Official Study Guide

Question 1

the Digital Millennium Copyright Act (DMCA) requires ISP’s to act promptly when notified of copyright infringement to address data stored or cached on systems controlled by it, but not on ___

Answer 1

data actively transmitted

Question 2

the ___ act provides protection of trade secrets

Answer 2

Economic Espionage

Question 3

Patents are registered with the ___

Answer 3

United States Patent and Trademark Office (USPTO)

Question 4

the ___ requires federal agencies to implement information security programs

Answer 4

Federal Information Security Management Act (FISMA)

Question 5

a ___ audit covers business continuity planning

Answer 5

SOC 2

Question 6

the threshold for malicious damage to a federal computer system that triggers the Computer Fraud and Abuse Act is ___

Answer 6

$5,000

Question 7

___ is a control objective framework that is widely accepted around the world and focuses specifically on information security controls

Answer 7

ISO 27002

Question 8

___ requires that communications service providers cooperate with law enforcement requests

Answer 8

The Communications Assistance for Law Enforcement Act (CALEA)

Question 9

the ___ of a company is not typically involved in BDP meetings, but should approve it when it is complete

Answer 9

CEO

Question 10

the cutoff age below which parents must give consent in advance of the collection of personal information from their children under the Children’s Online Privacy Protection Act (COPPA) is ___

Answer 10

13

Question 11

reliability of the materials and equipment used by a company are addressed in its ___

Answer 11

supply chain

Question 12

A ___ most often refers to a formal US government process for assessing security controls and is often paired with a Security Test and Evaluation (ST&E) process.

Answer 12

security controls assessment (SCA)

Question 13

Control Objectives for Information and Related Technology (COBIT) would be used by a ___ to help balance IT security needs with business needs

Answer 13

business owner

Question 14

the security baseline applied to a system is primarily determined by ___

Answer 14

the classification of data it contains

Question 15

even if it has been anonymized, personal health information should be classified as ___

Answer 15

Private

Question 16

to make sure the windows workstations are in compliance with a security baseline, use ___

Answer 16

Microsoft Group Policy

Question 17

data with the military classification of ___ would, if disclosed, could cause serious harm to national security

Answer 17

Secret

Question 18

due to danger of remnant data, the US National Security Agency requires the ___ of SSD’s when no longer needed

Answer 18

physical destruction

Question 19

The ___ requires conspicuously posted privacy policies on commercial websites that collect the personal information of California residents

Answer 19

California Online Privacy Protection Act

Question 20

data “in motion” means data that is travelling ___ only

Answer 20

electronically

Question 21

the earliest detection of fires can detect them in the ___ phase

Answer 21

incipient

Question 22

business “Confidential” classification is equivalent to ___ or the military classification ___ and poses ___ danger, even though “Confidential” is the lowest military classification

Answer 22

proprietary; top secret; exceptionally grave

Question 23

restricting access of a process to system resources to limit its impact on other processes (like a sandbox) is known as ___

Answer 23

confinement

Question 24

if a customer is using IaaS and leaves sensitive information on a vendor’s drive, it is the ___ responsibility to remove the data

Answer 24

vendor’s

Question 25

in assessing and accepting security controls, ___ means it has been validated by a company’s testers, ___ means it has been accepted by management (or an approved authority), and ___ means it has been validated by a third party

Answer 25

certification; accreditation; verification

Question 26

to deter a casual intruder, fences should be ___ high, to deter a determined intruder it should be ___ high and have ___ at the top

Answer 26

6 ft; 8 ft; 3 strands of barbed wire

Question 27

Halon is no longer used for fire suppression because ___

Answer 27

it contains CFC’s

Question 28

___ sensors detect changes in electromagnetic fields to detect motion

Answer 28

capacitance

Question 29

___ is malware which exploits port __ and infects IoT devices

Answer 29

Mirai, 23

Question 30

Frame Relay supports ___, unlike X.25

Answer 30

multiple private virtual circuits (PVCs)

Question 31

wireless clients on a LAN typically operate in ___ mode, which allows them to communicate with other clients through a Access Point

Answer 31

Infrastructure (or Master)

Question 32

The RST flag is used to ___ in a TCP packet

Answer 32

reset or disconnect a session

Question 33

The ___ Authentication Protocol is used by PPP servers to authenticate remote clients. It encrypts both the username and password and performs periodic reauthentication while connected using techniques to prevent replay attacks

Answer 33

Challenge-Handshake (CHAP)

Question 34

DNS ___ is when an attacker changes the domain name to IP address mappings of a system to redirect traffic to alternate systems, and DNS ___ occurs when
an attacker sends false replies to a requesting system, beating valid replies from the actual DNS server

Answer 34

poisoning; spoofing

Question 35

___ is a converged protocol that allows location-independent file services over traditional network technologies. It costs less than traditional Fibre Channel

Answer 35

iSCSI

Question 36

1000BaseT is capable of a ___-meter run

Answer 36

100

Question 37

the two classes of Integrated Services Digital Network (ISDN) are ___ and ___

Answer 37

Basic Rate Interface (BRI); Primary Rate Interface (PRI)

