Pocket Prep Flashcards
Which of the following BEST describes CCTV?
A. A terminal server used access by a thin client
B. A real time protocol encryption algorithm
C. The command and control traffic of a transient virus
D. Internal security camera system
D. Internal security camera system
Explanation:
Internal security camera system
CCTV stands for closed-circuit television. It’s more commonly referred to as security cameras and is used for physical security. CCTV is used in data centers for security monitoring or in the workplace to protect against theft and vandalism.
An attacker attempts to break into a building by cutting the padlock off the roof’s access hatch but is unable to access anything because the door leading to the hatch is locked from the inside. This event is BEST described as what?
A. A violation of policy
B. Security failure
C. Data breach
D. Security incident
D. Security incident
Explanation:
A security incident is any event that negatively impacts an organization’s security posture or may lead to the eventual disclosure of sensitive information. This term is sometimes used synonymously with data breach; however, a data breach is an event that results in the disclosure of sensitive information. All data breaches are security incidents, but not all security incidents are data breaches.
An organization must consider all possible weaknesses and potential attack points when designing an information security program. Of the following, what BEST describes the process of identifying, understanding, and categorizing potential threats?
A. Asset valuation
B. Threat modeling
C. Business impact analysis
D. Vulnerability analysis
B. Threat modeling
Explanation:
In order to ensure the highest level of security, organizations must identify possible threats to the organization’s systems. This is done through threat modeling. Threat modeling refers to the process of identifying, understanding, and categorizing potential threats. The goal of threat modeling is to identify a potential list of threats and analyze those threats.
When an organization chooses to spend resources to reduce risk to an acceptable level, what response has the organization chosen?
A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk deterrence
A. Risk mitigation
Explanation:
Risk mitigation is when the risk is reduced to an acceptable level aligned with the organization’s risk appetite. It is never possible to eliminate all risk. When risk mitigation is more expensive than if the risk is realized, an organization should either document and accept the risk or rethink their mitigation strategy.
When mapping the Open Systems Interconnection (OSI) model layers to the Transmission Control Protocol/Internet Protocol (TCP/IP) model, what is the Network layer’s equivalent in the TCP/IP model?
A. The Internet layer
B. The Link layer
C. The Transport layer
D. The Application layer
A. The Internet layer
Explanation:
The Network layer in the Open Systems Interconnection (OSI) model is called the Internet layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model.
The Internet layer is the second layer of the TCP/IP model and is represented in descending sequence as the second layer from the bottom. Internet Protocol (IP) contains addressing information that enables packets to be routed. Internet protocol (IP) is part of the TCP/IP model. The TCP/IP model and the OSI model differ because the TCP/IP model consists of only four layers rather than seven. The four TCP/IP model layers are Network Access or Link, Internet, Transport, and Application.
Of the following, which BEST describes The Open Group Architecture Framework (TOGAF)?
A. An open standard used to maintain compatibility between different software types
B. A series of controls that an organization must meet to maintain compliance with various regulations
C. An enterprise architecture development methodology
D. A framework used to develop a security program within an organization
C. An enterprise architecture development methodology
Explanation:
The Open Group Architecture Framework (TOGAF) is a standard that helps organizations design, plan, implement, and govern information technology architecture. TOGAF uses the Architecture Development Method (ADM) to create architectures for business, data, applications, and technology.
Access control addresses the relationship between subjects and objects. Of the following, which is TRUE about a subject?
A. It is an active entity that interacts with passive objects
B. It is always an individual user account
C. It is a passive entity that provides information to the active entity
D. It can modify objects without authorization
A. It is an active entity that interacts with passive objects
Explanation:
By most definitions, a subject is an active entity on a system. This is anything that is actively interacting with the system, including users, processes, or automated programs. Access control regulates access between subjects and objects. An objects is a passive entity that provides information.
What encryption type supports the ability to perform computations on its encrypted data fields that yield accurate computational results when the resulting output is decrypted?
