P/E 2 Flashcards

1
Q
  1. What law protects the privacy rights of students?

A. HIPAA
B. SOX
C. GLBA
D. FERPA

A

Answer: D

The Family Educational Rights and Privacy Act (FERPA) protects the rights of students and the parents of minor students.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which electronic mail security program is based on building a web of trust?

A. PGP
B. S/MIME
C. MOSS
D. PEM

A

Answer: A

Phil Zimmerman’s Pretty Good Privacy (PGP) package relies on the construction of a web of trust between system users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. ___________________ is an attack in which you receive unwanted, inappropriate, or irrelevant email messages.

A. Spamming
B. Impersonation
C. Masquerading
D. Spoofing

A

Answer: A

Spamming is an attack in which you receive unwanted, inappropriate, or irrelevant email messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. In what scenario would you perform bulk transfers of backup data to a secure offsite location?

A. Incremental backup
B. Differential backup
C. Full backup
D. Electronic vaulting

A

Answer: D

Electronic vaulting describes the transfer of backup data to a remote backup site in a bulk-transfer fashion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which one of the following is not a major asset category normally covered by the BCP (business continuity plan)?

A. People
B. Documentation
C. Infrastructure
D. Building/facilities

A

Answer: B

The BCP normally covers three major asset categories: people, infrastructure, and buildings/facilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. David ran an nmap scan against a server and determined that port 443 is open on the server. What tool would likely provide him the best additional information about the server’s purpose and the identity of the server’s operator?

A. ssh
B. Web browser
C. telnet
D. Ping

A

Answer: B

The server is likely running a secure website on port 443. Using a web browser to access the site may provide important information about the site’s purpose.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What type of intellectual property protection is best suited for computer software?

A. Copyright
B. Trademark
C. Patent
D. Trade secret

A

Answer: D

Trade secrets are one of the best legal protections for computer software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
8. What is the value of the logical operation shown here?
 X:        0 1 1 0 1 0
 Y:        0 0 1 1 0 1
\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_
 X ⨁ Y:    ?

A. 0 1 1 1 1 1
B. 0 1 0 1 1 1
C. 0 0 1 0 0 0
D. 1 0 0 0 0 0

A

Answer: B

The ⨁ symbol represents the exclusive OR (XOR) function, which is true when one and only one of the input bits is true.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. John found a vulnerability in his code where an attacker can enter too much input and then force the system running the code to execute arbitrary commands. What type of vulnerability has John discovered?

A. TOCTTOU
B. Buffer overflow
C. XSS
D. XSRF

A

Answer: B

Buffer overflow vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size. Input that is too large can “overflow” a data structure to affect other data stored in the computer’s memory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which one of the following is also known as the Caesar cipher?

A. ROT2
B. ROT3
C. ROT8
D. ROT11

A

Answer: B

The Caesar cipher, also known as the ROT3 cipher, shifts all characters in the plain text three letters to the right to create the cipher text.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What Japanese cipher system was broken by the United States during World War II?

A. Ultra
B. Purple
C. Enigma
D. VENONA

A

Answer: B

The Japanese Purple cipher system was broken by the Allies and contributed to their victory in World War II. Ultra was the effort to break the German Enigma cipher system. VENONA was an American effort to break a Soviet cipher during the 1940s.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is the output value of the mathematical function 19 mod 4?

A. 3
B. 4
C. 5
D. 6

A

Answer: A

Nineteen divided by 4 equals 4, with a remainder value of 3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. When a user is attempting to connect to a SNMP service on an internal system that while booted and functioning is not actually running an SNMP server, what information response will their system receive?

A. UDP error
B. TCP RST
C. ICMP Type 3
D. DNS lookup error

A

Answer: C

SNMP is a UDP-based service. UDP does not have any means of sending back errors, because it is a simplex protocol. Thus, when UDP errors occur, the system will switch protocols and use ICMP to send back information. In the case of a non-existing service, the port is thus not available, so an ICMP Type 3 error will be returned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Matthew receives a digitally signed message from Christopher. What key should Matthew use to verify the digital signature?

A. Christopher’s public key
B. Christopher’s private key
C. Matthew’s public key
D. Matthew’s private key

A

Answer: A

Matthew uses Christopher’s public key to verify the digital signature on the message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What kind of recovery facility enables an organization to resume operations as quickly as possible, if not immediately upon failure of the primary facility?

A. Hot site
B. Warm site
C. Cold site
D. All of the above

A

Answer: A

Hot sites provide backup facilities maintained in constant working order and fully capable of taking over business operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. In which phase of the business impact assessment do you compute loss expectancies?

A. Risk assessment
B. Likelihood assessment
C. Impact assessment
D. Resource prioritization

A

Answer: C

Loss expectancies are a measure of impact and are calculated during the impact assessment phase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. What type of virus always loads itself automatically when the system starts?

A. MBR virus
B. File infector virus
C. Stealth virus
D. Polymorphic virus

A

Answer: A

Master boot record (MBR) viruses infect the system’s boot sector and load when the system is started.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. What government agency is responsible for developing standards and guidelines for federal computer systems?

A. NIST
B. CIA
C. FBI
D. NSA

A

Answer: A

The National Institute of Standards and Technology (NIST) is responsible for developing standards and guidelines for federal computer systems. They may draw on the technical expertise of the National Security Agency for assistance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. Who administers the European Union safe harbor provisions in the United States?

A. Department of State
B. Department of Education
C. Department of Commerce
D. Department of Defense

A

Answer: C

The Department of Commerce maintains the EU safe harbor provisions for American companies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. The ____________ data model has data stored in more than one database, but the data is still logically connected. The user perceives the database as a single entity, even though it comprises numerous parts interconnected over a network.

A. Hierarchical
B. Normalized
C. Distributed
D. Relational

A

Answer: C

The distributed data model has data stored in more than one database, but the data is still logically connected. The user perceives the database as a single entity, even though it comprises numerous parts interconnected over a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. When someone launches a typical software product, such as a web browser or a text editor, it is executed in what mode of operation managed by the OS?

A. Privileged mode
B. User mode
C. Supervisory mode
D. Kernel mode

A

Answer: B

User mode is the basic mode used by the CPU when executing user applications. In this mode, the CPU allows the execution of only a portion of its full instruction set. This is designed to protect users from accidentally damaging the system through the execution of poorly designed code or the unintentional misuse of that code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. What is qualitative risk analysis based on?

A. Dollar values
B. Concrete percentages
C. Historical logs and records
D. Opinions

A

Answer: D

The process of performing qualitative risk analysis involves judgment, intuition, and experience—in other words, opinions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. Which of the following is not a requirement for the use of a one-time pad?

A. The encryption key must be at least one-half the length of the message to be encrypted.
B. The encryption key must be randomly generated.
C. Each one-time pad must be used only once.
D. The one-time pad must be physically protected against disclosure.

A

Answer: A

The encryption key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message. The three other facts listed are all characteristics of one-time pad systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. An organization wants to ensure that users can run only specific applications. Which of the following techniques is the best choice to support this goal?

A. Whitelisting
B. Blacklisting
C. Sampling
D. Watermarking

A

Answer: A

Whitelisting allows administrators to specify a list of authorized applications. Any applications not on the list cannot run. Blacklisting is a list of unauthorized applications. Sampling is a form of data reduction and not related to running applications. Watermarking embeds an image or other mark on printed documents and files and helps prevent data loss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. Which one of the following is not a basic requirement for the admissibility of evidence?

A. Timely
B. Relevant
C. Material
D. Competent

A

Answer: A

To be admissible, evidence must be relevant, material, and competent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
  1. Which one of the following business impact assessment variables is used to estimate the amount of damage an organization incurs each time an event occurs?

A. AV
B. SLE
C. ARO
D. MTD

A

Answer: B

The single loss expectancy (SLE) estimates the amount of damage that occurs each time a risk materializes for an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
  1. Which one of the following pieces of BCP (business continuity plan) documentation would provide procedures for notifying executives of a potential disruption?

A. Vital records program
B. Emergency-response guidelines
C. Business impact assessment
D. Statement of urgency

A

Answer: B

The emergency-response guidelines outline organizational and individual responsibilities for immediate response to an emergency situation. These include executive notification procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
  1. Your database administrators recommend performing bulk transfer backups to a remote site on a daily basis. What type of strategy are they recommending?

A. Transaction logging
B. Electronic vaulting
C. Remote journaling
D. Remote mirroring

A

Answer: B

Electronic vaulting uses bulk transfers to copy database contents to a remote site on a periodic basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
  1. What database backup technology applies database transactions in real time at both primary and alternate sites?

A. Remote mirroring
B. Electronic vaulting
C. Remote journaling
D. Fault tolerance

A

Answer: A

Remote mirroring technology maintains mirrored images of servers at both the primary and alternate sites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
  1. What is the maximum effective key length of the Triple DES (3DES) encryption algorithm?

A. 56 bits
B. 64 bits
C. 112 bits
D. 168 bits

A

Answer: D

When run in DES-EEE3 mode, Triple DES has an effective key length of 168 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
  1. Which of the following is not a physical control for physical security?

A. Fencing
B. Closed-circuit TV (CCTV)
C. Lighting
D. Locks or keypads

A

Answer: B

Physical controls for physical security include fencing, lighting, locks, construction materials, mantraps, dogs, and guards. CCTV is a technical physical security control and also has deterrent and detective elements, but it is not a physical control for direct physical security itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q
  1. _________________ is a technology that can allow an automated tool to interact with a human interface.

A. Remote control
B. Virtual desktops
C. Remote node operation
D. Screen scraping

A

Answer: D

Screen scraping is a technology that can allow an automated tool to interact with a human interface.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
  1. When conducting an internal investigation, what is the most common source of evidence?

A. Historical data
B. Search warrant
C. Subpoena
D. Voluntary surrender

A

Answer: D

Internal investigations usually operate under the authority of senior managers, who grant access (i.e., voluntary surrender) to all information and resources necessary to conduct the investigation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q
  1. Which form of access abuse simply involves following authorized personnel through security gateways or passages?

A. Injection
B. Masquerading
C. Intrusion
D. Piggybacking

A

Answer: D

Piggybacking is a method of gaining unauthorized access to computer facilities by following an authorized employee through a controlled door.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q
  1. What phase of the Electronic Discovery Reference Model puts evidence in a format that may be shared with others?

A. Production
B. Processing
C. Review
D. Presentation

A

Answer: A

Production places the information in a format that may be shared with others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q
  1. What type of contract provision requires a vendor to provide a specified level of service to clients?

