P/E 2 Flashcards
- What law protects the privacy rights of students?
A. HIPAA
B. SOX
C. GLBA
D. FERPA
Answer: D
The Family Educational Rights and Privacy Act (FERPA) protects the rights of students and the parents of minor students.
- Which electronic mail security program is based on building a web of trust?
A. PGP
B. S/MIME
C. MOSS
D. PEM
Answer: A
Phil Zimmerman’s Pretty Good Privacy (PGP) package relies on the construction of a web of trust between system users.
- ___________________ is an attack in which you receive unwanted, inappropriate, or irrelevant email messages.
A. Spamming
B. Impersonation
C. Masquerading
D. Spoofing
Answer: A
Spamming is an attack in which you receive unwanted, inappropriate, or irrelevant email messages.
- In what scenario would you perform bulk transfers of backup data to a secure offsite location?
A. Incremental backup
B. Differential backup
C. Full backup
D. Electronic vaulting
Answer: D
Electronic vaulting describes the transfer of backup data to a remote backup site in a bulk-transfer fashion.
- Which one of the following is not a major asset category normally covered by the BCP (business continuity plan)?
A. People
B. Documentation
C. Infrastructure
D. Building/facilities
Answer: B
The BCP normally covers three major asset categories: people, infrastructure, and buildings/facilities.
- David ran an nmap scan against a server and determined that port 443 is open on the server. What tool would likely provide him the best additional information about the server’s purpose and the identity of the server’s operator?
A. ssh
B. Web browser
C. telnet
D. Ping
Answer: B
The server is likely running a secure website on port 443. Using a web browser to access the site may provide important information about the site’s purpose.
- What type of intellectual property protection is best suited for computer software?
A. Copyright
B. Trademark
C. Patent
D. Trade secret
Answer: D
Trade secrets are one of the best legal protections for computer software.
8. What is the value of the logical operation shown here? X: 0 1 1 0 1 0 Y: 0 0 1 1 0 1 \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ X ⨁ Y: ?
A. 0 1 1 1 1 1
B. 0 1 0 1 1 1
C. 0 0 1 0 0 0
D. 1 0 0 0 0 0
Answer: B
The ⨁ symbol represents the exclusive OR (XOR) function, which is true when one and only one of the input bits is true.
- John found a vulnerability in his code where an attacker can enter too much input and then force the system running the code to execute arbitrary commands. What type of vulnerability has John discovered?
A. TOCTTOU
B. Buffer overflow
C. XSS
D. XSRF
Answer: B
Buffer overflow vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size. Input that is too large can “overflow” a data structure to affect other data stored in the computer’s memory.
- Which one of the following is also known as the Caesar cipher?
A. ROT2
B. ROT3
C. ROT8
D. ROT11
Answer: B
The Caesar cipher, also known as the ROT3 cipher, shifts all characters in the plain text three letters to the right to create the cipher text.
- What Japanese cipher system was broken by the United States during World War II?
A. Ultra
B. Purple
C. Enigma
D. VENONA
Answer: B
The Japanese Purple cipher system was broken by the Allies and contributed to their victory in World War II. Ultra was the effort to break the German Enigma cipher system. VENONA was an American effort to break a Soviet cipher during the 1940s.
- What is the output value of the mathematical function 19 mod 4?
A. 3
B. 4
C. 5
D. 6
Answer: A
Nineteen divided by 4 equals 4, with a remainder value of 3.
- When a user is attempting to connect to a SNMP service on an internal system that while booted and functioning is not actually running an SNMP server, what information response will their system receive?
A. UDP error
B. TCP RST
C. ICMP Type 3
D. DNS lookup error
Answer: C
SNMP is a UDP-based service. UDP does not have any means of sending back errors, because it is a simplex protocol. Thus, when UDP errors occur, the system will switch protocols and use ICMP to send back information. In the case of a non-existing service, the port is thus not available, so an ICMP Type 3 error will be returned.
- Matthew receives a digitally signed message from Christopher. What key should Matthew use to verify the digital signature?
A. Christopher’s public key
B. Christopher’s private key
C. Matthew’s public key
D. Matthew’s private key
Answer: A
Matthew uses Christopher’s public key to verify the digital signature on the message.
