Practice Exam Flashcards
Intro Pre-Assessment
(ISC)² publishes a Common Body of Knowledge (CBK) that IT security practitioners should be familiar with; this is recognized throughout the industry as a set of material that is useful for practitioners to refer to. Certifications can be issued for demonstrating expertise in this Common Body of Knowledge. What kind of document is the Common Body of Knowledge?
Standard
(The Common Body of Knowledge is used throughout the industry, recognized among many people, countries and organizations. This is a standard)
Zarma is an (ISC)² member and a security analyst for Triffid Corporation. One of Zarma’s colleagues is interested in getting an (ISC)2 certification and asks Zarma what the test questions are like. What should Zarma do?
Explain the style and format of the questions, but no detail
Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do?
Pay the parking ticket
In risk management concepts, a(n) _________ is something a security practitioner might need to protect.
Asset
Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do?
Stop participating in the group
Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction?
Administrative
Hoshi is an (ISC)2 member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi’s cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do?
disclose the relationship, but recommend the vendor/product
Olaf is a member of (ISC)² and a security analyst for Triffid Corporation. During an audit, Olaf is asked whether Triffid is currently following a particular security practice. Olaf knows that Triffid is not adhering to that standard in that particular situation, but that saying this to the auditors will reflect poorly on Triffid. What should Olaf do?
Tell the auditors the truth
Which of the following is an example of a “something you know” authentication factor?
-Fingerprint
-Iris scan
-Password
-User ID
Password
Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don’t collide with pedestrians. What is probably the most effective type of control for this task?
Physical
Aphrodite is a member of (ISC)² and a data analyst for Triffid Corporation. While Aphrodite is reviewing user log data, Aphrodite discovers that another Triffid employee is violating the acceptable use policy and watching streaming videos during work hours. What should Aphrodite do?
Inform Triffid management
The city of Grampon wants to know where all its public vehicles (garbage trucks, police cars, etc.) are at all times, so the city has GPS transmitters installed in all the vehicles. What kind of control is this?
Technical
The Triffid Corporation publishes a policy that states all personnel will act in a manner that protects health and human safety. The security office is tasked with writing a detailed set of processes on how employees should wear protective gear such as hardhats and gloves when in hazardous areas. This detailed set of processes is a _________.
Procedure
Glen is an (ISC)² member. Glen receives an email from a company offering a set of answers for an (ISC)² certification exam. What should Glen do?
Inform (ISC)²
In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset.
Threat
A software firewall is an application that runs on a device and prevents specific types of traffic from entering that device. This is a type of ________ control.
Technical
(A software firewall is a technical control because it is a part of the IT environment)
Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________.
Law, procedure
(The municipal code was created by a governmental body and is a legal mandate; this is a law. The Triffid checklist is a detailed set of actions which must be used by Triffid employees in specific circumstances; this is a procedure)
A system that collects transactional information and stores it in a record in order to show which users performed which actions is an example of providing ________.
Non-repudiation
A bollard is a post set securely in the ground in order to prevent a vehicle from entering an area or driving past a certain point. Bollards are an example of ______ controls.
Physical
Druna is a security practitioner tasked with ensuring that laptops are not stolen from the organization’s offices. Which sort of security control would probably be best for this purpose?
Physical
(Because laptops are tangible objects, and Druna is trying to ensure that these objects are not moved from a certain place, physical controls are probably best for the purpose)
Who approves the incident response policy?
Senior management
What is the risk associated with delaying resumption of full normal operations after a disaster?
The impact of running alternate operations for extended periods
(Alternate operations are typically more costly than normal operations)
What is the risk associated with resuming full normal operations too soon after a DR effort?
The danger posed by the disaster might still be present
True or False? Business continuity planning is a reactive procedure that restores business operations after a disruption occurs.
False
What is the goal of an incident response effort?
Reduce the impact of incidents on operations
What is the goal of Business Continuity efforts?
Keep critical business functions operational
When should a business continuity plan (BCP) be activated?
When senior management decides
All of the following are typically perceived as drawbacks to biometric systems, except:
Lack of accuracy
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachis logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.
Which security concept is being applied in this situation?
Least privilege
Which of the following would be considered a logical access control?
A fingerprint reader that allows an employee to access a laptop computer
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that operational managers have the utmost personal choice in determining which employees get access to which systems/data. Which method should Handel select?
Discretionary access controls (DAC)
(DAC gives managers the most choice in determining which employees get access to which assets)
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select?
Role-based access controls (RBAC)
(RBAC can aid in reducing privilege creep, where employees who stay with the company for a long period of time might get excess permissions within the environment)
Guillermo logs onto a system and opens a document file. In this example, Guillermo is:
The subject
Larry and Fern both work in the data center. In order to enter the data center to begin their workday, they must both present their own keys (which are different) to the key reader, before the door to the data center opens.
Which security concept is being applied in this situation?
Dual control
Which of the following is a biometric access control mechanism?
