P/E 1 Flashcards

1
Q
  1. What is the value of the logical operation shown here?

X: 0 1 1 0 1 0
Y: 0 0 1 1 0 1
___________________________
~Y: ?

A. 0 1 1 1 1 1
B. 1 1 0 0 1 0
C. 0 0 1 0 0 0
D. 0 0 1 1 0 1

A

Answer: B

The ~ symbol represents the NOT function, which inverts the bits of the affected variable. In this case, the X value is not used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. In object-oriented programming, what term describes a collection of the common methods from a set of objects that defines the behavior of those objects?

A. Class
B. Instance
C. Message
D. Polymorphism

A

Answer: A

A class is a collection of the common methods from a set of objects that defines the behavior of those objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Which of the following is not an illegal activity that can be performed over a computer network?

A. Theft
B. Destruction of assets
C. Waste of resources
D. Espionage

A

Answer: C

Although wasting resources is considered inappropriate activity, it is not actually a crime in most cases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. Which of the following is not a protocol used by the standard Internet-based email system?

A. SMTP
B. POP3
C. PEM
D. IMAP

A

Answer: C

Privacy Enhanced Mail (PEM) is not a standard Internet email protocol; it is an add-on encryption mechanism that provides authentication, integrity, confidentiality, and nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which IPSec mode provides for encryption of complete packets, including header information?

A. Transport
B. Encapsulating Security Paylod
C. Authentication Header
D. Tunnel

A

Answer: D

When IPSec is used in tunnel mode, entire packets, rather than just the payload, are encrypted. This mode is designed for use in gateway-to-gateway communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. You are implementing AES encryption for files that your organization plans to store in a cloud storage service and wish to have the strongest encryption possible. What key length should you choose?

A. 192 bits
B. 256 bits
C. 512 bits
D. 1024 bits

A

Answer: B

The strongest keys supported by the Advanced Encryption Standard are 256 bits. The valid AES key lengths are 128, 192, and 256 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Recently, a piece of malicious code was distributed over the Internet in the form of software claiming to allow users to play Xbox games on their PCs. The software actually launched the malicious code on the machines of users who attempted to execute it. What type of malicious code does this describe?

A. Logic bomb
B. Virus
C. Trojan horse
D. Worm

A

Answer: C

Trojan horses masquerade as useful programs (such as a game) but really contain malicious code that runs in the background.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. An abundance of unsolicited messages arriving to the extent it prevents legitimate activity is known as what?

A. Sniffing
B. Denial of service
C. Brute-force attack
D. Buffer-overflow attack

A

Answer: B

Denial of service is the abundance of unsolicited messages arriving to the extent it prevents legitimate activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. The term personal area network is most closely associated with what wireless technology?

A. 802.15
B. 802.11
C. 802.16
D. 802.3

A

Answer: A

802.15 (aka Bluetooth) creates personal area networks (PANs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which network topology offers multiple routes to each node to protect from multiple segment failures?

A. Ring
B. Star
C. Bus
D. Mesh

A

Answer: D

Mesh topologies provide redundant connections to systems, allowing multiple segment failures without seriously affecting connectivity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. When attempting to impose accountability on users, what key issue must be addressed?

A. Reliable log storage system
B. Proper warning banner notification
C. Legal defense/support of authentication
D. Use of discretionary access control

A

Answer: C

To effectively hold users accountable, your security must be legally defensible. Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is a device that attempts to route first but will bridge if routing fails?

A Switch
B. Repeater
C. Bridge
D. Brouter

A

Answer: D

A brouter is a device that attempts to route first, but if that fails, it defaults to bridging.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following statements is true?

A. An open system does not allow anyone to view its programming code.
B. A closed system does not define whether or not its programming code can be viewed.
C. An open source program can only be distributed for free.
D. A closed source program cannot be reverse engineered or decompiled.

A

Answer: B

A closed system is designed to work well with a narrow range of other systems, generally all from the same manufacturer. The standards for closed systems are often proprietary and not normally disclosed. However, a closed system (as a concept) does not define whether or not its programming code can be viewed. An open system (as a concept) also does not define whether or not its programming code can be viewed. An open source program can be distributed for free or for a fee. A closed source program can be reverse engineered or decompiled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. ___________________ is any hardware, software, or administrative policy or procedure that defines and enforces access and restriction rights on an organizational level.

A. Logical control
B. Technical control
C. Access control
D. Administrative control

A

Answer: C

Access control is any hardware, software, or organizational administrative policy or procedure that grants or restricts access, monitors and records attempts to access, identifies users attempting to access, and determines whether access is authorized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which of the following is not a reason for data classification?

A. To secure everything at a high security level because securing everything at a low security level means sensitive data is easily accessible
B. To determine how much effort, money, and resources are allocated to protect the data and control access to it
C. To secure everything at a low security level because securing everything at a high security level is too expensive and restricts access to unclassified, noncritical data
D. To provide for nonrepudiation

A

Answer: D

Providing for nonrepudiation is not a reason for data classification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following models allows the owner of an object to grant privileges to other users?

A. Mandatory access control model
B. Discretionary access control model
C. Role-based access control model
D. Rule-based access control model

A

Answer: B

A discretionary access control model allows the owner (or data custodian) of a resource to grant permissions at the discretion of the owner. The other answers are non-discretionary models.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. What database security feature uses a locking mechanism to prevent simultaneous edits of cells?

A. Semantic integrity mechanism
B. Concurrency
C. Polyinstantiation
D. Database partitioning

A

Answer: B

Concurrency uses a “lock” feature to allow an authorized user to make changes and then “unlock” the data elements only after the changes are complete. This is done so another user is unable able to access the database to view and/or make changes to the same elements at the same time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. What cryptographic goal does the challenge-response protocol support?

A. Confidentiality
B. Integrity
C. Authentication
D. Nonrepudiation

A

Answer: C

The challenge-response protocol is an authentication protocol that uses cryptographic techniques to allow parties to assure each other of their identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. Which of the following is an effective means of preventing and detecting the installation of unapproved software?

A. Workstation change
B. Separation of duties
C. Discretionary access control
D. Job responsibility restrictions

A

Answer: A

Workstation change is an effective means of preventing and detecting the presence of unapproved software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. What are the well-known ports?

A. 0 to 1,023
B. 80, 135, 110, 25
C. 0 to 65, 536
D. 32,000 to 65,536

A

Answer: A

Ports 0 to 1,023 are the well-known ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. John is configuring a router that will stand between the network 10.8.6.0/24 and the Internet. He would like to configure egress filtering rules to minimize the potential of crackers originating a DDoS attack from his network. What type of traffic should be filtered out to help achieve this goal?

A. Inbound traffic with a private IP address
B. Outbound traffic with a private IP address
C. Inbound traffic with an address in the range 10.8.6.0/24
D. Outbound traffic with an address outside the range 10.8.6.0/24

A

Answer: D

Although it is true that John would probably want to filter out all of these types of traffic for various reasons, he would be specifically interested in filtering out outbound traffic with an address not belonging to his network to achieve his stated goal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. Which of the following requires keeping archives of audit logs for a specific time?

A. Data remanence
B. Record retention
C. Data diddling
D. Data mining

A

Answer: B

Record retention policies define the amount of time to keep any data, including logs. Data remanence is data remnants on media. Data diddling refers to the modification of data before or during data entry resulting in incorrect or corrupt data. Data mining refers to extracting meaningful knowledge from large amounts of data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. What network devices operate within the Physical layer?

A. Bridges and switches
B. Firewalls
C. Hubs and repeaters
D. Routers

A

Answer: C

Network hardware devices that function at layer 1, the Physical layer, are hubs and repeaters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. Which type of access control system relies on using classification labels that are representative of security domains and realms?

A. Nondiscretionary access control
B. Mandatory access control
C. Discretionary access control
D. Logical access control

A

Answer: B

Mandatory access control enforces an access policy that is determined by the system, not the object owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. Which of the following is the type of antivirus response function that removes the malicious code but leaves damage unrepaired?

A. Cleaning
B. Removal
C. Stealth
D. Polymorphism

A

Answer: B

Removal removes the malicious code but does not repair the damage caused by it. Cleaning not only removes the code, but it also repairs any damage the code has caused.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
  1. _______________ is a centralized database or index of assets, personnel, resources, or services on the network.

A. TACACS+
B. Kerberos
C. RADIUS server
D. A directory service

A

Answer: D

A directory service is a centralized database of resources, such as a phone directory, made available to the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
  1. Which of the following algorithms/protocols provides inherent support for nonrepudiation?

A. HMAC
B. DSA
C. MD5
D. SHA-1

A

Answer: B

The Digital Signature Algorithm (as specified in FIPS 186-2) is the only one of the algorithms listed here that supports true digital signatures, providing integrity verification and nonrepudiation. HMAC allows for the authentication of message digests but supports only integrity verification. MD5 and SHA-1 are message digest creation algorithms and can be used in the generation of digital signatures but provide no guarantees of integrity or nonrepudiation in and of themselves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
  1. What regulation applies to the security of credit and debit card information held by merchants and service providers?

A. HIPAA
B. CALEA
C. GLBA
D. PCI DSS

A

Answer: D

The Payment Card Industry Data Security Standard (PCI DSS) places contractual obligations on merchants and service providers to ensure the security of cardholder information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
  1. What networking device can be used to extend the maximum usable length of network cabling?

A. Router
B. Firewall
C. Repeater
D. Bridge

A

Answer: C

Long cable lengths can often be supplemented through the use of repeaters or concentrators. A repeater is just a signal amplification device.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
  1. On what port do DHCP clients request a configuration?

A. 25
B. 110
C. 68
D. 443

A

Answer: C

Dynamic Host Configuration Protocol (DHCP) uses port 68 for client request broadcast and port 67 for server point-to-point response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
  1. Which of the following is often a side benefit of a thorough risk analysis process?

