Final Exam

Question 1

Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don’t collide with pedestrians.

What is probably the most effective type of control for this task?

Answer 1

Physical

Question 2

Fill in the missing word:

Chad is a security practitioner tasked with ensuring that the information on the organization’s public website is not changed by anyone outside the organization.

This task is an example of ensuring _________.

Answer 2

Integrity

Question 3

Which of the following is an example of a “Something you know” authentication factor?

Answer 3

Password

Question 4

Which of the following is an example of a “Something you are” authentication factor?

Answer 4

A photograph of your face

Question 5

Fill in the missing word:

A system that collects transactional information and stores it in a record in order to show which users performed which actions are an example of providing ________.

Answer 5

Non-repudiation

Question 6

What is the European Union (EU) law that grants legal protections to individual human privacy?

Answer 6

The General Data Protection Regulation

Question 7

For which of the following systems would the security concept of availability probably be most important?

Answer 7

Medical systems that monitor patient condition in an intensive-care unit

Question 8

For which of the following assets is integrity probably the most important security aspect?

Answer 8

The file that contains passwords used to authenticate users

Question 9

Fill in the missing word:

In risk management concepts, a(n) _________ is something a security practitioner might need to protect.

Answer 9

Asset

Question 10

Fill in the missing word:

In risk management concepts, a(n) ___________ is something or someone that poses a risk to an organization or asset.

Answer 10

Threat

Question 11

Of the following, which would probably not be considered a threat?

Question 12

Which of the following probably poses the most risk?

Answer 12

A high-likelihood, high-impact event

Question 13

Within the organization, who can identify risk?

Answer 13

Anyone

Question 14

Fill in the missing word:

Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution.

This is an example of _______.

Answer 14

Mitigation

Question 15

Fill in the missing word:

Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel.

This is an example of _________.

Answer 15

Acceptance

Question 16

Fill in the missing word:

Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100 but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount.

This is an example of ___________.

Answer 16

Risk tolerance

Question 17

Fill in the missing word:

A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device.

This is a type of ________ control.

Answer 17

Technical

Question 18

Fill in the missing word:

At the airport, there are red lines painted on the ground next to the runway, which prohibits traffic from crossing it.

This is an example of a(n)______ control.

Answer 18

Physical

Question 19

Fill in the missing word:

A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point.

Bollards are an example of ______ controls.

Answer 19

Physical

Question 20

Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization’s offices. Which sort of security control would probably be best for this purpose?

Answer 20

Physical

Question 21

Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email.

What kind of control is this instruction?

Answer 21

Administrative

Question 22

ISC2 publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge.

What kind of document is the Common Body of Knowledge?

Answer 22

Standard

Question 23

The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail.

What kind of rule is this?

Answer 23

Law

Question 24

The Triffid Corporation publishes a strategic overview of the company’s intent to secure all the data the company possesses. This document is signed by Triffid’s senior management.

What kind of document is this?

Answer 24

Policy

Question 25

Fill in the missing words:

Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits.

The municipal code is a ______, and the Triffid checklist is a ________.

Answer 25

Law, procedure

Question 26

Fill in the missing word:

The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States.

The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect customers’ personal data.

This set of rules is a _____.

Answer 26

Standard

Question 27

Hoshi is an ISC2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi’s cousin works for a firewall vendor; that vendor happens to make the best firewall available.

What should Hoshi do?

Answer 27

Disclose the relationship, but recommend the vendor/product

Question 28

Olaf is a member of ISC2 and a security analyst for Triffid Corporation.

During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid.

What should Olaf do?

Answer 28

Tell the auditors the truth

Question 29

Aphrodite is a member of ISC2 and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours.

What should Aphrodite do?

Answer 29

Inform Triffid management

Question 30

Glena is an ISC2 member. Glena receives an email from a company offering a set of answers for an ISC2 certification exam.

What should Glena do?

Answer 30

Inform ISC2

Question 31

Fill in the missing word:

You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday.

