P/E 3 Flashcards
- Which of the following is not a valid means to improve the security offered by password authentication?
A. Enabling account lockout controls
B. Enforcing a password policy
C. Using password-verification tools and password-cracking tools against your password database file
D. Allowing users to reuse the same password
Answer: D
Preventing password reuse by tracking password history increases security but allowing users to reuse the same password does not increase security. You can also improve password security by enabling account lockout controls, enforcing a password policy, and using password verification tools to check the strength of existing passwords.
- What provides data for re-creating the history of an event, intrusion, or system failure?
A. Security policies
B. Log files
C. Audit reports
D. Business continuity planning
Answer: B
Log files provide an audit trail for re-creating the history of an event, intrusion, or system failure. An audit trail includes log files and can reconstruct an event, extract information about an incident, and prove or disprove culpability. Security policies are documents that define security requirements for an organization. An audit report includes details gleaned from log files. Business continuity planning occurs before an event, such as a disaster, in an attempt to reduce the impact of the event.
- What category of malicious software includes rogue antivirus software?
A. Logic bombs
B. Worms
C. Trojan horses
D. Spyware
Answer: C
Rogue antivirus software is an example of a Trojan horse. Users are tricked into installing it, and once installed, it steals sensitive information and/or prompts the user for payment.
- What is the most important aspect of a biometric device?
A. Accuracy
B. Acceptability
C. Enrollment time
D. Invasiveness
Answer: A
The most important aspect of a biometric factor is its accuracy. If a biometric factor is not accurate, it may allow unauthorized users into a system. Acceptability by users, the amount of time it takes to enroll, and the invasiveness of the biometric device are additional considerations but not as important as its accuracy.
- In areas where technical controls cannot be used to prevent virus infections, what should be used to prevent them?
A. Security baselines
B. Awareness training
C. Traffic filtering
D. Network design
Answer: B
Educating users is an important part of preventing virus infections and works with technical controls such as antivirus software. Security baselines provide a secure starting point for a system as a technical control. Traffic filtering is another technical control that can block viruses. Network design can be used to control the flow of traffic as a technical control.
- What standard governs the creation of digital certificates used in the public key infrastructure?
A. FIPS 180-2
B. S/MIME
C. X.509
D. 802.1x
Answer: C
X.509 defines a common format for digital certificates containing certification of a public encryption key.
- What is the final stage in the life cycle of backup media, occurring after or as a means of sanitization?
A. Degaussing
B. Destruction
C. Declassification
D. Defenestration
Answer: B
Destruction is the final stage in the life cycle of backup media. Destruction should occur after proper sanitization or as a means of sanitization.
- Security mechanisms, tools, and practices that deter and mitigate malicious activity and events are what type of control?
A. Preventive control
B. Directive control
C. Corrective control
D. Recovery control
Answer: A
Preventive controls are the actual mechanisms by which malicious acts and activities are reduced or prevented entirely.
- Beth is looking through web server logs and finds form input that looks like this:
13>SCRIPT>alert(‘Enter your password’)>/SCRIPT>
What type of attack has she likely discovered?
A. XSS
B. SQL injection
C. XSRF
D. TOCTTOU
Answer: A
The use of the tag is a telltale sign of a cross-site scripting (XSS) attack.
- What security flaw conveys information by writing data to a common storage area where another process can read it?
A. Covert timing channel
B. Buffer overflow
C. Covert storage channel
D. Maintenance hook
Answer: C
A covert storage channel conveys information by writing data to a common storage area where another process can read it. Storing data in such a way introduces a security flaw that allows unauthorized users to access the data.
- APTs are most closely related to what type of attack category?
A. Military attacks
B. Thrill attacks
C. Grudge attacks
D. Insider attacks
Answer: A
Advanced persistent threats (APTs) are often associated with government and military actors.
- What is a divestiture?
A. Asset or employee reduction
B. A distribution of profits to shareholders
C. A release of documentation to the public
D. A transmission of data to law enforcement during an investigation
Answer: A
A divestiture is an asset or employee reduction.
- There are generally three forms of governance within an enterprise organization, all of which have common goals, such as to ensure continued growth and expansion over time and to maintain resiliency to threats and the market. Which of the following is not one of these common forms of governance?
