P/E 2 Flashcards

Question 1

Q

What law protects the privacy rights of students?

A. HIPAA
B. SOX
C. GLBA
D. FERPA

Answer

A

Answer: D

The Family Educational Rights and Privacy Act (FERPA) protects the rights of students and the parents of minor students.

Question 2

Q

Which electronic mail security program is based on building a web of trust?

A. PGP
B. S/MIME
C. MOSS
D. PEM

Answer

A

Answer: A

Phil Zimmerman’s Pretty Good Privacy (PGP) package relies on the construction of a web of trust between system users.

Question 3

Q

___________________ is an attack in which you receive unwanted, inappropriate, or irrelevant email messages.

A. Spamming
B. Impersonation
C. Masquerading
D. Spoofing

Answer

A

Answer: A

Spamming is an attack in which you receive unwanted, inappropriate, or irrelevant email messages.

Question 4

Q

In what scenario would you perform bulk transfers of backup data to a secure offsite location?

A. Incremental backup
B. Differential backup
C. Full backup
D. Electronic vaulting

Answer

A

Answer: D

Electronic vaulting describes the transfer of backup data to a remote backup site in a bulk-transfer fashion.

Question 5

Q

Which one of the following is not a major asset category normally covered by the BCP (business continuity plan)?

A. People
B. Documentation
C. Infrastructure
D. Building/facilities

Answer

A

Answer: B

The BCP normally covers three major asset categories: people, infrastructure, and buildings/facilities.

Question 6

Q

David ran an nmap scan against a server and determined that port 443 is open on the server. What tool would likely provide him the best additional information about the server’s purpose and the identity of the server’s operator?

A. ssh
B. Web browser
C. telnet
D. Ping

Answer

A

Answer: B

The server is likely running a secure website on port 443. Using a web browser to access the site may provide important information about the site’s purpose.

Question 7

Q

What type of intellectual property protection is best suited for computer software?

A. Copyright
B. Trademark
C. Patent
D. Trade secret

Answer

A

Answer: D

Trade secrets are one of the best legal protections for computer software.

Question 8

Q

8. What is the value of the logical operation shown here?
 X:        0 1 1 0 1 0
 Y:        0 0 1 1 0 1
\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
 X ⨁ Y:    ?

A. 0 1 1 1 1 1
B. 0 1 0 1 1 1
C. 0 0 1 0 0 0
D. 1 0 0 0 0 0

Answer

A

Answer: B

The ⨁ symbol represents the exclusive OR (XOR) function, which is true when one and only one of the input bits is true.

Question 9

Q

John found a vulnerability in his code where an attacker can enter too much input and then force the system running the code to execute arbitrary commands. What type of vulnerability has John discovered?

A. TOCTTOU
B. Buffer overflow
C. XSS
D. XSRF

Answer

A

Answer: B

Buffer overflow vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size. Input that is too large can “overflow” a data structure to affect other data stored in the computer’s memory.

Question 10

Q

Which one of the following is also known as the Caesar cipher?

A. ROT2
B. ROT3
C. ROT8
D. ROT11

Answer

A

Answer: B

The Caesar cipher, also known as the ROT3 cipher, shifts all characters in the plain text three letters to the right to create the cipher text.

Question 11

Q

What Japanese cipher system was broken by the United States during World War II?

A. Ultra
B. Purple
C. Enigma
D. VENONA

Answer

A

Answer: B

The Japanese Purple cipher system was broken by the Allies and contributed to their victory in World War II. Ultra was the effort to break the German Enigma cipher system. VENONA was an American effort to break a Soviet cipher during the 1940s.

Question 12

Q

What is the output value of the mathematical function 19 mod 4?

A. 3
B. 4
C. 5
D. 6

Answer

A

Answer: A

Nineteen divided by 4 equals 4, with a remainder value of 3.

Question 13

Q

When a user is attempting to connect to a SNMP service on an internal system that while booted and functioning is not actually running an SNMP server, what information response will their system receive?

A. UDP error
B. TCP RST
C. ICMP Type 3
D. DNS lookup error

Answer

A

Answer: C

SNMP is a UDP-based service. UDP does not have any means of sending back errors, because it is a simplex protocol. Thus, when UDP errors occur, the system will switch protocols and use ICMP to send back information. In the case of a non-existing service, the port is thus not available, so an ICMP Type 3 error will be returned.

Question 14

Q

Matthew receives a digitally signed message from Christopher. What key should Matthew use to verify the digital signature?

A. Christopher’s public key
B. Christopher’s private key
C. Matthew’s public key
D. Matthew’s private key

Answer

A

Answer: A

Matthew uses Christopher’s public key to verify the digital signature on the message.

Question 15

Q

What kind of recovery facility enables an organization to resume operations as quickly as possible, if not immediately upon failure of the primary facility?

A. Hot site
B. Warm site
C. Cold site
D. All of the above

Answer

A

Answer: A

Hot sites provide backup facilities maintained in constant working order and fully capable of taking over business operations.

Question 16

Q

In which phase of the business impact assessment do you compute loss expectancies?

A. Risk assessment
B. Likelihood assessment
C. Impact assessment
D. Resource prioritization

Answer

A

Answer: C

Loss expectancies are a measure of impact and are calculated during the impact assessment phase.

Question 17

Q

What type of virus always loads itself automatically when the system starts?

A. MBR virus
B. File infector virus
C. Stealth virus
D. Polymorphic virus

Answer

A

Answer: A

Master boot record (MBR) viruses infect the system’s boot sector and load when the system is started.

Question 18

Q

What government agency is responsible for developing standards and guidelines for federal computer systems?

A. NIST
B. CIA
C. FBI
D. NSA

Answer

A

Answer: A

The National Institute of Standards and Technology (NIST) is responsible for developing standards and guidelines for federal computer systems. They may draw on the technical expertise of the National Security Agency for assistance.

Question 19

Q

Who administers the European Union safe harbor provisions in the United States?

A. Department of State
B. Department of Education
C. Department of Commerce
D. Department of Defense

Answer

A

Answer: C

The Department of Commerce maintains the EU safe harbor provisions for American companies.

Question 20

Q

The ____________ data model has data stored in more than one database, but the data is still logically connected. The user perceives the database as a single entity, even though it comprises numerous parts interconnected over a network.

A. Hierarchical
B. Normalized
C. Distributed
D. Relational

Answer

A

Answer: C

The distributed data model has data stored in more than one database, but the data is still logically connected. The user perceives the database as a single entity, even though it comprises numerous parts interconnected over a network.

