Pocket Prep Flashcards

Question 1

Q

Which of the following BEST describes CCTV?

A. A terminal server used access by a thin client
B. A real time protocol encryption algorithm
C. The command and control traffic of a transient virus
D. Internal security camera system

Answer

A

D. Internal security camera system

Explanation:
Internal security camera system

CCTV stands for closed-circuit television. It’s more commonly referred to as security cameras and is used for physical security. CCTV is used in data centers for security monitoring or in the workplace to protect against theft and vandalism.

Question 2

Q

An attacker attempts to break into a building by cutting the padlock off the roof’s access hatch but is unable to access anything because the door leading to the hatch is locked from the inside. This event is BEST described as what?

A. A violation of policy
B. Security failure
C. Data breach
D. Security incident

Answer

A

D. Security incident

Explanation:
A security incident is any event that negatively impacts an organization’s security posture or may lead to the eventual disclosure of sensitive information. This term is sometimes used synonymously with data breach; however, a data breach is an event that results in the disclosure of sensitive information. All data breaches are security incidents, but not all security incidents are data breaches.

Question 3

Q

Of the following, what is the MOST essential to ensure referential integrity?
A. Candidate key is equal to a valid primary key of a parent table
B. Foreign key is equal to a valid primary key of the same table
C. Foreign key is equal to a valid primary key of a parent table
D. Candidate key is equal to a valid primary key of the same table

Answer

A

C. Foreign key is equal to a valid primary key of a parent table

Explanation:
Referential integrity requires that the foreign key be equal to a valid primary key of a different table. A foreign key is a value that references the primary key of a tuple in a different table. The primary key is a unique value for each tuple in a table. There can be no tuples with duplicate primary keys.

Question 4

Q

An organization must consider all possible weaknesses and potential attack points when designing an information security program. Of the following, what BEST describes the process of identifying, understanding, and categorizing potential threats?

A. Asset valuation
B. Threat modeling
C. Business impact analysis
D. Vulnerability analysis

Answer

A

B. Threat modeling

Explanation:
In order to ensure the highest level of security, organizations must identify possible threats to the organization’s systems. This is done through threat modeling. Threat modeling refers to the process of identifying, understanding, and categorizing potential threats. The goal of threat modeling is to identify a potential list of threats and analyze those threats.

Question 5

Q

When an organization chooses to spend resources to reduce risk to an acceptable level, what response has the organization chosen?

A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk deterrence

Answer

A

A. Risk mitigation

Explanation:
Risk mitigation is when the risk is reduced to an acceptable level aligned with the organization’s risk appetite. It is never possible to eliminate all risk. When risk mitigation is more expensive than if the risk is realized, an organization should either document and accept the risk or rethink their mitigation strategy.

Question 6

Q

When mapping the Open Systems Interconnection (OSI) model layers to the Transmission Control Protocol/Internet Protocol (TCP/IP) model, what is the Network layer’s equivalent in the TCP/IP model?

A. The Internet layer
B. The Link layer
C. The Transport layer
D. The Application layer

Answer

A

A. The Internet layer

Explanation:
The Network layer in the Open Systems Interconnection (OSI) model is called the Internet layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model.

The Internet layer is the second layer of the TCP/IP model and is represented in descending sequence as the second layer from the bottom. Internet Protocol (IP) contains addressing information that enables packets to be routed. Internet protocol (IP) is part of the TCP/IP model. The TCP/IP model and the OSI model differ because the TCP/IP model consists of only four layers rather than seven. The four TCP/IP model layers are Network Access or Link, Internet, Transport, and Application.

Question 7

Q

Of the following, which BEST describes The Open Group Architecture Framework (TOGAF)?

A. An open standard used to maintain compatibility between different software types
B. A series of controls that an organization must meet to maintain compliance with various regulations
C. An enterprise architecture development methodology
D. A framework used to develop a security program within an organization

Answer

A

C. An enterprise architecture development methodology

Explanation:
The Open Group Architecture Framework (TOGAF) is a standard that helps organizations design, plan, implement, and govern information technology architecture. TOGAF uses the Architecture Development Method (ADM) to create architectures for business, data, applications, and technology.

Question 8

Q

Access control addresses the relationship between subjects and objects. Of the following, which is TRUE about a subject?

A. It is an active entity that interacts with passive objects
B. It is always an individual user account
C. It is a passive entity that provides information to the active entity
D. It can modify objects without authorization

Answer

A

A. It is an active entity that interacts with passive objects

Explanation:
By most definitions, a subject is an active entity on a system. This is anything that is actively interacting with the system, including users, processes, or automated programs. Access control regulates access between subjects and objects. An objects is a passive entity that provides information.

Question 9

Q

What encryption type supports the ability to perform computations on its encrypted data fields that yield accurate computational results when the resulting output is decrypted?

A. Homomorphic
B. MD5
C. Metamorphic
D. Polymorphic

Answer

A

A. Homomorphic

Explanation:
Homomorphic encryption is a unique type of encryption which supports the ability to perform computations on its encrypted data fields. When the resulting output is decrypted, it will yield accurate computational results that are identical to what would’ve been obtained if the same computations had been performed on the unencrypted data.

Polymorphic and metamorphic refer to self-modifying virus types, while MD5 refers to a deprecated but common hash function.

Question 10

Q

A cipher lock uses which of the following?

A.Keypad
B. Key token
C. Physical key
D. Encrypted keys

Answer

A

A.Keypad

Explanation:
A cipher lock is characterized by a keypad, requiring a specific numerical sequence on the keypad to unlock an entrance. Keypads are used in data centers or even within restricted areas to add an extra level of security.

Question 11

Q

Using the Open Systems Interconnection (OSI) model, which layer is the Data Link layer?

A. 1
B. 2
C. 3
D. 4

Answer

A

B. 2

Explanation:
The Data Link layer is the second layer and is represented in descending sequence as the second-lowest layer. Data is passed from the highest layer (application; layer 7) downward through each layer to the lowest layer. The seven layers include the following:

Application (Layer 7)
Presentation (Layer 6)
Session (Layer 5)
Transport (Layer 4)
Network (Layer 3)
Data Link (Layer 2)
Physical (Layer 1)

Question 12

Q

Which of the following file content types could be compromised by a rainbow table?

A. Memory dumps
B. Account permissions
C. System logs
D. Hashed passwords

Answer

A

D. Hashed passwords

Explanation:
A rainbow table contains precomputed hash values that correlate to possible password combinations, enabling an attacker in possession of a hashed password file to crack plaintext passwords. Rainbow tables can be defeated through the use of cryptographic salts, which add a random value to the end of each password before it is hashed.

Account permissions, system logs, and memory dumps would not be compromised by a rainbow table.

Question 13

Q

Reviewing recorded events from a CCTV is an example of what kind of security control?

A. Deterrent
B. Detective
C. Corrective
D. Recovery

Answer

A

B. Detective

Explanation:
Detective controls identify security violations after they have occurred, or they provide information about the violation as part of an investigation. An intrusion detection system is a technical detective control, and a motion detector is a physical detective control. Note that both an intrusion detection system and a motion detector include the word “detect,” which is a good clue. Reviewing logs or an audit trail after an incident is an administrative detective control. Use of the CCTV itself is a preventative measure, but reviewing the footage captured on CCTV is primarily for detection purposes, and it is categorized as a “detective device” in the physical security classification. CCTV cameras are standard security measures to deter theft and capture any threats in action.

Deterrent controls attempt to discourage someone from taking a specific action. A high fence with lights at night is a physical deterrent control. A strict security policy stating severe consequences for employees if it is violated is an example of an administrative deterrent control. A proxy server that redirects a user to a warning page when a user attempts to access a restricted site is an example of a technical deterrent control.

Corrective controls attempt to modify the environment after an incident to return it to normal. Antivirus software that quarantines a virus is an example of a technical corrective control. A fire extinguisher is an example of a physical corrective control.

Recovery controls provide methods to recover from an incident.

Question 14

Q

An encrypted message is BEST called what?

A. Encryption output
B. Ciphertext
C. Plaintext
D. Cryptograph

Answer

A

B. Ciphertext

Explanation:
When a message is encrypted, it’s considered ciphertext. Ciphertext is the result of running encryption algorithms on a plaintext message, making it unreadable. Ciphertext must remain unreadable unless it is decrypted using the decryption key.

Question 15

Q

Using the Open Systems Interconnection (OSI) model, which layer contains the Network?

