB shall support separate operator and administrator functions for B2 systems and above. B. The role of a security administrator shall be identified and auditable in B2 systems and above. C. The TCB shall support separate operator and administrator functions for C2 systems and above. D. The role of a security administrator shall be identified and auditable in C2 systems and above.
Answer: A Explanation: Trusted Facility Management has two different requirements, one for B2 systems and another for B3 systems. The B2 requirements state: the TCB shall support separate operator and administrator functions. The B3 requirements are as follows: The functions performed in the role of a security administrator shall be identifieD. System administrative personnel shall only be able to perform security administrator functions after taking a distinct auditable action to assume the security administrator role on the system. Non-security functions that can be performed in the security administration role shall be limited strictly to those essential to performing the security role effectively.6 Source: NCSC-TG-O15, Guide To Understanding Trusted Facility Management [Brown Book].
QUESTION NO: 1904 Which one of the following is NOT one of the maturity levels of the Software Capability Maturity Model (CMM)? A. Fundamental B. Managed C. Defined D. Repeatable
Answer: A Explanation: The correct answer is Fundamental, a distracter. The first level of the Software CMM is the Initiating level. At this level, processes are performed on an ad hoc basis. Answer the Repeatable level is the second maturity level in the model. In the third level, Defined, management practices are institutionalized and technical procedures are integrated into the organizational structurE. The Managed level has both product and processes quantitatively controlled. The fifth level of the Software CMM is the Optimized level, where continuous process improvement is institutionalized.
QUESTION NO: 1905 Which statement is true regarding company/employee relations during and after a disaster? A. Senior-level executives are the only employees who should receive continuing salaries during the disruptive event. B. The organizations responsibility to the employees families ends when the disaster stops the business from functioning. C. The organization has a responsibility to continue salaries or other funding to the employees and/or families affected by the disaster. D. Employees should seek any means of obtaining compensation after a disaster, including fraudulent ones.
Answer: C Explanation: The organization has an inherent responsibility to its employees and their families during and after a disaster or other disruptive event. The company must be insured to the extent it can properly compensate its employees and families. Alternatively, employees do not have the right to obtain compensatory damages fraudulently if the organization cannot compensate.
QUESTION NO: 1906 Which of the following is a key principle in the evolution of computer crime laws in many countries? A. The definition of property was extended to include electronic information. B. Unauthorized acquisition of computer-based information without the intent to resell is not a crime. C. All members of the United Nations have agreed to uniformly define and prosecute computer crime. D. Existing laws against embezzlement, fraud, and wiretapping cannot be applied to computer crime.
Answer: A Explanation: * Answer “All members of the United Nations have agreed to uniformly define and prosecute computer crime” is incorrect because all nations do not agree on the definition of computer crime and corresponding punishments. * Answer “Existing laws against embezzlement, fraud, and wiretapping cannot be applied to computer crime” is incorrect because the existing laws can be applied against computer crime. * Answer “Unauthorized acquisition of computer-based information without the intent to resell is not a crime” is incorrect because in some countries, possession without intent to sell is considered a crime.
QUESTION NO: 1907 An off-the-shelf software package that implements an inference engine, a mechanism for entering knowledge, a user interface, and a system to provide explanations of the reasoning used to generate a solution is called: A. A knowledge base B. A knowledge acquisition system C. An expert system shell D. A neural network
Answer: C Explanation: An expert system shell provides the fundamental building blocks of an expert system and supports the entering of domain knowledge. Thus, for an application that is not complex and does not require the custom development of the components of an expert system, an expert system shell is a useful tool that will save development time. *A knowledge base is a component of an expert system. *. A neural network is another type of artificial intelligence system that uses the neurons of the brain as a model and solves problems using nonlinear pattern-matching techniques and learning approaches. *A knowledge acquisition system refers to the means of identifying and acquiring the knowledge to be entered into the knowledge base. In simple terms, it is trying to determine how an expert thinks when developing a solution to a problem.
