P/E 1 Flashcards
- What is the value of the logical operation shown here?
X: 0 1 1 0 1 0
Y: 0 0 1 1 0 1
___________________________
~Y: ?
A. 0 1 1 1 1 1
B. 1 1 0 0 1 0
C. 0 0 1 0 0 0
D. 0 0 1 1 0 1
Answer: B
The ~ symbol represents the NOT function, which inverts the bits of the affected variable. In this case, the X value is not used.
- In object-oriented programming, what term describes a collection of the common methods from a set of objects that defines the behavior of those objects?
A. Class
B. Instance
C. Message
D. Polymorphism
Answer: A
A class is a collection of the common methods from a set of objects that defines the behavior of those objects.
- Which of the following is not an illegal activity that can be performed over a computer network?
A. Theft
B. Destruction of assets
C. Waste of resources
D. Espionage
Answer: C
Although wasting resources is considered inappropriate activity, it is not actually a crime in most cases.
- Which of the following is not a protocol used by the standard Internet-based email system?
A. SMTP
B. POP3
C. PEM
D. IMAP
Answer: C
Privacy Enhanced Mail (PEM) is not a standard Internet email protocol; it is an add-on encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation.
- Which IPSec mode provides for encryption of complete packets, including header information?
A. Transport
B. Encapsulating Security Paylod
C. Authentication Header
D. Tunnel
Answer: D
When IPSec is used in tunnel mode, entire packets, rather than just the payload, are encrypted. This mode is designed for use in gateway-to-gateway communications.
- You are implementing AES encryption for files that your organization plans to store in a cloud storage service and wish to have the strongest encryption possible. What key length should you choose?
A. 192 bits
B. 256 bits
C. 512 bits
D. 1024 bits
Answer: B
The strongest keys supported by the Advanced Encryption Standard are 256 bits. The valid AES key lengths are 128, 192, and 256 bits.
- Recently, a piece of malicious code was distributed over the Internet in the form of software claiming to allow users to play Xbox games on their PCs. The software actually launched the malicious code on the machines of users who attempted to execute it. What type of malicious code does this describe?
A. Logic bomb
B. Virus
C. Trojan horse
D. Worm
Answer: C
Trojan horses masquerade as useful programs (such as a game) but really contain malicious code that runs in the background.
- An abundance of unsolicited messages arriving to the extent it prevents legitimate activity is known as what?
A. Sniffing
B. Denial of service
C. Brute-force attack
D. Buffer-overflow attack
Answer: B
Denial of service is the abundance of unsolicited messages arriving to the extent it prevents legitimate activity.
- The term personal area network is most closely associated with what wireless technology?
A. 802.15
B. 802.11
C. 802.16
D. 802.3
Answer: A
802.15 (aka Bluetooth) creates personal area networks (PANs).
- Which network topology offers multiple routes to each node to protect from multiple segment failures?
A. Ring
B. Star
C. Bus
D. Mesh
Answer: D
Mesh topologies provide redundant connections to systems, allowing multiple segment failures without seriously affecting connectivity.
- When attempting to impose accountability on users, what key issue must be addressed?
A. Reliable log storage system
B. Proper warning banner notification
C. Legal defense/support of authentication
D. Use of discretionary access control
Answer: C
To effectively hold users accountable, your security must be legally defensible. Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.
- What is a device that attempts to route first but will bridge if routing fails?
A Switch
B. Repeater
C. Bridge
D. Brouter
Answer: D
A brouter is a device that attempts to route first, but if that fails, it defaults to bridging.
- Which of the following statements is true?
A. An open system does not allow anyone to view its programming code.
B. A closed system does not define whether or not its programming code can be viewed.
C. An open source program can only be distributed for free.
D. A closed source program cannot be reverse engineered or decompiled.
Answer: B
A closed system is designed to work well with a narrow range of other systems, generally all from the same manufacturer. The standards for closed systems are often proprietary and not normally disclosed. However, a closed system (as a concept) does not define whether or not its programming code can be viewed. An open system (as a concept) also does not define whether or not its programming code can be viewed. An open source program can be distributed for free or for a fee. A closed source program can be reverse engineered or decompiled.
- ___________________ is any hardware, software, or administrative policy or procedure that defines and enforces access and restriction rights on an organizational level.