A. 1
B. 3
C. 2
D. 4

Answer

A

B. 3

Explanation:
The Network is in the third layer of the Open Systems Interconnection (OSI) model. The Network layer contains protocols like Internet Protocol (IP) and Internetwork Packet Exchange (IPX)

The seven layers in descending sequence are:

7) Application
6) Presentation
5) Session
4) Transport
3) Network
2) Data Link
1) Physical

Question 16

Q

What physical lock uses a keypad?

A. Disk detainer lock
B. Cipher lock
C. Tumbler lock
D. Warded lock

Answer

A

B. Cipher lock

Explanation:
A cipher lock is characterized by a keypad, requiring a specific numerical sequence on the keypad to unlock an entrance. Keypads are used in data centers or even within restricted areas to add an extra level of security

Question 17

Q

Which of the following is the MOST thorough and secure method of removing data from a hard drive with a spinning platter?

A. Irradiation
B. Erasing
C. Remanence
D. Destruction

Answer

A

D. Destruction

Explanation:
Destruction is the most thorough way to ensure data cannot be recovered, since it leaves the media and data unreadable and unrecoverable.

Erasing is one of the weakest ways to sanitize data, since it only breaks the link to the data, leaving the data easily recoverable. Remanence is not a sanitization method but is the data that is left over after sanitization. Irradiation may damage media, but will not destroy it.

Question 18

Q

The U.S. Department of Defense organizes its security classifications into which of the following?

A. Public, Confidential, Secret, Top Secret, and Sealed
B. Open, Closed, and Sealed
C. Open, Sensitive but Unclassified, Secret, and Top Secret
D. Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret

Answer

A

D. Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret

Explanation:
The U.S. Department of Defense organizes its security into five principal classes, including Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret. Individuals are then awarded classification levels based on this system to grant and restrict access. Access is given on a need-to-know basis.

Question 19

Q

Nora is a penetration tester who has been hired to assess an organization’s campus. She finds CAD drawings classified as Sensitive. She discovers that two of the drawings are for the same part and, when combined, should be classified as Confidential.

This process is MOST LIKELY known as what?

A. Aggregation
B. Deducing
C. Mining
D. Collection

Answer

A

A. Aggregation

Explanation:
When discussing classification labels, data aggregation means that data classified at a higher level can be inferred by combining data at a lower classification level.

Question 20

Q

Of the following alarms, which would be considered the MOST critical for a CISSP to ensure function properly?

A. Heartbeat alarms
B. Intrusion alarms
C. Fire alarms
D. Component failure alarms

Answer

A

C. Fire alarms

Explanation:
Fire alarms provide an audible sound if a fire is detected. Human safety is always considered the highest priority.

Intrusion alarms are incorrect because they do not ensure human safety as much as fire alarms do. Heartbeat alarms is incorrect because they monitor servers or security systems and do not impact human safety. Component failure alarms is incorrect because they monitor a server’s components like a power supply. They do not impact human safety.

Question 21

Q

Kerberos is an authentication protocol that employs the use of what?

A. Asymmetric encryption
B. Tickets
C. Tokens
D. Biometrics

Answer

A

B. Tickets

Explanation:
Kerberos uses a series of tickets to authenticate users/clients and provide access to network resources. Using Kerberos, clients obtain tickets from the key distribution center (KDC) and present these tickets to network resources when access requests are made. Kerberos uses symmetric encryption like the Advanced Encryption Standard (AES) to secure and verify the ticket’s authenticity.

Question 22

Q

Martina is testing a new application that her company is developing. She is trying a testing technique that posts thousands of different inputs into the software to determine its limits and potential flaws. What form of testing is this?

A. Fuzz testing
B. Interface testing
C. Misuse case testing
D. Static testing

Answer

A

A. Fuzz testing

Explanation:
Fuzz testing is a technique used to find flaws or vulnerabilities by sending randomly generated or specially crafted inputs into the software. There are two types of fuzzers: mutation (dumb) fuzzers, and generational (Intelligent) fuzzers. Mutation fuzzers mutate input to create fuzzed input. Generational fuzzers create fuzzed input based on what type of program is being fuzzed.

Question 23

Q

When using a Redundant Array of Independent Disks (RAID), which RAID level will always reduce your raw capacity by 50%?

A. 1
B. 0
C. 5
D. 6

Answer

A

A. 1

Explanation:
RAID-1 is also known as mirroring. Data is written to two drives at once. If one drive fails, the other drive still has all the data. RAID-1 requires that you lose 50% of your total raw storage.

RAID levels:

RAID-0 - Data is striped between a set of drives without parity. This increases your risk of data loss. If one drive fails, the entire RAID will fail; however, it increases your usable storage and writes speed.
RAID-1 - Data is mirrored between two identical drives. This provides redundancy. However, your usable storage is reduced by 50% of your total storage.
RAID-5 - Data is striped between a set of drives, but parity is also written to each drive. This allows for a single drive to fail without causing the RAID to fail. This provides redundancy, but your usable storage is reduced by one drive worth of storage.
RAID-6 - Similar to RAID-5, however, two sets of parity are written to each drive. This allows for two drives to fail without causing the RAID to fail. This provides redundancy, but your usable storage is reduced by two drives worth of storage.

Question 24

Q

When a risk is considered more costly to address than to allow it to be realized, what type of response should be chosen?

A. Risk deterrence
B. Risk transfer
C. Risk avoidance
D. Risk acceptance

Answer

A

D. Risk acceptance

Explanation:
When risk mitigation is more expensive than if the risk is realized, an organization should document and accept the risk or rethink their mitigation strategy. Risk acceptance does not mean choosing to ignore the risk but, rather, concluding that doing something about the risk is more costly than the risk itself.

Question 25

Q

Which phase of patch management will MOST LIKELY use the change management process?

A. Patch deployment
B. Patch approval
C. Patch evaluation
D. Patch testing

Answer

A

B. Patch approval

Explanation:
Patch approval uses the change management process once patches are tested and approved for deployment. The approval process ensures that all affected organizations are aware of the changes and possible performance issues due to changes.

Question 26

Q

Which type of network discovery scan opens a full connection with a remote system on a specific port?

A. Xmas scan
B. TCP SYN scan
C. TCP connect scan
D. TCP ACK scan

Answer

A

C. TCP connect scan

Explanation:
Transmission control protocol (TCP) connect scanning opens a full connection, meaning that the scanner replies with an ACK to complete the TCP three-way handshake. This type of scan is usually selected when the user does not have privileges to run half-open scans.

TCP SYN scan is incorrect because it is a half-open scan and only sends a packet with the SYN flag set. TCP ACK scan is incorrect because it is also a half-open scan and only sends a packet with the ACK flag set. Xmas scan is incorrect because it does not open a full connection and, instead, sends a packet with the FIN, PSH, and URG flags set.

Question 27

Q

Which of the following is NOT a valid database key?

A. Candidate key
B. Foreign key
C. Record key
D. Primary key

Answer

A

C. Record key

Explanation:
The following are keys that you will find in a database:

Candidate key - This key can be used to identify any record.
Primary key - This key is a unique value for each tuple in a table.
Foreign key - This key is a value that references the primary key of a tuple in a different table.

Record key is a fabricated term.

Question 28

Q

Which of the following components of a computer is MOST LIKELY to make calculations using logic gates?

A. Registers
B. Arithmetic logic unit (ALU)
C. Random Access Memory (RAM)
D. Central processing unit (CPU)

Answer

A

B. Arithmetic logic unit (ALU)

Explanation:
The arithmetic logic unit (ALU) is a series of physical circuits that perform bitwise operations on binary numbers. The circuits are built using logic gates made from transistors.

Central processing unit (CPU) is incorrect because it is made up of the ALU and registers. Registers is incorrect because they are temporary storage for instruction sets to be processed by the ALU. Random Access Memory (RAM) is incorrect because it stores application instructions and outputs from the CPU/ALU.

Question 29

Q

According to the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which layer is the Internet layer?

A. 2
B. 3
C. 1
D. 4

Answer

A

A. 2

Explanation:
The Internet layer is the second layer of the TCP/IP model and is represented in descending sequence as the second layer from the bottom. Internet Protocol (IP) contains addressing information that enables packets to be routed and is part of the TCP/IP model. The TCP/IP model and the OSI model differ because the TCP/IP model consists of only four layers rather than seven. The four TCP/IP model layers are Network Access or Link, Internet, Transport, and Application.

