Pocket Prep Flashcards

1
Q

Which of the following BEST describes CCTV?

A. A terminal server used access by a thin client
B. A real time protocol encryption algorithm
C. The command and control traffic of a transient virus
D. Internal security camera system

A

D. Internal security camera system

Explanation:
Internal security camera system

CCTV stands for closed-circuit television. It’s more commonly referred to as security cameras and is used for physical security. CCTV is used in data centers for security monitoring or in the workplace to protect against theft and vandalism.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An attacker attempts to break into a building by cutting the padlock off the roof’s access hatch but is unable to access anything because the door leading to the hatch is locked from the inside. This event is BEST described as what?

A. A violation of policy
B. Security failure
C. Data breach
D. Security incident

A

D. Security incident

Explanation:
A security incident is any event that negatively impacts an organization’s security posture or may lead to the eventual disclosure of sensitive information. This term is sometimes used synonymously with data breach; however, a data breach is an event that results in the disclosure of sensitive information. All data breaches are security incidents, but not all security incidents are data breaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An organization must consider all possible weaknesses and potential attack points when designing an information security program. Of the following, what BEST describes the process of identifying, understanding, and categorizing potential threats?

A. Asset valuation
B. Threat modeling
C. Business impact analysis
D. Vulnerability analysis

A

B. Threat modeling

Explanation:
In order to ensure the highest level of security, organizations must identify possible threats to the organization’s systems. This is done through threat modeling. Threat modeling refers to the process of identifying, understanding, and categorizing potential threats. The goal of threat modeling is to identify a potential list of threats and analyze those threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When an organization chooses to spend resources to reduce risk to an acceptable level, what response has the organization chosen?

A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk deterrence

A

A. Risk mitigation

Explanation:
Risk mitigation is when the risk is reduced to an acceptable level aligned with the organization’s risk appetite. It is never possible to eliminate all risk. When risk mitigation is more expensive than if the risk is realized, an organization should either document and accept the risk or rethink their mitigation strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

When mapping the Open Systems Interconnection (OSI) model layers to the Transmission Control Protocol/Internet Protocol (TCP/IP) model, what is the Network layer’s equivalent in the TCP/IP model?

A. The Internet layer
B. The Link layer
C. The Transport layer
D. The Application layer

A

A. The Internet layer

Explanation:
The Network layer in the Open Systems Interconnection (OSI) model is called the Internet layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model.

The Internet layer is the second layer of the TCP/IP model and is represented in descending sequence as the second layer from the bottom. Internet Protocol (IP) contains addressing information that enables packets to be routed. Internet protocol (IP) is part of the TCP/IP model. The TCP/IP model and the OSI model differ because the TCP/IP model consists of only four layers rather than seven. The four TCP/IP model layers are Network Access or Link, Internet, Transport, and Application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Of the following, which BEST describes The Open Group Architecture Framework (TOGAF)?

A. An open standard used to maintain compatibility between different software types
B. A series of controls that an organization must meet to maintain compliance with various regulations
C. An enterprise architecture development methodology
D. A framework used to develop a security program within an organization

A

C. An enterprise architecture development methodology

Explanation:
The Open Group Architecture Framework (TOGAF) is a standard that helps organizations design, plan, implement, and govern information technology architecture. TOGAF uses the Architecture Development Method (ADM) to create architectures for business, data, applications, and technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access control addresses the relationship between subjects and objects. Of the following, which is TRUE about a subject?

A. It is an active entity that interacts with passive objects
B. It is always an individual user account
C. It is a passive entity that provides information to the active entity
D. It can modify objects without authorization

A

A. It is an active entity that interacts with passive objects

Explanation:
By most definitions, a subject is an active entity on a system. This is anything that is actively interacting with the system, including users, processes, or automated programs. Access control regulates access between subjects and objects. An objects is a passive entity that provides information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What encryption type supports the ability to perform computations on its encrypted data fields that yield accurate computational results when the resulting output is decrypted?

A. Homomorphic
B. MD5
C. Metamorphic
D. Polymorphic

A

A. Homomorphic

Explanation:
Homomorphic encryption is a unique type of encryption which supports the ability to perform computations on its encrypted data fields. When the resulting output is decrypted, it will yield accurate computational results that are identical to what would’ve been obtained if the same computations had been performed on the unencrypted data.

Polymorphic and metamorphic refer to self-modifying virus types, while MD5 refers to a deprecated but common hash function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A cipher lock uses which of the following?

A.Keypad
B. Key token
C. Physical key
D. Encrypted keys

A

A.Keypad

Explanation:
A cipher lock is characterized by a keypad, requiring a specific numerical sequence on the keypad to unlock an entrance. Keypads are used in data centers or even within restricted areas to add an extra level of security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Using the Open Systems Interconnection (OSI) model, which layer is the Data Link layer?

A. 1
B. 2
C. 3
D. 4

A

B. 2

Explanation:
The Data Link layer is the second layer and is represented in descending sequence as the second-lowest layer. Data is passed from the highest layer (application; layer 7) downward through each layer to the lowest layer. The seven layers include the following:

Application (Layer 7)
Presentation (Layer 6)
Session (Layer 5)
Transport (Layer 4)
Network (Layer 3)
Data Link (Layer 2)
Physical (Layer 1)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which of the following file content types could be compromised by a rainbow table?

A. Memory dumps
B. Account permissions
C. System logs
D. Hashed passwords

A

D. Hashed passwords

Explanation:
A rainbow table contains precomputed hash values that correlate to possible password combinations, enabling an attacker in possession of a hashed password file to crack plaintext passwords. Rainbow tables can be defeated through the use of cryptographic salts, which add a random value to the end of each password before it is hashed.

Account permissions, system logs, and memory dumps would not be compromised by a rainbow table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Reviewing recorded events from a CCTV is an example of what kind of security control?

A. Deterrent
B. Detective
C. Corrective
D. Recovery

A

B. Detective

Explanation:
Detective controls identify security violations after they have occurred, or they provide information about the violation as part of an investigation. An intrusion detection system is a technical detective control, and a motion detector is a physical detective control. Note that both an intrusion detection system and a motion detector include the word “detect,” which is a good clue. Reviewing logs or an audit trail after an incident is an administrative detective control. Use of the CCTV itself is a preventative measure, but reviewing the footage captured on CCTV is primarily for detection purposes, and it is categorized as a “detective device” in the physical security classification. CCTV cameras are standard security measures to deter theft and capture any threats in action.

Deterrent controls attempt to discourage someone from taking a specific action. A high fence with lights at night is a physical deterrent control. A strict security policy stating severe consequences for employees if it is violated is an example of an administrative deterrent control. A proxy server that redirects a user to a warning page when a user attempts to access a restricted site is an example of a technical deterrent control.

Corrective controls attempt to modify the environment after an incident to return it to normal. Antivirus software that quarantines a virus is an example of a technical corrective control. A fire extinguisher is an example of a physical corrective control.

Recovery controls provide methods to recover from an incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An encrypted message is BEST called what?

A. Encryption output
B. Ciphertext
C. Plaintext
D. Cryptograph

A

B. Ciphertext

Explanation:
When a message is encrypted, it’s considered ciphertext. Ciphertext is the result of running encryption algorithms on a plaintext message, making it unreadable. Ciphertext must remain unreadable unless it is decrypted using the decryption key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Using the Open Systems Interconnection (OSI) model, which layer contains the Network?

A. 1
B. 3
C. 2
D. 4

A

B. 3

Explanation:
The Network is in the third layer of the Open Systems Interconnection (OSI) model. The Network layer contains protocols like Internet Protocol (IP) and Internetwork Packet Exchange (IPX)

The seven layers in descending sequence are:

7) Application
6) Presentation
5) Session
4) Transport
3) Network
2) Data Link
1) Physical
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What physical lock uses a keypad?

A. Disk detainer lock
B. Cipher lock
C. Tumbler lock
D. Warded lock

A

B. Cipher lock

Explanation:
A cipher lock is characterized by a keypad, requiring a specific numerical sequence on the keypad to unlock an entrance. Keypads are used in data centers or even within restricted areas to add an extra level of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which of the following is the MOST thorough and secure method of removing data from a hard drive with a spinning platter?

A. Irradiation
B. Erasing
C. Remanence
D. Destruction

A

D. Destruction

Explanation:
Destruction is the most thorough way to ensure data cannot be recovered, since it leaves the media and data unreadable and unrecoverable.

Erasing is one of the weakest ways to sanitize data, since it only breaks the link to the data, leaving the data easily recoverable. Remanence is not a sanitization method but is the data that is left over after sanitization. Irradiation may damage media, but will not destroy it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

The U.S. Department of Defense organizes its security classifications into which of the following?

A. Public, Confidential, Secret, Top Secret, and Sealed
B. Open, Closed, and Sealed
C. Open, Sensitive but Unclassified, Secret, and Top Secret
D. Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret

A

D. Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret

Explanation:
The U.S. Department of Defense organizes its security into five principal classes, including Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret. Individuals are then awarded classification levels based on this system to grant and restrict access. Access is given on a need-to-know basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Nora is a penetration tester who has been hired to assess an organization’s campus. She finds CAD drawings classified as Sensitive. She discovers that two of the drawings are for the same part and, when combined, should be classified as Confidential.

This process is MOST LIKELY known as what?

A. Aggregation
B. Deducing
C. Mining
D. Collection

A

A. Aggregation

Explanation:
When discussing classification labels, data aggregation means that data classified at a higher level can be inferred by combining data at a lower classification level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Of the following alarms, which would be considered the MOST critical for a CISSP to ensure function properly?

A. Heartbeat alarms
B. Intrusion alarms
C. Fire alarms
D. Component failure alarms

A

C. Fire alarms

Explanation:
Fire alarms provide an audible sound if a fire is detected. Human safety is always considered the highest priority.