A. Logical control
B. Technical control
C. Access control
D. Administrative control
Answer: C
Access control is any hardware, software, or organizational administrative policy or procedure that grants or restricts access, monitors and records attempts to access, identifies users attempting to access, and determines whether access is authorized.
- Which of the following is not a reason for data classification?
A. To secure everything at a high security level because securing everything at a low security level means sensitive data is easily accessible
B. To determine how much effort, money, and resources are allocated to protect the data and control access to it
C. To secure everything at a low security level because securing everything at a high security level is too expensive and restricts access to unclassified, noncritical data
D. To provide for nonrepudiation
Answer: D
Providing for nonrepudiation is not a reason for data classification.
- Which of the following models allows the owner of an object to grant privileges to other users?
A. Mandatory access control model
B. Discretionary access control model
C. Role-based access control model
D. Rule-based access control model
Answer: B
A discretionary access control model allows the owner (or data custodian) of a resource to grant permissions at the discretion of the owner. The other answers are non-discretionary models.
- What database security feature uses a locking mechanism to prevent simultaneous edits of cells?
A. Semantic integrity mechanism
B. Concurrency
C. Polyinstantiation
D. Database partitioning
Answer: B
Concurrency uses a “lock” feature to allow an authorized user to make changes and then “unlock” the data elements only after the changes are complete. This is done so another user is unable able to access the database to view and/or make changes to the same elements at the same time.
- What cryptographic goal does the challenge-response protocol support?
A. Confidentiality
B. Integrity
C. Authentication
D. Nonrepudiation
Answer: C
The challenge-response protocol is an authentication protocol that uses cryptographic techniques to allow parties to assure each other of their identity.
- Which of the following is an effective means of preventing and detecting the installation of unapproved software?
A. Workstation change
B. Separation of duties
C. Discretionary access control
D. Job responsibility restrictions
Answer: A
Workstation change is an effective means of preventing and detecting the presence of unapproved software.
- What are the well-known ports?
A. 0 to 1,023
B. 80, 135, 110, 25
C. 0 to 65, 536
D. 32,000 to 65,536
Answer: A
Ports 0 to 1,023 are the well-known ports.
- John is configuring a router that will stand between the network 10.8.6.0/24 and the Internet. He would like to configure egress filtering rules to minimize the potential of crackers originating a DDoS attack from his network. What type of traffic should be filtered out to help achieve this goal?
A. Inbound traffic with a private IP address
B. Outbound traffic with a private IP address
C. Inbound traffic with an address in the range 10.8.6.0/24
D. Outbound traffic with an address outside the range 10.8.6.0/24
Answer: D
Although it is true that John would probably want to filter out all of these types of traffic for various reasons, he would be specifically interested in filtering out outbound traffic with an address not belonging to his network to achieve his stated goal.
- Which of the following requires keeping archives of audit logs for a specific time?
A. Data remanence
B. Record retention
C. Data diddling
D. Data mining
Answer: B
Record retention policies define the amount of time to keep any data, including logs. Data remanence is data remnants on media. Data diddling refers to the modification of data before or during data entry resulting in incorrect or corrupt data. Data mining refers to extracting meaningful knowledge from large amounts of data.
- What network devices operate within the Physical layer?
A. Bridges and switches
B. Firewalls
C. Hubs and repeaters
D. Routers
Answer: C
Network hardware devices that function at layer 1, the Physical layer, are hubs and repeaters.
- Which type of access control system relies on using classification labels that are representative of security domains and realms?
A. Nondiscretionary access control
B. Mandatory access control
C. Discretionary access control
D. Logical access control
Answer: B
Mandatory access control enforces an access policy that is determined by the system, not the object owner.
- Which of the following is the type of antivirus response function that removes the malicious code but leaves damage unrepaired?
A. Cleaning
B. Removal
C. Stealth
D. Polymorphism
Answer: B
Removal removes the malicious code but does not repair the damage caused by it. Cleaning not only removes the code, but it also repairs any damage the code has caused.
- _______________ is a centralized database or index of assets, personnel, resources, or services on the network.
A. TACACS+
B. Kerberos
C. RADIUS server
D. A directory service
Answer: D
A directory service is a centralized database of resources, such as a phone directory, made available to the network.
- Which of the following algorithms/protocols provides inherent support for nonrepudiation?
