Group 5 Flashcards by TheKake Unknown

What should happen when an emergency change to a system must be performed?

A. The change must be given priority at the next meeting of the change control board.
B. Testing and approvals must be performed quickly.
C. The change must be performed immediately and then submitted to the change board.
D. The change is performed and a notation is made in the system log.

Answer: B

How well did you know this?

Not at all

Perfectly

Which of the following is the BEST approach to take in order to effectively incorporate the concepts of business continuity into the organization?

A. Ensure end users are aware of the planning activities
B. Validate all regulatory requirements are known and fully documented
C. Develop training and awareness programs that involve all stakeholders
D. Ensure plans do not violate the organization’s cultural objectives and goals

Answer: C

How well did you know this?

Not at all

Perfectly

Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below.

WS-Federation

How well did you know this?

Not at all

Perfectly

Which of the following has the GREATEST impact on an organization’s security posture?

A. International and country-specific compliance requirements
B. Security violations by employees and contractors
C. Resource constraints due to increasing costs of supporting security
D. Audit findings related to employee access and permissions process

Answer: A

How well did you know this?

Not at all

Perfectly

The application of which of the following standards would BEST reduce the potential for data breaches?

A. ISO 9000
B. ISO 20121
C. ISO 26000
D. ISO 27001

Answer: D

How well did you know this?

Not at all

Perfectly

In order for a security policy to be effective within an organization, it MUST include

A. strong statements that clearly define the problem.
B. a list of all standards that apply to the policy.
C. owner information and date of last revision.
D. disciplinary measures for non compliance.

Answer: D

How well did you know this?

Not at all

Perfectly

Which of the following roles has the obligation to ensure that a third party provider is capable of processing and handling data in a secure manner and meeting the standards set by the organization?

A. Data Custodian
B. Data Owner
C. Data Creator
D. Data User

Answer: B

How well did you know this?

Not at all

Perfectly

To protect auditable information, which of the following MUST be configured to only allow read access?

A. Logging configurations
B. Transaction log files
C. User account configurations
D. Access control lists (ACL)

Answer: B

How well did you know this?

Not at all

Perfectly

What type of encryption is used to protect sensitive data in transit over a network?

A. Payload encryption and transport encryption
B. Authentication Headers (AH)
C. Keyed-Hashing for Message Authentication
D. Point-to-Point Encryption (P2PE)

Answer: A

How well did you know this?

Not at all

Perfectly

Which of the following entities is ultimately accountable for data remanence vulnerabilities with data replicated by a cloud service provider?

A. Data owner
B. Data steward
C. Data custodian
D. Data processor

Answer: A

How well did you know this?

Not at all

Perfectly

Which of the following is a recommended alternative to an integrated email encryption system?

A. Sign emails containing sensitive data
B. Send sensitive data in separate emails
C. Encrypt sensitive data separately in attachments
D. Store sensitive information to be sent in encrypted drives

Answer: C

How well did you know this?

Not at all

Perfectly

In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?

A. Application Layer
B. Physical Layer
C. Data-Link Layer
D. Network Layer

Answer: B

How well did you know this?

Not at all

Perfectly

What is the PRIMARY goal for using Domain Name System Security Extensions (DNSSEC) to sign records?

A. Integrity
B. Confidentiality
C. Accountability
D. Availability

Answer: A

How well did you know this?

Not at all

Perfectly

While inventorying storage equipment, it is found that there are unlabeled, disconnected, and powered off devices. Which of the following is the correct procedure for handling such equipment?

A. They should be recycled to save energy.
B. They should be recycled according to NIST SP 800-88.
C. They should be inspected and sanitized following the organizational policy.
D. They should be inspected and categorized properly to sell them for reuse.

Answer: C

How well did you know this?

Not at all

Perfectly

The PRIMARY characteristic of a Distributed Denial of Service (DDoS) attack is that it

A. exploits weak authentication to penetrate networks.
B. can be detected with signature analysis.
C. looks like normal network activity.
D. is commonly confused with viruses or worms.

Answer: C

How well did you know this?

