Practice exam questions (book) 250 Flashcards by Josh Selkirk

Which of the following best describes the relationship between CobiT and ITIL?

A. CobiT is a model for IT governance, whereas ITIL is a model for corporate governance.

B. CobiT provides a corporate governance roadmap, whereas ITIL is a customizable framework for IT service management.

C. CobiT defines IT goals, whereas ITIL provides the process-level steps on how to achieve them.

D. CobiT provides a framework for achieving security goals, whereas ITIL defines a framework for achieving IT service-level goals.

How well did you know this?

Not at all

Perfectly

Jane has been charged with ensuring that clients’ personal health information is adequately protected before it is exchanged with a new European partner. What data security requirements must she adhere to?

A. HIPAA

B. NIST SP 800-66

C. Safe Harbor

D. European Union Principles on Privacy

How well did you know this?

Not at all

Perfectly

Global organizations that transfer data across international boundaries must abide by guidelines and transborder information flow rules developed by an international organization that helps different governments come together and tackle the economic, social, and governance challenges of a globalized economy. What organization is this?

A. Committee of Sponsoring Organizations of the Treadway Commission

B. The Organisation for Economic Co-operation and Development

C. CobiT

D. International Organization for Standardization

How well did you know this?

Not at all

Perfectly

Steve, a department manager, has been asked to join a committee that is responsible for defining an acceptable level of risk for the organization, reviewing risk assessment and audit reports, and approving significant changes to security policies and programs. What committee is he joining?

A. Security policy committee

B. Audit committee

C. Risk management committee

D. Security steering committee

How well did you know this?

Not at all

Perfectly

As head of sales, Jim is the information owner for the sales department. Which of the following is not Jim’s responsibility as information owner?

A. Assigning information classifications

B. Dictating how data should be protected

C. Verifying the availability of data

D. Determining how long to retain data

How well did you know this?

Not at all

Perfectly

Assigning data classification levels can help with all of the following except:

A. The grouping of classified information with hierarchical and restrictive security

B. Ensuring that nonsensitive data is not being protected by unnecessary controls

C. Extracting data from a database

D. Lowering the costs of protecting data

How well did you know this?

Not at all

Perfectly

Which of the following is not included in a risk assessment?

A. Discontinuing activities that introduce risk

B. Identifying assets

C. Identifying threats

D. Analyzing risk in order of cost or criticality

How well did you know this?

Not at all

Perfectly

Sue has been tasked with implementing a number of security controls, including antivirus and antispam software, to protect the company’s e-mail system. What type of approach is her company taking to handle the risk posed by the system?

A. Risk mitigation

B. Risk acceptance

C. Risk avoidance

D. Risk transference

How well did you know this?

Not at all

Perfectly

The integrity of data is not related to which of the following?

A. Unauthorized manipulation or changes to data

B. The modification of data without authorization

C. The intentional or accidental substitution of data

D. The extraction of data to share with unauthorized entities

How well did you know this?

Not at all

Perfectly

There are several methods an intruder can use to gain access to company assets. Which of the following best describes masquerading?

A. Changing an IP packet’s source address

B. Elevating privileges to gain access

C. An attempt to gain unauthorized access as another user

D. Creating a new authorized user with hacking tools

How well did you know this?

Not at all

Perfectly

A number of factors should be considered when assigning values to assets. Which of the following is not used to determine the value of an asset?

A. The asset’s value in the external marketplace

B. The level of insurance required to cover the asset

C. The initial and outgoing costs of purchasing, licensing, and supporting the asset

D. The asset’s value to the organization’s production operations

How well did you know this?

Not at all

Perfectly

Jill is establishing a companywide sales program that will require different user groups with different privileges to access information on a centralized database. How should the security manager secure the database?

A. Increase the database’s security controls and provide more granularity.

B. Implement access controls that display each user’s permissions each time they access the database.

C. Change the database’s classification label to a higher security status.

D. Decrease the security so that all users can access the information as needed.

How well did you know this?

Not at all

Perfectly

As his company’s CISO, George needs to demonstrate to the Board of Directors the necessity of a strong risk management program. Which of the following should George use to calculate the company’s residual risk?

A. threats × vulnerability × asset value = residual risk

B. SLE × frequency = ALE, which is equal to residual risk

C. (threats × vulnerability × asset value) × control gap = residual risk

D. (total risk – asset value) × countermeasures = residual risk

How well did you know this?

Not at all

Perfectly

Authorization creep is to access controls what scope creep is to software development. Which of the following is not true of authorization creep?

A. Users have a tendency to request additional permissions without asking for others to be taken away.

B. It is a violation of “least privilege.”

C. It enforces the “need-to-know” concept.

D. It commonly occurs when users transfer to other departments or change positions.

How well did you know this?

Not at all

Perfectly

For what purpose was the COSO framework developed?

A. To address fraudulent financial activities and reporting

B. To help organizations install, implement, and maintain CobiT controls

C. To serve as a guideline for IT security auditors to use when verifying compliance

D. To address regulatory requirements related to protecting private health information

How well did you know this?

Not at all

Perfectly

Susan, an attorney, has been hired to fill a new position at Widgets Inc. The position is Chief Privacy Officer (CPO). What is the primary function of her new role?

A. Ensuring the protection of partner data

B. Ensuring the accuracy and protection of company financial information

C. Ensuring that security policies are defined and enforced

D. Ensuring the protection of customer, company, and employee data

How well did you know this?

Not at all

Perfectly

Jared plays a role in his company’s data classification system. In this role, he must practice due care when accessing data and ensure that the data is used only in accordance with allowed policy while abiding by the rules set for the classification of the data. He does not determine, maintain, or evaluate controls, so what is Jared’s role?

A. Data owner

B. Data custodian

C. Data user

D. Information systems auditor

How well did you know this?

Not at all

Perfectly

Risk assessment has several different methodologies. Which of the following official risk methodologies was not created for the purpose of analyzing security risks?

A. FAP

B. OCTAVE

C. ANZ 4360

D. NIST SP 800-30

How well did you know this?

Not at all

Perfectly

Which of the following is not a characteristic of a company with a security governance program in place?

A. Board members are updated quarterly on the company’s state of security.

B. All security activity takes place within the security department.

C. Security products, services, and consultants are deployed in an informed manner.

D. The organization has established metrics and goals for improving security.

How well did you know this?

Not at all

Perfectly

Michael is charged with developing a classification program for his company. Which of the following should he do first?

A. Understand the different levels of protection that must be provided.

B. Specify data classification criteria.

C. Identify the data custodians.

D. Determine protection mechanisms for each classification level.

How well did you know this?

Not at all

Perfectly

There are four ways of dealing with risk. In the graphic that follows, which method is missing and what is the purpose of this method?

A. Risk transference. Share the risk with other entities.

B. Risk reduction. Reduce the risk to an acceptable level.

C. Risk rejection. Accept the current risk.

D. Risk assignment. Assign risk to a specific owner.

How well did you know this?

Not at all

Perfectly

The following graphic contains a commonly used risk management scorecard. Identify the proper quadrant and its description.

A. Top-right quadrant is high impact, low probability.

B. Top-left quadrant is high impact, medium probability.

C. Bottom-left quadrant is low impact, high probability.

D. Bottom-right quadrant is low impact, high probability.

How well did you know this?

Not at all

Perfectly

What are the three types of policies that are missing from the following graphic?

A. Regulatory, Informative, Advisory

B. Regulatory, Mandatory, Advisory

C. Regulatory, Informative, Public

D. Regulatory, Informative, Internal Use

How well did you know this?

Not at all

Perfectly

List in the proper order from the table that follows the learning objectives that are missing and their proper definitions.

A. Understanding, recognition and retention, skill

B. Skill, recognition and retention, skill

C. Recognition and retention, skill, understanding

D. Skill, recognition and retention, understanding

How well did you know this?

Not at all

Perfectly

25. What type of risk analysis approach does the following graphic provide? A. Quantitative B. Qualitative C. Operationally Correct D. Operationally Critical

26. ISO/IEC 27000 is part of a growing family of ISO/IEC information security management systems (ISMS) standards. It comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Which of the following provides an incorrect mapping of the individual standards that make up this family of standards? A. ISO/IEC 27002 Code of practice for information security management B. ISO/IEC 27003 Guideline for ISMS implementation C. ISO/IEC 27004 Guideline for information security management measurement and metrics framework D. ISO/IEC 27005 Guideline for bodies providing audit and certification of information security management systems

27. Which of the following is the criteria Sam’s company was most likely certified under? A. SABSA B. Capability Maturity Model Integration C. Information Technology Infrastructure Library D. PRINCE2

28. What is the associated single loss expectancy value in this scenario? A. $65,000 B. $400,000 C. $40,000 D. $4,000

29. Which of the following best describes the control types the company originally had in place? A. Administrative preventive controls are the policies and procedures. Technical preventive controls are securing the system, network segmentation, and intrusion detection system. Physical detective controls are the physical location of the database and PIN and smart card access controls. B. Administrative preventive controls are the policies. Technical preventive controls are securing the system and intrusion detection system. Physical preventive controls are the physical location of the database and PIN and smart card access controls. C. Administrative corrective controls are the policies and procedures. Technical preventive controls are securing the system, network segmentation, and intrusion detection system. Physical preventive controls are the physical location of the database and PIN and smart card access controls. D. Administrative preventive controls are the policies and procedures. Technical preventive controls are securing the system and network segmentation. The technical detective control is the intrusion detection system. Physical preventive controls are the physical location of the database and PIN and smart card access controls.