Intrusion alarms are incorrect because they do not ensure human safety as much as fire alarms do. Heartbeat alarms is incorrect because they monitor servers or security systems and do not impact human safety. Component failure alarms is incorrect because they monitor a server’s components like a power supply. They do not impact human safety.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Kerberos is an authentication protocol that employs the use of what?

A. Asymmetric encryption
B. Tickets
C. Tokens
D. Biometrics

A

B. Tickets

Explanation:
Kerberos uses a series of tickets to authenticate users/clients and provide access to network resources. Using Kerberos, clients obtain tickets from the key distribution center (KDC) and present these tickets to network resources when access requests are made. Kerberos uses symmetric encryption like the Advanced Encryption Standard (AES) to secure and verify the ticket’s authenticity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Martina is testing a new application that her company is developing. She is trying a testing technique that posts thousands of different inputs into the software to determine its limits and potential flaws. What form of testing is this?

A. Fuzz testing
B. Interface testing
C. Misuse case testing
D. Static testing

A

A. Fuzz testing

Explanation:
Fuzz testing is a technique used to find flaws or vulnerabilities by sending randomly generated or specially crafted inputs into the software. There are two types of fuzzers: mutation (dumb) fuzzers, and generational (Intelligent) fuzzers. Mutation fuzzers mutate input to create fuzzed input. Generational fuzzers create fuzzed input based on what type of program is being fuzzed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

When using a Redundant Array of Independent Disks (RAID), which RAID level will always reduce your raw capacity by 50%?

A. 1
B. 0
C. 5
D. 6

A

A. 1

Explanation:
RAID-1 is also known as mirroring. Data is written to two drives at once. If one drive fails, the other drive still has all the data. RAID-1 requires that you lose 50% of your total raw storage.

RAID levels:

RAID-0 - Data is striped between a set of drives without parity. This increases your risk of data loss. If one drive fails, the entire RAID will fail; however, it increases your usable storage and writes speed.
RAID-1 - Data is mirrored between two identical drives. This provides redundancy. However, your usable storage is reduced by 50% of your total storage.
RAID-5 - Data is striped between a set of drives, but parity is also written to each drive. This allows for a single drive to fail without causing the RAID to fail. This provides redundancy, but your usable storage is reduced by one drive worth of storage.
RAID-6 - Similar to RAID-5, however, two sets of parity are written to each drive. This allows for two drives to fail without causing the RAID to fail. This provides redundancy, but your usable storage is reduced by two drives worth of storage.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

When a risk is considered more costly to address than to allow it to be realized, what type of response should be chosen?

A. Risk deterrence
B. Risk transfer
C. Risk avoidance
D. Risk acceptance

A

D. Risk acceptance

Explanation:
When risk mitigation is more expensive than if the risk is realized, an organization should document and accept the risk or rethink their mitigation strategy. Risk acceptance does not mean choosing to ignore the risk but, rather, concluding that doing something about the risk is more costly than the risk itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which phase of patch management will MOST LIKELY use the change management process?

A. Patch deployment
B. Patch approval
C. Patch evaluation
D. Patch testing

A

B. Patch approval

Explanation:
Patch approval uses the change management process once patches are tested and approved for deployment. The approval process ensures that all affected organizations are aware of the changes and possible performance issues due to changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Which type of network discovery scan opens a full connection with a remote system on a specific port?

A. Xmas scan
B. TCP SYN scan
C. TCP connect scan
D. TCP ACK scan

A

C. TCP connect scan

Explanation:
Transmission control protocol (TCP) connect scanning opens a full connection, meaning that the scanner replies with an ACK to complete the TCP three-way handshake. This type of scan is usually selected when the user does not have privileges to run half-open scans.

TCP SYN scan is incorrect because it is a half-open scan and only sends a packet with the SYN flag set. TCP ACK scan is incorrect because it is also a half-open scan and only sends a packet with the ACK flag set. Xmas scan is incorrect because it does not open a full connection and, instead, sends a packet with the FIN, PSH, and URG flags set.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which of the following is NOT a valid database key?

A. Candidate key
B. Foreign key
C. Record key
D. Primary key

A

C. Record key

Explanation:
The following are keys that you will find in a database:

Candidate key - This key can be used to identify any record.
Primary key - This key is a unique value for each tuple in a table.
Foreign key - This key is a value that references the primary key of a tuple in a different table.

Record key is a fabricated term.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Which of the following components of a computer is MOST LIKELY to make calculations using logic gates?

A. Registers
B. Arithmetic logic unit (ALU)
C. Random Access Memory (RAM)
D. Central processing unit (CPU)

A

B. Arithmetic logic unit (ALU)

Explanation:
The arithmetic logic unit (ALU) is a series of physical circuits that perform bitwise operations on binary numbers. The circuits are built using logic gates made from transistors.

Central processing unit (CPU) is incorrect because it is made up of the ALU and registers. Registers is incorrect because they are temporary storage for instruction sets to be processed by the ALU. Random Access Memory (RAM) is incorrect because it stores application instructions and outputs from the CPU/ALU.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

According to the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which layer is the Internet layer?

A. 2
B. 3
C. 1
D. 4

A

A. 2

Explanation:
The Internet layer is the second layer of the TCP/IP model and is represented in descending sequence as the second layer from the bottom. Internet Protocol (IP) contains addressing information that enables packets to be routed and is part of the TCP/IP model. The TCP/IP model and the OSI model differ because the TCP/IP model consists of only four layers rather than seven. The four TCP/IP model layers are Network Access or Link, Internet, Transport, and Application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Tina is an accountant for a financial institution and has been committing fraud for years by secretly skimming money from unused budgets. Of the following, what detective control could Tina’s organization have implemented to discover her fraud?

A. Split knowledge
B. Mandatory vacations
C. M of N control
D. Separation of duties

A

B. Mandatory vacations

Explanation:
Mandatory vacations are used to detect fraud within an organization. Employees who commit fraud often do not take vacations to minimize other employees’ chances of discovering their fraud. Mandatory vacation length is recommended for a minimum of two weeks to be considered effective.

Separation of duties, split knowledge, and M of N control are incorrect because they are preventative controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Without using a hypervisor, a word processor wanting to save a file would need to access which CPU ring?

A. Ring 0
B. Ring 3
C. Ring 1
D. Ring 2

A

B. Ring 3

Explanation:
User applications, including word processors, reside in Ring 3, the least secure and trusted of the rings.

Applications (3)
Hardware Drivers (2)
Operating System (1)
Kernel (0)

As protection layer numbers decrease, a higher level of security is required.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

A brute-force attack has a virtually 100% success rate; it just depends on the time it takes to guess a password. Of the following, which BEST helps to prevent brute-force attacks?

A. Lockout policy on user accounts
B. Storing passwords using a SHA-3 hash
C. Salting passwords
D. Password encryption

A

A. Lockout policy on user accounts

Explanation:
Account lockout controls help prevent brute-force attacks. They lock the account for a period of time after incorrect passwords are entered too many times. Account lockouts typically use clipping levels that ignore some user errors but take action after a threshold is reached.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Of the following, which entity is statistically MOST LIKELY to be a cybersecurity threat?

A. An outside hacker
B. A government
C. A rival organization
D. A disgruntled employee

A

D. A disgruntled employee

Explanation:
Most industries agree that one of the most significant threats a company faces is from its own employees. For this reason, companies should employ principles like segregation of duties, split knowledge, and least privileged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Of the following, what protocol is used with IPsec?

A. EAP
B. CHAP
C. IKE
D. TLS

A

C. IKE

Explanation:
Internet key exchange (IKE) is used to negotiate parameters and ultimately establish security associations (SAs) for IPsec. IKE operates in two phases.

Phase 1: Negotiates a single bi-directional SA by exchanging a generated secret key using the Diffie-Hellman key exchange.
Phase 2: Negotiates unidirectional SAs using the SA established during phase 1.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Which of the following is NOT protected by a trademark?

A. Recipe
B. Phrase
C. Slogans
D. Logos

A

A. Recipe

Explanation:
Trademarks protect brand identity, including slogans, logos, phrases, or combinations that represent the company or brand identity. A recipe cannot be trademarked and would be protected under trade secret law.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

This type of control is used to verify a communication pathway is active by periodically or continuously checking it with a signal and can be used to prevent intruders from circumventing an alarm system, or it can trigger a high availability (HA) event:

A. A heartbeat sensor
B. A keep-alive sensor
C. A tamper sensor
D. A syslog aggregator

A

A. A heartbeat sensor

Explanation:
The heartbeat sensor is used as a communication pathway that tests a target’s signal periodically. It provides monitoring for connections to servers or security systems. For instance, if the door lock cable is cut, the test signal will fail, and personnel is alerted to the issue. Heartbeat sensors are also used to trigger high availability (HA) events on servers or network equipment. For example, if a server detects that its neighbor is no longer active, it will take over and provide failover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Access control addresses the relationship between subjects and objects. Of the following, which is TRUE about objects?

A. They are active entities that provide information to a passive entity
B. They are passive entities that provide information
C. When authorized, they can modify entities
D. They are active entities that access a passive entity

A

B. They are passive entities that provide information

Explanation:
An object is a passive entity that provides information to active subjects. Some examples of objects include files, databases, computers, programs, processes, printers, and storage media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Which of the following is LEAST LIKELY to be the audience of a security audit report?

A. Third parties
B. Board of directors
C. Government regulators
D. Functional management

A

D. Functional management

Explanation:
Unlike security assessments, security audits are generally performed by an external group to prevent conflicts of interest. The audience of a security audit report would be people outside of the company’s day-to-day operations, such as the board of directors, government regulators, or third parties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

When discussing multi-factor authentication (MFA), what method uses something you know and something you have?

A. One-time pad
B. Retina Scans
C. Public key infrastructure (PKI)
D. Smart cards

A

D. Smart cards

Explanation:
Smart cards are credit card-sized devices that contain a microprocessor. The smart card typically contains an encrypted private key issued through a public key infrastructure (PKI) system that the authenticating environment trusts. When the smart card is inserted into a reader, the user must enter a PIN before the smart card releases the private key. Smart cards used by the U.S. government are known as common access cards (CACs). The “something you know” is the PIN. The “something you have” is the smart card.

