P/E 4 Flashcards

1
Q
  1. What security protocol was developed specifically to protect communications between web servers and web browsers?

A. L2F
B. SKIP
C. SWIPE
D. SSL

A

Answer: D

Secure Sockets Layer (SSL) is an encryption protocol developed by Netscape to protect the communications between a web server and a web browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What is the difference between residual risk and total risk?

A. Budget
B. Human resource allocation
C. Controls gap
D. Fault tolerance

A

Answer: C

The controls gap is the difference between total risk and risudual risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. If you require the most advanced and complete method of off-site backup, what option do you choose?

A. Manual backups
B. Automated backups
C. Remote mirroring
D. Remote journaling

A

Answer: C

Remote mirroring is the most advanced, complete, and expensive off-site backup solution. With this solution, a live database server is kept off site at some secure remote location.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. If a specific step-by-step guide does not exist that prescribes how to accomplish a necessary task, which of the following is used to create such a document?

A. Policy
B. Standard
C. Procedure
D. Guideline

A

Answer: D

A guideline offers recommendations on how standards and baselines are implemented and serves as an operational guide for both security professionals and users. Guidelines are flexible so they can be customized for each unique system or condition and can be used in the creation of new procedures (i.e., step-by-step guides).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. In what level of the Capability Maturity Model for Software do software developers operate according to a set of formal, documented software development processes?

A. Initial
B. Repeatable
C. Defined
D. Managed

A

Answer: C

In the Defined stage of the CMM, all development projects take place within the constraints of a standardized management model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Which firewall type looks exclusively at the message header to determine whether to transmit or drop data?

A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering

A

Answer: A

A static packet-filtering firewall filters traffic by examining data from a message header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Which of the following is not a risk related to cell phone usage?

A. Data interception
B. Switch console port access
C. Eavesdropping
D. Cloning

A

Answer: B

A switch console port exists only on a switch; a cell phone cannot be used to access such ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. In an agile software development process, how often should business users be involved in development?

A. Daily
B. Weekly
C. Monthly
D. At each release

A

Answer: A

The agile development process requires that business users interact with developers on a daily basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. A made-up network designed to lure unsuspecting attackers with low-hanging fruit is called what?

A. IDS
B. Honeynet
C. Padded cell
D. Vulnerability scanner

A

Answer: B

Honeynets are entire networks created to serve as a snare for intruders. They look and act like legitimate networks, but they are 100 percent fake. Honeynets tempt intruders with seemingly vulnerable systems with attractive artificial data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which one of the following cipher types operates on individual characters or bits of a message without knowledge of what came before or after?

A. Stream cipher
B. Caesar cipher
C. Block cipher
D. ROT3 cipher

A

Answer: A

Stream ciphers operate on one character or bit of a message (or data stream) at a time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. Which type of access control system relies on using classification labels that are representative of security domains and realms?

A. Nondiscretionary access control
B. Mandatory access control
C. Discretionary access control
D. Logical access control

A

Answer: B

Mandatory access control enforces an access policy that is determined by the system, not the object owner.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What are the well-known ports?

A. 0 to 1,023
B. 80, 135, 110, 25
C. 0 to 65, 536
D. 32,000 to 65,536

A

Answer: A

Ports 0 to 1,023 are the well-known ports.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Which of the following is nested RAID involving the mirroring of striped drive sets with evenly distributed parity data?

A. RAID 1
B. RAID 6
C. RAID 1+5
D. RAID 1+0

A

Answer: C

RAID 1+5 is nested RAID involving the mirroring (RAID 1) of striped drive sets with evenly distributed parity data (RAID 5).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following is not an element of configuration management?

A. Supporting rollback
B. Detailed documentation
C. Systematic analysis of impending alterations
D. Use of the spiral model of project management

A

Answer: D

The spiral model of project management does not directly relate to configuration management. Configuration management is about managing change that could result in reduced security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. Which of the following is not a technique to avoid a single point of failure?

A. RAID
B. Redundant servers or clusters
C. High-speed network connection
D. Failover solutions

A

Answer: C

A high-speed network connection is not a single point of failure avoidance technique, especially if you have only one.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. The __________ model focuses on preventing interference in support of integrity. This model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.

A. Biba
B. Take grant
C. Goguen−Meseguer
D. Sutherland

A

Answer: D

The Sutherland model focuses on preventing interference in support of integrity. This model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. Which state is not considered to have a very high risk for seismic hazard?

A. Alaska
B. Oregon
C. Idaho
D. Georgia

A

Answer: D

Alaska, Oregon, and Idaho are located in regions that are rated high on seismic activity; Georgia, however, has its own unique set of environmental weather conditions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. Which of the following is not part of RFC 1918?

A. 169.254.1.1
B. 192.168.1.1
C. 172.16.1.1
D. 10.1.1.1

A

Answer: A

The 169.254.x.x range is usually employed by the Microsoft APIPA response to failed DHCP services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. In a discussion of high-speed telco links or network carrier services, what does fault tolerance mean?

A. Error checking
B. Redundancy
C. Flow control
D. Bandwidth on demand

A

Answer: B

In a discussion of high-speed telco links or network carrier services, fault tolerance means to have redundant connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. What technique is used by antivirus software to detect behavior deviating from normal patterns of activity?

A. Signature detection
B. Heuristic detection
C. Data integrity assurance
D. Automated reconstruction

A

Answer: B

Heuristic detection techniques develop models of normal activity and then identify deviations from that baseline.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. Coordinated attack efforts that leverage key mechanisms in legitimate network traffic or protocol responses that disrupt or inhibit service to some network infrastructure are what form of attack?

A. Distributed denial of service
B. Denial of service
C. Diffracted denial of service
D. Distributed reflective denial of service

A

Answer: D

Coordinated attack efforts between cooperative machines using traffic in an entirely legitimate manner are distributed reflective denial of service attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. The __________ of a process consist of limits set on the memory addresses and resources it can access. This also states or defines the area within which a process is confined.

A. Isolation
B. Bounds
C. Confinement
D. Authentication

A

Answer: B

The bounds of a process consist of limits set on the memory addresses and resources it can access. The bounds state or define the area within which a process is confined.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. How many keys are assigned each participant in an asymmetric cryptosystem?

A. One
B. Two
C. Four
D. One per user

A

Answer: B

Each participant in an asymmetric cryptosystem is issued two keys: a public key and a private key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. Darcy’s Doodles is an electronic content provider hosting websites related to art. The IT staff of Darcy’s Doodles is concerned about the risk of an earthquake destroying their data center, which is valued at $8,000,000. After consulting with seismologists, they determined that an earthquake is likely to occur once every 50 years and, if one occurred, it would completely destroy the facility. What is the ARO?

A. 1 percent
B. 2 percent
C. 20 percent
D. 50 percent

A

Answer: B

The annualized rate of occurrence (ARO) is the likelihood that a risk will materialize in a given year. In this example, the risk will occur once out of every 50 years, 1/50 = 2%.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. What can vulnerability scanners do?

A. They actively scan for intrusion attempts.
B. They serve as a form of enticement.
C. They locate known security holes.
D. They automatically reconfigure a system to a more secured state.

A

Answer: C

Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports and make recommendations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
  1. Which subset of the Structured Query Language is used to create and modify the database schema?

A. Data Definition Language
B. Data Structure Language
C. Database Schema Language
D. Database Manipulation Language

A

Answer: A

The Data Definition Language (DDL) is used to make modifications to a relational database’s schema.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
  1. Matthew received a digitally signed message sent by Christopher. What key should he use to verify the digital signature?

A. Matthew’s public key
B. Matthew’s private key
C. Christopher’s public key
D. Christopher’s private key

A

Answer: C

The recipient of a message uses the sender’s public key to verify the digital signature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
  1. What is the minimum number of cryptographic keys required for secure two-way communications in asymmetric key cryptography?

A. One
B. Two
C. Three
D. Four

A

Answer: D

In asymmetric (public key) cryptography, each communicating party must have a pair of public and private keys. Therefore, two-way communication between parties requires a total of four cryptographic keys (a public and a private key for each user).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
  1. The Caesar cipher is an example of what type of cryptographic algorithm?

A. Substitution
B. Polyalphabetism
C. Transposition
D. Diffusion

A

Answer: A

The Caesar cipher is a simple substitution cipher where each letter of a message is changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
  1. ___________ is a form of programming attack that is used to either falsify information being sent to a visitor or cause their system to give up information without authorization.

A. SQL injection
B. Buffer overflow
C. DDoS
D. XML exploitation

A

Answer: D

XML exploitation is a form of programming attack that is used to either falsify information being sent to a visitor or cause their system to give up information without authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
  1. A _______________ contains levels with various compartments that are isolated from the rest of the security domain.

A. Hybrid environment
B. Compartmentalized environment
C. Hierarchical environment
D. Security environment

A

Answer: A

Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q
  1. What organization issued RFC 1087, Ethics and the Internet?

A. (ISC)2
B. Internet Advisory Board
C. SANS
D. NIST

A

Answer: B

The document Ethics and the Internet was issued as RFC 1087 by the Internet Advisory Board.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
  1. In public key cryptography, what key does the sender of a message use to encrypt it?

A. The sender’s private key
B. The sender’s public key
C. The recipient’s private key
D. The recipient’s public key

A

Answer: D

In public key cryptography, the sender of a message encrypts it using the recipient’s public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q
  1. What security model is based on dynamic changes of user privileges and access based on user activity?

A. Sutherland
B. Brewer–Nash
C. Biba
D. Graham–Denning

A

Answer: B

The Brewer–Nash model is based on dynamic changes of user privileges and access based on user activity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q
  1. What are used to inform would-be intruders or those who attempt to violate security policy that their intended activities are restricted and that any further activities will be audited and monitored?