Not at all

Perfectly

Which of the following is generally indicative of a replay attack when dealing with biometric authentication?

A. False Acceptance Rate (FAR) is greater than 1 in 100,000
B. False Rejection Rate (FRR) is greater than 5 in 100
C. Inadequately specified templates
D. Exact match

Answer: D

How well did you know this?

Not at all

Perfectly

During a fingerprint verification process, which of the following is used to verify identity and authentication?

A. A pressure value is compared with a stored template
B. Sets of digits are matched with stored values
C. A hash table is matched to a database of stored value
D. A template of minutiae is compared with a stored template

Answer: D

How well did you know this?

Not at all

Perfectly

The BEST example of the concept of “something that a user has” when providing an authorized user access to a computing system is

A. the user’s hand geometry.
B. a credential stored in a token.
C. a passphrase.
D. the user’s face.

Answer: B

How well did you know this?

Not at all

Perfectly

A security professional is asked to provide a solution that restricts a bank teller to only perform a savings deposit transaction but allows a supervisor to perform corrections after the transaction. Which of the following is the MOST effective solution?

A. Access is based on rules.
B. Access is determined by the system.
C. Access is based on user’s role.
D. Access is based on data sensitivity.

Answer: C

How well did you know this?

Not at all

Perfectly

Sensitive customer data is going to be added to a database. What is the MOST effective implementation for ensuring data privacy?

A. Discretionary Access Control (DAC) procedures
B. Mandatory Access Control (MAC) procedures
C. Data link encryption
D. Segregation of duties

Answer: D

How well did you know this?

Not at all

Perfectly

Order the below steps to create an effective vulnerability management process.

How well did you know this?

Not at all

Perfectly

Which of the following types of security testing is the MOST effective in providing a better indication of the everyday security challenges of an organization when performing a security risk assessment?

A. External
B. Overt
C. Internal
D. Covert

Answer: D

How well did you know this?

Not at all

Perfectly

What is the MOST effective method of testing custom application code?

A. Negative testing
B. White box testing
C. Penetration testing
D. Black box testing

Answer: B

How well did you know this?

Not at all

Perfectly

Which one of the following is a common risk with network configuration management?

A. Patches on the network are difficult to keep current.
B. It is the responsibility of the systems administrator.
C. User ID and passwords are never set to expire.
D. Network diagrams are not up to date.

Answer: D

How well did you know this?

Not at all

Perfectly

What type of test assesses a Disaster Recovery (DR) plan using realistic disaster scenarios while maintaining minimal impact to business operations? A. Parallel B. Walkthrough C. Simulation D. Tabletop

Answer: C

How can lessons learned from business continuity training and actual recovery incidents BEST be used? A. As a means for improvement B. As alternative options for awareness and training C. As indicators of a need for policy D. As business function gap indicators

Answer: A

Which Web Services Security (WS-Security) specification handles the management of security tokens and the underlying policies for granting access? Click on the correct specification in the image below.

WS-Authorization

An Intrusion Detection System (IDS) has recently been deployed in a Demilitarized Zone (DMZ). The IDS detects a flood of malformed packets. Which of the following BEST describes what has occurred? A. Denial of Service (DoS) attack B. Address Resolution Protocol (ARP) spoof C. Buffer overflow D. Ping flood attack

Answer: A

In configuration management, what baseline configuration information MUST be maintained for each computer system? A. Operating system and version, patch level, applications running, and versions. B. List of system changes, test reports, and change approvals C. Last vulnerability assessment report and initial risk assessment report D. Date of last update, test report, and accreditation certificate

Answer: A

Which Radio Frequency Interference (RFI) phenomenon associated with bundled cable runs can create information leakage? A. Transference B. Covert channel C. Bleeding D. Cross-talk

Answer: D

An organization’s information security strategic plan MUST be reviewed A. whenever there are significant changes to a major application. B. quarterly, when the organization’s strategic plan is updated. C. whenever there are major changes to the business. D. every three years, when the organization’s strategic plan is updated.