- What kind of recovery facility enables an organization to resume operations as quickly as possible, if not immediately upon failure of the primary facility?
A. Hot site
B. Warm site
C. Cold site
D. All of the above
Answer: A
Hot sites provide backup facilities maintained in constant working order and fully capable of taking over business operations.
- In which phase of the business impact assessment do you compute loss expectancies?
A. Risk assessment
B. Likelihood assessment
C. Impact assessment
D. Resource prioritization
Answer: C
Loss expectancies are a measure of impact and are calculated during the impact assessment phase.
- What type of virus always loads itself automatically when the system starts?
A. MBR virus
B. File infector virus
C. Stealth virus
D. Polymorphic virus
Answer: A
Master boot record (MBR) viruses infect the system’s boot sector and load when the system is started.
- What government agency is responsible for developing standards and guidelines for federal computer systems?
A. NIST
B. CIA
C. FBI
D. NSA
Answer: A
The National Institute of Standards and Technology (NIST) is responsible for developing standards and guidelines for federal computer systems. They may draw on the technical expertise of the National Security Agency for assistance.
- Who administers the European Union safe harbor provisions in the United States?
A. Department of State
B. Department of Education
C. Department of Commerce
D. Department of Defense
Answer: C
The Department of Commerce maintains the EU safe harbor provisions for American companies.
- The ____________ data model has data stored in more than one database, but the data is still logically connected. The user perceives the database as a single entity, even though it comprises numerous parts interconnected over a network.
A. Hierarchical
B. Normalized
C. Distributed
D. Relational
Answer: C
The distributed data model has data stored in more than one database, but the data is still logically connected. The user perceives the database as a single entity, even though it comprises numerous parts interconnected over a network.
- When someone launches a typical software product, such as a web browser or a text editor, it is executed in what mode of operation managed by the OS?
A. Privileged mode
B. User mode
C. Supervisory mode
D. Kernel mode
Answer: B
User mode is the basic mode used by the CPU when executing user applications. In this mode, the CPU allows the execution of only a portion of its full instruction set. This is designed to protect users from accidentally damaging the system through the execution of poorly designed code or the unintentional misuse of that code.
- What is qualitative risk analysis based on?
A. Dollar values
B. Concrete percentages
C. Historical logs and records
D. Opinions
Answer: D
The process of performing qualitative risk analysis involves judgment, intuition, and experience—in other words, opinions.
- Which of the following is not a requirement for the use of a one-time pad?
A. The encryption key must be at least one-half the length of the message to be encrypted.
B. The encryption key must be randomly generated.
C. Each one-time pad must be used only once.
D. The one-time pad must be physically protected against disclosure.
Answer: A
The encryption key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message. The three other facts listed are all characteristics of one-time pad systems.
- An organization wants to ensure that users can run only specific applications. Which of the following techniques is the best choice to support this goal?
A. Whitelisting
B. Blacklisting
C. Sampling
D. Watermarking
Answer: A
Whitelisting allows administrators to specify a list of authorized applications. Any applications not on the list cannot run. Blacklisting is a list of unauthorized applications. Sampling is a form of data reduction and not related to running applications. Watermarking embeds an image or other mark on printed documents and files and helps prevent data loss.
- Which one of the following is not a basic requirement for the admissibility of evidence?
A. Timely
B. Relevant
C. Material
D. Competent
Answer: A
To be admissible, evidence must be relevant, material, and competent.
- Which one of the following business impact assessment variables is used to estimate the amount of damage an organization incurs each time an event occurs?
A. AV
B. SLE
C. ARO
D. MTD
Answer: B
The single loss expectancy (SLE) estimates the amount of damage that occurs each time a risk materializes for an organization.
- Which one of the following pieces of BCP (business continuity plan) documentation would provide procedures for notifying executives of a potential disruption?
A. Vital records program
B. Emergency-response guidelines
C. Business impact assessment
D. Statement of urgency
Answer: B
The emergency-response guidelines outline organizational and individual responsibilities for immediate response to an emergency situation. These include executive notification procedures.