A. Interoffice memos
B. Honeypots
C. Warning banners
D. Pseudo flaw

A

Answer: C

Warning banners are used to inform would-be intruders or those who attempt to violate the security policy that their intended activities are restricted and that any further activities will be audited and monitored. Interoffice memos are limited to employees and wouldn’t include intruders. Honeypots are systems with fake data used to tempt attackers. Honeypots are often configured with pseudo flaws or false vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q
  1. Why is a purely quantitative approach not possible?

A. The mathematical formulas are too complex.
B. Historical occurrences are not helpful in prediction of future events.
C. Qualitative items cannot be accurately quantified.
D. Estimations of impact or exposure are based on actuarial tables and measurements of probability.

A

Answer: C

A purely quantitative approach is not possible because qualitative items cannot be accurately quantified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q
  1. What is a drawback to using VPNs when a firewall is present?

A. You can’t filter on encrypted traffic.
B. VPNs cannot cross firewalls.
C. Firewalls block all outbound VPN connections.
D. Firewalls greatly reduce the throughput of VPNs.

A

Answer: A

Firewalls are unable to filter on encrypted traffic within a VPN, which is a drawback. VPNs can cross firewalls. Firewalls do not have to always block outbound VPN connections. Firewalls usually only minimally affect the throughput of a VPN and then only when filtering is possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
  1. What is the primary purpose of most viruses today?

A. Infecting word processor documents
B. Creating botnets
C. Destroying data
D. Sending spam

A

Answer: B

Most viruses are designed to add systems to botnets, where they are later used for other nefarious purposes, such as sending spam or participating in distributed denial of service attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q
  1. What is hybrid risk assessment?

A. Use of internal and external analysts
B. Use of quantitative and qualitative approaches
C. Use of dictionary and brute-force techniques
D. Use of compartmented and hierarchical structures

A

Answer: B

Hybrid risk assessment is a combination of both quantitative and qualitative approaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q
  1. What element of security control includes access controls, alarms, CCTV, and monitoring?

A. Administrative physical control
B. Technical physical security control
C. Logistical security control
D. Physical security control

A

Answer: B

Technical physical security controls include access controls; intrusion detection; alarms; closed-circuit television (CCTV); monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q
  1. What nontraditional alternative recovery site is made up of transportable relocation units?

A. Off-site bureau
B. Service bureau
C. Mobile site
D. Mobility suite

A

Answer: C

Mobile sites are nonmainstream alternatives to traditional recovery sites. They typically consist of self-contained trailers or other easily relocated units.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q
  1. Which of the following is a drawback of classification schemes?

A. They have a large administrative overhead for larger environments.
B. They lend credence to the selection of protection mechanisms.
C. They assist in identifying those assets that are most critical or valuable to the organization.
D. They are often required for regulatory compliance or legal restrictions.

A

Answer: A

A drawback of classification schemes, especially as implemented via a mandatory access control concept, is that they require significant administration for a large organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q
  1. Which form of DBMS primarily supports the establishment of treelike relationships?

A. Relational
B. Hierarchical
C. Mandatory
D. Distributed

A

Answer: B

A hierarchical DBMS supports one-to-many relationships, often expressed in a tree structure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q
  1. Senior management must show reasonable ___________________ to reduce their culpability and liability when a loss occurs.

A. Profits
B. Insurance
C. Due care
D. Asset valuation

A

Answer: C

Senior management must show reasonable due care to reduce their culpability and liability when a loss occurs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q
  1. Which one of the following systems would be appropriately placed in the DMZ?

A. Database server
B. User workstation
C. Domain controller
D. Web server

A

Answer: D

The DMZ is designed to house systems that require public access. The web server is the only option on this list that should be exposed to the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q
  1. Many of the following options reflect best practices when engaging penetration testing to validate and verify the strength of your security policy. Which of the following is not recommended?

A. Mimicking attacks previously perpetrated against your system
B. Performing the attacks without management’s consent
C. Using manual and automated attack tools
D. Reconfiguring the system to resolve any discovered vulnerabilities

A

Answer: B

You should never conduct a formal or informal penetration test against any company without the advanced knowledge and express consent of management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q
  1. Which of the following is a possible effective key length of the Triple DES (3DES) encryption algorithm?

A. 40 bits
B. 56 bits
C. 128 bits
D. 168 bits

A

Answer: D

Triple DES has an effective key length of 168 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q
  1. In the Biba model, what rule prevents a user from reading from lower levels of classification?

A. Star axiom
B. Simple property
C. No read up
D. No write down

A

Answer: A

The Biba simple property rule/star axiom is “no read down.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q
  1. In what type of software testing must the tester not have access to the underlying source code?

A. Static testing
B. White box testing
C. Gray box testing
D. Black box testing

A

Answer: D

In a black box test, the tester must not have access to the application’s source code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q
  1. The lack of data flow control could result in all but which of the following?

A. Dropped connections
B. Corrupted data
C. Quality of service management
D. Self-inflicted denial of service

A

Answer: C

Failing to provide data flow control means failing to provide quality of service management as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q
  1. What document should state where critical business information will be stored?

A. Business impact assessment
B. Statement of purpose
C. Vital records program
D. Emergency-response guidelines

A

Answer: C

The vital records program states where critical business records will be stored and the procedures for making and storing backup copies of those records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q
  1. When assigning a classification label, which of the following is not an essential criterion?

A. Value or cost
B. Data disclosure damage assessment
C. Source or origin
D. Maturity or age

A

Answer: C

The source or origin of a resource is rarely a serious criterion in the assignment of a classification label. The other options are just a few of the important criteria of classification assignment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q
  1. Which of the following is the best method to protect against rainbow-table attacks?

A. Encrypting passwords sent over the network
B. Enable firewalls
C. Keeping systems up to date
D. Salting passwords

A

Answer: D

Salting passwords can reduce the effectiveness of rainbow table attacks. Rainbow-table attacks are offline password attacks, so encrypting data sent over the network doesn’t directly protect against rainbow-table attacks. While keeping systems up to date and enabling firewalls is always a good idea, these do not directly protect against rainbow-table attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q
  1. Which one of the following types of evidence consists of tangible objects (such as a gun) that can be brought into court?

A. Documentary evidence
B. Real evidence
C. Testimonial evidence
D. Best evidence

A

Answer: B

Real evidence consists of items that can be brought into a courtroom, such as a gun, computer, or other tangible object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q
  1. Which one of the following attack types often takes place as a reconnaissance activity preceding another type of attack?

A. Compromise
B. Malicious code
C. Scanning
D. Denial of service

A

Answer: C

Hackers often use scanning attacks to gather intelligence about vulnerable systems that they may later attempt to compromise.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q
  1. What method is not integral to assuring effective and reliable security staffing?

A. Screening
B. Bonding
C. Training
D. Conditioning

A

Answer: D

Screening, bonding, and training are all vital procedures for ensuring effective and reliable security staffing because they verify the integrity and validate the suitability of said staffers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q
  1. Which of the following is an element of intangible asset valuation?

A. Support cost
B. Intellectual property value
C. Replacement cost
D. Training expense

A

Answer: B

While valuable, intellectual property value is an element of intangible asset valuation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q
  1. What technology may database developers use to restrict users’ access to a limited subset of database attributes or records?

A. Polyinstantiation
B. Cell suppression
C. Aggregation
D. Views

A

Answer: D

Database views use SQL statements to limit the amount of information that users can view from a table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q
  1. Which of the following statements is true of business continuity planning?

A. It prevents every possible disaster from interrupting business.
B. It limits the extent of damage for commonly occurring disasters.
C. It rewards the beneficiaries of disaster recovery.
D. It maximizes the insurance coverage against natural disaster.

A

Answer: B

BCP involves prepared and verified measures for protection of critical business operations from the effects of a loss, damage, or other failure of operational facilities providing crucial functions. Thus, it limits the extent of damage for commonly occurring disasters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q
  1. What sort of system defines subject access through subject roles (job descriptions) and subject tasks (job functions)?

A. Rule-based access control
B. Mandatory access control
C. Role-based access control
D. Discretionary access control

A

Answer: C

Role-based access control uses a well-defined collection of named job roles to endow each one with specific permissions, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q
  1. What is the second phase of the IDEAL software development model?

A. Developing
B. Diagnosing
C. Determining
D. Designing

A

Answer: B

The second phase of the IDEAL software development model is the Diagnosing stage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q
  1. What block size is used by the Triple DES encryption algorithm?

A. 32 bits
B. 64 bits
C. 128 bits
D. Variable

A

Answer: B

Both DES and Triple DES use a fixed block size of 64 bits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q
  1. What system may be used to verify digital certificates without latency?

A. CRL
B. OCSP
C. PGP
D. PKI

A

Answer: B

The Open Certificate Status Protocol (OCSP) eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q
  1. From within the Bell–LaPadula model, what is allowed to violate the star property, but when doing so does not actually violate security?

A. End users
B. Intruders
C. Root administrators
D. Trusted subject

A

Answer: D

A trusted subject can violate the star property of “no write down” in the act of declassification, which is not an actual violation of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q
  1. What type of evidence must be authenticated by a witness who can uniquely identify it or through a documented chain of custody?

A. Documentary evidence
B. Testimonial evidence
C. Real evidence
D. Hearsay evidence

A

Answer: C

Real evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q
  1. What element is not considered in a security-oriented design for any given facility or site?

A. Separation of employee and visitor areas
B. Restricted access levels to areas of higher value or importance
C. Centralized location of confidential assets
D. Optional access to all areas

A

Answer: D

Optional access should never be granted to all areas, especially where sensitive equipment or data is utilized and stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q
  1. How many keys are required to fully implement a symmetric algorithm with 20 participants?