A. Removal of all threats to an organization
B. Streamlining of security policies
C. Complete and detailed valuation of all assets
D. Deployment of safeguards

A

Answer: C

A side benefit of risk analysis is a complete and detailed valuation of all assets. None of the other options is an element or benefit of risk analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q
  1. In which IPSec mode is the content of an encapsulated packet encrypted but not the header?

A. Transport
B. Tunnel
C. Vector
D. Transparent

A

Answer: A

In transport mode, the IP packet data is encrypted, but the header of the packet is not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
  1. Which of the following may introduce new vulnerabilities to voice communications?

A. Modems
B. VoIP
C. Encryption
D. PBX

A

Answer: B

Voice over IP (VoIP), which transmits voice communications through an IP network, introduces network-specific vulnerabilities to voice communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q
  1. _______________ is the process through which the activities of user accounts and processes are tracked and recorded.

A. Accountability
B. Auditing
C. Accessibility
D. Authentication

A

Answer: B

Auditing is the process by which online activities of user accounts and processes are tracked and recorded.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q
  1. Identification is the first step toward what ultimate goal?

A. Accountability
B. Authorization
C. Auditing
D. Nonrepudiation

A

Answer: A

Accountability is the ultimate goal of a process started by identification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q
  1. Which type of control provides extended options to existing controls and aids or supports administrative security policy?

A. Recovery access control
B. Corrective access control
C. Restorative access control
D. Compensation access control

A

Answer: D

Compensation access control is deployed to provide various options to existing controls to help enforce and support a security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q
  1. In what type of attack does the intruder initiate connections to both a client and a server?

A. Chosen plain-text attack
B. Meet-in-the-middle attack
C. Man-in-the-middle attack
D. Replay attack

A

Answer: C

In the man-in-the-middle attack, a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
  1. What attack pattern utilizes a series of sequential or combinatorial inputs in an attempt to test every possible combination against some security feature?

A. Distributed attack
B. Denial of service attack
C. Brute-force attack
D. Buffer overflow attack

A

Answer: C

A brute-force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q
  1. What IPSec component provides assurances of message integrity and nonrepudiation?

A. Authentication Header
B. Encapsulating Security Payload
C. IP Payload Compression protocol
D. Internet Key Exchange

A

Answer: A

The Authentication Header provides assurances of message integrity and nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q
  1. ______________ is deployed to discover unwanted or unauthorized activity after it occurs as opposed to before or during.

A. Directive access control
B. Deterrent access control
C. Detective access control
D. Defective access control

A

Answer: C

Detective access control is deployed to discover unwanted or unauthorized activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q
  1. _______________ ensures that a requested activity or access to an object is possible given the rights and privileges assigned to an authenticated identity.

A. Authentication
B. Accountability
C. Accessibility
D. Authorization

A

Answer: D

Authorization ensures that a requested activity or access to an object is possible given the rights and privileges assigned to an authenticated identity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q
  1. Which database principle ensures that transactions execute in an all-or-nothing fashion?

A. Atomicity
B. Consistency
C. Isolation
D. Durability

A

Answer: A

The atomicity of database transactions requires transaction execution in an all-or-nothing fashion. If any part of the transaction fails, the entire transaction is rolled back.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q
  1. On a much smaller scale, _______________ is deployed to repair or restore capability, functionality, or resources following a violation of security policy.

A. Recovery access control
B. Corrective access control
C. Detective access control
D. Compensation access control

A

Answer: A

Recovery access control is deployed to repair or restore resources, functions, and capabilities after a violation of security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q
  1. Which of the following is not true?

A. A purely quantitative analysis is not possible.
B. Qualitative risk analysis employs complex formulas and calculations.
C. Quantitative risk analysis assigns real dollar figures to the loss of an asset.
D. Qualitative risk analysis assigns subjective and intangible values to the loss of an asset.

A

Answer: B

Qualitative risk analysis does not employ complex formulas and calculations. Scenario discussions and simple value assignments are used to evaluate risk, incidents, losses, and safeguards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q
  1. Using an insular padded cell on your network for protection to isolate intruders functions on what principle?

A. The data offered by the padded cell is what originally attracts the attacker.
B. Padded cells are a form of entrapment.
C. The intruder is seamlessly transitioned into the padded cell once they are detected.
D. Padded cells are used to test a system for known vulnerabilities.

A

Answer: C

When an intruder is detected by an IDS, they are transferred to a padded cell. The transfer of the intruder into a padded cell is performed automatically, without informing the intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q
  1. Which of the following can be used to verify the integrity of a received message?

A. Transaction log
B. Record sequence checking
C. Hash total
D. Parity value

A

Answer: C

A hash total is a checksum used to verify the integrity of a transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q
  1. You are developing an application that compares passwords to those stored in a Unix password file. The hash values you compute are not correctly matching those in the file. What might have been added to the stored password hashes?

A. Salt
B. Double hash
C. Added encryption
D. One-time pad

A

Answer: A

Cryptographic salt values are added to the passwords in password files before hashing to defeat rainbow table and dictionary attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q
  1. What protocol is utilized by attackers launching a smurf attack against a network?

A. TCP
B. ICMP
C. ARP
D. RARP

A

Answer: B

The smurf attack depends on ping packets, which are implemented by the Internet Control Message Protocol (ICMP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q
  1. ___________________ implies that network services, communications, and access control mechanisms are functional and allow authorized users to gain authorized access.

A. Confidentiality
B. Integrity
C. Availability
D. Nonrepudiation

A

Answer: C

The principle of availability implies that network services, communications, and access control mechanisms are functional and allow authorized users to gain authorized access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q
  1. What is an access control list (ACL) based on?

A. An object
B. A subject
C. A role
D. An account

A

Answer: A

An ACL is based on an object and includes a list of subjects that are granted access. A capability table is focused on a subject and includes a list of objects the subject can access. Roles and accounts are examples of subjects and may be included in an ACL, but they aren’t the focus.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q
  1. Which security role is ultimately responsible for due diligence in protecting a company’s data?

A. The user
B. The data owner
C. The data custodian
D. The administrator

A

Answer: B

The data owner is the person who has final corporate responsibility for the protection and storage of data. Owners may be liable for negligence if they fail to perform due diligence in establishing and enforcing security policy to protect and sustain sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q
  1. What type of attack includes fragmented packets that cannot be reassembled?

A. Zero day exploit
B. Spamming
C. Distributed denial of service
D. Teardrop

A

Answer: D

In a teardrop attack, an attacker fragments traffic in such a way that data packets cannot be put together. A zero day exploit refers to an attack using vulnerabilities that are unknown to others. Spamming refers to sending massive quantities of unsolicited email. A distributed denial of service (DDoS) attack is an attack on a single system from multiple sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q
  1. Which one of the following is a cloud-based service model that allows users to access email via a web browser?

A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Public

A

Answer: C

The SaaS service model provides services such as email available via a web browser. IaaS provides the infrastructure (such as servers) and PaaS provides a platform (such as an operating system and application installed on a server). Public is a deployment method, not service model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q
  1. Which of the following is the highest security classification for a government/military organization?

A. Classified
B. Top secret
C. Sensitive
D. Sensitive but unclassified

A

Answer: B

Top secret is the highest security classification for a government/military organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q
  1. You are selecting a symmetric encryption algorithm to protect the contents of sensitive information stored by your organization. Which of the following would be the best choice?

A. Vernam cipher
B. DES
C. 2DES
D. 3DES

A

Answer: D

The Vernam cipher, or one-time pad, is not practical for use on an automated basis. DES and 2DES are no longer considered secure cryptosystems. 3DES is a strong cryptosystem appropriate for use.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q
  1. What frequency does an 802.11n-compliant device employ?

A. 3 Hz
B. 900 MHz
C. 7 GHz
D. 2.4 GHz

A

Answer: D

802.11n can use the 2.4 GHz and 5 GHz frequencies. The 2.4 GHz frequency is also used by 802.11g and 802.11b.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q
  1. What is the primary function of a gateway as a network device?

A. Routing traffic
B. Protocol translator
C. Attenuation protection
D. Creating virtual LANs

A

Answer: B

The gateway is a network device (or service) that works at the Application layer. However, an Application layer gateway is a very specific type of component. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q
  1. What is the minimum size a packet can be to be used in a ping-of-death attack?

A. 2,049 bytes
B. 16,385 bytes
C. 32,769 bytes
D. 65,537 bytes

A

Answer: D

The maximum allowed ping packet size is 65,536 bytes. To engage in a ping-of-death attack, an attacker must send a packet that exceeds this maximum. Therefore, the smallest packet that might result in a successful attack would be 65,537 bytes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q
  1. What TCP/IP communications port is utilized by Secure Sockets Layer (SSL) traffic?

A. 80
B. 220
C. 443
D. 559

A

Answer: C

SSL uses port 443 to transmit encrypted web traffic over TCP connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q
  1. Which of the following options is true in terms of a host-based IDS?

A. It’s ineffective on switched networks.
B. It monitors several systems altogether.
C. It’s invisible to attackers and authorized users.
D. It monitors a single system individually.

A

Answer: D

A host-based IDS watches for questionable activity on a single computer system. A network-based IDS watches for questionable activity being performed over the network medium, can be made invisible to users, and is ineffective on switched networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q
  1. What is the countermeasure cost/benefit equation?

A. SLE * ARO
B. EF * AV * ARO
C. (ALE1 – ALE2) – CM cost
D. Total risk + controls gap

A

Answer: C

To make the determination of whether the safeguard is financially equitable, use the following countermeasure cost/benefit equation: (ALE before countermeasure – ALE after implementing the countermeasure) – annual cost of countermeasure = value of the countermeasure to the company.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q
  1. Precomputed password hashes kept as a series of iterative inputs are known as what?

