P/E 3 Flashcards

Question 1

Q

Which of the following is not a valid means to improve the security offered by password authentication?

A. Enabling account lockout controls
B. Enforcing a password policy
C. Using password-verification tools and password-cracking tools against your password database file
D. Allowing users to reuse the same password

Answer

A

Answer: D

Preventing password reuse by tracking password history increases security but allowing users to reuse the same password does not increase security. You can also improve password security by enabling account lockout controls, enforcing a password policy, and using password verification tools to check the strength of existing passwords.

Question 2

Q

What provides data for re-creating the history of an event, intrusion, or system failure?

A. Security policies
B. Log files
C. Audit reports
D. Business continuity planning

Answer

A

Answer: B

Log files provide an audit trail for re-creating the history of an event, intrusion, or system failure. An audit trail includes log files and can reconstruct an event, extract information about an incident, and prove or disprove culpability. Security policies are documents that define security requirements for an organization. An audit report includes details gleaned from log files. Business continuity planning occurs before an event, such as a disaster, in an attempt to reduce the impact of the event.

Question 3

Q

What category of malicious software includes rogue antivirus software?

A. Logic bombs
B. Worms
C. Trojan horses
D. Spyware

Answer

A

Answer: C

Rogue antivirus software is an example of a Trojan horse. Users are tricked into installing it, and once installed, it steals sensitive information and/or prompts the user for payment.

Question 4

Q

What is the most important aspect of a biometric device?

A. Accuracy
B. Acceptability
C. Enrollment time
D. Invasiveness

Answer

A

Answer: A

The most important aspect of a biometric factor is its accuracy. If a biometric factor is not accurate, it may allow unauthorized users into a system. Acceptability by users, the amount of time it takes to enroll, and the invasiveness of the biometric device are additional considerations but not as important as its accuracy.

Question 5

Q

In areas where technical controls cannot be used to prevent virus infections, what should be used to prevent them?

A. Security baselines
B. Awareness training
C. Traffic filtering
D. Network design

Answer

A

Answer: B

Educating users is an important part of preventing virus infections and works with technical controls such as antivirus software. Security baselines provide a secure starting point for a system as a technical control. Traffic filtering is another technical control that can block viruses. Network design can be used to control the flow of traffic as a technical control.

Question 6

Q

What standard governs the creation of digital certificates used in the public key infrastructure?

A. FIPS 180-2
B. S/MIME
C. X.509
D. 802.1x

Answer

A

Answer: C

X.509 defines a common format for digital certificates containing certification of a public encryption key.

Question 7

Q

What is the final stage in the life cycle of backup media, occurring after or as a means of sanitization?

A. Degaussing
B. Destruction
C. Declassification
D. Defenestration

Answer

A

Answer: B

Destruction is the final stage in the life cycle of backup media. Destruction should occur after proper sanitization or as a means of sanitization.

Question 8

Q

Security mechanisms, tools, and practices that deter and mitigate malicious activity and events are what type of control?

A. Preventive control
B. Directive control
C. Corrective control
D. Recovery control

Answer

A

Answer: A

Preventive controls are the actual mechanisms by which malicious acts and activities are reduced or prevented entirely.

Question 9

Q

Beth is looking through web server logs and finds form input that looks like this:

13>SCRIPT>alert(‘Enter your password’)>/SCRIPT>

What type of attack has she likely discovered?

A. XSS
B. SQL injection
C. XSRF
D. TOCTTOU

Answer

A

Answer: A

The use of the tag is a telltale sign of a cross-site scripting (XSS) attack.

Question 10

Q

What security flaw conveys information by writing data to a common storage area where another process can read it?

A. Covert timing channel
B. Buffer overflow
C. Covert storage channel
D. Maintenance hook

Answer

A

Answer: C

A covert storage channel conveys information by writing data to a common storage area where another process can read it. Storing data in such a way introduces a security flaw that allows unauthorized users to access the data.

Question 11

Q

APTs are most closely related to what type of attack category?

A. Military attacks
B. Thrill attacks
C. Grudge attacks
D. Insider attacks

Answer

A

Answer: A

Advanced persistent threats (APTs) are often associated with government and military actors.

Question 12

Q

What is a divestiture?

A. Asset or employee reduction
B. A distribution of profits to shareholders
C. A release of documentation to the public
D. A transmission of data to law enforcement during an investigation

Answer

A

Answer: A

A divestiture is an asset or employee reduction.

Question 13

Q

There are generally three forms of governance within an enterprise organization, all of which have common goals, such as to ensure continued growth and expansion over time and to maintain resiliency to threats and the market. Which of the following is not one of these common forms of governance?

A. IT
B. Facility
C. Corporate
D. Security

Answer

A

Answer: B

The three common forms of governance are IT, corporate, and security. Facility is not usually considered a form of governance, or it is already contained within one of the other three.

Question 14

Q

What form of attack is always possible when using a non-802.1x implementation of a wireless network?

A. Password guessing
B. Encryption cracking
C. IV interception
D. Packet replay attacks

Answer

A

Answer: A

Password guessing is always a potential attack if a wireless network is not otherwise using some other form of authentication, typically accessed via 802.1x.

Question 15

Q

What is the preparation of storage media by overwriting with unclassified data for later reuse or redistribution?

A. Erasure
B. Clearing
C. Purging
D. Sanitization

Answer

A

Answer: B

Clearing is a method of sufficiently deleting data on media that will be reused in the same secured environment.

Question 16

Q

What is a secret agreement between parties to commit a criminal act against an organization or third party?

A. Collision
B. Confusion
C. Collusion
D. Contusion

Answer

A

Answer: C

Collusion is the act of two or more parties conspiring to commit a crime against another party or organization.

Question 17

Q

What type of processing makes use of a multithreading technique at the operating system level?

A. Symmetric multiprocessing
B. Multitasking
C. Multiprogramming
D. Massively parallel processing

Answer

A

Answer: A

Symmetric multiprocessing systems implement multithreading techniques at the operating system level.

Question 18

Q

Of the following, what best explains the motivation for using a preventive access control?

A. To discourage violation of security policies
B. To stop unwanted or unauthorized activity from occurring
C. To discover unwanted or unauthorized activity
D. To restore systems to normal after an unwanted or unauthorized activity has occurred

Answer

A

Answer: B

The essence of a preventive access is to prevent or stop unwanted or unauthorized activity from occurring. Option A defines a deterrent access control, option C defines a detective access control, and option D defines a corrective access control.

Question 19

Q

The University of Outer Mongolia runs a web application that processes student tuition payments via credit card and is subject to PCI DSS. The university does not wish to perform web vulnerability scans on a regular basis because they consider them too time-consuming. What technology may they put in place that eliminates the PCI DSS requirement for recurring web vulnerability scans?

A. Web application firewall
B. Intrusion prevention system
C. Network vulnerability scanner
D. None. There is no exception to the recurring web vulnerability scan requirement.

Answer

A

Answer: A

PCI DSS allows organizations to choose between performing annual web vulnerability assessment tests or installing a web application firewall.