A. IT
B. Facility
C. Corporate
D. Security
Answer: B
The three common forms of governance are IT, corporate, and security. Facility is not usually considered a form of governance, or it is already contained within one of the other three.
- What form of attack is always possible when using a non-802.1x implementation of a wireless network?
A. Password guessing
B. Encryption cracking
C. IV interception
D. Packet replay attacks
Answer: A
Password guessing is always a potential attack if a wireless network is not otherwise using some other form of authentication, typically accessed via 802.1x.
- What is the preparation of storage media by overwriting with unclassified data for later reuse or redistribution?
A. Erasure
B. Clearing
C. Purging
D. Sanitization
Answer: B
Clearing is a method of sufficiently deleting data on media that will be reused in the same secured environment.
- What is a secret agreement between parties to commit a criminal act against an organization or third party?
A. Collision
B. Confusion
C. Collusion
D. Contusion
Answer: C
Collusion is the act of two or more parties conspiring to commit a crime against another party or organization.
- What type of processing makes use of a multithreading technique at the operating system level?
A. Symmetric multiprocessing
B. Multitasking
C. Multiprogramming
D. Massively parallel processing
Answer: A
Symmetric multiprocessing systems implement multithreading techniques at the operating system level.
- Of the following, what best explains the motivation for using a preventive access control?
A. To discourage violation of security policies
B. To stop unwanted or unauthorized activity from occurring
C. To discover unwanted or unauthorized activity
D. To restore systems to normal after an unwanted or unauthorized activity has occurred
Answer: B
The essence of a preventive access is to prevent or stop unwanted or unauthorized activity from occurring. Option A defines a deterrent access control, option C defines a detective access control, and option D defines a corrective access control.
- The University of Outer Mongolia runs a web application that processes student tuition payments via credit card and is subject to PCI DSS. The university does not wish to perform web vulnerability scans on a regular basis because they consider them too time-consuming. What technology may they put in place that eliminates the PCI DSS requirement for recurring web vulnerability scans?
A. Web application firewall
B. Intrusion prevention system
C. Network vulnerability scanner
D. None. There is no exception to the recurring web vulnerability scan requirement.
Answer: A
PCI DSS allows organizations to choose between performing annual web vulnerability assessment tests or installing a web application firewall.
- In what type of software testing does the tester not have access to the code?
A. White box
B. Black box
C. Gray box
D. Static
Answer: B
Black-box testing examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output. Black-box testers do not have access to the internal code.
- Which conceptual security model offers the best preventive protection against viral infection and outbreak?
A. ISO/OSI reference model
B. Concentric circle
C. Operations security triple
D. CIA Triad
Answer: B
A concentric circle security model represents the best practice known as defense in depth, a layered approach to protecting IT infrastructure.
- What is access?
A. Functions of an object
B. Information flow from objects to subjects
C. Unrestricted admittance of subjects on a system
D. Administration of ACLs
Answer: B
Access is the transfer of information from an object to a subject. An object is a passive resource that does not have functions. Access is not unrestricted. Access control includes more than administration of access control lists (ACLs).
- Which of the following increases vulnerabilities related to viruses?
A. Length of time the system is operating
B. The classification level of the primary user
C. Installation of software
D. Use of roaming profiles
Answer: C
As more software is installed, more vulnerabilities are added to the system, thus adding more avenues of attack for viruses. How long a system operates, the classification level of the user, or the use of roaming profiles does not increase vulnerabilities related to viruses.
- What is the act of searching for unauthorized modems known as?
A. Dumpster diving
B. Espionage
C. System auditing
D. War dialing
Answer: D
War dialing is the act of searching for unauthorized modems that will accept inbound calls on an otherwise secure network in an attempt to gain access. Dumpster diving is searching through trash for information. Espionage is the act of collecting information against a competitor or foreign government. System auditing is used to assess the effectiveness of security controls.
- What is the frequency of an IT infrastructure security audit or security review based on?