Question 30

Q

Tina is an accountant for a financial institution and has been committing fraud for years by secretly skimming money from unused budgets. Of the following, what detective control could Tina’s organization have implemented to discover her fraud?

A. Split knowledge
B. Mandatory vacations
C. M of N control
D. Separation of duties

Answer

A

B. Mandatory vacations

Explanation:
Mandatory vacations are used to detect fraud within an organization. Employees who commit fraud often do not take vacations to minimize other employees’ chances of discovering their fraud. Mandatory vacation length is recommended for a minimum of two weeks to be considered effective.

Separation of duties, split knowledge, and M of N control are incorrect because they are preventative controls.

Question 31

Q

Without using a hypervisor, a word processor wanting to save a file would need to access which CPU ring?

A. Ring 0
B. Ring 3
C. Ring 1
D. Ring 2

Answer

A

B. Ring 3

Explanation:
User applications, including word processors, reside in Ring 3, the least secure and trusted of the rings.

Applications (3)
Hardware Drivers (2)
Operating System (1)
Kernel (0)

As protection layer numbers decrease, a higher level of security is required.

Question 32

Q

A brute-force attack has a virtually 100% success rate; it just depends on the time it takes to guess a password. Of the following, which BEST helps to prevent brute-force attacks?

A. Lockout policy on user accounts
B. Storing passwords using a SHA-3 hash
C. Salting passwords
D. Password encryption

Answer

A

A. Lockout policy on user accounts

Explanation:
Account lockout controls help prevent brute-force attacks. They lock the account for a period of time after incorrect passwords are entered too many times. Account lockouts typically use clipping levels that ignore some user errors but take action after a threshold is reached.

Question 33

Q

Of the following, which entity is statistically MOST LIKELY to be a cybersecurity threat?

A. An outside hacker
B. A government
C. A rival organization
D. A disgruntled employee

Answer

A

D. A disgruntled employee

Explanation:
Most industries agree that one of the most significant threats a company faces is from its own employees. For this reason, companies should employ principles like segregation of duties, split knowledge, and least privileged.

Question 34

Q

Of the following, what protocol is used with IPsec?

A. EAP
B. CHAP
C. IKE
D. TLS

Answer

A

C. IKE

Explanation:
Internet key exchange (IKE) is used to negotiate parameters and ultimately establish security associations (SAs) for IPsec. IKE operates in two phases.

Phase 1: Negotiates a single bi-directional SA by exchanging a generated secret key using the Diffie-Hellman key exchange.
Phase 2: Negotiates unidirectional SAs using the SA established during phase 1.

Question 35

Q

Which of the following is NOT protected by a trademark?

A. Recipe
B. Phrase
C. Slogans
D. Logos

Answer

A

A. Recipe

Explanation:
Trademarks protect brand identity, including slogans, logos, phrases, or combinations that represent the company or brand identity. A recipe cannot be trademarked and would be protected under trade secret law.

Question 36

Q

This type of control is used to verify a communication pathway is active by periodically or continuously checking it with a signal and can be used to prevent intruders from circumventing an alarm system, or it can trigger a high availability (HA) event:

A. A heartbeat sensor
B. A keep-alive sensor
C. A tamper sensor
D. A syslog aggregator

Answer

A

A. A heartbeat sensor

Explanation:
The heartbeat sensor is used as a communication pathway that tests a target’s signal periodically. It provides monitoring for connections to servers or security systems. For instance, if the door lock cable is cut, the test signal will fail, and personnel is alerted to the issue. Heartbeat sensors are also used to trigger high availability (HA) events on servers or network equipment. For example, if a server detects that its neighbor is no longer active, it will take over and provide failover.

Question 37

Q

Access control addresses the relationship between subjects and objects. Of the following, which is TRUE about objects?

A. They are active entities that provide information to a passive entity
B. They are passive entities that provide information
C. When authorized, they can modify entities
D. They are active entities that access a passive entity

Answer

A

B. They are passive entities that provide information

Explanation:
An object is a passive entity that provides information to active subjects. Some examples of objects include files, databases, computers, programs, processes, printers, and storage media.

Question 38

Q

Which of the following is LEAST LIKELY to be the audience of a security audit report?

A. Third parties
B. Board of directors
C. Government regulators
D. Functional management

Answer

A

D. Functional management

Explanation:
Unlike security assessments, security audits are generally performed by an external group to prevent conflicts of interest. The audience of a security audit report would be people outside of the company’s day-to-day operations, such as the board of directors, government regulators, or third parties.

Question 39

Q

When discussing multi-factor authentication (MFA), what method uses something you know and something you have?

A. One-time pad
B. Retina Scans
C. Public key infrastructure (PKI)
D. Smart cards

Answer

A

D. Smart cards

Explanation:
Smart cards are credit card-sized devices that contain a microprocessor. The smart card typically contains an encrypted private key issued through a public key infrastructure (PKI) system that the authenticating environment trusts. When the smart card is inserted into a reader, the user must enter a PIN before the smart card releases the private key. Smart cards used by the U.S. government are known as common access cards (CACs). The “something you know” is the PIN. The “something you have” is the smart card.

Retina scans is incorrect because it’s something you are. One-time pad is incorrect because it is not a form of multi-factor authentication (MFA); it is an encryption technique. Public key infrastructure (PKI) is incorrect because it is not a standalone MFA method.

Question 40

Q

According to the Open Systems Interconnection (OSI) model, which layer is the Application layer?

A. 6
B. 5
C. 7
D. 8

Answer

A

C. 7

Explanation:
The Application layer is the seventh layer of the Open Systems Interconnection (OSI) model and is represented in descending sequence as the topmost layer. The Application layer is the graphical presentation and interface between the device and the user. Examples of Application layer protocols include HTTP, FTP, SMTP, and SNMP.

Question 41

Q

Certain characters within website form inputs (e.g., ‘) are being converted into their HTML character entity reference equivalents (e.g., &apos), prior to processing. What web application security technique is being applied?

A. Output encoding
B. Input validation
C. Cross-site scripting
D. Request forgery

Answer

A

A. Output encoding

Explanation:
The conversion of certain characters within website form inputs (e.g., ‘) into their HTML character entity reference equivalents (e.g., &apos) prior to processing is an example of output encoding. Output encoding is an application security technique used to ensure that certain characters within form inputs are processed as data and not potentially misinterpreted as programming syntax (which could be used to inject malicious code, if processed).

Input validation is an application security technique used to ensure that actual input is aligned to the input expected for a particular field, before it is processed. Such validation does not just consider field type (e.g., that a date field follows the structure and format of a date mm-dd-yyyy) but also field data (e.g., the lack of strings such as “1=1” and “

", which could be used to inject malicious code, if processed). Cross-site scripting and request forgery are both types of web application attacks that can result from weak output encoding and/or input validation.

Question 42

Q

Raul is reviewing one of the new services that his company is looking to deploy next month. He is concerned that the fields on the website that interact with the database might be vulnerable to a Structured Query Language (SQL) injection attack.

Which of the following would he use to determine if there is an SQL vulnerability?

A. Network vulnerability scanner
B. Network discovery scanner
C. Port scanner
D. Web vulnerability scanner

Answer

A

D. Web vulnerability scanner

Explanation:
Web vulnerability scanners are special-purpose tools that scour web applications for known vulnerabilities. Attackers often try to exploit the complexity of websites through attacks like Structured Query Language (SQL) injection in order to further their goals.

Question 43

Q

A legal document used to protect an organization’s sensitive information and signed by its employees is MOST LIKELY called what?

A. Terms and conditions
B. Noncompete agreement
C. Nondisclosure agreement
D. Work commencement

Answer

A

C. Nondisclosure agreement

Explanation:
Organizations often require a nondisclosure agreement (NDA) to be signed by an employee prior to giving them access to sensitive information. The nondisclosure agreement reinforces trust between the organization and the employee. The nondisclosure agreement ensures that confidential materials and ideas used by the organization are not disclosed to third parties without consent.

Question 44

Q

Effective incident response management is handled in several steps or phases. Which of the following is performed just after the “detection” phase after an incident has occurred?

A. Reporting
B. Mitigation
C. Recovery
D. Response

Answer

A

D. Response

Explanation:
Effective incident response management is handled in several steps or phases. There are seven steps outlined in the CISSP CIB:

Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons learned

Question 45

Q

Barbed wire adds what to a perimeter defense?