A. Dictionary word list
B. Brute force
C. Rainbow tables
D. Encryption catalog

A

Answer: C

Rainbow tables use an iterative series of precomputed password hashes as an alternative to sequential guessing or dictionary-based lookup attacks against authentication mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q
  1. When establishing who someone is before you grant them access to resources, what is the first step?

A. Verify credentials
B. Claim an identity
C. Grant authority
D. Monitor activity

A

Answer: B

The first step toward granting a user access is for them to claim an identity (identification). That is followed by verifying credentials (authentication), then by granting authority (authorization), and finally by monitoring activity (auditing).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q
  1. What type of attack can be used against cryptographic algorithms that do not incorporate temporal protections?

A. Chosen plain-text attack
B. Meet-in-the-middle attack
C. Man-in-the-middle attack
D. Replay attack

A

Answer: D

In a replay attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later replays the captured message to open a new session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q
  1. What protocol manages the security associations used by IPSec?

A. ISAKMP
B. SKIP
C. IPComp
D. SSL

A

Answer: A

The Internet Security Association and Key Management Protocol (ISAKMP) provides background security support services for IPSec, including managing security associations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q
  1. What evidence standard do most criminal investigations follow?

A. Beyond a reasonable doubt
B. Beyond the shadow of a doubt
C. Preponderance of the evidence
D. Clear and convincing evidence

A

Answer: A

Criminal investigations typically follow the “beyond a reasonable doubt” standard of evidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q
  1. Which one of the following tools is used primarily to perform network vulnerability scans?

A. nmap
B. Nessus
C. Metasploit
D. lsof

A

Answer: B

Nessus is a network vulnerability scanning tool that searches systems for known vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q
  1. What language contains the commands used by database users to interact with data?

A. DDL
B. XML
C. UML
D. DML

A

Answer: D

The Data Manipulation Language is a subset of SQL containing the commands used to interact with data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q
  1. An organization has strictly implemented the principle of least privilege. Which of the following is not a likely outcome?

A. Users can log onto any computer in the network.
B. Users can log onto only a single system.
C. Users have restricted access to files based on their jobs.
D. Users do not have access to backup tapes.

A

Answer: A

The principle of least privilege restricts user privileges to what they need and no more. Users do not have a need to log onto any computer in the network. A policy used to implement the principle of least privilege can restrict users to a single computer, restrict access to files, and restrict access to backups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q
  1. Which of the following is not a useful guideline in training users to avoid becoming victims of social engineering attacks?

A. Err on the side of caution.
B. Use a strong password.
C. Request proof of identity.
D. Restrict classified information for voice communications.

A

Answer: B

Following rules for strong password generation is not a direct defense against social engineering attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q
  1. What is confidentiality dependent on?

A. Integrity
B. Availability
C. Nonrepudiation
D. Auditing

A

Answer: A

Without object integrity, confidentiality cannot be maintained. In fact, integrity and confidentiality depend on one another.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q
  1. Which networking technology assumes traffic collisions will occur and thus requires collision detection and avoidance mechanisms?

A. Ethernet
B. Token Ring
C. FDDI
D. ISDN

A

Answer: A

Ethernet is a shared media LAN technology. That means it allows numerous devices to communicate over the same medium but requires that each device take turns communicating and perform collision detection and avoidance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q
  1. Which of the following is occurring when a user professes an identity with a login ID?

A. Identification
B. Authentication
C. Auditing
D. Authorization

A

Answer: A

Identification occurs when a user professes an identity with a login ID. The combination of the login ID and the password provide authentication. Auditing provides accountability. Users are granted authorization to access resources based on their proven identities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q
  1. Which IPSec protocol provides assurances of nonrepudiation?

A. AH
B. ISAKMP
C. DH
D. ESP

A

Answer: A

The Authentication Header (AH) provides assurances of message integrity and nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q
  1. _______________ is the process by which a subject provides a username, logon ID, personal identification number, and so on.

A. Accountability
B. Authentication
C. Confidentiality
D. Identification

A

Answer: D

Identification is the process by which a subject professes an identity and accountability is initiated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q
  1. What type of malicious code uses a filename similar to that of a legitimate system file?

A. MBR
B. Companion
C. Stealth
D. Multipartite

A

Answer: B

Companion viruses use filenames that mimic the filenames of legitimate system files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q
  1. What package provides secure replacements for common Internet utilities like FTP?

A. PGP
B. SSH
C. PEM
D. SSL

A

Answer: B

Secure Shell (SSH) provides secure replacements for a number of common Internet utilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q
  1. Which of the following is not a true statement?

A. Process confinement allows a process to read from and write to all memory locations and resources.
B. The bounds of a process consist of limits set on the memory addresses and resources it can access.
C. Process isolation ensures that any behavior will affect only the memory and resources associated with the isolated process.
D. If that data is overwritten or altered in an unpredictable way, there is no guarantee of integrity

A

Answer: A

Process confinement allows a process to read from and write to only certain memory locations and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q
  1. A system verifies a user’s password when the user logs on with a username and password. What does the password provide?

A. Identification
B. Authentication
C. Accountability
D. Authorization

A

Answer: B

The password combined with the username provides authentication. The username by itself provides identification. Logging and auditing of user actions provide accountability. Authorization refers to granting users access to resources based on their proven identities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q
  1. Which of the following protocols can be defined with the statement “This is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems”?

A. swIPe
B. RPC
C. SKIP
D. SET

A

Answer: B

S-RPC is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q
  1. Which of the following is not part of RFC 1918?

A. 169.254.1.1
B. 192.168.1.1
C. 172.16.1.1
D. 10.1.1.1

A

Answer: A

The 169.254.x.x range is usually employed by the Microsoft APIPA response to failed DHCP services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q
  1. Subjects can be held accountable for their actions toward other subjects and objects while they are authenticated to a system. What process facilitates this accountability?

A. Access controls
B. Monitoring
C. Account policies
D. Performance review

A

Answer: B

Monitoring the activities of subjects and objects, as well as of core system functions that maintain the operating environment and the security mechanisms, helps establish accountability on the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q
  1. You are designing a new wireless network and are configuring encryption options. What technology should you ensure is never used on your wireless network?

A. WPA
B. WPA2
C. TKIP
D. WEP

A

Answer: D

Wired Equivalent Privacy (WEP) technology is notoriously insecure and vulnerable to eavesdropping attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q
  1. What Internet standard does all public email comply with?

A. IEEE 802.11
B. X.400
C. X.509
D. LDAP

A

Answer: B

Internet email must comply with X.400.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q
  1. What is the maximum key length of Blowfish?

A. 128 bits
B. 256 bits
C. 384 bits
D. 448 bits

A

Answer: D

Blowfish has a maximum key length of 448 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q
  1. Which of the following is not a benefit of NAT?

A. Use of RFC 1918 addresses
B. Fewer leased public addresses
C. Hidden configuration of internal systems
D. Access initiations from external entities

A

Answer: D

NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q
  1. When information is collected about your activities online without your consent, it is a violation of what?

A. Integrity
B. Intent
C. Confidentiality
D. Privacy

A

Answer: D

When information is collected about your activities online without your consent, it is known as a violation of privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q
  1. An attack pattern characterized by a series of invalid packet sequence numbers is called what?

A. Stream
B. Spamming
C. Distributed denial of service
D. Teardrop

A

Answer: D

In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the routines used to reassemble (that is, resequence) fragmented packets. An attacker sends numerous specially formatted fragmented packets to the victim, which causes the system to freeze or crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q
  1. ________________ operates on a set of defined rules or restrictions that filter actions and activities performed on the system.

A. Discretionary access control
B. Mandatory access control
C. Nondiscretionary access control
D. Voluntary access control

A

Answer: C

Nondiscretionary access control enables the enforcement of systemwide restrictions that override object-specific access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q
  1. What is the first priority in any business continuity plan?

A. Data restoration
B. Personal safety
C. Containing damage
D. Activating an alternate site

A

Answer: B

The primary concern in any business continuity or disaster recovery effort is ensuring personal safety for everyone involved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q
  1. Abnormal or unauthorized activities detectable to an IDS include which of the following? (Choose all that apply.)

A. External connection attempts
B. Execution of malicious code
C. Access to controlled objects
D. None of the above

A

Answer: A;B;C

IDSs watch for violations of confidentiality, integrity, and availability. Attacks recognized by IDSs can come from external connections (such as the Internet or partner networks), viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q
  1. The security management task in which critical, significant, and sensitive work tasks are divided among several individual administrators or high-level operators is what?

A. Job rotation
B. Multifactor authentication
C. Separation of duties
D. Succession planning

A

Answer: C

The security management task in which critical, significant, and sensitive work tasks are divided among several individual administrators or high-level operators is separation of duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q
  1. Which of the following types of IDS is effective only against known attack methods?

A. Host based
B. Network based
C. Knowledge based
D. Behavior based

A

Answer: C

A knowledge-based IDS is effective only against known attack methods, which is its primary drawback.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q
  1. Which one of the following software development methodologies is considered a meta-model?

A. Waterfall
B. Boyce-Codd
C. Spiral
D. Agile

A

Answer: C

The spiral model uses multiple iterations of the waterfall model, so it is considered a meta-model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q
  1. What is the minimum number of keys that can be used to implement Triple DES (3DES) encryption?

A. One
B. Two
C. Three
D. Four

A

Answer: B

Triple DES (3DES) requires either two or three DES keys to generate an effective key strength of 168 bits, triple the strength of standard DES’s 56-bit key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q
  1. Which of the following is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI)?

A. ISO 17799
B. COBIT
C. OSSTMM
D. Common Criteria (IS 15408)

A

Answer: B

Control Objectives for Information and Related Technology (COBIT) is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q
  1. Which type of connection created by a packet-switching networking system reuses the same basic parameters or virtual pathway each time it connects?