A. Asset value
B. Administrator discretion
C. Risk
D. Level of realized threats
Answer: C
The frequency of an IT infrastructure security audit or security review is based on risk. You must establish the existence of sufficient risk to warrant the expense of, and interruption caused by, a security audit on a more or less frequent basis. Asset value and threats are a part of risk but are not the whole picture, and assessments are not performed based only on either of these. A high-value asset with a low level of threats doesn’t present a high risk. Similarly, a low-value asset with a high level of threats doesn’t present a high risk. The decision to perform an audit isn’t usually relegated to an administrator.
- Which one of the following techniques takes the concept of process isolation and applies it to hardware controls?
A. Layering
B. Abstraction
C. Data hiding
D. Hardware segmentation
Answer: D
Hardware segmentation is similar to process isolation in purpose. It prevents the access of information that belongs to a different process/security level.
- What is a well-known synonym for defense in depth?
A. Confidentiality-Integrity-Accountability
B. Bastion server
C. Layered security
D. Biometric authentication
Answer: C
Defense in depth is also known as layered security. The motivation for layered security comes from the benefits that accrue from establishing multiple layers or levels of access controls to provide defense in depth from security threats. If one layer fails or is bypassed, defenses at other layers kick in to provide additional protection.
- What element of quantitative risk analysis judges the frequency of compromise of a threat?
A. SLE
B. EF
C. AV
D. ARO
Answer: D
The ARO (annualized rate of occurrence) is the element of quantitative risk analysis that judges the frequency of compromise of a threat.
- Your manager is concerned that the business impact assessment recently completed by the BCP team doesn’t adequately take into account the loss of goodwill among customers that might result from a particular type of disaster. Where should items like this be addressed?
A. Continuity strategy
B. Quantitative analysis
C. Likelihood assessment
D. Qualitative analysis
Answer: D
The qualitative analysis portion of the business impact assessment (BIA) allows you to introduce intangible concerns, such as loss of customer goodwill, into the BIA planning process.
- What security services are provided by Kerberos for authentication traffic?
A. Availability and nonrepudiation
B. Confidentiality and nonrepudiation
C. Confidentiality and integrity
D. Availability and authorization
Answer: C
Kerberos provides confidentiality and integrity protection security services for authentication traffic using symmetric cryptography to encrypt tickets sent over the network to prove identification and provide authentication. The security services provide by Kerberos are not directly related to availability or nonrepudiation.
- Which essential element of an audit report is not considered to be a basic concept of the audit?
A. Purpose of the audit
B. Recommendations of the auditor
C. Scope of the audit
D. Results of the audit
Answer: B
Recommendations of the auditor are not considered basic and essential concepts to be included in an audit report. Key elements of an audit report include the purpose, scope, and results of the audit.
- The process by which media is prepared for irrevocable destruction to ensure no chance of data recovery goes by what name?
A. Degaussing
B. Sterilization
C. Declassification
D. Sanitization
Answer: D
Sanitization is the process of wiping storage media clean in preparation for disposal or destruction. It ensures that data cannot be recovered by any means from destroyed or discarded media.
- What strategy basically consists of multiple layers of antivirus, malware, and spyware protection distributed throughout a given network environment?
A. CIA Triad
B. Concentric circle
C. Operations security triple
D. Separation of duties
Answer: B
A concentric circle security model comprises several mutually independent security applications, processes, or services that operate toward a single common goal.
- What security mode allows systems to process information at more than one level of security even when all users do not have appropriate clearances?
A. Dedicated
B. Multilevel
C. Compartmented
D. System high
Answer: B
Multilevel security systems can process information at different levels even when all system users do not have the required security clearance to access all information processed by the system.
- What process state can be dependent on peripherals?
A. Ready
B. Waiting
C. Running
D. Supervisory
Answer: B
The waiting state is a process state that depends on peripherals as the processes pause execution until the conclusion of some requested activity, such as peripheral activity.
- What sort of intruder is actually one of the “good guys” doing good things for your network security?
A. Unethical hacker
B. Ethical hacker
C. System cracker
D. Malicious user
Answer: B
Ethical hackers are those trained in responsible network security methodology, with a philosophy toward nondestructive and nonintrusive testing.
- What phase of a business impact assessment calculates the ARO for a given risk scenario?