A. 10
B. 20
C. 40
D. 190

A

Answer: D

The number of keys required to fully implement a symmetric encryption algorithm is given by the formula (n*(n-1))/2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q
  1. Which of the following may introduce new vulnerabilities to voice communications?

A. Modems
B. VoIP
C. Encryption
D. PBX

A

Answer: B

Voice over IP (VoIP), which transmits voice communications through an IP network, introduces network-specific vulnerabilities to voice communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q
  1. Which of the following is not true?

A. Complying with all applicable legal requirements is a key part of sustaining security.
B. It is often possible to disregard legal requirements if complying with regulations would cause a reduction in security.
C. The legal requirements of an industry and of a country should be considered the baseline or foundation on which the remainder of the security infrastructure must be built.
D. Industry and governments impose legal requirements, restrictions, and regulations on the practices of an organization.

A

Answer: B

Laws and regulations must be obeyed and security concerns must be adjusted accordingly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q
  1. A tunnel mode VPN is used to connect which types of systems?

A. Hosts and servers
B. Clients and terminals
C. Hosts and networks
D. Servers and domain controllers

A

Answer: C

Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is used to connect hosts to hosts. Host, server, client, terminal, and domain controller are all synonyms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q
  1. What type of detected incident allows the most time for an investigation?

A. Compromise
B. Denial of service
C. Malicious code
D. Scanning

A

Answer: D

Scanning incidents are generally reconnaissance attacks. The real damage to a system comes in the subsequent attacks, so you may have some time to react if you detect the scanning attack early.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q
  1. How might you map out the organizational needs for transfer to or establishment in a new facility?

A. Inventory assessment
B. Threat assessment
C. Risk analysis
D. Critical path analysis

A

Answer: D

Critical path analysis can be defined as the logical sequencing of a series of events such that planners and integrators possess considerable information for the decision-making process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q
  1. An attack pattern characterized by a series of invalid packet sequence numbers is called what?

A. Stream
B. Spamming
C. Distributed denial of service
D. Teardrop

A

Answer: D

In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the routines used to reassemble (that is, resequence) fragmented packets. An attacker sends numerous specially formatted fragmented packets to the victim, which causes the system to freeze or crash.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q
  1. Which of the following provides the best description of data purging?

A. Destroying media
B. Removing all data remnants from media
C. Degaussing optical media to remove data
D. Overwriting files

A

Answer: B

Purging is an intense method of clearing that removes all data remnants from media to prepare it for reuse in less secure environments. Purging leaves media in a reusable state, instead of destroying it. Degaussing does not remove data from optical media. Overwriting files isn’t a reliable method of removing data remnants.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q
  1. Which of the following choices is the most reliable method of destroying data on a CD?

A. Degaussing
B. Physical destruction
C. Deleting
D. Overwriting

A

Answer: B

Physical destruction is the most reliable method of destroying data on any media, including a CD. Degaussing won’t affect a CD. Deleting rarely deletes the data. Overwriting might destroy the data depending on the method used, but it isn’t as reliable as physical destruction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q
  1. A _____________is a type of new system deployment testing where the new system and the old system run simultaneously.

A. Parallel run
B. Simulation test
C. Black-box test
D. Stress test

A

Answer: A

A parallel run is a type of new system deployment testing where the new system and the old system are run in parallel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q
  1. Which is the most common form of perimeter security device or mechanism for any given business?

A. Security guards
B. Fences
C. Badges
D. Lighting

A

Answer: D

Lighting is by far the most pervasive and basic element of security because it illuminates areas and makes signs of hidden danger visible to all.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q
  1. Which of the following individuals are not responsible for preserving the chain of custody of evidence?

A. Police investigators
B. Court reporters
C. Evidence technicians
D. Attorneys

A

Answer: B

Court reporters generally do not handle evidence and are not subject to maintaining the chain of custody.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q
  1. What character, if eliminated from all web form input, would prevent the execution of most common cross-site scripting attacks?

A. $
B. &
C. >
D. #

A

Answer: C

Cross-site scripting attacks must pass the tag to a browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q
  1. What US federal law prohibits attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder?

A. Digital Millennium Copyright Act
B. Trade Secrets Act
C. Copyright Enhancement Act
D. USA PATRIOT Act

A

Answer: A

The Digital Millennium Copyright Act contains provisions prohibiting the circumvention of copyright protection mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q
  1. What type of intellectual property protection is commonly used to cover literary works (including computer software)?

A. Copyright
B. Trademark
C. Patent
D. Service mark

A

Answer: A

Literary works are one of the categories of intellectual property covered by copyright law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q
  1. What type of system is authorized to process data at different classification levels only when all users have authorized access to those classification levels?

A. Compartmented mode system
B. System-high mode system
C. Multilevel mode system
D. Dedicated mode system

A

Answer: B

Systems running in system-high mode are authorized to process data at different classification levels only if all system users have access to the highest level of classification processed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q
  1. What malicious code avoidance technique provides users with the ability to identify code originating from a trusted source?

A. Sandboxing
B. Control signing
C. Whitelisting
D. Access permissions

A

Answer: B

Control signing utilizes a system of digital signatures to ensure that the code originates from a trusted source. It is up to the end user to determine whether the authenticated source should be trusted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q
  1. The tendency for various technologies, solutions, utilities, and systems to evolve and merge over time is known as what?

A. Security governance
B. Technology convergence
C. OWASP
D. Threat modeling

A

Answer: B

Technology convergence is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q
  1. Which of the following malicious code objects was likely designed as a weapon of war?

A. Good Times
B. Confickr
C. Stuxnet
D. Melissa

A

Answer: C

The Stuxnet worm was allegedly designed by American and/or Israeli military forces in an attempt to disrupt the Iranian nuclear program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q
  1. What tool or organization is an open repository of information and tools focusing on improving security for online or web-based applications?

A. CVE
B. PCI DSS
C. OWASP
D. XSS

A

Answer: C

OWASP (Open Web Application Security Project) is a nonprofit security project focusing on improving security for online or web-based applications. OWASP is not just an organization; it is also a large community that works together to freely share information, methodology, tools, and techniques related to better coding practices and more secure deployment architectures. For more information on OWASP and to participate in the community, visit their website at www.owasp.org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q
  1. Under what method are database backups bulk transferred to off-site recovery locations?

A. Electronic billing
B. Electronic payment
C. Electronic vaulting
D. Electronic safekeeping

A

Answer: C

Electronic vaulting automatically backs up data to a secure site where storage professionals at the vaulting company’s site handle the details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q
  1. What form of password attack utilizes a preassembled lexicon of terms and their permutations?

A. Rainbow tables
B. Dictionary word list
C. Brute force
D. Educated guess

A

Answer: B

Dictionary word lists are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q
  1. What is the primary means by which fax communications can be made secure?

A. Nonrepudiation controls
B. Limited access
C. Authentication
D. Encryption

A

Answer: D

The primary means by which fax communications can be secured is to use encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q
  1. What is the size of the master boot record on a system installed with a typical configuration?

A. 256 bytes
B. 512 bytes
C. 1,024 bytes
D. 2,048 bytes

A

Answer: B

The master boot record is a single sector of a floppy disk or hard drive. Each sector is normally 512 bytes. The MBR contains only enough information to direct the proper loading of the operating system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q
  1. What are the consequences for CISSPs who violate the Code of Ethics?

A. Criminal sanctions
B. Civil sanctions
C. Loss of certification
D. Public humiliation

A

Answer: C

CISSPs who violate the (ISC)2 Code of Ethics are subject to certification revocation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q
  1. During what type of penetration test does the tester have no access to system configuration information?

A. Black box penetration test
B. White box penetration test
C. Gray box penetration test
D. Red box penetration test

A

Answer: A

During a black box penetration test the testers have no access to configuration information about the system being tested.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q
  1. Which one of the following methods is not a valid method of destroying data on a hard drive?

A. Purging the drive with a software program
B. Copying data over the existing data
C. Removing the platters and shredding them
D. Removing the platters and disintegrating them

A

Answer: B

Copying data over existing data is not reliable because data may remain on the drive as data remanence. Some software programs can overwrite the data with patterns of 1s and 0s to destroy the data. Shredding or disintegrating the platters will destroy the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q
  1. What form of attack prevents systems or services from processing or responding to legitimate traffic and network resources?

A. Brute force
B. Denial of service
C. Spamming
D. Sniffing

A

Answer: B

Denial of service attacks seek to shut down or stifle network response and congest traffic so that legitimate data cannot be handled in a timely fashion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q
  1. What is the biggest problem with computer-based information when used as evidence?

A. It is considered hearsay.
B. It is fragile.
C. It cannot be contained.
D. Its nature is intangible.

A

Answer: D

You should realize that most computer evidence is intangible, meaning it is electronic and magnetically stored information that is vulnerable to erasure, corruption, and other forms of damage. Although computer evidence is usually considered hearsay, there is an exception to the hearsay rule that makes it admissible (specifically if it was created by a normal business operation and supported by a witness).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q
  1. What form of interference is generated by a difference in power between hot and neutral wires of a power source?

A. Radio frequency interference
B. Cross-talk noise
C. Traverse mode noise
D. Common mode noise

A

Answer: C

Traverse mode noise is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q
  1. Which of the following is a valid definition of a closed system?

A. A system designed to work well with a narrow range of other systems, generally all from the same manufacturer
B. A system where the source code and other internal logic is exposed to the public
C. A system designed using agreed-upon industry standards
D. A system where the source code and other internal logic is hidden from the public

A

Answer: A

A closed system is designed to work well with a narrow range of other systems, generally all from the same manufacturer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q
  1. What attack pattern is characterized by specially crafted inputs issued to a vulnerable application or service?