A. Bandwidth on demand connection
B. Switched virtual circuit
C. Permanent virtual circuit
D. CSU/DSU connection

A

Answer: C

A PVC reestablishes a link using the same basic parameters or virtual pathway each time it connects. SVCs use unique settings each time. Bandwidth on demand links can be either PVCs or SVCs. CSU/DSU is not a packet-switching technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q
  1. Which of the following is not a risk related to cell phone usage?

A. Data interception
B. Switch console port access
C. Eavesdropping
D. Cloning

A

Answer: B

A switch console port exists only on a switch; a cell phone cannot be used to access such ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q
  1. Which of the following is a drawback of classification schemes?

A. They have a large administrative overhead for larger environments.
B. They lend credence to the selection of protection mechanisms.
C. They assist in identifying those assets that are most critical or valuable to the organization.
D. They are often required for regulatory compliance or legal restrictions.

A

Answer: A

A drawback of classification schemes, especially as implemented via a mandatory access control concept, is that they require significant administration for a large organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q
  1. What form of attack prevents systems or services from processing or responding to legitimate traffic and network resources?

A. Brute force
B. Denial of service
C. Spamming
D. Sniffing

A

Answer: B

Denial of service attacks seek to shut down or stifle network response and congest traffic so that legitimate data cannot be handled in a timely fashion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q
  1. What type of contractual terms may require you to meet business continuity obligations to your own customers?

A. Nondisclosure agreement
B. Mutual indemnification agreement
C. Noncompete agreement
D. Service-level agreement

A

Answer: D

A service-level agreement may require you to meet the business continuity objectives of your customers.

102
Q
  1. The Windows Blue Screen of Death is an example of a _______ approach to software failure.

A. Fail-open
B. Fail-secure
C. Limit check
D. Object-oriented

A

Answer: B

The BSoD stops all processing when a critical failure occurs in Windows. This is an example of a fail-secure approach.

103
Q
  1. Which one of the following files is least likely to contain a virus?

A. COMMAND.COM
B. SOLITAIRE.EXE
C. SECRET.TXT
D. LOVE.VBS

A

Answer: C

The filename extension .txt is normally used to describe text files, which do not contain executable code.

104
Q
  1. Which of the following is not a commonly used aggregate function in databases?

A. COUNT()
B. MIN()
C. SUM()
D. DIFFERENCE()

A

Answer: D

DIFFERENCE()is not a valid aggregate function. COUNT(), MIN(), and SUM()are aggregate functions specified in SQL.

105
Q
  1. An amplification network is used to wage a DoS attack in which of the following?

A. Smurf attack
B. Spamming attack
C. Teardrop attack
D. Land attack

A

Answer: A

A smurf attack occurs when an amplifying server or network is used to flood a victim with useless data.

106
Q
  1. What is the first phase of the TCP/IP three-way handshake sequence?

A. SYN packet
B. ACK packet
C. NAK packet
D. SYN/ACK packet

A

Answer: A

The SYN packet is first sent from the initiating host to the destination host. The destination host then responds with a SYN/ACK packet. The initiating host sends an ACK packet, and the connection is then established.

107
Q
  1. Which access control system discourages the violation of security processes, policies, and procedures?

A. Detective access control
B. Preventive access control
C. Corrective access control
D. Deterrent access control

A

Answer: D

Deterrent access control is deployed to discourage violation of security policies.

108
Q
  1. Which of the following is not a benefit of tunneling?

A. Tunneling provides a connection method across untrusted systems.
B. Traffic within a tunnel is isolated from inspection devices.
C. Tunneling allows nonroutable traffic to be routed across other networks.
D. Each encapsulated protocol includes its own error detection, error handling, acknowledgment, and session management features.

A

Answer: D

Tunneling is generally an inefficient means of communicating because all protocols include their own error detection, error handling, acknowledgment, and session management features, and using more than one protocol at a time just compounds the overhead required to communicate a single message.

109
Q
  1. What can vulnerability scanners do?

A. They actively scan for intrusion attempts.
B. They serve as a form of enticement.
C. They locate known security holes.
D. They automatically reconfigure a system to a more secured state.

A

Answer: C

Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports and make recommendations.

110
Q
  1. The VPN protocols PPTP, L2F, and L2TP primarily function at what layer of the OSI model?

A. 1
B. 2
C. 3
D. 4

A

Answer: B

VPN protocols—specifically PPTP, L2F, and L2TP—function at the Data Link layer (layer 2).

111
Q
  1. What evidence standard do most civil investigations follow?

A. Beyond a reasonable doubt
B. Beyond the shadow of a doubt
C. Preponderance of the evidence
D. Clear and convincing evidence

A

Answer: C

Civil investigations typically follow the “preponderance of the evidence” standard.

112
Q
  1. What form of password attack utilizes a preassembled lexicon of terms and their permutations?

A. Rainbow tables
B. Dictionary word list
C. Brute force
D. Educated guess

A

Answer: B

Dictionary word lists are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts.

113
Q
  1. Bob received a message from David that was encrypted with an asymmetric algorithm. What key should he use to decrypt it?

A. Bob’s public key
B. Bob’s private key
C. David’s public key
D. David’s private key

A

Answer: B

The recipient of a message encrypted using asymmetric cryptography decrypts it with their own private key.

114
Q
  1. What programming environment offered by Microsoft includes the Common Language Interface?

A. COM
B. DCOM
C. .NET Framework
D. ActiveX

A

Answer: C

The .NET Framework includes the Common Language Interface to support multiple programming languages.

115
Q
  1. Which of the following is not a reason for data classification?

A. Because securing everything at a low security level means sensitive data is easily accessible
B. To determine how much effort, money, and resources are allocated to protect the data and control access to it.
C. Because securing everything at a high security level is too expensive and restricts access to unclassified, noncritical data
D. To provide for nonrepudiation

A

Answer: D

Providing for nonrepudiation is not a reason for data classification.

116
Q
  1. The _______________ model is based on predetermining the set or domain of objects that a subject can access. The set or domain is a list of those objects that a subject can access. This model is based on automation theory and domain separation. This means subjects are only able to perform predetermined actions against predetermined objects.

A. Clark-Wilson
B. Goguen-Meseguer
C. Graham-Denning
D. Bell-LaPadula

A

Answer: B

The Goguen-Meseguer model is based on predetermining the set or domain of objects that a subject can access. The set or domain is a list of those objects that a subject can access. This model is based on automation theory and domain separation. This means subjects are able to perform only predetermined actions against predetermined objects.

117
Q
  1. When it can be legally established that a human performed a specific action that was discovered via auditing, accountability has been established. What additional benefit is derived from this investigation and verification process?

A. Nonrepudiation
B. Privacy
C. Abstraction
D. Redundancy

A

Answer: A

When audit trails legally prove accountability, then you also reap the benefit of nonrepudiation.

118
Q
  1. What is the weakest link in a security chain?

A. Internet connection
B. People
C. Documentation
D. Hardware

A

Answer: B

People are the weakest link in a security chain.

119
Q
  1. On what principle does a SYN flood attack operate?

A. Sending overly large SYN packets
B. Exploiting a platform flaw in Windows
C. Using an amplification network to flood a victim with packets
D. Exploiting the TCP/IP three-way handshake

A

Answer: D

SYN flood attacks are targeted at the standard three-way handshake process used by TCP/IP to initiate communication sessions.

120
Q
  1. What phase of the Electronic Discovery Reference Model performs a rough cut of irrelevant information?

A. Collection
B. Processing
C. Review
D. Analysis

A

Answer: B

Processing screens the collected information to perform a “rough cut” of irrelevant information, reducing the amount of information requiring detailed screening.

121
Q
  1. Which of the following is the most serious threat to availability?

A. Recording detailed event logs
B. Requiring multi-factor authentication
C. Granting read access to a folder
D. Overutilizing a hardware component

A

Answer: D

Overutilizing a hardware component presents the most serious threat to availability from this list of options. The other options are unlikely to threaten availability.

122
Q
  1. Which of the following is the principle that objects are not disclosed to unauthorized subjects?

A. Integrity
B. Nonrepudiation
C. Sensitivity
D. Confidentiality

A

Answer: D

Confidentiality is the principle that objects are not disclosed to unauthorized subjects.

123
Q
  1. Which of the following is not an element of configuration management?

A. Supporting rollback
B. Detailed documentation
C. Systematic analysis of impending alterations
D. Use of the spiral model of project management

A

Answer: D

The spiral model of project management does not directly relate to configuration management. Configuration management is about managing change that could result in reduced security.

124
Q
  1. What is a drawback to using VPNs when a firewall is present?

A. You can’t filter on encrypted traffic.
B. VPNs cannot cross firewalls.
C. Firewalls block all outbound VPN connections.
D. Firewalls greatly reduce the throughput of VPNs.

A

Answer: A

Firewalls are unable to filter on encrypted traffic within a VPN, which is a drawback. VPNs can cross firewalls. Firewalls do not have to always block outbound VPN connections. Firewalls usually only minimally affect the throughput of a VPN and then only when filtering is possible.

125
Q
  1. What is the Application layer also known as?

A. Layer 1
B. Layer 3
C. Layer 5
D. Layer 7

A

Answer: D

The Application layer is also known as layer 7. The Session layer is layer 5, the Network layer is layer 3, and the Physical layer is layer 1.

126
Q
  1. What technique may be used if an individual wants to prove knowledge of a fact to another individual without revealing the fact itself?

A. Split-knowledge proof
B. Work function
C. Digital signature
D. Zero-knowledge proof

A

Answer: D

Zero-knowledge proofs confirm that an individual possesses certain factual knowledge without revealing the knowledge.

127
Q
  1. Which of the following is more likely than any of the other factors to make the IT environment vulnerable to virus infections?