- Your database administrators recommend performing bulk transfer backups to a remote site on a daily basis. What type of strategy are they recommending?
A. Transaction logging
B. Electronic vaulting
C. Remote journaling
D. Remote mirroring
Answer: B
Electronic vaulting uses bulk transfers to copy database contents to a remote site on a periodic basis.
- What database backup technology applies database transactions in real time at both primary and alternate sites?
A. Remote mirroring
B. Electronic vaulting
C. Remote journaling
D. Fault tolerance
Answer: A
Remote mirroring technology maintains mirrored images of servers at both the primary and alternate sites.
- What is the maximum effective key length of the Triple DES (3DES) encryption algorithm?
A. 56 bits
B. 64 bits
C. 112 bits
D. 168 bits
Answer: D
When run in DES-EEE3 mode, Triple DES has an effective key length of 168 bits.
- Which of the following is not a physical control for physical security?
A. Fencing
B. Closed-circuit TV (CCTV)
C. Lighting
D. Locks or keypads
Answer: B
Physical controls for physical security include fencing, lighting, locks, construction materials, mantraps, dogs, and guards. CCTV is a technical physical security control and also has deterrent and detective elements, but it is not a physical control for direct physical security itself.
- _________________ is a technology that can allow an automated tool to interact with a human interface.
A. Remote control
B. Virtual desktops
C. Remote node operation
D. Screen scraping
Answer: D
Screen scraping is a technology that can allow an automated tool to interact with a human interface.
- When conducting an internal investigation, what is the most common source of evidence?
A. Historical data
B. Search warrant
C. Subpoena
D. Voluntary surrender
Answer: D
Internal investigations usually operate under the authority of senior managers, who grant access (i.e., voluntary surrender) to all information and resources necessary to conduct the investigation.
- Which form of access abuse simply involves following authorized personnel through security gateways or passages?
A. Injection
B. Masquerading
C. Intrusion
D. Piggybacking
Answer: D
Piggybacking is a method of gaining unauthorized access to computer facilities by following an authorized employee through a controlled door.
- What phase of the Electronic Discovery Reference Model puts evidence in a format that may be shared with others?
A. Production
B. Processing
C. Review
D. Presentation
Answer: A
Production places the information in a format that may be shared with others.
- What type of contract provision requires a vendor to provide a specified level of service to clients?
A. ERP
B. ARO
C. SLA
D. MTD
Answer: C
A service-level agreement (SLA) specifies the terms of service provided by a vendor to a client and may include penalties for noncompliance.
- While performing network packet capture analysis, you discover packets that seem odd. By looking into the packet’s raw hex display, you see that the byte offset position 0x2F has the value of 0x08. What was this packet attempting to make occur?
A. Abruptly disconnect a session
B. Confirm the receipt of a data set
C. Start a graceful hang-up process
D. Initiate a new session connection
Answer: A
The raw hex value of 0x08 in offset position 0x2F represents the binary number of 00000100. When this binary number is compared to the TCP header flag (i.e., the offset position 0x2F) layout of XXUAPRSF, it is clear the Reset flag is set. Thus, this packet is attempting to abruptly disconnect a session.
- What is the best way to understand the meaning of the term 500-year flood?
A. A flood that occurs once every 500 years
B. A flood larger than any recorded in the past 500 years
C. A very serious but very unlikely flood event
D. A very serious flood that has a probability of 1 in 500 (0.2%) of occurring in any single calendar year
Answer: D
Flood levels rated in years (100-year, 500-year, 1,000-year, and so forth) basically reflect estimates of the probability of their occurrence. A 100-year flood has a 1 in 100 chance of occurring in any given calendar year (1%), a 500-year flood has a 1 in 500 chance of occurring in any given calendar year, and so forth. Options A and B misrepresent the meaning of the 500-year interval mentioned, while option C fails to address its probabilistic intent.
- Information flow models are designed to prevent ______________________ information flow, often between different levels of security.
A. Old, outdated, or obsolete
B. New, untested, and out-of-the-ordinary
C. Unauthorized, insecure, or restricted
D. Fast, efficient, and prompt
Answer: C
Information flow models are designed to prevent unauthorized, insecure, or restricted information flow, often between different levels of security.