A. HMAC
B. DSA
C. MD5
D. SHA-1
Answer: B
The Digital Signature Algorithm (as specified in FIPS 186-2) is the only one of the algorithms listed here that supports true digital signatures, providing integrity verification and nonrepudiation. HMAC allows for the authentication of message digests but supports only integrity verification. MD5 and SHA-1 are message digest creation algorithms and can be used in the generation of digital signatures but provide no guarantees of integrity or nonrepudiation in and of themselves.
- What regulation applies to the security of credit and debit card information held by merchants and service providers?
A. HIPAA
B. CALEA
C. GLBA
D. PCI DSS
Answer: D
The Payment Card Industry Data Security Standard (PCI DSS) places contractual obligations on merchants and service providers to ensure the security of cardholder information.
- What networking device can be used to extend the maximum usable length of network cabling?
A. Router
B. Firewall
C. Repeater
D. Bridge
Answer: C
Long cable lengths can often be supplemented through the use of repeaters or concentrators. A repeater is just a signal amplification device.
- On what port do DHCP clients request a configuration?
A. 25
B. 110
C. 68
D. 443
Answer: C
Dynamic Host Configuration Protocol (DHCP) uses port 68 for client request broadcast and port 67 for server point-to-point response.
- Which of the following is often a side benefit of a thorough risk analysis process?
A. Removal of all threats to an organization
B. Streamlining of security policies
C. Complete and detailed valuation of all assets
D. Deployment of safeguards
Answer: C
A side benefit of risk analysis is a complete and detailed valuation of all assets. None of the other options is an element or benefit of risk analysis.
- In which IPSec mode is the content of an encapsulated packet encrypted but not the header?
A. Transport
B. Tunnel
C. Vector
D. Transparent
Answer: A
In transport mode, the IP packet data is encrypted, but the header of the packet is not.
- Which of the following may introduce new vulnerabilities to voice communications?
A. Modems
B. VoIP
C. Encryption
D. PBX
Answer: B
Voice over IP (VoIP), which transmits voice communications through an IP network, introduces network-specific vulnerabilities to voice communications.
- _______________ is the process through which the activities of user accounts and processes are tracked and recorded.
A. Accountability
B. Auditing
C. Accessibility
D. Authentication
Answer: B
Auditing is the process by which online activities of user accounts and processes are tracked and recorded.
- Identification is the first step toward what ultimate goal?
A. Accountability
B. Authorization
C. Auditing
D. Nonrepudiation
Answer: A
Accountability is the ultimate goal of a process started by identification.
- Which type of control provides extended options to existing controls and aids or supports administrative security policy?
A. Recovery access control
B. Corrective access control
C. Restorative access control
D. Compensation access control
Answer: D
Compensation access control is deployed to provide various options to existing controls to help enforce and support a security policy.
- In what type of attack does the intruder initiate connections to both a client and a server?
A. Chosen plain-text attack
B. Meet-in-the-middle attack
C. Man-in-the-middle attack
D. Replay attack
Answer: C
In the man-in-the-middle attack, a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session).
- What attack pattern utilizes a series of sequential or combinatorial inputs in an attempt to test every possible combination against some security feature?
A. Distributed attack
B. Denial of service attack
C. Brute-force attack
D. Buffer overflow attack
Answer: C
A brute-force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols.
- What IPSec component provides assurances of message integrity and nonrepudiation?
A. Authentication Header
B. Encapsulating Security Payload
C. IP Payload Compression protocol
D. Internet Key Exchange
Answer: A
The Authentication Header provides assurances of message integrity and nonrepudiation.
- ______________ is deployed to discover unwanted or unauthorized activity after it occurs as opposed to before or during.
A. Directive access control
B. Deterrent access control
C. Detective access control
D. Defective access control
Answer: C
Detective access control is deployed to discover unwanted or unauthorized activity.
- _______________ ensures that a requested activity or access to an object is possible given the rights and privileges assigned to an authenticated identity.
A. Authentication
B. Accountability
C. Accessibility
D. Authorization
Answer: D
Authorization ensures that a requested activity or access to an object is possible given the rights and privileges assigned to an authenticated identity.
- Which database principle ensures that transactions execute in an all-or-nothing fashion?
A. Atomicity
B. Consistency
C. Isolation
D. Durability
Answer: A
The atomicity of database transactions requires transaction execution in an all-or-nothing fashion. If any part of the transaction fails, the entire transaction is rolled back.