Retina scans is incorrect because it’s something you are. One-time pad is incorrect because it is not a form of multi-factor authentication (MFA); it is an encryption technique. Public key infrastructure (PKI) is incorrect because it is not a standalone MFA method.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

According to the Open Systems Interconnection (OSI) model, which layer is the Application layer?

A. 6
B. 5
C. 7
D. 8

A

C. 7

Explanation:
The Application layer is the seventh layer of the Open Systems Interconnection (OSI) model and is represented in descending sequence as the topmost layer. The Application layer is the graphical presentation and interface between the device and the user. Examples of Application layer protocols include HTTP, FTP, SMTP, and SNMP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Certain characters within website form inputs (e.g., ‘) are being converted into their HTML character entity reference equivalents (e.g., &apos), prior to processing. What web application security technique is being applied?

A. Output encoding
B. Input validation
C. Cross-site scripting
D. Request forgery

A

A. Output encoding

Explanation:
The conversion of certain characters within website form inputs (e.g., ‘) into their HTML character entity reference equivalents (e.g., &apos) prior to processing is an example of output encoding. Output encoding is an application security technique used to ensure that certain characters within form inputs are processed as data and not potentially misinterpreted as programming syntax (which could be used to inject malicious code, if processed).

Input validation is an application security technique used to ensure that actual input is aligned to the input expected for a particular field, before it is processed. Such validation does not just consider field type (e.g., that a date field follows the structure and format of a date mm-dd-yyyy) but also field data (e.g., the lack of strings such as “1=1” and “

", which could be used to inject malicious code, if processed). Cross-site scripting and request forgery are both types of web application attacks that can result from weak output encoding and/or input validation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Raul is reviewing one of the new services that his company is looking to deploy next month. He is concerned that the fields on the website that interact with the database might be vulnerable to a Structured Query Language (SQL) injection attack.

Which of the following would he use to determine if there is an SQL vulnerability?

A. Network vulnerability scanner
B. Network discovery scanner
C. Port scanner
D. Web vulnerability scanner

A

D. Web vulnerability scanner

Explanation:
Web vulnerability scanners are special-purpose tools that scour web applications for known vulnerabilities. Attackers often try to exploit the complexity of websites through attacks like Structured Query Language (SQL) injection in order to further their goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

A legal document used to protect an organization’s sensitive information and signed by its employees is MOST LIKELY called what?

A. Terms and conditions
B. Noncompete agreement
C. Nondisclosure agreement
D. Work commencement

A

C. Nondisclosure agreement

Explanation:
Organizations often require a nondisclosure agreement (NDA) to be signed by an employee prior to giving them access to sensitive information. The nondisclosure agreement reinforces trust between the organization and the employee. The nondisclosure agreement ensures that confidential materials and ideas used by the organization are not disclosed to third parties without consent.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Effective incident response management is handled in several steps or phases. Which of the following is performed just after the “detection” phase after an incident has occurred?

A. Reporting
B. Mitigation
C. Recovery
D. Response

A

D. Response

Explanation:
Effective incident response management is handled in several steps or phases. There are seven steps outlined in the CISSP CIB:

Detection
Response
Mitigation
Reporting
Recovery
Remediation
Lessons learned
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Barbed wire adds what to a perimeter defense?

A. Detection
B. Ownership
C. Deterrence
D. ccess control

A

C. Deterrence

Explanation:
The threat of harm from barbs on the wire is considered a deterrent to bypassing the perimeter. Fences should be at least eight feet tall with barbed wire at the top for adequate deterrence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

The IDEAL software development model has how many phases?

A. 5
B. 8
C. 7
D. 9

A

A. 5

Explanation:
The IDEAL software development model has 5 phases. The phases are as follows:

Initiating
Diagnosing
Establishing
Acting
Learning
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Brandon is a disgruntled employee who decides he will build a back door into an in-house developed piece of software. A few months later, Brandon’s employment is terminated, and he decides to attack the organization using the back door he built. Brandon’s former employer hires a forensic team to investigate the origin of the attack. They identify the in-house developed application, but there is no record of how the back door was introduced.

Of the following, what technique or control would have MOST LIKELY allowed Brandon’s former employer to identify Brandon as the person who introduced the back door?

A. Split knowledge controls
B. Configuration change management
C. External connection monitoring
D. Versioning

A

D. Versioning

Explanation:
Code versioning forces developers to document each revision or change in a codebase. All changes are tracked and saved. Organizations should use code versioning to review changes made to code or roll changes back if needed. Common examples of code version control software are GIT and SVN.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Jennifer receives a document with the word “CONFIDENTIAL” stamped on it. Of the following, what BEST describes the process of stamping the document?

A. Media Categorization
B. Marking/Labeling
C. Data Normalization
D. Data Classification

A

B. Marking/Labeling

Explanation:
Marking and Labeling is when the classification level is physically added to the document or media. Marking helps ensure individuals protect information and media while in their position.

Classification is incorrect because it is the process of defining the sensitivity of the media. Data Normalization and Media Categorization are not applicable in this scenario.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

When discussing risk analysis, which of the following is the likelihood of an exploit?

A. Threat
B. Vulnerability
C. Risk
D. Safeguard

A

C. Risk

Explanation:
When quantifying risk, it can be defined as the possibility or likelihood that a vulnerability will be exploited.

Risk is viewed as the possibility that something could happen to damage, destroy, or disclose data or other resources. Risk assessment and management are used to reduce risk. Before any security policies are made, risk must always be defined and assessed within the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Which form of evidence is offered by witnesses who give oral testimony based on their observation of a crime?

A. Conclusive evidence
B. Corroborative evidence
C. Direct evidence
D. Circumstantial evidence

A

C. Direct evidence

Explanation:
Direct evidence may come from witnesses who give oral testimony based on their observations. Direct evidence cannot be hearsay, which is second-hand testimony.

Conclusive evidence is incorrect because it is irrefutable and cannot be contradicted. Circumstantial evidence is incorrect because it can prove an intermediate fact used to assume another fact. Corroborative evidence is incorrect because it is used to prove an idea or point that cannot stand on its own.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

The only cryptography known to be impossible to crack, when correctly implemented, is known as what?

A. One-time pad
B. Vigenère cipher
C. Quantum encryption
D. Elliptic curve

A

A. One-time pad

Explanation:
Gilbert Vernam invented the one-time pad (OTP) in 1917. One-time pad requires a completely random key that is the same length as the message. Each bit of the message and the key are exclusive-OR (XOR) together. The resulting ciphertext is considered unbreakable as long as the key remains secure. For a one-time pad to be implemented correctly, keys cannot be reused and must truly be random.

One-Time pad requirements:

Keys must be genuinely random values
Keys can only be used one time
Keys must be exchanged securely
The sender and receiver must keep the keys secure
The key must be the same length as the message.

Quantum encryption is incorrect because it is different from traditional cryptographic systems in that it relies more on physics than classical mathematics and may be cracked. Elliptic curve is incorrect because it is a form of cryptography based on the algebraic structure of elliptic curves and can be broken. Vigenère cipher was developed in France in 1553 and uses Caesar ciphers with different shift values. A keyword is used to create the shift values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Performing software audit trails establishes what?

A. Accountability
B. Confidentiality
C. Integrity
D. Authorization

A

A. Accountability

Explanation:
Software audit trails keep track of user activities and provide accountability to the user base. Audit trails are especially important for software that contains sensitive data. For instance, they are required by the Health Insurance Portability and Accountability Act (HIPAA) to audit who has access to patient data and when the data was accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

From the perspective of cybersecurity, which of the following is the BEST motivation to create system images and baselines?

A. Create a uniformed naming convention
B. Central inventory management
C. System hardening
D. Decrease the time needed to deploy new systems

A

C. System hardening

Explanation:
System hardening reduces the overall risk of a system by removing unnecessary software and implementing best security practices. Once a secure baseline has been established on a particular system, administrators can capture the system’s state, called an “image”, and deploy it to other systems. This process is known as “imaging.” Imaging can be used to decrease the time needed to deploy new systems. However, the best motivation is to ensure that all systems are deployed with a hardened image.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is the term for testing the security of a piece of software without executing the software?

A. Dynamic testing
B. Initial testing
C. Static testing
D. Still testing

A

C. Static testing

Explanation:
Static testing tests the security of software without executing the software. This type of test reviews the source code or the compiled application.

Dynamic testing is incorrect because this type of test evaluates the security of software while the software is executing. Initial testing and still testing are fabricated terms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Martina works in quality assurance and can only access resources and perform tasks that are directly related to her job role. What type of access control model does Martina’s organization MOST LIKELY use?

A. UAC
B. MAC
C . DAC
D. RBAC

A

D. RBAC

Explanation:
A system that employs Role-Based Access Control (RBAC) maps a subject’s role with their needed operations and tasks. Users are assigned to roles and not resources.

Mandatory Access Control (MAC) uses classification and labels to define user access. Discretionary Access Control (DAC) allows the Data Owner to control and define access to objects. UAC is not an access control model.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which of the following refers to the practice of registering common misspellings or variations of a domain name?

A. Vishing
B. Clickjacking
C. Baiting
D. Typosquatting

A

D. Typosquatting

Explanation:The practice of registering common misspellings or variations of a domain name (e.g. facebok.com, apples.com) is referred to as typosquatting. Such registrations typically direct traffic to destinations that advantage the squatter, rather than to the domain originally intended.

Clickjacking occurs when the user interface of a website is manipulated to misdirect intended click-throughs. Vishing refers to voice-based (rather than email-based) phishing. Baiting refers to the practice of leaving compromised portable media in a public location in a manner that entices its use from a secure, nonpublic location (for example, leaving an infected USB drive labelled “staff salaries” in the lobby of an office building).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Which of the following terms refers to the technique of adding a term or phrase to the header of a communication to enhance its effectiveness as a social engineering attack?