A. Detection
B. Ownership
C. Deterrence
D. ccess control

Answer

A

C. Deterrence

Explanation:
The threat of harm from barbs on the wire is considered a deterrent to bypassing the perimeter. Fences should be at least eight feet tall with barbed wire at the top for adequate deterrence.

Question 46

Q

The IDEAL software development model has how many phases?

A. 5
B. 8
C. 7
D. 9

Answer

A

A. 5

Explanation:
The IDEAL software development model has 5 phases. The phases are as follows:

Initiating
Diagnosing
Establishing
Acting
Learning

Question 47

Q

Brandon is a disgruntled employee who decides he will build a back door into an in-house developed piece of software. A few months later, Brandon’s employment is terminated, and he decides to attack the organization using the back door he built. Brandon’s former employer hires a forensic team to investigate the origin of the attack. They identify the in-house developed application, but there is no record of how the back door was introduced.

Of the following, what technique or control would have MOST LIKELY allowed Brandon’s former employer to identify Brandon as the person who introduced the back door?

A. Split knowledge controls
B. Configuration change management
C. External connection monitoring
D. Versioning

Answer

A

D. Versioning

Explanation:
Code versioning forces developers to document each revision or change in a codebase. All changes are tracked and saved. Organizations should use code versioning to review changes made to code or roll changes back if needed. Common examples of code version control software are GIT and SVN.

Question 48

Q

Jennifer receives a document with the word “CONFIDENTIAL” stamped on it. Of the following, what BEST describes the process of stamping the document?

A. Media Categorization
B. Marking/Labeling
C. Data Normalization
D. Data Classification

Answer

A

B. Marking/Labeling

Explanation:
Marking and Labeling is when the classification level is physically added to the document or media. Marking helps ensure individuals protect information and media while in their position.

Classification is incorrect because it is the process of defining the sensitivity of the media. Data Normalization and Media Categorization are not applicable in this scenario.

Question 49

Q

When discussing risk analysis, which of the following is the likelihood of an exploit?

A. Threat
B. Vulnerability
C. Risk
D. Safeguard

Answer

A

C. Risk

Explanation:
When quantifying risk, it can be defined as the possibility or likelihood that a vulnerability will be exploited.

Risk is viewed as the possibility that something could happen to damage, destroy, or disclose data or other resources. Risk assessment and management are used to reduce risk. Before any security policies are made, risk must always be defined and assessed within the organization.

Question 50

Q

Which form of evidence is offered by witnesses who give oral testimony based on their observation of a crime?

A. Conclusive evidence
B. Corroborative evidence
C. Direct evidence
D. Circumstantial evidence

Answer

A

C. Direct evidence

Explanation:
Direct evidence may come from witnesses who give oral testimony based on their observations. Direct evidence cannot be hearsay, which is second-hand testimony.

Conclusive evidence is incorrect because it is irrefutable and cannot be contradicted. Circumstantial evidence is incorrect because it can prove an intermediate fact used to assume another fact. Corroborative evidence is incorrect because it is used to prove an idea or point that cannot stand on its own.

Question 51

Q

The only cryptography known to be impossible to crack, when correctly implemented, is known as what?

A. One-time pad
B. Vigenère cipher
C. Quantum encryption
D. Elliptic curve

Answer

A

A. One-time pad

Explanation:
Gilbert Vernam invented the one-time pad (OTP) in 1917. One-time pad requires a completely random key that is the same length as the message. Each bit of the message and the key are exclusive-OR (XOR) together. The resulting ciphertext is considered unbreakable as long as the key remains secure. For a one-time pad to be implemented correctly, keys cannot be reused and must truly be random.

One-Time pad requirements:

Keys must be genuinely random values
Keys can only be used one time
Keys must be exchanged securely
The sender and receiver must keep the keys secure
The key must be the same length as the message.

Quantum encryption is incorrect because it is different from traditional cryptographic systems in that it relies more on physics than classical mathematics and may be cracked. Elliptic curve is incorrect because it is a form of cryptography based on the algebraic structure of elliptic curves and can be broken. Vigenère cipher was developed in France in 1553 and uses Caesar ciphers with different shift values. A keyword is used to create the shift values.

Question 52

Q

Performing software audit trails establishes what?

A. Accountability
B. Confidentiality
C. Integrity
D. Authorization

Answer

A

A. Accountability

Explanation:
Software audit trails keep track of user activities and provide accountability to the user base. Audit trails are especially important for software that contains sensitive data. For instance, they are required by the Health Insurance Portability and Accountability Act (HIPAA) to audit who has access to patient data and when the data was accessed.

Question 53

Q

From the perspective of cybersecurity, which of the following is the BEST motivation to create system images and baselines?

A. Create a uniformed naming convention
B. Central inventory management
C. System hardening
D. Decrease the time needed to deploy new systems

Answer

A

C. System hardening

Explanation:
System hardening reduces the overall risk of a system by removing unnecessary software and implementing best security practices. Once a secure baseline has been established on a particular system, administrators can capture the system’s state, called an “image”, and deploy it to other systems. This process is known as “imaging.” Imaging can be used to decrease the time needed to deploy new systems. However, the best motivation is to ensure that all systems are deployed with a hardened image.

Question 54

Q

What is the term for testing the security of a piece of software without executing the software?

A. Dynamic testing
B. Initial testing
C. Static testing
D. Still testing

Answer

A

C. Static testing

Explanation:
Static testing tests the security of software without executing the software. This type of test reviews the source code or the compiled application.

Dynamic testing is incorrect because this type of test evaluates the security of software while the software is executing. Initial testing and still testing are fabricated terms.

Question 55

Q

Martina works in quality assurance and can only access resources and perform tasks that are directly related to her job role. What type of access control model does Martina’s organization MOST LIKELY use?

A. UAC
B. MAC
C . DAC
D. RBAC

Answer

A

D. RBAC

Explanation:
A system that employs Role-Based Access Control (RBAC) maps a subject’s role with their needed operations and tasks. Users are assigned to roles and not resources.

Mandatory Access Control (MAC) uses classification and labels to define user access. Discretionary Access Control (DAC) allows the Data Owner to control and define access to objects. UAC is not an access control model.

Question 56

Q

Which of the following refers to the practice of registering common misspellings or variations of a domain name?

A. Vishing
B. Clickjacking
C. Baiting
D. Typosquatting

Answer

A

D. Typosquatting

Explanation:The practice of registering common misspellings or variations of a domain name (e.g. facebok.com, apples.com) is referred to as typosquatting. Such registrations typically direct traffic to destinations that advantage the squatter, rather than to the domain originally intended.

Clickjacking occurs when the user interface of a website is manipulated to misdirect intended click-throughs. Vishing refers to voice-based (rather than email-based) phishing. Baiting refers to the practice of leaving compromised portable media in a public location in a manner that entices its use from a secure, nonpublic location (for example, leaving an infected USB drive labelled “staff salaries” in the lobby of an office building).

Question 57

Q

Which of the following terms refers to the technique of adding a term or phrase to the header of a communication to enhance its effectiveness as a social engineering attack?

A. Shoulder surfing
B. Smishing
C. Prepending
D. Baiting

Answer

A

C. Prepending

Explanation:
Prepending refers to the technique of adding a term or phrase to the header of a communication to enhance its effectiveness as a social engineering attack. Prepending is commonly employed in phishing e-mails. Examples include spoofed subject tags such as “RE:” or “[INTERNAL]” to support pretexts, or spoofed header tags in the content body (e.g., “X-SPAM-STATUS: NO”) to trick spam filters.

Smishing refers to a phishing attack that is attempted or executed over SMS (Short Message Service) text messaging. Shoulder surfing refers to the technique of obtaining privileged information through observation from a position of proximity (e.g., watching a password or PIN being typed through an office window, reading the laptop display of someone adjacently seated on an airplane). Baiting refers to the practice of leaving compromised portable media in a public location in a manner that entices its use from a secure, nonpublic location (for example, leaving an infected USB drive labelled “staff salaries” in the lobby of an office building).

Question 58

Q

Data on media should be erased when it is no longer required. Of the following, what is the BEST method to ensure sensitive data cannot be recovered from magnetic media?

A. Overwriting
B. Deleting
C. Degaussing
D. Re-formatting the media

Answer

A

C. Degaussing

Explanation:
A degausser creates a magnetic field that realigns the magnetic fields on media. It’s one way to remove data remanence on media such as a hard drive or tape drive. It is very difficult to recover data from media if it has been correctly degaussed. Degaussing is only effective on magnetic media, so it can’t be used on media such as DVD or CD discs.