- On a much smaller scale, _______________ is deployed to repair or restore capability, functionality, or resources following a violation of security policy.
A. Recovery access control
B. Corrective access control
C. Detective access control
D. Compensation access control
Answer: A
Recovery access control is deployed to repair or restore resources, functions, and capabilities after a violation of security policies.
- Which of the following is not true?
A. A purely quantitative analysis is not possible.
B. Qualitative risk analysis employs complex formulas and calculations.
C. Quantitative risk analysis assigns real dollar figures to the loss of an asset.
D. Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.
Answer: B
Qualitative risk analysis does not employ complex formulas and calculations. Scenario discussions and simple value assignments are used to evaluate risk, incidents, losses, and safeguards.
- Using an insular padded cell on your network for protection to isolate intruders functions on what principle?
A. The data offered by the padded cell is what originally attracts the attacker.
B. Padded cells are a form of entrapment.
C. The intruder is seamlessly transitioned into the padded cell once they are detected.
D. Padded cells are used to test a system for known vulnerabilities.
Answer: C
When an intruder is detected by an IDS, they are transferred to a padded cell. The transfer of the intruder into a padded cell is performed automatically, without informing the intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities.
- Which of the following can be used to verify the integrity of a received message?
A. Transaction log
B. Record sequence checking
C. Hash total
D. Parity value
Answer: C
A hash total is a checksum used to verify the integrity of a transmission.
- You are developing an application that compares passwords to those stored in a Unix password file. The hash values you compute are not correctly matching those in the file. What might have been added to the stored password hashes?
A. Salt
B. Double hash
C. Added encryption
D. One-time pad
Answer: A
Cryptographic salt values are added to the passwords in password files before hashing to defeat rainbow table and dictionary attacks.
- What protocol is utilized by attackers launching a smurf attack against a network?
A. TCP
B. ICMP
C. ARP
D. RARP
Answer: B
The smurf attack depends on ping packets, which are implemented by the Internet Control Message Protocol (ICMP).
- ___________________ implies that network services, communications, and access control mechanisms are functional and allow authorized users to gain authorized access.
A. Confidentiality
B. Integrity
C. Availability
D. Nonrepudiation
Answer: C
The principle of availability implies that network services, communications, and access control mechanisms are functional and allow authorized users to gain authorized access.
- What is an access control list (ACL) based on?
A. An object
B. A subject
C. A role
D. An account
Answer: A
An ACL is based on an object and includes a list of subjects that are granted access. A capability table is focused on a subject and includes a list of objects the subject can access. Roles and accounts are examples of subjects and may be included in an ACL, but they aren’t the focus.
- Which security role is ultimately responsible for due diligence in protecting a company’s data?
A. The user
B. The data owner
C. The data custodian
D. The administrator
Answer: B
The data owner is the person who has final corporate responsibility for the protection and storage of data. Owners may be liable for negligence if they fail to perform due diligence in establishing and enforcing security policy to protect and sustain sensitive data.
- What type of attack includes fragmented packets that cannot be reassembled?
A. Zero day exploit
B. Spamming
C. Distributed denial of service
D. Teardrop
Answer: D
In a teardrop attack, an attacker fragments traffic in such a way that data packets cannot be put together. A zero day exploit refers to an attack using vulnerabilities that are unknown to others. Spamming refers to sending massive quantities of unsolicited email. A distributed denial of service (DDoS) attack is an attack on a single system from multiple sources.
- Which one of the following is a cloud-based service model that allows users to access email via a web browser?
A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Public
Answer: C
The SaaS service model provides services such as email available via a web browser. IaaS provides the infrastructure (such as servers) and PaaS provides a platform (such as an operating system and application installed on a server). Public is a deployment method, not service model.
- Which of the following is the highest security classification for a government/military organization?
A. Classified
B. Top secret
C. Sensitive
D. Sensitive but unclassified
Answer: B
Top secret is the highest security classification for a government/military organization.
- You are selecting a symmetric encryption algorithm to protect the contents of sensitive information stored by your organization. Which of the following would be the best choice?
A. Vernam cipher
B. DES
C. 2DES
D. 3DES
Answer: D
The Vernam cipher, or one-time pad, is not practical for use on an automated basis. DES and 2DES are no longer considered secure cryptosystems. 3DES is a strong cryptosystem appropriate for use.