Answer: C

When building a data classification scheme, which of the following is the PRIMARY concern? A. Purpose B. Cost effectiveness C. Availability D. Authenticity

Answer: D

Which technology is a prerequisite for populating the cloud-based directory in a federated identity solution? A. Notification tool B. Message queuing tool C. Security token tool D. Synchronization tool

Answer: C

What is an advantage of Elliptic Curve Cryptography (ECC)? A. Cryptographic approach that does not require a fixed-length key B. Military-strength security that does not depend upon secrecy of the algorithm C. Opportunity to use shorter keys for the same level of security D. Ability to use much longer keys for greater security

Answer: C

Backup information that is critical to the organization is identified through a A. Vulnerability Assessment (VA). B. Business Continuity Plan (BCP). C. Business Impact Analysis (BIA). D. data recovery analysis.

Answer: D

When using Generic Routing Encapsulation (GRE) tunneling over Internet Protocol version 4 (IPv4), where is the GRE header inserted? A. Into the options field B. Between the delivery header and payload C. Between the source and destination addresses D. Into the destination address

Answer: B

An application developer is deciding on the amount of idle session time that the application allows before a timeout. The BEST reason for determining the session timeout requirement is A. organization policy. B. industry best practices. C. industry laws and regulations. D. management feedback.

Answer: A

Knowing the language in which an encrypted message was originally produced might help a cryptanalyst to perform a A. clear-text attack. B. known cipher attack. C. frequency analysis. D. stochastic assessment.

Answer: C

During the Security Assessment and Authorization process, what is the PRIMARY purpose for conducting a hardware and software inventory? A. Calculate the value of assets being accredited. B. Create a list to include in the Security Assessment and Authorization package. C. Identify obsolete hardware and software. D. Define the boundaries of the information system.

Answer: A

When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security? A. Accept the risk on behalf of the organization. B. Report findings to the business to determine security gaps. C. Quantify the risk to the business for product selection. D. Approve the application that best meets security requirements.

Answer: C

An employee of a retail company has been granted an extended leave of absence by Human Resources (HR). This information has been formally communicated to the access provisioning team. Which of the following is the BEST action to take? A. Revoke access temporarily. B. Block user access and delete user account after six months. C. Block access to the offices immediately. D. Monitor account usage temporarily.

Answer: D

The goal of a Business Impact Analysis (BIA) is to determine which of the following? A. Cost effectiveness of business recovery B. Cost effectiveness of installing software security patches C. Resource priorities for recovery and Maximum Tolerable Downtime (MTD) D. Which security measures should be implemented

Answer: C

What does the Maximum Tolerable Downtime (MTD) determine? A. The estimated period of time a business critical database can remain down before customers are affected. B. The fixed length of time a company can endure a disaster without any Disaster Recovery (DR) planning C. The estimated period of time a business can remain interrupted beyond which it risks never recovering D. The fixed length of time in a DR process before redundant systems are engaged

Answer: C

What is a characteristic of Secure Socket Layer (SSL) and Transport Layer Security (TLS)? A. SSL and TLS provide a generic channel security mechanism on top of Transmission Control Protocol (TCP). B. SSL and TLS provide nonrepudiation by default. C. SSL and TLS do not provide security for most routed protocols. D. SSL and TLS provide header encapsulation over HyperText Transfer Protocol (HTTP).

Answer: A

How does a Host Based Intrusion Detection System (HIDS) identify a potential attack? A. Examines log messages or other indications on the system. B. Monitors alarms sent to the system administrator C. Matches traffic patterns to virus signature files D. Examines the Access Control List (ACL)

Answer: C

From a cryptographic perspective, the service of non-repudiation includes which of the following features? A. Validity of digital certificates B. Validity of the authorization rules C. Proof of authenticity of the message D. Proof of integrity of the message

Answer: C

Which of the following BEST represents the concept of least privilege? A. Access to an object is denied unless access is specifically allowed. B. Access to an object is only available to the owner. C. Access to an object is allowed unless it is protected by the information security policy. D. Access to an object is only allowed to authenticated users via an Access Control List (ACL).