Question 21

Q

When someone launches a typical software product, such as a web browser or a text editor, it is executed in what mode of operation managed by the OS?

A. Privileged mode
B. User mode
C. Supervisory mode
D. Kernel mode

Answer

A

Answer: B

User mode is the basic mode used by the CPU when executing user applications. In this mode, the CPU allows the execution of only a portion of its full instruction set. This is designed to protect users from accidentally damaging the system through the execution of poorly designed code or the unintentional misuse of that code.

Question 22

Q

What is qualitative risk analysis based on?

A. Dollar values
B. Concrete percentages
C. Historical logs and records
D. Opinions

Answer

A

Answer: D

The process of performing qualitative risk analysis involves judgment, intuition, and experience—in other words, opinions.

Question 23

Q

Which of the following is not a requirement for the use of a one-time pad?

A. The encryption key must be at least one-half the length of the message to be encrypted.
B. The encryption key must be randomly generated.
C. Each one-time pad must be used only once.
D. The one-time pad must be physically protected against disclosure.

Answer

A

Answer: A

The encryption key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message. The three other facts listed are all characteristics of one-time pad systems.

Question 24

Q

An organization wants to ensure that users can run only specific applications. Which of the following techniques is the best choice to support this goal?

A. Whitelisting
B. Blacklisting
C. Sampling
D. Watermarking

Answer

A

Answer: A

Whitelisting allows administrators to specify a list of authorized applications. Any applications not on the list cannot run. Blacklisting is a list of unauthorized applications. Sampling is a form of data reduction and not related to running applications. Watermarking embeds an image or other mark on printed documents and files and helps prevent data loss.

Question 25

Q

Which one of the following is not a basic requirement for the admissibility of evidence?

A. Timely
B. Relevant
C. Material
D. Competent

Answer

A

Answer: A

To be admissible, evidence must be relevant, material, and competent.

Question 26

Q

Which one of the following business impact assessment variables is used to estimate the amount of damage an organization incurs each time an event occurs?

A. AV
B. SLE
C. ARO
D. MTD

Answer

A

Answer: B

The single loss expectancy (SLE) estimates the amount of damage that occurs each time a risk materializes for an organization.

Question 27

Q

Which one of the following pieces of BCP (business continuity plan) documentation would provide procedures for notifying executives of a potential disruption?

A. Vital records program
B. Emergency-response guidelines
C. Business impact assessment
D. Statement of urgency

Answer

A

Answer: B

The emergency-response guidelines outline organizational and individual responsibilities for immediate response to an emergency situation. These include executive notification procedures.

Question 28

Q

Your database administrators recommend performing bulk transfer backups to a remote site on a daily basis. What type of strategy are they recommending?

A. Transaction logging
B. Electronic vaulting
C. Remote journaling
D. Remote mirroring

Answer

A

Answer: B

Electronic vaulting uses bulk transfers to copy database contents to a remote site on a periodic basis.

Question 29

Q

What database backup technology applies database transactions in real time at both primary and alternate sites?

A. Remote mirroring
B. Electronic vaulting
C. Remote journaling
D. Fault tolerance

Answer

A

Answer: A

Remote mirroring technology maintains mirrored images of servers at both the primary and alternate sites.

Question 30

Q

What is the maximum effective key length of the Triple DES (3DES) encryption algorithm?

A. 56 bits
B. 64 bits
C. 112 bits
D. 168 bits

Answer

A

Answer: D

When run in DES-EEE3 mode, Triple DES has an effective key length of 168 bits.

Question 31

Q

Which of the following is not a physical control for physical security?

A. Fencing
B. Closed-circuit TV (CCTV)
C. Lighting
D. Locks or keypads

Answer

A

Answer: B

Physical controls for physical security include fencing, lighting, locks, construction materials, mantraps, dogs, and guards. CCTV is a technical physical security control and also has deterrent and detective elements, but it is not a physical control for direct physical security itself.

Question 32

Q

_________________ is a technology that can allow an automated tool to interact with a human interface.

A. Remote control
B. Virtual desktops
C. Remote node operation
D. Screen scraping

Answer

A

Answer: D

Screen scraping is a technology that can allow an automated tool to interact with a human interface.

Question 33

Q

When conducting an internal investigation, what is the most common source of evidence?

A. Historical data
B. Search warrant
C. Subpoena
D. Voluntary surrender

Answer

A

Answer: D

Internal investigations usually operate under the authority of senior managers, who grant access (i.e., voluntary surrender) to all information and resources necessary to conduct the investigation.

Question 34

Q

Which form of access abuse simply involves following authorized personnel through security gateways or passages?

A. Injection
B. Masquerading
C. Intrusion
D. Piggybacking

Answer

A

Answer: D

Piggybacking is a method of gaining unauthorized access to computer facilities by following an authorized employee through a controlled door.

Question 35

Q

What phase of the Electronic Discovery Reference Model puts evidence in a format that may be shared with others?

A. Production
B. Processing
C. Review
D. Presentation

Answer

A

Answer: A

Production places the information in a format that may be shared with others.

Question 36

Q

What type of contract provision requires a vendor to provide a specified level of service to clients?

A. ERP
B. ARO
C. SLA
D. MTD

Answer

A

Answer: C

A service-level agreement (SLA) specifies the terms of service provided by a vendor to a client and may include penalties for noncompliance.

Question 37

Q

While performing network packet capture analysis, you discover packets that seem odd. By looking into the packet’s raw hex display, you see that the byte offset position 0x2F has the value of 0x08. What was this packet attempting to make occur?

A. Abruptly disconnect a session
B. Confirm the receipt of a data set
C. Start a graceful hang-up process
D. Initiate a new session connection

Answer

A

Answer: A

The raw hex value of 0x08 in offset position 0x2F represents the binary number of 00000100. When this binary number is compared to the TCP header flag (i.e., the offset position 0x2F) layout of XXUAPRSF, it is clear the Reset flag is set. Thus, this packet is attempting to abruptly disconnect a session.

Question 38

Q

What is the best way to understand the meaning of the term 500-year flood?

A. A flood that occurs once every 500 years
B. A flood larger than any recorded in the past 500 years
C. A very serious but very unlikely flood event
D. A very serious flood that has a probability of 1 in 500 (0.2%) of occurring in any single calendar year

Answer

A

Answer: D

Flood levels rated in years (100-year, 500-year, 1,000-year, and so forth) basically reflect estimates of the probability of their occurrence. A 100-year flood has a 1 in 100 chance of occurring in any given calendar year (1%), a 500-year flood has a 1 in 500 chance of occurring in any given calendar year, and so forth. Options A and B misrepresent the meaning of the 500-year interval mentioned, while option C fails to address its probabilistic intent.