A. Risk identification
B. Likelihood assessment
C. Impact assessment
D. Resource prioritization
Answer: B
The annualized rate of occurrence (ARO) is a measure of how many times a risk might materialize in a typical year. It is a measure of risk likelihood.
- Which of the following is not an effective countermeasure against inappropriate content being hosted or distributed over a secured network?
A. Activity logging
B. Content filtering
C. Intrusion detection system
D. Penalties for violations
Answer: C
An intrusion detection system is designed to detect intrusions and is not a countermeasure against inappropriate content by internal users. However, activity logging, content filtering, and policies that include penalties for violations can all be used as countermeasures for inappropriate content.
- Which of the following statements is not true?
A. VLANs are created by switches.
B. A subnet is created by a router.
C. Multilayer switches can allow cross-VLAN communications by providing a routing function.
D. The assignment of an IP address and subnet mask defines a subnet.
Answer: B
A subnet is not created by a router; a subnet is created through the assignment of an IP address and a subnet mask. Routers only manage traffic between subnets.
- Which security principle involves the knowledge and possession of sensitive material as an aspect of one’s occupation?
A. Principle of least privilege
B. Separation of duties
C. Need to know
D. As-needed basis
Answer: C
The need-to-know policy operates on the basis that any given system user should be granted access only to portions of sensitive information or materials necessary to perform some task.
- What would an administrator use to ensure systems have required patches?
A. Patch management system
B. Patch scanner
C. Penetration tester
D. Fuzz tester
Answer: A
A patch management system ensures that systems have required patches. In addition to deploying patches, it would also check the systems to verify they accepted the patches. There is no such thing as a patch scanner. A penetration test will attempt to exploit a vulnerability, but it can be intrusive and cause an outage so it isn’t appropriate in this scenario. A fuzz tester sends random data to a system to check for vulnerabilities but doesn’t test for patches.
- How does an API user typically authenticate to use the API?
A. Password
B. API key
C. Cookie
D. Two-factor authentication
Answer: B
API keys are passed with each API call to authenticate the API user.
- When possible, operations controls should be _____.
A. Simple
B. Administrative
C. Preventive
D. Transparent
Answer: D
When possible, operations controls should be invisible, or transparent, to users. This keeps users from feeling hampered by security and reduces their knowledge of the overall security scheme, thus further restricting the likelihood that users will violate system security deliberately.
- Which one of the following terms can be used to describe RAM memory?
A. Secondary
B. Sequential
C. Nonvolatile
D. Random
Answer: D
Random access memory (RAM) is accessed in a random, rather than a sequential, fashion.
- What is layering?
A. Deploying multiple security mechanisms in parallel
B. Deploying multiple security mechanisms in a series
C. Requiring identification and authentication before authorization
D. Deploying multiple firewalls around the perimeter of a network
Answer: B
Layering is the deployment of multiple security mechanisms in a series.
- What networking device can be used to create digital network segments that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices?
A. Router
B. Switch
C. Proxy
D. Gateway
Answer: B
A switch is a networking device that can be used to create digital network segments (i.e., VLANs) that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices. A router connects disparate networks rather than creating network segments.
- Which of the following is true about Kerberos?
A. It uses symmetric key cryptography.
B. It uses asymmetric key cryptography.
C. It uses public key cryptography.
D. It requires a PKI.
Answer: A
Kerberos uses symmetric key cryptography. It does not use asymmetric or public key cryptography, and it does not require public key infrastructure (PKI).
- When an intruder gains unauthorized access to a facility by asking an employee to hold open a door because their arms are full of packages, this is known as what type of attack?
A. Tailgating
B. Masquerading
C. Impersonation
D. Piggybacking
Answer: D
Piggybacking is following someone through a secured gate or doorway without being identified or authorized personally.
- Which security mode provides the most granular control over resources and users?
A. Dedicated
B. System high
C. Compartmented
D. Multilevel
Answer: B
System high mode provides the most granular control over resources and users because it enforces clearances, requires need to know, and allows the processing of only single sensitivity levels. All the other levels either do not have unique need to know between users (dedicated), allow multiple levels of data processing (compartmented), or allow a wide number of users with varying clearance (multilevel).