A. Using email
B. Using unauthorized software
C. Accessing the Internet
D. Burning CDs

A

Answer: B

Using unauthorized software makes the IT environment more vulnerable to virus infections. Email is the most common means of virus distribution, but the virus code must still be executed to work.

128
Q
  1. What sort of system defines subject access through subject roles (job descriptions) and subject tasks (job functions)?

A. Rule-based access control
B. Mandatory access control
C. Role-based access control
D. Discretionary access control

A

Answer: C

Role-based access control uses a well-defined collection of named job roles to endow each one with specific permissions, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.

129
Q
  1. Christopher would like to send Renee a message using a digital signature. What key should he use to create the digital signature?

A. Christopher’s public key
B. Christopher’s private key
C. Renee’s public key
D. Renee’s private key

A

Answer: B

The sender of a message uses their own private key to create a digital signature.

130
Q
  1. What is a data object passed from the Transport layer to the Network layer called when it reaches the Network layer?

A. Protocol data unit
B. Segment
C. Datagram
D. Frame

A

Answer: C

A data object is called a datagram or a packet in the Network layer. It is called a PDU in layers 5 through 7. It is called a segment in the Transport layer and a frame in the Data Link layer.

131
Q
  1. Among the following attack patterns, which is not considered a form of amplified or denial of service attack?

A. Flooding
B. Spoofing
C. Ping of death
D. Smurf

A

Answer: B

Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Flooding, smurf, and ping of death are all DoS attacks.

132
Q
  1. Which of the following provides the best protection against the loss of confidentiality for sensitive data?

A. Data labels
B. Data classifications
C. Data handling
D. Data degaussing methods

A

Answer: B

Data classifications provide strong protection against the loss of confidentiality and are the best choice of the available answers. Data labels and proper data handling are based on first identifying data classifications. Data degaussing methods apply only to magnetic media.

133
Q
  1. Once a system is compromised, _______________ is deployed to restore it to its previous known-good state.

A. Compensation access control
B. Recovery access control
C. Restorative access control
D. Corrective access control

A

Answer: D

Corrective access control is deployed to restore systems to normal after an unwanted or unauthorized activity has occurred.

134
Q
  1. Among the following choices, what kind of IDS is considered an expert system?

A. Behavior-based
B. Network-based
C. Knowledge-based
D. Host-based

A

Answer: A

A behavior-based intrusion detection system (IDS) can be labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events.

135
Q
  1. How many keys are required to fully implement an asymmetric encryption algorithm with eight participants?

A. 8
B. 16
C. 28
D. 56

A

Answer: B

The number of keys required to fully implement asymmetric encryption is computed using the formula 2n. In this case 2 * 8 = 16.

136
Q
  1. Which of the following is not a feature of packet switching?

A. Bursty traffic focused
B. Fixed known delays
C. Sensitive to data loss
D. Supports any type of traffic

A

Answer: B

Packet switching has variable delays; circuit switching has fixed known delays.

137
Q
  1. Which environment requires exact, specific clearance for an object’s security domain?

A. Hierarchical environment
B. Hybrid environment
C. Compartmentalized environment
D. Organizational environment

A

Answer: C

Compartmentalized environments require specific security clearances over compartments or domains instead of objects.

138
Q
  1. What is the client source port of a secured web communication?

A. 1024
B. 80
C. 443
D. A dynamic port

A

Answer: D

Client source ports are dynamic ports (i.e., randomly selected port number between 1024–65,535) for most Application layer protocols, including secure web communications (i.e., HTTPS).

139
Q
  1. Which security protocol automatically performs reauthentication of the client system throughout the connected session in order to detect session hijacking?

A. SSL
B. SSH
C. CHAP
D. LEAP

A

Answer: C

CHAP is a security protocol that automatically performs reauthentication of the client system throughout the connected session in order to detect session hijacking.

140
Q
  1. What is not considered one of the basic authentication factor types?

A. Something you have
B. Something you know
C. Something you want
D. Something you are

A

Answer: C

Something you have, something you are, and something you know are representative forms of authentication factors.

141
Q
  1. Which of the following is not one of the benefits of maintaining an object’s integrity?

A. Unauthorized subjects should be prevented from making modifications.
B. Authorized subjects should be prevented from making unauthorized modifications.
C. Objects should be available for access at all times without interruption to authorized individuals.
D. Objects should be internally and externally consistent so that their data is a correct and true reflection of the real world and any relationship with any child, peer, or parent object is valid, consistent, and verifiable.

A

Answer: C

Option C is not an example of protecting integrity; it is the principle of availability.

142
Q
  1. What is a covert channel?

A. A method that is used to pass information and that is not normally used for communication
B. Any communication used to transmit secret or top-secret data
C. A trusted path between the TCB and the rest of the system
D. Any channel that crosses the security perimeter

A

Answer: A

A covert channel is any method that is used to secretly pass data and that is not normally used for communication. All the other options describe normal communication channels.

143
Q
  1. Which of the following tools is most useful in sorting through large log files to search for intrusion-related events?

A. Text editor
B. Vulnerability scanner
C. Password cracker
D. SIEM

A

Answer: D

A Security Information and Event Management (SIEM) system is the best tool to search through large log files looking for intrusion-related events. A text editor requires manually looking at logs. Vulnerability scanners and password crackers are not used to search through log files looking for intrusions.

144
Q
  1. What is risk?

A. Any potential occurrence that can cause an undesirable or unwanted outcome
B. The actual occurrence of an event that results in loss
C. The likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset
D. An instance of being exposed to asset loss due to a threat

A

Answer: C

Risk is the likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset.

145
Q
  1. Which wireless security protocol makes use of AES cryptography?

A. WiFi
B. WEP
C. WPA
D. WPA2

A

Answer: D

WPA2 replaces TKIP (used by the original WPA) with AES cryptography.

146
Q
  1. What do steganographers use to hide the presence of secret information?

A. Images
B. Classified ads
C. One-time pads
D. Text files

A

Answer: A

Steganographers use images and other large files to mask the presence of secret information.

147
Q
  1. How many asymmetric keys are necessary to allow any 2 people from a set of 10 to communicate privately with each other?

A. 2
B. 4
C. 20
D. 45

A

Answer: C

Asymmetric cryptography requires 2*n keys to allow all parties to communicate.

148
Q
  1. When performing access review audits, which type of account is the most important to audit?

A. None is more important. They are all equal.
B. Regular user accounts.
C. Auditor accounts.
D. Privileged accounts.

A

Answer: D

Privileged accounts (such as administrator accounts) are granted the most access and should be a primary focus in an access review audit. Regular user and auditor accounts don’t have as many rights and permissions as privileged accounts and are not as important to audit.

149
Q
  1. Biometric authentication devices fall under what top-level authentication factor type?

A. Type 1
B. Type 2
C. Type 3
D. Type 4

A

Answer: C

Biometric authentication devices represent a Type 3 (something you have) authentication factor.

150
Q
  1. Which firewall type looks exclusively at the message header to determine whether to transmit or drop data?

A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering

A

Answer: A

A static packet-filtering firewall filters traffic by examining data from a message header.

151
Q
  1. Which of the following is not a step or element of AAA services?

A. Identification
B. Availability
C. Authorization
D. Accounting

A

Answer: B

The five elements of AAA services in order are identification, authentication, authorization, auditing, and accounting. Availability is not part of AAA services, but it is part of the CIA triad.

152
Q
  1. What technique may database administrators use to prevent inference attacks by presenting different data to users of different security clearance levels?

A. Polyinstantiation
B. Aggregation
C. Provisioning
D. Semantic integrity

A

Answer: A

Polyinstantiation includes multiple records in a table with the same primary key. Each record is designed for users of a specific security clearance level.

153
Q
  1. If an RSA key length of 1,024 bits is unusable on a device with low-end hardware capabilities and an ECC-RSA variant is used instead, what is the key length of the ECC-RSA key that provides equivalent strength?

A. 512 bits
B. 786 bits
C. 160 bits
D. 384 bits

A

Answer: C

An ECC-RSA 160-bit key is the equivalent of an RSA 1,024-bit key.

154
Q
  1. What type of data model does the Domain Name System (DNS) use?

A. Relational
B. Distributed
C. Transactional
D. Hierarchical

A

Answer: D

DNS uses a hierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.

155
Q
  1. Which of the following is the weakest method of authentication?

A. Synchronous one-time passwords
B. Asynchronous one-time passwords
C. Strong static passwords
D. Retina scans

A

Answer: C

Strong passwords are the weakest form of authentication from the given answers. One-time passwords are stronger than static passwords. Biometric methods such as retina scans are stronger than passwords.

156
Q
  1. A system that deploys ________________ permits the owner or creator of an object to control and define its accessibility.

A. Mandatory access control
B. Rule-based access control
C. Discretionary access control
D. Role-based access control

A

Answer: C

Discretionary access control permits the owner or creator of an object to control and define its accessibility because the owner has full control by default.

157
Q
  1. What type of alternate processing facility takes advantage of Infrastructure as a Service (IaaS) providers?

A. Hot site
B. Warm site
C. Cold site
D. Cloud site

A

Answer: D

Cloud service providers offer Infrastructure-as-a-Service options that are ideal backup sites.

158
Q
  1. Which one of the following is not a requirement for a cryptographic hash function?

A. The hash function is one way.
B. The output can be any length.
C. The hash function is relatively easy to compute.
D. The hash function is collision free.

A

Answer: B

The output of a hash function must be a fixed length.

159
Q
  1. A made-up network designed to lure unsuspecting attackers with low-hanging fruit is called what?

A. IDS
B. Honeynet
C. Padded cell
D. Vulnerability scanner

A

Answer: B

Honeynets are entire networks created to serve as a snare for intruders. They look and act like legitimate networks, but they are 100 percent fake. Honeynets tempt intruders with seemingly vulnerable systems with attractive artificial data.

