P/E 4 Flashcards
- What security protocol was developed specifically to protect communications between web servers and web browsers?
A. L2F
B. SKIP
C. SWIPE
D. SSL
Answer: D
Secure Sockets Layer (SSL) is an encryption protocol developed by Netscape to protect the communications between a web server and a web browser.
- What is the difference between residual risk and total risk?
A. Budget
B. Human resource allocation
C. Controls gap
D. Fault tolerance
Answer: C
The controls gap is the difference between total risk and risudual risk.
- If you require the most advanced and complete method of off-site backup, what option do you choose?
A. Manual backups
B. Automated backups
C. Remote mirroring
D. Remote journaling
Answer: C
Remote mirroring is the most advanced, complete, and expensive off-site backup solution. With this solution, a live database server is kept off site at some secure remote location.
- If a specific step-by-step guide does not exist that prescribes how to accomplish a necessary task, which of the following is used to create such a document?
A. Policy
B. Standard
C. Procedure
D. Guideline
Answer: D
A guideline offers recommendations on how standards and baselines are implemented and serves as an operational guide for both security professionals and users. Guidelines are flexible so they can be customized for each unique system or condition and can be used in the creation of new procedures (i.e., step-by-step guides).
- In what level of the Capability Maturity Model for Software do software developers operate according to a set of formal, documented software development processes?
A. Initial
B. Repeatable
C. Defined
D. Managed
Answer: C
In the Defined stage of the CMM, all development projects take place within the constraints of a standardized management model.
- Which firewall type looks exclusively at the message header to determine whether to transmit or drop data?
A. Static packet filtering
B. Application-level gateway
C. Stateful inspection
D. Dynamic packet filtering
Answer: A
A static packet-filtering firewall filters traffic by examining data from a message header.
- Which of the following is not a risk related to cell phone usage?
A. Data interception
B. Switch console port access
C. Eavesdropping
D. Cloning
Answer: B
A switch console port exists only on a switch; a cell phone cannot be used to access such ports.
- In an agile software development process, how often should business users be involved in development?
A. Daily
B. Weekly
C. Monthly
D. At each release
Answer: A
The agile development process requires that business users interact with developers on a daily basis.
- A made-up network designed to lure unsuspecting attackers with low-hanging fruit is called what?
A. IDS
B. Honeynet
C. Padded cell
D. Vulnerability scanner
Answer: B
Honeynets are entire networks created to serve as a snare for intruders. They look and act like legitimate networks, but they are 100 percent fake. Honeynets tempt intruders with seemingly vulnerable systems with attractive artificial data.
- Which one of the following cipher types operates on individual characters or bits of a message without knowledge of what came before or after?
A. Stream cipher
B. Caesar cipher
C. Block cipher
D. ROT3 cipher
Answer: A
Stream ciphers operate on one character or bit of a message (or data stream) at a time.
- Which type of access control system relies on using classification labels that are representative of security domains and realms?
A. Nondiscretionary access control
B. Mandatory access control
C. Discretionary access control
D. Logical access control
Answer: B
Mandatory access control enforces an access policy that is determined by the system, not the object owner.
- What are the well-known ports?
A. 0 to 1,023
B. 80, 135, 110, 25
C. 0 to 65, 536
D. 32,000 to 65,536
Answer: A
Ports 0 to 1,023 are the well-known ports.
- Which of the following is nested RAID involving the mirroring of striped drive sets with evenly distributed parity data?
A. RAID 1
B. RAID 6
C. RAID 1+5
D. RAID 1+0
Answer: C
RAID 1+5 is nested RAID involving the mirroring (RAID 1) of striped drive sets with evenly distributed parity data (RAID 5).
- Which of the following is not an element of configuration management?
A. Supporting rollback
B. Detailed documentation
C. Systematic analysis of impending alterations
D. Use of the spiral model of project management
Answer: D
The spiral model of project management does not directly relate to configuration management. Configuration management is about managing change that could result in reduced security.
- Which of the following is not a technique to avoid a single point of failure?
A. RAID
B. Redundant servers or clusters
C. High-speed network connection
D. Failover solutions
Answer: C
A high-speed network connection is not a single point of failure avoidance technique, especially if you have only one.
- The __________ model focuses on preventing interference in support of integrity. This model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.