- A team that initially knows nothing about its target before performing a security analysis is known as what?
A. Absolute knowledge
B. Partial knowledge
C. Zero knowledge
D. Infinite knowledge
Answer: C
Zero-knowledge teams possess only primary information about an organization during a security assessment or penetration test.
- Which one of the following addressing schemes uses a value stored in one of the CPU’s registers combined with an instruction operand to determine the correct memory location to access?
A. Direct addressing
B. Immediate addressing
C. Base+Offset addressing
D. Indirect addressing
Answer: C
Base+Offset addressing uses a value stored in one of the CPU’s registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to the value and retrieves the operand from that computed memory location.
- Which of the following is not an element defined under the Clark-Wilson model?
A. Constrained data item
B. Transformation procedures
C. Redundant commit statement
D. Integrity verification procedure
Answer: C
A redundant commit statement is not associated with the Clark-Wilson model; it is instead an element in database replication. The Clark-Wilson model does define constrained data item, transformation procedures, and integrity verification procedure.
- What security principle states that a thorough understanding of a system’s operational details is not necessary for most routine activities?
A. Process isolation
B. Abstraction
C. Monitoring
D. Hardware segmentation
Answer: B
Abstraction states that a detailed understanding of lower system levels is not a necessary requirement for working at higher levels.
- The Clark-Wilson access model is also called a(n) ___________________ interface model.
A. Encrypted
B. Triple
C. Restricted
D. Unrestricted
Answer: C
The Clark-Wilson model can also be described as a restricted interface model because it uses classification-based restrictions to offer subject-specific functions and information. Subjects at one classification level will see a specific set of data and obtain access to a related set of functions, while another subject at a different classification level will see a different dataset and obtain access to a different set of functions.
- A person who illicitly gains the trust or credentials from a trusted party has committed what criminal act?
A. Espionage
B. Sabotage
C. Reverse engineering
D. Social engineering
Answer: D
Social engineering is an attempt to deceive an insider into performing questionable actions on behalf of some unauthorized outsider.
- Which of the following is not a valid reason why log files should be protected?
A. Log files can be used to reconstruct events leading up to an incident.
B. Attackers may try to erase their activity during or after an attack.
C. Unprotected log files cannot be used as evidence.
D. Log files include information on why an attack occurred.
Answer: D
Log files include information on what happened, when and where it happened, who was involved, and sometimes how, but they do not include why an attack occurred; they do not include the motivation of an attacker. Log files should be protected because they can be used to reconstruct events, attackers may try to modify them, and unprotected logs cannot be used as evidence.
- Which type of intrusion detection system (IDS) can be considered an expert system?
A. Host-based
B. Network-based
C. Knowledge-based
D. Behavior-based
Answer: D
A behavior-based IDS can be labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events. A knowledge-based IDS uses a database of known attack methods to detect attacks. Both host-based and network-based systems can be either knowledge-based, behavior-based, or a combination of both.
- What form of data sampling examines only errors that occur above some specified threshold level?
A. Sampling
B. Summarizing
C. Clipping
D. Accounting
Answer: C
Clipping levels are widely used in the process of auditing events to establish a baseline of system or user activity that is considered routine activity.
- Why should an enterprise network implement endpoint security?
A. To provide sufficient security on each individual host.
B. Centralized security mechanisms are too expensive.
C. Network security safeguards do not provide any protection for hosts.
D. Hardware security options are ineffective against software exploits.
Answer: A
Endpoint security is implemented in order to provide sufficient security on each individual host, rather than relying on network-based security only.
- Which one of the following is not one of the canons of the (ISC)2 code of ethics?
A. Act honorably, honestly, justly, responsibly, and legally.
B. Advance and protect the profession.
C. Preserve the integrity of the CISSP exam.
D. Provide diligent and competent service to principals.
Answer: C
The code of ethics does not explicitly mention the CISSP exam.
- Which of the following security models is most often used for general commercial applications?