Deleting is incorrect because it does not remove the data from the media; it only removes the record from the data’s file system. Re-formatting the media is incorrect because it does not adequately overwrite the data and may still be recoverable. Overwriting is incorrect because unless it has been overwritten multiple times, the data can still be recovered.

Question 59

Q

Which of the following describes a model used to assess risk maturity?

A. OSS
B. COTS
C. OIDC
D. RMM

Answer

A

D. RMM

Explanation:
An RMM (Risk Maturity Model) is a model used to assess risk maturity. For each risk management process, RMMs define levels of maturity and the characteristics commonly associated with (or which demonstrate realization of) those levels of maturity. By matching their characteristics with those found in the model, organizations can establish the maturity of their risk management processes.

OIDC (OpenID Connect) is not a model used to assess risk maturity, but an authentication and authorization solution that enables Single Sign-On (SSO). COTS (Commercial Off-The-Shelf) and OSS (Open Source Software) are not models used to assess risk maturity, but different classes of software that have been developed by third-parties. COTS is typically sold for a profit, while OSS is typically offered for free.

Question 60

Q

Heather is the IT manager for a mid-sized manufacturing organization that builds weapons in the United States. Heather is concerned her organization does not have any offsite backups, so she decides to send a full backup to a Venezuelan cloud provider.

Of the following, what law or regulation has Heather MOST LIKELY broken?

A. General Data Protection Regulation (GDPR)
B. Computer Fraud and Abuse Act (CFAA)
C. The Espionage Act
D. International Traffic in Arms Regulation (ITAR)

Answer

A

D. International Traffic in Arms Regulation (ITAR)

Explanation:
The International Traffic in Arms Regulation (ITAR) is a U.S. regulation that restricts and controls the export of defense and military technologies to foreigners. Organizations that manufacture or process information on controlled technologies must establish strict and rigid controls to ensure data is not disclosed to unauthorized individuals.

Question 61

Q

When deleting a file is not enough to satisfy an organization’s data destruction policy, what BEST ensures the data cannot be restored, but the media can be reused?

A. Clearing
B. Destruction
C. Purging
D. Erasing

Answer

A

C. Purging

Explanation:
Purging is the process of overwriting the original data over and over. It should be repeated many times and can be combined with degaussing to ensure the original data cannot be recovered.

Erasing is another word for delete. Clearing is the process of overwriting data multiple times; however, it is not considered as thorough as purging. Destruction is the most secure method; however, it destroys the media and cannot be reused.

Question 62

Q

Which function of change management is a labeling or numbering system used to differentiate between different software sets and configurations?

A. Requesting
B. Reviewing
C. Scheduling
D. Versioning

Answer

A

D. Versioning

Explanation:
Versioning refers to version control used in software configuration management. A labeling or numbering system is used to differentiate between different software sets and configurations across multiple machines or at different points in time on a single machine. Versioning also helps with rollback procedures when deployment fails.

Question 63

Q

An organization is looking to develop its Business Continuity Plan (BCP). Of the following, which is one of the first steps in creating a BCP?

A. Business Impact Analysis
B. Tabletop exercises
C .Mitigate risk
D. Likelihood assessment

Answer

A

A. Business Impact Analysis

Explanation:
One of the first steps in business continuity planning is to perform a Business Impact Analysis (BIA). A BIA identifies all critical functions and processes so the organization can prioritize them based on criticality.

Question 64

Q

Which of the following is the correct listing of the four basic network topologies?

A. Star, mesh, link-local, ladder
B. Ring, bus, star, mesh
C. Mesh, bridge, ring, bus
D. Expressway, ring, data link, physical

Answer

A

B. Ring, bus, star, mesh

Explanation:
Network topology refers to the physical layout and design of a network. Topologies are a part of the physical layer in the OSI model.

Ring: A ring topology connects all computers together in a ring or a circle.
Bus: Bus topology contains one trunk cable and each computer is connected to this one trunk.
Star: A central router or hub connects all computers in one location.
Mesh: Each computer is connected to every other computer with a cable for each connection. Mesh topologies are the most complicated and expensive.

Answer 65

A

D. Symmetric scheme

Explanation:
Pretty Good Privacy (PGP) is a hybrid cryptosystem that uses the International Data Encryption Algorithm (IDEA) to encrypt the data. PGP uses a web of trust instead of a traditional Public Key Infrastructure (PKI). The commercial version uses RSA and the free version uses the Diffie-Hellman key exchange.

Answer 66

A

A. When an attacker already knows a portion of the plaintext

Explanation:
A known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext and its encrypted version. Knowing a portion of the message can help decrypt the remainder of the cipher text. This was exploited by the allies during World War II. The allies knew that the last part of German-transmitted messages always contained the words “Heil Hitler.” The Germans also included a standard weather report in the same location of every transmission. This vulnerability in the German code procedures is one of the reasons the allies were able to crack the German enigma codes.

Answer 67

A

D. 64 bits

Explanation:
NIST selected the advanced encryption standard (AES) in 2000, to replace the older Data Encryption Standard (DES) that had known vulnerabilities. The AES cipher allows the use of three key lengths:

128-bit keys require 10 rounds of encryption
192-bit keys require 12 rounds of encryption
256-bit keys require 14 rounds of encryption

Answer 68

A

C. Biba

Explanation:
Biba is an integrity model that prevents subjects with lower security levels from writing to objects at higher security levels.

Take-Grant is incorrect because it dictates how rights can be passed from one subject to another. Brewer and Nash is incorrect because it dynamically changes access controls to protect against conflicts of interest. Bell-LaPadula is incorrect because it primarily focuses on confidentiality. It prevents subjects with lower security levels from reading objects at higher security levels.

Answer 69

A

C. 8 feet

Explanation:
Fences of 8 feet are considered to deter determined intruders. A tier 4 data center fence should be a minimum of 8 feet high.

The standard fencing height recommendations are:

3-4 feet deter casual trespassers
6-7 feet deter most intruders, but not determined ones
8 or more feet deter determined intruders

Answer 70

A

B. Project budgeting

Explanation:
Project budgeting is not considered to be one of the standard high-profile steps set forth by NIST for disaster recovery. NIST helps businesses establish standards and procedures to protect assets and avoid risk.

Answer 71

A

A. A vulnerability

Explanation:
The weakness in an asset or the absence or weakness of a safeguard or countermeasure is a vulnerability. A vulnerability is a flaw, loophole, oversight, error, limitation, frailty, or susceptibility in the IT infrastructure or any other process.

The threat is incorrect because it is what exploits the vulnerability. Exposures and breaches are incorrect because they may be the result if a vulnerability is exploited.

Answer 72

A

C. Endpoint detection and response (EDR)

Explanation:
Endpoint detection and response (EDR) is a protection solution commonly deployed on endpoints to detect advanced persistent threats (APTs). EDR solutions typically incorporate elements of intrusion detection, activity baselines, and machine learning to maximize threat detection capabilities.

A next-generation firewall (NGFW) is capable of detecting APTs, but it is deployed on networks rather than endpoints. A bastion host is not a protection solution deployed on endpoints, but a security-hardened host that is commonly placed in an insecure network location to serve as a secure gateway or to securely support key services (e.g. e-mail, ftp). Web security gateways block access to restricted website content and malware, but they do not detect advanced persistent threats.

Answer 73

A

A. Detective

Explanation:
Detective controls are deployed to detect unwanted or unauthorized activity. These controls are frequently deployed after an event to ensure that future occurrences are discovered. Detective controls do not directly block or prevent unwanted activity. Detective controls include security cameras, motion detectors, and virus scans.

Answer 74

A

C. Mitigate risk

Explanation:
When patches are introduced to fix a security weakness in the system, they help mitigate risk. Software patching is often performed on a regular basis to maintain the security of production software.

Answer 75

A

B. Nonrepudiation

Explanation:
Nonrepudiation ensures that the subject of an activity or event cannot deny that the event occurred. In this case, the letter was delivered and signed for, leaving a paper trail. Therefore, the subject who received and signed for the mail cannot deny that they received it.

Answer 76

A

A. Access control matrix

Explanation:
An access control matrix is a table that contains a list of subjects, objects, and permissible actions. The columns are called the access control list (ACL). The rows are called the capability list. The matrix contains what permissions are assigned to each user for a specific object.