A. Biba
B. Take grant
C. Goguen−Meseguer
D. Sutherland
Answer: D
The Sutherland model focuses on preventing interference in support of integrity. This model is based on the idea of defining a set of system states, initial states, and state transitions. Through the use of and limitations to only these predetermined secure states, integrity is maintained and interference is prohibited.
- Which state is not considered to have a very high risk for seismic hazard?
A. Alaska
B. Oregon
C. Idaho
D. Georgia
Answer: D
Alaska, Oregon, and Idaho are located in regions that are rated high on seismic activity; Georgia, however, has its own unique set of environmental weather conditions.
- Which of the following is not part of RFC 1918?
A. 169.254.1.1
B. 192.168.1.1
C. 172.16.1.1
D. 10.1.1.1
Answer: A
The 169.254.x.x range is usually employed by the Microsoft APIPA response to failed DHCP services.
- In a discussion of high-speed telco links or network carrier services, what does fault tolerance mean?
A. Error checking
B. Redundancy
C. Flow control
D. Bandwidth on demand
Answer: B
In a discussion of high-speed telco links or network carrier services, fault tolerance means to have redundant connections.
- What technique is used by antivirus software to detect behavior deviating from normal patterns of activity?
A. Signature detection
B. Heuristic detection
C. Data integrity assurance
D. Automated reconstruction
Answer: B
Heuristic detection techniques develop models of normal activity and then identify deviations from that baseline.
- Coordinated attack efforts that leverage key mechanisms in legitimate network traffic or protocol responses that disrupt or inhibit service to some network infrastructure are what form of attack?
A. Distributed denial of service
B. Denial of service
C. Diffracted denial of service
D. Distributed reflective denial of service
Answer: D
Coordinated attack efforts between cooperative machines using traffic in an entirely legitimate manner are distributed reflective denial of service attacks.
- The __________ of a process consist of limits set on the memory addresses and resources it can access. This also states or defines the area within which a process is confined.
A. Isolation
B. Bounds
C. Confinement
D. Authentication
Answer: B
The bounds of a process consist of limits set on the memory addresses and resources it can access. The bounds state or define the area within which a process is confined.
- How many keys are assigned each participant in an asymmetric cryptosystem?
A. One
B. Two
C. Four
D. One per user
Answer: B
Each participant in an asymmetric cryptosystem is issued two keys: a public key and a private key.
- Darcy’s Doodles is an electronic content provider hosting websites related to art. The IT staff of Darcy’s Doodles is concerned about the risk of an earthquake destroying their data center, which is valued at $8,000,000. After consulting with seismologists, they determined that an earthquake is likely to occur once every 50 years and, if one occurred, it would completely destroy the facility. What is the ARO?
A. 1 percent
B. 2 percent
C. 20 percent
D. 50 percent
Answer: B
The annualized rate of occurrence (ARO) is the likelihood that a risk will materialize in a given year. In this example, the risk will occur once out of every 50 years, 1/50 = 2%.
- What can vulnerability scanners do?
A. They actively scan for intrusion attempts.
B. They serve as a form of enticement.
C. They locate known security holes.
D. They automatically reconfigure a system to a more secured state.
Answer: C
Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports and make recommendations.
- Which subset of the Structured Query Language is used to create and modify the database schema?
A. Data Definition Language
B. Data Structure Language
C. Database Schema Language
D. Database Manipulation Language
Answer: A
The Data Definition Language (DDL) is used to make modifications to a relational database’s schema.
- Matthew received a digitally signed message sent by Christopher. What key should he use to verify the digital signature?
A. Matthew’s public key
B. Matthew’s private key
C. Christopher’s public key
D. Christopher’s private key
Answer: C
The recipient of a message uses the sender’s public key to verify the digital signature.
- What is the minimum number of cryptographic keys required for secure two-way communications in asymmetric key cryptography?
A. One
B. Two
C. Three
D. Four
Answer: D
In asymmetric (public key) cryptography, each communicating party must have a pair of public and private keys. Therefore, two-way communication between parties requires a total of four cryptographic keys (a public and a private key for each user).
- The Caesar cipher is an example of what type of cryptographic algorithm?
A. Substitution
B. Polyalphabetism
C. Transposition
D. Diffusion
Answer: A
The Caesar cipher is a simple substitution cipher where each letter of a message is changed.
- ___________ is a form of programming attack that is used to either falsify information being sent to a visitor or cause their system to give up information without authorization.