A. Brewer and Nash model
B. Biba model
C. Bell-LaPadula model
D. Clark-Wilson model
Answer: D
Of the four models mentioned, Biba and Clark-Wilson are most commonly used for commercial applications because both focus on data integrity. Of these two, Clark-Wilson offers more control and does a better job of maintaining integrity, so it’s used most often for commercial applications. Bell-LaPadula is used most often for military applications. Brewer and Nash applies only to datasets (usually within database management systems) where conflict-of-interest classes prevent subjects from accessing more than one dataset that might lead to a conflict-of-interest situation.
- What technique is the most effective means of protecting against XSS attacks?
A. Acceptance testing
B. Code review
C. Firewall rules
D. Input validation
Answer: D
Input validation protects against a wide variety of web-based attacks, including XSS.
- You are designing a contract management system and need to be able to prove to a court that the individual who sent in a contract actually sent the message and that it was not forged. What cryptographic goal are you trying to achieve?
A. Nonrepudiation
B. Confidentiality
C. Integrity
D. Authentication
Answer: A
The cryptographic goal of nonrepudiation ensures that you can prove to an uninvolved third party that a message originated with the purported sender.
- What encryption algorithm does the WPA-2 protocol use to protect wireless networks?
A. DES
B. 3DES
C. AES
D. TKIP
Answer: C
WPA-2 uses AES encryption, replacing the TKIP encryption used by WPA.
- What form of security planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans?
A. Strategic
B. Operational
C. Administrative
D. Tactical
Answer: D
Tactical planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans.
- If the user has the ability to define object access, what type of controls are you using?
A. Discretionary controls
B. Mandatory controls
C. Audited controls
D. Remote controls
Answer: A
Discretionary controls give the subject (user) some ability to define the objects to access. This access control mechanism ensures that the owner or creator of an object controls and defines the access other subjects have to that object.
- What is the purpose of a security impact analysis in the context of change management?
A. To approve changes
B. To reject changes
C. To identify changes
D. To review changes
Answer: D
A security impact analysis reviews change requests and evaluates them for potential negative impacts. All changes aren’t necessarily approved or rejected. The analysis doesn’t attempt to identify changes.
- Which of the following can be used securely even when no preexisting secure form of communication exists between the two parties?
A. AES
B. RSA
C. IDEA
D. RC5
Answer: B
RSA is an example of asymmetric cryptography, which does not require a preexisting relationship to provide a secure mechanism for data exchange. Two individuals can begin communicating securely from the moment they start communicating.
- How is accountability maintained for individual subjects?
A. Paper trails
B. Audit trails
C. Compliance checks
D. Penetration tests
Answer: B
Audit trails are the means through which individuals are held accountable for their actions and any events or occurrences they cause.
- In a(n) ___________ system, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
A. Trusted
B. Authorized
C. Available
D. Baseline
Answer: A
In a trusted system, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
- What is the first action that you should take when responding to an information security incident?
A. Isolate and contain.
B. Gather evidence.
C. Report.
D. Restore service.
Answer: A
The first priority in incident response is to prevent further damage by isolating affected systems and containing the threat.
- A screen scraper tool can be used to?
A. Remove fingerprints from glass screens
B. Capture keystrokes
C. Remove advertisements from web pages
D. Extract data from XML/HMTL-formatted data automatically
Answer: D
A screen scraper tool is used to automatically extract standardized formatted data, such as XML and HTML, from human-friendly output. This tool is often used to extract results from web search engines.
- Generally, a privacy policy is designed to protect what?
A. A user’s privacy
B. The public’s freedom
C. Intellectual property
D. A company’s right to audit
Answer: D
The purpose of a privacy policy is to inform users where they do and do not have privacy for the primary benefit of the protection of the company’s right to audit and monitor user activity.
- What form of security control is used to guide the implementation of an organization?
A. Directive control
B. Detective control
C. Corrective control
D. Preventive control
Answer: A
Directive controls are the means by which an organizational security policy is governed at the logical level.
- What basic access control mechanism is being used when all access is blocked unless a statement allows the access?
A. Constrained interface
B. Access control matrix
C. Explicit deny
D. Implicit deny
Answer: D
An implicit deny mechanism will block all access that is not explicitly allowed. A constrained interface reduces what is viewable to a user and an access control matrix identifies subjects and objects, and they both employ an implicit deny philosophy, but the question doesn’t describe them. An explicit deny philosophy requires a separate rule to deny specific access.