A. Homomorphic
B. MD5
C. Metamorphic
D. Polymorphic
A. Homomorphic
Explanation:
Homomorphic encryption is a unique type of encryption which supports the ability to perform computations on its encrypted data fields. When the resulting output is decrypted, it will yield accurate computational results that are identical to what would’ve been obtained if the same computations had been performed on the unencrypted data.
Polymorphic and metamorphic refer to self-modifying virus types, while MD5 refers to a deprecated but common hash function.
A cipher lock uses which of the following?
A.Keypad
B. Key token
C. Physical key
D. Encrypted keys
A.Keypad
Explanation:
A cipher lock is characterized by a keypad, requiring a specific numerical sequence on the keypad to unlock an entrance. Keypads are used in data centers or even within restricted areas to add an extra level of security.
Using the Open Systems Interconnection (OSI) model, which layer is the Data Link layer?
A. 1
B. 2
C. 3
D. 4
B. 2
Explanation:
The Data Link layer is the second layer and is represented in descending sequence as the second-lowest layer. Data is passed from the highest layer (application; layer 7) downward through each layer to the lowest layer. The seven layers include the following:
Application (Layer 7) Presentation (Layer 6) Session (Layer 5) Transport (Layer 4) Network (Layer 3) Data Link (Layer 2) Physical (Layer 1)
Which of the following file content types could be compromised by a rainbow table?
A. Memory dumps
B. Account permissions
C. System logs
D. Hashed passwords
D. Hashed passwords
Explanation:
A rainbow table contains precomputed hash values that correlate to possible password combinations, enabling an attacker in possession of a hashed password file to crack plaintext passwords. Rainbow tables can be defeated through the use of cryptographic salts, which add a random value to the end of each password before it is hashed.
Account permissions, system logs, and memory dumps would not be compromised by a rainbow table.
Reviewing recorded events from a CCTV is an example of what kind of security control?
A. Deterrent
B. Detective
C. Corrective
D. Recovery
B. Detective
Explanation:
Detective controls identify security violations after they have occurred, or they provide information about the violation as part of an investigation. An intrusion detection system is a technical detective control, and a motion detector is a physical detective control. Note that both an intrusion detection system and a motion detector include the word “detect,” which is a good clue. Reviewing logs or an audit trail after an incident is an administrative detective control. Use of the CCTV itself is a preventative measure, but reviewing the footage captured on CCTV is primarily for detection purposes, and it is categorized as a “detective device” in the physical security classification. CCTV cameras are standard security measures to deter theft and capture any threats in action.
Deterrent controls attempt to discourage someone from taking a specific action. A high fence with lights at night is a physical deterrent control. A strict security policy stating severe consequences for employees if it is violated is an example of an administrative deterrent control. A proxy server that redirects a user to a warning page when a user attempts to access a restricted site is an example of a technical deterrent control.
Corrective controls attempt to modify the environment after an incident to return it to normal. Antivirus software that quarantines a virus is an example of a technical corrective control. A fire extinguisher is an example of a physical corrective control.
Recovery controls provide methods to recover from an incident.
An encrypted message is BEST called what?
A. Encryption output
B. Ciphertext
C. Plaintext
D. Cryptograph
B. Ciphertext
Explanation:
When a message is encrypted, it’s considered ciphertext. Ciphertext is the result of running encryption algorithms on a plaintext message, making it unreadable. Ciphertext must remain unreadable unless it is decrypted using the decryption key.
Using the Open Systems Interconnection (OSI) model, which layer contains the Network?
A. 1
B. 3
C. 2
D. 4
B. 3
Explanation:
The Network is in the third layer of the Open Systems Interconnection (OSI) model. The Network layer contains protocols like Internet Protocol (IP) and Internetwork Packet Exchange (IPX)
The seven layers in descending sequence are:
7) Application 6) Presentation 5) Session 4) Transport 3) Network 2) Data Link 1) Physical
What physical lock uses a keypad?