Answer: A

When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network? A. Topology diagrams B. Mapping tools C. Asset register D. Ping testing

Answer: B

Which of the following approaches is the MOST effective way to dispose of data on multiple hard drives? A. Delete every file on each drive. B. Destroy the partition table for each drive using the command line. C. Degauss each drive individually. D. Perform multiple passes on each drive using approved formatting methods.

Answer: D

Which of the following is the BEST method to reduce the effectiveness of phishing attacks? A. User awareness B. Two-factor authentication C. Anti-phishing software D. Periodic vulnerability scan

Answer: A

The PRIMARY purpose of accreditation is to: A. comply with applicable laws and regulations. B. allow senior management to make an informed decision regarding whether to accept the risk of operating the system. C. protect an organization’s sensitive datA. D. verify that all security controls have been implemented properly and are operating in the correct manner.

Answer: B

Which of the following is a weakness of Wired Equivalent Privacy (WEP)? A. Length of Initialization Vector (IV) B. Protection against message replay C. Detection of message tampering D. Built-in provision to rotate keys

Answer: A

When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports? A. To force the software to fail and document the process B. To find areas of compromise in confidentiality and integrity C. To allow for objective pass or fail decisions D. To identify malware or hidden code within the test results

Answer: C

Which of the following is the MAIN reason for using configuration management? A. To provide centralized administration B. To reduce the number of changes C. To reduce errors during upgrades D. To provide consistency in security controls

Answer: D

Which of the following is BEST suited for exchanging authentication and authorization messages in a multi-party decentralized environment? A. Lightweight Directory Access Protocol (LDAP) B. Security Assertion Markup Language (SAML) C. Internet Mail Access Protocol D. Transport Layer Security (TLS)

Answer: B

Which of the following is MOST important when deploying digital certificates? A. Validate compliance with X.509 digital certificate standards B. Establish a certificate life cycle management framework C. Use a third-party Certificate Authority (CA) D. Use no less than 256-bit strength encryption when creating a certificate

Answer: B

A user sends an e-mail request asking for read-only access to files that are not considered sensitive. A Discretionary Access Control (DAC) methodology is in place. Which is the MOST suitable approach that the administrator should take? A. Administrator should request data owner approval to the user access B. Administrator should request manager approval for the user access C. Administrator should directly grant the access to the non-sensitive files D. Administrator should assess the user access need and either grant or deny the access

Answer: A

How should an organization determine the priority of its remediation efforts after a vulnerability assessment has been conducted? A. Use an impact-based approach. B. Use a risk-based approach. C. Use a criticality-based approach. D. Use a threat-based approach.

Answer: B

Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)? A. The dynamic reconfiguration of systems B. The cost of downtime C. A recovery strategy for all business processes D. A containment strategy

Answer: C

A proxy firewall operates at what layer of the Open System Interconnection (OSI) model? A. Transport B. Data link C. Network D. Application

Answer: D

Which of the following restricts the ability of an individual to carry out all the steps of a particular process? A. Job rotation B. Separation of duties C. Least privilege D. Mandatory vacations

Answer: B

Although code using a specific program language may not be susceptible to a buffer overflow attack, A. most calls to plug-in programs are susceptible. B. most supporting application code is susceptible. C. the graphical images used by the application could be susceptible. D. the supporting virtual machine could be susceptible.

Answer: C

What is the BEST way to encrypt web application communications? A. Secure Hash Algorithm 1 (SHA-1) B. Secure Sockets Layer (SSL) C. Cipher Block Chaining Message Authentication Code (CBC-MAC) D. Transport Layer Security (TLS)

Answer: D

Which of the following are effective countermeasures against passive network-layer attacks? A. Federated security and authenticated access controls B. Trusted software development and run time integrity controls C. Encryption and security enabled applications D. Enclave boundary protection and computing environment defense

Answer: C

What is the MOST important element when considering the effectiveness of a training program for Business Continuity (BC) and Disaster Recovery (DR)? A. Management support B. Consideration of organizational need C. Technology used for delivery D. Target audience

Answer: B

Match the name of access control model with its associated restriction. Drag each access control model to its appropriate restriction access on the right.