Question 39

Q

Information flow models are designed to prevent ______________________ information flow, often between different levels of security.

A. Old, outdated, or obsolete
B. New, untested, and out-of-the-ordinary
C. Unauthorized, insecure, or restricted
D. Fast, efficient, and prompt

Answer

A

Answer: C

Information flow models are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security.

Question 40

Q

Which one of the following data roles is responsible for classifying data?

A. Administrator
B. Custodian
C. Owner
D. User

Answer

A

Answer: C

Owners have ultimate responsibility for the data and ensuring that is classified properly. The administrator assigns permissions based on the principles of least privilege and need to know. A custodian protects the integrity and security of the data. Users simply access the data.

Question 41

Q

What action usually closes the identification phase of incident response?

A. Publishing an incident report
B. Gathering evidence of the incident
C. Notifying the incident response team
D. Isolating compromised systems

Answer

A

Answer: C

The identification phase usually concludes with the notification of the incident response team.

Question 42

Q

How many rounds of encryption take place when the Data Encryption Standard (DES) is used?

A. 1
B. 3
C. 16
D. 32

Answer

A

Answer: C

DES utilizes 16 rounds of exclusive OR (XOR) operations to encrypt or decrypt a single block of each message encountered.

Question 43

Q

What rule of evidence states that a written agreement is assumed to contain all terms of the agreement?

A. Real evidence
B. Best evidence
C. Parol evidence
D. Chain of evidence

Answer

A

Answer: C

The parol evidence rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement.

Question 44

Q

Which of the following should be generally worker/user accessible?

A. Mission-critical data center
B. Main workspaces
C. Server vault
D. Wiring closet

Answer

A

Answer: B

Only the main workspaces should be generally worker/user accessible. The mission-critical data center, server vault, and wiring closets should be restricted to administrators and other specialized and authorized personnel.

Question 45

Q

Which one of the following backup types does not alter the archive bit on backed-up files?

A. Full backup
B. Remote journaling
C. Incremental backup
D. Differential backup

Answer

A

Answer: D

Differential backups store all files that have been modified since the time of the most recent full backup. They do not alter the archive bit.

Question 46

Q

Which of the following is not an important reason to implement physical layers of security in an installation to protect areas where sensitive information is stored and used?

A. Because access to sensitive areas can then be monitored and controlled
B. Because additional checks on identity and authorization can be required before allowing entry
C. Because visitors or other unclassified staff can be kept away from sensitive areas
D. Because access from public or low-security areas to sensitive areas never occurs

Answer

A

Answer: D

Access into sensitive areas from public or low-security areas actually occurs frequently and is one of the primary reasons solid physical security is necessary.

Question 47

Q

Alarms, CCTV, and monitoring devices are useful tools that fall under what form of access control?

 A. Technical access control 
 B. Administrative access control 
 C. Logical access control 
 D. Physical access control
q

Answer

A

Answer: A

Technical physical security controls include access controls; intrusion detection; alarms; closed-circuit television (CCTV); monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression.

Question 48

Q

Juniper Enterprises’ data center lies in a 500-year FEMA flood plain. What is the likelihood that a flood will affect the data center in any given year?

A. 1%
B. 5%
C. 0.2%
D. 0.1%

Answer

A

Answer: C

Flooding is expected once every 500 years in a 500-year flood plain. This is equivalent to a 0.2% annual risk of flood.

Question 49

Q

Which of the following represents a natural disaster for which little or no warning is common?

A. Earthquake
B. Hurricane or typhoon
C. Flood
D. Tsunami

Answer

A

Answer: A

Of the natural disasters listed for this question, predictive techniques are least understood for earthquakes, which can (and do) happen with little or no notice. Big storms and potential flooding are carefully monitored and reported on by media and government channels, often days in advance of anticipated events. Tsunami reporting and warnings are now widespread around the globe, with warning of hours or more increasingly typical in the wake of the 2005 Indian Ocean tsunami that devastated so many areas in southern Asia and its archipelagos.

Question 50

Q

RSA encryption relies on the use of two ___________________.

A. One-way functions
B. Prime numbers
C. Hash functions
D. Elliptic curves

Answer

A

Answer: B

The strength of RSA encryption relies on the difficulty of factoring the two large prime numbers used to generate the encryption key.

Question 51

Q

What procedure returns business facilities and environments to a working state?

A. Reparation
B. Restoration
C. Respiration
D. Recovery

Answer

A

Answer: B

Disaster restoration involves restoring a business facility and environment to a workable state.

Question 52

Q

What is the goal of a business continuity program?

A. Ensure that MTDs and RTOs are equal
B. Ensure that MTDs and RTOs do not coexist
C. Ensure that MTDs are less than RTOs
D. Ensure that RTOs are less than MTDs

Answer

A

Answer: D

The goal of a business continuity program is to ensure that recovery time objectives are shorter than maximum tolerable downtime measures.

Question 53

Q

Which of the following definitions best explains the purpose of an intrusion detection system?

A. A product that inspects incoming and outgoing traffic across a network boundary to deny transit to unwanted, unauthorized, or suspect packets
B. A device that provides secure termination or aggregation for IP phones, VoIP handsets, and softphones
C. A device that, using complex content categorization criteria and content inspection, prevents potentially dangerous content from entering a network
D. A product that automates the inspection of audit logs and real-time event information to detect intrusion attempts and possibly also system failures

Answer

A

Answer: D

An intrusion detection system (IDS) is a product that automates the inspection of audit logs and real-time event information to detect intrusion attempts. Option A defines a firewall, option B defines an IP telephony security gateway, and option C defines a content filtering system.

Question 54

Q

Of the following choices, what is a primary goal of change management?

A. Personnel safety
B. Allowing rollback of changes
C. Ensuring that changes do not reduce security
D. Auditing privilege access

Answer

A

Answer: C

The goal of change management is to ensure that any change does not lead to unintended outages or reduce security. Change management doesn’t affect personnel safety. A change management plan will commonly include a rollback plan, but that isn’t a specific goal of the program. Change management doesn’t perform any type of auditing.

Question 55

Q

What law makes it a crime to cause malicious damage to a “federal interest” computer?

A. Computer Security Act
B. Computer Fraud and Abuse Act
C. Federal Sentencing Guidelines
D. Government Information Security Reform Act

Answer

A

Answer: B

Amendments to the Computer Fraud and Abuse Act criminalize causing damage to federal systems, federal interest systems, and computers involved in interstate commerce.