A. Disk detainer lock
B. Cipher lock
C. Tumbler lock
D. Warded lock
B. Cipher lock
Explanation:
A cipher lock is characterized by a keypad, requiring a specific numerical sequence on the keypad to unlock an entrance. Keypads are used in data centers or even within restricted areas to add an extra level of security
Which of the following is the MOST thorough and secure method of removing data from a hard drive with a spinning platter?
A. Irradiation
B. Erasing
C. Remanence
D. Destruction
D. Destruction
Explanation:
Destruction is the most thorough way to ensure data cannot be recovered, since it leaves the media and data unreadable and unrecoverable.
Erasing is one of the weakest ways to sanitize data, since it only breaks the link to the data, leaving the data easily recoverable. Remanence is not a sanitization method but is the data that is left over after sanitization. Irradiation may damage media, but will not destroy it.
The U.S. Department of Defense organizes its security classifications into which of the following?
A. Public, Confidential, Secret, Top Secret, and Sealed
B. Open, Closed, and Sealed
C. Open, Sensitive but Unclassified, Secret, and Top Secret
D. Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret
D. Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret
Explanation:
The U.S. Department of Defense organizes its security into five principal classes, including Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret. Individuals are then awarded classification levels based on this system to grant and restrict access. Access is given on a need-to-know basis.
Nora is a penetration tester who has been hired to assess an organization’s campus. She finds CAD drawings classified as Sensitive. She discovers that two of the drawings are for the same part and, when combined, should be classified as Confidential.
This process is MOST LIKELY known as what?
A. Aggregation
B. Deducing
C. Mining
D. Collection
A. Aggregation
Explanation:
When discussing classification labels, data aggregation means that data classified at a higher level can be inferred by combining data at a lower classification level.
Of the following alarms, which would be considered the MOST critical for a CISSP to ensure function properly?
A. Heartbeat alarms
B. Intrusion alarms
C. Fire alarms
D. Component failure alarms
C. Fire alarms
Explanation:
Fire alarms provide an audible sound if a fire is detected. Human safety is always considered the highest priority.
Intrusion alarms are incorrect because they do not ensure human safety as much as fire alarms do. Heartbeat alarms is incorrect because they monitor servers or security systems and do not impact human safety. Component failure alarms is incorrect because they monitor a server’s components like a power supply. They do not impact human safety.
Kerberos is an authentication protocol that employs the use of what?
A. Asymmetric encryption
B. Tickets
C. Tokens
D. Biometrics
B. Tickets
Explanation:
Kerberos uses a series of tickets to authenticate users/clients and provide access to network resources. Using Kerberos, clients obtain tickets from the key distribution center (KDC) and present these tickets to network resources when access requests are made. Kerberos uses symmetric encryption like the Advanced Encryption Standard (AES) to secure and verify the ticket’s authenticity.
Martina is testing a new application that her company is developing. She is trying a testing technique that posts thousands of different inputs into the software to determine its limits and potential flaws. What form of testing is this?
A. Fuzz testing
B. Interface testing
C. Misuse case testing
D. Static testing
A. Fuzz testing
Explanation:
Fuzz testing is a technique used to find flaws or vulnerabilities by sending randomly generated or specially crafted inputs into the software. There are two types of fuzzers: mutation (dumb) fuzzers, and generational (Intelligent) fuzzers. Mutation fuzzers mutate input to create fuzzed input. Generational fuzzers create fuzzed input based on what type of program is being fuzzed.
When using a Redundant Array of Independent Disks (RAID), which RAID level will always reduce your raw capacity by 50%?
A. 1
B. 0
C. 5
D. 6
A. 1
Explanation:
RAID-1 is also known as mirroring. Data is written to two drives at once. If one drive fails, the other drive still has all the data. RAID-1 requires that you lose 50% of your total raw storage.