A. ERP
B. ARO
C. SLA
D. MTD

A

Answer: C

A service-level agreement (SLA) specifies the terms of service provided by a vendor to a client and may include penalties for noncompliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q
  1. While performing network packet capture analysis, you discover packets that seem odd. By looking into the packet’s raw hex display, you see that the byte offset position 0x2F has the value of 0x08. What was this packet attempting to make occur?

A. Abruptly disconnect a session
B. Confirm the receipt of a data set
C. Start a graceful hang-up process
D. Initiate a new session connection

A

Answer: A

The raw hex value of 0x08 in offset position 0x2F represents the binary number of 00000100. When this binary number is compared to the TCP header flag (i.e., the offset position 0x2F) layout of XXUAPRSF, it is clear the Reset flag is set. Thus, this packet is attempting to abruptly disconnect a session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
  1. What is the best way to understand the meaning of the term 500-year flood?

A. A flood that occurs once every 500 years
B. A flood larger than any recorded in the past 500 years
C. A very serious but very unlikely flood event
D. A very serious flood that has a probability of 1 in 500 (0.2%) of occurring in any single calendar year

A

Answer: D

Flood levels rated in years (100-year, 500-year, 1,000-year, and so forth) basically reflect estimates of the probability of their occurrence. A 100-year flood has a 1 in 100 chance of occurring in any given calendar year (1%), a 500-year flood has a 1 in 500 chance of occurring in any given calendar year, and so forth. Options A and B misrepresent the meaning of the 500-year interval mentioned, while option C fails to address its probabilistic intent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q
  1. Information flow models are designed to prevent ______________________ information flow, often between different levels of security.

A. Old, outdated, or obsolete
B. New, untested, and out-of-the-ordinary
C. Unauthorized, insecure, or restricted
D. Fast, efficient, and prompt

A

Answer: C

Information flow models are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q
  1. Which one of the following data roles is responsible for classifying data?

A. Administrator
B. Custodian
C. Owner
D. User

A

Answer: C

Owners have ultimate responsibility for the data and ensuring that is classified properly. The administrator assigns permissions based on the principles of least privilege and need to know. A custodian protects the integrity and security of the data. Users simply access the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q
  1. What action usually closes the identification phase of incident response?

A. Publishing an incident report
B. Gathering evidence of the incident
C. Notifying the incident response team
D. Isolating compromised systems

A

Answer: C

The identification phase usually concludes with the notification of the incident response team.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q
  1. How many rounds of encryption take place when the Data Encryption Standard (DES) is used?

A. 1
B. 3
C. 16
D. 32

A

Answer: C

DES utilizes 16 rounds of exclusive OR (XOR) operations to encrypt or decrypt a single block of each message encountered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q
  1. What rule of evidence states that a written agreement is assumed to contain all terms of the agreement?

A. Real evidence
B. Best evidence
C. Parol evidence
D. Chain of evidence

A

Answer: C

The parol evidence rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q
  1. Which of the following should be generally worker/user accessible?

A. Mission-critical data center
B. Main workspaces
C. Server vault
D. Wiring closet

A

Answer: B

Only the main workspaces should be generally worker/user accessible. The mission-critical data center, server vault, and wiring closets should be restricted to administrators and other specialized and authorized personnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q
  1. Which one of the following backup types does not alter the archive bit on backed-up files?

A. Full backup
B. Remote journaling
C. Incremental backup
D. Differential backup

A

Answer: D

Differential backups store all files that have been modified since the time of the most recent full backup. They do not alter the archive bit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q
  1. Which of the following is not an important reason to implement physical layers of security in an installation to protect areas where sensitive information is stored and used?

A. Because access to sensitive areas can then be monitored and controlled
B. Because additional checks on identity and authorization can be required before allowing entry
C. Because visitors or other unclassified staff can be kept away from sensitive areas
D. Because access from public or low-security areas to sensitive areas never occurs

A

Answer: D

Access into sensitive areas from public or low-security areas actually occurs frequently and is one of the primary reasons solid physical security is necessary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q
  1. Alarms, CCTV, and monitoring devices are useful tools that fall under what form of access control?
 A. Technical access control 
 B. Administrative access control 
 C. Logical access control 
 D. Physical access control
q
A

Answer: A

Technical physical security controls include access controls; intrusion detection; alarms; closed-circuit television (CCTV); monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q
  1. Juniper Enterprises’ data center lies in a 500-year FEMA flood plain. What is the likelihood that a flood will affect the data center in any given year?

A. 1%
B. 5%
C. 0.2%
D. 0.1%

A

Answer: C

Flooding is expected once every 500 years in a 500-year flood plain. This is equivalent to a 0.2% annual risk of flood.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q
  1. Which of the following represents a natural disaster for which little or no warning is common?

A. Earthquake
B. Hurricane or typhoon
C. Flood
D. Tsunami

A

Answer: A

Of the natural disasters listed for this question, predictive techniques are least understood for earthquakes, which can (and do) happen with little or no notice. Big storms and potential flooding are carefully monitored and reported on by media and government channels, often days in advance of anticipated events. Tsunami reporting and warnings are now widespread around the globe, with warning of hours or more increasingly typical in the wake of the 2005 Indian Ocean tsunami that devastated so many areas in southern Asia and its archipelagos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q
  1. RSA encryption relies on the use of two ___________________.

A. One-way functions
B. Prime numbers
C. Hash functions
D. Elliptic curves

A

Answer: B

The strength of RSA encryption relies on the difficulty of factoring the two large prime numbers used to generate the encryption key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q
  1. What procedure returns business facilities and environments to a working state?

A. Reparation
B. Restoration
C. Respiration
D. Recovery

A

Answer: B

Disaster restoration involves restoring a business facility and environment to a workable state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q
  1. What is the goal of a business continuity program?

A. Ensure that MTDs and RTOs are equal
B. Ensure that MTDs and RTOs do not coexist
C. Ensure that MTDs are less than RTOs
D. Ensure that RTOs are less than MTDs

A

Answer: D

The goal of a business continuity program is to ensure that recovery time objectives are shorter than maximum tolerable downtime measures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q
  1. Which of the following definitions best explains the purpose of an intrusion detection system?

A. A product that inspects incoming and outgoing traffic across a network boundary to deny transit to unwanted, unauthorized, or suspect packets
B. A device that provides secure termination or aggregation for IP phones, VoIP handsets, and softphones
C. A device that, using complex content categorization criteria and content inspection, prevents potentially dangerous content from entering a network
D. A product that automates the inspection of audit logs and real-time event information to detect intrusion attempts and possibly also system failures

A

Answer: D

An intrusion detection system (IDS) is a product that automates the inspection of audit logs and real-time event information to detect intrusion attempts. Option A defines a firewall, option B defines an IP telephony security gateway, and option C defines a content filtering system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q
  1. Of the following choices, what is a primary goal of change management?

A. Personnel safety
B. Allowing rollback of changes
C. Ensuring that changes do not reduce security
D. Auditing privilege access

A

Answer: C

The goal of change management is to ensure that any change does not lead to unintended outages or reduce security. Change management doesn’t affect personnel safety. A change management plan will commonly include a rollback plan, but that isn’t a specific goal of the program. Change management doesn’t perform any type of auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q
  1. What law makes it a crime to cause malicious damage to a “federal interest” computer?

A. Computer Security Act
B. Computer Fraud and Abuse Act
C. Federal Sentencing Guidelines
D. Government Information Security Reform Act

A

Answer: B

Amendments to the Computer Fraud and Abuse Act criminalize causing damage to federal systems, federal interest systems, and computers involved in interstate commerce.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q
  1. Matthew recently completed writing a new song and posted it on his website. He wants to ensure that he preserves his copyright in the work. As a US citizen, which of the following is the minimum that he must do to preserve his copyright in the song?

A. Register the song with the US Copyright Office.
B. Mark the song with the © symbol.
C. Mail himself a copy of the song in a sealed envelope.
D. Nothing.

A

Answer: D

Matthew is not required to do anything. Copyright protection is automatic as soon as he creates the work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q
  1. What law requires that communications carriers cooperate with federal agencies conducting a wiretap?

A. CFAA
B. CALEA
C. EPPIA
D. ECPA

A

Answer: B

The Communications Assistance to Law Enforcement Act (CALEA) requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q
  1. Which of the following is not a valid issue to consider when evaluating a safeguard?

A. Cost/benefit analysis
B. Compliance with existing baselines
C. Legal liability and prudent due care
D. Compatibility with IT infrastructure

A

Answer: B

New safeguards establish new baselines; thus, compliance with existing baselines is not a valid consideration point.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q
  1. Which of the following is an example of administrative law?

A. United States Code
B. European Union Directives
C. United States Constitution
D. Code of Federal Regulations

A

Answer: D

The Code of Federal Regulations (CFR) is an example of administrative law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q
  1. What type of backup will copy only those files that have been modified since the most recent full backup?

A. Full backup
B. Incremental backup
C. Journaled backup
D. Differential backup

A

Answer: D

Differential backups copy all files modified since the most recent full backup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q
  1. Which one of the following attacks allows an attacker to execute arbitrary commands against the database supporting a web application?

A. SQL injection
B. Transaction manipulation
C. Cross-site scripting
D. Parameter manipulation

A

Answer: A

SQL injection attacks allow attackers to include their own SQL commands in the commands issued by a web application to a database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q
  1. Which one of the following would be considered a system compromise?

A. Forged spam email appearing to come from your organization
B. Unauthorized use of an account by the legitimate user’s relative
C. Probing a network searching for vulnerable services
D. Infection of a system by a virus

A

Answer: B

Sharing an account with a relative allows unauthorized access to a system, meeting the definition of a compromise. Forged spam email does not necessarily require access to your organization’s computing resources. Probing a network for vulnerable services is a scanning attack. Infection of a system by a virus is a malicious code attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q
  1. What procedure returns business operations and processes to a working state?

A. Recovery
B. Restoration
C. Reparation
D. Respiration

A

Answer: A

Disaster recovery is the ability to recover from the loss of a complete site, whether because of natural disaster or malicious intent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q
  1. The operating system design concept of protection rings was derived from what early operating system?

A. Windows
B. Unix
C. Multics
D. Macintosh

A

Answer: C

Multics has left two enduring legacies in the computing world. First, it inspired the creation of a simpler, less-intricate operating system called Unix (a play on the word multics), and second, it introduced the idea of protection rings to operating system design.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q
  1. Which one of the following patterns of activity is indicative of a scanning attack?