Mandatory Access Control – End user cannot set controls Discretionary Access Control (DAC) – Subject has total control over objects Role Based Access Control (RBAC) – Dynamically assigns roles permissions to particular duties based on job function Rule Based access control – Dynamically assigns roles to subjects based on criteria assigned by a custodian.

A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action? A. Ignore the request and do not perform the change. B. Perform the change as requested, and rely on the next audit to detect and report the situation. C. Perform the change, but create a change ticket regardless to ensure there is complete traceability. D. Inform the audit committee or internal audit directly using the corporate whistleblower process.

Answer: D

Which of the following is the MOST important goal of information asset valuation? A. Developing a consistent and uniform method of controlling access on information assets B. Developing appropriate access control policies and guidelines C. Assigning a financial value to an organization’s information assets D. Determining the appropriate level of protection

Answer: D

Which of the following is a strategy of grouping requirements in developing a Security Test and Evaluation (ST&E)? A. Tactical, strategic, and financial B. Management, operational, and technical C. Documentation, observation, and manual D. Standards, policies, and procedures

Answer: B

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution? A. VPN bandwidth B. Simultaneous connection to other networks C. Users with Internet Protocol (IP) addressing conflicts D. Remote users with administrative rights

Answer: B

Which of the following BEST describes a chosen plaintext attack? A. The cryptanalyst can generate ciphertext from arbitrary text. B. The cryptanalyst examines the communication being sent back and forth. C. The cryptanalyst can choose the key and algorithm to mount the attack. D. The cryptanalyst is presented with the ciphertext from which the original message is determined.

Answer: A

For network based evidence, which of the following contains traffic details of all network sessions in order to detect anomalies? A. Alert data B. User data C. Content data D. Statistical data

Answer: D

Which of the following is the PRIMARY reason to perform regular vulnerability scanning of an organization network? A. Provide vulnerability reports to management. B. Validate vulnerability remediation activities. C. Prevent attackers from discovering vulnerabilities. D. Remediate known vulnerabilities.

Answer: B

Which of the following would BEST describe the role directly responsible for data within an organization? A. Data custodian B. Information owner C. Database administrator D. Quality control

Answer: A

The restoration priorities of a Disaster Recovery Plan (DRP) are based on which of the following documents? A. Service Level Agreement (SLA) B. Business Continuity Plan (BCP) C. Business Impact Analysis (BIA) D. Crisis management plan

Answer: B

A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized? A. Confidentiality B. Integrity C. Availability D. Accessibility

Answer: C

A vulnerability in which of the following components would be MOST difficult to detect? A. Kernel B. Shared libraries C. Hardware D. System application

Answer: C

During which of the following processes is least privilege implemented for a user account? A. Provision B. Approve C. Request D. Review

Answer: A

Which of the following is a document that identifies each item seized in an investigation, including date and time seized, full name and signature or initials of the person who seized the item, and a detailed description of the item? A. Property book B. Chain of custody form C. Search warrant return D. Evidence tag

Answer: D

Which of the following is needed to securely distribute symmetric cryptographic keys? A. Officially approved Public-Key Infrastructure (PKI) Class 3 or Class 4 certificates B. Officially approved and compliant key management technology and processes C. An organizationally approved communication protection policy and key management plan D. Hardware tokens that protect the user’s private key.

Answer: C

Reciprocal backup site agreements are considered to be A. a better alternative than the use of warm sites. B. difficult to test for complex systems. C. easy to implement for similar types of organizations. D. easy to test and implement for complex systems.