Question 20

Q

In what type of software testing does the tester not have access to the code?

A. White box
B. Black box
C. Gray box
D. Static

Answer

A

Answer: B

Black-box testing examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output. Black-box testers do not have access to the internal code.

Question 21

Q

Which conceptual security model offers the best preventive protection against viral infection and outbreak?

A. ISO/OSI reference model
B. Concentric circle
C. Operations security triple
D. CIA Triad

Answer

A

Answer: B

A concentric circle security model represents the best practice known as defense in depth, a layered approach to protecting IT infrastructure.

Question 22

Q

What is access?

A. Functions of an object
B. Information flow from objects to subjects
C. Unrestricted admittance of subjects on a system
D. Administration of ACLs

Answer

A

Answer: B

Access is the transfer of information from an object to a subject. An object is a passive resource that does not have functions. Access is not unrestricted. Access control includes more than administration of access control lists (ACLs).

Question 23

Q

Which of the following increases vulnerabilities related to viruses?

A. Length of time the system is operating
B. The classification level of the primary user
C. Installation of software
D. Use of roaming profiles

Answer

A

Answer: C

As more software is installed, more vulnerabilities are added to the system, thus adding more avenues of attack for viruses. How long a system operates, the classification level of the user, or the use of roaming profiles does not increase vulnerabilities related to viruses.

Question 24

Q

What is the act of searching for unauthorized modems known as?

A. Dumpster diving
B. Espionage
C. System auditing
D. War dialing

Answer

A

Answer: D

War dialing is the act of searching for unauthorized modems that will accept inbound calls on an otherwise secure network in an attempt to gain access. Dumpster diving is searching through trash for information. Espionage is the act of collecting information against a competitor or foreign government. System auditing is used to assess the effectiveness of security controls.

Question 25

Q

What is the frequency of an IT infrastructure security audit or security review based on?

A. Asset value
B. Administrator discretion
C. Risk
D. Level of realized threats

Answer

A

Answer: C

The frequency of an IT infrastructure security audit or security review is based on risk. You must establish the existence of sufficient risk to warrant the expense of, and interruption caused by, a security audit on a more or less frequent basis. Asset value and threats are a part of risk but are not the whole picture, and assessments are not performed based only on either of these. A high-value asset with a low level of threats doesn’t present a high risk. Similarly, a low-value asset with a high level of threats doesn’t present a high risk. The decision to perform an audit isn’t usually relegated to an administrator.

Question 26

Q

Which one of the following techniques takes the concept of process isolation and applies it to hardware controls?

A. Layering
B. Abstraction
C. Data hiding
D. Hardware segmentation

Answer

A

Answer: D

Hardware segmentation is similar to process isolation in purpose. It prevents the access of information that belongs to a different process/security level.

Question 27

Q

What is a well-known synonym for defense in depth?

A. Confidentiality-Integrity-Accountability
B. Bastion server
C. Layered security
D. Biometric authentication

Answer

A

Answer: C

Defense in depth is also known as layered security. The motivation for layered security comes from the benefits that accrue from establishing multiple layers or levels of access controls to provide defense in depth from security threats. If one layer fails or is bypassed, defenses at other layers kick in to provide additional protection.

Question 28

Q

What element of quantitative risk analysis judges the frequency of compromise of a threat?

A. SLE
B. EF
C. AV
D. ARO

Answer

A

Answer: D

The ARO (annualized rate of occurrence) is the element of quantitative risk analysis that judges the frequency of compromise of a threat.

Question 29

Q

Your manager is concerned that the business impact assessment recently completed by the BCP team doesn’t adequately take into account the loss of goodwill among customers that might result from a particular type of disaster. Where should items like this be addressed?

A. Continuity strategy
B. Quantitative analysis
C. Likelihood assessment
D. Qualitative analysis

Answer

A

Answer: D

The qualitative analysis portion of the business impact assessment (BIA) allows you to introduce intangible concerns, such as loss of customer goodwill, into the BIA planning process.

Question 30

Q

What security services are provided by Kerberos for authentication traffic?

A. Availability and nonrepudiation
B. Confidentiality and nonrepudiation
C. Confidentiality and integrity
D. Availability and authorization

Answer

A

Answer: C

Kerberos provides confidentiality and integrity protection security services for authentication traffic using symmetric cryptography to encrypt tickets sent over the network to prove identification and provide authentication. The security services provide by Kerberos are not directly related to availability or nonrepudiation.

Question 31

Q

Which essential element of an audit report is not considered to be a basic concept of the audit?

A. Purpose of the audit
B. Recommendations of the auditor
C. Scope of the audit
D. Results of the audit

Answer

A

Answer: B

Recommendations of the auditor are not considered basic and essential concepts to be included in an audit report. Key elements of an audit report include the purpose, scope, and results of the audit.

Question 32

Q

The process by which media is prepared for irrevocable destruction to ensure no chance of data recovery goes by what name?

A. Degaussing
B. Sterilization
C. Declassification
D. Sanitization

Answer

A

Answer: D

Sanitization is the process of wiping storage media clean in preparation for disposal or destruction. It ensures that data cannot be recovered by any means from destroyed or discarded media.

Question 33

Q

What strategy basically consists of multiple layers of antivirus, malware, and spyware protection distributed throughout a given network environment?

A. CIA Triad
B. Concentric circle
C. Operations security triple
D. Separation of duties

Answer

A

Answer: B

A concentric circle security model comprises several mutually independent security applications, processes, or services that operate toward a single common goal.

Question 34

Q

What security mode allows systems to process information at more than one level of security even when all users do not have appropriate clearances?

A. Dedicated
B. Multilevel
C. Compartmented
D. System high

Answer

A

Answer: B

Multilevel security systems can process information at different levels even when all system users do not have the required security clearance to access all information processed by the system.

Question 35

Q

What process state can be dependent on peripherals?

A. Ready
B. Waiting
C. Running
D. Supervisory

Answer

A

Answer: B

The waiting state is a process state that depends on peripherals as the processes pause execution until the conclusion of some requested activity, such as peripheral activity.

Question 36

Q

What sort of intruder is actually one of the “good guys” doing good things for your network security?

A. Unethical hacker
B. Ethical hacker
C. System cracker
D. Malicious user

Answer

A

Answer: B

Ethical hackers are those trained in responsible network security methodology, with a philosophy toward nondestructive and nonintrusive testing.

Question 37

Q

What phase of a business impact assessment calculates the ARO for a given risk scenario?

A. Risk identification
B. Likelihood assessment
C. Impact assessment
D. Resource prioritization

Answer

A

Answer: B

The annualized rate of occurrence (ARO) is a measure of how many times a risk might materialize in a typical year. It is a measure of risk likelihood.

Question 38

Q

Which of the following is not an effective countermeasure against inappropriate content being hosted or distributed over a secured network?