Answer 77

A

D. Mean Time To Failure (MTTF)

Explanation:
Devices or components with a finite life typically use MTTF to report the average life that can be expected from them before failing. MTTF can be expressed either as a duration or as a count of uses. Certain types of reusable media fall into this category, making it essential to consider MTTF when relying on them for critical backups.

Recovery Point Objective (RPO) is the threshold (expressed as an interval of time) established by the organization to indicate the maximum amount of data loss it can tolerate without adverse impact. An organization that is unable to tolerate more than a day’s worth of data loss would have an RPO of 24 hours. Single Loss Expectancy (SLE) is a calculation used in quantitative risk analysis to model the monetary loss resulting from a triggered risk to an asset. Exposure Factor (EF) is a variable (used in SLE calculations) which expresses the potential loss impact from a triggered risk as a percentage.

Answer 78

A

B.Running an authenticated scan

Explanation:
In an authenticated scan, the scanner has credentials to log in to the target and read configuration information from the scanned system and use it to find additional vulnerabilities.

Answer 79

A

D. Asymmetric and symmetric

Explanation:
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use both asymmetric and symmetric encryption to protect data in transit. Asymmetric encryption is used to authenticate the Client or Server and securely exchange the symmetric key. Symmetric encryption is used to encrypt data after the handshake has taken place.

Client sends a Client hello message to the Server
Server sends the client a Server hello message encrypted with the private key
Client decrypts the message using the public key
Client sends pre-master secret encrypted with the public key
Server decrypts the pre-master secret with the private key
Both the Client and Server generate symmetric keys using the pre-master secret
Symmetric encryption begins between the Client and Server

Answer 80

A

A. Remote journaling

Explanation:
Remote journaling is a type of backup system where the transfer of data happens closer to real-time. Remote journaling only transmits file deltas to keep systems synchronized. The recovery point objective (RPO) is determined by the frequency of how often the deltas are synchronized.

Answer 81

A

D. Wave pattern

Explanation:
Wave pattern motion detectors send an ultrasonic or high-frequency microwave to a specific secured area. The pattern is consistent when no object is present. When an object is present, it disrupts the wave pattern and triggers an alarm.

Answer 82

A

D. Separation of duties

Explanation:
Separation of duties segregates critical job roles between individuals and prevents any one person from subverting critical security controls. In this case, one individual isn’t allowed to both print and sign checks, leading to the ability to steal money. With the separation of duties system, stealing would require collusion between the two resources, which is much less likely.

Answer 83

A

C. Top Secret

Explanation:
The Top Secret label is applied to information in which its unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to national security. It is the highest level of classification used by the government.

The Secret label is applied to information in which its unauthorized disclosure could reasonably be expected to cause severe damage to national security. Confidential is used in commercial environments, not by the government. Classified is any data that has been assigned a classification label.

Answer 84

A

B. That only the keys need to be kept secret

Explanation:
Kerckhoff’s Principle assumes that everything about a cryptographic system is public knowledge except for the key. This has the benefit of validating an algorithm by the broader security community instead of relying on the insiders who created the algorithm. This assumption can also discourage people from neglecting to secure the keys through a false sense of security.

Answer 85

A

C. Mobile device management

Explanation:
Mobile device management (MDM) is a software solution to the challenging task of managing the myriad of mobile devices that employees use to access company resources. The goals of MDM are to protect the organization’s data, provide monitoring, enable remote management, and support troubleshooting.

Answer 86

A

D. IPsec

Explanation:
Internet protocol security (IPsec) is a suite of protocols that provides protection at the network layer of the open system interconnection (OSI) model. IPsec is frequently used to establish a virtual private network (VPN) between two routers. IPsec protects the original IP packet by encrypting or hashing the IP packet and adding a new AH or ESP header with a new IP header. IPsec specific protocols are:

Authentication header (AH) provides integrity of the packet and adds an AH header.
Encapsulating security payload (ESP) provides the confidentiality of the packet and adds an ESP header.
Internet key exchange (IKE) is used to negotiate tunnel parameters.

SSH (secure shell), SSL (secure socket layer), and TLS (transport layer security) are examples of other protocols that provide confidentiality at higher layers of the open system interconnection (OSI) model.

Answer 87

A

C. Security audit

Explanation:
Security audits are performed to validate that security controls have been implemented and work as desired. Security audits generally compare results against an external standard.

Patch management, vulnerability scan, and change management are incorrect because they do not validate that controls have been implemented.

Answer 88

A

B. Fail securely

Explanation:
The potential risks introduced from programming exceptions are best addressed through the secure design principle of fail securely. This principle bids developers to consider the security implications of exceptions (errors) in their code and incorporate error handling routines that manage them, to preserve the security of the application (and the data accessible through it).

Trust but verify is a secure design principle that challenges assumptions of trust derived from certain criteria without trust being explicitly verified (e.g., traffic originating from an internal network). Separation of duties is a secure design principle that demands a sensitive task be split between two or more individuals to reduce the risk of fraud, abuse, or errors. Shared responsibility is a secure design principle which recognizes that security can only be maintained through collective efforts (i.e. security is everyone’s responsibility).

Answer 89

A

C. 802.1AE

Explanation:
802.1AE, also known as MACsec, is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides confidentiality and integrity at the data link layer of the Open Systems Interconnection (OSI) model. MACsec adds additional headers to the frame that identify it has been protected with MACsec. MACsec provides Hop-to-Hop encryption or link encryption, not end-to-end encryption.

Transport Layer Security (TLS), Secure Sockets Layer (SSL), and Secure Shell (SSH) all provide end-to-end encryption.

Answer 90

A

A. Zero-day

Explanation:
A zero-day is a vulnerability that has not been patched by the vendor. Zero-day attacks are difficult to detect and prevent because the vulnerability is unknown, and signature-based detection engines often cannot detect malware that exploits zero-day vulnerabilities.

Answer 91

A

B. A program that executes when certain conditions are met

Explanation:
Logic bombs are programs or code that execute when certain conditions are met. It is common for IT or development personnel to hide malicious programs somewhere in a computer network that executes if their user account is ever disabled.

Answer 92

A

D. Mandatory Access Control (MAC)

Explanation:
A system that employs Mandatory Access Control (MAC) uses classifications and labels to define user access. Every resource is classified with a label, and users cannot access resources unless they have an equal or greater clearance level. MAC is widely used in government and military environments. MAC is often referred to as a lattice-based model because it looks like a garden lattice with well-defined boundaries when it is represented on paper.

Discretionary Access Control (DAC) allows the Data Owner to control and define access to objects. Role-Based Access Control (RBAC) maps a subject’s role with their needed operations and tasks. Attribute-Based Access Control (ABAC) makes decisions based on attributes for either the subject, object, or actions.

Answer 93

A

B. ECB & CTR

Explanation:
Electronic Code Book (ECB) and Counter Mode (CTR) do not utilize an initialization vector (IV).

ECB encrypts each block using the key with no additional random input. This means that the same plaintext patterns will be found in the ciphertext. If block A and block B both have the plaintext word “Monkey”, they will both show identical ciphertext for the portion of the block with the word “Monkey”.

CTR does not use an IV; however, it does use a counter that increments for each block. This is commonly used for network transmissions where packets may arrive out of order. If a chaining mode was used, the application would need to wait for each packet to arrive before it could decrypt the message, since blocks cannot be decrypted until the preceding block’s output is calculated.

Answer 94

A

D. Active entity

Explanation:
By most definitions, a subject is an active entity in a system. This is anything that is actively interacting with the system, including users, processes, or automated programs. Access control regulates access between subjects and objects. An object is a passive entity that provides information.

Answer 95

A

B. NAT

Explanation:
Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. NAT operates at the Network layer but cannot be an alternative to IP in its absence, whereas IPX, AppleTalk, and DECnet can.

Answer 96

A

C. Input validation

Explanation:
The filtering of certain content such as “1=1” and “

" from form inputs prior to processing is an example of input validation. Input validation is an application security technique used to ensure that actual input is aligned to the input expected for a particular field, before it is processed. Such validation does not just consider field type (e.g., that a date field follows the structure and format of a date mm-dd-yyyy) but also field data (e.g., the lack of strings such as "1=1" and "", which could be used to inject malicious code, if processed).