- Which one of the following data roles is responsible for classifying data?
A. Administrator
B. Custodian
C. Owner
D. User
Answer: C
Owners have ultimate responsibility for the data and ensuring that is classified properly. The administrator assigns permissions based on the principles of least privilege and need to know. A custodian protects the integrity and security of the data. Users simply access the data.
- What action usually closes the identification phase of incident response?
A. Publishing an incident report
B. Gathering evidence of the incident
C. Notifying the incident response team
D. Isolating compromised systems
Answer: C
The identification phase usually concludes with the notification of the incident response team.
- How many rounds of encryption take place when the Data Encryption Standard (DES) is used?
A. 1
B. 3
C. 16
D. 32
Answer: C
DES utilizes 16 rounds of exclusive OR (XOR) operations to encrypt or decrypt a single block of each message encountered.
- What rule of evidence states that a written agreement is assumed to contain all terms of the agreement?
A. Real evidence
B. Best evidence
C. Parol evidence
D. Chain of evidence
Answer: C
The parol evidence rule states that when an agreement between parties is put into written form, the written document is assumed to contain all the terms of the agreement and no verbal agreements may modify the written agreement.
- Which of the following should be generally worker/user accessible?
A. Mission-critical data center
B. Main workspaces
C. Server vault
D. Wiring closet
Answer: B
Only the main workspaces should be generally worker/user accessible. The mission-critical data center, server vault, and wiring closets should be restricted to administrators and other specialized and authorized personnel.
- Which one of the following backup types does not alter the archive bit on backed-up files?
A. Full backup
B. Remote journaling
C. Incremental backup
D. Differential backup
Answer: D
Differential backups store all files that have been modified since the time of the most recent full backup. They do not alter the archive bit.
- Which of the following is not an important reason to implement physical layers of security in an installation to protect areas where sensitive information is stored and used?
A. Because access to sensitive areas can then be monitored and controlled
B. Because additional checks on identity and authorization can be required before allowing entry
C. Because visitors or other unclassified staff can be kept away from sensitive areas
D. Because access from public or low-security areas to sensitive areas never occurs
Answer: D
Access into sensitive areas from public or low-security areas actually occurs frequently and is one of the primary reasons solid physical security is necessary.
- Alarms, CCTV, and monitoring devices are useful tools that fall under what form of access control?
A. Technical access control B. Administrative access control C. Logical access control D. Physical access control q
Answer: A
Technical physical security controls include access controls; intrusion detection; alarms; closed-circuit television (CCTV); monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression.
- Juniper Enterprises’ data center lies in a 500-year FEMA flood plain. What is the likelihood that a flood will affect the data center in any given year?
A. 1%
B. 5%
C. 0.2%
D. 0.1%
Answer: C
Flooding is expected once every 500 years in a 500-year flood plain. This is equivalent to a 0.2% annual risk of flood.
- Which of the following represents a natural disaster for which little or no warning is common?
A. Earthquake
B. Hurricane or typhoon
C. Flood
D. Tsunami
Answer: A
Of the natural disasters listed for this question, predictive techniques are least understood for earthquakes, which can (and do) happen with little or no notice. Big storms and potential flooding are carefully monitored and reported on by media and government channels, often days in advance of anticipated events. Tsunami reporting and warnings are now widespread around the globe, with warning of hours or more increasingly typical in the wake of the 2005 Indian Ocean tsunami that devastated so many areas in southern Asia and its archipelagos.
- RSA encryption relies on the use of two ___________________.
A. One-way functions
B. Prime numbers
C. Hash functions
D. Elliptic curves
Answer: B
The strength of RSA encryption relies on the difficulty of factoring the two large prime numbers used to generate the encryption key.
- What procedure returns business facilities and environments to a working state?
A. Reparation
B. Restoration
C. Respiration
D. Recovery
Answer: B
Disaster restoration involves restoring a business facility and environment to a workable state.
- What is the goal of a business continuity program?