160
Q
  1. Which of the following elements of teaching is considered a prerequisite for the others?

A. Education
B. Awareness
C. Training
D. Certification

A

Answer: B

Awareness must be established before actual training can take place.

161
Q
  1. What is the recommended management approach to security?

A. Top-down
B. Bottom-up
C. Two-man control
D. Modified waterfall

A

Answer: A

The approach to security management must be a top-down approach to be effective. Upper or senior management is responsible for initiating and defining policies for the organization. Security policies provide direction for the lower levels of the organization’s hierarchy. It is the responsibility of middle management to flesh out the security policy into standards, baselines, guidelines, and procedures. It is the responsibility of the operational managers or security professionals to implement the configurations prescribed in the security management documentation. It is the responsibility of the end users to comply with all security policies of the organization.

162
Q
  1. How would you determine the cardinality of a database table?

A. Count the number of columns.
B. Count the number of rows.
C. Count the number of candidate keys.
D. Count the number of foreign keys.

A

Answer: B

The cardinality of a database table is the number of records (or rows) in that table.

163
Q
  1. Which security tool is used to guide the security implementation of an organization?

A. Directive control
B. Preventive control
C. Detective control
D. Corrective control

A

Answer: A

A directive control is a security tool used to guide the security implementation of an organization.

164
Q
  1. Which of the following security assessment and testing program components may be performed by security professionals in the IT organization?

A. Internal audit
B. External audit
C. Criminal investigation
D. Assessment

A

Answer: D

IT staff may perform security assessments to evaluate the security of their systems and applications. Audits must be performed by internal or external auditors who are independent of the IT organization. Criminal investigations must be performed by certified law enforcement personnel.

165
Q
  1. What wireless communication technique employs a form of serial communication?

A. Spread spectrum
B. FHSS
C. DSSS
D. OFDM

A

Answer: B

Frequency Hopping Spread Spectrum (FHSS) was an early implementation of the spread spectrum concept. However, instead of sending data in a parallel fashion, it transmits data in a series while constantly changing the frequency in use.

166
Q
  1. Which of the following describes the freedom from being observed, monitored, or examined without consent or knowledge?

A. Integrity
B. Privacy
C. Authentication
D. Accountability

A

Answer: B

One definition of privacy is freedom from being observed, monitored, or examined without consent or knowledge.

167
Q
  1. What port is used by Transport Layer Security (TLS) to provide secure web connections?

A. 25
B. 81
C. 443
D. 8080

A

Answer: C

TLS uses port 443 to generate secure client-server web connections.

168
Q
  1. What is the primary purpose of change management?

A. To prevent unwanted reductions to security
B. To allow management to review all changes
C. To delay the release of mission-critical patches
D. To improve productivity of end users

A

Answer: B

The primary purpose of change management is to allow management to review all changes. However, it is true that the overall goal of change management is to prevent unwanted reductions to security.

169
Q
  1. Which one of the following groups is not a critical member of the business continuity planning team?

A. IT personnel
B. Legal staff
C. Public relations
D. Senior management

A

Answer: C

Public relations staff are generally not included in business continuity planning efforts. They would have significant involvement in disaster recovery.

170
Q
  1. Which of the following groupings restricts access to roles?

A. Grouping subjects
B. Grouping privileges
C. Grouping programs
D. Grouping objects

A

Answer: A

Role-based access control restricts access to roles by grouping subjects (such as users). Groups are assigned privileges but privileges aren’t grouped in roles. Programs aren’t grouped in roles. Objects such as files are often grouped within folders, but objects are not assigned as roles.

171
Q
  1. Beth is planning to run a network port scan against her organization’s web server. What ports should she expect will be open to the world?

A. 80 and 443
B. 22 and 80
C. 80 and 1433
D. 22, 80, and 443

A

Answer: A

Web servers should expose ports 80 and/or 443 to the world to support HTTP and/or HTTPS connections. Port 22, used by SSH, and port 1433, used by SQL Server databases, should not normally be publicly exposed.

172
Q
  1. VPNs provide all but which of the following?

A. Confidentiality
B. Integrity
C. Availability
D. Privacy

A

Answer: C

VPNs do not provide or guarantee availability.

173
Q
  1. What is the foundation of user and personnel security?

A. Background checks
B. Job descriptions
C. Auditing and monitoring
D. Discretionary access control

A

Answer: B

Job descriptions are essential to user and personnel security. Only when it’s based on a job description does a background check have true meaning. Without a job description, auditing and monitoring cannot determine when a user performs tasks outside of their assigned work. Without a job description, administrators do not know what level of access to assign via DAC.

174
Q
  1. Which of the following is not a valid definition or perspective of integrity protection?

A. Unauthorized subjects should be prevented from making modifications.
B. Authorized subjects should be prevented from making unauthorized modifications, such as mistakes.
C. Data, once stored in a secured facility, can be changed for any reason.
D. Objects should be internally and externally consistent so that their data is a correct and true reflection of the real world.

A

Answer: C

Integrity protection is not about stopping all change but preventing unwanted, unintended, and malicious change as well as ensuring the retention of correct information.

175
Q
  1. Which one of the following is not a required component of a digital certificate?

A. Serial number
B. Validity period
C. Receiver’s name
D. X.509 version

A

Answer: C

The receiver’s name is not a necessary component of a digital certificate.

176
Q
  1. What is not the goal of any authorized formal penetration testing methodology?

A. To expose inherent weakness on the network
B. To catalog identified weakness on the network
C. To obtain subversive control over the network
D. To report findings of weakness on the network

A

Answer: C

In a typical penetration testing scenario, the ultimate goal is to expose, inventory, and report any findings of vulnerability or weakness on the network.

177
Q
  1. Which of the following is not an aggregate function in SQL?

A. MAX()
B. SUM()
C. SELECT()
D. AVG()

A

Answer: C

SELECT()is not an aggregate function but an SQL command. MAX()is an aggregate function that selects the maximum value from a set. SUM()is an aggregate function that adds values together. AVG()is an aggregate function that determines the mathematical average of a series of values.

178
Q
  1. What is the primary objective of a spoof attack?

A. To send large amounts of data to a victim
B. To cause a buffer overflow
C. To hide the identity of an attacker through misdirection
D. To steal user accounts and passwords

A

Answer: C

Spoofing grants the attacker the ability to hide their identity through misdirection. It is therefore involved in most attacks.

179
Q
  1. Why do operating systems need security mechanisms?

A. Humans are perfect.
B. Software is not trusted.
C. Technology is always improving.
D. Hardware is faulty.

A

Answer: B

Security mechanisms are needed within an operating system because software is not trusted.

180
Q
  1. You discover a virus that is written in the language Visual Basic for Applications. What type of virus have you likely found?

A. MBR
B. Stealth
C. Macro
D. Service injection

A

Answer: C

Macro viruses use scripting languages such as Visual Basic for Applications.

181
Q
  1. Which of the following provides the best protection against mishandling media that contains sensitive information?

A. Marking
B. Purging
C. Sanitizing
D. Retaining

A

Answer: A

Marking (or labeling) media is the best choice of the available answers to protect against mishandling media. When properly marked, personnel are more likely to handle media properly. Purging and sanitizing methods remove sensitive information but do not protect against mishandling. Data retention refers to how long an organization keeps the data, not how it handles the data.

182
Q
  1. Which of the following is one of the three principles within the common security triad?

A. Privacy
B. Integrity
C. Nonrepudiation
D. Authentication

A

Answer: B

Integrity is one of the CIA Triad principles; the other two are confidentiality and availability.

183
Q
  1. In a discussion of high-speed telco links or network carrier services, what does fault tolerance mean?

A. Error checking
B. Redundancy
C. Flow control
D. Bandwidth on demand

A

Answer: B

In a discussion of high-speed telco links or network carrier services, fault tolerance means to have redundant connections.

184
Q
  1. Which component of the CIA Triad has the most avenues or vectors of attack and compromise?

A. Confidentiality
B. Integrity
C. Availability
D. Accountability

A

Answer: C

Availability has the most avenues or vectors of attack and compromise. Availability can be affected by damaging the resource, compromising the resource host, interfering with communications, or attacking the client.

185
Q
  1. What character should never be allowed in web form input that the application will pass to a database?

A. !
B. $
C. #
D. ‘

A

Answer: D

The single quote character (‘) is an essential part of a SQL injection attack and should never be allowed in user input in a database-driven application.

186
Q
  1. What is not considered a security best practice with regard to password selection?

A. Rejection of listed or known bad entries
B. Periodic, scheduled password changes
C. Simple, easily recalled letter combinations
D. Automated real-time strength enforcement

A

Answer: C

Strong password choices should be neither predictable nor deterministic, should be of sufficient length and strength, and should be periodically changed and enforced against best security practices by automated means.

187
Q
  1. Which of the following is true?

A. Tunneling is always secure.
B. Tunneling is available only on IP networks.
C. Tunneling prevents security control devices from inspecting the actual content of the transmitted data.
D. Tunneling is a mechanism found exclusively in software.

A

Answer: C

The tunneling process prevents security control devices from blocking or dropping the communication because such devices don’t know what the contents of the packets actually are.

188
Q
  1. Which VPN protocol should not be used as the sole encapsulation mechanism if there is a dial-up segment present between the host and the link endpoint?

A. L2F
B. PPTP
C. IPSec
D. L2TP

A

Answer: C

IPSec is not designed to function naked over a dial-up segment. IPSec must be encapsulated to transmit across a dial-up link; often it is encased in L2TP for this.

189
Q
  1. A _____________is a type of new system deployment testing where the new system and the old system run simultaneously.

A. Parallel run
B. Simulation test
C. Black-box test
D. Stress test

A

Answer: A

A parallel run is a type of new system deployment testing where the new system and the old system are run in parallel.