RAID levels:
RAID-0 - Data is striped between a set of drives without parity. This increases your risk of data loss. If one drive fails, the entire RAID will fail; however, it increases your usable storage and writes speed. RAID-1 - Data is mirrored between two identical drives. This provides redundancy. However, your usable storage is reduced by 50% of your total storage. RAID-5 - Data is striped between a set of drives, but parity is also written to each drive. This allows for a single drive to fail without causing the RAID to fail. This provides redundancy, but your usable storage is reduced by one drive worth of storage. RAID-6 - Similar to RAID-5, however, two sets of parity are written to each drive. This allows for two drives to fail without causing the RAID to fail. This provides redundancy, but your usable storage is reduced by two drives worth of storage.
When a risk is considered more costly to address than to allow it to be realized, what type of response should be chosen?
A. Risk deterrence
B. Risk transfer
C. Risk avoidance
D. Risk acceptance
D. Risk acceptance
Explanation:
When risk mitigation is more expensive than if the risk is realized, an organization should document and accept the risk or rethink their mitigation strategy. Risk acceptance does not mean choosing to ignore the risk but, rather, concluding that doing something about the risk is more costly than the risk itself.
Which phase of patch management will MOST LIKELY use the change management process?
A. Patch deployment
B. Patch approval
C. Patch evaluation
D. Patch testing
B. Patch approval
Explanation:
Patch approval uses the change management process once patches are tested and approved for deployment. The approval process ensures that all affected organizations are aware of the changes and possible performance issues due to changes.
Which type of network discovery scan opens a full connection with a remote system on a specific port?
A. Xmas scan
B. TCP SYN scan
C. TCP connect scan
D. TCP ACK scan
C. TCP connect scan
Explanation:
Transmission control protocol (TCP) connect scanning opens a full connection, meaning that the scanner replies with an ACK to complete the TCP three-way handshake. This type of scan is usually selected when the user does not have privileges to run half-open scans.
TCP SYN scan is incorrect because it is a half-open scan and only sends a packet with the SYN flag set. TCP ACK scan is incorrect because it is also a half-open scan and only sends a packet with the ACK flag set. Xmas scan is incorrect because it does not open a full connection and, instead, sends a packet with the FIN, PSH, and URG flags set.
Which of the following is NOT a valid database key?
A. Candidate key
B. Foreign key
C. Record key
D. Primary key
C. Record key
Explanation:
The following are keys that you will find in a database:
Candidate key - This key can be used to identify any record. Primary key - This key is a unique value for each tuple in a table. Foreign key - This key is a value that references the primary key of a tuple in a different table.
Record key is a fabricated term.
Which of the following components of a computer is MOST LIKELY to make calculations using logic gates?
A. Registers
B. Arithmetic logic unit (ALU)
C. Random Access Memory (RAM)
D. Central processing unit (CPU)
B. Arithmetic logic unit (ALU)
Explanation:
The arithmetic logic unit (ALU) is a series of physical circuits that perform bitwise operations on binary numbers. The circuits are built using logic gates made from transistors.
Central processing unit (CPU) is incorrect because it is made up of the ALU and registers. Registers is incorrect because they are temporary storage for instruction sets to be processed by the ALU. Random Access Memory (RAM) is incorrect because it stores application instructions and outputs from the CPU/ALU.
According to the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which layer is the Internet layer?
A. 2
B. 3
C. 1
D. 4
A. 2
Explanation:
The Internet layer is the second layer of the TCP/IP model and is represented in descending sequence as the second layer from the bottom. Internet Protocol (IP) contains addressing information that enables packets to be routed and is part of the TCP/IP model. The TCP/IP model and the OSI model differ because the TCP/IP model consists of only four layers rather than seven. The four TCP/IP model layers are Network Access or Link, Internet, Transport, and Application.
Tina is an accountant for a financial institution and has been committing fraud for years by secretly skimming money from unused budgets. Of the following, what detective control could Tina’s organization have implemented to discover her fraud?
A. Split knowledge
B. Mandatory vacations
C. M of N control
D. Separation of duties
B. Mandatory vacations
Explanation:
Mandatory vacations are used to detect fraud within an organization. Employees who commit fraud often do not take vacations to minimize other employees’ chances of discovering their fraud. Mandatory vacation length is recommended for a minimum of two weeks to be considered effective.