- What frequency does an 802.11n-compliant device employ?
A. 3 Hz
B. 900 MHz
C. 7 GHz
D. 2.4 GHz
Answer: D
802.11n can use the 2.4 GHz and 5 GHz frequencies. The 2.4 GHz frequency is also used by 802.11g and 802.11b.
- What is the primary function of a gateway as a network device?
A. Routing traffic
B. Protocol translator
C. Attenuation protection
D. Creating virtual LANs
Answer: B
The gateway is a network device (or service) that works at the Application layer. However, an Application layer gateway is a very specific type of component. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission.
- What is the minimum size a packet can be to be used in a ping-of-death attack?
A. 2,049 bytes
B. 16,385 bytes
C. 32,769 bytes
D. 65,537 bytes
Answer: D
The maximum allowed ping packet size is 65,536 bytes. To engage in a ping-of-death attack, an attacker must send a packet that exceeds this maximum. Therefore, the smallest packet that might result in a successful attack would be 65,537 bytes.
- What TCP/IP communications port is utilized by Secure Sockets Layer (SSL) traffic?
A. 80
B. 220
C. 443
D. 559
Answer: C
SSL uses port 443 to transmit encrypted web traffic over TCP connections.
- Which of the following options is true in terms of a host-based IDS?
A. It’s ineffective on switched networks.
B. It monitors several systems altogether.
C. It’s invisible to attackers and authorized users.
D. It monitors a single system individually.
Answer: D
A host-based IDS watches for questionable activity on a single computer system. A network-based IDS watches for questionable activity being performed over the network medium, can be made invisible to users, and is ineffective on switched networks.
- What is the countermeasure cost/benefit equation?
A. SLE * ARO
B. EF * AV * ARO
C. (ALE1 – ALE2) – CM cost
D. Total risk + controls gap
Answer: C
To make the determination of whether the safeguard is financially equitable, use the following countermeasure cost/benefit equation: (ALE before countermeasure – ALE after implementing the countermeasure) – annual cost of countermeasure = value of the countermeasure to the company.
- Precomputed password hashes kept as a series of iterative inputs are known as what?
A. Dictionary word list
B. Brute force
C. Rainbow tables
D. Encryption catalog
Answer: C
Rainbow tables use an iterative series of precomputed password hashes as an alternative to sequential guessing or dictionary-based lookup attacks against authentication mechanisms.
- When establishing who someone is before you grant them access to resources, what is the first step?
A. Verify credentials
B. Claim an identity
C. Grant authority
D. Monitor activity
Answer: B
The first step toward granting a user access is for them to claim an identity (identification). That is followed by verifying credentials (authentication), then by granting authority (authorization), and finally by monitoring activity (auditing).
- What type of attack can be used against cryptographic algorithms that do not incorporate temporal protections?
A. Chosen plain-text attack
B. Meet-in-the-middle attack
C. Man-in-the-middle attack
D. Replay attack
Answer: D
In a replay attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later replays the captured message to open a new session.
- What protocol manages the security associations used by IPSec?
A. ISAKMP
B. SKIP
C. IPComp
D. SSL
Answer: A
The Internet Security Association and Key Management Protocol (ISAKMP) provides background security support services for IPSec, including managing security associations.
- What evidence standard do most criminal investigations follow?
A. Beyond a reasonable doubt
B. Beyond the shadow of a doubt
C. Preponderance of the evidence
D. Clear and convincing evidence
Answer: A
Criminal investigations typically follow the “beyond a reasonable doubt” standard of evidence.
- Which one of the following tools is used primarily to perform network vulnerability scans?
A. nmap
B. Nessus
C. Metasploit
D. lsof
Answer: B
Nessus is a network vulnerability scanning tool that searches systems for known vulnerabilities.
- What language contains the commands used by database users to interact with data?
A. DDL
B. XML
C. UML
D. DML
Answer: D
The Data Manipulation Language is a subset of SQL containing the commands used to interact with data.
- An organization has strictly implemented the principle of least privilege. Which of the following is not a likely outcome?
A. Users can log onto any computer in the network.
B. Users can log onto only a single system.
C. Users have restricted access to files based on their jobs.
D. Users do not have access to backup tapes.
Answer: A
The principle of least privilege restricts user privileges to what they need and no more. Users do not have a need to log onto any computer in the network. A policy used to implement the principle of least privilege can restrict users to a single computer, restrict access to files, and restrict access to backups.