190
Q
  1. What does the term “500-year flood plain” mean to emergency preparedness officials?

A. The last flood of any kind to hit the area was more than 500 years ago.
B. The odds of a flood at the location described are 1 in 500 in any given year.
C. The area is expected to be safe from flooding for at least 500 years.
D. The last significant flood to hit the area was more than 500 years ago.

A

Answer: B

Areas in a 500-year flood plain should expect flooding once every 500 years.

191
Q
  1. How many rounds of encryption are required for 192-bit keys under the Rijndael cipher?

A. 9
B. 11
C. 13
D. 16

A

Answer: B

Rijndael requires 11 rounds of encryption when used with 192-bit cryptographic keys.

192
Q
  1. What primary function is an intrusion detection system (IDS) designed to perform?

A. Detect abnormal activity
B. Detect system failures
C. Assess system performance
D. Assess system vulnerabilities

A

Answer: A

An IDS automates the inspection of audit logs and real-time system events to detect abnormal activity. IDSs are generally used to detect intrusion attempts, but they can also be employed to detect system failures or rate overall performance.

193
Q
  1. What type of alternate processing facility does not contain any computing facilities?

A. Hot site
B. Warm site
C. Cold site
D. Cloud site

A

Answer: C

Cold sites contain basic infrastructure but do not have any computing facilities active.

194
Q
  1. What is used to increase the strength of cryptography by creating a unique cipher text every time the same message is encrypted with the same key?

A. Initialization vector
B. Vignere cipher
C. Steganography
D. Stream cipher

A

Answer: A

An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key.

195
Q
  1. Which of the following types of WAN connections offer the least assurance of communications?

A. Dedicated lines
B. Nondedicated lines
C. Leased lines
D. Point-to-point link lines

A

Answer: B

Nondedicated leased lines offer the least assurance of communication because they require a link to be established before communication can take place. If all circuits for that connection type are currently in use, a connection will not be established, thus no communications.

196
Q
  1. A VPN is a specific form of ___________________.

A. Tunnel
B. Encryption
C. WAN connectivity
D. Accountability mechanism

A

Answer: A

A virtual private network (VPN) is simply a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network.

197
Q
  1. What is the determining factor to whether a security effort will be successful?

A. Proper technical knowledge
B. User awareness
C. Senior management support
D. Sufficient budget

A

Answer: C

Without senior management support, no security effort can succeed.

198
Q
  1. What database element is equivalent to a single attribute?

A. Table
B. Row
C. Column
D. Attribute

A

Answer: C

A database column contains the data corresponding to a single attribute for all records in the table.

199
Q
  1. ________________ is required once an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity level.

A. Polyinstantiation
B. Perturbation
C. Declassification
D. Physical protection

A

Answer: C

Declassification is required once an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity level.

200
Q
  1. What attack pattern is characterized by specially crafted inputs issued to a vulnerable application or service?

A. Hijacking
B. Buffer overflow
C. Man in the middle
D. Brute force

A

Answer: B

In many cases, a buffer overflow attack will involve specially crafted, typically oversized inputs in an attempt to overwrite critical application data and disrupt or redirect program execution flow.

201
Q
  1. Which of the following platforms are susceptible to malicious code? (Choose all that apply)

A. Windows PCs
B. Windows servers
C. MacBooks
D. Embedded devices

A

Answer: A;B;C;D

Malicious code may infect almost any platform, including Windows PCs and servers, MacBooks, and embedded devices.

202
Q
  1. ________________, such as that commonly found in firewall systems, is governed by a set of administrator-defined filters.

A. Rule-based access control
B. Role-based access control
C. Mandatory access control
D. Discretionary access control

A

Answer: A

Rule-based access control defines specific functions for access to requested objects.

203
Q
  1. Which security mechanism is used to verify whether the directive and preventive controls have been successful?

A. Directive control
B. Preventive control
C. Detective control
D. Corrective control

A

Answer: C

A detective control is a security mechanism used to verify whether the directive and preventive controls have been successful.

204
Q
  1. A _______________ contains levels with various compartments that are isolated from the rest of the security domain.

A. Hybrid environment
B. Compartmentalized environment
C. Hierarchical environment
D. Security environment

A

Answer: A

Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.

205
Q
  1. Which of the following approaches uses mathematical algorithms to analyze data, developing models that may be used to predict future activity?

A. Expert systems
B. Data mining
C. Data warehousing
D. Information discovery

A

Answer: B

Data mining uses mathematical approaches to analyze data, searching for patterns that predict future activity.

206
Q
  1. Which of the following does not reflect the protected elements under an access control methodology?

A. Integrity
B. Scalability
C. Accountability
D. Confidentiality

A

Answer: B

Access control provides security through confidentiality, integrity, and accountability.

207
Q
  1. UDP is a connectionless protocol that operates at the Transport layer of the OSI model and uses ports to manage simultaneous connections. Which of the following terms also is related to UDP?

A. Bits
B. Logical addressing
C. Data reformatting
D. Simplex

A

Answer: D

UDP is a simplex protocol at the Transport layer.

208
Q
  1. Security planning documentation should ________________.

A. Define work for individuals
B. Assign blame for faults
C. Prescribe tasks to roles
D. Be posted for public access

A

Answer: C

As a general rule of thumb, security policies (as well as standards, guidelines, and procedures) should not address specific individuals. Instead of assigning tasks and responsibilities to a person, they should be defined for a role. Then these defined roles are assigned to individuals as a job description or an assigned work task. The assignment of a role to a person is not part of the security policy documentation. Rather, that activity is a function of administrative control or personnel management. Thus, a security policy does not define who is to do what but rather what must be done by the various roles within the security infrastructure.

209
Q
  1. What DES mode uses the exclusive OR function to combine each block of unencrypted text with the immediately preceding cipher-text block?

A. CFB
B. ECB
C. CBC
D. OFB

A

Answer: C

In Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.

210
Q
  1. What vulnerability is being exploited when an attacker replaces a resource between the initial status check and the use of the resource?

A. Covert channel
B. TOC/TOU
C. Buffer overflow
D. Maintenance hook

A

Answer: B

In a TOC/TOU attack, the attacker is racing with the legitimate process to replace the object before it is used.

211
Q
  1. The qualitative risk analysis equations produce ALEs and cost/benefit results that are used for what purpose?

A. Purchasing insurance
B. Assigning responsibility
C. Knowing how large a loss will be
D. Determining priority

A

Answer: D

The risk analysis equations—specifically, the ALE and the cost/benefit equation—produce results that are primarily used to prioritize security efforts. The largest values should be addressed and resolved first. The values are not directly used to obtain insurance or assign responsibility, and they’re not realistic enough to be used as actual cost/loss expectations.

212
Q
  1. A system that can readily identify and actively repel forms of network-driven attacks is what kind of system?

A. Intrusion detection system
B. Intrusion prevention system
C. Behavior-based system
D. Signature-based system

A

Answer: B

Intrusion prevention systems (IPSs) pick up where intrusion detection systems (IDSs) leave off by actively denying any illicit traffic patterns they detect.

213
Q
  1. What is the largest size for an ICMP packet that complies with official standards?

A. 2,048 bits
B. 32,768 bits
C. 65,536 bits
D. 129,127 bits

A

Answer: C

The largest acceptable size for an ICMP packet is 65,536 bits.

214
Q
  1. What category of UTP is most commonly used for 1000 Mbps Ethernet networks?

A. Cat 1
B. Cat 3
C. Cat 5e
D. Cat 7

A

Answer: C

Cat 5e offers 1000 Mbps (or 1 Gbps) throughput and is primarily used in Ethernet networks.

215
Q
  1. What law amended the Health Insurance Portability and Accountability Act to include data breach notification requirements?

A. FERPA
B. HITECH
C. PCI DSS
D. CALEA

A

Answer: B

The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA to include new regulations related to data breach notification and the compliance requirements of covered entity business associates.

216
Q
  1. Which of the following network devices is used to connect networks that are using different network protocols?

A. Bridge
B. Router
C. Switch
D. Gateway

A

Answer: D

A gateway connects networks that are using different network protocols.

217
Q
  1. What security protocol was developed specifically to protect communications between web servers and web browsers?

A. L2F
B. SKIP
C. SWIPE
D. SSL

A

Answer: D

Secure Sockets Layer (SSL) is an encryption protocol developed by Netscape to protect the communications between a web server and a web browser.

218
Q
  1. Which of the following is a component or element of IPSec that provides authentication, integrity, and nonrepudiation?

A. Authentication Header
B. Challenge Handshake Authentication Protocol
C. Encapsulating Security Payload
D. Terminal Access Controller Access Control System

A

Answer: A

Authentication Header (AH) provides authentication, integrity, and nonrepudiation.

219
Q
  1. During the deencapsulation procedure, the ________ layer strips its information and sends the message up to the Network layer.

A. Transport
B. Data Link
C. Presentation
D. Ethernet

A

Answer: B

During the deencapsulation procedure, the Data Link layer strips its information and sends the message up to the Network layer.

220
Q
  1. Which of the following ensures a high level of confidence that data, objects, and resources are unaltered from their original protected state?

A. Confidentiality
B. Nonrepudiation
C. Integrity
D. Hash values

A

Answer: C

If a security mechanism offers integrity, then it offers a high level of confidence that data, objects, and resources are unaltered from their original protected state.

221
Q
  1. What is the maximum key length supported by the Advanced Encryption Standard’s Rijndael encryption algorithm?

A. 128 bits
B. 192 bits
C. 256 bits
D. 512 bits

A

Answer: C

The AES/Rijndael algorithm is capable of operating with 128-, 192-, or 256-bit keys. The algorithm uses a block size equal to the length of the key.

222
Q
  1. _______________ is the process of verifying and validating some user-supplied credential.

A. Confidentiality
B. Creditability
C. Accountability
D. Authentication

A

Answer: D

Authentication is the process of verifying or testing that a claimed identity is valid.