A. Hijacking
B. Buffer overflow
C. Man in the middle
D. Brute force

A

Answer: B

In many cases, a buffer overflow attack will involve specially crafted, typically oversized inputs in an attempt to overwrite critical application data and disrupt or redirect program execution flow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q
  1. Darcy’s Doodles is an electronic content provider hosting websites related to art. The IT staff of Darcy’s Doodles is concerned about the risk of an earthquake destroying their data center, which is valued at $8,000,000. After consulting with seismologists, they determined that an earthquake is likely to occur once every 50 years and, if one occurred, it would completely destroy the facility. What is the ALE?

A. $80,000
B. $160,000
C. $1,600,000
D. $8,000,000

A

Answer: B

The annualized loss expectancy (ALE) is the product of the annualized rate of occurrence (ARO) and the single loss expectancy (SLE). The ARO in this example is 2 percent and the SLE is $8,000,000, giving an ALE of $160,000.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q
  1. Which of the following types of IDS is effective only against known attack methods?

A. Host based
B. Network based
C. Knowledge based
D. Behavior based

A

Answer: C

A knowledge-based IDS is effective only against known attack methods, which is its primary drawback.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q
  1. Which one of the following is not a safe harbor requirement for US companies doing business in Europe?

A. Notice
B. Choice
C. Onward transfer
D. Accountability

A

Answer: D

Accountability is not one of the seven safe harbor requirements.

102
Q
  1. Which of the following is not a requirement for a cryptographic hash function?

A. Variable-length input
B. Fixed-length output
C. Easy to compute
D. Easy to reverse

A

Answer: D

Hash functions must be one-way functions, meaning that they are impossible to reverse.

103
Q
  1. Abnormal or unauthorized activities detectable to an IDS include which of the following? (Choose all that apply.)

A. External connection attempts
B. Execution of malicious code
C. Access to controlled objects
D. None of the above

A

Answer: A;B;C

IDSs watch for violations of confidentiality, integrity, and availability. Attacks recognized by IDSs can come from external connections (such as the Internet or partner networks), viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.

104
Q
  1. What aspect of an organizational security policy, procedure, or process affects all other aspects?

A. Awareness training
B. Logical security
C. Disaster recovery
D. Physical security

A

Answer: D

Physical security is the most prominent aspect of an organizational security policy because it directly and indirectly influences all other forms. Without physical security, no other processes and procedures are reliable.

105
Q
  1. Which of the following is not a valid security measure to protect against brute-force and dictionary attacks?

A. Enforce strong passwords through a security policy.
B. Maintain strict control over physical access.
C. Require all users to log in remotely.
D. Use two-factor authentication.

A

Answer: C

Requiring users to log in remotely does not protect against password attacks such as brute-force or dictionary attacks. Strong password policies, physical access control, and two-factor authentication all improve the protection against brute-force and dictionary password attacks.

106
Q
  1. A flooding attack designed to overwhelm a web server is an example of what category of attack?

A. Grudge
B. Denial of service
C. Reconnaissance
D. Malicious code

A

Answer: B

Denial-of-service attacks are designed to reduce the availability of services to authorized users.

107
Q
  1. What of the following is not a form of physical identification or electronic access control?

A. Security gate
B. Security badge
C. Smart card
D. Token device

A

Answer: A

A security gate is a form of physical control that may involve the use of physical identification or electronic access control but is not either one itself.

108
Q
  1. What part of the Common Criteria specifies the claims of security from the vendor that are built into a target of evaluation?

A. Protection profiles
B. Evaluation assurance level
C. Certificate authority
D. Security target

A

Answer: D

Security targets (STs) specify the claims of security from the vendor that are built into a TOE.

109
Q
  1. Coordinated attack efforts against an infrastructure or system that limits or restricts its capacity to process legitimate traffic is what form of network-driven attack?

A. Denial of service
B. Distributed denial of service
C. Distributed reflective denial of service
D. Differential denial of service

A

Answer: B

Coordinated attacks between several cooperative machines using traffic in an illegitimate way is a distributed denial of service attack.

110
Q
  1. Security Association Markup Language (SAML) attacks often focus on?

A. Web-based authentication
B. Data theft
C. Man-in-the-middle attacks
D. Screen scraping

A

Answer: A

SAML attacks are often focused on web-based authentication.

111
Q
  1. Which of the following is the highest security classification for a government/military organization?

A. Classified
B. Top secret
C. Sensitive
D. Sensitive but unclassified

A

Answer: B

Top secret is the highest security classification for a government/military organization.

112
Q
  1. What RFC contains the Internet Advisory Board’s statement on ethics and the Internet?

A. RFC 1087
B. RFC 1918
C. RFC 2048
D. RFC 2296

A

Answer: A

RFC 1087 outlines the IAB’s position on proper use of the Internet.

113
Q
  1. What wireless communication technique employs a form of serial communication?

A. Spread spectrum
B. FHSS
C. DSSS
D. OFDM

A

Answer: B

Frequency Hopping Spread Spectrum (FHSS) was an early implementation of the spread spectrum concept. However, instead of sending data in a parallel fashion, it transmits data in a series while constantly changing the frequency in use.

114
Q
  1. An important reason to maintain separate work areas between different levels of employees is the prevention of which of the following?

A. Collision
B. Collusion
C. Shoulder surfing
D. Plain-text attack

A

Answer: C

If an employee with a lower level of clearance can be present in an area of higher clearance, then that employee may be able to see sensitive information on displays (i.e., shoulder surfing).

115
Q
  1. Using an insular padded cell on your network for protection to isolate intruders functions on what principle?

A. The data offered by the padded cell is what originally attracts the attacker.
B. Padded cells are a form of entrapment.
C. The intruder is seamlessly transitioned into the padded cell once they are detected.
D. Padded cells are used to test a system for known vulnerabilities

A

Answer: C

When an intruder is detected by an IDS, they are transferred to a padded cell. The transfer of the intruder into a padded cell is performed automatically, without informing the intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities.

116
Q
  1. Which one of the following passwords is least likely to be compromised during a dictionary attack?

A. gniteelf
B. consistent
C. surprise2me
D. EbrEl4a

A

Answer: D

Except option D, the choices are forms of common words that might be found during a dictionary attack. gniteelf is simply fleeting spelled backward and consistent is a dictionary word. surprise2me combines two dictionary words. Crack and other utilities can easily see through these “sneaky” techniques. Option D is simply a random string of characters that a dictionary attack would not uncover.

117
Q
  1. What is the point and purpose of disaster recovery services?

A. To prevent interruption to business operations
B. To prevent intrusion upon business operations
C. To provide restoration facilities to continue business operations
D. To provide personnel for provisioning rations to survivors

A

Answer: C

Disaster recovery services provide restoration facilities to continue business operations.

118
Q
  1. How many keys are required to fully implement a symmetric encryption algorithm with eight participants?

A. 8
B. 16
C. 28
D. 56

A

Answer: C

The number of keys required to fully implement symmetric encryption is computed using the formula (n(n - 1)) / 2. In this case (87) / 2 = 28.

119
Q
  1. Which of the following types of WAN connections offer the least assurance of communications?

A. Dedicated lines
B. Nondedicated lines
C. Leased lines
D. Point-to-point link lines

A

Answer: B

Nondedicated leased lines offer the least assurance of communication because they require a link to be established before communication can take place. If all circuits for that connection type are currently in use, a connection will not be established, thus no communications.

120
Q
  1. How can you protect your business against failure of a software vendor to provide support for its products if it goes out of business?

A. Software escrow
B. Disaster recovery plan
C. Business continuity plan
D. Mutual assistance agreements

A

Answer: A

A software escrow arrangement is a unique tool used to protect a company against unsupportive or out-of-business vendors.

121
Q
  1. Which component of the CIA Triad has the most avenues or vectors of attack and compromise?

A. Confidentiality
B. Integrity
C. Availability
D. Accountability

A

Answer: C

Availability has the most avenues or vectors of attack and compromise. Availability can be affected by damaging the resource, compromising the resource host, interfering with communications, or attacking the client.

122
Q
  1. What is the point and purpose of disaster recovery planning?

A. To repair business machines during periods of downtime
B. To relieve personnel of administrative duty during a disaster
C. To restore business to full operational capacity after a disaster
D. To restart business systems after weathering a disaster

A

Answer: C

DRP covers the procedures to be followed should a disaster (fire, flood, and so on) occur. The point and purpose of disaster recovery planning is to restore business to full operational capacity after a disaster.

123
Q
  1. Which one of the following types of attack is most difficult to defend against?

A. Scanning
B. Malicious code
C. Grudge
D. Distributed denial of service

A

Answer: D

It is very difficult to defend against distributed denial-of-service attacks due to their sophistication and complexity.

124
Q
  1. When an organization is attempting to identify risks, what should they identify first?

A. Assets
B. Threats
C. Vulnerabilities
D. Public attacks

A

Answer: A

An organization must first identify the value of assets when identifying risks so that they can focus on the potential risks for their most valuable assets. They can then identify threats and vulnerabilities related to these assets. Public attacks can be evaluated to determine if they present a risk to the organization, but this should not be the first step.

125
Q
  1. Third-party governance cannot be mandated for whom?

A. Internal entities
B. External consultants and suppliers
C. Subsidiaries
D. Commercial competitors

A

Answer: D

Commercial competitors or any other entity that is not directly connected or related to the primary organization cannot have that organization’s third-party governance mandated or forced on them.

126
Q
  1. Which one of the following individuals is most likely to cause serious intentional damage to a business’s computing resources?

A. Malicious insider
B. Terrorist
C. Criminal
D. Script kiddie

A

Answer: A

The malicious insider poses the greatest risk to your organization because they might already have access to your systems and a working knowledge of your infrastructure.

127
Q
  1. What type of cipher relies on changing the actual characters within a message to achieve confidentiality?

A. Stream cipher
B. Transposition cipher
C. Block cipher
D. Substitution cipher

A

Answer: D

Substitution ciphers change the values of individual characters in a message.