A. Ensure that MTDs and RTOs are equal
B. Ensure that MTDs and RTOs do not coexist
C. Ensure that MTDs are less than RTOs
D. Ensure that RTOs are less than MTDs
Answer: D
The goal of a business continuity program is to ensure that recovery time objectives are shorter than maximum tolerable downtime measures.
- Which of the following definitions best explains the purpose of an intrusion detection system?
A. A product that inspects incoming and outgoing traffic across a network boundary to deny transit to unwanted, unauthorized, or suspect packets
B. A device that provides secure termination or aggregation for IP phones, VoIP handsets, and softphones
C. A device that, using complex content categorization criteria and content inspection, prevents potentially dangerous content from entering a network
D. A product that automates the inspection of audit logs and real-time event information to detect intrusion attempts and possibly also system failures
Answer: D
An intrusion detection system (IDS) is a product that automates the inspection of audit logs and real-time event information to detect intrusion attempts. Option A defines a firewall, option B defines an IP telephony security gateway, and option C defines a content filtering system.
- Of the following choices, what is a primary goal of change management?
A. Personnel safety
B. Allowing rollback of changes
C. Ensuring that changes do not reduce security
D. Auditing privilege access
Answer: C
The goal of change management is to ensure that any change does not lead to unintended outages or reduce security. Change management doesn’t affect personnel safety. A change management plan will commonly include a rollback plan, but that isn’t a specific goal of the program. Change management doesn’t perform any type of auditing.
- What law makes it a crime to cause malicious damage to a “federal interest” computer?
A. Computer Security Act
B. Computer Fraud and Abuse Act
C. Federal Sentencing Guidelines
D. Government Information Security Reform Act
Answer: B
Amendments to the Computer Fraud and Abuse Act criminalize causing damage to federal systems, federal interest systems, and computers involved in interstate commerce.
- Matthew recently completed writing a new song and posted it on his website. He wants to ensure that he preserves his copyright in the work. As a US citizen, which of the following is the minimum that he must do to preserve his copyright in the song?
A. Register the song with the US Copyright Office.
B. Mark the song with the © symbol.
C. Mail himself a copy of the song in a sealed envelope.
D. Nothing.
Answer: D
Matthew is not required to do anything. Copyright protection is automatic as soon as he creates the work.
- What law requires that communications carriers cooperate with federal agencies conducting a wiretap?
A. CFAA
B. CALEA
C. EPPIA
D. ECPA
Answer: B
The Communications Assistance to Law Enforcement Act (CALEA) requires all communications carriers to make wiretaps possible for law enforcement with an appropriate court order.
- Which of the following is not a valid issue to consider when evaluating a safeguard?
A. Cost/benefit analysis
B. Compliance with existing baselines
C. Legal liability and prudent due care
D. Compatibility with IT infrastructure
Answer: B
New safeguards establish new baselines; thus, compliance with existing baselines is not a valid consideration point.
- Which of the following is an example of administrative law?
A. United States Code
B. European Union Directives
C. United States Constitution
D. Code of Federal Regulations
Answer: D
The Code of Federal Regulations (CFR) is an example of administrative law.
- What type of backup will copy only those files that have been modified since the most recent full backup?
A. Full backup
B. Incremental backup
C. Journaled backup
D. Differential backup
Answer: D
Differential backups copy all files modified since the most recent full backup.
- Which one of the following attacks allows an attacker to execute arbitrary commands against the database supporting a web application?
A. SQL injection
B. Transaction manipulation
C. Cross-site scripting
D. Parameter manipulation
Answer: A
SQL injection attacks allow attackers to include their own SQL commands in the commands issued by a web application to a database.
- Which one of the following would be considered a system compromise?
A. Forged spam email appearing to come from your organization
B. Unauthorized use of an account by the legitimate user’s relative
C. Probing a network searching for vulnerable services
D. Infection of a system by a virus
Answer: B
Sharing an account with a relative allows unauthorized access to a system, meeting the definition of a compromise. Forged spam email does not necessarily require access to your organization’s computing resources. Probing a network for vulnerable services is a scanning attack. Infection of a system by a virus is a malicious code attack.
- What procedure returns business operations and processes to a working state?