30. The storage management system that Barry put into place is referred to as which of the following? A. Administrative control B. Compensating control C. Physical control D. Confidentiality control

31. Which are the two most common situations that require the type of control covered in the scenario to be implemented? A. Defense-in-depth is required and the current controls only provide one protection layer. B. Primary control costs too much or negatively affects business operations. C. Confidentiality is the highest concern in a situation where defense-in-depth is required. D. Availability is the highest concern in a situation where defense-in-depth is required.

1. Which of the following does not correctly describe a directory service? A. It manages objects within a directory by using namespaces. B. It enforces security policy by carrying out access control and identity management functions. C. It assigns namespaces to each object in databases that are based on the X.509 standard and are accessed by LDAP. D. It allows an administrator to configure and manage how identification takes place within the network.

2. Hannah has been assigned the task of installing Web access management (WAM) software. What is the best description for what WAM is commonly used for? A. Control external entities requesting access through X.500 databases B. Control external entities requesting access to internal objects C. Control internal entities requesting access through X.500 databases D. Control internal entities requesting access to external objects

3. There are several types of password management approaches used by identity management systems. Which of the following reduces help-desk call volume, but is also criticized for the ease with which a hacker could gain access to multiple resources if a password is compromised? A. Management password reset B. Self-service password reset C. Password synchronization D. Assisted password reset

4. A number of attacks can be performed against smart cards. Side-channel is a class of attacks that doesn’t try to compromise a flaw or weakness. Which of the following is not a side-channel attack? A. Differential power analysis B. Microprobing analysis C. Timing analysis D. Electromagnetic analysis

5. Which of the following does not describe privacy-aware role-based access control? A. It is an example of a discretionary access control model. B. Detailed access controls indicate the type of data that users can access based on the data’s level of privacy sensitivity. C. It is an extension of role-based access control. D. It should be used to integrate privacy policies and access control policies.

6. What was the direct predecessor to Standard Generalized Markup Language (SGML)? A. Hypertext Markup Language (HTML) B. Extensible Markup Language (XML) C. LaTeX D. Generalized Markup Language (GML)

7. Brian has been asked to work on the virtual directory of his company’s new identity management system. Which of the following best describes a virtual directory? A. Meta-directory B. User attribute information stored in an HR database C. Virtual container for data from multiple sources D. A service that allows an administrator to configure and manage how identification takes place

8. Emily is listening to network traffic and capturing passwords as they are sent to the authentication server. She plans to use the passwords as part of a future attack. What type of attack is this? A. Brute-force attack B. Dictionary attack C. Social engineering attack D. Replay attack

9. Which of the following correctly describes a federated identity and its role within identity management processes? A. A nonportable identity that can be used across business boundaries B. A portable identity that can be used across business boundaries C. An identity that can be used within intranet virtual directories and identity stores D. An identity specified by domain names that can be used across business boundaries

10. Phishing and pharming are similar. Which of the following correctly describes the difference between phishing and pharming? A. Personal information is collected from victims through legitimate-looking Web sites in phishing attacks, while personal information is collected from victims via e-mail in pharming attacks. B. Phishing attacks point e-mail recipients to a form where victims input personal information, while pharming attacks use pop-up forms at legitimate Web sites to collect personal information from victims. C. Victims are pointed to a fake Web site with a domain name that looks similar to a legitimate site’s in a phishing attack, while victims are directed to a fake Web site as a result of a legitimate domain name being incorrectly translated by the DNS server in a pharming attack. D. Phishing is a technical attack, while pharming is a type of social engineering.

11. Security countermeasures should be transparent to users and attackers. Which of the following does not describe transparency? A. User activities are monitored and tracked without negatively affecting system performance. B. User activities are monitored and tracked without the user knowing about the mechanism that is carrying this out. C. Users are allowed access in a manner that does not negatively affect business processes. D. Unauthorized access attempts are denied and logged without the intruder knowing about the mechanism that is carrying this out.

12. What markup language allows for the sharing of application security policies to ensure that all applications are following the same security rules? A. XML B. SPML C. XACML D. GML

13. The importance of protecting audit logs generated by computers and network devices is highlighted by the fact that it is required by many of today’s regulations. Which of the following does not explain why audit logs should be protected? A. If not properly protected, these logs may not be admissible during a prosecution. B. Audit logs contain sensitive data and should only be accessible to a certain subset of people. C. Intruders may attempt to scrub the logs to hide their activities. D. The format of the logs should be unknown and unavailable to the intruder.

14. Harrison is evaluating access control products for his company. Which of the following is not a factor he needs to consider when choosing the products? A. Classification level of data B. Level of training that employees have received C. Logical access controls provided by products D. Legal and regulation issues

15. There are several types of intrusion detection systems (IDSs). What type of IDS builds a profile of an environment’s normal activities and assigns an anomaly score to packets based on the profile? A. State-based B. Statistical anomaly–based C. Misuse-detection system D. Protocol signature–based

16. A rule-based IDS takes a different approach than a signature-based or anomaly-based system. Which of the following is characteristic of a rule-based IDS? A. Uses IF/THEN programming within expert systems B. Identifies protocols used outside of their common bounds C. Compares patterns to several activities at once D. Can detect new attacks

17. Sam plans to establish mobile phone service using the personal information he has stolen from his former boss. What type of identity theft is this? A. Phishing B. True name C. Pharming D. Account takeover

18. Of the following, what is the primary item that a capability list is based upon? A. A subject B. An object C. A product D. An application

19. Alex works for a chemical distributor that assigns employees tasks that separate their duties and routinely rotates job assignments. Which of the following best describes the differences between these countermeasures? A. They are the same thing with different titles. B. They are administrative controls that enforce access control and protect the company’s resources. C. Separation of duties ensures that one person cannot perform a high-risk task alone, and job rotation can uncover fraud because more than one person knows the tasks of a position. D. Job rotation ensures that one person cannot perform a high-risk task alone, and separation of duties can uncover fraud because more than one person knows the tasks of a position.

20. What type of markup language allows company interfaces to pass service requests and the receiving company provision access to these services? A. XML B. SPML C. SGML D. HTML

21. There are several different types of centralized access control protocols. Which of the following is illustrated in the graphic that follows? A. Diameter B. Watchdog C. RADIUS D. TACACS+

22. An access control matrix is used in many operating systems and applications to control access between subjects and objects. What is the column in this type of matrix referred to? Access Control Matrix A. Capability table B. Constrained interface C. Role-based value D. ACL

23. What technology within identity management is illustrated in the graphic that follows? A. User provisioning B. Federated identity C. Directories D. Web access management

24. There are several different types of single sign-on protocols and technologies in use today. What type of technology is illustrated in the graphic that follows? A. Kerberos B. Discretionary access control C. SESAME D. Mandatory access control

25. There are different ways that specific technologies can create one-time passwords for authentication purposes. What type of technology is illustrated in the graphic that follows? A. Counter synchronous token B. Asynchronous token C. Mandatory token D. Synchronous token

26. Sally is carrying out a software analysis on her company’s proprietary application. She has found out that it is possible for an attacker to force an authorization step to take place before the authentication step is completed successfully. What type of issue would allow for this type of compromise to take place? A. Backdoor B. Maintenance hook C. Race condition D. Data validation error

27. Which of the following best describes how SAML, SOAP, and HTTP commonly work together in an environment that provides Web services? A. Security attributes are put into SAML format. Web service request and authentication data are encrypted in a SOAP message. Message is transmitted in an HTTP connection. B. Security attributes are put into SAML format. Web service request and authentication data are encapsulated in a SOAP message. Message is transmitted in an HTTP connection over TLS. C. Authentication data are put into SAML format. Web service request and authentication data are encapsulated in a SOAP message. Message is transmitted in an HTTP connection. D. Authentication data are put into SAML format. HTTP request and authentication data are encapsulated in a SOAP message. Message is transmitted in an HTTP connection.

28. Tom works at a large retail company that recently deployed radio-frequency identification (RFID) to better manage its inventory processes. Employees use scanners to gather product-related information instead of manually looking up product data. Tom has found out that malicious customers have carried out attacks on the RFID technology to reduce the amount they pay on store items. Which of the following is the most likely reason for the existence of this type of vulnerability? A. The company’s security team does not understand how to secure this type of technology. B. The cost of integrating security within RFID is cost prohibitive. C. The technology has low processing capabilities, and encryption is very processor-intensive. D. RFID is a new and emerging technology, and the industry does not currently have ways to secure it.

29. Tanya is the security administrator for a large distributed retail company. The company’s network has many different network devices and software appliances that generate logs and audit data. Tanya and her staff have become overwhelmed with trying to review all of the log files when attempting to identify if anything suspicious is taking place within the network. Which of the following is the best solution for this company to implement? A. Security information and event management B. Event correlation tools C. Intrusion detection systems D. Security event correlation management tools

30. Sarah and her security team have carried out many vulnerability tests over the years to locate the weaknesses and vulnerabilities within the systems on the network. The CISO has asked her to oversee the development of a threat model for the network. Which of the following best describes what this model is and what it would be used for? A. A threat model can help to assess the probability, the potential harm, and the priority of attacks, and thus help to minimize or eradicate the threats. B. A threat model combines the output of the various vulnerability tests and the penetration tests carried out to understand the security posture of the network as a whole. C. A threat model is a risk-based model that is used to calculate the probabilities of the various risks identified during the vulnerability tests. D. A threat model is used in software development practices to uncover programming errors.