128
Q
  1. What is the best defensive action that system administrators can take against the threat posed by new malicious code objects that exploit known software vulnerabilities?

A. Update antivirus definitions monthly.
B. Install antiworm filters on the proxy server.
C. Apply security patches as they are released.
D. Prohibit Internet use on the corporate network.

A

Answer: C

The vast majority of new malicious code objects exploit known vulnerabilities that were already addressed by software manufacturers. The best action administrators can take against new threats is to maintain the patch level of their systems.

129
Q
  1. A server administrator recently modified the configuration for a server to improve performance. Unfortunately, when an automated script runs once a week, the modification causes the server to reboot. It took several hours of troubleshooting to ultimately determine the problem wasn’t with the script but instead with the modification. What could have prevented this?

A. Vulnerability management
B. Patch management
C. Change management
D. Blocking all scripts

A

Answer: C

An effective change management program helps prevent outages from unauthorized changes. Vulnerability management helps detect weaknesses but wouldn’t block the problems from this modification. Patch management ensures systems are kept up to date. Blocking scripts removes automation, which would increase the overall workload.

130
Q
  1. What is the primary purpose of change management?

A. To prevent unwanted reductions to security
B. To allow management to review all changes
C. To delay the release of mission-critical patches
D. To improve productivity of end users

A

Answer: B

The primary purpose of change management is to allow management to review all changes. However, it is true that the overall goal of change management is to prevent unwanted reductions to security.

131
Q
  1. Which of the following should be done to a user’s account when an employee leaves the organization?

A. Delete the user’s account
B. Change the user’s password
C. Modify the user’s privileges
D. Disable the user’s account

A

Answer: D

It’s important to disable the user’s account as soon as possible when the employee leaves. Because the account might be needed to access encrypted resources, it should not be deleted right away. Changing the user’s password or modifying the user’s privileges leaves open the possibility of someone using the account.

132
Q
  1. Which of the following is not a feature of packet switching?

A. Bursty traffic focused
B. Fixed known delays
C. Sensitive to data loss
D. Supports any type of traffic

A

Answer: B

Packet switching has variable delays; circuit switching has fixed known delays.

133
Q
  1. Which one of the following is best suited to transmit sensitive data over a network?

A. SCP
B. FTP
C. HTTP
D. L2TP

A

Answer: A

Secure Copy (SCP) encrypts data with Secure Shell (SSH) and is the best choice of the available answers to transmit sensitive data over a network. File Transfer Protocol (FTP), Hypertext Transfer Protocol (HTTP), and Layer 2 Tunneling Protocol (L2TP) transmit data over a network in clear text unless they are combined with another protocol to encrypt the traffic.

134
Q
  1. Who is responsible for authoring the principle that can be summed up as “the enemy knows the system”?

A. Rivest
B. Schneier
C. Kerckchoffs
D. Shamir

A

Answer: C

Kerckchoffs’s principle states that a cryptographic system should remain secure even when all details of the system, except the key, are public knowledge.

135
Q
  1. When is it acceptable to include your opinion about the causes of an incident in an incident report?

A. Never; you should include only facts in your report.
B. Only when requested by management.
C. Only when you clearly delineate opinion from fact in your report.
D. Always, under any circumstances.

A

Answer: C

You may include your opinion in an incident report, but you must be careful to clearly differentiate between fact and opinion.

136
Q
  1. What advanced virus type uses more than one propagation technique?

A. Polymorphism
B. Stealth
C. Encryption
D. Multipartitism

A

Answer: D

Multipartite viruses use more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other.

137
Q
  1. ________________, such as that commonly found in firewall systems, is governed by a set of administrator-defined filters.

A. Rule-based access control
B. Role-based access control
C. Mandatory access control
D. Discretionary access control

A

Answer: A

Rule-based access control defines specific functions for access to requested objects.

138
Q
  1. What tool can an organization use to reduce or avoid risk when working with external vendors, consultants, or contractors?

A. IPSec
B. VPN
C. SLA
D. BCP

A

Answer: C

An SLA (service-level agreement) is a contract with an external entity and is an important part of risk reduction and risk avoidance. By clearly defining the expectations and penalties for external parties, everyone involved knows what is expected of them and what the consequences are in the event of a failure to meet those expectations.

139
Q
  1. Which of the following is not a canon of the (ISC)2 Code of Ethics?

A. Protect your colleagues.
B. Provide diligent and competent service to principals.
C. Advance and protect the profession.
D. Protect society.

A

Answer: A

The code of ethics does not require that you protect your colleagues.

140
Q
  1. Which of the following is not a reason for data classification?

A. Because securing everything at a low security level means sensitive data is easily accessible
B. To determine how much effort, money, and resources are allocated to protect the data and control access to it.
C. Because securing everything at a high security level is too expensive and restricts access to unclassified, noncritical data
D. To provide for nonrepudiation

A

Answer: D

Providing for nonrepudiation is not a reason for data classification.

141
Q
  1. What programming language(s) can be used to develop ActiveX controls for use on an Internet site?

A. Visual Basic
B. C
C. Java
D. All of the above

A

Answer: D

Microsoft’s ActiveX technology supports a number of programming languages, including Visual Basic, C, C++, and Java. On the other hand, only the Java language can be used to write Java applets.

142
Q
  1. In a _______________, each level or classification label in the security structure grants a subject access to objects equal to and lower than that level.

A. Hybrid environment
B. Hierarchical environment
C. Compartmentalized environment
D. Centralized environment

A

Answer: B

In a hierarchical environment, the various classification labels are assigned in an ordered structure from low security to medium security to high security.

143
Q
  1. Which one of the following countries cannot receive high-performance computers from the United States?

A. South Korea
B. Iran
C. Russia
D. England

A

Answer: B

Iran currently appears on the list of Tier 4 countries that cannot receive high-performance computers from the United States.

144
Q
  1. How is metadata generated?

A. By creating a data warehouse
B. By performing data mining
C. By hosting a data mart
D. By authoring a data dictionary

A

Answer: B

In the context of large databases and the activity of data analysis, metadata is created by performing data mining.

145
Q
  1. What type of attack uses malicious email and targets a group of employees within a single company?

A. Phishing
B. Spear phishing
C. Whaling
D. Vishing

A

Answer: B

Spear phishing targets a specific group of people such as a group of employees within a single company. Phishing goes to anyone without any specific target. Whaling is a form of phishing that targets high-level executives. Vishing is a form of phishing that commonly uses Voice over IP (VoIP).

146
Q
  1. Which one of the following tools scans filesystems for unauthorized modifications?

A. LastPass
B. Crack
C. Shadow password files
D. Tripwire

A

Answer: D

Tripwire scans your filesystem for unexpected modifications and reports to you periodically.

147
Q
  1. Which of the following is not usually part of an employment background check for a job opening in a secured environment?

A. Current amount in checking account
B. Employment history
C. Postings on social networking sites
D. Educational background

A

Answer: A

The amount in a checking account is usually not part of an employment background check. However, there are cases where a credit history and criminal record check are performed. Checking social networking sites has become standard practice as part of pre-employment screening.

148
Q
  1. What is the most effective defense against SQL injection attacks?

A. Limiting account privileges
B. Input validation
C. User authentication
D. Encryption

A

Answer: B

Input validation ensures that dangerous strings and characters are not included in user input, protecting the underlying database from SQL injection attacks.

149
Q
  1. Which one of the following is not a right of individuals under the European Union’s data privacy directive?

A. Right to access personal data
B. Right to delete data
C. Right to correct data
D. Right to know the data’s source

A

Answer: B

The European Union’s data privacy directive does not grant individuals the right to delete data from corporate databases.

150
Q
  1. What Internet standard does all public email comply with?

A. IEEE 802.11
B. X.400
C. X.509
D. LDAP

A

Answer: B

Internet email must comply with X.400.

151
Q
  1. What is the SLE for an asset valued at $10,000,000, with a threat exposure factor of 25 percent, and an ARO of 400 times per year?

A. $1,000,000,000
B. $100,000,000
C. $9,000,000
D. $2,500,000

A

Answer: D

SLE is calculated with the formula of AV * EF. For this situation, $10,000,000 * 25% = $2,500,000. BTW, if the ALE was requested, then the formula would be AV * EF * ARO or $10,000,000 * 25% * 400 = $1,000,000,000.

152
Q
  1. Which one of the following is not a requirement of an invention to be patented?

A. It must be new.
B. It must be previously protected as a trade secret.
C. It must be useful.
D. It must be nonobvious.

A

Answer: B

The three requirements of patent law are that an invention must be new, useful, and nonobvious.

153
Q
  1. What is the primary function of a gateway as a network device?

A. Routing traffic
B. Protocol translator
C. Attenuation protection
D. Creating virtual LANs

A

Answer: B

The gateway is a network device (or service) that works at the Application layer. However, an Application layer gateway is a very specific type of component. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission.

154
Q
  1. Remote wipe is a useful feature in minimizing the risk of personal or confidential information being accessed by those in unauthorized possession of a mobile device. What additional feature is essential to ensure that data is truly protected against malicious recovery?

A. Screen lock
B. GPS tracking
C. Data ownership management
D. Device encryption

A

Answer: D

In order to ensure that a remote wipe destroys data beyond recovery, the device should be encrypted. Thus the undelete operation would only be recovering encrypted data, which the attacker would be unable to decipher.

155
Q
  1. Which one of the following requires that merchants handling credit card information promptly report security incidents involving a breach of cardholder data?

A. GLBA
B. SOX
C. PCI DSS
D. HIPAA

A

Answer: C

The Payment Card Industry Data Security Standard includes requirements that merchants promptly report incidents affecting the security of credit card information.