Separation of duties, split knowledge, and M of N control are incorrect because they are preventative controls.
Without using a hypervisor, a word processor wanting to save a file would need to access which CPU ring?
A. Ring 0
B. Ring 3
C. Ring 1
D. Ring 2
B. Ring 3
Explanation:
User applications, including word processors, reside in Ring 3, the least secure and trusted of the rings.
Applications (3) Hardware Drivers (2) Operating System (1) Kernel (0)
As protection layer numbers decrease, a higher level of security is required.
A brute-force attack has a virtually 100% success rate; it just depends on the time it takes to guess a password. Of the following, which BEST helps to prevent brute-force attacks?
A. Lockout policy on user accounts
B. Storing passwords using a SHA-3 hash
C. Salting passwords
D. Password encryption
A. Lockout policy on user accounts
Explanation:
Account lockout controls help prevent brute-force attacks. They lock the account for a period of time after incorrect passwords are entered too many times. Account lockouts typically use clipping levels that ignore some user errors but take action after a threshold is reached.
Of the following, which entity is statistically MOST LIKELY to be a cybersecurity threat?
A. An outside hacker
B. A government
C. A rival organization
D. A disgruntled employee
D. A disgruntled employee
Explanation:
Most industries agree that one of the most significant threats a company faces is from its own employees. For this reason, companies should employ principles like segregation of duties, split knowledge, and least privileged.
Of the following, what protocol is used with IPsec?
A. EAP
B. CHAP
C. IKE
D. TLS
C. IKE
Explanation:
Internet key exchange (IKE) is used to negotiate parameters and ultimately establish security associations (SAs) for IPsec. IKE operates in two phases.
Phase 1: Negotiates a single bi-directional SA by exchanging a generated secret key using the Diffie-Hellman key exchange. Phase 2: Negotiates unidirectional SAs using the SA established during phase 1.
Which of the following is NOT protected by a trademark?
A. Recipe
B. Phrase
C. Slogans
D. Logos
A. Recipe
Explanation:
Trademarks protect brand identity, including slogans, logos, phrases, or combinations that represent the company or brand identity. A recipe cannot be trademarked and would be protected under trade secret law.
This type of control is used to verify a communication pathway is active by periodically or continuously checking it with a signal and can be used to prevent intruders from circumventing an alarm system, or it can trigger a high availability (HA) event:
A. A heartbeat sensor
B. A keep-alive sensor
C. A tamper sensor
D. A syslog aggregator
A. A heartbeat sensor
Explanation:
The heartbeat sensor is used as a communication pathway that tests a target’s signal periodically. It provides monitoring for connections to servers or security systems. For instance, if the door lock cable is cut, the test signal will fail, and personnel is alerted to the issue. Heartbeat sensors are also used to trigger high availability (HA) events on servers or network equipment. For example, if a server detects that its neighbor is no longer active, it will take over and provide failover.
Access control addresses the relationship between subjects and objects. Of the following, which is TRUE about objects?
A. They are active entities that provide information to a passive entity
B. They are passive entities that provide information
C. When authorized, they can modify entities
D. They are active entities that access a passive entity
B. They are passive entities that provide information
Explanation:
An object is a passive entity that provides information to active subjects. Some examples of objects include files, databases, computers, programs, processes, printers, and storage media.
Which of the following is LEAST LIKELY to be the audience of a security audit report?
A. Third parties
B. Board of directors
C. Government regulators
D. Functional management
D. Functional management
Explanation:
Unlike security assessments, security audits are generally performed by an external group to prevent conflicts of interest. The audience of a security audit report would be people outside of the company’s day-to-day operations, such as the board of directors, government regulators, or third parties.
When discussing multi-factor authentication (MFA), what method uses something you know and something you have?