1. Lacy’s manager has tasked her with researching an intrusion detection system for a new dispatching center. Lacy identifies the top five products and compares their ratings. Which of the following are the evaluation criteria most in use today for these types of purposes? A. ITSEC B. Common Criteria C. Red Book D. Orange Book

2. Certain types of attacks have been made more potent by which of the following advances to microprocessor technology? A. Increased circuits, cache memory, and multiprogramming B. Dual-mode computation C. Direct memory access I/O D. Increases in processing power

3. CPUs and operating systems can work in two main types of multitasking modes. What controls access and the use of system resources in preemptive multitasking mode? A. The user and application B. The program that is loaded into memory C. The operating system D. The CPU and user

4. Virtual storage combines RAM and secondary storage for system memory. Which of the following is a security concern pertaining to virtual storage? A. More than one process uses the same resource. B. It allows cookies to remain persistent in memory. C. It allows for side-channel attacks to take place. D. Two processes can carry out a denial-of-service.

5. Which of the following is a common association of the Clark-Wilson access model? A. Chinese Wall B. Access tuple C. Read up and write down rule D. Subject and application binding

6. Which of the following correctly describes the relationship between the reference monitor and the security kernel? A. The security kernel implements and enforces the reference monitor. B. The reference monitor is the core of the trusted computing base, which is made up of the security kernel. C. The reference monitor implements and enforces the security kernel. D. The security kernel, aka abstract machine, implements the reference monitor concept.

7. The trusted computing base (TCB) ensures security within a system when a process in one domain must access another domain in order to retrieve sensitive information. What function does the TCB initiate to ensure that this is done in a secure manner? A. I/O operational execution B. Process deactivation C. Execution domain switching D. Virtual memory to real memory mapping

8. The Zachman Architecture Framework is often used to set up an enterprise security architecture. Which of the following does not correctly describe the Zachman Framework? A. A two-dimensional model that uses communication interrogatives intersecting with different levels B. A security-oriented model that gives instructions in a modular fashion C. Used to build a robust enterprise architecture versus a technical security architecture D. Uses six perspectives to describe a holistic information infrastructure

9. John has been told to report to the board of directors with a vendor-neutral enterprise architecture framework that will help the company reduce fragmentation that results from the misalignment of IT and business processes. Which of the following frameworks should he suggest? A. DoDAF B. CMMI C. ISO/IEC 42010 D. TOGAF

10. Protection profiles used in the Common Criteria evaluation process contain five elements. Which of the following establishes the type and intensity of the evaluation? A. Descriptive elements B. Evaluation assurance requirements C. Evaluation assurance level D. Security target

11. Which of the following best defines a virtual machine? A. A virtual instance of an operating system B. A piece of hardware that runs multiple operating system environments simultaneously C. A physical environment for multiple guests D. An environment that can be fully utilized while running legacy applications

12. Bethany is working on a mandatory access control (MAC) system. She has been working on a file that was classified as Secret. She can no longer access this file because it has been reclassified as Top Secret. She deduces that the project she was working on has just increased in confidentiality and she now knows more about this project than her clearance and need-to-know allows. Which of the following refers to a concept that attempts to prevent this type of scenario from occurring? A. Covert storage channel B. Inference attack C. Noninterference D. Aggregation

13. Virtualization offers many benefits. Which of the following incorrectly describes virtualization? A. Virtualization simplifies operating system patching. B. Virtualization can be used to build a secure computing platform. C. Virtualization can provide fault and error containment. D. Virtual machines offer powerful debugging capabilities.

14. Which security architecture model defines how to securely develop access rights between subjects and objects? A. Brewer-Nash B. Clark-Wilson C. Graham-Denning D. Bell-LaPadula

15. Operating systems can be programmed to carry out different methods for process isolation. Which of the following refers to a method in which an interface defines how communication can take place between two processes and no process can interact with the other’s internal programming code? A. Virtual mapping B. Encapsulation of objects C. Time multiplexing D. Naming distinctions

16. Which of the following is not a responsibility of the memory manager? A. Use complex controls to ensure integrity and confidentiality when processes need to use the same shared memory segments. B. Limit processes to interact only with the memory segments assigned to them. C. Swap contents from RAM to the hard drive as needed. D. Run an algorithm to identify unused committed memory and inform the operating system that the memory is available.

17. Several types of read-only memory devices can be modified after they are manufactured. Which of the following statements correctly describes the differences between two types of ROM? A. PROM can only be programmed once, while EEPROM can be programmed multiple times. B. A UV light is used to erase data on EEPROM, while onboard programming circuitry and signals erase data on EPROM. C. The process used to delete data on PROM erases one byte at a time, while to erase data on an EPROM chip, you must remove it from the hardware. D. The voltage used to write bits into the memory cells of EPROM burns out the fuses that connect individual memory cells, while UV light is used to write to the memory cells of PROM.

18. There are different ways that operating systems can carry out software I/O procedures. Which of the following is used when the CPU sends data to an I/O device and then works on another process’s request until the I/O device is ready for more data? A. I/O using DMA B. Interrupt-driven I/O C. Programmable I/O D. Premapped I/O

19. The Information Technology Infrastructure Library (ITIL) consists of five sets of instructional books. Which of the following is considered the core set and focuses on the overall planning of the intended IT services? A. Service Operation B. Service Design C. Service Transition D. Service Strategy

20. Widgets Inc.’s software development processes are documented and the organization is capable of producing its own standard of software processes. Which of the following Capability Maturity Model Integration levels best describes Widgets Inc.? A. Initial B. Repeatable C. Defined D. Managed

21. There are several different important pieces to the Common Criteria. Which of the following best describes the first of the missing components? A. Target of evaluation B. Protection profile C. Security target D. EALs

22. Different access control models provide specific types of security measures and functionality in applications and operating systems. What model is being expressed in the graphic that follows? A. Noninterference B. Biba C. Bell-LaPadula D. Chinese Wall

23. There are many different types of access control mechanisms that are commonly embedded into all operating systems. Which of the following is the mechanism that is missing in this graphic? A. Trusted computing base B. Security perimeter C. Reference monitor D. Domain

24. There are several security enforcement components that are commonly built into operating systems. Which component is illustrated in the graphic that follows? A. Virtual machines B. Interrupt C. Cache memory D. Protection rings

25. A multitasking operating system can have several processes running at the same time. What are the components within the processes that are shown in the graphic that follows? A. Threads B. Registers C. Address buses D. Process tables

26. Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities. Which of the following best describes the standard Charlie’s team needs to comply with? A. International standard on system design to allow for better quality, interoperability, extensibility, portability, and security B. International standard on system security to allow for better threat modeling C. International standard on system architecture to allow for better quality, interoperability, extensibility, portability, and security D. International standard on system architecture to allow for better quality, extensibility, portability, and security

27. Charlie is a new security manager at a textile company that develops its own proprietary software for internal business processes. Charlie has been told that the new application his team needs to develop must comply with the ISO/IEC 42010 standard. He has found out that many of the critical applications have been developed in the C programming language and has asked for these applications to be reviewed for a specific class of security vulnerabilities. Which of the following is Charlie most likely concerned with in this situation? A. Injection attacks B. Memory block C. Buffer overflows D. Browsing attacks

28. Which of the following best describes the type of protection that needs to be provided by this product? A. Hardware isolation B. Memory induction application C. Data execution prevention D. Domain isolation protection

29. Which of the following best describes the type of technology the team should implement to increase the work effort of buffer overflow attacks? A. Address space layout randomization B. Memory induction application C. Input memory isolation D. Read-only memory integrity checks

30. Which of the following best describes the second operating system architecture described in the scenario? A. Layered B. Microkernel C. Monolithic D. Kernel based

31. Which of the following best describes why there was a performance issue in the context of the scenario? A. Bloated programming code B. I/O and memory location procedures C. Mode transitions D. Data and address bus architecture

32. Which of the following best describes the last architecture described in this scenario? A. Hybrid microkernel B. Layered C. Monolithic D. Hardened and embedded

1. Robert has been given the responsibility of installing doors that provide different types of protection. He has been told to install doors that provide failsafe, fail-secure, and fail-soft protection. Which of the following statements is true about secure door types? A. Fail-soft defaults to the sensitivity of the area. B. Fail-safe defaults to locked. C. Fail-secure defaults to unlocked. D. Fail-secure defaults to double locked.

2. Windows can have different glazing materials. What type of window may be prohibited by fire codes because of its combustibility? A. Tempered B. Polycarbonate acrylic C. Glass-clad polycarbonate D. Laminated

3. As with logical access controls, audit logs should be produced and monitored for physical access controls. Which of the following statements is correct about auditing physical access? A. Unsuccessful access attempts should be logged but only need to be reviewed by a security guard. B. Only successful access attempts should be logged and reviewed. C. Only unsuccessful access attempts during unauthorized hours should be logged and reviewed. D. All unsuccessful access attempts should be logged and reviewed.

4. Brad is installing windows on the storefront of a bank in an area known to be at risk of fires in the dry season. Which of the following is least likely to be true of the windows he is installing? A. The glass has embedded wires. B. They are made of glass-clad polycarbonate. C. The window material is acrylic glass. D. A solar window film has been added to them.