A. SQL injection
B. Buffer overflow
C. DDoS
D. XML exploitation
Answer: D
XML exploitation is a form of programming attack that is used to either falsify information being sent to a visitor or cause their system to give up information without authorization.
- A _______________ contains levels with various compartments that are isolated from the rest of the security domain.
A. Hybrid environment
B. Compartmentalized environment
C. Hierarchical environment
D. Security environment
Answer: A
Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.
- What organization issued RFC 1087, Ethics and the Internet?
A. (ISC)2
B. Internet Advisory Board
C. SANS
D. NIST
Answer: B
The document Ethics and the Internet was issued as RFC 1087 by the Internet Advisory Board.
- In public key cryptography, what key does the sender of a message use to encrypt it?
A. The sender’s private key
B. The sender’s public key
C. The recipient’s private key
D. The recipient’s public key
Answer: D
In public key cryptography, the sender of a message encrypts it using the recipient’s public key.
- What security model is based on dynamic changes of user privileges and access based on user activity?
A. Sutherland
B. Brewer–Nash
C. Biba
D. Graham–Denning
Answer: B
The Brewer–Nash model is based on dynamic changes of user privileges and access based on user activity.
- What are used to inform would-be intruders or those who attempt to violate security policy that their intended activities are restricted and that any further activities will be audited and monitored?
A. Interoffice memos
B. Honeypots
C. Warning banners
D. Pseudo flaw
Answer: C
Warning banners are used to inform would-be intruders or those who attempt to violate the security policy that their intended activities are restricted and that any further activities will be audited and monitored. Interoffice memos are limited to employees and wouldn’t include intruders. Honeypots are systems with fake data used to tempt attackers. Honeypots are often configured with pseudo flaws or false vulnerabilities.
- Why is a purely quantitative approach not possible?
A. The mathematical formulas are too complex.
B. Historical occurrences are not helpful in prediction of future events.
C. Qualitative items cannot be accurately quantified.
D. Estimations of impact or exposure are based on actuarial tables and measurements of probability.
Answer: C
A purely quantitative approach is not possible because qualitative items cannot be accurately quantified.
- What is a drawback to using VPNs when a firewall is present?
A. You can’t filter on encrypted traffic.
B. VPNs cannot cross firewalls.
C. Firewalls block all outbound VPN connections.
D. Firewalls greatly reduce the throughput of VPNs.
Answer: A
Firewalls are unable to filter on encrypted traffic within a VPN, which is a drawback. VPNs can cross firewalls. Firewalls do not have to always block outbound VPN connections. Firewalls usually only minimally affect the throughput of a VPN and then only when filtering is possible.
- What is the primary purpose of most viruses today?
A. Infecting word processor documents
B. Creating botnets
C. Destroying data
D. Sending spam
Answer: B
Most viruses are designed to add systems to botnets, where they are later used for other nefarious purposes, such as sending spam or participating in distributed denial of service attacks.
- What is hybrid risk assessment?
A. Use of internal and external analysts
B. Use of quantitative and qualitative approaches
C. Use of dictionary and brute-force techniques
D. Use of compartmented and hierarchical structures
Answer: B
Hybrid risk assessment is a combination of both quantitative and qualitative approaches.
- What element of security control includes access controls, alarms, CCTV, and monitoring?
A. Administrative physical control
B. Technical physical security control
C. Logistical security control
D. Physical security control
Answer: B
Technical physical security controls include access controls; intrusion detection; alarms; closed-circuit television (CCTV); monitoring; heating, ventilating, and air conditioning (HVAC); power supplies; and fire detection and suppression.
- What nontraditional alternative recovery site is made up of transportable relocation units?
A. Off-site bureau
B. Service bureau
C. Mobile site
D. Mobility suite
Answer: C
Mobile sites are nonmainstream alternatives to traditional recovery sites. They typically consist of self-contained trailers or other easily relocated units.
- Which of the following is a drawback of classification schemes?
A. They have a large administrative overhead for larger environments.
B. They lend credence to the selection of protection mechanisms.
C. They assist in identifying those assets that are most critical or valuable to the organization.
D. They are often required for regulatory compliance or legal restrictions.
Answer: A
A drawback of classification schemes, especially as implemented via a mandatory access control concept, is that they require significant administration for a large organization.