A. Large number of blocked connection attempts on port 22
B. Large number of successful connection attempts on port 80
C. Large number of successful connection attempts on port 443
D. Large number of disk failure events

A

Answer: A

A high number of blocked connection attempts may indicate that an attacker is scanning systems that do not offer a particular service on a particular port. Port 22 is the TCP port usually used by the Secure Shell (SSH) protocol, a common target of scanning attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q
  1. Which one of the following assumptions is not necessary before you trust the public key contained on a digital certificate?

A. The digital certificate of the CA is authentic.
B. You trust the sender of the certificate.
C. The certificate is not listed on a CRL.
D. The certificate actually contains the public key.

A

Answer: B

You do not need to trust the sender of a digital certificate as long as the certificate meets the other requirements listed and you trust the certification authority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q
  1. What technology can be used to minimize the impact of a server failure immediately before the next backup was scheduled?

A. Clustering
B. Differential backups
C. Remote journaling
D. Tape rotation

A

Answer: A

Clustering servers adds a degree of fault tolerance, protecting against the impact of a single server failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q
  1. Which of the following is the term used for any potential occurrence that can cause an undesirable or unwanted outcome to an organization or to a specific asset?

A. Realized risk
B. Incident
C. Breach
D. Threat

A

Answer: D

A potential occurrence that can cause an undesirable or unwanted outcome to an organization or to a specific asset is a threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q
  1. Why are military and intelligence attacks among the most serious computer crimes?

A. The use of information obtained can have far-reaching detrimental strategic effects on national interests in an enemy’s hands.
B. Military information is stored on secure machines, so a successful attack can be embarrassing.
C. The long-term political use of classified information can impact a country’s leadership.
D. The military and intelligence agencies have ensured that the laws protecting their information are the most severe.

A

Answer: A

The purpose of a military and intelligence attack is to acquire classified information. The detrimental effects of using such information could be nearly unlimited in the hands of an enemy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q
  1. What is the typical activation time for a warm site?

A. 1 hour
B. 12 hours
C. 24 hours
D. 72 hours

A

Answer: B

Warm sites can typically be activated within 12 hours.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q
  1. What is a common security risk when using grid computing solutions that consume available resources from computers over the Internet?

A. Loss of data privacy
B. Latency of communication
C. Duplicate work
D. Capacity fluctuation

A

Answer: A

In many grid computing implementations, grid members can access the contents of the distributed work segments or divisions. This grid computing over the Internet is not usually the best platform for sensitive operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q
  1. A momentary loss of power is what form of power issue?

A. Brownout
B. Spike
C. Sag
D. Fault

A

Answer: D

A fault is any abnormal situation in an electrical system when electrical current does not flow through the intended parts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q
  1. What is residual risk?

A. The risk remaining after a countermeasure is installed
B. The level of risk that slowly evaporates over time as implemented safeguards mature
C. The total amount of risk an organization faces
D. The risk that management chooses to accept rather than mitigate

A

Answer: D

Residual risk is the risk that management has chosen to accept rather than mitigate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q
  1. Where is a good location for a turnstile?

A. Main entrance to a secure area
B. Primary entrance for the public to enter a retail space
C. On secondary or side exits
D. On internal office intersections

A

Answer: C

Turnstiles are most appropriate on secondary or side exits where a security guard is not available or is unable to maintain constant surveillance. The other options listed are not as ideal for the use of a turnstile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q
  1. What type of malicious code appears to be a beneficial program but actually performs some type of malicious activity in the background?

A. Virus
B. Worm
C. Trojan horse
D. Logic bomb

A

Answer: C

Trojan horses are programs that appear to the user to be some type of beneficial program (such as a game or utility) but perform a malicious activity in the background.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q
  1. You were hired to perform a business impact assessment for a company located in Southern California and are evaluating the firm’s exposure to wildfires. You’ve determined that the value of the firm’s facilities and equipment is $10,000,000. After consulting fire experts, you’ve determined that there is a 10 percent chance that the facility will be 75 percent destroyed by wildfire in a given year. What is the single loss expectancy?

A. $75,000
B. $100,000
C. $750,000
D. $7,500,000

A

Answer: D

The single loss expectancy is computed by multiplying the asset value ($10,000,000) by the exposure factor (75 percent). In this case, the single loss expectancy is $7,500,000.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q
  1. Which of the following serve as operational guides for both security professionals and users, are flexible, and state what should be done instead of prescribing a specific product or control?

A. Policies
B. Baselines
C. Guidelines
D. Procedures

A

Answer: C

Guidelines serve as operational guides for both security professionals and users. They are flexible, so they can be customized for each unique system or condition. Guidelines state what should be done (in other words, what security mechanisms should be deployed) instead of prescribing a specific product or control and detailing configuration settings. Guidelines outline methodologies, include suggested actions, and are not compulsory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q
  1. What regulation formalizes the prudent man rule, requiring that senior executives of an organization take personal responsibility for ensuring due care?

A. National Information Infrastructure Protection Act
B. Federal Information Security Management Act
C. Information Security Reform Act
D. Federal Sentencing Guidelines

A

Answer: D

The Federal Sentencing Guidelines formalized the prudent man rule and applied it to information security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q
  1. Which one of the following determinations might result from a qualitative risk assessment?

A. Annualized loss expectancy
B. Single loss expectancy
C. Categorical prioritization
D. Exposure factor

A

Answer: C

Qualitative risk assessment uses nonnumerical factors, such as categorical prioritization. The other choices listed are examples of factors used in quantitative risk assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q
  1. True or false: all compliance obligations are dictated by state, federal, or international law?

A. True
B. False

A

Answer: B

Some compliance obligations are dictated by contractual relationships, such as the Payment Card Industry Data Security Standard.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q
  1. Which of the following represent natural events that can pose a threat or risk to an organization?

A. Earthquake
B. Tornado
C. Flood
D. All of the above

A

Answer: D

Natural events that can threaten organizations include earthquakes, floods, hurricanes, tornados, wildfires, and other acts of nature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q
  1. What layer of the ring protection scheme includes programs running in supervisory mode?

A. Level 0
B. Level 1
C. Level 3
D. Level 4

A

Answer: A

Supervisory mode programs are run by the security kernel, at Level 0 of the ring protection scheme.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q
  1. Which of the following is the least secure method for determining whether software is infected by a virus?

A. Scan it with a virus inspection tool.
B. Execute it.
C. Verify the size of its core files.
D. Perform a cyclic redundancy check (CRC) on its core files.

A

Answer: B

Users should never test an executable by executing it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q
  1. What security principle ensures a unique memory area for each application running on a system?

A. Process isolation
B. Protection rings
C. Abstraction
D. Security kernel

A

Answer: A

Process isolation, also called memory protection, ensures that each process has its own isolated memory space for the storage of data and the actual executing application code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q
  1. What is the most common and inexpensive form of physical access control device?

A. Cameras
B. Mantraps
C. Escape hatch
D. Locks

A

Answer: D

Locks are an essential and integral component to any business environment because they restrict access to only those who possess the key. They are found virtually everywhere that humans may access areas, systems, and so on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q
  1. What is the main goal of business continuity planning?

A. Restore operations to the primary site as quickly as possible.
B. Implement a smooth transition to an alternative site without loss of data.
C. Reduce the likelihood that a disaster will destroy your data processing facility.
D. Ensure the continuous operation of the business in an emergency.

A

Answer: D

Business continuity planning is designed to keep your business up and running in the face of an emergency.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q
  1. Which of the following is not a useful item to consider when establishing the value of an asset?

A. Development cost
B. Intellectual property or equity value
C. Liability of asset loss
D. Classification level

A

Answer: D

Classification level is assigned based on an asset’s value as well as its sensitivity and confidentiality. It is not used as a valuation element.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q
  1. The Data Encryption Standard (DES) cipher operates on blocks of text of what size?

A. 56 bits
B. 64 bits
C. 112 bits
D. 128 bits

A

Answer: B

The DES cipher operates on messages in 64-bit blocks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q
  1. An organization recently installed and configured a database application on a server. The application uses service accounts and these accounts were granted administrator access on the network to streamline configuration. Later, malware infected the server and used the application service account to escalate its privileges as an administrator. Which of the following principles was not followed?

A. Privilege creep
B. Separation of duties
C. Need-to-know
D. Principle of least privilege

A

Answer: D

Granting the service account full network administrator privileges violates the principle of least privilege. It is often easier to configure it this way, but it is not secure. Privilege creep occurs when users are granted additional privileges as job requirements change, but unneeded privileges are not removed. Separation of duties ensures a single entity doesn’t control all elements of a critical process. Need-to-know ensures users are granted access to only the data they need and no more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q
  1. Which of the following provides the best protection to ensure the confidentiality of data at rest?

A. Destruction
B. Encryption
C. Sanitization
D. Marking

A

Answer: B

Encryption provides strong protection to ensure the confidentiality of data at rest and is the best choice of the available answers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q
  1. Christopher recently received word that his application for a trademark was approved by the US Patent and Trademark Office. What symbol should he use next to the name to indicate its protected status?

A. ©
B. ®
C. ™
D. †

A

Answer: B

The ® symbol is reserved for trademarks that have received official registration status by the US Patent and Trademark Office.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q
  1. Matthew and Richard want to communicate with each other using a public key cryptosystem. What is the total number of keys they must have to successfully communicate?

A. 1
B. 2
C. 3
D. 4

A

Answer: D

To use public key cryptography, Matthew and Richard must each have their own pair of public and private cryptographic keys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q
  1. What occurs when the relationship between the plain text and the key is complicated enough that an attacker can’t merely continue altering the plain text and analyzing the resulting cipher text to determine the key? (Choose all that apply.)

A. Confusion
B. Transposition
C. Polymorphism
D. Diffusion

A

Answer: A;D

Confusion and diffusion are two principles underlying most cryptosystems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q
  1. The purchasing of insurance is a form of ___________________.

A. Risk mitigation
B. Risk assignment
C. Risk acceptance
D. Risk rejection

A

Answer: B

Insurance is a form of risk assignment or transference.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q
  1. What is the duration of trade secret protection under federal law?

A. 20 years
B. 25 years
C. 50 years
D. Unlimited

A

Answer: D

There is no limit to the duration of trade secret protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q
  1. Issues commonly addressed in a(n) _____________ include system uptime requirements, peak and average load expectations, diagnostic responsibilities, failover and redundancy, and financial or contractual remedies for noncompliance.

A. MOU
B. ECDHE
C. SLA
D. OCSP

A

Answer: C

Issues commonly address in a service-level agreement (SLA) include system uptime requirements, peak and average load expectations, diagnostic responsibilities, failover and redundancy, and financial or contractual remedies for noncompliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q
  1. Which backup format stores only those files that have been set with the archive bit and have been modified since the last complete backup?