A. Activity logging
B. Content filtering
C. Intrusion detection system
D. Penalties for violations

Answer

A

Answer: C

An intrusion detection system is designed to detect intrusions and is not a countermeasure against inappropriate content by internal users. However, activity logging, content filtering, and policies that include penalties for violations can all be used as countermeasures for inappropriate content.

Question 39

Q

Which of the following statements is not true?

A. VLANs are created by switches.
B. A subnet is created by a router.
C. Multilayer switches can allow cross-VLAN communications by providing a routing function.
D. The assignment of an IP address and subnet mask defines a subnet.

Answer

A

Answer: B

A subnet is not created by a router; a subnet is created through the assignment of an IP address and a subnet mask. Routers only manage traffic between subnets.

Question 40

Q

Which security principle involves the knowledge and possession of sensitive material as an aspect of one’s occupation?

A. Principle of least privilege
B. Separation of duties
C. Need to know
D. As-needed basis

Answer

A

Answer: C

The need-to-know policy operates on the basis that any given system user should be granted access only to portions of sensitive information or materials necessary to perform some task.

Question 41

Q

What would an administrator use to ensure systems have required patches?

A. Patch management system
B. Patch scanner
C. Penetration tester
D. Fuzz tester

Answer

A

Answer: A

A patch management system ensures that systems have required patches. In addition to deploying patches, it would also check the systems to verify they accepted the patches. There is no such thing as a patch scanner. A penetration test will attempt to exploit a vulnerability, but it can be intrusive and cause an outage so it isn’t appropriate in this scenario. A fuzz tester sends random data to a system to check for vulnerabilities but doesn’t test for patches.

Question 42

Q

How does an API user typically authenticate to use the API?

A. Password
B. API key
C. Cookie
D. Two-factor authentication

Answer

A

Answer: B

API keys are passed with each API call to authenticate the API user.

Question 43

Q

When possible, operations controls should be _____.

A. Simple
B. Administrative
C. Preventive
D. Transparent

Answer

A

Answer: D

When possible, operations controls should be invisible, or transparent, to users. This keeps users from feeling hampered by security and reduces their knowledge of the overall security scheme, thus further restricting the likelihood that users will violate system security deliberately.

Question 44

Q

Which one of the following terms can be used to describe RAM memory?

A. Secondary
B. Sequential
C. Nonvolatile
D. Random

Answer

A

Answer: D

Random access memory (RAM) is accessed in a random, rather than a sequential, fashion.

Question 45

Q

What is layering?

A. Deploying multiple security mechanisms in parallel
B. Deploying multiple security mechanisms in a series
C. Requiring identification and authentication before authorization
D. Deploying multiple firewalls around the perimeter of a network

Answer

A

Answer: B

Layering is the deployment of multiple security mechanisms in a series.

Question 46

Q

What networking device can be used to create digital network segments that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices?

A. Router
B. Switch
C. Proxy
D. Gateway

Answer

A

Answer: B

A switch is a networking device that can be used to create digital network segments (i.e., VLANs) that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices. A router connects disparate networks rather than creating network segments.

Question 47

Q

Which of the following is true about Kerberos?

A. It uses symmetric key cryptography.
B. It uses asymmetric key cryptography.
C. It uses public key cryptography.
D. It requires a PKI.

Answer

A

Answer: A

Kerberos uses symmetric key cryptography. It does not use asymmetric or public key cryptography, and it does not require public key infrastructure (PKI).

Question 48

Q

When an intruder gains unauthorized access to a facility by asking an employee to hold open a door because their arms are full of packages, this is known as what type of attack?

A. Tailgating
B. Masquerading
C. Impersonation
D. Piggybacking

Answer

A

Answer: D

Piggybacking is following someone through a secured gate or doorway without being identified or authorized personally.

Question 49

Q

Which security mode provides the most granular control over resources and users?

A. Dedicated
B. System high
C. Compartmented
D. Multilevel

Answer

A

Answer: B

System high mode provides the most granular control over resources and users because it enforces clearances, requires need to know, and allows the processing of only single sensitivity levels. All the other levels either do not have unique need to know between users (dedicated), allow multiple levels of data processing (compartmented), or allow a wide number of users with varying clearance (multilevel).

Question 50

Q

A team that initially knows nothing about its target before performing a security analysis is known as what?

A. Absolute knowledge
B. Partial knowledge
C. Zero knowledge
D. Infinite knowledge

Answer

A

Answer: C

Zero-knowledge teams possess only primary information about an organization during a security assessment or penetration test.

Question 51

Q

Which one of the following addressing schemes uses a value stored in one of the CPU’s registers combined with an instruction operand to determine the correct memory location to access?

A. Direct addressing
B. Immediate addressing
C. Base+Offset addressing
D. Indirect addressing

Answer

A

Answer: C

Base+Offset addressing uses a value stored in one of the CPU’s registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to the value and retrieves the operand from that computed memory location.

Question 52

Q

Which of the following is not an element defined under the Clark-Wilson model?

A. Constrained data item
B. Transformation procedures
C. Redundant commit statement
D. Integrity verification procedure

Answer

A

Answer: C

A redundant commit statement is not associated with the Clark-Wilson model; it is instead an element in database replication. The Clark-Wilson model does define constrained data item, transformation procedures, and integrity verification procedure.

Question 53

Q

What security principle states that a thorough understanding of a system’s operational details is not necessary for most routine activities?

A. Process isolation
B. Abstraction
C. Monitoring
D. Hardware segmentation

Answer

A

Answer: B

Abstraction states that a detailed understanding of lower system levels is not a necessary requirement for working at higher levels.

Question 54

Q

The Clark-Wilson access model is also called a(n) ___________________ interface model.

A. Encrypted
B. Triple
C. Restricted
D. Unrestricted

Answer

A

Answer: C

The Clark-Wilson model can also be described as a restricted interface model because it uses classification-based restrictions to offer subject-specific functions and information. Subjects at one classification level will see a specific set of data and obtain access to a related set of functions, while another subject at a different classification level will see a different dataset and obtain access to a different set of functions.

Question 55

Q

A person who illicitly gains the trust or credentials from a trusted party has committed what criminal act?

A. Espionage
B. Sabotage
C. Reverse engineering
D. Social engineering

Answer

A

Answer: D

Social engineering is an attempt to deceive an insider into performing questionable actions on behalf of some unauthorized outsider.

Question 56

Q

Which of the following is not a valid reason why log files should be protected?

A. Log files can be used to reconstruct events leading up to an incident.
B. Attackers may try to erase their activity during or after an attack.
C. Unprotected log files cannot be used as evidence.
D. Log files include information on why an attack occurred.

Answer

A

Answer: D

Log files include information on what happened, when and where it happened, who was involved, and sometimes how, but they do not include why an attack occurred; they do not include the motivation of an attacker. Log files should be protected because they can be used to reconstruct events, attackers may try to modify them, and unprotected logs cannot be used as evidence.

Question 57

Q

Which type of intrusion detection system (IDS) can be considered an expert system?