This is an example of a(n) _______.

Answer 31

Event

Question 32

Who approves the incident response policy?

Answer 32

Senior management

Question 33

Fill in the missing word:

An attacker outside the organization attempts to gain access to the organization’s internal files. This is an example of a(n) ______.

Answer 33

Intrusion

Question 34

Which of the following are not typically involved in incident detection?

Question 35

What is the risk associated with resuming full normal operations too soon after a DR effort?

Answer 35

The danger posed by the disaster might still be present

Question 36

What is the goal of Business Continuity efforts?

Answer 36

Keep critical business functions operational

Question 37

Which of the following is likely to be included in the business continuity plan?

Answer 37

Alternate work areas for personnel affected by a natural disaster

Question 38

What is the most important goal of a business continuity effort?

Answer 38

Preserve health and human safety

Question 39

What is the overall objective of a disaster recovery (DR) effort?

Answer 39

Return to normal, full operations

Question 40

What is the risk associated with delaying the resumption of full normal operations after a disaster?

Question 41

Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software.

Which of the following could be used to describe Gelbi’s account?

Answer 41

Privileged

Question 42

Guillermo logs onto a system and opens a document file. In this example, Guillermo is:

Answer 42

The subject

Question 43

Which of the following is not an appropriate control to add to privileged accounts?

Answer 43

Security deposit

Question 44

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.

In this situation, what is the ACL?

Question 45

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.

In this situation, what is Prachi?

Question 46

Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens.

Which security concept is being applied in this situation?

Answer 46

Dual control

Question 47

Which of the following is a biometric access control mechanism?

Answer 47

A door locked by a voiceprint identifier

Question 48

Fill in the missing word:

All visitors to a secure facility should be _______.

Question 49

All of the following are typically perceived as drawbacks to biometric systems, except:

Answer 49

Lack of accuracy

Question 50

Fill in the missing word:

A human guard monitoring a hidden camera could be considered a ______ control.

Question 51

Fill in the missing word:

A _____ is a record of something that has occurred.

Answer 51

Log

Question 52

Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level, called a Classification. Every person in the agency is assigned a clearances’ level, which determines the classification of data each person can access and is controlled at the system level.

What is the access control model being implemented in Tekila’s agency?

Question 53

Which of the following would be considered a logical access control?

Question 54

Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina’s credentials, so that Doug can get some work done.

What is the problem with this?

Answer 54

Anything either of them do will be attributed to Trina

Question 55

Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour.

Why could this be?

Answer 55

Gray’s actions look like an attack

Question 56

Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password.

What may have occurred to cause this?

Answer 56

Suvid’s password has expired

Question 57

Prina is a database manager. Prina is allowed to add new users to the database, remove current users, and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself.

This is an example of:

Question 58

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that operational managers have the utmost personal choice in determining which employees get access to which systems/data.

Which method should Handel select?

Answer 58

Discretionary access controls (DAC)

Question 59

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees transferring from one department to another, getting promoted, or cross-training to new positions can get access to the different assets they’ll need for their new positions, in the most efficient manner.

Which method should Handel select?

Answer 59

Role-based access controls (RBAC)

Question 60

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions.

Which method should Handel select?

Answer 60

Role-based access controls (RBAC)

Question 61

What term refers to the logical address of a device connected to the network or Internet?

Answer 61

Internet Protocol (IP) address

Question 62

What type of device filters network traffic in order to enhance overall security/performance?

Answer 62

Firewall

Question 63

What protocol should Barry use when he wants to upload a series of files to a web-based storage service?

Question 64

What type of device, typically accessed by multiple users and often intended for a single purpose, such as managing email or web pages, is referred to as?

Question 65

Carol is browsing the Web. Which of the following ports is she probably using?

Answer 65

80

Question 66

Cyril wants to ensure all the devices on his company’s internal IT environment are properly synchronized.

Answer 66

NTP (Network Time Protocol)

Question 67

Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an attack designed to affect the availability of the environment.