- Which form of DBMS primarily supports the establishment of treelike relationships?
A. Relational
B. Hierarchical
C. Mandatory
D. Distributed
Answer: B
A hierarchical DBMS supports one-to-many relationships, often expressed in a tree structure.
- Senior management must show reasonable ___________________ to reduce their culpability and liability when a loss occurs.
A. Profits
B. Insurance
C. Due care
D. Asset valuation
Answer: C
Senior management must show reasonable due care to reduce their culpability and liability when a loss occurs.
- Which one of the following systems would be appropriately placed in the DMZ?
A. Database server
B. User workstation
C. Domain controller
D. Web server
Answer: D
The DMZ is designed to house systems that require public access. The web server is the only option on this list that should be exposed to the Internet.
- Many of the following options reflect best practices when engaging penetration testing to validate and verify the strength of your security policy. Which of the following is not recommended?
A. Mimicking attacks previously perpetrated against your system
B. Performing the attacks without management’s consent
C. Using manual and automated attack tools
D. Reconfiguring the system to resolve any discovered vulnerabilities
Answer: B
You should never conduct a formal or informal penetration test against any company without the advanced knowledge and express consent of management.
- Which of the following is a possible effective key length of the Triple DES (3DES) encryption algorithm?
A. 40 bits
B. 56 bits
C. 128 bits
D. 168 bits
Answer: D
Triple DES has an effective key length of 168 bits.
- In the Biba model, what rule prevents a user from reading from lower levels of classification?
A. Star axiom
B. Simple property
C. No read up
D. No write down
Answer: A
The Biba simple property rule/star axiom is “no read down.”
- In what type of software testing must the tester not have access to the underlying source code?
A. Static testing
B. White box testing
C. Gray box testing
D. Black box testing
Answer: D
In a black box test, the tester must not have access to the application’s source code.
- The lack of data flow control could result in all but which of the following?
A. Dropped connections
B. Corrupted data
C. Quality of service management
D. Self-inflicted denial of service
Answer: C
Failing to provide data flow control means failing to provide quality of service management as well.
- What document should state where critical business information will be stored?
A. Business impact assessment
B. Statement of purpose
C. Vital records program
D. Emergency-response guidelines
Answer: C
The vital records program states where critical business records will be stored and the procedures for making and storing backup copies of those records.
- When assigning a classification label, which of the following is not an essential criterion?
A. Value or cost
B. Data disclosure damage assessment
C. Source or origin
D. Maturity or age
Answer: C
The source or origin of a resource is rarely a serious criterion in the assignment of a classification label. The other options are just a few of the important criteria of classification assignment.
- Which of the following is the best method to protect against rainbow-table attacks?
A. Encrypting passwords sent over the network
B. Enable firewalls
C. Keeping systems up to date
D. Salting passwords
Answer: D
Salting passwords can reduce the effectiveness of rainbow table attacks. Rainbow-table attacks are offline password attacks, so encrypting data sent over the network doesn’t directly protect against rainbow-table attacks. While keeping systems up to date and enabling firewalls is always a good idea, these do not directly protect against rainbow-table attacks.
- Which one of the following types of evidence consists of tangible objects (such as a gun) that can be brought into court?
A. Documentary evidence
B. Real evidence
C. Testimonial evidence
D. Best evidence
Answer: B
Real evidence consists of items that can be brought into a courtroom, such as a gun, computer, or other tangible object.
- Which one of the following attack types often takes place as a reconnaissance activity preceding another type of attack?
A. Compromise
B. Malicious code
C. Scanning
D. Denial of service
Answer: C
Hackers often use scanning attacks to gather intelligence about vulnerable systems that they may later attempt to compromise.
- What method is not integral to assuring effective and reliable security staffing?
A. Screening
B. Bonding
C. Training
D. Conditioning
Answer: D
Screening, bonding, and training are all vital procedures for ensuring effective and reliable security staffing because they verify the integrity and validate the suitability of said staffers.
- Which of the following is an element of intangible asset valuation?
A. Support cost
B. Intellectual property value
C. Replacement cost
D. Training expense
Answer: B
While valuable, intellectual property value is an element of intangible asset valuation.
- What technology may database developers use to restrict users’ access to a limited subset of database attributes or records?
A. Polyinstantiation
B. Cell suppression
C. Aggregation
D. Views
Answer: D
Database views use SQL statements to limit the amount of information that users can view from a table.