A. Host-based
B. Network-based
C. Knowledge-based
D. Behavior-based

Answer

A

Answer: D

A behavior-based IDS can be labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events. A knowledge-based IDS uses a database of known attack methods to detect attacks. Both host-based and network-based systems can be either knowledge-based, behavior-based, or a combination of both.

Question 58

Q

What form of data sampling examines only errors that occur above some specified threshold level?

A. Sampling
B. Summarizing
C. Clipping
D. Accounting

Answer

A

Answer: C

Clipping levels are widely used in the process of auditing events to establish a baseline of system or user activity that is considered routine activity.

Question 59

Q

Why should an enterprise network implement endpoint security?

A. To provide sufficient security on each individual host.
B. Centralized security mechanisms are too expensive.
C. Network security safeguards do not provide any protection for hosts.
D. Hardware security options are ineffective against software exploits.

Answer

A

Answer: A

Endpoint security is implemented in order to provide sufficient security on each individual host, rather than relying on network-based security only.

Question 60

Q

Which one of the following is not one of the canons of the (ISC)2 code of ethics?

A. Act honorably, honestly, justly, responsibly, and legally.
B. Advance and protect the profession.
C. Preserve the integrity of the CISSP exam.
D. Provide diligent and competent service to principals.

Answer

A

Answer: C

The code of ethics does not explicitly mention the CISSP exam.

Question 61

Q

Which of the following security models is most often used for general commercial applications?

A. Brewer and Nash model
B. Biba model
C. Bell-LaPadula model
D. Clark-Wilson model

Answer

A

Answer: D

Of the four models mentioned, Biba and Clark-Wilson are most commonly used for commercial applications because both focus on data integrity. Of these two, Clark-Wilson offers more control and does a better job of maintaining integrity, so it’s used most often for commercial applications. Bell-LaPadula is used most often for military applications. Brewer and Nash applies only to datasets (usually within database management systems) where conflict-of-interest classes prevent subjects from accessing more than one dataset that might lead to a conflict-of-interest situation.

Question 62

Q

What technique is the most effective means of protecting against XSS attacks?

A. Acceptance testing
B. Code review
C. Firewall rules
D. Input validation

Answer

A

Answer: D

Input validation protects against a wide variety of web-based attacks, including XSS.

Question 63

Q

You are designing a contract management system and need to be able to prove to a court that the individual who sent in a contract actually sent the message and that it was not forged. What cryptographic goal are you trying to achieve?

A. Nonrepudiation
B. Confidentiality
C. Integrity
D. Authentication

Answer

A

Answer: A

The cryptographic goal of nonrepudiation ensures that you can prove to an uninvolved third party that a message originated with the purported sender.

Question 64

Q

What encryption algorithm does the WPA-2 protocol use to protect wireless networks?

A. DES
B. 3DES
C. AES
D. TKIP

Answer

A

Answer: C

WPA-2 uses AES encryption, replacing the TKIP encryption used by WPA.

Answer 65

A

Answer: D

Tactical planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans.

Answer 66

A

Answer: A

Discretionary controls give the subject (user) some ability to define the objects to access. This access control mechanism ensures that the owner or creator of an object controls and defines the access other subjects have to that object.

Answer 67

A

Answer: D

A security impact analysis reviews change requests and evaluates them for potential negative impacts. All changes aren’t necessarily approved or rejected. The analysis doesn’t attempt to identify changes.

Answer 68

A

Answer: B

RSA is an example of asymmetric cryptography, which does not require a preexisting relationship to provide a secure mechanism for data exchange. Two individuals can begin communicating securely from the moment they start communicating.

Answer 69

A

Answer: B

Audit trails are the means through which individuals are held accountable for their actions and any events or occurrences they cause.

Answer 70

A

Answer: A

In a trusted system, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.

Answer 71

A

Answer: A

The first priority in incident response is to prevent further damage by isolating affected systems and containing the threat.

Answer 72

A

Answer: D

A screen scraper tool is used to automatically extract standardized formatted data, such as XML and HTML, from human-friendly output. This tool is often used to extract results from web search engines.

Answer 73

A

Answer: D

The purpose of a privacy policy is to inform users where they do and do not have privacy for the primary benefit of the protection of the company’s right to audit and monitor user activity.

Answer 74

A

Answer: A

Directive controls are the means by which an organizational security policy is governed at the logical level.

Answer 75

A

Answer: D

An implicit deny mechanism will block all access that is not explicitly allowed. A constrained interface reduces what is viewable to a user and an access control matrix identifies subjects and objects, and they both employ an implicit deny philosophy, but the question doesn’t describe them. An explicit deny philosophy requires a separate rule to deny specific access.

Answer 76

A

Answer: A

The Bell-LaPadula model is focused on maintaining the confidentiality of objects. Bell-LaPadula does not address the aspects of object integrity or availability.

Answer 77

A

Answer: B

IPX/SPX, AppleTalk, and NetBEUI are examples of non-IP protocols.

Answer 78

A

Answer: D

BitLocker is the full disk encryption package provided by Microsoft as a Windows component. EFS, while a component of Windows, does not provide full disk encryption. TrueCrypt and PGP are not Microsoft products.

Answer 79

A

Answer: B

Resource prioritization is the final step of the business impact assessment (BIA) process.

Answer 80

A

Answer: D

Bob decrypts any messages he receives using his own private key.

Answer 81

A

Answer: B

Most higher-order security models, such as Bell-LaPadula and Biba, are based on the state machine model (as well as the information flow and noninterference models).

Answer 82

A

Answer: B

VoIP (Voice over IP) allows for phone conversations to occur over an existing TCP/IP network and Internet connection.

Answer 83

A

Answer: D

Detective controls are, as the name suggests, mechanisms and means through which the effectiveness of preventive controls is verified.

Answer 84

A

Answer: A

A trusted path is a channel established with strict standards to allow necessary communication without exposing the TCB to security vulnerabilities.

Answer 85

A

Answer: D

ARP performs the resolution of and maintains the local cache of mappings between MAC addresses and IP addresses. Thus, ARP poisoning affects the MAC to IP relationship. HOSTS file poisoning and caching server poisoning are DNS attacks, thus exploiting the relationship between FQDNs and IP addresses. Internet file cache poisoning is the planting of false code or other data in a browser’s file history.

Answer 86

A

Answer: B

Third-party governance typically includes onsite assessment, document exchange and review, and process/policy review. Full interruption testing is more often associated with DRP.

Answer 87

A

Answer: A

The Goguen-Meseguer model is an integrity model based on predetermining the set or domain—a list of objects that a subject can access.

Answer 88

A

Answer: D

Although throughput is an important factor in supporting availability, it is not a key technique employed by software designers to ensure that software does only what is required and nothing more.

Answer 89

A

Answer: D

The BIOS firmware is normally stored on an EEPROM chip to allow for “flash” updates when the BIOS needs revision.

Answer 90

A

Answer: A

The tactical plan is a midterm plan developed to provide more details on accomplishing the goals set forth in the strategic plan.