- Which of the following is not a useful guideline in training users to avoid becoming victims of social engineering attacks?
A. Err on the side of caution.
B. Use a strong password.
C. Request proof of identity.
D. Restrict classified information for voice communications.
Answer: B
Following rules for strong password generation is not a direct defense against social engineering attacks.
- What is confidentiality dependent on?
A. Integrity
B. Availability
C. Nonrepudiation
D. Auditing
Answer: A
Without object integrity, confidentiality cannot be maintained. In fact, integrity and confidentiality depend on one another.
- Which networking technology assumes traffic collisions will occur and thus requires collision detection and avoidance mechanisms?
A. Ethernet
B. Token Ring
C. FDDI
D. ISDN
Answer: A
Ethernet is a shared media LAN technology. That means it allows numerous devices to communicate over the same medium but requires that each device take turns communicating and perform collision detection and avoidance.
- Which of the following is occurring when a user professes an identity with a login ID?
A. Identification
B. Authentication
C. Auditing
D. Authorization
Answer: A
Identification occurs when a user professes an identity with a login ID. The combination of the login ID and the password provide authentication. Auditing provides accountability. Users are granted authorization to access resources based on their proven identities.
- Which IPSec protocol provides assurances of nonrepudiation?
A. AH
B. ISAKMP
C. DH
D. ESP
Answer: A
The Authentication Header (AH) provides assurances of message integrity and nonrepudiation.
- _______________ is the process by which a subject provides a username, logon ID, personal identification number, and so on.
A. Accountability
B. Authentication
C. Confidentiality
D. Identification
Answer: D
Identification is the process by which a subject professes an identity and accountability is initiated.
- What type of malicious code uses a filename similar to that of a legitimate system file?
A. MBR
B. Companion
C. Stealth
D. Multipartite
Answer: B
Companion viruses use filenames that mimic the filenames of legitimate system files.
- What package provides secure replacements for common Internet utilities like FTP?
A. PGP
B. SSH
C. PEM
D. SSL
Answer: B
Secure Shell (SSH) provides secure replacements for a number of common Internet utilities.
- Which of the following is not a true statement?
A. Process confinement allows a process to read from and write to all memory locations and resources.
B. The bounds of a process consist of limits set on the memory addresses and resources it can access.
C. Process isolation ensures that any behavior will affect only the memory and resources associated with the isolated process.
D. If that data is overwritten or altered in an unpredictable way, there is no guarantee of integrity
Answer: A
Process confinement allows a process to read from and write to only certain memory locations and resources.
- A system verifies a user’s password when the user logs on with a username and password. What does the password provide?
A. Identification
B. Authentication
C. Accountability
D. Authorization
Answer: B
The password combined with the username provides authentication. The username by itself provides identification. Logging and auditing of user actions provide accountability. Authorization refers to granting users access to resources based on their proven identities.
- Which of the following protocols can be defined with the statement “This is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems”?
A. swIPe
B. RPC
C. SKIP
D. SET
Answer: B
S-RPC is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems.
- Which of the following is not part of RFC 1918?
A. 169.254.1.1
B. 192.168.1.1
C. 172.16.1.1
D. 10.1.1.1
Answer: A
The 169.254.x.x range is usually employed by the Microsoft APIPA response to failed DHCP services.
- Subjects can be held accountable for their actions toward other subjects and objects while they are authenticated to a system. What process facilitates this accountability?
A. Access controls
B. Monitoring
C. Account policies
D. Performance review
Answer: B
Monitoring the activities of subjects and objects, as well as of core system functions that maintain the operating environment and the security mechanisms, helps establish accountability on the system.
- You are designing a new wireless network and are configuring encryption options. What technology should you ensure is never used on your wireless network?
A. WPA
B. WPA2
C. TKIP
D. WEP
Answer: D
Wired Equivalent Privacy (WEP) technology is notoriously insecure and vulnerable to eavesdropping attacks.
- What Internet standard does all public email comply with?
A. IEEE 802.11
B. X.400
C. X.509
D. LDAP
Answer: B
Internet email must comply with X.400.
- What is the maximum key length of Blowfish?
A. 128 bits
B. 256 bits
C. 384 bits
D. 448 bits
Answer: D
Blowfish has a maximum key length of 448 bits.