- Which of the following statements is true of business continuity planning?
A. It prevents every possible disaster from interrupting business.
B. It limits the extent of damage for commonly occurring disasters.
C. It rewards the beneficiaries of disaster recovery.
D. It maximizes the insurance coverage against natural disaster.
Answer: B
BCP involves prepared and verified measures for protection of critical business operations from the effects of a loss, damage, or other failure of operational facilities providing crucial functions. Thus, it limits the extent of damage for commonly occurring disasters.
- What sort of system defines subject access through subject roles (job descriptions) and subject tasks (job functions)?
A. Rule-based access control
B. Mandatory access control
C. Role-based access control
D. Discretionary access control
Answer: C
Role-based access control uses a well-defined collection of named job roles to endow each one with specific permissions, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.
- What is the second phase of the IDEAL software development model?
A. Developing
B. Diagnosing
C. Determining
D. Designing
Answer: B
The second phase of the IDEAL software development model is the Diagnosing stage.
- What block size is used by the Triple DES encryption algorithm?
A. 32 bits
B. 64 bits
C. 128 bits
D. Variable
Answer: B
Both DES and Triple DES use a fixed block size of 64 bits.
- What system may be used to verify digital certificates without latency?
A. CRL
B. OCSP
C. PGP
D. PKI
Answer: B
The Open Certificate Status Protocol (OCSP) eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.
- From within the Bell–LaPadula model, what is allowed to violate the star property, but when doing so does not actually violate security?
A. End users
B. Intruders
C. Root administrators
D. Trusted subject
Answer: D
A trusted subject can violate the star property of “no write down” in the act of declassification, which is not an actual violation of security.
- What type of evidence must be authenticated by a witness who can uniquely identify it or through a documented chain of custody?
A. Documentary evidence
B. Testimonial evidence
C. Real evidence
D. Hearsay evidence
Answer: C
Real evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody.
- What element is not considered in a security-oriented design for any given facility or site?
A. Separation of employee and visitor areas
B. Restricted access levels to areas of higher value or importance
C. Centralized location of confidential assets
D. Optional access to all areas
Answer: D
Optional access should never be granted to all areas, especially where sensitive equipment or data is utilized and stored.
- How many keys are required to fully implement a symmetric algorithm with 20 participants?
A. 10
B. 20
C. 40
D. 190
Answer: D
The number of keys required to fully implement a symmetric encryption algorithm is given by the formula (n*(n-1))/2.
- Which of the following may introduce new vulnerabilities to voice communications?
A. Modems
B. VoIP
C. Encryption
D. PBX
Answer: B
Voice over IP (VoIP), which transmits voice communications through an IP network, introduces network-specific vulnerabilities to voice communications.
- Which of the following is not true?
A. Complying with all applicable legal requirements is a key part of sustaining security.
B. It is often possible to disregard legal requirements if complying with regulations would cause a reduction in security.
C. The legal requirements of an industry and of a country should be considered the baseline or foundation on which the remainder of the security infrastructure must be built.
D. Industry and governments impose legal requirements, restrictions, and regulations on the practices of an organization.
Answer: B
Laws and regulations must be obeyed and security concerns must be adjusted accordingly.
- A tunnel mode VPN is used to connect which types of systems?
A. Hosts and servers
B. Clients and terminals
C. Hosts and networks
D. Servers and domain controllers
Answer: C
Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is used to connect hosts to hosts. Host, server, client, terminal, and domain controller are all synonyms.
- What type of detected incident allows the most time for an investigation?
A. Compromise
B. Denial of service
C. Malicious code
D. Scanning
Answer: D
Scanning incidents are generally reconnaissance attacks. The real damage to a system comes in the subsequent attacks, so you may have some time to react if you detect the scanning attack early.
- How might you map out the organizational needs for transfer to or establishment in a new facility?
A. Inventory assessment
B. Threat assessment
C. Risk analysis
D. Critical path analysis
Answer: D
Critical path analysis can be defined as the logical sequencing of a series of events such that planners and integrators possess considerable information for the decision-making process.
- An attack pattern characterized by a series of invalid packet sequence numbers is called what?
A. Stream
B. Spamming
C. Distributed denial of service
D. Teardrop
Answer: D
In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the routines used to reassemble (that is, resequence) fragmented packets. An attacker sends numerous specially formatted fragmented packets to the victim, which causes the system to freeze or crash.