Answer 91

A

Answer: C

The annualized rate of occurrence (ARO) measures the frequency with which a specific event is expected to occur over the course of a year.

Answer 92

A

Answer: C

Static RAM chips are built using a number of flip-flop transistors that retain their charge without requiring constant refreshing.

Answer 93

A

Answer: A

User mode is the basic mode used by the CPU when executing user instructions. It enables only a portion of the full CPU instruction set.

Answer 94

A

Answer: C

An advanced persistent threat (APT) refers to a group of attackers working together who are highly motivated, skilled, and patient and are often sponsored by a government. Whaling is a phishing attack that focuses on high-level executives and spear-phishing is a targeted phishing attack, but neither is commonly sponsored by a government. Rogueware is software that appears as free antivirus software but is actually malicious.

Answer 95

A

Answer: D

Remote dialing (aka hoteling) is the vulnerability or feature of a PBX system that allows for an external entity to piggyback onto the PBX system and make long-distance calls without being charged for the tolls.

Answer 96

A

Answer: D

A password policy can ensure that users create strong passwords of sufficient length and complexity. Password policies can also track password history and prevent users from reusing passwords.

Answer 97

A

Answer: C

Granting users limited access only to those applications, functions, processes, or services necessary to fulfill their tasks is the principle of least privilege.

Answer 98

A

Answer: B

Penetration testing is the process of exercising, validating, and verifying the state of security on a network.

Answer 99

A

Answer: A

The removal of a user from a public key cryptosystem does not require the generation of any new keys. A message merely needs to be sent to all participants revoking the former user’s key pair.

Answer 100

A

Answer: B

A spamming attack (sending massive amounts of unsolicited email) can be used as a type of denial-of-service attack. It doesn’t use eavesdropping methods, so it isn’t sniffing. Brute-force methods attempt to crack passwords. Buffer overflow attacks send strings of data to a system in an attempt to cause it to fail.

Answer 101

A

Answer: C

Purging is used to sufficiently cleanse remnants of data on a magnetic storage drive so that it can be reused in unsecure environments.

Answer 102

A

Answer: C

TLS (Transport Layer Security) was specifically designed as a replacement for SSL.

Answer 103

A

Answer: A

Due care is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules.

Answer 104

A

Answer: D

The exposure factor is the amount of the asset that is at risk. In this case, the 80 percent of the tickets that are single-game sales must be refunded, so the exposure factor is 80 percent of the game’s revenue.

Answer 105

A

Answer: D

Encrypted passwords (and one-time passwords) can reduce the success of a sniffing attack. Rainbow tables are used by attackers to crack hashed passwords. Salting passwords helps reduce the success rate of rainbow tables. Access reviews help ensure that an organization is using practices that support the security policy.

Answer 106

A

Answer: C

Storing and maintaining vital records and crucial information is instrumental to record retention.

Answer 107

A

Answer: C

A VLAN (virtual LAN) is a hardware-imposed network segmentation created by switches that requires a routing function to support communication between different segments.

Answer 108

A

Answer: D

Substitution ciphers actually replace the characters in a message with different values.

Answer 109

A

Answer: D

Sanitization is any number of processes that prepare media for destruction.

Answer 110

A

Answer: C

Brute-force attacks can be used against password database files and system logon prompts, not only database files. Weaknesses with passwords include users choosing easy-to-remember passwords, users writing down complex passwords, and the ability to steal passwords with other methods.

Answer 111

A

Answer: D

Ricky uses his own private key to decrypt the message that Flo encrypted with Ricky’s public key.

Answer 112

A

Answer: C

Account reviews can detect instances of creeping privileges or excessive privileges. Account provisioning grants privileges. Disabling an account ensures it isn’t used, and account revocation deletes the account.

Answer 113

A

Answer: A

User mode is the most restricted system mode.

Answer 114

A

Answer: A

Virtual memory uses drive space to simulate memory when programs require more memory than is physically available.

Answer 115

A

Answer: D

Erasing media is simply performing a delete operation against a file, a selection of files, or the entire media.

Answer 116

A

Answer: B

Of the options listed, a retina scan is the least accepted biometric device because it requires users to position their face on a cup reader that blows air into the eye and can reveal personal health issues. An iris scan can be read from a distance and doesn’t reveal medical information. Additionally, fingerprints and facial geometry scans do not reveal medical information and are less invasive.

Answer 117

A

Answer: A

Monitoring is not used to detect asset values. Monitoring can help detect malicious actions, attempted intrusions, and system failures.

Answer 118

A

Answer: C

Directive controls guide an organizational security implementation and as such are control statements.

Answer 119

A

Answer: C

Privacy Enhanced Mail (PEM) does not provide traffic flow confidentiality.

Answer 120

A

Answer: B

Awareness training typically reduces risk and vulnerability.

Answer 121

A

Answer: B

The rainbow table contains precomputed hashes of common passwords and is used to crack hashes stored in password files.

Answer 122

A

Answer: D

Deployment of countermeasures is not considered a type of auditing activity but is instead an attempt to prevent security problems. Auditing includes recording event data in logs, using data reduction methods to extract meaningful data, and analyzing logs.

Answer 123

A

Answer: B

VLANs do not impose encryption on data or traffic. Encrypted traffic can occur within a VLAN, but encryption is not imposed by the VLAN.

Answer 124

A

Answer: C

The flag value of 00000100 indicates a RST, or reset flag, has been transmitted. This is not necessarily an indication of malicious activity.

Answer 125

A

Answer: D

The Clark-Wilson model enforces separation of duties to further protect the integrity of data. This model employs limited interfaces or programs to control and maintain object integrity.

Answer 126

A

Answer: C

Spoofing grants the attacker the ability to hide their identity through misdirection and is used in many different types of attacks. Spoofing doesn’t send large amounts of data to a victim. It can be used as part of a buffer overflow attack to hide the identity of the attacker but doesn’t cause buffer overflows directly. If user account names and passwords are stolen, the attacker can use them to impersonate the user.

Answer 127

A

Answer: B

Access control is the automated mechanism that can prevent or permit system changes, installations, and updates on a selective basis.

Answer 128

A

Answer: A

One of the most common vulnerabilities and hardest to protect against is the occurrence of errors and omissions. Inference is a technique used to gain information from a database without having full access to the database and can be protected by controlling database access. Malicious code can be blocked with up-to-date antivirus software. Data scavenging can be blocked by controlling what data is thrown in the trash.

Answer 129

A

Answer: B

Indirect addressing occurs when the memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address.

Answer 130

A

Answer: B

By far, the buffer overflow is the most common, and most avoidable, programmer-generated vulnerability.

Answer 131

A

Answer: D

The BCP implementation phase involves the largest commitment of hardware and software resources. The other phases are more manpower intensive.

Answer 132

A

Answer: C

The user who creates a new object is usually the default owner of that object.

Answer 133

A

Answer: D

The * (star) Security Property states that a subject may not write information to an object at a lower sensitivity level (no write down).

Answer 134

A

Answer: C

Espionage is a criminal action to disclose or profit from illegally obtained sensitive information about an organization.