A. Recovery
B. Restoration
C. Reparation
D. Respiration
Answer: A
Disaster recovery is the ability to recover from the loss of a complete site, whether because of natural disaster or malicious intent.
- The operating system design concept of protection rings was derived from what early operating system?
A. Windows
B. Unix
C. Multics
D. Macintosh
Answer: C
Multics has left two enduring legacies in the computing world. First, it inspired the creation of a simpler, less-intricate operating system called Unix (a play on the word multics), and second, it introduced the idea of protection rings to operating system design.
- Which one of the following patterns of activity is indicative of a scanning attack?
A. Large number of blocked connection attempts on port 22
B. Large number of successful connection attempts on port 80
C. Large number of successful connection attempts on port 443
D. Large number of disk failure events
Answer: A
A high number of blocked connection attempts may indicate that an attacker is scanning systems that do not offer a particular service on a particular port. Port 22 is the TCP port usually used by the Secure Shell (SSH) protocol, a common target of scanning attacks.
- Which one of the following assumptions is not necessary before you trust the public key contained on a digital certificate?
A. The digital certificate of the CA is authentic.
B. You trust the sender of the certificate.
C. The certificate is not listed on a CRL.
D. The certificate actually contains the public key.
Answer: B
You do not need to trust the sender of a digital certificate as long as the certificate meets the other requirements listed and you trust the certification authority.
- What technology can be used to minimize the impact of a server failure immediately before the next backup was scheduled?
A. Clustering
B. Differential backups
C. Remote journaling
D. Tape rotation
Answer: A
Clustering servers adds a degree of fault tolerance, protecting against the impact of a single server failure.
- Which of the following is the term used for any potential occurrence that can cause an undesirable or unwanted outcome to an organization or to a specific asset?
A. Realized risk
B. Incident
C. Breach
D. Threat
Answer: D
A potential occurrence that can cause an undesirable or unwanted outcome to an organization or to a specific asset is a threat.
- Why are military and intelligence attacks among the most serious computer crimes?
A. The use of information obtained can have far-reaching detrimental strategic effects on national interests in an enemy’s hands.
B. Military information is stored on secure machines, so a successful attack can be embarrassing.
C. The long-term political use of classified information can impact a country’s leadership.
D. The military and intelligence agencies have ensured that the laws protecting their information are the most severe.
Answer: A
The purpose of a military and intelligence attack is to acquire classified information. The detrimental effects of using such information could be nearly unlimited in the hands of an enemy.
- What is the typical activation time for a warm site?
A. 1 hour
B. 12 hours
C. 24 hours
D. 72 hours
Answer: B
Warm sites can typically be activated within 12 hours.
- What is a common security risk when using grid computing solutions that consume available resources from computers over the Internet?
A. Loss of data privacy
B. Latency of communication
C. Duplicate work
D. Capacity fluctuation
Answer: A
In many grid computing implementations, grid members can access the contents of the distributed work segments or divisions. This grid computing over the Internet is not usually the best platform for sensitive operations.
- A momentary loss of power is what form of power issue?
A. Brownout
B. Spike
C. Sag
D. Fault
Answer: D
A fault is any abnormal situation in an electrical system when electrical current does not flow through the intended parts.
- What is residual risk?
A. The risk remaining after a countermeasure is installed
B. The level of risk that slowly evaporates over time as implemented safeguards mature
C. The total amount of risk an organization faces
D. The risk that management chooses to accept rather than mitigate
Answer: D
Residual risk is the risk that management has chosen to accept rather than mitigate.
- Where is a good location for a turnstile?
A. Main entrance to a secure area
B. Primary entrance for the public to enter a retail space
C. On secondary or side exits
D. On internal office intersections
Answer: C
Turnstiles are most appropriate on secondary or side exits where a security guard is not available or is unable to maintain constant surveillance. The other options listed are not as ideal for the use of a turnstile.
- What type of malicious code appears to be a beneficial program but actually performs some type of malicious activity in the background?
A. Virus
B. Worm
C. Trojan horse
D. Logic bomb
Answer: C
Trojan horses are programs that appear to the user to be some type of beneficial program (such as a game or utility) but perform a malicious activity in the background.