QUESTION NO: 1908 Which of the following criteria are used to evaluate suspects in the commission of a crime? A. Means, Object, and Motive B. Motive, Intent, and Ability C. Motive, Means, and Opportunity D. Means, Intent, and Motive
Answer: C
QUESTION NO: 1909 Which choice below is the correct definition of a Mutual Aid Agreement? A. A management-level analysis that identifies the impact of losing an entitys resources B. An appraisal or determination of the effects of a disaster on human, physical, economic, and natural resources C. Activities taken to eliminate or reduce the degree of risk to life and property D. A prearranged agreement to render assistance to the parties of the agreement
Answer: D Explanation: Amutual aid agreement is used by two or more parties to provide for assistance if one of the parties experiences an emergency. It is expected that the other parties will assist the affected party in various ways, perhaps by making office space available, or computing time or resources, or supplying manpower if needed. While mutual aid agreements may be a very cost-effective solution for disaster recovery, it does not provide for full operations redundancy. An example of a problem with a total reliance on mutual aid would be the event that affects all parties to the agreement, thereby rendering the agreement useless. While they are an effective means to provide some resources to the organization in an emergency, they in themselves are not a replacement for a full disaster recovery plan, including alternate computer processing sites. *Answer “A management-level analysis that identifies the impact of losing an entitys resources” describes a business continuity plan. *Answer “An appraisal or determination of the effects of a disaster on human, physical, economic, and natural resources” describes a damage assessment *answer “Activities taken to eliminate or reduce the degree of risk to life and property” describes risk mitigation. Source: NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity, National Fire Protection Association, 2000 edition, and Emergency Management Guide for Business and Industry, Federal Emergency Management Agency, August 1998.
QUESTION NO: 1910 Which of the following would best describe a cold backup site? A. A computer facility available with electrical power and HVAC and some file/print servers, although the applications are not installed or configured and all of the needed workstations may not be on site or ready to begin processing B. A computer facility with no electrical power or HVAC C. A computer facility with electrical power and HVAC but with no workstations or servers on-site prior to the event and no applications installed D. A computer facility with electrical power and HVAC, all needed applications installed and configured on the file/print servers, and enough workstations present to begin processing
Answer: C Explanation: A computer facility with electrical power and HVAC, with workstations and servers available to be brought on-site when the event begins and no applications installed, is a cold site. * Answer “A computer facility with electrical power and HVAC, all needed applications installed and configured on the file/print servers, and enough workstations present to begin processing” is a hot site *answer “A computer facility available with electrical power and HVAC and some file/print servers, although the applications are not installed or configured and all of the needed workstations may not be on site or ready to begin processing” is a warm site. *Answer “A computer facility with no electrical power or HVAC” is just an empty room.
QUESTION NO: 1911 According to the Internet Activities Board (IAB), an activity that causes which of the following is considered a violation of ethical behavior on the Internet? A. Wasting resources B. Using a computer to bear false witness C. Using a computer to steal D. Appropriating other peoples intellectual output
Answer: A Explanation: The correct answer is Wasting resources. The other answers are ethical considerations of other organizations.
QUESTION NO: 1912 Which choices below are roles or responsibility of the person designated to manage the contingency planning process? Select three A. Providing direction to senior management B. Ensuring the identification of all critical business functions C. Integrating the planning process across business units D. Providing stress reduction programs to employees after an event
Answer: A,B,C Explanation: Contingency planners have many roles and responsibilities when planning business continuity, disaster recovery, emergency management, or business resumption processes. In addition to correct answers some of these roles and responsibilities can include: Ensuring executive management compliance with the contingency plan program Providing periodic management reports and status Coordinating and integrating the activation of emergency response organizations Answer “Providing stress reduction programs to employees after an event”, providing stress reduction programs to employees after an event, is a responsibility of the human resources area. Source: Contingency Planning and Management, Contingency Planning 101, by Kelley Goggins, March 1999.
QUESTION NO: 1913 Which of the following is NOT considered a natural disaster? A. Flood B. Tsunami C. Earthquake D. Sabotage
Answer: D
QUESTION NO: 1914 Which choice below is the BEST description of a Protection Profile (PP), as defined by the Common Criteria (CC)? A. A reusable definition of product security requirements B. An intermediate combination of security requirement components C. A statement of security claims for a particular IT security product D. The IT product or system to be evaluated
Answer: A Explanation: The Common Criteria (CC) is used in two ways: As a standardized way to describe security requirements for IT products and systems As a sound technical basis for evaluating the security features of these products and systems The CC defines three useful constructs for building IT security requirements: the Protection Profile (PP), the Security Target (ST), and the PackagE. The PP is an implementation-independent statement of security needs for a set of IT security products. The PP contains a set of security requirements and is intended to be a reusable definition of product security requirements that are known to be useful and effectivE. APP gives consumers a means of referring to a specific set of security needs and communicating them to manufacturers and helps future product evaluation against those needs. Answer a defines the Security Target (ST). The ST is a statement of security claims for a particular IT security product or system. The ST parallels the structure of the PP, though it has additional elements that include product-specific detailed information. An ST is the basis for agreement among all parties as to what security the product or system offers, and therefore the basis for its security evaluation. *Answer “An intermediate combination of security requirement components” describes the PackagE. The Package is an intermediate combination of security requirements components. The package permits the expression of a set of either functional or assurance requirements that meet some particular need, expressed as a set of security objectives. *Answer “The IT product or system to be evaluated” describes the Target of Evaluation (TOE). The TOE is an IT product or system to be evaluated, the security characteristics of which are described in specific terms by a corresponding ST, or in more general terms by a PP. This evaluation consists of rigorous analysis and testing performed by an accredited, independent laboratory. The scope of a TOE evaluation is set by the Evaluation Assurance Level (EAL) and other requirements specified in the ST. Part of this process is an evaluation of the ST itself, to ensure that it is correct, complete, and internally consistent and can be used as the baseline for the TOE evaluation. Source: Common Criteria Project.