- Which of the following provides the best description of data purging?
A. Destroying media
B. Removing all data remnants from media
C. Degaussing optical media to remove data
D. Overwriting files
Answer: B
Purging is an intense method of clearing that removes all data remnants from media to prepare it for reuse in less secure environments. Purging leaves media in a reusable state, instead of destroying it. Degaussing does not remove data from optical media. Overwriting files isn’t a reliable method of removing data remnants.
- Which of the following choices is the most reliable method of destroying data on a CD?
A. Degaussing
B. Physical destruction
C. Deleting
D. Overwriting
Answer: B
Physical destruction is the most reliable method of destroying data on any media, including a CD. Degaussing won’t affect a CD. Deleting rarely deletes the data. Overwriting might destroy the data depending on the method used, but it isn’t as reliable as physical destruction.
- A _____________is a type of new system deployment testing where the new system and the old system run simultaneously.
A. Parallel run
B. Simulation test
C. Black-box test
D. Stress test
Answer: A
A parallel run is a type of new system deployment testing where the new system and the old system are run in parallel.
- Which is the most common form of perimeter security device or mechanism for any given business?
A. Security guards
B. Fences
C. Badges
D. Lighting
Answer: D
Lighting is by far the most pervasive and basic element of security because it illuminates areas and makes signs of hidden danger visible to all.
- Which of the following individuals are not responsible for preserving the chain of custody of evidence?
A. Police investigators
B. Court reporters
C. Evidence technicians
D. Attorneys
Answer: B
Court reporters generally do not handle evidence and are not subject to maintaining the chain of custody.
- What character, if eliminated from all web form input, would prevent the execution of most common cross-site scripting attacks?
A. $
B. &
C. >
D. #
Answer: C
Cross-site scripting attacks must pass the tag to a browser.
- What US federal law prohibits attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder?
A. Digital Millennium Copyright Act
B. Trade Secrets Act
C. Copyright Enhancement Act
D. USA PATRIOT Act
Answer: A
The Digital Millennium Copyright Act contains provisions prohibiting the circumvention of copyright protection mechanisms.
- What type of intellectual property protection is commonly used to cover literary works (including computer software)?
A. Copyright
B. Trademark
C. Patent
D. Service mark
Answer: A
Literary works are one of the categories of intellectual property covered by copyright law.
- What type of system is authorized to process data at different classification levels only when all users have authorized access to those classification levels?
A. Compartmented mode system
B. System-high mode system
C. Multilevel mode system
D. Dedicated mode system
Answer: B
Systems running in system-high mode are authorized to process data at different classification levels only if all system users have access to the highest level of classification processed.
- What malicious code avoidance technique provides users with the ability to identify code originating from a trusted source?
A. Sandboxing
B. Control signing
C. Whitelisting
D. Access permissions
Answer: B
Control signing utilizes a system of digital signatures to ensure that the code originates from a trusted source. It is up to the end user to determine whether the authenticated source should be trusted.
- The tendency for various technologies, solutions, utilities, and systems to evolve and merge over time is known as what?
A. Security governance
B. Technology convergence
C. OWASP
D. Threat modeling
Answer: B
Technology convergence is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time.
- Which of the following malicious code objects was likely designed as a weapon of war?
A. Good Times
B. Confickr
C. Stuxnet
D. Melissa
Answer: C
The Stuxnet worm was allegedly designed by American and/or Israeli military forces in an attempt to disrupt the Iranian nuclear program.
- What tool or organization is an open repository of information and tools focusing on improving security for online or web-based applications?
A. CVE
B. PCI DSS
C. OWASP
D. XSS
Answer: C
OWASP (Open Web Application Security Project) is a nonprofit security project focusing on improving security for online or web-based applications. OWASP is not just an organization; it is also a large community that works together to freely share information, methodology, tools, and techniques related to better coding practices and more secure deployment architectures. For more information on OWASP and to participate in the community, visit their website at www.owasp.org.
- Under what method are database backups bulk transferred to off-site recovery locations?
A. Electronic billing
B. Electronic payment
C. Electronic vaulting
D. Electronic safekeeping
Answer: C
Electronic vaulting automatically backs up data to a secure site where storage professionals at the vaulting company’s site handle the details.