A. Shoulder surfing
B. Smishing
C. Prepending
D. Baiting

A

C. Prepending

Explanation:
Prepending refers to the technique of adding a term or phrase to the header of a communication to enhance its effectiveness as a social engineering attack. Prepending is commonly employed in phishing e-mails. Examples include spoofed subject tags such as “RE:” or “[INTERNAL]” to support pretexts, or spoofed header tags in the content body (e.g., “X-SPAM-STATUS: NO”) to trick spam filters.

Smishing refers to a phishing attack that is attempted or executed over SMS (Short Message Service) text messaging. Shoulder surfing refers to the technique of obtaining privileged information through observation from a position of proximity (e.g., watching a password or PIN being typed through an office window, reading the laptop display of someone adjacently seated on an airplane). Baiting refers to the practice of leaving compromised portable media in a public location in a manner that entices its use from a secure, nonpublic location (for example, leaving an infected USB drive labelled “staff salaries” in the lobby of an office building).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Data on media should be erased when it is no longer required. Of the following, what is the BEST method to ensure sensitive data cannot be recovered from magnetic media?

A. Overwriting
B. Deleting
C. Degaussing
D. Re-formatting the media

A

C. Degaussing

Explanation:
A degausser creates a magnetic field that realigns the magnetic fields on media. It’s one way to remove data remanence on media such as a hard drive or tape drive. It is very difficult to recover data from media if it has been correctly degaussed. Degaussing is only effective on magnetic media, so it can’t be used on media such as DVD or CD discs.

Deleting is incorrect because it does not remove the data from the media; it only removes the record from the data’s file system. Re-formatting the media is incorrect because it does not adequately overwrite the data and may still be recoverable. Overwriting is incorrect because unless it has been overwritten multiple times, the data can still be recovered.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Which of the following describes a model used to assess risk maturity?

A. OSS
B. COTS
C. OIDC
D. RMM

A

D. RMM

Explanation:
An RMM (Risk Maturity Model) is a model used to assess risk maturity. For each risk management process, RMMs define levels of maturity and the characteristics commonly associated with (or which demonstrate realization of) those levels of maturity. By matching their characteristics with those found in the model, organizations can establish the maturity of their risk management processes.

OIDC (OpenID Connect) is not a model used to assess risk maturity, but an authentication and authorization solution that enables Single Sign-On (SSO). COTS (Commercial Off-The-Shelf) and OSS (Open Source Software) are not models used to assess risk maturity, but different classes of software that have been developed by third-parties. COTS is typically sold for a profit, while OSS is typically offered for free.

59
Q

Heather is the IT manager for a mid-sized manufacturing organization that builds weapons in the United States. Heather is concerned her organization does not have any offsite backups, so she decides to send a full backup to a Venezuelan cloud provider.

Of the following, what law or regulation has Heather MOST LIKELY broken?

A. General Data Protection Regulation (GDPR)
B. Computer Fraud and Abuse Act (CFAA)
C. The Espionage Act
D. International Traffic in Arms Regulation (ITAR)

A

D. International Traffic in Arms Regulation (ITAR)

Explanation:
The International Traffic in Arms Regulation (ITAR) is a U.S. regulation that restricts and controls the export of defense and military technologies to foreigners. Organizations that manufacture or process information on controlled technologies must establish strict and rigid controls to ensure data is not disclosed to unauthorized individuals.

60
Q

When deleting a file is not enough to satisfy an organization’s data destruction policy, what BEST ensures the data cannot be restored, but the media can be reused?

A. Clearing
B. Destruction
C. Purging
D. Erasing

A

C. Purging

Explanation:
Purging is the process of overwriting the original data over and over. It should be repeated many times and can be combined with degaussing to ensure the original data cannot be recovered.

Erasing is another word for delete. Clearing is the process of overwriting data multiple times; however, it is not considered as thorough as purging. Destruction is the most secure method; however, it destroys the media and cannot be reused.

61
Q

Which function of change management is a labeling or numbering system used to differentiate between different software sets and configurations?

A. Requesting
B. Reviewing
C. Scheduling
D. Versioning

A

D. Versioning

Explanation:
Versioning refers to version control used in software configuration management. A labeling or numbering system is used to differentiate between different software sets and configurations across multiple machines or at different points in time on a single machine. Versioning also helps with rollback procedures when deployment fails.

62
Q

An organization is looking to develop its Business Continuity Plan (BCP). Of the following, which is one of the first steps in creating a BCP?

A. Business Impact Analysis
B. Tabletop exercises
C .Mitigate risk
D. Likelihood assessment

A

A. Business Impact Analysis

Explanation:
One of the first steps in business continuity planning is to perform a Business Impact Analysis (BIA). A BIA identifies all critical functions and processes so the organization can prioritize them based on criticality.

63
Q

Which of the following is the correct listing of the four basic network topologies?

A. Star, mesh, link-local, ladder
B. Ring, bus, star, mesh
C. Mesh, bridge, ring, bus
D. Expressway, ring, data link, physical

A

B. Ring, bus, star, mesh

Explanation:
Network topology refers to the physical layout and design of a network. Topologies are a part of the physical layer in the OSI model.

Ring: A ring topology connects all computers together in a ring or a circle.
Bus: Bus topology contains one trunk cable and each computer is connected to this one trunk.
Star: A central router or hub connects all computers in one location.
Mesh: Each computer is connected to every other computer with a cable for each connection. Mesh topologies are the most complicated and expensive.
64
Q

Pretty Good Privacy (PGP) uses which of the following to encrypt data?

A. Hashing
B. Asymmetric scheme
C. Redundant scheme
D. Symmetric scheme

A

D. Symmetric scheme

Explanation:
Pretty Good Privacy (PGP) is a hybrid cryptosystem that uses the International Data Encryption Algorithm (IDEA) to encrypt the data. PGP uses a web of trust instead of a traditional Public Key Infrastructure (PKI). The commercial version uses RSA and the free version uses the Diffie-Hellman key exchange.

65
Q

Which of the following BEST describes a known-plaintext attack?

A. When an attacker already knows a portion of the plaintext
B. When the decryption key is used more than once
C. When the attacker tries to reverse engineer the encryption process using cipher text
D. When an attacker already knows a portion of the decryption key

A

A. When an attacker already knows a portion of the plaintext

Explanation:
A known-plaintext attack is an attack model for cryptanalysis where the attacker has samples of both the plaintext and its encrypted version. Knowing a portion of the message can help decrypt the remainder of the cipher text. This was exploited by the allies during World War II. The allies knew that the last part of German-transmitted messages always contained the words “Heil Hitler.” The Germans also included a standard weather report in the same location of every transmission. This vulnerability in the German code procedures is one of the reasons the allies were able to crack the German enigma codes.

66
Q

The Advanced Encryption Standard (AES) is mandated for use by NIST through FIPS 197 on all sensitive information. AES has three different key lengths. Which of the following is NOT a valid key length?

A. 256 bits
B. 192 bits
C. 128 bits
D. 64 bits

A

D. 64 bits

Explanation:
NIST selected the advanced encryption standard (AES) in 2000, to replace the older Data Encryption Standard (DES) that had known vulnerabilities. The AES cipher allows the use of three key lengths:

128-bit keys require 10 rounds of encryption
192-bit keys require 12 rounds of encryption
256-bit keys require 14 rounds of encryption
67
Q

Integrity is the primary function of which security model?

A. Take-Grant
B. Brewer and Nash
C. Biba
D. Bell-LaPadula

A

C. Biba

Explanation:
Biba is an integrity model that prevents subjects with lower security levels from writing to objects at higher security levels.

Take-Grant is incorrect because it dictates how rights can be passed from one subject to another. Brewer and Nash is incorrect because it dynamically changes access controls to protect against conflicts of interest. Bell-LaPadula is incorrect because it primarily focuses on confidentiality. It prevents subjects with lower security levels from reading objects at higher security levels.

68
Q

Anya is designing the fencing for a new tier 4 data center. Of the following, what is the recommended MINIMUM fencing height Anya should use?

A. 7 feet
B. 10 feet
C. 8 feet
D. 6 feet

A

C. 8 feet

Explanation:
Fences of 8 feet are considered to deter determined intruders. A tier 4 data center fence should be a minimum of 8 feet high.

The standard fencing height recommendations are:

3-4 feet deter casual trespassers
6-7 feet deter most intruders, but not determined ones
8 or more feet deter determined intruders
69
Q

Which of the following is NOT a valid step in creating a Business Continuity Plan (BCP) as established by NIST?

A. Business Impact Analysis
B. Project budgeting
C. Developing the continuity policy planning statement
D. Scope the project

A

B. Project budgeting

Explanation:
Project budgeting is not considered to be one of the standard high-profile steps set forth by NIST for disaster recovery. NIST helps businesses establish standards and procedures to protect assets and avoid risk.

70
Q

An IT administrator reviews all the servers in the organization and notices that a server is missing crucial patches against a recently discovered exploit. Which BEST describes what the administrator has just found?

A. A vulnerability
B. An exposure
C. A threat
D. A breach

A

A. A vulnerability

Explanation:
The weakness in an asset or the absence or weakness of a safeguard or countermeasure is a vulnerability. A vulnerability is a flaw, loophole, oversight, error, limitation, frailty, or susceptibility in the IT infrastructure or any other process.

The threat is incorrect because it is what exploits the vulnerability. Exposures and breaches are incorrect because they may be the result if a vulnerability is exploited.

71
Q

Which of the following protection solutions is commonly deployed on endpoints to detect advanced persistent threats?

A. Web security gateway
B. Bastion host
C. Endpoint detection and response (EDR)
D. Next-generation firewall (NGFW)

A

C. Endpoint detection and response (EDR)

Explanation:
Endpoint detection and response (EDR) is a protection solution commonly deployed on endpoints to detect advanced persistent threats (APTs). EDR solutions typically incorporate elements of intrusion detection, activity baselines, and machine learning to maximize threat detection capabilities.