A. Differential backup
B. Partial backup
C. Incremental backup
D. Full backup

A

Answer: A

Differential backups store all files that have been modified since the time of the most recent full backup; they affect only those files that have the archive bit turned on, enabled, or set to 1.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q
  1. What is the major weakness inherent in public key cryptography systems?

A. Slow speed
B. Difficulty of key exchange
C. Lack of scalability
D. Lack of nonrepudiation capability

A

Answer: A

Public key cryptosystems are notoriously slower than their secret key counterparts. They eliminate the difficulty of key exchange and provide for both scalability and nonrepudiation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q
  1. What type of disaster recovery test is the simplest to perform?

A. Structured walk-through
B. Read-through
C. Simulation
D. Parallel

A

Answer: B

In the read-through test, you distribute copies of the disaster recovery plan to key personnel for review but do not actually meet or perform live testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q
  1. Which one of the following business impact assessment variables provides the recovery time objective for a business function?

A. AV
B. SLE
C. ARO
D. MTD

A

Answer: D

The maximum tolerable downtime (MTD) is equivalent to the recovery time objective (RTO). It provides the maximum length of time a business function can be inoperable without causing irreparable harm to the business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q
  1. Known as reciprocal agreements, what pledge binds two organizations into a mutually helpful recovery process in the event of disaster?

A. Mutual assistance agreements
B. Business continuity plan
C. Disaster recovery plan
D. Software escrow

A

Answer: A

MAAs are popular in disaster recovery literature but difficult to implement. They are agreements between two parties to mutually assist one another in the event of disaster.

102
Q
  1. What organization created the Ten Commandments of Computer Ethics?

A. Internet Advisory Board
B. (ISC)2
C. Information Security Audit and Control Association
D. Computer Ethics Institute

A

Answer: D

The Computer Ethics Institute created the Ten Commandments of Computer Ethics.

103
Q
  1. The Twofish algorithm uses an encryption technique not found in other algorithms that XORs the plain text with a separate subkey before the first round of encryption. What is this called?

A. Preencrypting
B. Prewhitening
C. Precleaning
D. Prepending

A

Answer: B

Prewhitening XORs the plain text with a separate subkey before the first round of encryption.

104
Q
  1. What is the real purpose for a honeypot or a honeynet?

A. To keep attackers away from real systems or networks they might otherwise attack
B. To provide a lure for attackers by advertising the presence of a weak or insecure system or network
C. To provide a walled-off environment that simulates a production network or system and provides fake data to retain an intruder’s interest following detection and transfer by an IDS
D. To lure attackers into a bogus system or network environment and present sufficient material of apparent worth or interest to keep the attacker around long enough to track them down

A

Answer: D

A honeypot (single system) or honeynet (entire network) is intended to provide a lure for attackers, and by design it provides sufficient material of apparent worth or interest to keep attackers around for a while. Option A is an optimistic outlook on the value of honeypots or honeynets vis-à-vis production networks, option B is based on the definition of entrapment (undesirable, if prosecution might ever be a goal), and option C refers to a so-called padded cell.

105
Q
  1. ___________________ ensures against unauthorized access to information deemed personal or confidential.

A. Integrity
B. Availability
C. Nonrepudiation
D. Privacy

A

Answer: D

The principle of privacy ensures freedom from unauthorized access to information deemed personal or confidential.

106
Q
  1. A prolonged period of low voltage is typical of which power-related issue?

A. Blackout
B. Inrush
C. Transient
D. Brownout

A

Answer: D

A brownout is a reduction of electrical power or a temporary drop in power, but voltage is still present.

107
Q
  1. Which backup procedure replicates only those files that have been added or changed since the last backup of any kind?

A. Electronic vaulting
B. Incremental backup
C. Full backup
D. Differential backup

A

Answer: B

Incremental backups store only those files that have been modified since the time of the most recent full or incremental backup. Incremental backups duplicate only those files that have the archive bit turned on.

108
Q
  1. What kind of alarm system will notify local police, fire, or emergency services when triggered?

A. Local alarm system
B. Remote alarm system
C. Auxiliary alarm system
D. Centralized alarm system

A

Answer: C

Auxiliary alarm systems facilitate local, remote, and centralized alarm systems by notifying external sources (police, fire, medical) of signifying events.

109
Q
  1. Which of the following programming languages is least prone to the undetected insertion of malicious code by a third party?

A. C++
B. Java
C. VBScript
D. Fortran

A

Answer: C

Of the languages listed, VBScript is the least prone to undetected modification by third parties because it is an interpreted language, whereas the other three languages (C++, Java, and Fortran) are compiled languages.

110
Q
  1. The normal operations of a business are restored at the conclusion of the _______ phase of incident response.

A. Identification
B. Analysis
C. Closure
D. Lessons learned

A

Answer: C

The closure phase includes the restoration of the normal business operations of an organization.

111
Q
  1. You operate a grain processing business and are developing your restoration priorities. Which one of the following systems would likely be your highest priority?

A. Order-processing system
B. Fire suppression system
C. Payroll system
D. Website

A

Answer: B

People should always be your highest priority in business continuity planning. As a life safety system, fire suppression systems should always receive high prioritization.

112
Q
  1. Who is believed to have been behind the Stuxnet attack? (Choose all that apply.)

A. Iran
B. Israel
C. United States
D. Iraq

A

Answer: B;C

The Stuxnet attack is believed to have been a joint American-Israeli operation to disrupt Iranian nuclear operations.

113
Q
  1. To what type of application attack are CGI scripts and other web-based software especially vulnerable?

A. TOCTTOU attacks
B. Rootkit attacks
C. Trap-door attacks
D. Buffer overflow attacks

A

Answer: D

CGI and other web-based programs are especially vulnerable to buffer overflow attacks because they are developed rapidly and are available to external users.

114
Q
  1. Chris would like to test systems on his network for cross-site scripting (XSS) vulnerabilities. Which one of the following tools would be best suited to this task?

A. Port scanner
B. Network vulnerability scanner
C. Network discovery scanner
D. Web vulnerability scanner

A

Answer: D

Cross-site scripting attacks are web vulnerabilities and Chris would be best served by a web vulnerability scanner. A network vulnerability scanner might also pick up this vulnerability, but the web vulnerability scanner is specifically designed for the task and more likely to be successful.

115
Q
  1. What BIA measure describes the proportion of an asset that will be damaged if a risk materializes?

A. AV
B. EF
C. ARO
D. SLE

A

Answer: B

The exposure factor (EF) describes the amount of damage that a risk poses to an asset, expressed as a percentage of the asset’s value.

116
Q
  1. Which of the following models uses labels to define classifications levels of objects?

A. Mandatory access control model
B. Discretionary access control model
C. Role-based access control model
D. Rule-based access control model

A

Answer: A

A mandatory access control model uses labels to classify objects such as data. Subjects with matching labels can access these objects. None of the other models use labels.

117
Q
  1. An executive’s company-purchased mobile phone was lost or stolen. At this point, what could be done to ensure data on the phone cannot be read by someone who has the phone?

A. Encryption
B. GPS
C. Remote wipe
D. Password-protected screen lock

A

Answer: C

After a phone has been stolen, a remote wipe signal can be sent to the phone to clear it of all data. Encryption would be effective in preventing someone from reading the data before it was stolen but not afterward, and if a dedicated attacker has the phone, it is possible the encryption can be cracked. GPS can help identify the location, but it would not prevent access to data. Password protection slows down an unauthorized user but would not prevent access.

118
Q
  1. Which one of the following items is not a critical piece of information in the chain of evidence?

A. General description of the evidence
B. Name of the person collecting the evidence
C. Relationship of the evidence to the crime
D. Time and date the evidence was collected

A

Answer: C

The chain of evidence does not require that the evidence collector know or document the relationship of the evidence to the crime.

119
Q
  1. Which is not a part of an electronic access control lock?

A. An electromagnet
B. A credential reader
C. A door sensor
D. A biometric scanner

A

Answer: D

An electronic access control (EAC) lock comprises three elements: an electromagnet to keep the door closed, a credential reader to authenticate subjects and to disable the electromagnet, and a door-closed sensor to reenable the electromagnet.

120
Q
  1. What simple safeguard can be used to protect against replay attacks in secure communications?

A. Changing keys daily
B. Time-stamping messages
C. Digital signatures
D. Message digests

A

Answer: B

Replay attacks take advantage of authentication requests that do not include a time stamp by later replaying the message to open a new authenticated session.

121
Q
  1. An organization wants to implement a cloud-based service using a combination of two separate clouds. Which deployment model should they choose?

A. Community
B. Hybrid
C. Private
D. Public

A

Answer: B

The hybrid model includes a combination of two or more clouds. The other answers refer to a single cloud-based structure. A community model is shared with two or more organizations but it can be a single cloud. A private cloud is private to an organization, and a public cloud is available to any organization.

122
Q
  1. What is the Delphi technique?

A. A security model
B. A form of qualitative risk analysis
C. An encryption mechanism
D. A security audit process

A

Answer: B

The Delphi technique is a form of qualitative risk analysis that uses an anonymous feedback-and-response process to arrive at a group consensus.

123
Q
  1. What form of access control is concerned with the data stored by a field rather than any other issue?

A. Content-dependent
B. Context-dependent
C. Semantic integrity mechanisms
D. Perturbation

A

Answer: A

Content-dependent access control is focused on the internal data of each field.

124
Q
  1. What type of network discovery scan attempts to simulate an already open network connection?

A. TCP connect scan
B. Xmas scan
C. TCP SYN scan
D. TCP ACK scan

A

Answer: D

The TCP ACK scan sends an ACK packet, simulating a packet from the middle of an already established connection.

125
Q
  1. What law amended the Computer Fraud and Abuse Act to include protections for portions of the national infrastructure?

A. Government Information Security Reform Act
B. Computer Security Act
C. Comprehensive Crime Control Act
D. National Information Infrastructure Protection Act

A

Answer: D

The National Information Infrastructure Protection Act extends protections to portions of the national infrastructure other than computing systems, such as railroads, gas pipelines, electric power grids, and telecommunications circuits.

126
Q
  1. How many times may the owner of a trademark renew the trademark registration?

A. Once
B. Twice
C. Five times
D. Unlimited

A

Answer: D

There is no limit on the number of 10-year renewals that may be filed for a registered trademark.

127
Q
  1. The backup administrator configures a system to perform full backups on Sundays and incremental backups on Mondays through Saturdays. The system fails on Wednesday. What backups must be applied?