Question 38

SPIT stands for ___

Answer 38

Spam over Internet Telephony

Question 39

one risk of non-IP protocols on a network is that ___

Answer 39

firewalls may not be able to filter them out

Question 40

Ethernet uses a ___ topology

Answer 40

bus

Question 41

___ is used to allow assertions of domain identity

to validate email

Answer 41

Domain Keys Identified Mail (DKIM)

Question 42

of the most commonly found LAN authentication technologies, Kerberos is SSO but ___ is not

Answer 42

RADIUS

Question 43

Kerberos uses ___ to encrypt authentication information

Answer 43

AES

Question 44

when an access table has no roles, rules or classifications, it is likely a simple ___ system, which is becoming more popular with cloud-based systems

Answer 44

resource-based access

Question 45

an LDAP Distinguished Name (DN) can have values separated by ___ or ___, but cannot end with any character like ___

Answer 45

”,” or “+”

“;”

Question 46

The stored sample of a biometric factor is called a ___ or a ___

Answer 46

reference profile; reference template

Question 47

SAML does not have a security mode and relies on

___ and ___ to ensure security if needed

Answer 47

TLS; digital signatures

Question 48

badge readers are considered a category ___ control

Answer 48

physical

Question 49

in Mandatory Access Control a user with a Secret classification can access data classified as ___

Answer 49

Secret only (not higher or lower)

Question 50

The ___ for LDAP provides support for a range of authentication types, including secure methods

Answer 50

Simple Authentication and Security Layer (SASL)

Question 51

in ___ access control, the owner of the data rather than a system administrator sets permissions

Answer 51

discretionary

Question 52

Nikto is useful for ___

Answer 52

vulnerability scanning web servers and applications

Question 53

if nmap shows a port being “Filtered” is means ___

Answer 53

it cannot be reached due to firewall interference

Question 54

if you learn about a zero day vulnerability on systems you use, your first step should be to check ___

Answer 54

the versions you are running to see if the vulnerability applies to you

Question 55

only ___ wireless scans can reveal rogue devices

Answer 55

passive

Question 56

Linux, wireless and firewall systems all generate a syslog, but ___ systems use a proprietary format

Answer 56

windows

Question 57

a TCP ___ scan can be used to identify active services on a network without using any elevated privileges

Answer 57

connect

Question 58

in reporting on a pen test, care should be taken to avoid ___

Answer 58

accidental additional exposure if the wrong people see the vulnerabilities reported

Question 59

Port ___ is used for administrative connections

Answer 59

22 (SSH)

Question 60

besides disk space, excessive logging can also tax ___

Answer 60

system processing power (slow things down)

Question 61

___ scans use a read-only account to access configuration files, allowing more accurate testing of vulnerabilities

Answer 61

Authenticated

Question 62

anything that disrupts operations can be considered a ___

Answer 62

disaster

Question 63

___ refers to the privileges granted to users when an account is first provisioned

Answer 63

Entitlement

Question 64

The ___ phase of incident response focuses on actions that can contain the damage incurred during an incident. This includes limiting the scope and or effectiveness of the incident

Answer 64

Mitigation

Question 65

for something to be considered a security ___, an actual security compromise or policy violation must take place

Answer 65

incident

Question 66

mandatory vacations should be for at least ___ days

Answer 66

7

Question 67

Egress filtering scans outbound traffic for potential security policy violations. This includes traffic with a private IP address as the destination, traffic with a broadcast address as the destination, and traffic that has a falsified source address not belonging to
the organization, but shouldn’t include ___

Answer 67

Traffic with a destination address on an external network

Question 68

many firewalls use ___ as part of their anti-SYN-flood response

Answer 68

spoofing

Question 69

a ___ can help manage assets by gathering information about all systems on a network (even mobile devices), the OS and applications installed, security settings, etc.

Answer 69

System Center Configuration Manager (SCCM or ConfigMgr)

Question 70

the degree of a table is the number of ___

Answer 70

columns (Attributes)

Question 71

___ is a security issue that arises when a collection of facts has a higher classification than the classification of any of those facts standing alone. An ___ problem occurs when an attacker can pull together pieces of less sensitive information and use them to derive information of greater sensitivity

Answer 71

Aggregation; inference

Question 72

___ viruses use multiple propagation mechanisms to defeat system security controls but do not necessarily include techniques designed to hide the malware from antivirus software.

Answer 72

Multipartite

Question 73

___ viruses tamper with the operating system to hide their existence

Answer 73

Stealth

Question 74

___ is typically the last phase of the software testing process

Answer 74

User acceptance testing (UAT)

Question 75

___ provides the most effective defense against session hijacking because it encrypts all traffic between the client and server, preventing the attacker from stealing session credentials

Answer 75

Transport Layer Security (TLS)

Question 76

When a system uses shadowed passwords, the /etc/passwd file would contain ___ to indicate that the password hash is in the shadow file

Answer 76

an x

Question 77

A ___ in an website input field is used to escape outside the input field in a SQL injection attack

Answer 77

single quotation mark

Question 78

parameterization and ___ restricted characters in an input field prevents them from being passed to the database

Answer 78

Escaping

Question 79

expert systems have two main components, a knowledge base and ____

Answer 79

an inference engine

Question 80

testing software with knowledge of the code, but from the user’s perspective is ___ box testing

Answer 80

grey

Question 81

limiting ___ is one way to limit the abuse of API’s

Answer 81

request rates