223
Q
  1. What HTML tag is essential to a successful XSS attack?

A. “HEAD”
B. “XSS”
C. “SCRIPT”
D. “H2”

A

Answer: C

In an XSS attack, the attacker includes the “SCRIPT” tag in reflected input to execute a script on the client system.

224
Q
  1. Which one of the following is an example of a third-generation language?

A. Assembly language
B. C++
C. SQL
D. Machine language

A

Answer: B

C++ and other compiled languages are third generation programming languages.

225
Q
  1. What term describes the processor mode used to run the system tools used by administrators seeking to make configuration changes to a machine?

A. User mode
B. Supervisory mode
C. Kernel mode
D. Privileged mode

A

Answer: A

All user applications, regardless of the security permissions assigned to the user, execute in user mode. Supervisory mode, kernel mode, and privileged mode are all terms that describe the mode used by the processor to execute instructions that originate from the operating system.

226
Q
  1. Network Address Translation is a mechanism for what?

A. Resolving IP addresses into MAC addresses
B. Filtering traffic to prevent denial of service flooding
C. Converting the internal IP addresses found in packet headers into public IP addresses for transmission over the Internet
D. Converting human-friendly domain names into IP addresses

A

Answer: C

Network Address Translation (NAT) is a mechanism for converting the internal IP addresses found in packet headers into public IP addresses for transmission over the Internet.

227
Q
  1. Which of the following is not a typical security concern with VoIP?

A. VLAN hopping
B. Caller ID falsification
C. Vishing
D. SPIT

A

Answer: A

VLAN hopping is a switch security issue, not a VoIP security issue. Caller ID falsification, vishing, and SPIT (spam over Internet telephony) are VoIP security concerns.

228
Q
  1. A tunnel mode VPN is used to connect which types of systems?

A. Hosts and servers
B. Clients and terminals
C. Hosts and networks
D. Servers and domain controllers

A

Answer: C

Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is used to connect hosts to hosts. Host , server , client , terminal , and domain controller are all synonyms.

229
Q
  1. The annualized loss expectancy can be calculated using which of the following equations?

A. Exposure factor * annualized rate of occurrence
B. Asset value * exposure factor
C. Asset value * risk probability * safeguard benefit
D. Asset value * exposure factor * annualized rate of occurrence

A

Answer: D

The annualized loss expectancy can be calculated using asset value * exposure factor * annualized rate of occurrence. It can also be calculated using single loss expectancy * annualized rate of occurrence.

230
Q
  1. Which one of the following devices is most susceptible to TEMPEST monitoring of its emanations?

A. Floppy drive
B. CRT monitor
C. CD
D. Keyboard

A

Answer: B

Although all electronic devices emit some unwanted emanations, CRT monitors are the devices most susceptible to this threat (at least from this list of options).

231
Q
  1. Which of the following is not a valid perspective or concept of integrity?

A. Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world
B. Preventing unauthorized subjects from making modifications
C. Ensuring that access to resources is maintained at a level sufficient to complete work tasks
D. Preventing authorized subjects from making unauthorized modifications, such as mistakes

A

Answer: C

The concept of “Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world” is related to availability, not integrity.

232
Q
  1. Christopher would like to send Renee a message using asymmetric encryption. What key should he use to encrypt the message?

A. Christopher’s public key
B. Christopher’s private key
C. Renee’s public key
D. Renee’s private key

A

Answer: C

The sender of a message uses the recipient’s public key to encrypt it.

233
Q
  1. Coordinated attack efforts against an infrastructure or system that limit or restrict its capacity to process legitimate traffic are what form of network-driven attack?

A. Denial of service
B. Distributed denial of service
C. Distributed reflective denial of service
D. Differential denial of service

A

Answer: B

Coordinated attacks between several cooperative machines using traffic in an illegitimate way are a distributed denial of service attack.

234
Q
  1. The Jones Institute has six employees and uses a symmetric key encryption system to ensure confidentiality of communications. If each employee needs to communicate privately with every other employee, how many keys are necessary?

A. 1
B. 6
C. 15
D. 30

A

Answer: C

A separate key is required for each pair of users who want to communicate privately. In a group of six users, this would require a total of 15 secret keys.

235
Q
  1. An attacker located at IP address 12.8.0.1 wants to launch a smurf attack on a victim machine located at IP address 129.74.15.12 utilizing a third-party network located at 141.190.0.0/16. What would be the source IP address on the single packet the attacker transmits?

A. 12.8.0.1
B. 129.74.15.12
C. 141.190.0.0
D. 141.190.255.255

A

Answer: B

In a smurf attack, the attacker sends a single forged packet bearing a source address corresponding to the victim machine.

236
Q
  1. Which of the following is not used in typical biometric authentication?

A. Fingerprint scans
B. Retinal scans
C. Voice recognition
D. Saliva sample

A

Answer: D

Typical biometric authentication systems represent mechanisms that can mostly perform real-time analysis of biometric authentication factors without involving personal health factors.

237
Q
  1. ___________________ is a cell-switching technology rather than a packet-switching technology.

A. ISDN
B. Frame Relay
C. SMDS
D. ATM

A

Answer: D

Asynchronous transfer mode (ATM) is a cell-switching technology rather than a packet-switching technology.

238
Q
  1. Which of the following is not an IP address that would be considered a private IP address by RFC 1918?

A. 172.32.4.29
B. 172.17.6.93
C. 172.23.23.251
D. 172.28.29.189

A

Answer: A

The private IP addresses defined in RFC 1918 are 10.0.0.0 to 10.255.255.255 (a full Class A range), 172.16.0.0 to 172.31.255.255 (16 Class B ranges), and 192.168.0.0 to 192.168.255.255 (255 Class C ranges).

239
Q
  1. Which of the following is an example of an interpreted language?

A. C++
B. VBScript
C. Java
D. Fortran

A

Answer: B

VBScript is the only example of an interpreted language listed. C++, Java, and Fortran are compiled languages.

240
Q
  1. What is the primary means by which fax communications can be made secure?

A. Nonrepudiation controls
B. Limited access
C. Authentication
D. Encryption

A

Answer: D

The primary means by which fax communications can be secured is to use encryption.

241
Q
  1. In a _______________, each level or classification label in the security structure grants a subject access to objects equal to and lower than that level.

A. Hybrid environment
B. Hierarchical environment
C. Compartmentalized environment
D. Centralized environment

A

Answer: B

In a hierarchical environment, the various classification labels are assigned in an ordered structure from low security to medium security to high security.

242
Q
  1. What regulation formalizes the prudent man rule that requires senior executives to take personal responsibility for their actions?

A. CFAA
B. Federal Sentencing Guidelines
C. GLBA
D. Sarbanes–Oxley

A

Answer: B

The Federal Sentencing Guidelines released in 1991 formalized the prudent man rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.

243
Q
  1. ____________ is a weakness in cryptography where a plain-text message generates identical cipher-text messages using the same algorithm but using different keys.

A. Nonce
B. Aggregation
C. Clustering
D. Collusion

A

Answer: C

Clustering (aka key clustering) is a weakness in cryptography where a plain-text message generates identical cipher-text messages using the same algorithm but different keys.

244
Q
  1. What type of access control system is deployed to physically deter unwanted or unauthorized activity and access?

A. Preventive access control
B. Deterrent access control
C. Directive access control
D. Compensation access control

A

Answer: A

Preventive access control is deployed to stop unwanted or unauthorized activity from occurring.

245
Q
  1. Which of the following is not true?

A. Policies, standards, baselines, guidelines, and procedures can be combined in a single document.
B. Not all users need to know the security standards, baselines, guidelines, and procedures for all security classification levels.
C. When changes occur, it is easier to update and redistribute only the affected material rather than update a monolithic policy and redistribute it.
D. Higher up the formalization structure (that is, security policies), there are fewer documents because they are general broad discussions of overview and goals. Further down the formalization structure (that is, guidelines and procedures), there are many documents because they contain details specific to a limited number of systems, networks, divisions, areas, and so on.

A

Answer: A

Avoid combining policies, standards, baselines, guidelines, and procedures in a single document. Each of these structures must exist as a separate entity because each performs a different specialized function.

246
Q
  1. Many of the following options reflect best practices when engaging penetration testing to validate and verify the strength of your security policy. Which of the following is not recommended?

A. Mimicking attacks previously perpetrated against your system
B. Performing the attacks without management’s consent
C. Using manual and automated attack tools
D. Reconfiguring the system to resolve any discovered vulnerabilities

A

Answer: B

You should never conduct a formal or informal penetration test against any company without the advanced knowledge and express consent of management.

247
Q
  1. The maximum fragment size for a given network is 1,500 bytes. If the network receives a packet that is 4,810 bytes long, what will be the offset value of the fourth fragment?

A. 0
B. 310
C. 1,500
D. 4,500

A

Answer: D

The offset value for the fourth fragment would be the sum of the lengths of the preceding three fragments. In this case, each of those fragments would be 1,500 bytes, leaving the fourth fragment with an offset value of 4,500 bytes.

248
Q
  1. What attack involves an interruptive malicious user positioned between a client and server attempting to take over?

A. Man-in-the-middle
B. Spoofing
C. Hijacking
D. Cracking

A

Answer: C

In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over.

249
Q
  1. The loss of signal strength and integrity over distance on a cable is known as what?

A. Attenuation
B. Deencapsulation
C. Degradation
D. Defragmentation

A

Answer: A

Attenuation is the loss of signal strength and integrity over distance on a cable.

250
Q
  1. A process can function or operate as _______________.

A. Subject only
B. Object only
C. Subject or object
D. Neither a subject nor an object

A

Answer: C

A process can function or operate as a subject or object. In fact, many elements within an IT environment, including users, can be subjects or objects in different access control situations.