A. One-time pad
B. Retina Scans
C. Public key infrastructure (PKI)
D. Smart cards
D. Smart cards
Explanation:
Smart cards are credit card-sized devices that contain a microprocessor. The smart card typically contains an encrypted private key issued through a public key infrastructure (PKI) system that the authenticating environment trusts. When the smart card is inserted into a reader, the user must enter a PIN before the smart card releases the private key. Smart cards used by the U.S. government are known as common access cards (CACs). The “something you know” is the PIN. The “something you have” is the smart card.
Retina scans is incorrect because it’s something you are. One-time pad is incorrect because it is not a form of multi-factor authentication (MFA); it is an encryption technique. Public key infrastructure (PKI) is incorrect because it is not a standalone MFA method.
According to the Open Systems Interconnection (OSI) model, which layer is the Application layer?
A. 6
B. 5
C. 7
D. 8
C. 7
Explanation:
The Application layer is the seventh layer of the Open Systems Interconnection (OSI) model and is represented in descending sequence as the topmost layer. The Application layer is the graphical presentation and interface between the device and the user. Examples of Application layer protocols include HTTP, FTP, SMTP, and SNMP.
Certain characters within website form inputs (e.g., ‘) are being converted into their HTML character entity reference equivalents (e.g., &apos), prior to processing. What web application security technique is being applied?
A. Output encoding
B. Input validation
C. Cross-site scripting
D. Request forgery
A. Output encoding
Explanation:
The conversion of certain characters within website form inputs (e.g., ‘) into their HTML character entity reference equivalents (e.g., &apos) prior to processing is an example of output encoding. Output encoding is an application security technique used to ensure that certain characters within form inputs are processed as data and not potentially misinterpreted as programming syntax (which could be used to inject malicious code, if processed).
Input validation is an application security technique used to ensure that actual input is aligned to the input expected for a particular field, before it is processed. Such validation does not just consider field type (e.g., that a date field follows the structure and format of a date mm-dd-yyyy) but also field data (e.g., the lack of strings such as “1=1” and “
", which could be used to inject malicious code, if processed). Cross-site scripting and request forgery are both types of web application attacks that can result from weak output encoding and/or input validation.
Raul is reviewing one of the new services that his company is looking to deploy next month. He is concerned that the fields on the website that interact with the database might be vulnerable to a Structured Query Language (SQL) injection attack.
Which of the following would he use to determine if there is an SQL vulnerability?
A. Network vulnerability scanner
B. Network discovery scanner
C. Port scanner
D. Web vulnerability scanner
D. Web vulnerability scanner
Explanation:
Web vulnerability scanners are special-purpose tools that scour web applications for known vulnerabilities. Attackers often try to exploit the complexity of websites through attacks like Structured Query Language (SQL) injection in order to further their goals.
A legal document used to protect an organization’s sensitive information and signed by its employees is MOST LIKELY called what?
A. Terms and conditions
B. Noncompete agreement
C. Nondisclosure agreement
D. Work commencement
C. Nondisclosure agreement
Explanation:
Organizations often require a nondisclosure agreement (NDA) to be signed by an employee prior to giving them access to sensitive information. The nondisclosure agreement reinforces trust between the organization and the employee. The nondisclosure agreement ensures that confidential materials and ideas used by the organization are not disclosed to third parties without consent.
Effective incident response management is handled in several steps or phases. Which of the following is performed just after the “detection” phase after an incident has occurred?
A. Reporting
B. Mitigation
C. Recovery
D. Response
D. Response
Explanation:
Effective incident response management is handled in several steps or phases. There are seven steps outlined in the CISSP CIB:
Detection Response Mitigation Reporting Recovery Remediation Lessons learned
Barbed wire adds what to a perimeter defense?
A. Detection
B. Ownership
C. Deterrence
D. ccess control
C. Deterrence
Explanation:
The threat of harm from barbs on the wire is considered a deterrent to bypassing the perimeter. Fences should be at least eight feet tall with barbed wire at the top for adequate deterrence.
The IDEAL software development model has how many phases?