A next-generation firewall (NGFW) is capable of detecting APTs, but it is deployed on networks rather than endpoints. A bastion host is not a protection solution deployed on endpoints, but a security-hardened host that is commonly placed in an insecure network location to serve as a secure gateway or to securely support key services (e.g. e-mail, ftp). Web security gateways block access to restricted website content and malware, but they do not detect advanced persistent threats.

72
Q

Which type of control requires identifying occurrences to perform its functions?

A. Detective
B. Deterrent
C. Corrective
D. Intrusion

A

A. Detective

Explanation:
Detective controls are deployed to detect unwanted or unauthorized activity. These controls are frequently deployed after an event to ensure that future occurrences are discovered. Detective controls do not directly block or prevent unwanted activity. Detective controls include security cameras, motion detectors, and virus scans.

73
Q

When software patches are introduced to fix a security weakness in the system, what function do these patches perform?

A. Enhance features
B. Manage change
C. Mitigate risk
D. Transfer risk

A

C. Mitigate risk

Explanation:
When patches are introduced to fix a security weakness in the system, they help mitigate risk. Software patching is often performed on a regular basis to maintain the security of production software.

74
Q

Haruto has to send some legal communications. He sends the documents through certified mail and requests a signature on delivery from the recipient, so he will have paperwork confirming the documents were delivered.

This is an example of which of the following?

A. Confidentiality
B. Nonrepudiation
C. Authentication
D. Layering

A

B. Nonrepudiation

Explanation:
Nonrepudiation ensures that the subject of an activity or event cannot deny that the event occurred. In this case, the letter was delivered and signed for, leaving a paper trail. Therefore, the subject who received and signed for the mail cannot deny that they received it.

75
Q

A table of subjects, objects, and permissible actions is called what?

A. Access control matrix
B. Compatibility matrix
C. Subject, object, action table
D. Access control list

A

A. Access control matrix

Explanation:
An access control matrix is a table that contains a list of subjects, objects, and permissible actions. The columns are called the access control list (ACL). The rows are called the capability list. The matrix contains what permissions are assigned to each user for a specific object.

76
Q

When relying on reusable media for critical backups, it is essential to consider:

A. Single Loss Expectancy (SLE)
B. Recovery Point Objective (RPO)
C. Exposure Factor (EF)
D. Mean Time To Failure (MTTF)

A

D. Mean Time To Failure (MTTF)

Explanation:
Devices or components with a finite life typically use MTTF to report the average life that can be expected from them before failing. MTTF can be expressed either as a duration or as a count of uses. Certain types of reusable media fall into this category, making it essential to consider MTTF when relying on them for critical backups.

Recovery Point Objective (RPO) is the threshold (expressed as an interval of time) established by the organization to indicate the maximum amount of data loss it can tolerate without adverse impact. An organization that is unable to tolerate more than a day’s worth of data loss would have an RPO of 24 hours. Single Loss Expectancy (SLE) is a calculation used in quantitative risk analysis to model the monetary loss resulting from a triggered risk to an asset. Exposure Factor (EF) is a variable (used in SLE calculations) which expresses the potential loss impact from a triggered risk as a percentage.

77
Q

What is the BEST way to reduce false positive and false negative reports when performing a vulnerability scan?

A. Running multiple scans and comparing results
B.Running an authenticated scan
C. Throttling the scan to avoid detection
D. Running the scan on a central server

A

B.Running an authenticated scan

Explanation:
In an authenticated scan, the scanner has credentials to log in to the target and read configuration information from the scanned system and use it to find additional vulnerabilities.

78
Q

Which type of encryption does Secure Sockets Layer (SSL) and Transport Layer Security (TLS) MOST LIKELY use?

A. Asymmetric
B. Symmetric
C. Stream
D. Asymmetric and symmetric

A

D. Asymmetric and symmetric

Explanation:
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) use both asymmetric and symmetric encryption to protect data in transit. Asymmetric encryption is used to authenticate the Client or Server and securely exchange the symmetric key. Symmetric encryption is used to encrypt data after the handshake has taken place.

Client sends a Client hello message to the Server
Server sends the client a Server hello message encrypted with the private key
Client decrypts the message using the public key
Client sends pre-master secret encrypted with the public key
Server decrypts the pre-master secret with the private key
Both the Client and Server generate symmetric keys using the pre-master secret
Symmetric encryption begins between the Client and Server
79
Q

Sustained backups using copied transaction logs at an offsite facility is called what?

A. Remote journaling
B. Site heating
C. Site firing
D. Distance logging

A

A. Remote journaling

Explanation:
Remote journaling is a type of backup system where the transfer of data happens closer to real-time. Remote journaling only transmits file deltas to keep systems synchronized. The recovery point objective (RPO) is determined by the frequency of how often the deltas are synchronized.

80
Q

Which of these is a type of motion detector?

A. Mantrap
B. CCTV
C. FM-200
D. Wave pattern

A

D. Wave pattern

Explanation:
Wave pattern motion detectors send an ultrasonic or high-frequency microwave to a specific secured area. The pattern is consistent when no object is present. When an object is present, it disrupts the wave pattern and triggers an alarm.

81
Q

Payroll managers must follow a policy where one creates and prints the checks and the other signs them. There is no authorization for one manager to both print and sign a check. This is an example of which of the following?

A. Cross-training
B. Job rotation
C. Mandatory vacations
D. Separation of duties

A

D. Separation of duties

Explanation:
Separation of duties segregates critical job roles between individuals and prevents any one person from subverting critical security controls. In this case, one individual isn’t allowed to both print and sign checks, leading to the ability to steal money. With the separation of duties system, stealing would require collusion between the two resources, which is much less likely.

82
Q

Which government data classification label requires the most security and is considered the highest level?

A. Classified
B. Confidential
C. Top Secret
D. Secret

A

C. Top Secret

Explanation:
The Top Secret label is applied to information in which its unauthorized disclosure could reasonably be expected to cause exceptionally grave damage to national security. It is the highest level of classification used by the government.

The Secret label is applied to information in which its unauthorized disclosure could reasonably be expected to cause severe damage to national security. Confidential is used in commercial environments, not by the government. Classified is any data that has been assigned a classification label.

83
Q

What BEST describes Kerckhoff’s Principle?

A. That only the algorithm needs to be kept secret
B. That only the keys need to be kept secret
C. That no single person be given the entire decryption key
D. That both the algorithm and keys be kept secret

A

B. That only the keys need to be kept secret

Explanation:
Kerckhoff’s Principle assumes that everything about a cryptographic system is public knowledge except for the key. This has the benefit of validating an algorithm by the broader security community instead of relying on the insiders who created the algorithm. This assumption can also discourage people from neglecting to secure the keys through a false sense of security.

84
Q

As more and more users bring their own devices to work, such as cell phones and personal laptops, which of the following becomes the BEST option for controlling these new resources?

A.Encrypted device requirements
B. Application whitelisting
C. Mobile device management
D. Asset tracking

A

C. Mobile device management

Explanation:
Mobile device management (MDM) is a software solution to the challenging task of managing the myriad of mobile devices that employees use to access company resources. The goals of MDM are to protect the organization’s data, provide monitoring, enable remote management, and support troubleshooting.

85
Q

Which of the following identifies the protocol suite that secures communications by either authenticating or encrypting each IP packet during a communication session?

A. SSH
B. SSL
C. TLS
D. IPsec

A

D. IPsec

Explanation:
Internet protocol security (IPsec) is a suite of protocols that provides protection at the network layer of the open system interconnection (OSI) model. IPsec is frequently used to establish a virtual private network (VPN) between two routers. IPsec protects the original IP packet by encrypting or hashing the IP packet and adding a new AH or ESP header with a new IP header. IPsec specific protocols are:

Authentication header (AH) provides integrity of the packet and adds an AH header.
Encapsulating security payload (ESP) provides the confidentiality of the packet and adds an ESP header.
Internet key exchange (IKE) is used to negotiate tunnel parameters.

SSH (secure shell), SSL (secure socket layer), and TLS (transport layer security) are examples of other protocols that provide confidentiality at higher layers of the open system interconnection (OSI) model.

86
Q

What BEST validates that security controls have been implemented and work as expected?

A. Vulnerability scan
B . Patch management
C. Security audit
D. Change management

A

C. Security audit

Explanation:
Security audits are performed to validate that security controls have been implemented and work as desired. Security audits generally compare results against an external standard.

Patch management, vulnerability scan, and change management are incorrect because they do not validate that controls have been implemented.

87
Q

Which of the following secure design principles BEST addresses the potential risks introduced from programming exceptions?

A. Shared responsibility
B. Fail securely
C .Trust but verify
D. Separation of duties

A

B. Fail securely

Explanation:
The potential risks introduced from programming exceptions are best addressed through the secure design principle of fail securely. This principle bids developers to consider the security implications of exceptions (errors) in their code and incorporate error handling routines that manage them, to preserve the security of the application (and the data accessible through it).

Trust but verify is a secure design principle that challenges assumptions of trust derived from certain criteria without trust being explicitly verified (e.g., traffic originating from an internal network). Separation of duties is a secure design principle that demands a sensitive task be split between two or more individuals to reduce the risk of fraud, abuse, or errors. Shared responsibility is a secure design principle which recognizes that security can only be maintained through collective efforts (i.e. security is everyone’s responsibility).

88
Q

Of the following, which encryption method does NOT provide end-to-end encryption?

A. Secure Sockets Layer (SSL)
B. Trnsport Layer Security (TLS)
C. 802.1AE
D. Secure Shell (SSH)

A

C. 802.1AE

Explanation:
802.1AE, also known as MACsec, is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides confidentiality and integrity at the data link layer of the Open Systems Interconnection (OSI) model. MACsec adds additional headers to the frame that identify it has been protected with MACsec. MACsec provides Hop-to-Hop encryption or link encryption, not end-to-end encryption.

Transport Layer Security (TLS), Secure Sockets Layer (SSL), and Secure Shell (SSH) all provide end-to-end encryption.