156
Q
  1. Which one of the following techniques introduces confusion into a cryptographic algorithm?

A. Transposition
B. Decryption
C. Encryption
D. Substitution

A

Answer: D

Confusion occurs when the relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plain text and analyzing the resulting cipher text to determine the key.

157
Q
  1. What is the limit on the number of candidate keys that can exist in a single table?

A. Zero
B. One
C. Two
D. No limit

A

Answer: D

There is no limit to the number of candidate keys that a table can have. However, each table can have only one primary key.

158
Q
  1. Which one of the following is not one of the three main steps of the business continuity planning (BCP) process, as defined by (ISC)2?

A. Project scope and planning
B. Business impact assessment
C. System backup
D. Continuity planning

A

Answer: C

Performing a system backup is not one of the major steps of the BCP process.

159
Q
  1. Mary identified a vulnerability in her code where it fails to check during a session to determine whether a user’s permission has been revoked. What type of vulnerability is this?

A. Back door
B. TOC/TOU
C. Buffer overflow
D. SQL injection

A

Answer: B

TOC/TOU is a type of timing vulnerability that occurs when a program checks access permissions too far in advance of a resource request.

160
Q
  1. Biometric authentication devices fall under what top-level authentication factor type?

A. Type 1
B. Type 2
C. Type 3
D. Type 4

A

Answer: C

Biometric authentication devices represent a Type 3 (“something you have”) authentication factor.

161
Q
  1. If you require hourly updates to backup facilities, what option do you choose?

A. Manual backups
B. Remote journaling
C. Remote mirroring
D. Remote control

A

Answer: B

Remote journaling data transfers are performed expeditiously on a frequent (usually hourly) basis through copies of the transaction logs.

162
Q
  1. What encryption algorithm is used by the Clipper chip, which supports the Escrowed Encryption Standard sponsored by the US government?

A. Data Encryption Standard (DES)
B. Advanced Encryption Standard (AES)
C. Skipjack
D. IDEA

A

Answer: C

The Skipjack algorithm implemented the key escrow standard supported by the US government.

163
Q
  1. Which of the following are goals of the Identification phase of incident response? (Choose all that apply.)

A. Restoration of normal activity
B. Incorporation of lessons learned
C. Notification of appropriate personnel
D. Identification of incidents

A

Answer: C;D

The two goals of the identification phase are identifying incidents and notifying the appropriate personnel.

164
Q
  1. Stuxnet was the first known example of malicious code that functioned as a rootkit on what type of system?

A. SCADA
B. PLC
C. Cloud
D. DCS

A

Answer: A

Stuxnet delivered the first-ever rootkit to a SCADA system located in a nuclear facility.

165
Q
  1. What type of application vulnerability allows attackers to gain access to the database underlying a web application?

A. Buffer overflow
B. Cross-site scripting
C. SQL injection
D. Cross-site request forgery

A

Answer: C

SQL injection attacks allow hackers to bypass normal access controls and gain access to the database supporting a web application.

166
Q
  1. _______________ is a centralized database or index of assets, personnel, resources, or services on the network.

A. TACACS+
B. Kerberos
C. RADIUS server
D. A directory service

A

Answer: D

A directory service is a centralized database of resources, such as a phone directory, made available to the network.

167
Q
  1. What type of software license agreement is commonly used for high-priced and highly specialized software packages?

A. Contractual agreements
B. Shrink-wrap agreements
C. Verbal agreements
D. Click-wrap agreements

A

Answer: A

Licenses for high-value software often use contractual agreements to outline the responsibilities of both parties.

168
Q
  1. What type of trusted recovery process always requires the intervention of an administrator?

A. Automated
B. Manual
C. Function
D. Controlled

A

Answer: B

A manual type of trusted recovery process (described in the Common Criteria) always requires the intervention of an administrator. Automated recovery can perform some type of trusted recovery for at least one type of failure. Function recovery provides automated recovery for specific functions and will roll back changes to a secure state if recovery fails. Controlled is not a specific type of trusted recovery process.

169
Q
  1. What form of interference is generated by a power differential between hot and ground wires?

A. Common mode noise
B. Traverse mode noise
C. Cross-talk noise
D. Radio frequency interference

A

Answer: A

Common mode noise is generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment.

170
Q
  1. When attempting to impose accountability on users, what key issue must be addressed?

A. Reliable log storage system
B. Proper warning banner notification
C. Legal defense/support of authentication
D. Use of discretionary access control

A

Answer: C

To effectively hold users accountable, your security must be legally defensible. Primarily, you must be able to prove in a court that your authentication process cannot be easily compromised. Thus, your audit trails of actions can then be tied to a human.

171
Q
  1. Which software development life cycle model allows for multiple iterations of the development process, resulting in multiple prototypes, each produced according to a complete design and testing process?

A. Software Capability Maturity model
B. Waterfall model
C. Development cycle
D. Spiral model

A

Answer: D

The spiral model allows developers to repeat iterations of another life cycle model (such as the waterfall model) to produce a number of fully tested prototypes.

172
Q
  1. What port is used by Secure Sockets Layer (SSL) to provide secure web connections?

A. 25
B. 80
C. 443
D. 8080

A

Answer: C

SSL uses port 443 to generate secure client-server web connections.

173
Q
  1. Among the following scenarios, which course of action is insufficient to increase your posture against brute-force and dictionary-driven attacks?

A. Restrictive control over physical access
B. Policy-driven strong password enforcement
C. Two-factor authentication deployment
D. Requiring authentication time-outs

A

Answer: D

Requiring authentication time-outs bears no direct result on password attack protection. Strong password enforcement, restricted physical access, and two-factor authentication help improve security posture against automated attacks.

174
Q
  1. Machine language is an example of a ___________________-generation language.

A. First
B. Second
C. Third
D. Fifth

A

Answer: A

Machine languages are considered first-generation languages.

175
Q
  1. What contractual obligation requires credit card merchants to report the potential compromise of credit card data?

A. GLBA
B. Sarbanes-Oxley
C. FERPA
D. PCI DSS

A

Answer: D

The Payment Card Industry Data Security Standard (PCI DSS) requires that credit card merchants immediately report any known or suspected compromise of cardholder data.

176
Q
  1. Visitors should be __________________.

A. Allowed full access
B. Logged and tracked
C. Issued computer access credentials
D. Exempt from screening

A

Answer: B

Visitors should be logged and tracked. This usually includes issuance of a limited-access badge and oversight by an employee or a security guard. Generally, visitors are not given access to any sensitive area or system.

177
Q
  1. What industry must implement information security programs under the Gramm-Leach-Bliley Act of 1999?

A. Educational institutions
B. Financial institutions
C. Telecommunications firms
D. Law firms

A

Answer: B

The Gramm-Leach-Bliley Act (GLBA) governs the exchange of personal information by financial institutions and requires that they provide customers with written privacy policies.

178
Q
  1. What should be included in the risk assessment portion of the BCP documentation for each risk that was deemed acceptable?

A. Future events that might warrant reconsideration
B. Mitigation provisions
C. Processes to reduce the risk
D. Response checklist

A

Answer: A

One of the key elements of the BCP documentation is a list of future events that might warrant reconsideration of the determination that a risk is acceptable.

179
Q
  1. Which of the following is not valued in agile software development?

A. Comprehensive documentation
B. Individuals and interactions
C. Working software
D. Customer collaboration

A

Answer: A

Agile software development prioritizes working software at the expense of comprehensive documentation.

180
Q
  1. An OEP (occupant emergency plan) is a guide to all but which of the following?

A. Reduce costs
B. Minimize threats to life
C. Prevent injury
D. Manage duress

A

Answer: A

The OEP provides guidance on how to minimize threats to life, prevent injury, manage duress, handle travel, provide for safety monitoring, and protect property from damage in the event of a destructive physical event. It is not focused on minimizing costs.

181
Q
  1. Tom built a database table consisting of the names, telephone numbers, and customer IDs for his business. The table contains information on 30 customers. What is the cardinality of this table?

A. Two
B. Three
C. Thirty
D. Undefined

A

Answer: C

The cardinality of a table refers to the number of rows in the table whereas the degree of a table is the number of columns.

182
Q
  1. What is a device that attempts to route first but will bridge if routing fails?

A. Switch
B. Repeater
C. Bridge
D. Brouter

A

Answer: D

A brouter is a device that attempts to route first, but if that fails, it defaults to bridging.

183
Q
  1. Which process ensures that you close the loop of incident response to improve the effectiveness of your response to future incidents?

A. Containment
B. Lessons learned
C. Isolation
D. Analysis

A

Answer: B

The lessons learned process includes a review of the incident and your processes to ensure that they are as effective as possible.

184
Q
  1. Which environment requires exact, specific clearance for an object’s security domain?

A. Hierarchical environment
B. Hybrid environment
C. Compartmentalized environment
D. Organizational environment

A

Answer: C

Compartmentalized environments require specific security clearances over compartments or domains instead of objects.

185
Q
  1. What standard of evidence is required for investigators to obtain a search warrant?

A. Probable cause
B. Reasonable certainty
C. Beyond a shadow of a doubt
D. Due care

A

Answer: A

In order to obtain a search warrant, investigators must have probable cause.

186
Q
  1. Which one of the following business impact assessment variables represents the dollar value of each organizational resource?

A. AV
B. SLE
C. ARO
D. MTD

A

Answer: A

The asset value (AV) is a monetary measure of an asset’s worth to the organization

187
Q
  1. The following eight primary protection rules or actions define the boundaries of what security model?
    •Securely create an object.
    •Securely create a subject.
    •Securely delete an object.
    •Securely delete a subject.
    •Securely provide the read access right.
    •Securely provide the grant access right.
    •Securely provide the delete access right.
    •Securely provide the transfer access right.