A. 5
B. 8
C. 7
D. 9
A. 5
Explanation:
The IDEAL software development model has 5 phases. The phases are as follows:
Initiating Diagnosing Establishing Acting Learning
Brandon is a disgruntled employee who decides he will build a back door into an in-house developed piece of software. A few months later, Brandon’s employment is terminated, and he decides to attack the organization using the back door he built. Brandon’s former employer hires a forensic team to investigate the origin of the attack. They identify the in-house developed application, but there is no record of how the back door was introduced.
Of the following, what technique or control would have MOST LIKELY allowed Brandon’s former employer to identify Brandon as the person who introduced the back door?
A. Split knowledge controls
B. Configuration change management
C. External connection monitoring
D. Versioning
D. Versioning
Explanation:
Code versioning forces developers to document each revision or change in a codebase. All changes are tracked and saved. Organizations should use code versioning to review changes made to code or roll changes back if needed. Common examples of code version control software are GIT and SVN.
Jennifer receives a document with the word “CONFIDENTIAL” stamped on it. Of the following, what BEST describes the process of stamping the document?
A. Media Categorization
B. Marking/Labeling
C. Data Normalization
D. Data Classification
B. Marking/Labeling
Explanation:
Marking and Labeling is when the classification level is physically added to the document or media. Marking helps ensure individuals protect information and media while in their position.
Classification is incorrect because it is the process of defining the sensitivity of the media. Data Normalization and Media Categorization are not applicable in this scenario.
When discussing risk analysis, which of the following is the likelihood of an exploit?
A. Threat
B. Vulnerability
C. Risk
D. Safeguard
C. Risk
Explanation:
When quantifying risk, it can be defined as the possibility or likelihood that a vulnerability will be exploited.
Risk is viewed as the possibility that something could happen to damage, destroy, or disclose data or other resources. Risk assessment and management are used to reduce risk. Before any security policies are made, risk must always be defined and assessed within the organization.
Which form of evidence is offered by witnesses who give oral testimony based on their observation of a crime?
A. Conclusive evidence
B. Corroborative evidence
C. Direct evidence
D. Circumstantial evidence
C. Direct evidence
Explanation:
Direct evidence may come from witnesses who give oral testimony based on their observations. Direct evidence cannot be hearsay, which is second-hand testimony.
Conclusive evidence is incorrect because it is irrefutable and cannot be contradicted. Circumstantial evidence is incorrect because it can prove an intermediate fact used to assume another fact. Corroborative evidence is incorrect because it is used to prove an idea or point that cannot stand on its own.
The only cryptography known to be impossible to crack, when correctly implemented, is known as what?
A. One-time pad
B. Vigenère cipher
C. Quantum encryption
D. Elliptic curve
A. One-time pad
Explanation:
Gilbert Vernam invented the one-time pad (OTP) in 1917. One-time pad requires a completely random key that is the same length as the message. Each bit of the message and the key are exclusive-OR (XOR) together. The resulting ciphertext is considered unbreakable as long as the key remains secure. For a one-time pad to be implemented correctly, keys cannot be reused and must truly be random.
One-Time pad requirements:
Keys must be genuinely random values Keys can only be used one time Keys must be exchanged securely The sender and receiver must keep the keys secure The key must be the same length as the message.
Quantum encryption is incorrect because it is different from traditional cryptographic systems in that it relies more on physics than classical mathematics and may be cracked. Elliptic curve is incorrect because it is a form of cryptography based on the algebraic structure of elliptic curves and can be broken. Vigenère cipher was developed in France in 1553 and uses Caesar ciphers with different shift values. A keyword is used to create the shift values.
Performing software audit trails establishes what?
A. Accountability
B. Confidentiality
C. Integrity
D. Authorization
A. Accountability
Explanation:
Software audit trails keep track of user activities and provide accountability to the user base. Audit trails are especially important for software that contains sensitive data. For instance, they are required by the Health Insurance Portability and Accountability Act (HIPAA) to audit who has access to patient data and when the data was accessed.
From the perspective of cybersecurity, which of the following is the BEST motivation to create system images and baselines?
