Official Study Guide 2

Question 1

NIST SP800-53 discusses security controls as a security ___

Answer 1

baseline

Question 2

Communication systems that rely on start and stop flags or bits to manage data transmission are known as ___

Answer 2

Asynchronous

Question 3

___ motion detectors transmit ultrasonic or microwave signals into the monitor area, watching for changes in the returned signals bouncing off objects

Answer 3

Wave pattern

Question 4

___ provides AAA functionality, but is a Cisco proprietary protocol

Answer 4

TACACS+

Question 5

the TCP three-way handshake is ___

Answer 5

SYN, SYN/ACK, ACK

Question 6

The ___ program helps to protect the supply chain for components and devices by ensuring that the companies that produce and supply them are secure

Answer 6

US Trusted Foundry

Question 7

in an IaaS environment, the vendor is only responsible for the hardware and the ___

Answer 7

hypervisor

Question 8

when testing a website, another word for synthetic monitoring (using realistic data) is ___

Answer 8

proactive monitoring

Question 9

___ (or impersonation) attacks use stolen or falsified credentials to bypass authentication mechanisms. ___ attacks rely on falsifying an identity like an IP address or hostname without credentials. ___ attacks are a more specific type of impersonation attack that relies on captured network traffic to reestablish authorized
connections

Answer 9

Masquerading; Spoofing; Replay

Question 10

The ___ evidence rule states that when an agreement between two parties is put into written form, it is assumed to be the entire agreement unless amended in writing

Answer 10

parol

Question 11

The ___ evidence rule says that a copy of a document is not admissible if the original document is available

Answer 11

best

Question 12

___ reviews the use and application of controls in an audited organization. It forms part of the underlying framework for SOC 1, 2, and 3 reports

Answer 12

SSAE-18

Question 13

The Digital Millennium Copyright Act (DMCA) provides safe harbor protection for the operators of ___

Answer 13

Internet service providers

Question 14

___ is a variation in the latency for different packets

Answer 14

Jitter

Question 15

___ are a special form of input validation that ensure that the value remains within an expected range

Answer 15

Limit checks

Question 16

___ via a web portal can require user authentication and can gather data like operating systems, versions, software information, and many other factors that can uniquely identify systems

Answer 16

Device fingerprinting

Question 17

Packets with ___ IP addresses as sources or destinations should never be routed onto the Internet

Answer 17

private

Question 18

The most frequent target of account management reviews are ___ accounts, as they create the greatest risk

Answer 18

highly privileged

Question 19

The courts have applied the ___ rule to include the concept that attorneys may not introduce logs into evidence unless they are authenticated by the system administrator

Answer 19

hearsay

Question 20

Attackers may use ___ as a tool to exploit a TOC/TOU race condition

Answer 20

algorithmic complexity

Question 21

The formula for determining the number of encryption keys required by a symmetric
algorithm is ___

Answer 21

((n*(n − 1))/2)

Question 22

many modern thieves immediately take steps to ensure that mobile devices ___ before they capture data or wipe the device for resale.

Answer 22

will not be trackable or allowed to connect to a network

Question 23

___ server monitoring relies on synthetic or previously recorded traffic

Answer 23

Active

Question 24

___ access control empowers people closer to the resources to control access but does not provide consistent control

Answer 24

Decentralized

Question 25

Access control systems rely on ___ and ___ to provide accountability. Effective ___ systems are desirable, but not required, since logs can provide information about who accessed what resources, even if access to those resources is not managed well

Answer 25

identification; authentication;

authorization

Question 26

EAP was originally intended to be used on ___ network channels and did not include ___

Answer 26

physically isolated; encryption

Question 27

The Linux tool ___ creates a bit-by-bit copy of the target drive that is well suited to forensic use

Answer 27

dd

Question 28

___ is specifically defined by HIPAA to include information about an individual’s medical bills

Answer 28

Personal health information (PHI)