89
Q

Sam’s organization uses signature-based detection to detect and prevent malware. He notices that a malicious piece of code has exploited an unknown vulnerability. He contacts the vendor, and they inform him they will create a patch and release it soon.

Of the following, this would MOST LIKELY be considered what?

A. Zero-day
B. Advanced persistent threat (APT)
C. Polymorphic virus
D.Worm

A

A. Zero-day

Explanation:
A zero-day is a vulnerability that has not been patched by the vendor. Zero-day attacks are difficult to detect and prevent because the vulnerability is unknown, and signature-based detection engines often cannot detect malware that exploits zero-day vulnerabilities.

90
Q

Which of the following BEST describes a logic bomb?

A. A virus
B. A program that executes when certain conditions are met
C. A rootkit
D. A type of buffer overflow attack

A

B. A program that executes when certain conditions are met

Explanation:
Logic bombs are programs or code that execute when certain conditions are met. It is common for IT or development personnel to hide malicious programs somewhere in a computer network that executes if their user account is ever disabled.

91
Q

Which of the following access control models is MOST LIKELY to make decisions using classifications?

A. Role-Based Access Control (RBAC)
B. Attribute-Based Access Control (ABAC)
C. Discretionary Access Control (DAC)
D. Mandatory Access Control (MAC)

A

D. Mandatory Access Control (MAC)

Explanation:
A system that employs Mandatory Access Control (MAC) uses classifications and labels to define user access. Every resource is classified with a label, and users cannot access resources unless they have an equal or greater clearance level. MAC is widely used in government and military environments. MAC is often referred to as a lattice-based model because it looks like a garden lattice with well-defined boundaries when it is represented on paper.

Discretionary Access Control (DAC) allows the Data Owner to control and define access to objects. Role-Based Access Control (RBAC) maps a subject’s role with their needed operations and tasks. Attribute-Based Access Control (ABAC) makes decisions based on attributes for either the subject, object, or actions.

92
Q

Of the following, which block cipher modes do NOT utilize an initialization vector (IV)?

A. OFB & CTR
B. ECB & CTR
C. CBC & CFB
D. ECB & CBC

A

B. ECB & CTR

Explanation:
Electronic Code Book (ECB) and Counter Mode (CTR) do not utilize an initialization vector (IV).

ECB encrypts each block using the key with no additional random input. This means that the same plaintext patterns will be found in the ciphertext. If block A and block B both have the plaintext word “Monkey”, they will both show identical ciphertext for the portion of the block with the word “Monkey”.

CTR does not use an IV; however, it does use a counter that increments for each block. This is commonly used for network transmissions where packets may arrive out of order. If a chaining mode was used, the application would need to wait for each packet to arrive before it could decrypt the message, since blocks cannot be decrypted until the preceding block’s output is calculated.

93
Q

When discussing access control, what is a subject?

A. Passive data
B. Passive entity
C. Active data
D. Active entity

A

D. Active entity

Explanation:
By most definitions, a subject is an active entity in a system. This is anything that is actively interacting with the system, including users, processes, or automated programs. Access control regulates access between subjects and objects. An object is a passive entity that provides information.

94
Q

Non-IP protocols are protocols that serve as an alternative to IP on the OSI Network layer. Of the following, which is NOT considered a non-IP protocol?

A. DECnet
B. NAT
C. IPX
D. AppleTalk

A

B. NAT

Explanation:
Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. NAT operates at the Network layer but cannot be an alternative to IP in its absence, whereas IPX, AppleTalk, and DECnet can.

95
Q

Prior to processing, form inputs on a website are filtered for certain content such as “1=1” and “

". What web application security technique is this an example of?

A. Output encoding
B. Cross-site scripting
C. Input validation
D. Request forgery

A

C. Input validation

Explanation:
The filtering of certain content such as “1=1” and “

" from form inputs prior to processing is an example of input validation. Input validation is an application security technique used to ensure that actual input is aligned to the input expected for a particular field, before it is processed. Such validation does not just consider field type (e.g., that a date field follows the structure and format of a date mm-dd-yyyy) but also field data (e.g., the lack of strings such as "1=1" and "
", which could be used to inject malicious code, if processed).

Output encoding is an application security technique used to ensure that certain characters within form inputs are processed as data and not potentially misinterpreted as programming syntax (which could similarly be used to inject malicious code, if processed). The conversion of certain characters within form inputs (e.g., ‘) into their HTML character entity reference equivalents (e.g., &apos) prior to processing is an example of output encoding. Cross-site scripting and request forgery are both types of web application attacks that can result from weak input validation and/or output encoding.

96
Q

There are two primary types of interference. Select the option with both types.

A. Electromagnetic Interference (EMI) & Radio Frequency Interference (RFI)
B. Energy Manic Interference (EMI) & Reduced Field Interference (RFI)
C. Electric Machine Interference (EMI) & Radio Fault Interference (RFI)
D. Earthmagnetic Interference (EMI) & Refracted Frequency Interference (RFI)

A

A. Electromagnetic Interference (EMI) & Radio Frequency Interference (RFI)

Explanation:
Electromagnetic interference (EMI) & Radio Frequency Interference (RFI) are the two main types of interference. They can cause equipment to malfunction and also corrupt communication signals, which causes timeouts and failures. Interference disrupts network transmissions, television, radio, and telephony equipment.

97
Q

In relation to biometric devices, Crossover Error Rate (CER) indicates what?

A. It indicates the point where false rejection is equivalent to the false acceptance rate
B. It indicates the acceptance rate of the device
C. It indicates the failure rate of the device
D. It indicates the inaccuracy of the device - the lower the better

A

A. It indicates the point where false rejection is equivalent to the false acceptance rate

Explanation:
The point at which biometric type 1 errors (false rejection rate) and type 2 errors (false acceptance rate) are equal is the Crossover Error Rate (CER). When a biometric device is too sensitive, type 1 errors (false negatives) are more common. When a biometric device is not sensitive enough, type 2 errors (false positives) are more common.

98
Q

What BEST describes phreaking?

A. Using a device to alter a person’s voice
B. Manipulating a phone system
C. Social engineering attack that invokes urgency
D. Altering a device’s power consumption to subvert security controls

A

B. Manipulating a phone system

Explanation:
Phreaking was used in the 1960s to manipulate telephone providers into making long-distance calls by generating signaling tones. Steve Wozniak and Steve Jobs, founders of Apple computers, were known phone phreakers during their youth. Modern phreaking manipulates a private branch exchange (PBX) into making unauthorized calls or other nefarious activity.

99
Q

Which of the following is NOT used for centralized authentication?

A. Diameter
B. OWASP
C. TACACS+
D. RADIUS

A

B. OWASP

Explanation:
The Open Web Application Security Project (OWASP) is an organization that publishes articles for developers. It has nothing to do with centralized authentication.

Remote Authentication Dial-In User Service (RADIUS) is used for centralized authentication, typically for organizations with more than one network access server. Terminal Access Controller Access-Control System Plus (TACACS+) was released after RADIUS and offers several improvements. Diameter was built to enhance TACACS+ by supporting a wide range of additional protocols.

100
Q

What type of control are mandatory vacations considered to be?

A. Technical control
B. Corrective control
C. Administrative control
D. Physical control

A

C. Administrative control

Explanation:
Mandatory vacations are considered to be administrative controls that can help detect fraudulent activity. A mandatory vacation policy allows other department members to discover something that an employee was potentially hiding. It helps uncover employee misconduct and forces cross-training amongst department members.

101
Q

If the state of the system is a snapshot or a moment in time, the activities that alter the state are called what?

A. State frequency
B. State awareness
C.State transition
D. State adjustment

A

C.State transition

Explanation:
State transition is the terminology used for activities that can alter a machine’s state. State machine security models require that all actions that change the state must be authorized, and the machine’s state must remain secure during transitions.

102
Q

Which of the following is based on providing a system where access duration is limited and is given to others at a later time?

A. Preferred user
B. Job rotation
C. Least privilege
D. Separation of duties

A

B. Job rotation

Explanation:
Job rotation among employees helps break up potential risks where users may be hiding inappropriate work within their own private access roles. It acts as a deterrent and a detection tool. If one knows that someone will be taking over their job functions soon, they are less likely to participate in fraudulent activities. If someone does do something fraudulent, job rotation increases the likelihood it will be discovered.

Least privilege is incorrect because the least privilege access control provides system users only the minimum level of access required to do their job. Preferred user is incorrect because it is not an identifier for access control. Separation of duties is incorrect because it restricts user access to specific identified tasks, preventing them from access to tasks that are unrelated to their work or duties.

103
Q

Which of the following should be performed before outsourcing or offshoring sensitive data?

A. A regulatory issue scan
B. Risk analysis
C. Foreign national awareness training
D. A socioeconomic evaluation

A

B. Risk analysis

Explanation:
Risk analysis should be performed before outsourcing or offshoring sensitive data. The analysis is performed to ensure that the party is storing the data safely and securely. It must be determined if outsourcing the data createsa greater risk than the organization’s risk appetite.

104
Q

Which of the following statements is FALSE?

A. Hot sites may require more staff to maintain than cold sites.
B. Cold sites require less time to activate than hot sites.
C. Hot sites are typically more expensive than cold sites.
D. Cold sites tend to suffer less failure of their own than hot sites.

A

B. Cold sites require less time to activate than hot sites.

Explanation:
Cold sites require significantly more time to activate since a cold site is essentially an empty computer room with environmental facilities such as heating, ventilation, and air conditioning, but no computing equipment. Hot sites can be activated within a few hours because all the required equipment is available and provisioned.

105
Q

Control Objectives for Information and related Technology (COBIT) has five principles for governance. Of the following, which is NOT a COBIT principle?

A. Separating governance from management
B. Aligning security objectives with business objectives
C. Meeting stakeholder needs
D. Covering the enterprise end to end

A

B. Aligning security objectives with business objectives

Explanation:
Correct answer: Aligning security objectives with business objectives

Control Objectives for Information and related Technology (COBIT) is a framework for governance developed by ISACA. The five COBIT principles are:

Meeting stakeholder needs
Covering the enterprise end to end
Applying a single integrated framework
Enabling a holistic approach
Separating governance from management
106
Q

Viruses represent a threat to systems and software applications. Which of the following is NOT true regarding viruses?