A. Sunday only
B. Sunday, Monday, Tuesday, and Wednesday
C. Sunday and Wednesday only

A

Answer: B

With incremental backups, you must first restore the most recent full backup and then apply all incremental backups that occurred since that full backup.

128
Q
  1. What is the name of the security protocol designed by Visa and MasterCard to provide e-commerce security?

A. SSL
B. SSH
C. S-HTTP
D. SET

A

Answer: D

The Secure Electronic Transaction (SET) protocol serves as a method of securing e-commerce transactions.

129
Q
  1. Which one of the following is not a hashing algorithm?

A. MD4
B. MD5
C. SHA
D. PGP

A

Answer: D

Pretty Good Privacy (PGP) is an email encryption system and not a hashing algorithm.

130
Q
  1. Which of the following is not an expected result of requiring users to regularly change their workstation assignment or physical location?

A. Deters collusion between employees because ever-changing constellations of co-workers are less likely to bond sufficiently to perform unauthorized or illegal activities together
B. Encourages users to store personal information on systems
C. Encourages users to keep all work materials on network servers where they can be easily protected, overseen, and audited
D. Gives users little or no opportunity to customize their systems or to install unapproved software because subsequent users will discover and report such changes

A

Answer: B

Options A, C, and D are examples of valid reasons why changes to workstation assignments or physical location can improve or maintain security. Regularly changing workstation assignment or location discourages users from storing personal information on systems.

131
Q
  1. Which of the following best describes change management?

A. Preventing changes to systems
B. Ensuring only approved changes are implemented
C. Ensuring that changes do not reduce security
D. Auditing privilege access

A

Answer: B

The goal of change management is to ensure that any change does not lead to unintended outages or reduce security. Change management doesn’t affect personnel safety. A change management plan will commonly include a rollback plan, but that isn’t a specific goal of the program. Change management doesn’t perform any type of auditing.

132
Q
  1. Which of the following combinations of terms defines the operations security triple?

A. Confidentiality, integrity, and availability (the CIA Triad)
B. Authentication, authorization, and accounting (AAA)
C. The relationship between assets, vulnerabilities, and threats
D. Due care, due diligence, and operations controls

A

Answer: C

The primary purpose for operations security is to safeguard information assets that reside in a system day to day, to identify and safeguard any vulnerabilities that might be present in that system, and to prevent any exploitation of threats. Administrators often call the relationship between assets, vulnerabilities, and threats an operations security triple. CIA relates to a model used to develop security policy, and AAA defines a framework for managing access to computer resources, enforcing policy, auditing usage, and providing usage data for charge backs or billing. Due care, due diligence, and operations controls are part of operations security but not in the same sense as in the relationship between assets, vulnerabilities, and threats.

133
Q
  1. A(n) ______________ system is one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.

A. Assured
B. Updated
C. Protected
D. Trusted

A

Answer: D

A trusted system is one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.

134
Q
  1. What is the first step of the business impact assessment process?

A. Identification of priorities
B. Likelihood assessment
C. Risk identification
D. Resource prioritization

A

Answer: A

Identification of priorities is the first step of the business impact assessment process.

135
Q
  1. Which of the following is not related to verifying that a candidate for employment is qualified as well as not disqualified for a position?

A. Education verification
B. Reference checks
C. Security clearance validation
D. Signing an NDA

A

Answer: D

Singing an NDA may be a part of the hiring process, but it is not related to verifying that a candidate for employment is qualified as well as not disqualified for a position.

136
Q
  1. What type of alternate processing facility contains an organization’s data at all times?

A. Hot site
B. Warm site
C. Cold site
D. MAA site

A

Answer: A

Hot sites contain updated copies of the organization’s data, ready to assume an operational role.

137
Q
  1. During what phase of the IDEAL model does the organization develop, test, refine, and implement solutions?

A. Initiating
B. Diagnosing
C. Establishing
D. Acting

A

Answer: D

In the acting phase, it’s time to stop “talking the talk” and “walk the walk.” The organization develops solutions and then tests, refines, and implements them.

138
Q
  1. Which of the following is not a critical member of a BCP team?

A. Legal representatives
B. Information security representative
C. Technical and functional experts
D. Chief executive officer

A

Answer: D

While it is important to have executive-level support, it is not necessary (and quite unlikely!) to have the CEO on the team.

139
Q
  1. What process provides a framework for cost/benefit analysis related to proposed changes?

A. Request control
B. Release control
C. Deployment control
D. Change control

A

Answer: A

The request control process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.

140
Q
  1. Christopher wishes to digitally sign a message he is sending to Matthew. What key should Christopher use to create the digital signature?

A. Christopher’s public key
B. Christopher’s private key
C. Matthew’s public key
D. Matthew’s private key

A

Answer: B

Christopher creates the digital signature using his own private key.

141
Q
  1. Which of the following is most closely associated with the security model of an access control matrix?

A. Trusted computing base
B. Capabilities list
C. Security token
D. Formal enrollment

A

Answer: B

A capabilities list maintains a row of security attributes for each controlled object. A capabilities list is the row of an access control matrix.

142
Q
  1. What protocol is slowly replacing certificate revocation lists as a real-time method of verifying the status of a digital certificate?

A. OLAP
B. LDAP
C. OCSP
D. BGP

A

Answer: C

The Online Certificate Status Protocol (OCSP) provides real-time query/response services to digital certificate users. This overcomes the latency inherent in the traditional certificate revocation list download and cross-check process.

143
Q
  1. Jane is selecting a backup strategy for her organization. She wants to choose a combination of two backup types that will provide full coverage of modified files and require restoring the minimum number of backup tapes. What strategy should she choose?

A. Full and incremental backups
B. Full and transaction logging
C. Full and differential backups
D. Incremental and differential backups

A

Answer: C

A combination of full and differential backups requires that administrators only restore two backups: the most recent full backup and the most recent differential backup.

144
Q
  1. Which of the following models includes a lattice-based format to define object access?

A. Role-based access control model
B. Rule-based access control model
C. Mandatory access control model
D. Discretionary access control model

A

Answer: C

A mandatory access control model includes a lattice-based format, with labels used to identify separate compartments. None of the other models include a lattice-based format.

145
Q
  1. You are selecting an alternate processing facility for your organization and must select an approach that allows recovery site activation within six hours. What site should you choose?

A. Hot site
B. Warm site
C. Cold site
D. MAA site

A

Answer: A

Hot sites are the only site capable of activation within the required six-hour timeframe.

146
Q
  1. Flo and Ricky are sending messages to each other using an asymmetric encryption algorithm. Flo wants to send Ricky a private message. What key should she use to encrypt it?

A. Flo’s public key
B. Flo’s private key
C. Ricky’s public key
D. Ricky’s private key

A

Answer: C

Flo should encrypt the message with Ricky’s public key.

147
Q
  1. What type of virus modifies operating system routines to trick antivirus software into thinking everything is functioning normally?

A. Multipart viruses
B. Stealth viruses
C. Encrypted viruses
D. Polymorphic viruses

A

Answer: B

Stealth viruses alter operating system file access routines so that when an antivirus package scans the system, it is provided with the information it would see on a clean system rather than with infected versions of data.

148
Q
  1. What sort of penetration testing team is completely unaware of the working environment?

A. Ethical hacker
B. Partial knowledge team
C. Full knowledge team
D. Zero knowledge team

A

Answer: D

The zero knowledge team knows nothing about the site except for basic information, such as domain name and company address.

149
Q
  1. What business continuity metric identifies the longest period of time that a business function may be unavailable without causing irreparable harm to the business?

A. MTD
B. RTO
C. SLE
D. ALE

A

Answer: A

The maximum tolerable downtime (MTD) is the maximum length of time a business function can be inoperable without causing irreparable harm to the business.

150
Q
  1. What form of infrastructure mode wireless networking deployment supports large physical environments through the use of a single SSID but numerous access points?

A. Stand-alone
B. Wired extension
C. Enterprise extended
D. Bridge

A

Answer: C

Enterprise extended infrastructure mode exists when a wireless network is designed to support a large physical environment through the use of a single SSID but numerous access points.

151
Q
  1. What term is used to describe hiding messages within graphical images?

A. Pseudocryptography
B. Graphography
C. Steganography
D. Rheumatology

A

Answer: C

Steganography is the art of hiding messages within the bits of a graphical image to avoid detection.

152
Q
  1. During which phase of the business impact assessment do you determine the risks that you’re willing to address simultaneously?

A. Risk identification
B. Likelihood assessment
C. Criticality prioritization
D. Resource prioritization

A

Answer: D

During the resource prioritization phase, you determine the risks that you’re able to simultaneously address with the resources available to you.

153
Q
  1. In which phase of the Capability Maturity Model for Software do developers begin to operate according to a set of formal, documented software development practices?

A. Initial
B. Repeatable
C. Defined
D. Managed

A

Answer: C

The Defined phase introduces formal, documented software development processes.

154
Q
  1. During threat modeling, several options exist for ranking or rating the severity and priority of threats. Which of the following not a threat modeling ranking system?

A. DREAD
B. Probability * Damage Potential
C. Qualitative analysis
D. High/medium/low

A

Answer: C

Qualitative analysis is part of risk management/risk assessment, but it is not specifically a means of ranking or rating the severity and priority of threats under threat modelling. The three common means of ranking or rating the severity and priority of threats are DREAD, Probability * Damage Potential, and High/medium/low.

155
Q
  1. What type of information is not normally included in the risk acceptance/mitigation portion of BCP (business continuity plan) documentation?

A. Reasons for accepting risks
B. Potential future events that might warrant reconsideration of the decision
C. Identification of insurance policies that apply to a given risk
D. Risk mitigation provisions and processes

A

Answer: C

Insurance policies are an example of risk assignment/transference and would not be described in the risk acceptance/mitigation section of the documentation.

156
Q
  1. Security guards or mantraps are representative forms of what secure access control?

A. Technical access control
B. Administrative access control
C. Personnel access control
D. Physical access control

A

Answer: D

Physical controls for physical security include fencing, lighting, locks, construction materials, mantraps, dogs, and guards.

157
Q
  1. An organization has a patch management program but wants to implement another method to ensure that systems are kept up to date. What could they use?

A. Change management program
B. Configuration management program
C. Port scanners
D. Vulnerability scanners

A

Answer: D

Vulnerability scanners can check systems to ensure they are up to date with current patches (along with other checks) and are an effective tool to verify the patch management program. Change and configuration management programs ensure systems are configured as expected and unauthorized changes are not allowed. A port scanner is often part of a vulnerability scanner but it will check only for open ports, not patches.