Question 56

Q

Matthew recently completed writing a new song and posted it on his website. He wants to ensure that he preserves his copyright in the work. As a US citizen, which of the following is the minimum that he must do to preserve his copyright in the song?

A. Register the song with the US Copyright Office.
B. Mark the song with the © symbol.
C. Mail himself a copy of the song in a sealed envelope.
D. Nothing.

Answer

A

Answer: D

Matthew is not required to do anything. Copyright protection is automatic as soon as he creates the work.

Question 57

Q

What law requires that communications carriers cooperate with federal agencies conducting a wiretap?

A. CFAA
B. CALEA
C. EPPIA
D. ECPA

Answer

A

Answer: B

The Communications Assistance to Law Enforcement Act (CALEA) requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order.

Question 58

Q

Which of the following is not a valid issue to consider when evaluating a safeguard?

A. Cost/benefit analysis
B. Compliance with existing baselines
C. Legal liability and prudent due care
D. Compatibility with IT infrastructure

Answer

A

Answer: B

New safeguards establish new baselines; thus, compliance with existing baselines is not a valid consideration point.

Question 59

Q

Which of the following is an example of administrative law?

A. United States Code
B. European Union Directives
C. United States Constitution
D. Code of Federal Regulations

Answer

A

Answer: D

The Code of Federal Regulations (CFR) is an example of administrative law.

Question 60

Q

What type of backup will copy only those files that have been modified since the most recent full backup?

A. Full backup
B. Incremental backup
C. Journaled backup
D. Differential backup

Answer

A

Answer: D

Differential backups copy all files modified since the most recent full backup.

Question 61

Q

Which one of the following attacks allows an attacker to execute arbitrary commands against the database supporting a web application?

A. SQL injection
B. Transaction manipulation
C. Cross-site scripting
D. Parameter manipulation

Answer

A

Answer: A

SQL injection attacks allow attackers to include their own SQL commands in the commands issued by a web application to a database.

Question 62

Q

Which one of the following would be considered a system compromise?

A. Forged spam email appearing to come from your organization
B. Unauthorized use of an account by the legitimate user’s relative
C. Probing a network searching for vulnerable services
D. Infection of a system by a virus

Answer

A

Answer: B

Sharing an account with a relative allows unauthorized access to a system, meeting the definition of a compromise. Forged spam email does not necessarily require access to your organization’s computing resources. Probing a network for vulnerable services is a scanning attack. Infection of a system by a virus is a malicious code attack.

Question 63

Q

What procedure returns business operations and processes to a working state?

A. Recovery
B. Restoration
C. Reparation
D. Respiration

Answer

A

Answer: A

Disaster recovery is the ability to recover from the loss of a complete site, whether because of natural disaster or malicious intent.

Question 64

Q

The operating system design concept of protection rings was derived from what early operating system?

A. Windows
B. Unix
C. Multics
D. Macintosh

Answer

A

Answer: C

Multics has left two enduring legacies in the computing world. First, it inspired the creation of a simpler, less-intricate operating system called Unix (a play on the word multics), and second, it introduced the idea of protection rings to operating system design.

Answer 65

A

Answer: A

A high number of blocked connection attempts may indicate that an attacker is scanning systems that do not offer a particular service on a particular port. Port 22 is the TCP port usually used by the Secure Shell (SSH) protocol, a common target of scanning attacks.

Answer 66

A

Answer: B

You do not need to trust the sender of a digital certificate as long as the certificate meets the other requirements listed and you trust the certification authority.

Answer 67

A

Answer: A

Clustering servers adds a degree of fault tolerance, protecting against the impact of a single server failure.

Answer 68

A

Answer: D

A potential occurrence that can cause an undesirable or unwanted outcome to an organization or to a specific asset is a threat.

Answer 69

A

Answer: A

The purpose of a military and intelligence attack is to acquire classified information. The detrimental effects of using such information could be nearly unlimited in the hands of an enemy.

Answer 70

A

Answer: B

Warm sites can typically be activated within 12 hours.

Answer 71

A

Answer: A

In many grid computing implementations, grid members can access the contents of the distributed work segments or divisions. This grid computing over the Internet is not usually the best platform for sensitive operations.

Answer 72

A

Answer: D

A fault is any abnormal situation in an electrical system when electrical current does not flow through the intended parts.

Answer 73

A

Answer: D

Residual risk is the risk that management has chosen to accept rather than mitigate.

Answer 74

A

Answer: C

Turnstiles are most appropriate on secondary or side exits where a security guard is not available or is unable to maintain constant surveillance. The other options listed are not as ideal for the use of a turnstile.

Answer 75

A

Answer: C

Trojan horses are programs that appear to the user to be some type of beneficial program (such as a game or utility) but perform a malicious activity in the background.

Answer 76

A

Answer: D

The single loss expectancy is computed by multiplying the asset value ($10,000,000) by the exposure factor (75 percent). In this case, the single loss expectancy is $7,500,000.

Answer 77

A

Answer: C

Guidelines serve as operational guides for both security professionals and users. They are flexible, so they can be customized for each unique system or condition. Guidelines state what should be done (in other words, what security mechanisms should be deployed) instead of prescribing a specific product or control and detailing configuration settings. Guidelines outline methodologies, include suggested actions, and are not compulsory.

Answer 78

A

Answer: D

The Federal Sentencing Guidelines formalized the prudent man rule and applied it to information security.

Answer 79

A

Answer: C

Qualitative risk assessment uses nonnumerical factors, such as categorical prioritization. The other choices listed are examples of factors used in quantitative risk assessment.

Answer 80

A

Answer: B

Some compliance obligations are dictated by contractual relationships, such as the Payment Card Industry Data Security Standard.

Answer 81

A

Answer: D

Natural events that can threaten organizations include earthquakes, floods, hurricanes, tornados, wildfires, and other acts of nature.

Answer 82

A

Answer: A

Supervisory mode programs are run by the security kernel, at Level 0 of the ring protection scheme.

Answer 83

A

Answer: B

Users should never test an executable by executing it.

Answer 84

A

Answer: A

Process isolation, also called memory protection, ensures that each process has its own isolated memory space for the storage of data and the actual executing application code.

Answer 85

A

Answer: D

Locks are an essential and integral component to any business environment because they restrict access to only those who possess the key. They are found virtually everywhere that humans may access areas, systems, and so on.

Answer 86

A

Answer: D

Business continuity planning is designed to keep your business up and running in the face of an emergency.

Answer 87

A

Answer: D

Classification level is assigned based on an asset’s value as well as its sensitivity and confidentiality. It is not used as a valuation element.