5. CCTV can use fixed focal length or varifocal lenses. Which of the following correctly describes the lenses used in CCTV? A. A fixed focal length lens allows you to move between various fields of view with a single lens. B. To cover a large area and not focus on specific items, use a large lens opening. C. An auto-iris lens should be used in an area with fixed lighting. D. A shallow depth of focus allows you to focus on smaller details.

6. Which of the following describes the type of construction materials most commonly used to build a bank’s exterior walls? A. Dense woods fastened with metal bolts and plates B. Steel rods encased inside of concrete walls and support beams C. Untreated lumber D. Steel

7. Which of the following is a light-sensitive chip used in most of today’s CCTV cameras? A. Digital Light Processing B. Cathode ray tube C. Annunciator D. Charged-coupled devices

8. John is installing a sprinkler system that makes use of a thermal-fusible link for a data center located in Canada. Which of the following statements is true of the system he’s installing? A. The pipes of a dry pipe system are filled with water when pressurized air within the pipes is reduced. B. The pipes of a preaction system are filled with water when pressurized air within the pipes is reduced. C. The sprinkler heads of a deluge system are wide open to allow a larger volume of water to be released in a shorter period. D. The pipes in a wet pipe system always contain water.

9. Which of the following allows security personnel to change the field of view of a CCTV lens to different angles and distances? A. Depth of field B. Manual iris C. Zoom D. Illumination

10. An outline for a physical security design should include program categories and the necessary countermeasures for each. What category do locks and access controls belong to? A. Assessment B. Deterrence C. Response D. Delay

11. A number of factors need to be considered when buying and implementing a CCTV system. Which of the following is the primary factor in determining whether a lens should have a manual iris or an auto-iris? A. If the camera must be able to move in response to commands B. If the environment has fixed lighting C. If objects to be viewed are wide angle, such as a parking lot, or narrow, such as a door D. The amount of light present in the environment

12. IDSs can detect intruders by employing electromechanical systems or volumetric systems. Which of the following correctly describes these systems? A. Because they detect changes in subtle environmental characteristics, electromechanical systems are more sensitive than volumetric. B. Electromechanical systems are less sensitive than volumetric systems, which detect subtle changes in environmental characteristics. C. Electromagnetic systems deal with environmental changes such as ultrasonic frequencies, while volumetric systems can employ pressure mats or metallic foil in windows. D. Electromagnetic systems are more sensitive because they detect a change or break in a circuit, while volumetric systems detect environmental changes.

13. What discipline combines the physical environment and sociology issues that surround it to reduce crime rates and the fear of crime? A. Layered defense model B. Target hardening C. Crime Prevention Through Environmental Design D. Natural access control

14. There are several types of volumetric IDSs. What type of IDS emits a measurable magnetic field that it monitors for disruptions? A. Capacitance detector B. Passive infrared system C. Wave-pattern motion detectors D. Photoelectric system

15. Paisley is helping her company identify potential site locations for a new facility. Which of the following is not an important factor when choosing a location? A. Distance to police and fire stations B. Lighting C. Natural disaster occurrence D. Crime rate

16. Sarah recently learned that the painting she inherited from a relative and hung in her downtown coffee shop is worth a lot of money. She is worried about its protection and wants to install an IDS. Which of the following intrusion detection systems is the most appropriate for protecting the painting? A. Acoustical detection system B. Proximity detector C. Photoelectric system D. Vibration sensor

17. David is preparing a server room at a new branch office. What locking mechanisms should he use for the primary and secondary server room entry doors? A. The primary and secondary entrance doors should have access controlled through a swipe card or cipher lock. B. The primary entrance door should have access controlled through a security guard. The secondary doors should be secured from the inside and allow no entry. C. The primary entrance door should have access controlled through a swipe card or cipher lock. The secondary doors should have a security guard. D. The primary entrance door should have access controlled through a swipe card or cipher lock. Secondary doors should be secured from the inside and allow no entry.

18. Which of the following is not true of IDSs? A. They can be hindered by items within the room. B. They are expensive and require human intervention to respond to the alarms. C. They usually come with a redundant power supply and emergency backup power. D. They should detect, and be resistant to, tampering.

19. Before an effective physical security program can be rolled out, a number of steps must be taken. Which of the following steps comes first in the process of rolling out a security program? A. Create countermeasure performance metrics. B. Conduct a risk analysis. C. Design the program. D. Implement countermeasures.

20. A number of measures should be taken to help protect devices and the environment from electric power issues. Which of the following is best to keep voltage steady and power clean? A. Power line monitor B. Surge protector C. Shielded cabling D. Regulator

21. What type of fence detects if someone attempts to climb or cut it? A. Class IV B. PIDAS C. CPTED D. PCCIP

22. Several different types of smoke and fire detectors can be used. What type of detector is shown in the following graphic? A. Photoelectric B. Heat-activated C. Infrared flame D. Ionization

23. Crime Prevention Through Environmental Design (CPTED) is a discipline that outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. Of CPTED’s three main components, what is illustrated in the following photo? A. Natural surveillance B. Target hardening C. Natural access control D. Territorial reinforcement

24. Different types of material are built into walls and other constructs of various types of buildings and facilities. What type of material is shown in the following photo? A. Fire-resistant material B. Light frame construction material C. Heavy timber construction material D. Rebar material

25. There are five different classes of fire. Each depends upon what is on fire. Which of the following is the proper mapping for the items missing in the provided table? A. Class D—combustible metals B. Class C—liquid C. Class B—electrical D. Class A—electrical

26. Electrical power is being provided more through smart grids, which allow for self-healing, resistance to physical and cyberattacks, increased efficiency, and better integration of renewable energy sources. Countries want their grids to be more reliable, resilient, flexible, and efficient. Why does this type of evolution in power infrastructure concern many security professionals? A. Allows for direct attacks through Power over Ethernet B. Increased embedded software and computing capabilities C. Does not have proper protection against common Web-based attacks D. Power fluctuation and outages directly affect computing systems

27. Mike’s team has decided to implement new perimeter fences and warning signs against trespassing around the company’s facility. Which of the categories listed in the scenario do these countermeasures map to? A. Deterrent B. Delaying C. Detection D. Assessment

28. Mike’s team has decided to implement stronger locks on the exterior doors of the new company’s facility. Which of the categories listed in the scenario does this countermeasure map to? A. Deterrent B. Delaying C. Detection D. Assessment

29. Mike’s team has decided to hire and deploy security guards to monitor activities within the company’s facility. Which of the categories listed in the scenario does this countermeasure map to? A. Delaying B. Detection C. Assessment D. Recall

30. Which of the following is the best control that Greg should ensure is implemented to deal with his boss’s concern? A. Access and audit logs B. Mantrap C. Proximity readers D. Smart card readers

31. Which of the following best describes the situation that the network administrators are experiencing? A. Brownouts B. Surges C. In-rush current D. Power line interference

32. Which of the following is a control that Greg’s team could implement to address the network administrators’ issue? A. Secondary feeder line B. Insulated grounded wiring C. Line conditioner D. Generator

1. Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer? A. LCL and MAC; IEEE 802.2 and 802.3 B. LCL and MAC; IEEE 802.1 and 802.3 C. Network and MAC; IEEE 802.1 and 802.3 D. LLC and MAC; IEE E 802.2 and 802.3

2. Which of the following is not an effective countermeasure against spam? A. Open mail relay servers B. Properly configured mail relay servers C. Filtering on an e-mail gateway D. Filtering on the client

3. Robert is responsible for implementing a common architecture used when customers need to access confidential information through Internet connections. Which of the following best describes this type of architecture? A. Two-tiered model B. Screened host C. Three-tiered model D. Public and private DNS zones

4. Two commonly used networking protocols are TCP and UPD. Which of the following correctly describes the two? A. TCP provides best-effort delivery, and UDP sets up a virtual connection with the destination. B. TCP provides more services and is more reliable in data transmission, whereas UDP takes less resources and overhead to transmit data. C. TCP provides more services and is more reliable, but UDP provides more security services. D. TCP is reliable, and UDP deals with flow control and ACKs.

5. Which of the following indicates to a packet where to go and how to communicate with the right service or protocol on the destination computer? A. Socket B. IP address C. Port D. Frame

6. Several different tunneling protocols can be used in dial-up situations. Which of the following would be best to use as a VPN tunneling solution? A. L2P B. PPTP C. IPSec D. L2TP

7. Which of the following correctly describes Bluejacking? A. Bluejacking is a harmful, malicious attack. B. It is the process of taking over another portable device via a Bluetooth-enabled device C. It is commonly used to send contact information. D. The term was coined by the use of a Bluetooth device and the act of hijacking another device.

8. DNS is a popular target for attackers due to its strategic role on the Internet. What type of attack uses recursive queries to poison the cache of a DNS server? A. DNS spoofing B. Manipulation of the hosts file C. Social engineering D. Domain litigation

9. IP telephony networks require the same security measures as those implemented on an IP data network. Which of the following is unique to IP telephony? A. Limiting IP sessions going through media gateways B. Identification of rogue devices C. Implementation of authentication D. Encryption of packets containing sensitive information

10. Cross-site scripting (XSS) is an application security vulnerability usually found in Web applications. What type of XSS vulnerability occurs when a victim is tricked into opening a URL programmed with a rogue script to steal sensitive information? A. Persistent XSS vulnerability B. Nonpersistent XSS vulnerability C. Second-order vulnerability D. DOM-based vulnerability

11. Angela wants to group together computers by department to make it easier for them to share network resources. Which of the following will allow her to group computers logically? A. VLAN B. Open network architecture C. Intranet D. VAN

12. Which of the following incorrectly describes how routing commonly takes place on the Internet? A. EGP is used in the areas “between” each AS. B. Regions of nodes that share characteristics and behaviors are called ASs. C. CAs are specific nodes that are responsible for routing to nodes outside of their region. D. Each AS uses IGP to perform routing functionality.