Answer: B

In which identity management process is the subject’s identity established? A. Trust B. Provisioning C. Authorization D. Enrollment

Answer: D

In order to assure authenticity, which of the following are required? A. Confidentiality and authentication B. Confidentiality and integrity C. Authentication and non-repudiation D. Integrity and non-repudiation

Answer: D

At which layer of the Open Systems Interconnect (OSI) model are the source and destination address for a datagram handled? A. Transport Layer B. Data-Link Layer C. Network Layer D. Application Layer

Answer: C

An organization regularly conducts its own penetration tests. Which of the following scenarios MUST be covered for the test to be effective? A. Third-party vendor with access to the system B. System administrator access compromised C. Internal attacker with access to the system D. Internal user accidentally accessing data

Answer: B

A company was ranked as high in the following National Institute of Standards and Technology (NIST) functions: Protect, Detect, Respond and Recover. However, a low maturity grade was attributed to the Identify function. In which of the following the controls categories does this company need to improve when analyzing its processes individually? A. Asset Management, Business Environment, Governance and Risk Assessment B. Access Control, Awareness and Training, Data Security and Maintenance C. Anomalies and Events, Security Continuous Monitoring and Detection Processes D. Recovery Planning, Improvements and Communications

Answer: A

What is the difference between media marking and media labeling? A. Media marking refers to the use of human-readable security attributes, while media labeling refers to the use of security attributes in internal data structures. B. Media labeling refers to the use of human-readable security attributes, while media marking refers to the use of security attributes in internal data structures. C. Media labeling refers to security attributes required by public policy/law, while media marking refers to security required by internal organizational policy. D. Media marking refers to security attributes required by public policy/law, while media labeling refers to security attributes required by internal organizational policy.

Answer: D

What balance MUST be considered when web application developers determine how informative application error messages should be constructed? A. Risk versus benefit B. Availability versus auditability C. Confidentiality versus integrity D. Performance versus user satisfaction

Answer: A

What operations role is responsible for protecting the enterprise from corrupt or contaminated media? A. Information security practitioner B. Information librarian C. Computer operator D. Network administrator

Answer: B

Which of the following is a characteristic of the initialization vector when using Data Encryption Standard (DES)? A. It must be known to both sender and receiver. B. It can be transmitted in the clear as a random number. C. It must be retained until the last block is transmitted. D. It can be used to encrypt and decrypt information.

Answer: B

Match the access control type to the example of the control type. Drag each access control type net to its corresponding example.

Administrative – labeling of sensitive data Technical – Constrained user interface Logical – Biometrics for authentication Physical – Radio Frequency Identification 9RFID) badge

In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ? A. Reduced risk to internal systems. B. Prepare the server for potential attacks. C. Mitigate the risk associated with the exposed server. D. Bypass the need for a firewall.

Answer: A

Network-based logging has which advantage over host-based logging when reviewing malicious activity about a victim machine? A. Addresses and protocols of network-based logs are analyzed. B. Host-based system logging has files stored in multiple locations. C. Properly handled network-based logs may be more reliable and valid. D. Network-based systems cannot capture users logging into the console.

Answer: A

Which of the following is the PRIMARY reason for employing physical security personnel at entry points in facilities where card access is in operation? A. To verify that only employees have access to the facility. B. To identify present hazards requiring remediation. C. To monitor staff movement throughout the facility. D. To provide a safe environment for employees.

Answer: D

Between which pair of Open System Interconnection (OSI) Reference Model layers are routers used as a communications device? A. Transport and Session B. Data-Link and Transport C. Network and Session D. Physical and Data-Link

Answer: B

Which type of security testing is being performed when an ethical hacker has no knowledge about the target system but the testing target is notified before the test? A. Reversal B. Gray box C. Blind D. White box

Answer: C

Which of the following countermeasures is the MOST effective in defending against a social engineering attack? A. Mandating security policy acceptance B. Changing individual behavior C. Evaluating security awareness training D. Filtering malicious e-mail content

Answer: C

Which of the following information MUST be provided for user account provisioning? A. Full name B. Unique identifier C. Security question D. Date of birth

Answer: B

Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection? A. Temporal Key Integrity Protocol (TKIP) B. Secure Hash Algorithm (SHA) C. Secure Shell (SSH) D. Transport Layer Security (TLS)

Answer: B

A company has decided that they need to begin maintaining assets deployed in the enterprise. What approach should be followed to determine and maintain ownership information to bring the company into compliance? A. Enterprise asset management framework B. Asset baseline using commercial off the shelf software C. Asset ownership database using domain login records D. A script to report active user logins on assets

Answer: A