Answer 88

A

Answer: B

The DES cipher operates on messages in 64-bit blocks.

Answer 89

A

Answer: D

Granting the service account full network administrator privileges violates the principle of least privilege. It is often easier to configure it this way, but it is not secure. Privilege creep occurs when users are granted additional privileges as job requirements change, but unneeded privileges are not removed. Separation of duties ensures a single entity doesn’t control all elements of a critical process. Need-to-know ensures users are granted access to only the data they need and no more.

Answer 90

A

Answer: B

Encryption provides strong protection to ensure the confidentiality of data at rest and is the best choice of the available answers.

Answer 91

A

Answer: B

The ® symbol is reserved for trademarks that have received official registration status by the US Patent and Trademark Office.

Answer 92

A

Answer: D

To use public key cryptography, Matthew and Richard must each have their own pair of public and private cryptographic keys.

Answer 93

A

Answer: A;D

Confusion and diffusion are two principles underlying most cryptosystems.

Answer 94

A

Answer: B

Insurance is a form of risk assignment or transference.

Answer 95

A

Answer: D

There is no limit to the duration of trade secret protection.

Answer 96

A

Answer: C

Issues commonly address in a service-level agreement (SLA) include system uptime requirements, peak and average load expectations, diagnostic responsibilities, failover and redundancy, and financial or contractual remedies for noncompliance.

Answer 97

A

Answer: A

Differential backups store all files that have been modified since the time of the most recent full backup; they affect only those files that have the archive bit turned on, enabled, or set to 1.

Answer 98

A

Answer: A

Public key cryptosystems are notoriously slower than their secret key counterparts. They eliminate the difficulty of key exchange and provide for both scalability and nonrepudiation.

Answer 99

A

Answer: B

In the read-through test, you distribute copies of the disaster recovery plan to key personnel for review but do not actually meet or perform live testing.

Answer 100

A

Answer: D

The maximum tolerable downtime (MTD) is equivalent to the recovery time objective (RTO). It provides the maximum length of time a business function can be inoperable without causing irreparable harm to the business.

Answer 101

A

Answer: A

MAAs are popular in disaster recovery literature but difficult to implement. They are agreements between two parties to mutually assist one another in the event of disaster.

Answer 102

A

Answer: D

The Computer Ethics Institute created the Ten Commandments of Computer Ethics.

Answer 103

A

Answer: B

Prewhitening XORs the plain text with a separate subkey before the first round of encryption.

Answer 104

A

Answer: D

A honeypot (single system) or honeynet (entire network) is intended to provide a lure for attackers, and by design it provides sufficient material of apparent worth or interest to keep attackers around for a while. Option A is an optimistic outlook on the value of honeypots or honeynets vis-à-vis production networks, option B is based on the definition of entrapment (undesirable, if prosecution might ever be a goal), and option C refers to a so-called padded cell.

Answer 105

A

Answer: D

The principle of privacy ensures freedom from unauthorized access to information deemed personal or confidential.

Answer 106

A

Answer: D

A brownout is a reduction of electrical power or a temporary drop in power, but voltage is still present.

Answer 107

A

Answer: B

Incremental backups store only those files that have been modified since the time of the most recent full or incremental backup. Incremental backups duplicate only those files that have the archive bit turned on.

Answer 108

A

Answer: C

Auxiliary alarm systems facilitate local, remote, and centralized alarm systems by notifying external sources (police, fire, medical) of signifying events.

Answer 109

A

Answer: C

Of the languages listed, VBScript is the least prone to undetected modification by third parties because it is an interpreted language, whereas the other three languages (C++, Java, and Fortran) are compiled languages.

Answer 110

A

Answer: C

The closure phase includes the restoration of the normal business operations of an organization.

Answer 111

A

Answer: B

People should always be your highest priority in business continuity planning. As a life safety system, fire suppression systems should always receive high prioritization.

Answer 112

A

Answer: B;C

The Stuxnet attack is believed to have been a joint American-Israeli operation to disrupt Iranian nuclear operations.

Answer 113

A

Answer: D

CGI and other web-based programs are especially vulnerable to buffer overflow attacks because they are developed rapidly and are available to external users.

Answer 114

A

Answer: D

Cross-site scripting attacks are web vulnerabilities and Chris would be best served by a web vulnerability scanner. A network vulnerability scanner might also pick up this vulnerability, but the web vulnerability scanner is specifically designed for the task and more likely to be successful.

Answer 115

A

Answer: B

The exposure factor (EF) describes the amount of damage that a risk poses to an asset, expressed as a percentage of the asset’s value.

Answer 116

A

Answer: A

A mandatory access control model uses labels to classify objects such as data. Subjects with matching labels can access these objects. None of the other models use labels.

Answer 117

A

Answer: C

After a phone has been stolen, a remote wipe signal can be sent to the phone to clear it of all data. Encryption would be effective in preventing someone from reading the data before it was stolen but not afterward, and if a dedicated attacker has the phone, it is possible the encryption can be cracked. GPS can help identify the location, but it would not prevent access to data. Password protection slows down an unauthorized user but would not prevent access.

Answer 118

A

Answer: C

The chain of evidence does not require that the evidence collector know or document the relationship of the evidence to the crime.

Answer 119

A

Answer: D

An electronic access control (EAC) lock comprises three elements: an electromagnet to keep the door closed, a credential reader to authenticate subjects and to disable the electromagnet, and a door-closed sensor to reenable the electromagnet.

Answer 120

A

Answer: B

Replay attacks take advantage of authentication requests that do not include a time stamp by later replaying the message to open a new authenticated session.

Answer 121

A

Answer: B

The hybrid model includes a combination of two or more clouds. The other answers refer to a single cloud-based structure. A community model is shared with two or more organizations but it can be a single cloud. A private cloud is private to an organization, and a public cloud is available to any organization.

Answer 122

A

Answer: B

The Delphi technique is a form of qualitative risk analysis that uses an anonymous feedback-and-response process to arrive at a group consensus.

Answer 123

A

Answer: A

Content-dependent access control is focused on the internal data of each field.

Answer 124

A

Answer: D

The TCP ACK scan sends an ACK packet, simulating a packet from the middle of an already established connection.

Answer 125

A

Answer: D

The National Information Infrastructure Protection Act extends protections to portions of the national infrastructure other than computing systems, such as railroads, gas pipelines, electric power grids, and telecommunications circuits.

Answer 126

A

Answer: D

There is no limit on the number of 10-year renewals that may be filed for a registered trademark.