A. Graham-Denning
B. Bell-LaPadula
C. Take-Grant
D. Sutherland

A

Answer: A

The Graham-Denning model is focused on the secure creation and deletion of both subjects and objects. Ultimately, Graham-Denning is a collection of eight primary protection rules or actions (listed in the question) that define the boundaries of certain secure actions.

188
Q
  1. Which of the following is not true?

A. Fiber-optic cable offers very high throughput rates.
B. Fiber-optic cable is difficult to install.
C. Fiber-optic cable is expensive.
D. Communications over fiber-optic cable can be tapped easily.

A

Answer: D

The statement that fiber-optic cable can be tapped easily is false. Fiber-optic cable is difficult to tap.

189
Q
  1. Which source of interference is generated by electrical appliances, light sources, electrical cables and circuits, and so on?

A. Cross-talk noise
B. Radio frequency interference
C. Traverse mode noise
D. Common mode noise

A

Answer: B

Radio frequency interference (RFI) is the source of interference that is generated by electrical appliances, light sources, electrical cables and circuits, and so on.

190
Q
  1. Which type of connection created by a packet-switching networking system reuses the same basic parameters or virtual pathway each time it connects?

A. Bandwidth on demand connection
B. Switched virtual circuit
C. Permanent virtual circuit
D. CSU/DSU connection

A

Answer: C

A PVC reestablishes a link using the same basic parameters or virtual pathway each time it connects. SVCs use unique settings each time. Bandwidth on demand links can be either PVCs or SVCs. CSU/DSU is not a packet-switching technology.

191
Q
  1. In what phase of the process used to develop a continuity strategy are mechanisms and procedures that will actually mitigate the risks designed?

A. Strategy development
B. Provisions and processes
C. Education and training
D. Business impact assessment

A

Answer: B

It is in the provisions and processes phase that the mechanisms and procedures that will mitigate identified risks are actually designed.

192
Q
  1. Which of the following is a benefit of packet-switching technologies over circuit-switching technologies?

A. Fixed known delays
B. Connection oriented
C. Sensitive to connection loss
D. Supports bursty traffic

A

Answer: D

Packet-switching technologies support bursty traffic rather than constant traffic. The others are benefits of circuit switching.

193
Q
  1. Which of the following disasters is absolutely unpreventable but still considered a part of any formal security-planning phase?

A. Utility failure
B. Infrastructure failure
C. Power outage
D. Natural disaster

A

Answer: D

Natural disasters are always factored into any formal recovery plan because they are unpreventable and unavoidable interruptions to business and business processes.

194
Q
  1. During what phase of incident response do you collect evidence such as firewall logs?

A. Detection and identification
B. Response and reporting
C. Compliance
D. Recovery and remediation

A

Answer: B

Evidence collection takes place during the response and reporting phase of the incident.

195
Q
  1. Alice wants to produce a message digest of a 2,048-byte message she plans to send to Bob. If she uses the MD5 hashing algorithm, what size will the message digest for this particular message be?

A. 128 bits
B. 512 bits
C. 1,024 bits
D. 2,048 bits

A

Answer: A

The MD5 algorithm produces 128-bit hashes regardless of the size of the input message.

196
Q
  1. What is the length of protection offered by trademark law without requiring a renewal?

A. 5 years
B. 7 years
C. 10 years
D. 20 years

A

Answer: C

Trademarks are protected for an initial 10-year period and may be renewed for unlimited successive 10-year periods.

197
Q
  1. What is not considered a security best practice with regard to password selection?

A. Rejection of listed or known bad entries
B. Periodic, scheduled password changes
C. Simple, easily recalled letter combinations
D. Automated real-time strength enforcement

A

Answer: C

Strong password choices should be neither predictable nor deterministic, should be of sufficient length and strength, and should be periodically changed and enforced against best security practices by automated means.

198
Q
  1. Compute the value of the function 28 mod 3.

A. 0
B. 1
C. 3
D. 25

A

Answer: B

9 * 3 = 27, leaving a remainder of 1, so 28 mod 3 is 1.

199
Q
  1. When establishing who someone is before you grant them access to resources, what is the first step?

A. Verify credentials
B. Claim an identity
C. rant authority
D. Monitor activity

A

Answer: B

The first step toward granting a user access is for them to claim an identity (identification). That is followed by verifying credentials (authentication), then by granting authority (authorization), and finally by monitoring activity (auditing).

200
Q
  1. Which one of the following is not a goal of cryptographic systems?

A. Nonrepudiation
B. Confidentiality
C. Availability
D. Integrity

A

Answer: C

The four goals of cryptographic systems are confidentiality, integrity, authentication, and nonrepudiation.

201
Q
  1. What frequency does an 802.11n-compliant device employ?

A. 3 Hz
B. 900 MHz
C. 7 GHz
D. 2.4 GHz

A

Answer: D

802.11n can use the 2.4 GHz and 5 GHz frequencies. The 2.4 GHz frequency is also used by 802.11g and 802.11b.

202
Q
  1. Which of the following options is not considered a cause of disaster?

A. Power outage
B. Terrorist attack
C. Hurricane destruction
D. Maintenance downtime

A

Answer: D

Maintenance downtime is considered a man-made interruption of service that is not a form of disaster.

203
Q
  1. Which of the following attacks is the best example of a financial attack?

A. Denial of service
B. Website defacement
C. Port scanning
D. Phone phreaking

A

Answer: D

Phone phreaking attacks are designed to obtain service while avoiding financial costs.

204
Q
  1. Which VPN protocol should not be used as the sole encapsulation mechanism if there is a dial-up segment present between the host and the link endpoint?

A. L2F
B. PPTP
C. IPSec
D. L2TP

A

Answer: C

IPSec is not designed to function naked over a dial-up segment. IPSec must be encapsulated to transmit across a dial-up link; often it is encased in L2TP for this.

205
Q
  1. What is the most effective defense against SQL injection attacks?

A. Input validation
B. Firewalls
C. Encryption
D. Cross-site scripting

A

Answer: A

Input validation ensures that invalid characters are not entered into input fields on web forms, preventing an attacker from launching a SQL injection attack.

206
Q
  1. A developer added a subroutine to a web application that checks to see if the date is April 1 and, if it is, randomly changes user account balances. What type of malicious code is this?

A. Logic bomb
B. Worm
C. Trojan horse
D. Virus

A

Answer: A

Logic bombs wait until certain conditions are met before delivering their malicious payloads.

207
Q
  1. On what port do DHCP clients request a configuration?

A. 25
B. 110
C. 68
D. 443

A

Answer: C

Dynamic Host Configuration Protocol (DHCP) uses port 68 for client request broadcast and port 67 for server point-to-point response.

208
Q
  1. You are responsible for the security of your organization’s web server and wish to install a digital certificate that supports strong cryptography. What standard should you choose?

A. SSL v1.2
B. SSL v2.0
C. SSL v3.0
D. TLS v1.2

A

Answer: D

Transport Layer Security (TLS) supplanted Secure Sockets Layer (SSL) as the best practice security standard for web encryption.

209
Q
  1. ________________ is required once an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity level.

A. Polyinstantiation
B. Perturbation
C. Declassification
D. Physical protection

A

Answer: C

Declassification is required once an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity level.

210
Q
  1. What is the top priority of BCP and DRP?

A. Data
B. Recovery procedures
C. Budget
D. People

A

Answer: D

The top priority of BCP and DRP is always people. The primary concern is to get people out of harm’s way; then you can address IT recovery and restoration issues.

211
Q
  1. What is the best defensive action that system administrators can take against the threat posed by new malicious code objects that exploit known software vulnerabilities?

A. Update antivirus definitions monthly.
B. Install antiworm filters on the proxy server.
C. Apply security patches as they are released.
D. Prohibit Internet use on the corporate network.

A

Answer: C

The vast majority of new malicious code objects exploit known vulnerabilities that were already addressed by software manufacturers. The best action administrators can take against new threats is to maintain the patch level of their systems.

212
Q
  1. Which of the following is not used in typical biometric authentication?

A. Fingerprint scans
B. Retinal scans
C. Voice recognition
D. Saliva sample

A

Answer: D

Typical biometric authentication systems represent mechanisms that can mostly perform real-time analysis of biometric authentication factors without involving personal health factors.

213
Q
  1. What does the modified waterfall model add to the standard waterfall development cycle?

A. Validation
B. Design review
C. Requirements gathering
D. Security analysis

A

Answer: A

The modified waterfall process differs from the standard waterfall process by adding validation and verification phases.

214
Q
  1. Which of the following best describes a security control baseline?

A. A listing of security controls that an organization must implement
B. A listing of security controls that ensures a maximum level of security
C. A listing of security controls that provide a minimum level of security
D. A listing of applied security controls

A

Answer: C

A baseline is a listing of security controls that provide a minimum level of security. Organizations can tailor a baseline to meet its needs. The baseline is a starting point and it does not ensure maximum security. A baseline provides a listing of controls an organization can apply, but it isn’t necessarily a listing of applied controls.

215
Q
  1. Which of the following issues is not commonly addressed in a service-level agreement?

A. Maximum tolerable downtime
B. Peak load
C. Software design
D. Financial obligations

A

Answer: C

The SLA describes the critical requirements of the software support model. It does not normally include design details.

216
Q
  1. Which backup facility is large enough to support current operational capacity and load but lacks the supportive infrastructure?

A. Mobile site
B. Service bureau
C. Hot site
D. Cold site

A

Answer: D

A cold site is any facility that provides only the physical space for recovery operations while the organization using the space provides its own hardware and software systems.

217
Q
  1. The security role of ________________ is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management.

A. Data custodian
B. Data owner
C. Auditor
D. InfoSec officer

A

Answer: A

The security role of data custodian is responsible for the tasks of implementing the prescribed protection defined by the security policy and senior management.

218
Q
  1. Which backup facility is large enough to support current operational capacity and load, including the supportive infrastructure?