A. Create a uniformed naming convention
B. Central inventory management
C. System hardening
D. Decrease the time needed to deploy new systems
C. System hardening
Explanation:
System hardening reduces the overall risk of a system by removing unnecessary software and implementing best security practices. Once a secure baseline has been established on a particular system, administrators can capture the system’s state, called an “image”, and deploy it to other systems. This process is known as “imaging.” Imaging can be used to decrease the time needed to deploy new systems. However, the best motivation is to ensure that all systems are deployed with a hardened image.
What is the term for testing the security of a piece of software without executing the software?
A. Dynamic testing
B. Initial testing
C. Static testing
D. Still testing
C. Static testing
Explanation:
Static testing tests the security of software without executing the software. This type of test reviews the source code or the compiled application.
Dynamic testing is incorrect because this type of test evaluates the security of software while the software is executing. Initial testing and still testing are fabricated terms.
Martina works in quality assurance and can only access resources and perform tasks that are directly related to her job role. What type of access control model does Martina’s organization MOST LIKELY use?
A. UAC
B. MAC
C . DAC
D. RBAC
D. RBAC
Explanation:
A system that employs Role-Based Access Control (RBAC) maps a subject’s role with their needed operations and tasks. Users are assigned to roles and not resources.
Mandatory Access Control (MAC) uses classification and labels to define user access. Discretionary Access Control (DAC) allows the Data Owner to control and define access to objects. UAC is not an access control model.
Which of the following refers to the practice of registering common misspellings or variations of a domain name?
A. Vishing
B. Clickjacking
C. Baiting
D. Typosquatting
D. Typosquatting
Explanation:The practice of registering common misspellings or variations of a domain name (e.g. facebok.com, apples.com) is referred to as typosquatting. Such registrations typically direct traffic to destinations that advantage the squatter, rather than to the domain originally intended.
Clickjacking occurs when the user interface of a website is manipulated to misdirect intended click-throughs. Vishing refers to voice-based (rather than email-based) phishing. Baiting refers to the practice of leaving compromised portable media in a public location in a manner that entices its use from a secure, nonpublic location (for example, leaving an infected USB drive labelled “staff salaries” in the lobby of an office building).
Which of the following terms refers to the technique of adding a term or phrase to the header of a communication to enhance its effectiveness as a social engineering attack?
A. Shoulder surfing
B. Smishing
C. Prepending
D. Baiting
C. Prepending
Explanation:
Prepending refers to the technique of adding a term or phrase to the header of a communication to enhance its effectiveness as a social engineering attack. Prepending is commonly employed in phishing e-mails. Examples include spoofed subject tags such as “RE:” or “[INTERNAL]” to support pretexts, or spoofed header tags in the content body (e.g., “X-SPAM-STATUS: NO”) to trick spam filters.
Smishing refers to a phishing attack that is attempted or executed over SMS (Short Message Service) text messaging. Shoulder surfing refers to the technique of obtaining privileged information through observation from a position of proximity (e.g., watching a password or PIN being typed through an office window, reading the laptop display of someone adjacently seated on an airplane). Baiting refers to the practice of leaving compromised portable media in a public location in a manner that entices its use from a secure, nonpublic location (for example, leaving an infected USB drive labelled “staff salaries” in the lobby of an office building).
Data on media should be erased when it is no longer required. Of the following, what is the BEST method to ensure sensitive data cannot be recovered from magnetic media?
A. Overwriting
B. Deleting
C. Degaussing
D. Re-formatting the media
C. Degaussing
Explanation:
A degausser creates a magnetic field that realigns the magnetic fields on media. It’s one way to remove data remanence on media such as a hard drive or tape drive. It is very difficult to recover data from media if it has been correctly degaussed. Degaussing is only effective on magnetic media, so it can’t be used on media such as DVD or CD discs.
Deleting is incorrect because it does not remove the data from the media; it only removes the record from the data’s file system. Re-formatting the media is incorrect because it does not adequately overwrite the data and may still be recoverable. Overwriting is incorrect because unless it has been overwritten multiple times, the data can still be recovered.