Answer 127

A

Answer: B

With incremental backups, you must first restore the most recent full backup and then apply all incremental backups that occurred since that full backup.

Answer 128

A

Answer: D

The Secure Electronic Transaction (SET) protocol serves as a method of securing e-commerce transactions.

Answer 129

A

Answer: D

Pretty Good Privacy (PGP) is an email encryption system and not a hashing algorithm.

Answer 130

A

Answer: B

Options A, C, and D are examples of valid reasons why changes to workstation assignments or physical location can improve or maintain security. Regularly changing workstation assignment or location discourages users from storing personal information on systems.

Answer 131

A

Answer: B

The goal of change management is to ensure that any change does not lead to unintended outages or reduce security. Change management doesn’t affect personnel safety. A change management plan will commonly include a rollback plan, but that isn’t a specific goal of the program. Change management doesn’t perform any type of auditing.

Answer 132

A

Answer: C

The primary purpose for operations security is to safeguard information assets that reside in a system day to day, to identify and safeguard any vulnerabilities that might be present in that system, and to prevent any exploitation of threats. Administrators often call the relationship between assets, vulnerabilities, and threats an operations security triple. CIA relates to a model used to develop security policy, and AAA defines a framework for managing access to computer resources, enforcing policy, auditing usage, and providing usage data for charge backs or billing. Due care, due diligence, and operations controls are part of operations security but not in the same sense as in the relationship between assets, vulnerabilities, and threats.

Answer 133

A

Answer: D

A trusted system is one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.

Answer 134

A

Answer: A

Identification of priorities is the first step of the business impact assessment process.

Answer 135

A

Answer: D

Singing an NDA may be a part of the hiring process, but it is not related to verifying that a candidate for employment is qualified as well as not disqualified for a position.

Answer 136

A

Answer: A

Hot sites contain updated copies of the organization’s data, ready to assume an operational role.

Answer 137

A

Answer: D

In the acting phase, it’s time to stop “talking the talk” and “walk the walk.” The organization develops solutions and then tests, refines, and implements them.

Answer 138

A

Answer: D

While it is important to have executive-level support, it is not necessary (and quite unlikely!) to have the CEO on the team.

Answer 139

A

Answer: A

The request control process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.

Answer 140

A

Answer: B

Christopher creates the digital signature using his own private key.

Answer 141

A

Answer: B

A capabilities list maintains a row of security attributes for each controlled object. A capabilities list is the row of an access control matrix.

Answer 142

A

Answer: C

The Online Certificate Status Protocol (OCSP) provides real-time query/response services to digital certificate users. This overcomes the latency inherent in the traditional certificate revocation list download and cross-check process.

Answer 143

A

Answer: C

A combination of full and differential backups requires that administrators only restore two backups: the most recent full backup and the most recent differential backup.

Answer 144

A

Answer: C

A mandatory access control model includes a lattice-based format, with labels used to identify separate compartments. None of the other models include a lattice-based format.

Answer 145

A

Answer: A

Hot sites are the only site capable of activation within the required six-hour timeframe.

Answer 146

A

Answer: C

Flo should encrypt the message with Ricky’s public key.

Answer 147

A

Answer: B

Stealth viruses alter operating system file access routines so that when an antivirus package scans the system, it is provided with the information it would see on a clean system rather than with infected versions of data.

Answer 148

A

Answer: D

The zero knowledge team knows nothing about the site except for basic information, such as domain name and company address.

Answer 149

A

Answer: A

The maximum tolerable downtime (MTD) is the maximum length of time a business function can be inoperable without causing irreparable harm to the business.

Answer 150

A

Answer: C

Enterprise extended infrastructure mode exists when a wireless network is designed to support a large physical environment through the use of a single SSID but numerous access points.

Answer 151

A

Answer: C

Steganography is the art of hiding messages within the bits of a graphical image to avoid detection.

Answer 152

A

Answer: D

During the resource prioritization phase, you determine the risks that you’re able to simultaneously address with the resources available to you.

Answer 153

A

Answer: C

The Defined phase introduces formal, documented software development processes.

Answer 154

A

Answer: C

Qualitative analysis is part of risk management/risk assessment, but it is not specifically a means of ranking or rating the severity and priority of threats under threat modelling. The three common means of ranking or rating the severity and priority of threats are DREAD, Probability * Damage Potential, and High/medium/low.

Answer 155

A

Answer: C

Insurance policies are an example of risk assignment/transference and would not be described in the risk acceptance/mitigation section of the documentation.

Answer 156

A

Answer: D

Physical controls for physical security include fencing, lighting, locks, construction materials, mantraps, dogs, and guards.

Answer 157

A

Answer: D

Vulnerability scanners can check systems to ensure they are up to date with current patches (along with other checks) and are an effective tool to verify the patch management program. Change and configuration management programs ensure systems are configured as expected and unauthorized changes are not allowed. A port scanner is often part of a vulnerability scanner but it will check only for open ports, not patches.

Answer 158

A

Answer: D

An effective patch management program evaluates and tests patches before deploying them and would have prevented this problem. Approving all patches would not prevent this problem because the same patch would be deployed. Systems should be audited after deploying patches, not to test for the impact of new patches.

Answer 159

A

Answer: B

An asynchronous token generates and displays one-time passwords using a challenge-response process to generate the password. A synchronous token is synchronized with an authentication server and generates synchronous one-time passwords. Static passwords are not one-time passwords but instead stay the same for a period of time. A passphrase is a static password created from an easy-to-remember phrase.

Answer 160

A

Answer: A

Systems are usually disconnected from the network during the isolation and recovery process.

Answer 161

A

Answer: A

In the criticality prioritization task, you create a list of business processes and rank them in order of importance to the organization.

Answer 162

A

Answer: C

The security provisions of the safe harbor require proper mechanisms to protect data against loss, misuse, and unauthorized disclosure.

Answer 163

A

Answer: C

A knowledge-based (or signature-based) IDS is effective only against known attack methods. A behavior-based IDS starts by creating a baseline of activity to identify normal behavior and then measures system performance against the baseline to detect abnormal behavior, allowing it to detect previously unknown attack methods. Both host-based and network-based systems can be either knowledge-based, behavior-based, or a combination of both.

Answer 164

A

Answer: C

In a blackout, a total loss of electrical power, as supplied by a utility company or source, or a zero-voltage condition occurs.

Answer 165

A

Answer: D

The parallel test involves relocating personnel to the alternate recovery site and implementing site activation procedures.

Answer 166

A

Answer: C

The Federal Information Security Management Act (FISMA), passed in 2002, requires that federal agencies implement an information security program that covers the agency’s operations.