- Which of the following is not a benefit of NAT?
A. Use of RFC 1918 addresses
B. Fewer leased public addresses
C. Hidden configuration of internal systems
D. Access initiations from external entities
Answer: D
NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.
- When information is collected about your activities online without your consent, it is a violation of what?
A. Integrity
B. Intent
C. Confidentiality
D. Privacy
Answer: D
When information is collected about your activities online without your consent, it is known as a violation of privacy.
- An attack pattern characterized by a series of invalid packet sequence numbers is called what?
A. Stream
B. Spamming
C. Distributed denial of service
D. Teardrop
Answer: D
In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the routines used to reassemble (that is, resequence) fragmented packets. An attacker sends numerous specially formatted fragmented packets to the victim, which causes the system to freeze or crash.
- ________________ operates on a set of defined rules or restrictions that filter actions and activities performed on the system.
A. Discretionary access control
B. Mandatory access control
C. Nondiscretionary access control
D. Voluntary access control
Answer: C
Nondiscretionary access control enables the enforcement of systemwide restrictions that override object-specific access control.
- What is the first priority in any business continuity plan?
A. Data restoration
B. Personal safety
C. Containing damage
D. Activating an alternate site
Answer: B
The primary concern in any business continuity or disaster recovery effort is ensuring personal safety for everyone involved.
- Abnormal or unauthorized activities detectable to an IDS include which of the following? (Choose all that apply.)
A. External connection attempts
B. Execution of malicious code
C. Access to controlled objects
D. None of the above
Answer: A;B;C
IDSs watch for violations of confidentiality, integrity, and availability. Attacks recognized by IDSs can come from external connections (such as the Internet or partner networks), viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.
- The security management task in which critical, significant, and sensitive work tasks are divided among several individual administrators or high-level operators is what?
A. Job rotation
B. Multifactor authentication
C. Separation of duties
D. Succession planning
Answer: C
The security management task in which critical, significant, and sensitive work tasks are divided among several individual administrators or high-level operators is separation of duties.
- Which of the following types of IDS is effective only against known attack methods?
A. Host based
B. Network based
C. Knowledge based
D. Behavior based
Answer: C
A knowledge-based IDS is effective only against known attack methods, which is its primary drawback.
- Which one of the following software development methodologies is considered a meta-model?
A. Waterfall
B. Boyce-Codd
C. Spiral
D. Agile
Answer: C
The spiral model uses multiple iterations of the waterfall model, so it is considered a meta-model.
- What is the minimum number of keys that can be used to implement Triple DES (3DES) encryption?
A. One
B. Two
C. Three
D. Four
Answer: B
Triple DES (3DES) requires either two or three DES keys to generate an effective key strength of 168 bits, triple the strength of standard DES’s 56-bit key.
- Which of the following is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI)?
A. ISO 17799
B. COBIT
C. OSSTMM
D. Common Criteria (IS 15408)
Answer: B
Control Objectives for Information and Related Technology (COBIT) is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI).
- Which type of connection created by a packet-switching networking system reuses the same basic parameters or virtual pathway each time it connects?
A. Bandwidth on demand connection
B. Switched virtual circuit
C. Permanent virtual circuit
D. CSU/DSU connection
Answer: C
A PVC reestablishes a link using the same basic parameters or virtual pathway each time it connects. SVCs use unique settings each time. Bandwidth on demand links can be either PVCs or SVCs. CSU/DSU is not a packet-switching technology.
- Which of the following is not a risk related to cell phone usage?
A. Data interception
B. Switch console port access
C. Eavesdropping
D. Cloning
Answer: B
A switch console port exists only on a switch; a cell phone cannot be used to access such ports.
- Which of the following is a drawback of classification schemes?
A. They have a large administrative overhead for larger environments.
B. They lend credence to the selection of protection mechanisms.
C. They assist in identifying those assets that are most critical or valuable to the organization.
D. They are often required for regulatory compliance or legal restrictions.
Answer: A
A drawback of classification schemes, especially as implemented via a mandatory access control concept, is that they require significant administration for a large organization.
- What form of attack prevents systems or services from processing or responding to legitimate traffic and network resources?
A. Brute force
B. Denial of service
C. Spamming
D. Sniffing
Answer: B
Denial of service attacks seek to shut down or stifle network response and congest traffic so that legitimate data cannot be handled in a timely fashion.