A. Each year, thousands of new viruses are introduced to computers around the world.
B. Viruses are dangerous because of their ability to spread and damage the security integrity of a system.
C. Viruses can reproduce without a legitimate host application.
D. Viruses never seen in the wild are called zero-day viruses.

A

C. Viruses can reproduce without a legitimate host application.

Explanation:
Viruses cannot reproduce with a legitimate host application. Viruses infect legitimate files or programs and use them to spread themselves.

A worm is a type of malware that can reproduce without a legitimate host application.

107
Q

From the following options, identify the formula used for residual risk:

A. (Threat x vulnerability x asset value) - control gap
B. (Vulnerability x threat) x asset value
C. (Threat x risk) x asset value
D. Asset risk x threat - control gap

A

A. (Threat x vulnerability x asset value) - control gap

Explanation:
Correct answer: (Threat x vulnerability x asset value) - control gap

This formula is total risk - control gap = residual risk.

Total risk = (threats x vulnerability x asset value). The control gap factor is a safeguard that controls risk, so it reduces the residual risk of a system.

108
Q

Which type of security control is used when the preferred security control is too expensive to implement?

A. Deterrent
B. Administrative
C. Compensating
D. Corrective

A

C. Compensating

Explanation:
Compensating controls are used to provide alternatives to aid in security enforcement. They are used in addition to main security controls. They are frequently used to reduce risk to an acceptable level when the preferred control is too expensive or restrictive for business operations.

109
Q

The act of searching for correlations of data in a data warehouse is BEST known as what?

A. Data mining
B. Data surveying
C. Data sleuthing
D. Artificial Intelligence

A

A. Data mining

Explanation:
Data mining is searching through data warehouses and correlating data. Analysts use data mining to find potential revenue. For instance, an analyst could data mine a product’s sales patterns and identify that October is the best sales month. Marketing and sales could then increase during those months to increase revenue for the company.

110
Q

What type of processing allows multiple instruction sets to run in parallel under a single process?

A. Multitasking
B. Single mode processing
C. Multithreading
D. Multiprogramming

A

C. Multithreading

Explanation:
A thread is an individual instruction set that must be worked on by the CPU. Threads can execute in parallel with other threads that are part of the same parent process. This is known as multithreading. Threads are dynamically built and destroyed by the parent process. A process is a program loaded in memory. Most modern applications take advantage of multithreading.

111
Q

Of the following, what BEST describes the purpose of the initialization vector (IV)?

A. Provide diffusion
B. Decreases the likelihood of a collision
C. Increase the key length
D. Prevent patterns from being observed

A

D. Prevent patterns from being observed

Explanation:
An initialization vector (IV) is a random value used with a key to encrypt or decrypt data. The IV is used to reduce the likelihood of the same plaintext patterns being found in the ciphertext.

One of the reasons Wired Equivalent Privacy (WEP) was weak was because it used a short 24-bit IV. This caused the same IV to be used multiple times throughout the stream, allowing attackers to find patterns between messages using the same IV.

112
Q

The DREAD rating system pertains to which of the following?

A. Assessing probability and quantifying potential opportunities for damage
B. Evaluating and establishing the change management process
C. Creating a three-layered plan to approach a security plan deployment
D. Assessing how effective a penetration test was

A

A. Assessing probability and quantifying potential opportunities for damage

Explanation:
The DREAD rating system is designed to provide a flexible rating solution that is based on the answers to five main questions about each threat:

Damage potential
Reproducibility
Exploitability
Affected users
Discoverability
113
Q

Sustained backups using copied transaction logs at an offsite facility is called what?

A. Distance logging
B. Site firing
C. Site heating
D. Remote journaling

A

D. Remote journaling

Explanation:
Remote journaling is a type of backup system where the transfer of data happens closer to real-time. Remote journaling only transmits file deltas to keep systems synchronized. The recovery point objective (RPO) is determined by the frequency of how often the deltas are synchronized.

114
Q

Which architecture approach BEST allows for the processing of data at different security levels?

A. Multilevel
B. Single level
C. Dedicated
D. Super level

A

A. Multilevel

Explanation:
A multilevel approach allows for the processing of data at different security levels. Information is allowed to flow between different access levels, provided the user has the proper clearance. Multilevel models are a category in the information-flow model.

Dedicated system architecture is incorrect because it permits a single level of processing. Single level is incorrect because it permits users to execute any instruction available. Super level is a fictitious term.

115
Q

Of the following, which is the BEST example of risk transfer?

A. Software patching
B. Performing a Business Impact Analysis
C. Taking no action
D. Cybersecurity insurance

A

D. Cybersecurity insurance

Explanation:
Risk transfer is when you transfer the risk to someone else. When you pay an insurance company, they become responsible for paying out if the risk is realized.

Software patching is an example of risk mitigation. Taking no action is an example of risk acceptance. However, a cost-benefit analysis should be performed prior to accepting risk. Conducting a Business Impact Analysis (BIA) is a step in building a Business Continuity Plan (BCP).

116
Q

Grid Computing is BEST described as what?

A .Parallel processing where nodes cannot join and leave at will
B. A group of nodes that are logically viewed as one
C. Central processing distributed across multiple cores
D. Parallel processing where nodes may join and leave at will

A

D. Parallel processing where nodes may join and leave at will

Explanation:
Grid Computing is similar to clustering; however, individual nodes do not trust each other and can join and leave at will. Grid computing is generally distributed across hundreds and thousands of nodes across the internet. Nodes check-in when they have available system resources and contribute to Grid processing. Grid Computing is used for bitcoin mining, the creation of rainbow tables, and predicting weather patterns.

117
Q

Of the following, which BEST encompasses the primary goals and objectives of security?

A. Organizational road map
B. The CIA triad
C. Organizational hierarchy
D. Privacy and use case policies

A

B. The CIA triad

Explanation:
The CIA triad is built upon the principles of confidentiality, integrity, and availability and is at the heart of information security. Confidentiality is the idea that sensitive data should be kept confidential and kept away from unauthorized individuals. Integrity is the idea that data remains authentic and unaltered. Availability ensures reliability and access to system resources.

Examples:

Confidentiality: Advanced Encryption Standard (AES)
Integrity: secure hash algorithm (SHA-3)
Availability: Redundant Array of Independent Disks (RAID)
118
Q

Which of the following will MOST LIKELY reduce an organization’s liability should a breach happen?

A. Due care
B. Standard care
C. Liability assessment
D. Due process

A

A. Due care

Explanation:
Due care is best defined as taking and making decisions that a reasonable and competent person would make. Due care helps shield an organization from liability should a breach happen. If an organization can prove they practiced due care, they are less likely to be found liable for the incident.

119
Q

Which of the following is NOT a way to help prevent a social engineering attack?

A. Request proof of identity
B. When discarding office documentation, be sure to place it in a trash can
C. Ask why when someone requests sensitive information over the phone
D. Never give a password over the phone

A

B. When discarding office documentation, be sure to place it in a trash can

Explanation:
When discarding office documentation, do not merely put it in the trash, but ensure it is discarded in a secure manner.

Whether you are talking in person, through email, or on the phone, always request proof of identity. Sensitive information should never be given over the phone unless it is a secure phone. Never give out a password over the phone for any reason.

120
Q

When discussing cryptography, what BEST introduces Diffusion?

A. Exclusive OR (XOR)
B. Transposition
C. NOT Gate
D. Substitution

A

B. Transposition

Explanation:
In cryptography, Diffusion is introduced using Transposition. Diffusion means that if a single change in the plaintext occurs, multiple ciphertext changes will also occur. Transposition is the rearrangement of data.

121
Q

Max has “Secret” level clearance and is unable to access “Top Secret” resources. What type of access control model does Max’s organization MOST LIKELY use?

A. ABAC
B. DAC
C. MAC
D. RBAC

A

C. MAC

Explanation:
A system that employs Mandatory Access Control (MAC) uses classifications and labels to define user access. Every resource is classified with a label, and users cannot access resources unless they have an equal or greater clearance level. MAC is widely used in government and military environments.

Discretionary Access Control (DAC) allows the Data Owner to control and define access to objects. Role-Based Access Control (RBAC) maps a subject’s role with their needed operations and tasks. Attribute-Based Access Control (ABAC) makes decisions based on attributes for either the subject, object, or actions.

122
Q

Which of the following deals with protecting data from unauthorized alteration?

A. Nonrepudiation
B. Confidentiality
C. Privacy
D. Integrity

A

D. Integrity

Explanation:
Organizations are responsible for maintaining the reliability of data by ensuring that only authorized users can modify it. Integrity is the protection of data from modification by any party without proper authorization.

Privacy and confidentiality refer to keeping data away from unauthorized eyes but doesn’t specifically protect the data from alteration. Nonrepudiation is preventing the denial of truth or validity of something and is irrelevant to this question.

123
Q

Sometimes, patches are missed or fail to install. Of the following, where is this MOST LIKELY to show up?

A. Incident report
B. Threat modeling report
C. Vulnerability scan report
D. Internal audit

A

C. Vulnerability scan report

Explanation:
Vulnerability scanning can help discover systems that still require patching. Vulnerability scans should be performed periodically on production environments.

124
Q

In a nongovernmental organization, the Personally Identifiable Information (PII) of employees would MOST LIKELY be classified as what?

A. Public
B. Private
C. Unclassified
D. Secret

A

B. Private

Explanation:
The Personally Identifiable Information (PII) of a nongovernmental organization’s employees would most likely be classified as Private, because an improper disclosure could seriously impact the organization.

Unclassified and Secret are classifications used primarily in military and government organizations, while Public is a classification used in nongovernmental organizations to describe data with no disclosure impact.

125
Q

Which of the following ports is commonly used for database servers?