- You were hired to perform a business impact assessment for a company located in Southern California and are evaluating the firm’s exposure to wildfires. You’ve determined that the value of the firm’s facilities and equipment is $10,000,000. After consulting fire experts, you’ve determined that there is a 10 percent chance that the facility will be 75 percent destroyed by wildfire in a given year. What is the single loss expectancy?
A. $75,000
B. $100,000
C. $750,000
D. $7,500,000
Answer: D
The single loss expectancy is computed by multiplying the asset value ($10,000,000) by the exposure factor (75 percent). In this case, the single loss expectancy is $7,500,000.
- Which of the following serve as operational guides for both security professionals and users, are flexible, and state what should be done instead of prescribing a specific product or control?
A. Policies
B. Baselines
C. Guidelines
D. Procedures
Answer: C
Guidelines serve as operational guides for both security professionals and users. They are flexible, so they can be customized for each unique system or condition. Guidelines state what should be done (in other words, what security mechanisms should be deployed) instead of prescribing a specific product or control and detailing configuration settings. Guidelines outline methodologies, include suggested actions, and are not compulsory.
- What regulation formalizes the prudent man rule, requiring that senior executives of an organization take personal responsibility for ensuring due care?
A. National Information Infrastructure Protection Act
B. Federal Information Security Management Act
C. Information Security Reform Act
D. Federal Sentencing Guidelines
Answer: D
The Federal Sentencing Guidelines formalized the prudent man rule and applied it to information security.
- Which one of the following determinations might result from a qualitative risk assessment?
A. Annualized loss expectancy
B. Single loss expectancy
C. Categorical prioritization
D. Exposure factor
Answer: C
Qualitative risk assessment uses nonnumerical factors, such as categorical prioritization. The other choices listed are examples of factors used in quantitative risk assessment.
- True or false: all compliance obligations are dictated by state, federal, or international law?
A. True
B. False
Answer: B
Some compliance obligations are dictated by contractual relationships, such as the Payment Card Industry Data Security Standard.
- Which of the following represent natural events that can pose a threat or risk to an organization?
A. Earthquake
B. Tornado
C. Flood
D. All of the above
Answer: D
Natural events that can threaten organizations include earthquakes, floods, hurricanes, tornados, wildfires, and other acts of nature.
- What layer of the ring protection scheme includes programs running in supervisory mode?
A. Level 0
B. Level 1
C. Level 3
D. Level 4
Answer: A
Supervisory mode programs are run by the security kernel, at Level 0 of the ring protection scheme.
- Which of the following is the least secure method for determining whether software is infected by a virus?
A. Scan it with a virus inspection tool.
B. Execute it.
C. Verify the size of its core files.
D. Perform a cyclic redundancy check (CRC) on its core files.
Answer: B
Users should never test an executable by executing it.
- What security principle ensures a unique memory area for each application running on a system?
A. Process isolation
B. Protection rings
C. Abstraction
D. Security kernel
Answer: A
Process isolation, also called memory protection, ensures that each process has its own isolated memory space for the storage of data and the actual executing application code.
- What is the most common and inexpensive form of physical access control device?
A. Cameras
B. Mantraps
C. Escape hatch
D. Locks
Answer: D
Locks are an essential and integral component to any business environment because they restrict access to only those who possess the key. They are found virtually everywhere that humans may access areas, systems, and so on.
- What is the main goal of business continuity planning?
A. Restore operations to the primary site as quickly as possible.
B. Implement a smooth transition to an alternative site without loss of data.
C. Reduce the likelihood that a disaster will destroy your data processing facility.
D. Ensure the continuous operation of the business in an emergency.
Answer: D
Business continuity planning is designed to keep your business up and running in the face of an emergency.
- Which of the following is not a useful item to consider when establishing the value of an asset?
A. Development cost
B. Intellectual property or equity value
C. Liability of asset loss
D. Classification level
Answer: D
Classification level is assigned based on an asset’s value as well as its sensitivity and confidentiality. It is not used as a valuation element.
- The Data Encryption Standard (DES) cipher operates on blocks of text of what size?