158
Q
  1. Systems within an organization are configured to automatically receive and apply patches when they are applied. After receiving a patch, 55 of the systems automatically restarted but booted into a stop error. What could have prevented this problem without sacrificing security?

A. Disable the setting to automatically apply the patches.
B. Implement a patch management program to approve all patches.
C. Ensure systems are routinely audited for patches.
D. Implement a patch management program that tests patches before deploying them.

A

Answer: D

An effective patch management program evaluates and tests patches before deploying them and would have prevented this problem. Approving all patches would not prevent this problem because the same patch would be deployed. Systems should be audited after deploying patches, not to test for the impact of new patches.

159
Q
  1. Which of the following passwords uses a challenge-response mechanism to create a one-time password?

A. Synchronous one-time passwords
B. Asynchronous one-time passwords
C. Strong static passwords
D. Passphrases

A

Answer: B

An asynchronous token generates and displays one-time passwords using a challenge-response process to generate the password. A synchronous token is synchronized with an authentication server and generates synchronous one-time passwords. Static passwords are not one-time passwords but instead stay the same for a period of time. A passphrase is a static password created from an easy-to-remember phrase.

160
Q
  1. Which of the following actions does not usually occur during the restoration phase of incident response?

A. Disconnecting a system from the network
B. Restoring backup data
C. Rebuilding compromised systems
D. Supplementing existing security controls

A

Answer: A

Systems are usually disconnected from the network during the isolation and recovery process.

161
Q
  1. Which BCP (business continuity plan) task requires that you create a comprehensive list of business processes?

A. Criticality prioritization
B. Risk identification
C. Likelihood assessment
D. Impact assessment

A

Answer: A

In the criticality prioritization task, you create a list of business processes and rank them in order of importance to the organization.

162
Q
  1. What provision of the European Union’s safe harbor for privacy requires mechanisms to protect data against loss?

A. Notice
B. Access
C. Security
D. Enforcement

A

Answer: C

The security provisions of the safe harbor require proper mechanisms to protect data against loss, misuse, and unauthorized disclosure.

163
Q
  1. Which of the following types of intrusion detection systems (IDSs) is effective only against known attack methods?

A. Behavior-based
B. Host-based
C. Knowledge-based
D. Network-based

A

Answer: C

A knowledge-based (or signature-based) IDS is effective only against known attack methods. A behavior-based IDS starts by creating a baseline of activity to identify normal behavior and then measures system performance against the baseline to detect abnormal behavior, allowing it to detect previously unknown attack methods. Both host-based and network-based systems can be either knowledge-based, behavior-based, or a combination of both.

164
Q
  1. A complete loss of power is what kind of power issue?

A. Brownout
B. Fault
C. Blackout
D. Surge

A

Answer: C

In a blackout, a total loss of electrical power, as supplied by a utility company or source, or a zero-voltage condition occurs.

165
Q
  1. What type of disaster recovery test involves relocating personnel to the alternate recovery site but does not take the main facility offline?

A. Checklist test
B. Structured walkthrough
C. Simulation test
D. Parallel test

A

Answer: D

The parallel test involves relocating personnel to the alternate recovery site and implementing site activation procedures.

166
Q
  1. What law requires that federal agencies develop and implement an effective information security program?

A. CALEA
B. FERPA
C. FISMA
D. CFAA

A

Answer: C

The Federal Information Security Management Act (FISMA), passed in 2002, requires that federal agencies implement an information security program that covers the agency’s operations.

167
Q
  1. What type of attack occurs when malicious users position themselves between a client and server and then interrupt the session and take it over?

A. Man-in-the-middle
B. Spoofing
C. Hijack
D. Cracking

A

Answer: C

In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over. A man-in-the middle attack doesn’t interrupt the session and take it over. Spoofing hides the identity of the attacker. Cracking commonly refers to discovering a password but can also mean any type of attack.

168
Q
  1. Of the following choices, what is a primary benefit when images are used to deploy new systems?

A. Provides baseline for configuration management
B. Improves patch management response times
C. Reduces vulnerabilities from unpatched systems
D. Provides documentation for changes

A

Answer: A

When images are used to deploy systems, the systems start with a common baseline, which is important for configuration management. Images don’t necessarily improve the evaluation, approval, deployment, and audits of patches to systems within the network. While images can include current patches to reduce their vulnerabilities, this is because the image provides a baseline. Change management provides documentation for changes.

169
Q
  1. An abuse by an unauthorized person to use authorized personnel identification as a means of entry is what form of attack?

A. Piggybacking
B. Masquerading
C. Eavesdropping
D. Intrusion

A

Answer: B

Masquerading occurs when a person presents him- or herself as another user, typically to gain access to unauthorized information or processes.

170
Q
  1. Which of the following is an example of a risk best measured in qualitative form?

A. Downtime of systems
B. Loss of financial resources
C. Loss of customer goodwill
D. Damage to facilities

A

Answer: C

Loss of customer goodwill is the only item listed that is not easily quantified and is, therefore, a better candidate for qualitative assessment.

171
Q
  1. What is the practice of establishing emergency-response actions following a business-related disaster?

A. Mutual assistance agreements
B. Business continuity planning
C. Software escrow
D. Disaster recovery planning

A

Answer: D

Disaster recovery planning is the practice of establishing emergency-response actions to follow after a disaster.

172
Q
  1. Which one of the following symmetric encryption algorithms is not supported by S/MIME?

A. DES
B. RC2
C. 3DES
D. IDEA

A

Answer: D

S/MIME supports the DES, RC2, and 3DES symmetric encryption algorithms and also uses RSA for public key encryption. It does not provide support for IDEA.

173
Q
  1. What amendment to the US Constitution protects individuals against wiretapping and invasions of privacy?

A. First
B. Fourth
C. Fifth
D. Tenth

A

Answer: B

The Fourth Amendment, as interpreted by the courts, includes protections against wiretapping and other invasions of privacy.

174
Q
  1. Which one of the following is not a core principle of the Agile Manifesto?

A. Simplicity is essential.
B. Build projects around all team members equally.
C. Working software is the primary measure of progress.
D. The best designs emerge from self-organizing teams.

A

Answer: B

The Agile Manifesto says that you should build projects around motivated individuals and give them the support they need.

175
Q
  1. Within the context of the EU Data Protection Law, what is the responsibility of a data processor?

A. Collect information for the data controller and prevent unauthorized disclosure
B. Use the data only as directed by the data controller and prevent unauthorized disclosure
C. Abide by the nine Safe Harbor principles while collecting data
D. Grant data access to third parties that abide by the nine Safe Harbor principles

A

Answer: B

The data processor should protect the data to prevent unauthorized disclosure and use the data only as directed by the data controller. The data controller, not the data processor, collects data. The data processor will abide by the seven Safe Harbor principles but does not collect data. The data processor is the third party and should not grant access to outside entities.

176
Q
  1. What IPsec component provides assurances of message integrity and nonrepudiation?

A. ESP
B. L2TP
C. AH
D. IKE

A

Answer: C

The Authentication Header (AH) provides assurances of message integrity and nonrepudiation. AH also provides authentication and access control and prevents replay attacks.

177
Q
  1. Which one of the following tools can be used to launch a distributed denial of service attack against a system or network?

A. Satan
B. Saint
C. LOIC
D. Nmap

A

Answer: C

Low Orbit Ion Cannon (LOIC) is a commonly used distributed denial of service (DDoS) attack toolkit. The other three tools mentioned are reconnaissance techniques used to map networks and scan for known vulnerabilities.

178
Q
  1. You are concerned about the risk that a tornado poses to your corporate headquarters in Indiana. The building itself is valued at $10 million. After consulting with the National Weather Service, you determine that there is a 2 percent likelihood that a tornado will strike over the course of a year. You hired a team of architects and engineers who determined that the average tornado would destroy approximately 25 percent of the building. What is the annualized loss expectancy (ALE)?

A. $10,000,000
B. $2,500,000
C. $200,000
D. $50,000

A

Answer: D

The ALE is computed by multiplying the SLE ($2,500,000) by the annualized rate of occurrence (2%) to get $50,000.

179
Q
  1. What phase of a business impact assessment calculates the ARO for a given risk scenario?

A. Risk identification
B. Likelihood assessment
C. Impact assessment
D. Resource prioritization

A

Answer: B

The annualized rate of occurrence (ARO) is a measure of how many times a risk might materialize in a typical year. It is a measure of risk likelihood.

180
Q
  1. Which of the following is an example of a Type 3 authentication factor?

A. Something you have
B. Something you are
C. Somewhere you are
D. Something you know

A

Answer: B

A Type 3 authentication factor is based on biometric characteristics, or something you are. A Type 2 authentication factor is based on something you have, such as a smart card or token device. A Type 1 authentication factor is based on something you know, such as passwords or PINs. Somewhere isn’t formally listed in one of the three authentication factory types.

181
Q
  1. Which one of the following security modes does not require that all users have a security clearance for the highest level of information processed by the system?

A. Dedicated
B. System high
C. Compartmented
D. Multilevel

A

Answer: D

In a multilevel security mode system, there is no requirement that all users have appropriate clearances to access all the information processed by the system.

182
Q
  1. What type of attack occurs when a malicious user is positioned between the two endpoints of a communication’s link?

A. Spoofing
B. Spamming
C. Denial of service
D. Man-in-the-middle

A

Answer: D

A man-in-the-middle attack occurs when a malicious user is positioned between the two endpoints of a communication’s link, intercepting and facilitating their communication session.

183
Q
  1. Defense in depth is a security strategy that defends against attacks and compromises with multiple cooperating controls and safeguards. This is also known by what other protection mechanism term?

A. Hiding
B. Layering
C. Classification
D. Abstraction

A

Answer: B

Defense in depth is also known as layering. Hiding is preventing data from being discovered or accessed by a subject by positioning the data in a logical storage compartment that is not accessible or seen by the subject. Classification is labelling subjects and objects based on their value or sensitivity. Abstraction is the act of placing similar elements into groups and then assigning access controls on those elements as a collective.

184
Q
  1. What is the preventive practice of establishing and planning for business-related threats and risk?

A. Disaster recovery planning
B. Business continuity planning
C. Mutual assistance agreements
D. Software escrow

A

Answer: B

Business continuity planning is the preventive practice of establishing and planning for threats to business flow, including natural and unnatural risk and threats to daily operations.