Answer 167

A

Answer: C

In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over. A man-in-the middle attack doesn’t interrupt the session and take it over. Spoofing hides the identity of the attacker. Cracking commonly refers to discovering a password but can also mean any type of attack.

Answer 168

A

Answer: A

When images are used to deploy systems, the systems start with a common baseline, which is important for configuration management. Images don’t necessarily improve the evaluation, approval, deployment, and audits of patches to systems within the network. While images can include current patches to reduce their vulnerabilities, this is because the image provides a baseline. Change management provides documentation for changes.

Answer 169

A

Answer: B

Masquerading occurs when a person presents him- or herself as another user, typically to gain access to unauthorized information or processes.

Answer 170

A

Answer: C

Loss of customer goodwill is the only item listed that is not easily quantified and is, therefore, a better candidate for qualitative assessment.

Answer 171

A

Answer: D

Disaster recovery planning is the practice of establishing emergency-response actions to follow after a disaster.

Answer 172

A

Answer: D

S/MIME supports the DES, RC2, and 3DES symmetric encryption algorithms and also uses RSA for public key encryption. It does not provide support for IDEA.

Answer 173

A

Answer: B

The Fourth Amendment, as interpreted by the courts, includes protections against wiretapping and other invasions of privacy.

Answer 174

A

Answer: B

The Agile Manifesto says that you should build projects around motivated individuals and give them the support they need.

Answer 175

A

Answer: B

The data processor should protect the data to prevent unauthorized disclosure and use the data only as directed by the data controller. The data controller, not the data processor, collects data. The data processor will abide by the seven Safe Harbor principles but does not collect data. The data processor is the third party and should not grant access to outside entities.

Answer 176

A

Answer: C

The Authentication Header (AH) provides assurances of message integrity and nonrepudiation. AH also provides authentication and access control and prevents replay attacks.

Answer 177

A

Answer: C

Low Orbit Ion Cannon (LOIC) is a commonly used distributed denial of service (DDoS) attack toolkit. The other three tools mentioned are reconnaissance techniques used to map networks and scan for known vulnerabilities.

Answer 178

A

Answer: D

The ALE is computed by multiplying the SLE ($2,500,000) by the annualized rate of occurrence (2%) to get $50,000.

Answer 179

A

Answer: B

The annualized rate of occurrence (ARO) is a measure of how many times a risk might materialize in a typical year. It is a measure of risk likelihood.

Answer 180

A

Answer: B

A Type 3 authentication factor is based on biometric characteristics, or something you are. A Type 2 authentication factor is based on something you have, such as a smart card or token device. A Type 1 authentication factor is based on something you know, such as passwords or PINs. Somewhere isn’t formally listed in one of the three authentication factory types.

Answer 181

A

Answer: D

In a multilevel security mode system, there is no requirement that all users have appropriate clearances to access all the information processed by the system.

Answer 182

A

Answer: D

A man-in-the-middle attack occurs when a malicious user is positioned between the two endpoints of a communication’s link, intercepting and facilitating their communication session.

Answer 183

A

Answer: B

Defense in depth is also known as layering. Hiding is preventing data from being discovered or accessed by a subject by positioning the data in a logical storage compartment that is not accessible or seen by the subject. Classification is labelling subjects and objects based on their value or sensitivity. Abstraction is the act of placing similar elements into groups and then assigning access controls on those elements as a collective.

Answer 184

A

Answer: B

Business continuity planning is the preventive practice of establishing and planning for threats to business flow, including natural and unnatural risk and threats to daily operations.

Answer 185

A

Answer: B

The Code of Ethics does not require that you protect the business interests of the principals. In fact, you may find yourself ethically bound to take action that jeopardizes those business interests.

Answer 186

A

Answer: A

Polymorphic viruses actually modify their own code as they travel from system to system. The virus’s propagation and destruction techniques remain the same, but the signature of the virus is somewhat different each time it infects a new system.

Answer 187

A

Answer: A

COPPA does not require that children remain anonymous in online forums.

Answer 188

A

Answer: D

The data owner is the person responsible for classifying information for placement and protection within the security solution.

Answer 189

A

Answer: B

The US Geological Survey provides detailed earthquake risk data for locations in the United States.

Answer 190

A

Answer: B

The Java sandbox restricts the activities that can be performed by programs running within the Java environment.

Answer 191

A

Answer: D

The Diffie-Hellman algorithm allows the exchange of symmetric encryption keys between two parties over an insecure channel.

Answer 192

A

Answer: D

NNTP (Network News Transfer Protocol) is not an example of a converged protocol. ISCSI, VoIP, and FCoE are converged protocols.

Answer 193

A

Answer: B

Social engineering is a term used to describe attacks that exploit human nature to gain illegitimate access to a computer system, either directly or indirectly.

Answer 194

A

Answer: B

The ARO is, quite simply, the probability that a given disaster will strike over the course of a year. According to the experts quoted in the scenario, this chance is 10 percent.

Answer 195

A

Answer: B

Local alarm systems, as the name implies, are locally controlled broadcast systems that emit audible signals. A fire alarm is an example of a local alarm system.

Answer 196

A

Answer: C

With differential backups, you must first restore the most recent full backup and then apply the most recent differential backup.

Answer 197

A

Answer: C

Law enforcement officials would not usually serve on your internal incident response team. Rather, you would typically appoint an individual to serve as a liaison with law enforcement.

Answer 198

A

Answer: D

A role-based access control model is based on job functions such as a sales person or a sales manager, and it groups users into roles. A discretionary access control model is an identity-based access control model. A rule-based access control model is based on rules within an ACL. A mandatory access control model uses assigned labels to identify access.

Answer 199

A

Answer: D

Mutual assistance agreements are rarely implemented because they are difficult to enforce in the event of a disaster requiring site activation.

Answer 200

A

Answer: C

A strategic plan is a long-term plan that is fairly stable. It defines the organization’s goals, mission, and objectives. It is useful for about five years if it is maintained and updated annually. The strategic plan also serves as the planning horizon. Long-term goals and visions of the future are discussed in a strategic plan.

Answer 201

A

Answer: D

Covert channel attacks involve the illicit transfer of data by manipulating storage or timing channels.

Answer 202

A

Answer: B

The National Interagency Fire Center provides daily updates on wildfires occurring in the United States.

Answer 203

A

Answer: A

On boarding is used to bring a new employee into the organization, not for terminating an employee. An off-boarding process would be appropriate for termination.

Answer 204

A

Answer: B

Abstraction describes putting similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective.