- The Bell-LaPadula access control model was designed to protect what aspect of security?
A. Confidentiality
B. Integrity
C. Accessibility
D. Authentication
Answer: A
The Bell-LaPadula model is focused on maintaining the confidentiality of objects. Bell-LaPadula does not address the aspects of object integrity or availability.
- Which of the following terms correctly describes all three of the following protocols: IPX/SPX, AppleTalk, and NetBEUI?
A. Routable protocols
B. Non-IP protocols
C. Layer 2 protocols
D. Stateful protocols
Answer: B
IPX/SPX, AppleTalk, and NetBEUI are examples of non-IP protocols.
- Which of the following encryption packages provides full disk encryption and is built into Microsoft Windows?
A. TrueCrypt
B. PGP
C. EFS
D. BitLocker
Answer: D
BitLocker is the full disk encryption package provided by Microsoft as a Windows component. EFS, while a component of Windows, does not provide full disk encryption. TrueCrypt and PGP are not Microsoft products.
- Which one of the following business impact assessment (BIA) tasks should be performed last?
A. Risk identification
B. Resource prioritization
C. Impact assessment
D. Likelihood assessment
Answer: B
Resource prioritization is the final step of the business impact assessment (BIA) process.
- Bob just received a message from Alice encrypted with the RSA algorithm. What key should he use to decrypt it?
A. Alice’s public key
B. Alice’s private key
C. Bob’s public key
D. Bob’s private key
Answer: D
Bob decrypts any messages he receives using his own private key.
- Most of the higher-order security models, such as Bell-LaPadula and Biba, are based on which of the following?
A. Take-Grant model
B. State machine model
C. Brewer and Nash model
D. Clark Wilson model
Answer: B
Most higher-order security models, such as Bell-LaPadula and Biba, are based on the state machine model (as well as the information flow and noninterference models).
- What technology allows for phone conversations to occur over an existing TCP/IP network and Internet connection?
A. IPSec
B. VoIP
C. SSH
D. TLS
Answer: B
VoIP (Voice over IP) allows for phone conversations to occur over an existing TCP/IP network and Internet connection.
- A security mechanism that verifies the effectiveness of directive and preventive controls is itself what type of control?
A. Corrective control
B. Directive control
C. Deceptive control
D. Detective control
Answer: D
Detective controls are, as the name suggests, mechanisms and means through which the effectiveness of preventive controls is verified.
- What term describes a secure channel for the TCB to communicate with the rest of the system?
A. Trusted path
B. Covert channel
C. Overt channel
D. IPSec session
Answer: A
A trusted path is a channel established with strict standards to allow necessary communication without exposing the TCB to security vulnerabilities.
- Which of the following means of cache poisoning relates to the relationship between a MAC address and an IP address?
A. HOSTS file poisoning
B. Caching server poisoning
C. Internet files cache poisoning
D. ARP poisoning
Answer: D
ARP performs the resolution of and maintains the local cache of mappings between MAC addresses and IP addresses. Thus, ARP poisoning affects the MAC to IP relationship. HOSTS file poisoning and caching server poisoning are DNS attacks, thus exploiting the relationship between FQDNs and IP addresses. Internet file cache poisoning is the planting of false code or other data in a browser’s file history.
- Which of the following is not a common component of third-party governance?
A. Document exchange and review
B. Full interruption testing
C. Onsite assessment
D. Process/policy review
Answer: B
Third-party governance typically includes onsite assessment, document exchange and review, and process/policy review. Full interruption testing is more often associated with DRP.
- The Goguen-Meseguer model is an ________ model based on predetermining the set or domain—a list of objects that a subject can access.
A. Integrity
B. Confidentiality
C. Non-interference
D. Availability
Answer: A
The Goguen-Meseguer model is an integrity model based on predetermining the set or domain—a list of objects that a subject can access.
- Which of the following is not typically a technique employed by software designers to ensure that a program does only what is required and nothing more?