185
Q
  1. Which one of the following is not a tenet of the CISSP Code of Ethics?

A. Protect society, the commonwealth, and the infrastructure.
B. Take no action that jeopardizes the business interests of principals.
C. Act honorably, honestly, justly, responsibly, and legally.
D. Advance and protect the profession.

A

Answer: B

The Code of Ethics does not require that you protect the business interests of the principals. In fact, you may find yourself ethically bound to take action that jeopardizes those business interests.

186
Q
  1. What type of virus modifies its own code as it travels from system to system in an attempt to evade signature detection?

A. Polymorphic
B. Encrypted
C. Multipartite
D. Stealth

A

Answer: A

Polymorphic viruses actually modify their own code as they travel from system to system. The virus’s propagation and destruction techniques remain the same, but the signature of the virus is somewhat different each time it infects a new system.

187
Q
  1. Which of the following requirements does not come from the Children’s Online Privacy Protection Act?

A. Children must be kept anonymous when participating in online forums.
B. Parents must be provided with the opportunity to review information collected from their children.
C. Parents must give verifiable consent to the collection of information about children.
D. Websites must have a privacy notice.

A

Answer: A

COPPA does not require that children remain anonymous in online forums.

188
Q
  1. Who is responsible for classifying information?

A. Users
B. Data custodian
C. Auditor
D. Data owner

A

Answer: D

The data owner is the person responsible for classifying information for placement and protection within the security solution.

189
Q
  1. What federal agency provides detailed data that can assist with assessing earthquake risk?

A. NIST
B. USGS
C. FEMA
D. DOI

A

Answer: B

The US Geological Survey provides detailed earthquake risk data for locations in the United States.

190
Q
  1. What software component did the developers of Sun’s Java programming language include to place privilege restrictions on Java code?

A. Cache
B. Sandbox
C. Playground
D. Proxy

A

Answer: B

The Java sandbox restricts the activities that can be performed by programs running within the Java environment.

191
Q
  1. You are creating a security product that must facilitate the exchange of symmetric encryption keys between two parties that have no way to securely exchange keys in person. What algorithm might you use to facilitate the exchange?

A. Rijndael
B. Blowfish
C. Vernam
D. Diffie-Hellman

A

Answer: D

The Diffie-Hellman algorithm allows the exchange of symmetric encryption keys between two parties over an insecure channel.

192
Q
  1. Which of the following is not an example of a converged protocol?

A. iSCSI
B. VoIP
C. FCoE
D. NNTP

A

Answer: D

NNTP (Network News Transfer Protocol) is not an example of a converged protocol. ISCSI, VoIP, and FCoE are converged protocols.

193
Q
  1. What type of attack includes activities such as tricking a secretary into revealing the boss’s password?

A. Chatty attack
B. Social engineering
C. Dumpster diving
D. Psychological operations

A

Answer: B

Social engineering is a term used to describe attacks that exploit human nature to gain illegitimate access to a computer system, either directly or indirectly.

194
Q
  1. You are concerned about the risk that a hurricane poses to your corporate headquarters in south Florida. The building itself is valued at $15 million. After consulting with the National Weather Service, you determine that there is a 10 percent likelihood that a hurricane will strike over the course of a year. You hired a team of architects and engineers who determined that the average hurricane would destroy approximately 50 percent of the building. What is the annualized rate of occurrence (ARO)?

A. 5 percent
B. 10 percent
C. 50 percent
D. 100 percent

A

Answer: B

The ARO is, quite simply, the probability that a given disaster will strike over the course of a year. According to the experts quoted in the scenario, this chance is 10 percent.

195
Q
  1. Which type of alarm system broadcasts an audible signal with a listening range of 400 feet?

A. Auxiliary alarm system
B. Local alarm system
C. Centralized alarm system
D. Remote alarm system

A

Answer: B

Local alarm systems, as the name implies, are locally controlled broadcast systems that emit audible signals. A fire alarm is an example of a local alarm system.

196
Q
  1. The backup administrator configures a system to perform full backups on Sundays and differential backups on Mondays through Saturdays. The system fails on Wednesday. What backups must be applied?

A. Sunday only
B. Sunday, Monday, Tuesday and Wednesday
C. Sunday and Wednesday only
D. Sunday, Monday and Wednesday only

A

Answer: C

With differential backups, you must first restore the most recent full backup and then apply the most recent differential backup.

197
Q
  1. Which of the following individuals would not normally be included in your organization’s incident response team?

A. Public affairs representative
B. Information security representative
C. Law enforcement representative
D. Senior management representative

A

Answer: C

Law enforcement officials would not usually serve on your internal incident response team. Rather, you would typically appoint an individual to serve as a liaison with law enforcement.

198
Q
  1. An organization has an access control model that applies to all sales managers in the organization. What type of access control model is this?

A. Identity-based
B. Label-based
C. Rule-based
D. Role-based

A

Answer: D

A role-based access control model is based on job functions such as a sales person or a sales manager, and it groups users into roles. A discretionary access control model is an identity-based access control model. A rule-based access control model is based on rules within an ACL. A mandatory access control model uses assigned labels to identify access.

199
Q
  1. Which one of the following alternate processing arrangements is rarely implemented?

A. Hot site
B. Warm site
C. Cold site
D. MAA site

A

Answer: D

Mutual assistance agreements are rarely implemented because they are difficult to enforce in the event of a disaster requiring site activation.

200
Q
  1. A security management plan that discusses the needs of an organization to maintain security, the desire to improve control of authorized access, and the goal of implementing token-based security is what type of plan?

A. Functional
B. Operational
C. Strategic
D. Tactical

A

Answer: C

A strategic plan is a long-term plan that is fairly stable. It defines the organization’s goals, mission, and objectives. It is useful for about five years if it is maintained and updated annually. The strategic plan also serves as the planning horizon. Long-term goals and visions of the future are discussed in a strategic plan.

201
Q
  1. What type of attack allows the transmission of sensitive data between classification levels through the direct or indirect manipulation of a shared storage media?

A. Trojan horse
B. Direct access to media
C. Permission creep
D. Covert channel

A

Answer: D

Covert channel attacks involve the illicit transfer of data by manipulating storage or timing channels.

202
Q
  1. What government agency provides daily updates on wildfires in the United States?

A. FEMA
B. NIFC
C. USGS
D. USFWS

A

Answer: B

The National Interagency Fire Center provides daily updates on wildfires occurring in the United States.

203
Q
  1. Which of the following is not an element of a secure termination process?

A. On boarding
B. Returning company property
C. Having a witness for the exit interview
D. Escorting off premises

A

Answer: A

On boarding is used to bring a new employee into the organization, not for terminating an employee. An off-boarding process would be appropriate for termination.

204
Q
  1. Which of the following describes putting similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective?

A. Data classification
B. Abstraction
C. Superzapping
D. Using covert channels

A

Answer: B

Abstraction describes putting similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective.

205
Q
  1. What type of device provides electricity to protected systems in the event of a power failure?

A. UPS
B. PAL
C. IDS
D. SIEM

A

Answer: A

An uninterruptible power supply (UPS) provides power to critical systems in the event of an electrical failure.

206
Q
  1. What form of intellectual property is used to protect words, slogans, and logos?

A. Patent
B. Copyright
C. Trademark
D. Trade secret

A

Answer: C

Trademarks are used to protect the words, slogans, and logos that represent a company and its products or services.

207
Q
  1. What remote access protocol replaced SLIP?

A. 802.11
B. SSH
C. PPP
D. TLS

A

Answer: C

PPP is a replacement for SLIP.

208
Q
  1. How many building fires occur in the United States on any given day?

A. 100
B. 1,000
C. 100,000
D. 1,000,000

A

Answer: B

The Insurance Information Institute estimates that 1,000 building fires occur in the United States every day.

209
Q
  1. A biometric system is matching subjects to a database using a one-to-many search. What is this providing?

A. Authentication
B. Authorization
C. Accountability
D. Identification

A

Answer: D

Biometric systems using a one-to-many search provide identification by searching a database for a match. Biometric systems using a one-to-one search provide authentication. Biometric systems do not provide authorization or accountability.

210
Q
  1. What database element is equivalent to a single record?

A. Table
B. Row
C. Column
D. Attribute

A

Answer: B

A database row contains the information that makes up a single database record.

211
Q
  1. Which one of the following categories of attack includes industrial espionage?

A. Financial attacks
B. Thrill attacks
C. Grudge attacks
D. Business attacks

A

Answer: D

Industrial espionage is usually considered a business attack.

212
Q
  1. From which pool of keys is the primary key for a particular table selected?

A. Foreign keys
B. Super keys
C. Candidate keys
D. Referential keys

A

Answer: C

The primary key is selected from the pool of available candidate keys for each table.

213
Q
  1. In addition to job rotation, what other security mechanism supports peer auditing?

A. Separation of duties
B. Principle of least privilege
C. Mandatory vacations
D. Job responsibilities

A

Answer: C

Mandatory vacations support peer auditing by placing another user in a job position for at least a week every year.

214
Q
  1. Which form of disaster recovery test is usually met with the most resistance but provides the most realistic results?

A. Structured walk-through
B. Full-interruption test
C. Simulation test
D. Parallel test

A

Answer: B

Full-interruption tests operate in a manner similar to parallel tests, but they involve actually shutting down operations at the primary site and shifting them to the recovery site.

215
Q
  1. Which type of incident is often the easiest to detect?

A. Compromise
B. Scanning
C. Malicious code
D. Denial of service

A

Answer: D

Denial of service attacks often result in the unavailability of resources and are often noticed earlier than other types of attacks.

216
Q
  1. Identification is useful for all but which of the following reasons?

A. IT systems track activity by identities.
B. Identity is needed to perform authentication.
C. Computers can differentiate between one human and another.
D. Identity is used to associate activities with subjects.

A

Answer: C

Computers cannot differentiate between one human and another; they can differentiate only between one identity or user account and another.

217
Q
  1. Which process in the evaluation of a security system represents the formal acceptance of a certified configuration?

A. Certification
B. Evaluation
C. Accreditation
D. Formal analysis

A

Answer: C

Accreditation is the formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.

218
Q
  1. Change management should ensure that which of the following is possible?

A. Duplicate security is imposed on other systems.
B. Unauthorized changes to the system are prevented.
C. Vulnerable resources are locked down when threatened
D. Changes can be rolled back to a previous state.

A

Answer: D

Change management is responsible for making it possible to roll back any change to a previous secured state.

219
Q
  1. Which one of the following is not a common action that a virus might take?

A. Propagation
B. Validation
C. Destruction
D. Act with stealth

A

Answer: B

Virus writers do not commonly include validation routines in their code.