Output encoding is an application security technique used to ensure that certain characters within form inputs are processed as data and not potentially misinterpreted as programming syntax (which could similarly be used to inject malicious code, if processed). The conversion of certain characters within form inputs (e.g., ‘) into their HTML character entity reference equivalents (e.g., &apos) prior to processing is an example of output encoding. Cross-site scripting and request forgery are both types of web application attacks that can result from weak input validation and/or output encoding.

Answer 97

A

A. Electromagnetic Interference (EMI) & Radio Frequency Interference (RFI)

Explanation:
Electromagnetic interference (EMI) & Radio Frequency Interference (RFI) are the two main types of interference. They can cause equipment to malfunction and also corrupt communication signals, which causes timeouts and failures. Interference disrupts network transmissions, television, radio, and telephony equipment.

Answer 98

A

A. It indicates the point where false rejection is equivalent to the false acceptance rate

Explanation:
The point at which biometric type 1 errors (false rejection rate) and type 2 errors (false acceptance rate) are equal is the Crossover Error Rate (CER). When a biometric device is too sensitive, type 1 errors (false negatives) are more common. When a biometric device is not sensitive enough, type 2 errors (false positives) are more common.

Answer 99

A

B. Manipulating a phone system

Explanation:
Phreaking was used in the 1960s to manipulate telephone providers into making long-distance calls by generating signaling tones. Steve Wozniak and Steve Jobs, founders of Apple computers, were known phone phreakers during their youth. Modern phreaking manipulates a private branch exchange (PBX) into making unauthorized calls or other nefarious activity.

Answer 100

A

B. OWASP

Explanation:
The Open Web Application Security Project (OWASP) is an organization that publishes articles for developers. It has nothing to do with centralized authentication.

Remote Authentication Dial-In User Service (RADIUS) is used for centralized authentication, typically for organizations with more than one network access server. Terminal Access Controller Access-Control System Plus (TACACS+) was released after RADIUS and offers several improvements. Diameter was built to enhance TACACS+ by supporting a wide range of additional protocols.

Answer 101

A

C. Administrative control

Explanation:
Mandatory vacations are considered to be administrative controls that can help detect fraudulent activity. A mandatory vacation policy allows other department members to discover something that an employee was potentially hiding. It helps uncover employee misconduct and forces cross-training amongst department members.

Answer 102

A

C.State transition

Explanation:
State transition is the terminology used for activities that can alter a machine’s state. State machine security models require that all actions that change the state must be authorized, and the machine’s state must remain secure during transitions.

Answer 103

A

B. Job rotation

Explanation:
Job rotation among employees helps break up potential risks where users may be hiding inappropriate work within their own private access roles. It acts as a deterrent and a detection tool. If one knows that someone will be taking over their job functions soon, they are less likely to participate in fraudulent activities. If someone does do something fraudulent, job rotation increases the likelihood it will be discovered.

Least privilege is incorrect because the least privilege access control provides system users only the minimum level of access required to do their job. Preferred user is incorrect because it is not an identifier for access control. Separation of duties is incorrect because it restricts user access to specific identified tasks, preventing them from access to tasks that are unrelated to their work or duties.

Answer 104

A

B. Risk analysis

Explanation:
Risk analysis should be performed before outsourcing or offshoring sensitive data. The analysis is performed to ensure that the party is storing the data safely and securely. It must be determined if outsourcing the data createsa greater risk than the organization’s risk appetite.

Answer 105

A

B. Cold sites require less time to activate than hot sites.

Explanation:
Cold sites require significantly more time to activate since a cold site is essentially an empty computer room with environmental facilities such as heating, ventilation, and air conditioning, but no computing equipment. Hot sites can be activated within a few hours because all the required equipment is available and provisioned.

Answer 106

A

B. Aligning security objectives with business objectives

Explanation:
Correct answer: Aligning security objectives with business objectives

Control Objectives for Information and related Technology (COBIT) is a framework for governance developed by ISACA. The five COBIT principles are:

Meeting stakeholder needs
Covering the enterprise end to end
Applying a single integrated framework
Enabling a holistic approach
Separating governance from management

Answer 107

A

C. Viruses can reproduce without a legitimate host application.

Explanation:
Viruses cannot reproduce with a legitimate host application. Viruses infect legitimate files or programs and use them to spread themselves.

A worm is a type of malware that can reproduce without a legitimate host application.

Answer 108

A

A. (Threat x vulnerability x asset value) - control gap

Explanation:
Correct answer: (Threat x vulnerability x asset value) - control gap

This formula is total risk - control gap = residual risk.

Total risk = (threats x vulnerability x asset value). The control gap factor is a safeguard that controls risk, so it reduces the residual risk of a system.

Answer 109

A

C. Compensating

Explanation:
Compensating controls are used to provide alternatives to aid in security enforcement. They are used in addition to main security controls. They are frequently used to reduce risk to an acceptable level when the preferred control is too expensive or restrictive for business operations.

Answer 110

A

A. Data mining

Explanation:
Data mining is searching through data warehouses and correlating data. Analysts use data mining to find potential revenue. For instance, an analyst could data mine a product’s sales patterns and identify that October is the best sales month. Marketing and sales could then increase during those months to increase revenue for the company.

Answer 111

A

C. Multithreading

Explanation:
A thread is an individual instruction set that must be worked on by the CPU. Threads can execute in parallel with other threads that are part of the same parent process. This is known as multithreading. Threads are dynamically built and destroyed by the parent process. A process is a program loaded in memory. Most modern applications take advantage of multithreading.

Answer 112

A

D. Prevent patterns from being observed

Explanation:
An initialization vector (IV) is a random value used with a key to encrypt or decrypt data. The IV is used to reduce the likelihood of the same plaintext patterns being found in the ciphertext.

One of the reasons Wired Equivalent Privacy (WEP) was weak was because it used a short 24-bit IV. This caused the same IV to be used multiple times throughout the stream, allowing attackers to find patterns between messages using the same IV.

Answer 113

A

A. Assessing probability and quantifying potential opportunities for damage

Explanation:
The DREAD rating system is designed to provide a flexible rating solution that is based on the answers to five main questions about each threat:

Damage potential
Reproducibility
Exploitability
Affected users
Discoverability

Answer 114

A

D. Remote journaling

Explanation:
Remote journaling is a type of backup system where the transfer of data happens closer to real-time. Remote journaling only transmits file deltas to keep systems synchronized. The recovery point objective (RPO) is determined by the frequency of how often the deltas are synchronized.

Answer 115

A

A. Multilevel

Explanation:
A multilevel approach allows for the processing of data at different security levels. Information is allowed to flow between different access levels, provided the user has the proper clearance. Multilevel models are a category in the information-flow model.

Dedicated system architecture is incorrect because it permits a single level of processing. Single level is incorrect because it permits users to execute any instruction available. Super level is a fictitious term.

Answer 116

A

D. Cybersecurity insurance

Explanation:
Risk transfer is when you transfer the risk to someone else. When you pay an insurance company, they become responsible for paying out if the risk is realized.

Software patching is an example of risk mitigation. Taking no action is an example of risk acceptance. However, a cost-benefit analysis should be performed prior to accepting risk. Conducting a Business Impact Analysis (BIA) is a step in building a Business Continuity Plan (BCP).

Answer 117

A

D. Parallel processing where nodes may join and leave at will

Explanation:
Grid Computing is similar to clustering; however, individual nodes do not trust each other and can join and leave at will. Grid computing is generally distributed across hundreds and thousands of nodes across the internet. Nodes check-in when they have available system resources and contribute to Grid processing. Grid Computing is used for bitcoin mining, the creation of rainbow tables, and predicting weather patterns.

Answer 118

A

B. The CIA triad

Explanation:
The CIA triad is built upon the principles of confidentiality, integrity, and availability and is at the heart of information security. Confidentiality is the idea that sensitive data should be kept confidential and kept away from unauthorized individuals. Integrity is the idea that data remains authentic and unaltered. Availability ensures reliability and access to system resources.

Examples:

Confidentiality: Advanced Encryption Standard (AES)
Integrity: secure hash algorithm (SHA-3)
Availability: Redundant Array of Independent Disks (RAID)

Answer 119

A

A. Due care

Explanation:
Due care is best defined as taking and making decisions that a reasonable and competent person would make. Due care helps shield an organization from liability should a breach happen. If an organization can prove they practiced due care, they are less likely to be found liable for the incident.

Answer 120

A

B. When discarding office documentation, be sure to place it in a trash can

Explanation:
When discarding office documentation, do not merely put it in the trash, but ensure it is discarded in a secure manner.