13. Both de facto and proprietary interior protocols are in use today. Which of the following is a proprietary interior protocol that chooses the best path between the source and destination? A. IGRP B. RIP C. BGP D. OSPF

14. Which of the following categories of routing protocols builds a topology database of the network? A. Dynamic B. Distance-vector C. Link-state D. Static

15. Which of the following does not describe IP telephony security? A. VoIP networks should be protected with the same security controls used on a data network. B. Softphones are more secure than IP phones. C. As endpoints, IP phones can become the target of attacks. D. The current Internet architecture over which voice is transmitted is less secure than physical phone lines.

16. When an organization splits naming zones, the names of its hosts that are only accessible from an intranet are hidden from the Internet. Which of the following best describes why this is done? A. To prevent attackers from accessing servers B. To prevent the manipulation of the hosts file C. To avoid providing attackers with valuable information that can be used to prepare an attack D. To avoid providing attackers with information needed for cybersquatting

17. Which of the following best describes why e-mail spoofing is easily executed? A. SMTP lacks an adequate authentication mechanism. B. Administrators often forget to configure an SMTP server to prevent inbound SMTP connections for domains it doesn’t serve. C. Keyword filtering is technically obsolete. D. Blacklists are undependable.

18. Which of the following is not a benefit of VoIP? A. Cost B. Convergence C. Flexibility D. Security

19. Today, satellites are used to provide wireless connectivity between different locations. What two prerequisites are needed for two different locations to communicate via satellite links? A. They must be connected via a phone line and have access to a modem. B. They must be within the satellite’s line of site and footprint. C. They must have broadband and a satellite in low Earth orbit. D. They must have a transponder and be within the satellite’s footprint.

20. Brad is a security manager at Thingamabobs Inc. He is preparing a presentation for his company’s executives on the risks of using instant messaging (IM) and his reasons for wanting to prohibit its use on the company network. Which of the following should not be included in his presentation? A. Sensitive data and files can be transferred from system to system over IM. B. Users can receive information—including malware—from an attacker posing as a legitimate sender. C. IM use can be stopped by simply blocking specific ports on the network firewalls. D. A security policy is needed specifying IM usage restrictions.

21. There are several different types of authentication technologies. Which type is being shown in the graphic that follows? A. 802.1x B. Extensible Authentication Protocol C. Frequency hopping spread spectrum D. Orthogonal frequency-division multiplexing

22. What type of security encryption component is missing from the table that follows? A. Service Set ID B. Temporal Key Integrity Protocol C. Ad hoc WLAN D. Open system authentication

23. What type of technology is represented in the graphic that follows? A. Asynchronous Transfer Mode B. Synchronous Optical Networks C. Frequency-division multiplexing D. Multiplexing

24. What type of telecommunication technology is illustrated in the graphic that follows? A. Digital Subscriber Line B. Integrated Services Digital Network C. BRI ISDN D. Cable modem

25. Which type of WAN tunneling protocol is missing from the table that follows? A. IPSec B. FDDI C. L2TP D. CSMA/CD

26. IPv6 has many new and different characteristics and functionality compared to IPv4. Which of the following is an incorrect functionality or characteristic of IPv6? i. IPv6 allows for nonscoped addresses, which enables an administrator to restrict specific addresses for specific servers or file and print sharing, for example. ii. IPv6 has IPSec integrated into the protocol stack, which provides application-based secure transmission and authentication. iii. IPv6 has more flexibility and routing capabilities compared to IPv4 and allows for Quality of Service (QoS) priority values to be assigned to time-sensitive transmissions. iv. The protocol offers autoconfiguration, which makes administration much easier compared to IPv4, and it does not require network address translation (NAT) to extend its address space. A. i, iii B. i, ii C. ii, iii D. ii, iv

27. Hanna is a new security manager for a computer consulting company. She has found out that the company has lost intellectual property in the past because malicious employees installed rogue devices on the network, which were used to capture sensitive traffic. Hanna needs to implement a solution that ensures only authorized devices are allowed access to the company network. Which of the following IEEE standards was developed for this type of protection? A. IEEE 802.1AR B. IEEE 802.1AE C. IEEE 802.1AF D. IEEE 802.1XR

28. There are common cloud computing service models. _______________ usually requires companies to deploy their own operating systems, applications, and software onto the provided infrastructure. _________________ is the software environment that runs on top of the infrastructure. In the __________ model the provider commonly gives the customers network-based access to a single copy of an application. A. Platform as a Service, Infrastructure as a Service, Software as a Service B. Platform as a Service, Platform as Software, Application as a Service C. Infrastructure as a Service, Application as a Service, Software as a Service D. Infrastructure as a Service, Platform as Software, Software as a Service

29. ____________ is a set of extensions to DNS that provide to DNS clients (resolvers) origin authentication of DNS data to reduce the threat of DNS poisoning, spoofing, and similar attack types. A. Resource records B. Zone transfer C. DNSSEC D. Resource transfer

30. Which of the following best describes the difference between a virtual firewall that works in bridge mode versus one that is embedded into a hypervisor? A. Bridge-mode virtual firewall allows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a host system. B. Bridge-mode virtual firewall allows the firewall to monitor individual network links, and hypervisor integration allows the firewall to monitor all activities taking place within a guest system. C. Bridge-mode virtual firewall allows the firewall to monitor individual traffic links, and hypervisor integration allows the firewall to monitor all activities taking place within a guest system. D. Bridge-mode virtual firewall allows the firewall to monitor individual guest systems, and hypervisor integration allows the firewall to monitor all activities taking place within a network system.

1. There are several components involved with steganography. Which of the following refers to a file that has hidden information in it? A. Stego-medium B. Concealment cipher C. Carrier D. Payload

2. Which of the following correctly describes the relationship between SSL and TLS? A. TLS is the open-community version of SSL. B. SSL can be modified by developers to expand the protocol’s capabilities. C. TLS is a proprietary protocol, while SSL is an open-community protocol. D. SSL is more extensible and backward compatible with TLS.

3. Which of the following incorrectly describes steganography? A. It is a type of security through obscurity. B. Modifying the most significant bit is the most common method used. C. Steganography does not draw attention to itself like encryption does. D. Media files are ideal for steganographic transmission because of their large size.

4. Which of the following correctly describes a drawback of symmetric key systems? A. Computationally less intensive than asymmetric systems B. Work much more slowly than asymmetric systems C. Carry out mathematically intensive tasks D. Key must be delivered via secure courier

5. Which of the following occurs in a PKI environment? A. The RA creates the certificate, and the CA signs it. B. The CA signs the certificate. C. The RA signs the certificate. D. The user signs the certificate.

6. Encryption can happen at different layers of an operating system and network stack. Where does PPTP encryption take place? A. Data link layer B. Within applications C. Transport layer D. Data link and physical layers

7. Which of the following best describes the difference between public key cryptography and public key infrastructure? A. Public key cryptography is the use of an asymmetric algorithm, while public key infrastructure is the use of a symmetric algorithm. B. Public key cryptography is used to create public/private key pairs, and public key infrastructure is used to perform key exchange and agreement. C. Public key cryptography provides authentication and nonrepudiation, while public key infrastructure provides confidentiality and integrity. D. Public key cryptography is another name for asymmetric cryptography, while public key infrastructure consists of public key cryptographic mechanisms.

8. Which of the following best describes Key Derivation Functions (KDFs)? A. Keys are generated from a master key. B. Session keys are generated from each other. C. Asymmetric cryptography is used to encrypt symmetric keys. D. A master key is generated from a session key.

9. The elliptic curve cryptosystem is an asymmetric algorithm. What sets it apart from other asymmetric algorithms? A. It provides digital signatures, secure key distribution, and encryption. B. It computes discrete logarithms in a finite field. C. It uses a larger percentage of resources to carry out encryption. D. It is more efficient.

10. If implemented properly, a one-time pad is a perfect encryption scheme. Which of the following incorrectly describes a requirement for implementation? A. The pad must be securely distributed and protected at its destination. B. The pad must be made up of truly random values. C. The pad must always be the same length. D. The pad must be used only one time.

11. Sally is responsible for key management within her organization. Which of the following incorrectly describes a principle of secure key management? A. Keys should be backed up or escrowed in case of emergencies. B. The more a key is used, the shorter its lifetime should be. C. Less secure data allows for a shorter key lifetime. D. Keys should be stored and transmitted by secure means.

12. Mandy needs to calculate how many keys must be generated for the 260 employees using the company’s PKI asymmetric algorithm. How many keys are required? A. 33,670 B. 520 C. 67,340 D. 260

13. Which of the following works similarly to stream ciphers? A. One-time pad B. AES C. Block D. RSA

14. There are two main types of symmetric ciphers: stream and block. Which of the following is not an attribute of a good stream cipher? A. Statistically unbiased keystream B. Statistically predictable C. Long periods of no repeating patterns D. Keystream not linearly related to key

15. Which of the following best describes how a digital signature is created? A. The sender encrypts a message digest with his private key. B. The sender encrypts a message digest with his public key. C. The receiver encrypts a message digest with his private key. D. The receiver encrypts a message digest with his public key.