A. Mobile site
B. Service bureau
C. Hot site
D. Cold site

A

Answer: C

A hot site includes an up-to-date mirrored operation that includes all aspects of an operational enterprise.

219
Q
  1. ________________ operates on a set of defined rules or restrictions that filter actions and activities performed on the system.

A. Discretionary access control
B. Mandatory access control
C. Nondiscretionary access control
D. Voluntary access control

A

Answer: C

Nondiscretionary access control enables the enforcement of systemwide restrictions that override object-specific access control.

220
Q
  1. The ____________ model is focused on the secure creation and deletion of both subjects and objects. Ultimately, this model is a collection of eight primary protection rules or actions that define the boundaries of certain secure actions.

A. Biba
B. Sutherland
C. Graham–Denning
D. Brewer–Nash

A

Answer: C

The Graham–Denning model is focused on the secure creation and deletion of both subjects and objects.

221
Q
  1. What software development technique includes as a basic principle that it values responding to change over following a plan?

A. Spiral
B. Waterfall
C. Agile
D. CMM

A

Answer: C

The agile software development methodology prioritizes flexible development that emphasizes responding to change over following a plan.

222
Q
  1. What is the minimum number of cryptographic keys required to achieve a higher level of security than DES with the Triple DES algorithm?

A. 1
B. 2
C. 3
D. 4

A

Answer: B

To achieve added security over DES, 3DES must use at least two cryptographic keys.

223
Q
  1. Which of the following actions should never occur during the isolation and containment phase of incident response?

A. Powering down a compromised system
B. Disconnecting a compromised system from the network
C. Isolating a compromised system from other systems on the network
D. Preserving the system in a running state

A

Answer: A

You should never power down a compromised system during the early stages of incident response because this may destroy valuable evidence stored in volatile memory.

224
Q
  1. Which of the following is not a benefit of NAT?

A. Use of RFC 1918 addresses
B. Fewer leased public addresses
C. Hidden configuration of internal systems
D. Access initiations from external entities

A

Answer: D

NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.

225
Q
  1. Which federal government agency is responsible for ensuring the security of government computer systems that are used to process sensitive and/or classified information?

A. National Security Agency
B. Federal Bureau of Investigation
C. National Institute of Standards and Technology
D. Secret Service

A

Answer: A

The National Security Agency is responsible for managing the security of computer systems that process sensitive and/or classified information. The security of all other federal government systems is entrusted to the National Institute of Standards and Technology.

226
Q
  1. On what principle does a SYN flood attack operate?

A. Sending overly large SYN packets
B. Exploiting a platform flaw in Windows
C. Using an amplification network to flood a victim with packets
D. Exploiting the TCP/IP three-way handshake

A

Answer: D

SYN flood attacks are targeted at the standard three-way handshake process used by TCP/IP to initiate communication sessions.

227
Q
  1. The act of performing a(n) __________ in order to drive the security policy is the clearest and most direct example of management of the security function.

A. Ethical hacking exercise
B. Full interruption test
C. Risk assessment
D. Public review of policy

A

Answer: C

The act of performing a risk assessment in order to drive the security policy is the clearest and most direct example of management of the security function.

228
Q
  1. Which one of the following files might be modified or created by a companion virus?

A. COMMAND.EXE
B. CONFIG.SYS
C. AUTOEXEC.BAT
D. WIN32.DLL

A

Answer: A

Companion viruses are self-contained executable files with filenames similar to those of existing system/program files but with a modified extension. The virus file is executed when an unsuspecting user types the filename without the extension at the command prompt.

229
Q
  1. The ________________ model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.

A. Biba
B. Sutherland
C. Clark-Wilson
D. Gramm-Leach-Bliley

A

Answer: B

The Sutherland model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.

230
Q
  1. Which of the following is an example of a code?

A. Rivest
B. AES
C. 10 system
D. Skipjack

A

Answer: C

The 10 system is a code used in radio communications for brevity and clarity.

231
Q
  1. Which recovery site alternative provides shared resources through contractual leasing options?

A. Service bureau
B. Mobile site
C. Hot site
D. Cold site

A

Answer: A

A service bureau is a company that provides time-leased computer services for a fee.

232
Q
  1. The VPN protocols PPTP, L2F, and L2TP primarily function at what layer of the OSI model?

A. 1
B. 2
C. 3
D. 4

A

Answer: B

VPN protocols—specifically PPTP, L2F, and L2TP—function at the Data Link layer (layer 2).

233
Q
  1. Which of the following security controls is most effective against intruders tampering with evidence during an attack?

A. Firewalls
B. Intrusion detection systems
C. Antivirus software
D. Centralized logging

A

Answer: D

Centralized logging provides a nonmodifiable repository for system logs, preventing an attacker from destroying evidence of an attack.

234
Q
  1. What type of decision making involves the emotional impact of events on a firm’s workforce and client base?

A. Quantitative decision making
B. Continuity decision making
C. Qualitative decision making
D. Impact decision making

A

Answer: C

Qualitative decision making takes nonnumerical factors, such as emotional impact, into consideration.

235
Q
  1. Which evidence-gathering technique is used when you do not want to provide an individual with any advance notice?

A. Search warrant
B. Subpoena
C. Voluntary surrender
D. Interview

A

Answer: A

Search warrants allow law enforcement personnel to conduct surprise searches.

236
Q
  1. What is the output value of the mathematical function 22 mod 4?

A. 0
B. 2
C. 4
D. 6

A

Answer: B

Option B is correct because 22 divided by 4 equals 5, with a remainder value of 2.

237
Q
  1. Which of the following security measures is a controlled entry and exit point?

A. Gates
B. Fences
C. Locks
D. Cameras

A

Answer: A

Security gates represent the means to gain access and leave a perimeter, facility, or campus in a controlled manner, unlike more passive means (such as fences/walls, locks, and cameras).

238
Q
  1. What port is used by the SSH service and is often subject to scanning attacks?

A. 22
B. 80
C. 110
D. 443

A

Answer: A

The SSH service uses TCP port 22.

239
Q
  1. Which of the following is not an IP address that would be considered a private IP address by RFC 1918?

A. 172.32.4.29
B. 172.17.6.93
C. 172.23.23.251
D. 172.28.29.189

A

Answer: A

The private IP addresses defined in RFC 1918 are 10.0.0.0 to 10.255.255.255 (a full Class A range), 172.16.0.0 to 172.31.255.255 (16 Class B ranges), and 192.168.0.0 to 192.168.255.255 (255 Class C ranges).

240
Q
  1. The term personal area network is most closely associated with what wireless technology?

A. 802.15
B. 802.11
C. 802.16
D. 802.3

A

Answer: A

802.15 (aka Bluetooth) creates personal area networks (PANs).

241
Q
  1. What DES mode is the streaming cipher version of CBC?

A. CFB
B. ECB
C. AES
D. 3DES

A

Answer: A

Cipher Feedback Mode (CFB) uses a streaming cipher, compared to CBC’s block cipher.

242
Q
  1. In the event of a security incident, what is the first action that responders should take?

A. Isolate affected systems
B. Gather evidence
C. Conduct reconnaissance of the remote network
D. Restore service

A

Answer: A

The first step that should be followed when an incident is detected is isolating the affected system.

243
Q
  1. What type of attack can detect passwords sent across a network in clear text?

A. Spoofing attack
B. Spamming attack
C. Sniffing attack
D. Side-channel attack

A

Answer: C

A sniffing attack uses a sniffer (also called a packet analyzer or protocol analyzer) to capture data and can be used to read passwords sent across a network in clear text. A spoofing attack attempts to hide the identity of the attacker. A spamming attack involves sending massive amounts of email. A side-channel attack is a passive, noninvasive attack used against smart cards.

244
Q
  1. What evidentiary principle states that a written contract is assumed to contain all the terms of an agreement?

A. Material evidence
B. Best evidence
C. Parol evidence
D. Relevant evidence

A

Answer: C

The parol evidence rule states that a written contract is assumed to contain all the terms of an agreement and cannot be modified by a verbal agreement.

245
Q
  1. Whole hard drive encryption can be configured to securely store its master encryption key in what locally present storage device?

A. RAM
B. L2 cache
C. CMOS
D. TPM

A

Answer: D

The TPM (trusted platform module) can be used to securely host/store the master encryption key for whole drive encryption.

246
Q
  1. The act of ___________ is the practice of assessing the completeness and effectiveness of the security program.

A. Measuring and evaluating security metrics
B. Monitoring performance
C. Vulnerability analysis
D. Crafting a baseline

A

Answer: A

The act of measuring and evaluating security metrics is the practice of assessing the completeness and effectiveness of the security program. This should also include measuring it against common security guidelines and tracking the success of its controls.

247
Q
  1. What means of risk response transfers the burden of risk to another entity?

A. Mitigation
B. Assignment
C. Tolerance
D. Rejection

A

Answer: B

Risk assignment or transferring risk is the placement of the cost of loss a risk represents onto another entity or organization. Purchasing insurance and outsourcing are common forms of assigning or transferring risk.

248
Q
  1. Which of the following cipher algorithms uses the longest key?

A. One-time pad cipher
B. Caesar cipher
C. Vigenere cipher
D. Columnar transposition cipher

A

Answer: A

The one-time pad uses a key that is equal in length to the message. All of the other algorithms use keys that are shorter than the message.

249
Q
  1. Which form of physical security control focuses on facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures?

A. Technical
B. Physical
C. Administrative
D. Logical

A

Answer: C

Administrative physical security controls include facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures.

250
Q
  1. A system that deploys ________________ permits the owner or creator of an object to control and define its accessibility.

A. Mandatory access control
B. Rule-based access control
C. Discretionary access control
D. Role-based access control

A

Answer: C

Discretionary access control permits the owner or creator of an object to control and define its accessibility because the owner has full control by default.