A door locked by a voiceprint identifier
Which of the following is probably most useful at the perimeter of a property?
A fence
Which of the following will have the most impact on determining the duration of log retention?
Applicable laws
Trina and Doug both work at Triffid, Inc. Doug is having trouble logging into the network. Trina offers to log in for Doug, using Trina’s credentials, so that Doug can get some work done.
What is the problem with this?
Anything either of them do will be attributed to Trina
Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of:
Role-based access controls (RBAC)
Which of these is an example of a physical access control mechanism?
A lock on a door
Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees transferring from one department to another, getting promoted, or cross-training to new positions can get access to the different assets they’ll need for their new positions, in the most efficient manner. Which method should Handel select?
Role-based access controls (RBAC)
(RBAC is the most efficient way to assign permissions to users based on their job duties)
Which of the following is not an appropriate control to add to privileged accounts?
Security deposit
Trina is a security practitioner at Triffid, Inc. Trina has been tasked with selecting a new product to serve as a security control in the environment. After doing some research, Trina selects a particular product. Before that product can be purchased, a manager must review Trina’s selection and determine whether to approve the purchase. This is a description of:
Segregation of duties
Which of the following statements is true?
It is best to use a blend of controls in order to provide optimum security
A tool that monitors local devices to reduce potential threats from hostile software.
Anti-malware
Which type of fire-suppression system is typically the safest for humans?
Water
A tool that filters inbound traffic to reduce potential threats.
Firewall
The logical address of a device connected to the network or Internet.
Internet Protocol (IP) address
Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks?
Updating and patching systems
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an additional task necessary to ensure this control will function properly?
Update the anti-malware solution regularly
An IoT (Internet of Things) device is typified by its effect on or use of the _____ environment.
Physical
(IoT devices typically have some interaction with the physical realm, either by having some physical effect (a vacuum cleaner, refrigerator, light) or by monitoring the physical environment itself (a camera, sensor, etc.))
The section of the IT environment that is closest to the external world; where we locate IT systems that communicate with the Internet.
DMZ (demilitarized zone)
Which type of fire-suppression system is typically the least expensive?
Water
“Wiring _____” is a common term meaning “a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks.”
Closet
A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages.
Server
Which of the following would be best placed in the DMZ of an IT environment?
Mail server
Cyril wants to ensure all the devices on his company’s internal IT environment are properly synchronized. Which of the following protocols would aid in this effort?
-FTP
-HTTP (Hypertext Transfer Protocol)
-NTP (Network Time Protocol)
-SMTP (Simple Mail Transfer Protocol)
NTP (Network Time Protocol)
The common term for systems that ensure proper temperature and humidity in the data center.
HVAC
Gary is an attacker. Gary is able to get access to the communication wire between Dauphine’s machine and Linda’s machine and can then surveil the traffic between the two when they’re communicating. What kind of attack is this?
On-path
(the attackers insert themselves between communicating parties)
Carol is browsing the Web. Which of the following ports is she probably using?
80 (HTTP traffic)
Bert wants to add a flashlight capability to a smartphone. Bert searches the internet for a free flashlight app, and downloads it to the phone. The app allows Bert to use the phone as a flashlight, but also steals Bert’s contacts list. What kind of app is this?
Trojan
A tool that inspects outbound traffic to reduce potential threats.
DLP (data loss prevention)
Who dictates policy?
Senior management
Data retention periods apply to ____ data.
All of the answers - Sensitive, secret, and medical
Dieter wants to send a message to Lupa and wants to be sure that Lupa knows the message has not been modified in transit. What technique/tool could Dieter use to assist in this effort?
Hashing
(a means to provide a security check)
The output of any given hashing algorithm is always _____.
The same length
Proper alignment of security policy and business goals within the organization is important because:
Security policy that conflicts with business goals can inhibit productivity
By far, the most crucial element of any security instruction program.
Preserve health and human safety
Data _____ is data left behind on systems/media after normal deletion procedures have been attempted.
Remanence
If two people want to use symmetric encryption to conduct a confidential conversation, how many keys do they need?
1
Log data should be kept ______.
On a device other than where it was captured
Triffid, Inc., wants to host streaming video files for the company’s remote users, but wants to ensure the data is protected while it’s streaming. Which of the following methods are probably best for this purpose?
Symmetric encryption
Symmetric encryption offers confidentiality of data with the least amoun
The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______.
The user who signed it
Logs should be reviewed ______.
Continually
Archiving is typically done when _________.
Data is not needed for regular work purposes
Chad is a security practitioner tasked with ensuring that the information on the organization’s public website is not changed by anyone outside the organization.
Which concept does this task demonstrate?
Integrity
A photograph of your face is an example of which authentication factor?
“Something you are”
For which of the following assets is integrity probably the MOST important security aspect?
-One frame of a streaming video
-Software that checks the spelling of product descriptions for a retail website
-The color scheme of a marketing website
-The file that contains passwords used to authenticate users
The file that contains passwords used to authenticate users
In risk management, which concept reflects something a security practitioner might need to protect?