16. In cryptography, different steps and algorithms provide different types of security services. Which of the following provides only authentication, non-repudiation, and integrity? A. Encryption algorithm B. Hash algorithm C. Digital signature D. Encryption paired with a digital signature

17. Advanced Encryption Standard is an algorithm used for which of the following? A. Data integrity B. Bulk data encryption C. Key recovery D. Distribution of symmetric keys

18. SSL is a de facto protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during an SSL connection setup process? A. The server creates a session key and encrypts it with a public key. B. The server creates a session key and encrypts it with a private key. C. The client creates a session key and encrypts it with a private key. D. The client creates a session key and encrypts it with a public key.

19. The CA is responsible for revoking certificates when necessary. Which of the following correctly describes a CRL and OSCP? A. The CRL was developed as a more streamlined approach to OCSP. B. OCSP is a protocol that submits revoked certificates to the CRL. C. OCSP is a protocol developed specifically to check the CRL during a certificate validation process. D. CRL carries out real-time validation of a certificate and reports to the OCSP.

20. End-to-end encryption is used by users, and link encryption is used by service providers. Which of the following correctly describes these technologies? A. Link encryption does not encrypt headers and trailers. B. Link encryption encrypts everything but data link messaging. C. End-to-end encryption requires headers to be decrypted at each hop. D. End-to-end encryption encrypts all headers and trailers.

21. What do the SA values in the graphic of IPSec that follows represent? A. Security parameter index B. Security ability C. Security association D. Security assistant

22. There are several different types of technologies within cryptography that provide confidentiality. What is represented in the graphic that follows? A. Running key cipher B. Concealment cipher C. Steganography D. One-time pad

23. There are several different types of important architectures within public key infrastructures. Which architecture does the graphic that follows represent? A. Cross-certification B. Cross-revocation list C. Online Certificate Status Protocol D. Registration authority

24. There are different ways of providing integrity and authentication within cryptography. What type of technology is shown in the graphic that follows? A. One-way hash B. Digital signature C. Birthday attack D. Collision

25. There are several different modes that block ciphers can work in. Which mode does the graphic that follows portray? A. Electronic Code Book Mode B. Cipher Block Chaining C. Output Feedback Mode D. Counter Mode

26. If Marge uses her private key to create a digital signature on a message she is sending to George, but she does not show or share her private key with George, what is it an example of? A. Key clustering B. Avoiding a birthday attack C. Providing data confidentiality D. Zero-knowledge proof

27. There are two main functions that Trusted Platform Modules (TPMs) carry out within systems today. Which of the following best describes these two functions? A. Sealing a hard disk drive is when the decryption key that can be used to decrypt data on the drive is stored on the TPM. Binding is when data pertaining to the system’s state are hashed and stored on the TPM. B. Binding a hard disk drive is when whole-disk encryption is enabled through the use of the TPM. Sealing is when a digital certificate is sealed within a TPM and the system cannot boot up without this certificate being validated. C. Sealing a hard disk drive is when whole-disk encryption is enabled through the use of the TPM. Binding is when a digital certificate is sealed within a TPM and the system cannot boot up without this certificate being validated. D. Binding a hard disk drive is when the decryption key that can be used to decrypt data on the drive is stored on the TPM. Sealing is when data pertaining to the system’s state are hashed and stored on the TPM.

28. Which of the following is most likely the item that is the root of the problem when it comes to the necessary randomness explained in the scenario? A. Asymmetric algorithm B. Out-of-band communication compromise C. Number generator D. Symmetric algorithm

29. Which of the following best describes the role of the values that is allowing for patterns as described in the scenario? A. Initialization vector B. One-time password C. Master symmetric key D. Subkey

30. What cryptographic attack type carries out a mathematical analysis by trying to break a math problem from the beginning and the end of the mathematical formula simultaneously? A. Known plaintext B. Adaptive ciphertext C. Known ciphertext D. Meet-in-the-middle

1. The NIST organization has defined best practices for creating continuity plans. Which of the following phases deals with identifying and prioritizing critical functions and systems? A. Identify preventive controls. B. Develop the continuity planning policy statement. C. Develop recovery strategies. D. Conduct the business impact analysis.

2. As his company’s business continuity coordinator, Matthew is responsible for helping recruit members to the business continuity planning (BCP) committee. Which of the following does not correctly describe this effort? A. Committee members should be involved with the planning stages, as well as the testing and implementation stages. B. The smaller the team the better, to keep meetings under control. C. The business continuity coordinator should work with management to appoint committee members. D. The team should consist of people from different departments across the company.

3. A business impact analysis is considered a functional analysis. Which of the following is not carried out during a business impact analysis? A. A parallel or full-interruption test B. The application of a classification scheme based on criticality levels C. The gathering of information via interviews D. Documentation of business functions

4. Which of the following is the best way to ensure that the company’s backup tapes can be restored and used at a warm site? A. Ask the offsite vendor to test them and label the ones that were properly read. B. Test them on the vendor’s machine, which won’t be used during an emergency. C. Retrieve the tapes from the offsite facility and verify that the equipment from the original site can read them. D. Inventory each tape kept at the vendor’s site twice a month.

5. An approach to alternate offsite facilities is to establish a reciprocal agreement. Which of the following describes the pros and cons of a reciprocal agreement? A. It is fully configured and ready to operate within a few hours, but is the most expensive of the offsite choices. B. It is an inexpensive option, but takes the most time and effort to get up and running after a disaster. C. It is a good alternative for companies that depend upon proprietary software, but annual testing is not usually available. D. It is the cheapest of the offsite choices, but mixing operations could introduce many security issues.

6. Which of the following steps comes first in a business impact analysis? A. Calculate the risk for each different business function. B. Identify critical business functions. C. Create data-gathering techniques. D. Identify vulnerabilities and threats to business functions.

7. The operations team is responsible for defining which data gets backed up and how often. Which type of backup process backs up files that have been modified since the last time all data was backed up? A. Incremental process B. Full backup C. Partial backup D. Differential process

8. After a disaster occurs, a damage assessment needs to take place. Which of the following steps occurs last in a damage assessment? A. Determine the cause of the disaster. B. Identify the resources that must be replaced immediately. C. Declare a disaster. D. Determine how long it will take to bring critical functions back online.

9. Of the following plans, which establishes senior management and a head-quarters after a disaster? A. Continuity of operations plan B. Cyber-incident response plan C. Occupant emergency plan D. IT contingency plan

10. It is not unusual for business continuity plans to become out of date. Which of the following is not a reason why plans become outdated? A. Changes in hardware, software, and applications B. Infrastructure and environment changes C. Personnel turnover D. That the business continuity process is integrated into the change management process

11. Preplanned business continuity procedures provide organizations a number of benefits. Which of the following is not a capability enabled by business continuity planning? A. Resuming critical business functions B. Letting business partners know your company is unprepared C. Protecting lives and ensuring safety D. Ensuring survivability of the business

12. Management support is critical to the success of a business continuity plan. Which of the following is the most important to be provided to management to obtain their support? A. Business case B. Business impact analysis C. Risk analysis D. Threat report

13. Gizmos and Gadgets have restored its original facility after a disaster. What should be moved in first? A. Management B. Most critical systems C. Most critical functions D. Least critical functions

14. Which of the following is a critical first step in disaster recovery and contingency planning? A. Plan testing and drills. B. Complete a business impact analysis. C. Determine offsite backup facility alternatives. D. Organize and create relevant documentation.

15. Which of the following is not a reason to develop and implement a disaster recovery plan? A. Provide steps for a post-disaster recovery. B. Extend backup operations to include more than just backing up data. C. Outline business functions and systems. D. Provide procedures for emergency responses.

16. Business continuity plans can be assessed via a number of tests. Which type of test continues up to the point of actual relocation to an offsite facility and actual shipment of replacement equipment? A. Parallel test B. Checklist test C. Structured walk-through test D. Simulation test

17. With what phase of a business continuity plan does a company proceed when it is ready to move back into its original site or a new site? A. Reconstitution phase B. Recovery phase C. Project initiation phase D. Damage assessment phase

18. Several teams should be involved in carrying out the business continuity plan. Which team is responsible for starting the recovery of the original site? A. Damage assessment team B. BCP team C. Salvage team D. Restoration team

19. ACME Inc. paid a software vendor to develop specialized software, and that vendor has gone out of business. ACME Inc. does not have access to the code and therefore cannot keep it updated. What mechanism should the company have implemented to prevent this from happening? A. Reciprocal agreement B. Software escrow C. Electronic vaulting D. Business interruption insurance

20. Which of the following incorrectly describes the concept of executive succession planning? A. Predetermined steps protect the company if a senior executive leaves. B. Two or more senior staff cannot be exposed to a particular risk at the same time. C. It documents the assignment of deputy roles. D. It covers assigning a skeleton crew to resume operations after a disaster.