Answer 135

A

Answer: C

Cascading: Input for one system comes from the output of another system. Feedback: One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to system A). Hookup: One system sends input to another system but also sends input to external entities. Waterfall: A form of project management, not related to information flow.

Answer 136

A

Answer: B

Encapsulation is the feature of the TCP/IP protocol suite that makes it possible for tools like Loki to bypass firewall restrictions by tunneling prohibited traffic through an alternate protocol, such as ICMP.

Answer 137

A

Answer: B

Nonvolatile secondary memory is used for long-term storage. Examples of this memory type include hard drives, optical discs, and magnetic tape.

Answer 138

A

Answer: C

Corrective controls are the governing means and mechanisms that reverse and undo the undesirable effects of a given event or occurrence, such as system intrusion or component failure.

Answer 139

A

Answer: A

In the man-in-the-middle attack, the attacker sits between the two communicating parties and relays messages between them. Both parties think they are communicating directly with each other.

Answer 140

A

Answer: A

A brute-force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols. Spoofing is pretending to be something or someone else, and it is used in a wide variety of attacks. A dictionary attack checks passwords against a database or dictionary. A rainbow table attack checks hashed values of passwords against the values stored in a rainbow table.

Answer 141

A

Answer: A

A user entitlement audit can identify whether users have excessive privileges violating the principle of least privilege. While security logs may be used in the user entitlement audit, they would not be used alone. A review of inactive accounts is part of an access review audit, not a user entitlement audit. Traffic analysis focuses on the patterns and trends of data rather than the actual content.

Answer 142

A

Answer: B

The annual loss expectancy is computed by multiplying the asset value ($10,000,000) by the exposure factor (75 percent), then multiplying that (the SLE) by the ARO, in this example 10 percent, resulting in $750,000 ALE.

Answer 143

A

Answer: B

Warm sites contain all of the equipment needed to assume operations but do not maintain current data.

Answer 144

A

Answer: B

CPU registers are the fastest form of memory.

Answer 145

A

Answer: C

Auditing is the periodic examination and review of a network to ensure that it meets security and regulatory compliance.

Answer 146

A

Answer: C

NAC often operates in a pre-admission philosophy in which a system must meet all current security requirements (such as patch application and antivirus updates) before it is allowed to communicate with the network. This often means systems that are not in compliance are quarantined or otherwise involved in a captive portal strategy in order to force compliance before network access is restored.

Answer 147

A

Answer: C

Security is not and should not be treated as an IT issue only.

Answer 148

A

Answer: D

A federated database used for single sign-on (SSO) allows a user to log on once and access multiple resources. This is not called a federal database. Kerberos is an effective SSO system within a single organization but not between organizations. Diameter is a newer alternative to RADIUS used for centralized authentication.

Answer 149

A

Answer: C

In most cases, you must simply wait until the emergency or condition expires and things return to normal. If physical and infrastructure support is lost, such as after a catastrophe, regular activity (including deploying updates, performing scans, or tightening controls) is not possible.

Answer 150

A

Answer: B;D

A system must be recertified whenever the configuration changes or a specified time has passed since the last certification.

Answer 151

A

Answer: D

Antivirus software is not a deterrent access control, though it can be identified as a preventive, corrective, or recovery access control. Examples of deterrent access controls include security policies, cameras, awareness training, fences, locks, security badges, and guards.

Answer 152

A

Answer: B

The Clark-Wilson model is focused on maintaining the integrity of objects. Through the use of two principles—well-formed transactions and separation of duties—the Clark-Wilson model provides an effective means to protect integrity.

Answer 153

A

Answer: B

Privileged entities are those who are given special access to off-limits areas of the company’s crucial IT infrastructure.

Answer 154

A

Answer: C

Accounts should be disabled when employees leave for any reason. Accounts are not transferred between companies. It should be deleted only after it has been determined that the account is no longer needed.

Answer 155

A

Answer: A

Third-party governance is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements. The actual method of third-party governance may vary, but it generally involves an outside investigator or auditor. This auditor might be designated by a governing body or might be a consultant hired by the target organization.

Answer 156

A

Answer: B

A virtualized network, or network virtualization, is the combination of hardware and software networking components into a single integrated entity. The resultant system allows for software control over all network functions, management, traffic shaping, address assignment, and so on. A single management console or interface can be used to oversee every aspect of the network, a task requiring physical presence at each hardware component in the past.

Answer 157

A

Answer: C

The single loss expectancy is calculated as the product of the exposure factor (80 percent) and the asset value ($1,500,000). In this example, the single loss expectancy is $1,200,000.

Answer 158

A

Answer: D

zzuf is a Linux tool that automates the process of mutation fuzzing.

Answer 159

A

Answer: D

Administrative control takes into consideration the processes and people who operate within an organizational security policy.

Answer 160

A

Answer: A

Requiring a VPN to access the private wired network in addition to WPA-2 and 802.1x is the only additional reliable security option.

Answer 161

A

Answer: B

TEMPEST is the standard that defines the study and control of electronic signals produced by various types of electronic hardware. Eavesdropping refers to using sniffing tools to capture and analyze data. SESAME is a ticket-based authentication system similar to Kerberos. Wiretapping commonly refers to monitoring phone calls.

Answer 162

A

Answer: B

Recovery control indicates a direct form of control that returns systems and processes to a known good, normalized state following an intrusion, fault, or failure.

Answer 163

A

Answer: D

The observer or auditor of a manual review system is directly responsible for recognizing failure of that system.

Answer 164

A

Answer: B

The use of the single quotation mark is a telltale sign of a SQL injection attack.

Answer 165

A

Answer: C

Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports, which include recommendations.

Answer 166

A

Answer: C

Certificate path validation is verification that each certificate in a certificate path is valid and legitimate.

Answer 167

A

Answer: B

There is no requirement that the reference monitor’s source code be available to the public.

Answer 168

A

Answer: B

A phone number is the most PII-like information from this list. Any data point that directly or nearly directly points to an individual is PII. Any data point that itself does not point to an individual on its own is not PII. For example, the list of groceries you purchase is not PII unless that list also contains your name, credit card information, or account number.

Answer 169

A

Answer: C

The Online Certificate Status Protocol (OCSP) eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

Answer 170

A

Answer: C

Trust comes first. Trust is built into a system by crafting the components of security. Then assurance (in other words, reliability) is evaluated using certification and/or accreditation processes.

Answer 171

A

Answer: C

The Defined stage of SW-CMM is characterized by the use of formal, documented software development processes.

Answer 172

A

Answer: D

Trade secrets must be kept secret by the organization but have unlimited life. Patents would also apply to a manufacturing process, but they require public disclosure of the process and have limited duration.

Answer 173

A

Answer: A

Administrative access controls are also referred to as management controls and include policies and procedures such as hiring and firing policies, data classifications and labels, and security awareness training. Technical and logical controls are synonymous and include hardware or software mechanisms used to manage access. Physical access controls are physical controls deployed to prevent direct contact with systems or areas within a facility.