A. Confinement
B. Bounds
C. Isolation
D. Throughput
Answer: D
Although throughput is an important factor in supporting availability, it is not a key technique employed by software designers to ensure that software does only what is required and nothing more.
- What type of chip often stores the firmware used by printers and other hardware devices?
A. ROM
B. PROM
C. EPROM
D. EEPROM
Answer: D
The BIOS firmware is normally stored on an EEPROM chip to allow for “flash” updates when the BIOS needs revision.
- The _______ plan is a midterm plan developed to provide more details on accomplishing the goals set forth in the ______ plan.
A. Tactical, strategic
B. Operational, strategic
C. Strategic, operational
D. Tactical, operation
Answer: A
The tactical plan is a midterm plan developed to provide more details on accomplishing the goals set forth in the strategic plan.
- Which one of the following business impact assessment variables is used to quantify the frequency with which a specific event is expected to occur over the course of a year?
A. AV
B. SLE
C. ARO
D. MTD
Answer: C
The annualized rate of occurrence (ARO) measures the frequency with which a specific event is expected to occur over the course of a year.
- What type of electrical component serves as the primary building block for static RAM chips?
A. Capacitor
B. Resistor
C. Flip-flop
D. Translator
Answer: C
Static RAM chips are built using a number of flip-flop transistors that retain their charge without requiring constant refreshing.
- What processor operating mode is designed to protect users from accidentally damaging the system through the execution of poorly designed code?
A. User mode
B. Privileged mode
C. System mode
D. Kernel mode
Answer: A
User mode is the basic mode used by the CPU when executing user instructions. It enables only a portion of the full CPU instruction set.
- What type of threat is often sponsored by a government?
A. Whaling
B. Spear-phishing
C. Advanced persistent threat
D. Rogueware
Answer: C
An advanced persistent threat (APT) refers to a group of attackers working together who are highly motivated, skilled, and patient and are often sponsored by a government. Whaling is a phishing attack that focuses on high-level executives and spear-phishing is a targeted phishing attack, but neither is commonly sponsored by a government. Rogueware is software that appears as free antivirus software but is actually malicious.
- What is the vulnerability or feature of a PBX system that allows for an external entity to piggyback onto the PBX system and make long-distance calls without being charged for the tolls?
A. Black box
B. DTMF
C. Vishing
D. Remote dialing
Answer: D
Remote dialing (aka hoteling) is the vulnerability or feature of a PBX system that allows for an external entity to piggyback onto the PBX system and make long-distance calls without being charged for the tolls.
- What can you use to ensure that users create strong passwords and do not reuse passwords?
A. Password length
B. Password complexity
C. Password history
D. Password policy
Answer: D
A password policy can ensure that users create strong passwords of sufficient length and complexity. Password policies can also track password history and prevent users from reusing passwords.
- What notion grants users only the access they need to complete their jobs tasks?
A. Due diligence
B. CIA Triad
C. Principle of least privilege
D. Due care
Answer: C
Granting users limited access only to those applications, functions, processes, or services necessary to fulfill their tasks is the principle of least privilege.
- What is an attempt to vigorously exercise the security constraints and parameters of a network, often using any means necessary?
A. Ethical hacking
B. Penetration testing
C. War dialing
D. Brute force
Answer: B
Penetration testing is the process of exercising, validating, and verifying the state of security on a network.
- How many new cryptographic keys must be generated when a user is removed from an already-functioning public key encryption system?
A. Zero
B. One
C. Two
D. All keys
Answer: A
The removal of a user from a public key cryptosystem does not require the generation of any new keys. A message merely needs to be sent to all participants revoking the former user’s key pair.
- Spamming attacks occur when numerous unsolicited messages are sent to a victim. Because enough data is sent to the victim to prevent legitimate activity, it is also known as what?
A. Sniffing
B. Denial of service
C. Brute-force attack
D. Buffer overflow attack
Answer: B
A spamming attack (sending massive amounts of unsolicited email) can be used as a type of denial-of-service attack. It doesn’t use eavesdropping methods, so it isn’t sniffing. Brute-force methods attempt to crack passwords. Buffer overflow attacks send strings of data to a system in an attempt to cause it to fail.