220
Q
  1. What is the primary reason parallel deployment of security mechanisms is an insecure solution?

A. It complies with layering design.
B. A series configuration is secure.
C. A threat could pass through a single checkpoint that did not address its particular malicious activity.
D. A single failure of a security control does not render the entire solution ineffective.

A

Answer: C

Parallel security designs are insecure because a threat could pass through a single checkpoint that did not address its particular malicious activity.

221
Q
  1. What state was the first to pass a data breach notification law requiring that organizations experiencing breaches of personal information notify affected individuals?

A. California
B. Colorado
C. New York
D. Texas

A

Answer: A

California passed SB 1386, the first data breach notification law, in 2002. Many other states followed suit with laws based on the text of the California law.

222
Q
  1. You are concerned about the risk that fire poses to your $25 million data center facility. Based on expert opinion, you determine that there is a 1 percent chance that fire will occur each year. Experts advise you that a fire would destroy half of your building. What is the annualized loss expectancy?

A. $25,000,000
B. $12,500,000
C. $250,000
D. $125,000

A

Answer: D

The ALE is computed by multiplying the SLE ($12,500,000) by the annualized rate of occurrence (1%) to get $125,000.

223
Q
  1. What type of evidence refers to written documents that are brought into court to prove a fact?

A. Best evidence
B. Payroll evidence
C. Documentary evidence
D. Testimonial evidence

A

Answer: C

Written documents brought into court to prove the facts of a case are referred to as documentary evidence.

224
Q
  1. What federal agency provides detailed data that can assist with assessing flood risk?

A. NIST
B. USGS
C. FEMA
D. DOI

A

Answer: C

The Federal Emergency Management Agency provides flood risk data for locations in the United States.

225
Q
  1. Which type of alarm system signals a monitoring station?

A. Remote alarm system
B. Centralized alarm system
C. Local alarm system
D. Auxiliary alarm system

A

Answer: B

Centralized alarm systems remotely monitor sensors spread around a business facility or campus and trigger on some specified event.

226
Q
  1. You are concerned about the risk that fire poses to your $25 million data center facility. Based on expert opinion, you determine that there is a 1 percent chance that fire will occur each year. Experts advise you that a fire would destroy half of your building. What is the single loss expectancy of your facility to fire?

A. $25,000,000
B. $12,500,000
C. $250,000
D. $125,000

A

Answer: B

The single loss expectancy is the amount of damage that would occur in one fire. The scenario states that a fire would destroy half the building, resulting in $12,500,000 of damage.

227
Q
  1. What form of proximity device is able to generate its own electricity from a magnetic field?

A. Passive device
B. Self-powered device
C. Field-powered device
D. Transponder

A

Answer: C

A field-powered device has electronics that activate when the device enters the electromagnetic field that the reader generates. Such devices actually generate electricity from an EM field to power themselves.

228
Q
  1. You are evaluating procedures within a company to ensure they properly implement a least-privileges policy. Which of the following capabilities indicate that the policy is not being followed?

A. Operators are able to access files on disks.
B. Administrators are able to configure permissions.
C. Administrators are able to back up data.
D. Operators are able to modify the computer’s time.

A

Answer: D

Changing the computer’s time is a privileged function and not normally granted to an operator or end user. Operators should be able to access files. Administrators should be able to configure permissions and back up data.

229
Q
  1. What database backup technology uses frequent, perhaps hourly, transfers of information between the primary and alternate sites?

A. Remote mirroring
B. Electronic vaulting
C. Remote journaling
D. Fault tolerance

A

Answer: C

Remote journaling technology transfers copies of the database transaction log to the alternate site on a frequent basis.

230
Q
  1. What type of phreaker tool is used to simulate the 2600 Hz tones used to interact with telephone network truck systems?

A. Black box
B. Red box
C. Blue box
D. White box

A

Answer: C

A blue box is used to simulate 2600 Hz tones to interact directly with telephone network trunk systems (that is, backbones). This could be a whistle, a tape recorder, or a digital tone generator.

231
Q
  1. What is the formula used to compute the ALE?

A. ALE = AV * EF * ARO
B. ALE = ARO * EF
C. ALE = AV * ARO
D. ALE = EF * ARO

A

Answer: A

The Annualized Loss Expectancy (ALE) is computed as the product of the asset value (AV) times the exposure factor (EF) times the annualized rate of occurrence (ARO). This is the longer form of the formula ALE = SLE*ARO. The other formulas displayed here do not accurately reflect this calculation.

232
Q
  1. Which of the following is not true about trademarks?

A. Trademarks must not be confusingly similar to existing trademarks.
B. Trademarks are issued for 10 years.
C. Trademarks may not be renewed.
D. Trademarks may not be descriptive of your goods or services.

A

Answer: C

Trademarks are issued for 10-year periods and may be renewed for unlimited successive 10-year periods.

233
Q
  1. A host organization that houses onsite security staff has what form of security system?

A. Auxiliary system
B. Centralized system
C. Localized system
D. Proprietary system

A

Answer: D

This is the same thing as a central station system; however, the host organization has its own onsite security staff waiting to respond to security breaches.

234
Q
  1. Mark recently completed work on a piece of computer software that he thinks will be especially valuable. He wants to protect the source code against others rewriting it in a different form. What is the best form of intellectual property protection he could seek in this case?

A. Trademark
B. Trade secret
C. Copyright
D. Patent

A

Answer: B

Mark’s best option is to treat the software source code as a trade secret. Copyright protection requires that he disclose the source in a public filing. Patent protection does not cover the actual program.

235
Q
  1. What software development life cycle model allows the process to return only to the immediately preceding phase?

A. Software Capability Maturity Model
B. Waterfall model
C. Development cycle
D. Spiral model

A

Answer: B

The waterfall model allows the development process to return only to the immediately preceding phase of development at any given time.

236
Q
  1. What phase of a business impact assessment calculates the SLE for a given risk scenario?

A. Risk identification
B. Likelihood assessment
C. Impact assessment
D. Resource prioritization

A

Answer: C

The single loss expectancy (SLE) is a measure of how much damage would occur each time a risk materializes. It is a measure of risk impact.

237
Q
  1. What testing exercise would you perform that involves personnel relocation and remote site activation?

A. Parallel test
B. Full-interruption test
C. Structured walk-through
D. Simulation test

A

Answer: A

Parallel tests represent the next level in testing and involve actually relocating personnel to the alternate recovery site and implementing site activation procedures.

238
Q
  1. Which of the following is not an element of a job description?

A. Separation of duties
B. Security classification
C. Type and extent of access needed
D. Promotion opportunities

A

Answer: D

Promotion opportunities involve an entire organization, not a specific job. A job description focuses on what to do within a specific work position.

239
Q
  1. What aspect of security governance is based on the idea that senior management is responsible for the success or failure of a security endeavor?

A. Sarbanes-Oxley Act 2002
B. COBIT
C. Accreditation
D. Top-down approach

A

Answer: D

The top-down approach is the aspect of security governance that is based on the idea that senior management is responsible for the success or failure of a security endeavor.

240
Q
  1. Known as the table-top exercise, what tests the disaster recovery plan from a role-playing scenario?

A. Simulation test
B. Structured walk-through
C. Parallel test
D. Full-interruption

A

Answer: B

In a structured walk-through, members of the disaster recovery team run role-playing recovery exercises in a conference room.

241
Q
  1. Which type of virus uses a variety of keys to escape detection?

A. Polymorphic virus
B. Encrypted virus
C. Multipartite virus
D. File infector virus

A

Answer: B

Encrypted viruses use a variety of cryptographic keys in conjunction with encryption and decryption routines to hide their code on the hard drive.

242
Q
  1. What form of testing stresses demands on the disaster recovery team to derive an appropriate response from a disaster scenario?

A. Full-interruption test
B. Parallel test
C. Simulation test
D. Structured walk-through

A

Answer: C

Simulation tests are similar to the structured walk-throughs. In simulation tests, disaster recovery team members are presented with a scenario and asked to develop an appropriate response.

243
Q
  1. Which of the following elements is not necessary in the BCP documentation?

A. Risk acceptance details
B. Emergency response guidelines
C. Risk assessment
D. Mobile site plan

A

Answer: D

Details of mobile sites are part of a disaster recovery plan, rather than a business continuity plan, since they are not deployed until after a disaster strikes.

244
Q
  1. How soon after an incident should a postmortem review take place?

A. Within 24 hours
B. Within one week
C. Within one month
D. Within three months

A

Answer: B

Postmortem reviews are most effective if conducted within one week of an incident. Reviews conducted a month or more after an incident suffer because of the fading memories of responders.

245
Q
  1. What is the length of a patent in the United States?

A. 7 years
B. 14 years
C. 20 years
D. 35 years

A

Answer: C

US patents are generally issued for a period of 20 years.

246
Q
  1. Attempts to access an e-commerce site suddenly fail, and users receive a “Server unavailable” message. Evidence indicates that this error is the result of a malicious attack. What type of attack is most likely?

A. Malicious code
B. Denial of service
C. Compromise
D. Scanning

A

Answer: B

The “Server unavailable” message indicates that the attack is likely a denial of service attack, designed to affect the availability of computing resources.

247
Q
  1. In what DES mode is each block of unencrypted static text XORed with the immediately preceding block of cipher text before it is encrypted?

A. Electronic Codebook
B. Cipher Block Chaining
C. Cipher Feedback
D. Output Feedback

A

Answer: B

In the Cipher Block Chaining (CBC) mode, each block of unencrypted static text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.

248
Q
  1. What type of attack is amplified by a third-party network?

A. Teardrop
B. Ping of death
C. Smurf
D. Land

A

Answer: C

The smurf attack uses a third-party network to amplify the denial of service attack.

249
Q
  1. In disaster recovery terms, which concept best captures the proverb “Don’t put all your eggs in one basket”?

A. Service bureau
B. Disaster recovery plan
C. Mobile sites
D. Multiple sites

A

Answer: D

By splitting or dividing your outfit into several divisions, branches, offices, and so on, you create multiple sites and reduce the impact of a major disaster.

250
Q
  1. Who is responsible for the day-to-day maintenance of objects?

A. The user
B. The owner
C. The custodian
D. The administrator

A

Answer: C

A custodian is someone who has been assigned to or delegated the day-to-day responsibility of proper storage and protection of objects. A user is any subject who accesses objects on a system to perform some action or accomplish a work task. An owner is the person who has final corporate responsibility for the protection and storage of data. When discussing access to objects, three subject labels are used: user, owner, and custodian. Therefore, administrator is not an appropriate choice.