Answer 174

A

Answer: C

A security label is usually a permanent part of the object to which it is attached, thus providing some protection against tampering. The other options do not offer such protection.

Answer 175

A

Answer: C

Sanitization (or wiping, purging, or zeroization) is a technique that can be used to destroy all traces of data on a storage device in order to prevent the recovery of data remanence.

Answer 176

A

Answer: C

NAT offers numerous benefits, including that you can use the private IP addresses defined in RFC 1918 in a private network and still be able to communicate with the Internet.

Answer 177

A

Answer: D

Some DDoS traffic can be traced back to its origin, but that does not mean the origin is the hacker. DDoS attacks that use distributed remote agents or intermediary but innocent third-party networks do not provide an easy trace path back to the original controlling hacker.

Answer 178

A

Answer: D

Auditing encompasses a wide variety of different activities, including the recording of event/occurrence data, examination of data, data reduction, the use of event/occurrence alarm triggers, and log file analysis.

Answer 179

A

Answer: B

A VPN is not a network segmentation; it is a secured encapsulation tunnel. Subnets, VLANs, and a DMZ are examples of network segmentation.

Answer 180

A

Answer: A

A vulnerability scanner is the best tool of those listed to determine if a server is vulnerable to known attacks. A port scanner will identify open ports and a sniffer captures traffic, but neither will necessarily determine vulnerabilities. A configuration tester is an automated tool that checks system configuration but doesn’t necessarily determine vulnerabilities.

Answer 181

A

Answer: D

Degaussing is the technique used to remove data from magnetic tapes with the goal of returning the tape to its original state. Hard disks that are degaussed can destroy the disk drive mechanics making the drive no longer functional but there are no guarantees that the data has actually been destroyed. The platters may be removed in a clean room from the damaged drive to a known working drive and the data could be accessed then.

Answer 182

A

Answer: A

Destruction is the final stage in the life cycle of backup media. Destruction should occur after proper sanitization or as a means of sanitization.

Answer 183

A

Answer: B

The Simple Integrity Property states that a subject cannot read an object of a lower integrity level (no read down).

Answer 184

A

Answer: C

Fiber is the most difficult network segment to eavesdrop because the act of doing so is always detectable.

Answer 185

A

Answer: D

An organization involved in divestiture has security concerns related to prevention of data leakage, using proper sanitization techniques, and holding exit interviews. Performing on-boarding is not usually related to divestiture but to acquisition.

Answer 186

A

Answer: D

Third-party governance auditors might be designated by a governing body or might be consultants hired by the target organization.

Answer 187

A

Answer: B

Security was of paramount concern during the design of the Java platform, and Sun’s development team created the “sandbox” concept to place privilege restrictions on Java code. The sandbox isolates Java code objects from the rest of the operating system and enforces strict rules about the resources those objects can access.

Answer 188

A

Answer: B

Frequency analysis may be used on encrypted messages. The other techniques listed require additional information, such as the plain text or the ability to choose the cipher text.

Answer 189

A

Answer: D

Partial-knowledge teams possess a detailed account of organizational assets, including hardware and software inventory, prior to a penetration test.

Answer 190

A

Answer: B

While most business decisions need to include cost analysis, the change control process of configuration management is not directly concerned with cost effectiveness.

Answer 191

A

Answer: D

Audit trails provide a comprehensive record of system activity and can help detect a wide variety of security violations, software flaws, and performance problems. An audit trail includes a variety of logs, including change logs, security logs, and system logs, but any one of these individual logs can’t detect all the issues mentioned in the question.

Answer 192

A

Answer: B

TLS (Transport Layer Security), the revised replacement for SSL, has become the de facto standard used to provide secure e-commerce services. This is in spite of the attempts of several credit card companies to promote alternate options, such as Secure Electronic Transaction (SET).

Answer 193

A

Answer: A

Indirect addressing uses a scheme similar to direct addressing. However, the memory address supplied to the CPU as part of the instruction doesn’t contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address (perhaps located on a different page).

Answer 194

A

Answer: A

A Type 2 authentication factor is something you have, including a smart card, token device, or memory card. Type 3 authentication is something you are, and some behavioral biometrics include something you do. Type 1 authentication is something you know.

Answer 195

A

Answer: D

ROM is burned at the factory and then unchangeable. Thus, ROM is the most secure because it will always maintain its integrity.

Answer 196

A

Answer: B

Quantitative risk assessment produces a number-based result that is as easy to read and understand as a typical budget report.

Answer 197

A

Answer: A

Sabotage is a criminal act committed against an organization by a knowledgeable employee.

Answer 198

A

Answer: C

The scenario presented in the question describes the three characteristics of compartmented security mode.

Answer 199

A

Answer: B

A drawback with single sign-on is that maximum unauthorized access is possible if an attacker discovers a password. Because users need to remember only one password, it makes it easier for users to remember passwords. Single sign-on does not dictate the length of passwords or encourage excessive privileges.

Answer 200

A

Answer: C

Compliance checking ensures that all necessary elements of a security solution are properly deployed and functioning as expected.

Answer 201

A

Answer: A

VPNs are used to transport communications over an intermediary medium through the means of encapsulation (i.e., tunneling), authentication, and encryption.

Answer 202

A

Answer: B

Due diligence is the action taken to apply, enforce, and perform responsibilities or rules as governed by organizational policy.

Answer 203

A

Answer: D

Access controls govern subjects’ access to objects and the first step in this process is identifying the subject. Accountability logging, verification of access control lists (ACLs), and authentication are not possible without a subject identity.

Answer 204

A

Answer: C

If Alice wants to send a message to Bob, she should encrypt it using his public key.

Answer 205

A

Answer: B

Generally, regulation compliance is of greatest concern to governments, military, and government contractors when working with cloud services—especially those whose hosting infrastructure is not restricted to a single country.

Answer 206

A

Answer: D

The seven requirements are Notice, Choice, Onward Transfer, Access, Security, Data Integrity, and Enforcement.

Answer 207

A

Answer: D

The operations security triple is a conceptual security model that encompasses three concepts (assets, risk, and vulnerability) and their interdependent relationship within a structured, formalized organization.

Answer 208

A

Answer: C

The willful destruction of assets or elements within the IT infrastructure as a form of revenge or justification for perceived wrongdoing is known as sabotage. Espionage is the gathering of information about a competitor or enemy. Entrapment occurs when someone is encouraged to do something illegal after they have indicated they will not do it. Permutation refers to rearranging or modifying something slightly.

Answer 209

A

Answer: D

The Brewer and Nash model organizes datasets according to conflict-of-interest classes so that authorized users with access to any member of a conflict class will be denied access to other members of that class. Thus, all three specific ingredients mentioned—properly identified subjects, one or more datasets, and conflict class definitions for all datasets—are required for it to operate properly. This makes option D the best answer.