Which of the following might be the attack Ludwig sees?

Question 68

Gary is an attacker. Gary is able to get access to the communication wire between Dauphine’s machine and Linda’s machine and can then surveil the traffic between the two when they’re communicating.

What kind of attack is this?

Answer 68

On-path

Question 69

Bert wants to add a flashlight capability to a smartphone. Bert searches the internet for a free flashlight app and downloads it to the phone. The app allows Bert to use the phone as a flashlight but also steals Bert’s contacts list.

What kind of app is this?

Answer 69

Trojan

Question 70

Triffid, Inc., has many remote workers who use their own IT devices to process Triffid’s information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues.

Which of the following is probably most appropriate for this specific purpose?

Answer 70

HIDS (host-based intrusion-detection systems)

Question 71

Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed.

Which security solution can often identify and potentially counter this risk?

Answer 71

Firewall

Question 72

What tool aggregates log data from multiple sources, typically analyzes it, and reports potential threats?

Question 73

What type of solution typically inspects outbound communications traffic to check for unauthorized exfiltration of sensitive/valuable information?

Answer 73

DLP (data loss prevention)

Question 74

What type of tool is utilized to monitor local devices with the aim of reducing potential threats from hostile software?

Question 75

Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks?

Answer 75

Updating and patching systems

Question 76

Which type of fire-suppression system is typically the safest for humans?

Answer 76

Water

Question 77

Which common cloud service model offers the customer the most control of the cloud environment?

Question 78

The section of the IT environment that is closest to the external world; where we locate IT systems that communicate with the Internet.

Answer 78

DMZ

Question 79

An IoT (Internet of Things) device is typified by its effect on or use of the _____ environment.

Answer 79

Physical

Question 80

What type of device is commonly advisable to have on the perimeter between two networks?

Answer 80

Firewall

Question 81

Archiving is typically done when _________.

Answer 81

Archiving is typically done when _________.

Question 82

Every document owned by Triffid, Inc., whether hardcopy or electronic, has a clear, 24-point word at the top and bottom. Only three words can be used: “Sensitive”, “Proprietary”, and “Public”.

This is an example of _____.

Answer 82

Labeling

Question 83

Security needs to be provided to ____ data.

Answer 83

All of the answers

Private, illegal, restricted

Question 84

Data retention periods apply to ____ data.

Answer 84

All of the answers

Medical, sensitive, secret

Question 85

When data has reached the end of the retention period, it should be _____.

Answer 85

Destroyed

Question 86

Data _____ is data left behind on systems/media after normal deletion procedures have been attempted.

Answer 86

Remanence

Question 87

Log data should be kept ______.

Answer 87

On a device other than where it was captured

Question 88

Security controls on log data should reflect ________.

Answer 88

The sensitivity of the source device

Question 89

Logs should be reviewed ______.

Answer 89

Continually

Question 90

Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit.

What technique/tool could Dieter use to assist in this effort?

Answer 90

Hashing

Question 91

Triffid, Inc., wants to host streaming video files for the company’s remote users but wants to ensure the data is protected while it’s streaming.

Which of the following methods are probably best for this purpose?

Question 92

______ is used to ensure that configuration management activities are effective and enforced.

Answer 92

Verification and audit

Question 93

An organization must always be prepared to ______ when applying a patch.

Answer 93

Rollback

Question 94

Why is the proper alignment of security policy and business goals within the organization important?

Answer 94

Security policy that conflicts with business goals can inhibit productivity

Question 95

The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______.

Answer 95

The user who signed it

Question 96

What is the most crucial element of any security instruction program?

Answer 96

Preserve health and human safety

Question 97

Which one of the following is a benefit of computer-based training (CBT)?

Answer 97

Scalable

Question 98

The output of a hashing algorithm is _____.

Answer 98

The same length

Question 99

Hashing is often used to provide _______.

Answer 99

Integrity

Question 100

If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need?

Answer 100

4

each party needs their own key pair (a public key and a private key) to engage in confidential communication.