Answer 205

A

Answer: A

An uninterruptible power supply (UPS) provides power to critical systems in the event of an electrical failure.

Answer 206

A

Answer: C

Trademarks are used to protect the words, slogans, and logos that represent a company and its products or services.

Answer 207

A

Answer: C

PPP is a replacement for SLIP.

Answer 208

A

Answer: B

The Insurance Information Institute estimates that 1,000 building fires occur in the United States every day.

Answer 209

A

Answer: D

Biometric systems using a one-to-many search provide identification by searching a database for a match. Biometric systems using a one-to-one search provide authentication. Biometric systems do not provide authorization or accountability.

Answer 210

A

Answer: B

A database row contains the information that makes up a single database record.

Answer 211

A

Answer: D

Industrial espionage is usually considered a business attack.

Answer 212

A

Answer: C

The primary key is selected from the pool of available candidate keys for each table.

Answer 213

A

Answer: C

Mandatory vacations support peer auditing by placing another user in a job position for at least a week every year.

Answer 214

A

Answer: B

Full-interruption tests operate in a manner similar to parallel tests, but they involve actually shutting down operations at the primary site and shifting them to the recovery site.

Answer 215

A

Answer: D

Denial of service attacks often result in the unavailability of resources and are often noticed earlier than other types of attacks.

Answer 216

A

Answer: C

Computers cannot differentiate between one human and another; they can differentiate only between one identity or user account and another.

Answer 217

A

Answer: C

Accreditation is the formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.

Answer 218

A

Answer: D

Change management is responsible for making it possible to roll back any change to a previous secured state.

Answer 219

A

Answer: B

Virus writers do not commonly include validation routines in their code.

Answer 220

A

Answer: C

Parallel security designs are insecure because a threat could pass through a single checkpoint that did not address its particular malicious activity.

Answer 221

A

Answer: A

California passed SB 1386, the first data breach notification law, in 2002. Many other states followed suit with laws based on the text of the California law.

Answer 222

A

Answer: D

The ALE is computed by multiplying the SLE ($12,500,000) by the annualized rate of occurrence (1%) to get $125,000.

Answer 223

A

Answer: C

Written documents brought into court to prove the facts of a case are referred to as documentary evidence.

Answer 224

A

Answer: C

The Federal Emergency Management Agency provides flood risk data for locations in the United States.

Answer 225

A

Answer: B

Centralized alarm systems remotely monitor sensors spread around a business facility or campus and trigger on some specified event.

Answer 226

A

Answer: B

The single loss expectancy is the amount of damage that would occur in one fire. The scenario states that a fire would destroy half the building, resulting in $12,500,000 of damage.

Answer 227

A

Answer: C

A field-powered device has electronics that activate when the device enters the electromagnetic field that the reader generates. Such devices actually generate electricity from an EM field to power themselves.

Answer 228

A

Answer: D

Changing the computer’s time is a privileged function and not normally granted to an operator or end user. Operators should be able to access files. Administrators should be able to configure permissions and back up data.

Answer 229

A

Answer: C

Remote journaling technology transfers copies of the database transaction log to the alternate site on a frequent basis.

Answer 230

A

Answer: C

A blue box is used to simulate 2600 Hz tones to interact directly with telephone network trunk systems (that is, backbones). This could be a whistle, a tape recorder, or a digital tone generator.

Answer 231

A

Answer: A

The Annualized Loss Expectancy (ALE) is computed as the product of the asset value (AV) times the exposure factor (EF) times the annualized rate of occurrence (ARO). This is the longer form of the formula ALE = SLE*ARO. The other formulas displayed here do not accurately reflect this calculation.

Answer 232

A

Answer: C

Trademarks are issued for 10-year periods and may be renewed for unlimited successive 10-year periods.

Answer 233

A

Answer: D

This is the same thing as a central station system; however, the host organization has its own onsite security staff waiting to respond to security breaches.

Answer 234

A

Answer: B

Mark’s best option is to treat the software source code as a trade secret. Copyright protection requires that he disclose the source in a public filing. Patent protection does not cover the actual program.

Answer 235

A

Answer: B

The waterfall model allows the development process to return only to the immediately preceding phase of development at any given time.

Answer 236

A

Answer: C

The single loss expectancy (SLE) is a measure of how much damage would occur each time a risk materializes. It is a measure of risk impact.

Answer 237

A

Answer: A

Parallel tests represent the next level in testing and involve actually relocating personnel to the alternate recovery site and implementing site activation procedures.

Answer 238

A

Answer: D

Promotion opportunities involve an entire organization, not a specific job. A job description focuses on what to do within a specific work position.

Answer 239

A

Answer: D

The top-down approach is the aspect of security governance that is based on the idea that senior management is responsible for the success or failure of a security endeavor.

Answer 240

A

Answer: B

In a structured walk-through, members of the disaster recovery team run role-playing recovery exercises in a conference room.

Answer 241

A

Answer: B

Encrypted viruses use a variety of cryptographic keys in conjunction with encryption and decryption routines to hide their code on the hard drive.

Answer 242

A

Answer: C

Simulation tests are similar to the structured walk-throughs. In simulation tests, disaster recovery team members are presented with a scenario and asked to develop an appropriate response.

Answer 243

A

Answer: D

Details of mobile sites are part of a disaster recovery plan, rather than a business continuity plan, since they are not deployed until after a disaster strikes.

Answer 244

A

Answer: B

Postmortem reviews are most effective if conducted within one week of an incident. Reviews conducted a month or more after an incident suffer because of the fading memories of responders.

Answer 245

A

Answer: C

US patents are generally issued for a period of 20 years.

Answer 246

A

Answer: B

The “Server unavailable” message indicates that the attack is likely a denial of service attack, designed to affect the availability of computing resources.

Answer 247

A

Answer: B

In the Cipher Block Chaining (CBC) mode, each block of unencrypted static text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.

Answer 248

A

Answer: C

The smurf attack uses a third-party network to amplify the denial of service attack.

Answer 249

A

Answer: D

By splitting or dividing your outfit into several divisions, branches, offices, and so on, you create multiple sites and reduce the impact of a major disaster.

Answer 250

A

Answer: C

A custodian is someone who has been assigned to or delegated the day-to-day responsibility of proper storage and protection of objects. A user is any subject who accesses objects on a system to perform some action or accomplish a work task. An owner is the person who has final corporate responsibility for the protection and storage of data. When discussing access to objects, three subject labels are used: user, owner, and custodian. Therefore, administrator is not an appropriate choice.

Brainscape's Knowledge GenomeTM

P/E 2 Flashcards

Brainscape's Knowledge Genome^TM