- What form of password attack utilizes a preassembled lexicon of terms and their permutations?
A. Rainbow tables
B. Dictionary word list
C. Brute force
D. Educated guess
Answer: B
Dictionary word lists are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts.
- What is the primary means by which fax communications can be made secure?
A. Nonrepudiation controls
B. Limited access
C. Authentication
D. Encryption
Answer: D
The primary means by which fax communications can be secured is to use encryption.
- What is the size of the master boot record on a system installed with a typical configuration?
A. 256 bytes
B. 512 bytes
C. 1,024 bytes
D. 2,048 bytes
Answer: B
The master boot record is a single sector of a floppy disk or hard drive. Each sector is normally 512 bytes. The MBR contains only enough information to direct the proper loading of the operating system.
- What are the consequences for CISSPs who violate the Code of Ethics?
A. Criminal sanctions
B. Civil sanctions
C. Loss of certification
D. Public humiliation
Answer: C
CISSPs who violate the (ISC)2 Code of Ethics are subject to certification revocation.
- During what type of penetration test does the tester have no access to system configuration information?
A. Black box penetration test
B. White box penetration test
C. Gray box penetration test
D. Red box penetration test
Answer: A
During a black box penetration test the testers have no access to configuration information about the system being tested.
- Which one of the following methods is not a valid method of destroying data on a hard drive?
A. Purging the drive with a software program
B. Copying data over the existing data
C. Removing the platters and shredding them
D. Removing the platters and disintegrating them
Answer: B
Copying data over existing data is not reliable because data may remain on the drive as data remanence. Some software programs can overwrite the data with patterns of 1s and 0s to destroy the data. Shredding or disintegrating the platters will destroy the data.
- What form of attack prevents systems or services from processing or responding to legitimate traffic and network resources?
A. Brute force
B. Denial of service
C. Spamming
D. Sniffing
Answer: B
Denial of service attacks seek to shut down or stifle network response and congest traffic so that legitimate data cannot be handled in a timely fashion.
- What is the biggest problem with computer-based information when used as evidence?
A. It is considered hearsay.
B. It is fragile.
C. It cannot be contained.
D. Its nature is intangible.
Answer: D
You should realize that most computer evidence is intangible, meaning it is electronic and magnetically stored information that is vulnerable to erasure, corruption, and other forms of damage. Although computer evidence is usually considered hearsay, there is an exception to the hearsay rule that makes it admissible (specifically if it was created by a normal business operation and supported by a witness).
- What form of interference is generated by a difference in power between hot and neutral wires of a power source?
A. Radio frequency interference
B. Cross-talk noise
C. Traverse mode noise
D. Common mode noise
Answer: C
Traverse mode noise is generated by the difference in power between the hot and neutral wires of a power source or operating electrical equipment.
- Which of the following is a valid definition of a closed system?
A. A system designed to work well with a narrow range of other systems, generally all from the same manufacturer
B. A system where the source code and other internal logic is exposed to the public
C. A system designed using agreed-upon industry standards
D. A system where the source code and other internal logic is hidden from the public
Answer: A
A closed system is designed to work well with a narrow range of other systems, generally all from the same manufacturer.
- What attack pattern is characterized by specially crafted inputs issued to a vulnerable application or service?
A. Hijacking
B. Buffer overflow
C. Man in the middle
D. Brute force
Answer: B
In many cases, a buffer overflow attack will involve specially crafted, typically oversized inputs in an attempt to overwrite critical application data and disrupt or redirect program execution flow.
- Darcy’s Doodles is an electronic content provider hosting websites related to art. The IT staff of Darcy’s Doodles is concerned about the risk of an earthquake destroying their data center, which is valued at $8,000,000. After consulting with seismologists, they determined that an earthquake is likely to occur once every 50 years and, if one occurred, it would completely destroy the facility. What is the ALE?
A. $80,000
B. $160,000
C. $1,600,000
D. $8,000,000
Answer: B
The annualized loss expectancy (ALE) is the product of the annualized rate of occurrence (ARO) and the single loss expectancy (SLE). The ARO in this example is 2 percent and the SLE is $8,000,000, giving an ALE of $160,000.
- Which of the following types of IDS is effective only against known attack methods?
A. Host based
B. Network based
C. Knowledge based
D. Behavior based
Answer: C
A knowledge-based IDS is effective only against known attack methods, which is its primary drawback.