Answer 210

A

Answer: D

Both WPA and WPA2 support the enterprise authentication known as 802.1x/EAP, a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place. Effectively, 802.1x is a hand-off system that allows the wireless network to leverage the existing network infrastructure’s authentication services. Through the use of 802.1x, other techniques and solutions such as RADIUS, TACACS, certificates, smart cards, token devices, and biometrics can be integrated into wireless networks providing techniques for both mutual and multi-factor authentication.

Answer 211

A

Answer: B

Sampling is a form of data reduction, where elements are extracted from a larger body of information to construct a meaningful whole.

Answer 212

A

Answer: B

Registers are onboard memory locations that can be accessed by the CPU in an extremely short period of time.

Answer 213

A

Answer: A;B;C

IDSs can detect attacks from external connection attempts, execution of malicious code, and unauthorized access attempts to controlled objects. An IDS cannot detect inappropriate use of privileges such as a malicious insider abusing their privileges.

Answer 214

A

Answer: D

Purging is erasing the data so the media is not vulnerable to data remnant recovery attacks, including those classified as laboratory level.

Answer 215

A

Answer: D

Static IP addressing is not an implication of multilayer protocols.

Answer 216

A

Answer: B

Ownership is the formal assignment of responsibility to an individual or group.

Answer 217

A

Answer: A

Traffic analysis and trend analysis are forms of monitoring that examine the flow of packets rather than the actual content.

Answer 218

A

Answer: C

Among these options, passphrase and a smart card provide the strongest authentication security because they deliver two-factor authentication. A password and a PIN are both in the same factor. Despite the security offered by one-time passwords, a two-factor authenticator is stronger.

Answer 219

A

Answer: A

Layering of processes implements a structure similar to the ring model used for operating modes.

Answer 220

A

Answer: B

Sampling is a form of data reduction that allows an auditor to quickly determine the important issues or events from an audit trail.

Answer 221

A

Answer: A

The Bell-LaPadula model addresses only the confidentiality of data and works well for military applications. This model is based on the state machine model and employs mandatory access controls and the lattice model.

Answer 222

A

Answer: B

Authentication is the process of verifying or testing the validity of a claimed identity. Identification is the claimed identity. Authorization grants access to resources to the proven identity, and accountability tracks access to resources.

Answer 223

A

Answer: C

BCP documentation can be an arduous task, but it should not require the creation of a new position.

Answer 224

A

Answer: C

The mean time between failures (MTBF) rating on storage drives specifies the expected life span (or average failure rate for any drive in a given batch) for a given medium.

Answer 225

A

Answer: C

POTS (plain old telephone system) or PSTN (public switched telephone network) requires the use of a modem to support digital computer communications over an otherwise analog link.

Answer 226

A

Answer: B

Threat modeling is the process of identifying, understanding, and categorizing potential threats, including threats from attack sources. Asset valuation identifies the value of assets. Vulnerability analysis identifies weaknesses. An advanced persistent threat is a form of attack, often sponsored by a government.

Answer 227

A

Answer: B

Process isolation prevents a process from reading or writing to an unauthorized memory location. This concept ensures that any behavior will affect only the memory and resources associated with the process.

Answer 228

A

Answer: D

Using a block list or black list is a valid form of security filtering; it is just not a form of spoofing filtering.

Answer 229

A

Answer: B

Clipping is a subset of sampling, which is a process of extracting data from a large body of information but with a specified cut-off point or threshold.

Answer 230

A

Answer: C

Multistate processing systems are certified to handle multiple security levels simultaneously by using specialized security mechanisms.

Answer 231

A

Answer: D

Copyright law protects the rights of creators of original works of authorship, including books.

Answer 232

A

Answer: B

The SHA-2 algorithms support the creation of message digests up to 512 bits long.

Answer 233

A

Answer: D

Audit overview is not essential for an audit report; the purpose, scope and results of an audit are the three primary (and necessary) elements.

Answer 234

A

Answer: C

Distribution of malicious code will almost always result in damage or loss of assets and is not used in a penetration test. However, denial-of-service attacks, port scanning, and packet sniffing may all be included in a penetration test.

Answer 235

A

Answer: B

Eavesdropping is the ability to intercept network and telephony communications along with physical and electronic documents and even personal conversations.

Answer 236

A

Answer: A

A DMZ is used to host resources accessed by outside visitors but that are still isolated from the private network. A VPN is used to encapsulate plain-text protocols with a layer of encryption. VoIP is used to support the use of audio communications over an IP network. A WAP is used to enable portable clients to make network links over radio waves.

Answer 237

A

Answer: D

You can determine the number of possible keys by raising 2 to the power of the length of the key (in bits). In this case, 28=256.

Answer 238

A

Answer: B

Steganography allows hiding data within an image. Child pornographers often use it to hide illegal images within innocent ones.

Answer 239

A

Answer: A

Application programming interfaces (APIs) provide standard mechanisms for web services to interact with each other.

Answer 240

A

Answer: B

Pentest reports should be secured because they contain information about the vulnerabilities of the system and disclosure of such vulnerabilities to the wrong person could lead to security breaches. They would not normally contain confidential data from the network. They are useful to both upper management and security professionals. They would not normally include details about security control configuration.

Answer 241

A

Answer: B

Security governance should include acquisitions, divestitures, and oversight committees.

Answer 242

A

Answer: D

AWS is an Infrastructure-as-a-Service provider, not a code repository.

Answer 243

A

Answer: A

Transformation procedures (TPs) are the only procedures that are allowed to modify a CDI. The limited access to CDIs through TPs forms the backbone of the Clark-Wilson integrity model.

Answer 244

A

Answer: A

Read-only memory (ROM) can be written to only one time at the factory. Users cannot modify the contents.

Answer 245

A

Answer: B

Dumpster diving is the act of searching through the refuse, remains, or leftovers from an organization or operation to discover or infer confidential information. Social engineering uses different methods to trick employees or users into giving up information, and impersonation is a social engineering tactic. Inference is a technique used to gain information from a database without having full access to the database.

Answer 246

A

Answer: A

The meet in the middle attack specifically targets encryption algorithms that use two rounds of encryption, such as Double DES.

Answer 247

A

Answer: D

Electronically erasable programmable read-only memory (EEPROM) chips can be erased by modulating an electric current applied to the chip.

Answer 248

A

Answer: D

Mandatory access control uses labels to identify subjects and objects and grants access based on matching labels. Discretionary access control requires all objects to have an owner. Nondiscretionary access control provides centralized access controlled by an administrator. Role-based access control provides access based on membership within a role.

Answer 249

A

Answer: C

Both omissions and errors are difficult aspects to protect against, particularly as they deal with human and circumstantial origins.

Answer 250

A

Answer: D

The biggest risk associated with web or mobile applets is executing code from external sources. The risk is running malicious or unstable code from an outside source, even if that code is signed.

Answer 251

A

Answer: A

Social engineering is a deceptive act meant to trick personnel into revealing sensitive information or performing some unauthorized act on their behalf.

Brainscape's Knowledge GenomeTM

P/E 3 Flashcards

Brainscape's Knowledge Genome^TM