A. TCP 1433-1434
B. TCP 23
C. TCP 443
D. UDP 161-162

A

A. TCP 1433-1434

Explanation:
Microsoft SQL Server operates on transmission control protocol (TCP) ports 1433 and 1434.

HTTPS runs on TCP port 443. Telnet runs on TCP port 23. SNMP runs on UDP ports 161-162.

126
Q

Of the following, which BEST explains the rule-based access control model?

A. Global rules are applied to all users equally
B. Local rules are applied to all users in the organization
C. Each user has different rules applied to them
D. Global rules govern and are set for each user individually

A

A. Global rules are applied to all users equally

Explanation:
A rule-based access control model uses global rules applied to all users and other subjects equally. It does not apply rules locally or to individual users. Firewalls include a set of rules or filters called access control lists (ACLs), defined by an administrator. The firewall examines all traffic and only allows traffic that meets one of the specified rules. The final rule is generally a “deny all,” meaning that any remaining traffic that did not meet previous rules will be denied.

127
Q

A Business Continuity Plan (BCP) can help prepare an organization in the event of all EXCEPT which of the following?

A. Failure of CEO’s laptop
B. Tsunami
C. Long term power outage
D. Earthquake

A

A. Failure of CEO’s laptop

Explanation:
A Business Continuity Plan (BCP) helps to prepare an organization for various disasters. While the failure of the CEO’s laptop might seem like a disaster at the time, a BCP is generally intended for more serious disasters of a longer duration.

128
Q

Of the following, what is the MOST effective control at preventing piggybacking or tailgating?

A. An entry log
B. A retinal scanner
C. An access control card
D. A security guard

A

D. A security guard

Explanation:
Of the following options, a security guard is the best control at preventing piggybacking or tailgating. Piggybacking is an access abuse method where one person follows an authorized person into an entrance without swiping their access badge. Even legitimate employees piggyback on other employees. A security guard can help control this type of access abuse.

129
Q

The Trusted Computer System Evaluation Criteria (TCSEC) and Information Technology Security Evaluation Criteria (ITSEC) were replaced by what?

A. Common Criteria
B. The International Standard for System Security Evaluation Criteria (ISSSEC)
C. ISO 27000
D. Evaluation Criteria

A

A. Common Criteria

Explanation:
The U.S. Department of Defense-developed Trusted Computer System Evaluation Criteria (TCSEC), and the European Union-developed Information Technology Security Evaluation Criteria (ITSEC) were replaced with Common Criteria. Common Criteria is published as ISO Standard 15408. It was developed as a standard for evaluating information technology products. Common Criteria has seven levels.

EAL1 – Functionally tested
EAL2 – Structurally tested
EAL3 – Methodically tested and checked
EAL4 – Methodically designed, tested and reviewed
EAL5 – Semiformally designed and tested
EAL6 – Semiformally verified designed and tested
EAL7 – Formally verified design and tested
130
Q

An attacker compromises a standard user account and successfully installs a rootkit on a system. Of the following, what BEST describes the purpose of a rootkit?

A. Modify itself as it spreads throughout the network to avoid signature detection
B. Achieve or maintain elevated privileges
C. Spy and report on user activities
D. Spread itself throughout the network and encrypt files

A

B. Achieve or maintain elevated privileges

Explanation:
A rootkit is used to achieve or maintain elevated privileges on a victim’s host. Rootkits frequently masquerade as system-level services to help remain undetected. Rootkits often have kernel-level access and are very difficult to detect or remove.

131
Q

Which of the following is NOT a status that Network Mapper (Nmap) will output after a scan is completed?

A. Full
B. Closed
C. Filtered
D. Open

A

A. Full

Explanation:
“Full” is not a status that is outputted by a Network Mapper (Nmap) scan. The following are the outputs of a Nmap scan:

Open: Port is open and accepting connections
Closed: Port is accessible but not accepting connections
Filtered: Unable to determine if the port is open or closed due to a firewall
132
Q

Which of these is a type of motion detector?

A. Mantrap
B. FM-200
C. Wave pattern
D. CCTV

A

C. Wave pattern

Explanation:
Wave pattern motion detectors send an ultrasonic or high-frequency microwave to a specific secured area. The pattern is consistent when no object is present. When an object is present, it disrupts the wave pattern and triggers an alarm.

133
Q

What do you call it when you combine multiple pieces of information at a lower classification level to infer information at a higher classification?

A. Access aggregation
B. Access factoring
C. Access creep
D. Footprinting

A

A. Access aggregation

Explanation:
Access aggregation happens when you combine multiple pieces of information at a lower classification level and infer information at a higher classification. This is part of the reconnaissance step in the cyber kill chain.

134
Q

Which of the following would be BEST described as a directory for network services and assets?

A. XAML
B. SSO
C. LDAP
D. Kerberos

A

C. LDAP

Explanation:
A directory service is a centralized database that includes information about subjects and objects. Many directory services are based on the Lightweight Directory Access Protocol (LDAP), such as Microsoft’s Active Directory Domain Services.

135
Q

What is the minimum block length of the Twofish cipher?

A. 192 bits
B. 64 bits
C. 256 bits
D. 128 bits

A

D. 128 bits

Explanation:
Twofish has a fixed block size of 128 bits. It is a symmetric-key block cipher that was a finalist in the Advanced Encryption Standard (AES) contest. It has since been placed in the public domain. Twofish is related to the earlier Blowfish algorithm. Twofish employs 16 rounds of encryption with variable key lengths up to 256 bits.

136
Q

Using the CPU ring architecture model, in which ring do user applications MOST LIKELY reside?

A. Ring 0
B. Ring 1
C. Ring 2
D. Ring 3

A

D. Ring 3

Explanation:
User applications reside in Ring 3, the least secure and trusted of the rings.

Applications (3)
Hardware Drivers (2)
Operating System (1)
Kernel (0)

As protection layer numbers decrease, a higher level of security is required.

137
Q

The total combination of protection mechanisms within a computer system is known as which of the following?

A. Total computing base
B. Total hardware base
C. Trusted computing base
D. Trusted security base

A

C. Trusted computing base

Explanation:
The trusted computing base is the total combination of protection mechanisms for a computer system, including hardware, software, and firmware. These components work together to form a trusted environment that enforces security by controlling access to critical data and processes.

138
Q

Access control is classified as which kind of mechanism?

A. Restoration
B. Corrective
C. Preventative
D. Recovery

A

C. Preventative

Explanation:
An access control’s purpose is to prevent unauthorized access. When corrective, recovery, or restoration mechanisms are needed, it is usually due to the access control system’s failure to prevent damaging intrusion.

Access control systems include preventative, detective, and corrective measures. Corrective is incorrect because corrective controls are used for remedying violations and incidents. Recovery controls is incorrect because recovery controls are used for restoring systems after an incident has occurred. Restoration is incorrect because it is not an access control category or type.

139
Q

Which of the following is considered the STRONGEST authentication factor?

A. Type 2
B. Type 1
C. Type 3
D. Type 4

A

C. Type 3

Explanation:
Type 3 authentication is “something you are.” An example of a type 3 factor is a fingerprint or palm vein scan. All authentication factors have weaknesses and should be combined to create multi-factor authentication (MFA).

Type 1 is “something you know,” like a password, which is not as secure as a fingerprint. Type 2 is “something you have,” like a smartcard or security token, which is not considered as secure as a fingerprint. There is no type 4 factor.

140
Q

ACME Corporation has just recovered the critical computer systems from disaster. However, it will change the way the business operates for years to come. Which plan will likely be MOST useful at this point?

A. Disaster Recovery Plan
B. Disaster Continuity Plan
C. Business Recovery Plan
D. Business Continuity Plan

A

D. Business Continuity Plan

Explanation:
A Business Continuity Plan (BCP) deals with both preparing for a disaster and aiding after a disaster has occurred. The primary goal of a BCP is to reduce disaster-related risks to an acceptable level. A BCP is broader than a Disaster Recovery Plan (DRP) and is focused on the business as a whole, not just IT equipment.

Disaster Recovery Plan (DRP) is incorrect because it is a short-term plan designed to get systems back online as fast as possible.

Disaster Continuity Plan and Business Recovery Plan are both fictitious terms.

141
Q

What type of testing specifically focuses on the limits and barriers of the software?

A. Interface testing
B. Fuzz testing
C. Limit testing
D. Static testing

A

B. Fuzz testing

Explanation:
Fuzz testing is a technique used to find flaws or vulnerabilities by sending randomly generated or specially crafted inputs into the software. There are two types of fuzzers: mutation (dumb) fuzzers and generational (Intelligent) fuzzers. Mutation fuzzers mutate input to create fuzzed input. Generational fuzzers create fuzzed input based on what type of program is being fuzzed.

Static testing is incorrect because it tests the security of software without executing the software. Interface testing is incorrect because it tests the outward-facing part of the software with which a user interacts. Limit testing is a fabricated term.

142
Q

Which of the following Mandatory Access Control (MAC) environments recognizes no relationship between one security domain and another?

A. Mandatory control matrix
B. Compartmentalized environment
C. Hierarchical environment
D. Hybrid environment

A

B. Compartmentalized environment

Explanation:
In a compartmentalized environment, there is no relationship between one security domain and another. Each domain represents a separate isolated compartment. To gain access to an object, the subject must have specific clearance for each security domain. For example, a general may have access to Top Secret information about troop movements but not Top Secret information about nuclear missile construction.

143
Q

Of the following, what is the MOST essential to ensure referential integrity?
A. Candidate key is equal to a valid primary key of a parent table
B. Foreign key is equal to a valid primary key of the same table
C. Foreign key is equal to a valid primary key of a parent table
D. Candidate key is equal to a valid primary key of the same table

A

C. Foreign key is equal to a valid primary key of a parent table

Explanation:
Referential integrity requires that the foreign key be equal to a valid primary key of a different table. A foreign key is a value that references the primary key of a tuple in a different table. The primary key is a unique value for each tuple in a table. There can be no tuples with duplicate primary keys.