21. What is the missing second step in the graphic that follows? A. Identify continuity coordinator B. Business impact analysis C. Identify BCP committee D. Dependency identification

22. Different threats need to be evaluated and ranked based upon their severity of business risk when developing a BCP. Which ranking approach is illustrated in the graphic that follows? \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ Choose the following statement that best describes the effect on this business unit/cost center should there be an unplanned interruption of normal business operations. 8 hours of an interruption. This business unit/cost center is Vital. 24 hours of an interruption. This business unit/cost center is Critical. 3 days of an interruption. This business unit/cost center is Essential. 5 days of an interruption. This business unit/cost center is Important. 10 days of an interruption. This business unit/cost center is Noncritical. 30 days of an interruption. This business unit/cost center is Deferrable. \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ A. Mean time to repair B. Mean time between failures C. Maximum critical downtime D. Maximum tolerable downtime

23. What type of infrastructural setup is illustrated in the graphic that follows? A. Hot site B. Warm site C. Cold site D. Reciprocal agreement

24. There are several types of redundant technologies that can be put into place. What type of technology is shown in the graphic that follows? A. Tape vaulting B. Remote journaling C. Electronic vaulting D. Redundant site

25. The following is a graphic of a business continuity policy. Which component is missing from this graphic? A. Damage assessment phase B. Reconstitution phase C. Business resumption phase D. Continuity of operations plan

26. The Recovery Time Objective (RTO) and Maximum Tolerable Downtime (MTD) metrics have similar roles, but their values are very different. Which of the following best describes the difference between RTO and MTD metrics? A. The RTO is a time period that represents the inability to recover, and the MTD represents an allowable amount of downtime. B. The RTO is an allowable amount of downtime, and the MTD represents a time period that represents the inability to recover. C. The RTO is a metric used in disruptions, and the MTD is a metric used in disasters. D. The RTO is a metric pertaining to loss of access to data, and the MTD is a metric pertaining to loss of access to hardware and processing capabilities.

27. High availability (HA) is a combination of technologies and processes that work together to ensure that specific critical functions are always up and running at the necessary level. To provide this level of high availability, a company has to have a long list of technologies and processes that provide redundancy, fault tolerance, and failover capabilities. Which of the following best describes these characteristics? A. Redundancy is the duplication of noncritical components or functions of a system with the intention of decreasing reliability of the system. Fault tolerance is the capability of a technology to discontinue to operate as expected even if something unexpected takes place. If a technology has a failover capability, this means that if there is a failure that cannot be handled through normal means, then processing is “switched over” to a working system. B. Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system. Fault tolerance is the capability of a technology to continue to operate as expected even if something unexpected takes place. If a technology has a failover capability, this means that if there is a failure that cannot be handled through normal means, then processing is “switched over” to a working system. C. Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system. Fault tolerance is the capability of a technology to continue to operate as expected even if something unexpected takes place. If a technology has a failover capability, this means that if there is a failure that cannot be handled through normal means, then processing is “switched over” to a nonworking system. D. Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system. Fault tolerance is the capability of a technology to continue to operate as expected even if something unexpected takes place. If a technology has a failover capability, this means that if there is a failure that cannot be handled through normal means, then processing is “switched over” to a working system.

28. Which of the following is most likely the standard that Sean has been asked to comply with? A. ISO/IEC 27031 B. ISO/IEC 27005 C. ISO/IEC BS7799 D. ISO/IEC 2899

29. Which of the following would be best for Sean to implement as it pertains to his company’s needs? A. Infrastructure cloud computing B. Co-location at a multiprocessing center C. Business interruption insurance D. Shared partner extranet with integrated redundancy

30. In this scenario, which of the following is the recovery time objective value? A. 48 hours B. 28 hours C. 20 hours D. 1 hour

31. In this scenario, which of the following is the Work Recovery Time value? A. 48 hours B. 28 hours C. 20 hours D. 1 hour

32. In this scenario, what would the 1-hour time period be referred to as? A. Recovery Time Period B. Maximum Tolerable Downtime C. Recovery Point Objective D. Recovery Point Time Period

1. Cyberlaw categorizes computer-related crime into three categories. Which of the following is an example of a crime in which the use of a computer would be categorized as incidental? A. Carrying out a buffer overflow to take control of a system B. The electronic distribution of child pornography C. Attacking financial systems to steal funds D. Capturing passwords as they are sent to the authentication server

2. Which organization has been developed to deal with economic, social, and governance issues, and with how sensitive data is transported over borders? A. European Union B. Council of Europe C. Safe Harbor D. Organisation for Economic Co-operation and Development

3. Different countries have different legal systems. Which of the following correctly describes customary law? A. Not many countries work under this law purely; most instead use a mixed system where this law, which deals mainly with personal conduct and patterns of behavior, is an integrated component. B. It covers all aspects of human life, but is commonly divided into responsibilities and obligations to others, and religious duties. C. It is a rule-based law focused on codified law. D. Based on previous interpretations of laws, this system reflects the community’s morals and expectations.

4. Widgets Inc. wishes to protect its logo from unauthorized use. Which of the following will protect the logo and ensure that others cannot copy and use it? A. Patent B. Copyright C. Trademark D. Trade secret

5. There are four categories of software licensing. Which of the following refers to software sold at a reduced cost? A. Shareware B. Academic software C. Freeware D. Commercial software

6. There are different types of approaches to regulations. Which of the following is an example of self-regulation? A. The Health Insurance Portability and Accountability Act B. The Sarbanes-Oxley Act C. The Computer Fraud and Abuse Act D. PCI Data Security Standard

7. Which of the following means that a company did all it could have reasonably done to prevent a security breach? A. Downstream liability B. Responsibility C. Due diligence D. Due care

8. There are three different types of incident response teams. Which of the following correctly describes a virtual team? A. It consists of experts who have other duties within the organization. B. It can be cost prohibitive to smaller organizations. C. It is a hybrid model. D. Core members are permanently assigned to the team.

9. A suspected crime has been reported within your organization. Which of the following steps should the incident response team take first? A. Establish a procedure for responding to the incident. B. Call in forensics experts. C. Determine that a crime has been committed. D. Notify senior management.

10. During an incident response, what stage involves mitigating the damage caused by an incident? A. Investigation B. Containment C. Triage D. Analysis

11. Which of the following is a correct statement regarding computer forensics? A. It is the study of computer technology. B. It is a set of hardware-specific processes that must be followed in order for evidence to be admissible in a court of law. C. It encompasses network and code analysis, and may be referred to as electronic data discovery. D. Computer forensics responsibilities should be assigned to a network administrator before an incident occurs.

12. Which of the following dictates that all evidence be labeled with information indicating who secured and validated it? A. Chain of custody B. Due care C. Investigation D. Motive, Opportunity, and Means

13. There are several categories of evidence. How is a witness’s oral testimony categorized? A. Best evidence B. Secondary evidence C. Circumstantial evidence D. Conclusive evidence

14. For evidence to be legally admissible, it must be authentic, complete, sufficient, and reliable. Which characteristic refers to the evidence having a reasonable and sensible relationship to the findings? A. Complete B. Reliable C. Authentic D. Sufficient

15. Which of the following best describes exigent circumstances? A. The methods used to capture a suspect’s actions are neither legal nor ethical. B. Enticement is used to capture a suspect’s actions. C. Hacking does not actually hurt anyone. D. The seizure of evidence by law enforcement because there is concern that a suspect will attempt to destroy it.

16. What role does the Internet Architecture Board play regarding technology and ethics? A. It creates criminal sentencing guidelines. B. It issues ethics-related statements concerning the use of the Internet. C. It edits Request for Comments. D. It maintains ten commandments for ethical behavior.

17. Which of the following statements is not true of dumpster diving? A. It is legal. B. It is unethical. C. It is illegal. D. It is a nontechnical attack.

18. Which of the following is a legal form of eavesdropping when performed with prior consent or a warrant? A. Denial of Service B. Dumpster diving C. Wiretapping D. Data diddling

19. What type of common law deals with violations committed by individuals against government laws, which are created to protect the public? A. Criminal law B. Civil law C. Tort law D. Regulatory law

20. During what stage of incident response is it determined if the source of the incident was internal or external, and how the offender penetrated and gained access to the asset? A. Analysis B. Containment C. Tracking D. Follow-up

21. Which of the following is not true of a forensics investigation? A. The crime scene should be modified as necessary. B. A file copy tool may not recover all data areas of the device that are necessary for investigation. C. Contamination of the crime scene may not negate derived evidence, but it should still be documented. D. Only individuals with knowledge of basic crime scene analysis should have access to the crime scene.

22. Great care must be taken to capture clues from a computer or device during a forensics exercise. Which of the following does not correctly describe the efforts that should be taken to protect an image? A. The original image should be hashed with MD5 or SHA-256. B. Two time-stamps should be created. C. New media should be properly purged before images are created on them. D. Some systems must be imaged while they are running.

23. Which of the following attacks can be best prevented by limiting the amount of electrical signals emitted from a computer system? A. Salami attack B. Emanations capturing C. Password sniffing D. IP spoofing

24. As a CISSP candidate, you must sign a Code of Ethics. Which of the following is from the (ISC)2 Code of Ethics for the CISSP? A. Information should be shared freely and openly; thus, sharing confidential information should be ethical. B. Think about the social consequences of the program you are writing or the system you are designing. C. Discourage unnecessary fear or doubt. D. Do not participate in Internet-wide experiments in a negligent manner.