Whether you are talking in person, through email, or on the phone, always request proof of identity. Sensitive information should never be given over the phone unless it is a secure phone. Never give out a password over the phone for any reason.

Answer 121

A

B. Transposition

Explanation:
In cryptography, Diffusion is introduced using Transposition. Diffusion means that if a single change in the plaintext occurs, multiple ciphertext changes will also occur. Transposition is the rearrangement of data.

Answer 122

A

C. MAC

Explanation:
A system that employs Mandatory Access Control (MAC) uses classifications and labels to define user access. Every resource is classified with a label, and users cannot access resources unless they have an equal or greater clearance level. MAC is widely used in government and military environments.

Discretionary Access Control (DAC) allows the Data Owner to control and define access to objects. Role-Based Access Control (RBAC) maps a subject’s role with their needed operations and tasks. Attribute-Based Access Control (ABAC) makes decisions based on attributes for either the subject, object, or actions.

Answer 123

A

D. Integrity

Explanation:
Organizations are responsible for maintaining the reliability of data by ensuring that only authorized users can modify it. Integrity is the protection of data from modification by any party without proper authorization.

Privacy and confidentiality refer to keeping data away from unauthorized eyes but doesn’t specifically protect the data from alteration. Nonrepudiation is preventing the denial of truth or validity of something and is irrelevant to this question.

Answer 124

A

C. Vulnerability scan report

Explanation:
Vulnerability scanning can help discover systems that still require patching. Vulnerability scans should be performed periodically on production environments.

Answer 125

A

B. Private

Explanation:
The Personally Identifiable Information (PII) of a nongovernmental organization’s employees would most likely be classified as Private, because an improper disclosure could seriously impact the organization.

Unclassified and Secret are classifications used primarily in military and government organizations, while Public is a classification used in nongovernmental organizations to describe data with no disclosure impact.

Answer 126

A

A. TCP 1433-1434

Explanation:
Microsoft SQL Server operates on transmission control protocol (TCP) ports 1433 and 1434.

HTTPS runs on TCP port 443. Telnet runs on TCP port 23. SNMP runs on UDP ports 161-162.

Answer 127

A

A. Global rules are applied to all users equally

Explanation:
A rule-based access control model uses global rules applied to all users and other subjects equally. It does not apply rules locally or to individual users. Firewalls include a set of rules or filters called access control lists (ACLs), defined by an administrator. The firewall examines all traffic and only allows traffic that meets one of the specified rules. The final rule is generally a “deny all,” meaning that any remaining traffic that did not meet previous rules will be denied.

Answer 128

A

A. Failure of CEO’s laptop

Explanation:
A Business Continuity Plan (BCP) helps to prepare an organization for various disasters. While the failure of the CEO’s laptop might seem like a disaster at the time, a BCP is generally intended for more serious disasters of a longer duration.

Answer 129

A

D. A security guard

Explanation:
Of the following options, a security guard is the best control at preventing piggybacking or tailgating. Piggybacking is an access abuse method where one person follows an authorized person into an entrance without swiping their access badge. Even legitimate employees piggyback on other employees. A security guard can help control this type of access abuse.

Answer 130

A

A. Common Criteria

Explanation:
The U.S. Department of Defense-developed Trusted Computer System Evaluation Criteria (TCSEC), and the European Union-developed Information Technology Security Evaluation Criteria (ITSEC) were replaced with Common Criteria. Common Criteria is published as ISO Standard 15408. It was developed as a standard for evaluating information technology products. Common Criteria has seven levels.

EAL1 – Functionally tested
EAL2 – Structurally tested
EAL3 – Methodically tested and checked
EAL4 – Methodically designed, tested and reviewed
EAL5 – Semiformally designed and tested
EAL6 – Semiformally verified designed and tested
EAL7 – Formally verified design and tested

Answer 131

A

B. Achieve or maintain elevated privileges

Explanation:
A rootkit is used to achieve or maintain elevated privileges on a victim’s host. Rootkits frequently masquerade as system-level services to help remain undetected. Rootkits often have kernel-level access and are very difficult to detect or remove.

Answer 132

A

A. Full

Explanation:
“Full” is not a status that is outputted by a Network Mapper (Nmap) scan. The following are the outputs of a Nmap scan:

Open: Port is open and accepting connections
Closed: Port is accessible but not accepting connections
Filtered: Unable to determine if the port is open or closed due to a firewall

Answer 133

A

C. Wave pattern

Explanation:
Wave pattern motion detectors send an ultrasonic or high-frequency microwave to a specific secured area. The pattern is consistent when no object is present. When an object is present, it disrupts the wave pattern and triggers an alarm.

Answer 134

A

A. Access aggregation

Explanation:
Access aggregation happens when you combine multiple pieces of information at a lower classification level and infer information at a higher classification. This is part of the reconnaissance step in the cyber kill chain.

Answer 135

A

C. LDAP

Explanation:
A directory service is a centralized database that includes information about subjects and objects. Many directory services are based on the Lightweight Directory Access Protocol (LDAP), such as Microsoft’s Active Directory Domain Services.

Answer 136

A

D. 128 bits

Explanation:
Twofish has a fixed block size of 128 bits. It is a symmetric-key block cipher that was a finalist in the Advanced Encryption Standard (AES) contest. It has since been placed in the public domain. Twofish is related to the earlier Blowfish algorithm. Twofish employs 16 rounds of encryption with variable key lengths up to 256 bits.

Answer 137

A

D. Ring 3

Explanation:
User applications reside in Ring 3, the least secure and trusted of the rings.

Applications (3)
Hardware Drivers (2)
Operating System (1)
Kernel (0)

As protection layer numbers decrease, a higher level of security is required.

Answer 138

A

C. Trusted computing base

Explanation:
The trusted computing base is the total combination of protection mechanisms for a computer system, including hardware, software, and firmware. These components work together to form a trusted environment that enforces security by controlling access to critical data and processes.

Answer 139

A

C. Preventative

Explanation:
An access control’s purpose is to prevent unauthorized access. When corrective, recovery, or restoration mechanisms are needed, it is usually due to the access control system’s failure to prevent damaging intrusion.

Access control systems include preventative, detective, and corrective measures. Corrective is incorrect because corrective controls are used for remedying violations and incidents. Recovery controls is incorrect because recovery controls are used for restoring systems after an incident has occurred. Restoration is incorrect because it is not an access control category or type.

Answer 140

A

C. Type 3

Explanation:
Type 3 authentication is “something you are.” An example of a type 3 factor is a fingerprint or palm vein scan. All authentication factors have weaknesses and should be combined to create multi-factor authentication (MFA).

Type 1 is “something you know,” like a password, which is not as secure as a fingerprint. Type 2 is “something you have,” like a smartcard or security token, which is not considered as secure as a fingerprint. There is no type 4 factor.

Answer 141

A

D. Business Continuity Plan

Explanation:
A Business Continuity Plan (BCP) deals with both preparing for a disaster and aiding after a disaster has occurred. The primary goal of a BCP is to reduce disaster-related risks to an acceptable level. A BCP is broader than a Disaster Recovery Plan (DRP) and is focused on the business as a whole, not just IT equipment.

Disaster Recovery Plan (DRP) is incorrect because it is a short-term plan designed to get systems back online as fast as possible.

Disaster Continuity Plan and Business Recovery Plan are both fictitious terms.

Answer 142

A

B. Fuzz testing

Explanation:
Fuzz testing is a technique used to find flaws or vulnerabilities by sending randomly generated or specially crafted inputs into the software. There are two types of fuzzers: mutation (dumb) fuzzers and generational (Intelligent) fuzzers. Mutation fuzzers mutate input to create fuzzed input. Generational fuzzers create fuzzed input based on what type of program is being fuzzed.

Static testing is incorrect because it tests the security of software without executing the software. Interface testing is incorrect because it tests the outward-facing part of the software with which a user interacts. Limit testing is a fabricated term.

Answer 143

A

B. Compartmentalized environment

Explanation:
In a compartmentalized environment, there is no relationship between one security domain and another. Each domain represents a separate isolated compartment. To gain access to an object, the subject must have specific clearance for each security domain. For example, a general may have access to Top Secret information about troop movements but not Top Secret information about nuclear missile construction.

Brainscape's Knowledge GenomeTM

Pocket Prep Flashcards

Brainscape's Knowledge Genome^TM