Question 29

___ include both the access and actions that you can take on an object. ___ usually refer to the ability to take action on an object and don’t include the access to it

Answer 29

permissions; Rights

Question 30

___ combine rights and permissions, and roles describe sets of ___ based on job tasks or other organizational artifacts

Answer 30

Privileges; privileges

Question 31

___ is a feature in operating systems (such as Windows) that enables computers to automatically self-configure an IP address and subnet mask when their DHCP server isn’t reachable. The IP address range for this is ___

Answer 31

Automatic Private IP Addressing (APIPA);

169.254.0.1 - 169.254.255.254

Question 32

___, or registration, is the initial creation of a user account in the provisioning process

Answer 32

Enrollment

Question 33

The ___ role is responsible for making sure systems provide value (balanced with security needs)

Answer 33

business or mission owner’s

Question 34

The ___ (Act) makes it a crime to invade the electronic privacy of an individual. It prohibits the unauthorized monitoring of email and voicemail communications

Answer 34

Electronic Communications Privacy Act (ECPA)

Question 35

Syslog uses port ___

Answer 35

UDP 514 (or TCP 6514)

Question 36

___ is a TCP flag used to clear the buffer, resulting in immediately sending data

Answer 36

PSH

Question 37

___ is the TCP urgent flag

Answer 37

URG

Question 38

___ is a TCP flag for Nonce concealment protection

Answer 38

NS

Question 39

___ is a TCP flag used to reset the connection

Answer 39

RST

Question 40

As the incident response progresses, the root cause analysis is a component of the ___ step of the incident response process

Answer 40

remediation

Question 41

___ errors are most likely to be missed by automated functional testing

Answer 41

Business logic

Question 42

___ sites take a very long time to activate, measured in weeks or months

Answer 42

Cold

Question 43

Test coverage is computed using the formula test coverage = number of ___/ total number of ___

Answer 43

use cases tested; use cases

Question 44

___ is the first functional goal of physical security mechanisms

Answer 44

Deterrence

Question 45

a good alternative to FTP for transferring files is ___

Answer 45

SCP—Secure Copy

Question 46

The California Online Privacy Protection Act requires that commercial websites that collect personal information from users in California ___

Answer 46

conspicuously post a privacy policy

Question 47

Iris scans have a longer useful life than many other types of biometric factors because ___

Answer 47

they don’t change throughout a person’s life span

Question 48

The ___ Act is an example of civil law, whereas most cyber-security laws are criminal

Answer 48

Gramm-Leach-Bliley (GLBA)

Question 49

The S/MIME secure email format uses the ___ file format for encrypted email messages

Answer 49

P7S

Question 50

___ allows the storage of multiple different pieces of information in a database at different classification levels to prevent attackers from conducting aggregation or inference attacks

Answer 50

Polyinstantiation

Question 51

Any primary key is, by definition, also a ___ key

Answer 51

candidate

Question 52

to protect the integrity of an email message without encryption, you should ___

Answer 52

digitally sign it (no need to hash it)

Question 53

to force cookies to use TLS, you should ___

Answer 53

set the Secure attribute on them

Question 54

___ is specifically designed for encrypted file transfer, while ___ is used for secure command-line access

Answer 54

SFTP; SSH

Question 55

The disaster recovery test types, listed in order (A-D) of their potential impact on the business from the least impactful to the most impactful, are as follows:

Answer 55

A. Checklist review
B. Parallel test
C. Tabletop exercise
D. Full interruption test

Question 56

HIPAA requires that anyone working with personal health information on behalf of a HIPAA-covered entity be subject to the terms of a ___

Answer 56

business associates agreement (BAA)

Question 57

an ___ can translate traffic between IPv6 networks and IPv4 networks

Answer 57

IPv6 to IPv4 gateway

Question 58

WPA2 encryption has no effect on ___ attacks

Answer 58

password

Question 59

in contrast to synthetic user monitoring, passive monitoring is also referred to as ___ monitoring

Answer 59

real user