QUESTION NO: 1915 Which choice below best describes the function of change control? A. To assign parts of security-sensitive tasks to more than one individual B. To ensure that system changes are implemented in an orderly manner C. To guarantee that an operator is only given the privileges needed for the task D. To guarantee that transaction records are retained IAW compliance requirements
Answer: B Explanation: The correct answer is “To ensure that system changes are implemented in an orderly manner”. Answer “To guarantee that an operator is only given the privileges needed for the task” describes least privilege. Answer “To guarantee that transaction records are retained IAW compliance requirements” describes record retention. Answer “To assign parts of security-sensitive tasks to more than one individual” describes separation on duties.
QUESTION NO: 1916 Which choice below represents the most important first step in creating a business resumption plan? A. Analyzing the business impact B. Obtaining senior management support C. Performing a risk analysis D. Planning recovery strategies
Answer: B Explanation: The business resumption, or business continuity plan, must have total, highly visible senior management support. Senior management must agree on the scope of the project, delegate resources for the success of the project, and support the timeline and training efforts. Source: Contingency Planning and Management, Contingency Planning 101, by Kelley Goggins, March 1999.
QUESTION NO: 1917 A pen register is a: A. Device that records the caller-ID of incoming calls B. Device that records the URLs accessed by an individual C. Device that identifies the cell in which a mobile phone is operating D. Device that records all the numbers dialed from a specific telephone line
Answer: D Explanation: (Electronic Privacy Information Center, Approvals for Federal Pen Registers and Trap and Trace Devices 1987-1998, www.epic. org). Gathering information as to which numbers are dialed from a specific telephone line is less costly and time-consuming than installing a wiretap and recording the information. * There is also equipment that can record the information listed in answers “Device that identifies the cell in which a mobile phone is operating” and “Device that records the URLs accessed by an individual”. * The device referred to in answer “Device that records the caller-ID of incoming calls” is called a trap-and-trace device. All of the answers in this question are a subset of the category of traffic analysis wherein patterns and frequency associated with communications are studied instead of the content of the communications.
QUESTION NO: 1918 In an object-oriented system, polymorphism denotes: A. Objects of many different classes that are unrelated but respond to some common set of operations in the same way. B. Objects of many different classes that are related by some common superclass; thus, all objects denoted by this name can respond to some common set of operations in identical fashion. C. Objects of many different classes that are related by some common superclass; thus, any object denoted by this name can respond to some common set of operations in a different way. D. Objects of the same class; thus, any object denoted by this name can respond to some common set of operations in the same way.
Answer: C Explanation: Objects of many different classes that are related by some common superclass that are able to respond to some common set of operations in a different way. The other answers are incorrect by the definition of polymorphism.
QUESTION NO: 1919 Because the development of new technology usually outpaces the law, law enforcement uses which traditional laws to prosecute computer criminals? A. Conspiracy and elimination of competition B. Immigration C. Embezzlement, fraud, and wiretapping D. Malicious mischief
Answer: C Explanation: *Answer Malicious mischief is not a law *answer Immigration is not applicable because it applies to obtaining visas and so on *answer Conspiracy and elimination of competition is not correct because the crimes in answer “Embezzlement, fraud, and wiretapping” are more commonly used to prosecute computer crimes.
QUESTION NO: 1920 Which statement below is NOT correct about reviewing user accounts? A. User account reviews can examine conformity with the concept of least privilege. B. User account reviews cannot be conducted by outside auditors. C. User account reviews may be conducted on a system-wide basis. D. User account reviews may be conducted on an application-byapplication basis.
Answer: B Explanation: It is necessary to regularly review user accounts on a system. Such reviews may examine the levels of access each individual has, conformity with the concept of least privilege, whether all accounts are still active, whether management authorizations are up-to-date, or whether required training has been completed, for examplE. These reviews can be conducted on at least two levels: on an application-byapplication basis or on a systemwide basis. Both kinds of reviews can be conducted by, among others, in-house systems personnel (a selfaudit), the organizations internal audit staff, or external auditors. Source: National Institute of Standards and Technology, An Introduction to Computer Security: The NIST Handbook Special Publication 800-12.