A. 56 bits
B. 64 bits
C. 112 bits
D. 128 bits
Answer: B
The DES cipher operates on messages in 64-bit blocks.
- An organization recently installed and configured a database application on a server. The application uses service accounts and these accounts were granted administrator access on the network to streamline configuration. Later, malware infected the server and used the application service account to escalate its privileges as an administrator. Which of the following principles was not followed?
A. Privilege creep
B. Separation of duties
C. Need-to-know
D. Principle of least privilege
Answer: D
Granting the service account full network administrator privileges violates the principle of least privilege. It is often easier to configure it this way, but it is not secure. Privilege creep occurs when users are granted additional privileges as job requirements change, but unneeded privileges are not removed. Separation of duties ensures a single entity doesn’t control all elements of a critical process. Need-to-know ensures users are granted access to only the data they need and no more.
- Which of the following provides the best protection to ensure the confidentiality of data at rest?
A. Destruction
B. Encryption
C. Sanitization
D. Marking
Answer: B
Encryption provides strong protection to ensure the confidentiality of data at rest and is the best choice of the available answers.
- Christopher recently received word that his application for a trademark was approved by the US Patent and Trademark Office. What symbol should he use next to the name to indicate its protected status?
A. ©
B. ®
C. ™
D. †
Answer: B
The ® symbol is reserved for trademarks that have received official registration status by the US Patent and Trademark Office.
- Matthew and Richard want to communicate with each other using a public key cryptosystem. What is the total number of keys they must have to successfully communicate?
A. 1
B. 2
C. 3
D. 4
Answer: D
To use public key cryptography, Matthew and Richard must each have their own pair of public and private cryptographic keys.
- What occurs when the relationship between the plain text and the key is complicated enough that an attacker can’t merely continue altering the plain text and analyzing the resulting cipher text to determine the key? (Choose all that apply.)
A. Confusion
B. Transposition
C. Polymorphism
D. Diffusion
Answer: A;D
Confusion and diffusion are two principles underlying most cryptosystems.
- The purchasing of insurance is a form of ___________________.
A. Risk mitigation
B. Risk assignment
C. Risk acceptance
D. Risk rejection
Answer: B
Insurance is a form of risk assignment or transference.
- What is the duration of trade secret protection under federal law?
A. 20 years
B. 25 years
C. 50 years
D. Unlimited
Answer: D
There is no limit to the duration of trade secret protection.
- Issues commonly addressed in a(n) _____________ include system uptime requirements, peak and average load expectations, diagnostic responsibilities, failover and redundancy, and financial or contractual remedies for noncompliance.
A. MOU
B. ECDHE
C. SLA
D. OCSP
Answer: C
Issues commonly address in a service-level agreement (SLA) include system uptime requirements, peak and average load expectations, diagnostic responsibilities, failover and redundancy, and financial or contractual remedies for noncompliance.
- Which backup format stores only those files that have been set with the archive bit and have been modified since the last complete backup?
A. Differential backup
B. Partial backup
C. Incremental backup
D. Full backup
Answer: A
Differential backups store all files that have been modified since the time of the most recent full backup; they affect only those files that have the archive bit turned on, enabled, or set to 1.
- What is the major weakness inherent in public key cryptography systems?
A. Slow speed
B. Difficulty of key exchange
C. Lack of scalability
D. Lack of nonrepudiation capability
Answer: A
Public key cryptosystems are notoriously slower than their secret key counterparts. They eliminate the difficulty of key exchange and provide for both scalability and nonrepudiation.
- What type of disaster recovery test is the simplest to perform?
A. Structured walk-through
B. Read-through
C. Simulation
D. Parallel
Answer: B
In the read-through test, you distribute copies of the disaster recovery plan to key personnel for review but do not actually meet or perform live testing.
- Which one of the following business impact assessment variables provides the recovery time objective for a business function?
A. AV
B. SLE
C. ARO
D. MTD
Answer: D
The maximum tolerable downtime (MTD) is equivalent to the recovery time objective (RTO). It provides the maximum length of time a business function can be inoperable without causing irreparable harm to the business.