Asset
Of the following, which would probably NOT be considered a threat?
-Laptop with sensitive data on it
-An external attacker trying to gain unauthorized access to the environment
-Natural disaster
-Unintentional damage to the system caused by a user
A laptop with sensitive data on it
(A laptop, and the data on it, are assets, not threats)
Which of the following probably poses the MOST risk?
-A high-likelihood, high-impact event
-A high-likelihood, low-impact event
-A low-likelihood, high-impact event
-A low-likelihood, low-impact event
A high-likelihood, high-impact event
Within the organization, who can identify risk?
Anyone
Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution.
What concept does Kerpak’s solution demonstrate?
Mitigation
Fill in the missing word:
Sophia is visiting Las Vegas and decides to put a bet on a particular number on a roulette wheel.
This is an example of _________.
Acceptance
(Sophia is accepting the risk that the money will be lost, even though the likelihood is high; Sophia has decided that the potential benefit (winning the bet), while low in likelihood, is worth the risk.)
Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount.
What concept does this demonstrate?
Risk tolerance
At the airport, there are red lines painted on the ground next to the runway, which prohibits traffic from crossing it.
Which type of control does this exemplify?
Physical
The city of San Jose wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail.
What kind of rule is this?
Law
(The city council is a governmental body making a legal mandate; this is a law)
The Triffid Corporation publishes a strategic overview of the company’s intent to secure all the data the company possesses. This document is signed by Triffid’s senior management.
What kind of document is this?
Policy
(This is an internal, strategic document, and is therefore a policy)
The Payment Card Industry (PCI) Council is a committee made up of representatives from major credit card providers (Visa, Mastercard, American Express) in the United States.
The PCI Council issues rules that merchants must follow if the merchants choose to accept payment via credit card. These rules describe best practices for securing credit card processing technology, activities for securing credit card information, and how to protect personal data of customers.
Which of the following describes this set of rules?
Standard
(This set of rules is known as the Data Security Standard, and it is accepted throughout the industry)
You are reviewing log data from a router; there is an entry showing that a user sent traffic through the router at 11:45 a.m., local time, yesterday.
Which of the following does this exemplify?
Event
(any observable occurrence within the IT environment)
An attacker outside the organization attempts to gain access to the organization’s internal files.
Which of the following does this scenario exemplify?
Intrusion (an attempt (successful or otherwise) to gain unauthorized access)
Business Continuity efforts are
about sustaining critical business functions during periods of potential interruption, such as emergencies, incidents, and disasters
Which of the following is likely to be included in the business continuity plan?
Alternate work areas for personnel affected by a natural disaster
What is the overall objective of a disaster recovery (DR) effort?
Return to normal, full operations
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs on to the system, an access control list (ACL) checks to determine which permissions he has.
In this situation, Prachi represents what?
The subject
(Prachi manipulates the database; this makes Prachi the subject)
Which of the following is a record of something that has occurred?
Log
Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour.
Why could this be?
Gary’s actions look like an attack
Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that he has to reset his password.
What may have occurred to cause this?
Suvid’s password has expired
What type of device filters network traffic in order to enhance overall security/performance?
Firewall
(Firewalls filter traffic in order to enhance the overall security or performance of the network, or both)
Triffid, Inc., has many remote workers who use their own IT devices to process Triffid’s information. The Triffid security team wants to deploy some sort of sensor on user devices in order to recognize and identify potential security issues.
Which of the following is probably most appropriate for this specific purpose?
HIDS (host-based intrusion-detection systems)
(expressly designed for this purpose; each HIDS is installed on each endpoint machine)
Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed.
Which security solution can often identify and potentially counter this risk?
Firewall
(Firewalls can often identify hostile inbound traffic, and potentially counter it)
Which common cloud service model offers the customer the MOST control of the cloud environment?
Infrastructure as a service (IaaS)
What type of device is commonly advisable to have on the perimeter between two networks?
Firewall
(often useful to monitor/filter traffic between two networks)
To what data does security need to be provided?
All of the answers - Illegal, restricted, and private
(All data needs some form of security; even data that is not sensitive (such as data intended for public view) needs protection to ensure availability)
What should security controls on log data reflect?
The sensitivity of the source device
How often should logs be reviewed?
Continually
Which of the following is used to ensure that configuration management activities are effective and enforced?
Verification and audit
(methods used to review the IT environment to ensure that configuration management activities have taken place and are achieving their intended purpose)
What must an organization always be prepared to do when applying a patch?
Rollback
(Patches can sometimes cause unintended problems in the environment, so an organization must always be prepared to rollback the environment to the last known good state prior to when the patch was applied)
Which one of the following is a benefit of computer-based training (CBT)?
Scalable
(it can be replicated uniformly for any number of users)
If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need?
4
(in asymmetric encryption, each party needs their own key pair (a public key and a private key) to engage in confidential communication)