25. What concept states that a criminal leaves something behind and takes something with them? A. Modus Operandi B. Profiling C. Locard’s Principle of Exchange D. Motive, Opportunity, and Means

26. Which of the following was the first international treaty seeking to address computer crimes by coordinating national laws and improving investigative techniques and international cooperation? A. Council of Global Convention on Cybercrime B. Council of Europe Convention on Cybercrime C. Organisation for Economic Co-operation and Development D. Organisation for Cybercrime Co-operation and Development

27. Lee is a new security manager who is in charge of ensuring that his company complies with the European Union Principles on Privacy when his company is interacting with their European partners. The set of principles that deals with transmitting data considered private is encompassed within which of the following laws or regulations? A. Data Protection Directive B. Organisation for Economic Co-operation and Development C. Federal Private Bill D. Privacy Protection Law

28. The common law system is broken down into which of the following categories? A. Common, civil, criminal B. Legislation, bills, regulatory C. Civil, criminal, regulatory D. Legislation, bills, civil

29. Privacy is becoming more threatened as the world relies more and more on technology. There are several approaches to addressing privacy, including the generic approach and regulation by industry. Which of the following best describes these two approaches? A. The generic approach is vertical enactment. Regulation by industry is horizontal enactment. B. The generic approach is horizontal enactment. Regulation by industry is vertical enactment. C. The generic approach is government enforced. Regulation by industry is self-enforced. D. The generic approach is self-enforced. Regulation by industry is government enforced.

30. Stephanie has been put in charge of developing incident response and forensics procedures her company needs to carry out if an incident occurs. She needs to ensure that their procedures map to the international principles for gathering and protecting digital evidence. She also needs to ensure that if and when internal forensics teams are deployed, they have labels, tags, evidence bags, cable ties, imaging software, and other associated tools. Which of the following best describes the organization that developed the best practices that Stephanie needs to ensure her company’s procedures map to? A. Internet Activities Board B. International Organization on Computer Evidence C. Department of Defense Forensics Committee D. International Forensics Standards Board

31. Stephanie has been put in charge of developing incident response and forensics procedures her company needs to carry out if an incident occurs. She needs to ensure that their procedures map to the international principles for gathering and protecting digital evidence. She also needs to ensure that if and when internal forensics teams are deployed, they have labels, tags, evidence bags, cable ties, imaging software, and other associated tools. Which of the following best describes what Stephanie needs to build for the deployment teams? A. Local and remote imaging system B. Forensics field kit C. Chain of custody procedures and tools D. Digital evidence collection software

1. Data marts, databases, and data warehouses have distinct characteristics. Which of the following does not correctly describe a data warehouse? A. It could increase the risk of privacy violations. B. It is developed to carry out analysis. C. It contains data from several different sources. D. It is created and used for project-based tactical reasons.

2. Database software should meet the requirements of what is known as the ACID test. Why should database software carry out atomic transactions, which is one requirement of the ACID test, when OLTP is used? A. So that the rules for database integrity can be established B. So that the database performs transactions as a single unit without interruption C. To ensure that rollbacks cannot take place D. To prevent concurrent processes from interacting with each other

3. Lisa has learned that most databases implement concurrency controls. What is concurrency and why must it be controlled? A. Processes running at different levels, which can negatively affect the integrity of the database if not properly controlled. B. The ability to deduce new information from reviewing accessible data, which can allow an inference attack to take place. C. Processes running simultaneously, which can negatively affect the integrity of the database if not properly controlled. D. Storing data in more than one place within a database, which can negatively affect the integrity of the database if not properly controlled.

4. Robert has been asked to increase the overall efficiency of the sales database by implementing a procedure that structures data to minimize duplication and inconsistencies. What procedure is this? A. Polymorphism B. Normalization C. Implementation of database views D. Constructing schema

5. Which of the following correctly best describes an object-oriented database? A. When an application queries for data, it receives both the data and the procedure. B. It is structured similarly to a mesh network for redundancy and fast data retrieval. C. Subject must have knowledge of the well-defined access path in order to access data. D. The relationships between data entities provide the framework for organizing data.

6. Fred has been told he needs to test a component of the new content management application under development to validate its data structure, logic, and boundary conditions. What type of testing should he carry out? A. Acceptance testing B. Regression testing C. Integration testing D. Unit testing

7. Which of the following is the best description of a component-based system development method? A. Components periodically revisit previous stages to update and verify design requirements B. Minimizes the use of arbitrary transfer control statements between components C. Uses independent and standardized modules that are assembled into serviceable programs D. Implemented in module-based scenarios requiring rapid adaptations to changing client requirements

8. There are many types of viruses that hackers can use to damage systems. Which of the following is not a correct description of a polymorphic virus? A. Intercepts antivirus’s call to the operating system for file and system information B. Varies the sequence of its instructions using noise, a mutation engine, or random-number generator C. Can use different encryption schemes requiring different decryption routines D. Produces multiple, varied copies of itself

9. Which of the following best describes the role of the Java Virtual Machine in the execution of Java applets? A. Converts the source code into bytecode and blocks the sandbox B. Converts the bytecode into machine-level code C. Operates only on specific processors within specific operating systems D. Develops the applets, which run in a user’s browser

10. What type of database software integrity service guarantees that tuples are uniquely identified by primary key values? A. Concurrent integrity B. Referential integrity C. Entity integrity D. Semantic integrity

11. In computer programming, cohesion and coupling are used to describe modules of code. Which of the following is a favorable combination of cohesion and coupling? A. Low cohesion, low coupling B. High cohesion, high coupling C. Low cohesion, high coupling D. High cohesion, low coupling

12. When an organization is unsure of the final nature of the product, what type of system development method is most appropriate for them? A. Cleanroom B. Exploratory Model C. Modified Prototype Method D. Iterative Development

13. Which of the following statements does not correctly describe SOAP and Remote Procedure Calls? A. SOAP was designed to overcome the compatibility and security issues associated with Remote Procedure Calls. B. Both SOAP and Remote Procedure Calls were created to enable application-layer communication. C. SOAP enables the use of Remote Procedure Calls for information exchange between applications over the Internet. D. HTTP was not designed to work with Remote Procedure Calls, but SOAP was designed to work with HTTP.

14. Computer programs that are based on human logic by using “if/then” statements and inference engines are called \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_. A. Expert systems B. Artificial neural networks C. Distributed Computing Environment D. Enterprise JavaBeans

15. Which of the following is a correct description of the pros and cons associated with third-generation programming languages? A. The use of heuristics reduced programming effort, but the amount of manual coding for a specific task is usually more than the preceding generation. B. The use of syntax similar to human language reduced development time, but the language is resource intensive. C. The use of binary was extremely time consuming but resulted in fewer errors. D. The use of symbols reduced programming time, but the language required knowledge of machine architecture.

16. Which of the following is considered the second generation of programming languages? A. Machine B. Very high-level C. High-level D. Assembly

17. Mary is creating malicious code that will steal a user’s cookies by modifying the original client-side Java script. What type of cross-site scripting vulnerability is she exploiting? A. Second order B. DOM-based C. Persistent D. Nonpersistent

18. Of the following steps that describe the development of a botnet, which best describes the step that comes first? A. Infected server sends attack commands to the botnet. B. Spammer pays a hacker for use of a botnet. C. Controller server instructs infected systems to send spam to mail servers. D. Malicious code is sent out that has bot software as its payload.

19. Which of the following antivirus detection methods is the most recent to the industry and monitors suspicious code as it executes within the operating system? A. Behavior blocking B. Fingerprint detection C. Signature-based detection D. Heuristic detection

20. Which of the following describes object-oriented programming deferred commitment? A. Autonomous objects, which cooperate through exchanges of messages B. The internal components of an object can be refined without changing other parts of the system C. Object-oriented analysis, design, and modeling maps to business needs and solutions D. Other programs using same objects

21. What object-oriented programming term, or concept, is illustrated in the graphic that follows? A. Methods B. Messages C. Abstraction D. Data hiding

22. Protection methods can be integrated into software programs. What type of protection method is illustrated in the graphic that follows? A. Polymorphism B. Polyinstantiation C. Cohesiveness D. Object classes

23. There are several types of attacks that programmers need to be aware of. What attack does the graphic that follows illustrate? A. Traffic analysis B. Race condition C. Covert storage D. Buffer overflow

24. Databases and applications commonly carry out the function that is illustrated in the graphic that follows. Which of the following best describes the concept that this graphic is showing? A. Checkpoint B. Commit C. Two-phase commit D. Data dictionary

25. There are several different types of databases. Which type does the graphic that follows illustrate? A. Relational B. Hierarchical C. Network D. Object-oriented

26. Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability. Which of the following is most likely the standard Trent’s company wants to comply with? A. ISO/IEC 27005 B. ISO/IEC 27001 C. ISO/IEC 27034 D. BS 7799

27. Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability. Which of the following best describes the consortium Trent’s boss wants him to join? A. Nonprofit organization that produces open-source software and follows widely agreed upon best-practice security standards for the World Wide Web. B. U.S. DHS group that provides best practices, tools, guidelines, rules, principles, and other resources for software developers, architects, and security practitioners to use. C. Group of experts who create proprietary software tools used to help improve the security of software worldwide. D. Group of experts and organizations who certify products based upon an agreed-upon security criteria.

28. Trent is the new manager of his company’s internal software development department. He has been told by his management that the group needs to be compliant with the international standard that provides guidance to organizations in integrating security into the processes used for managing their applications. His new boss told him that he should join and get familiar with the Web Application Security Consortium, and Trent just received an e-mail stating that one of the company’s currently deployed applications has a zero day vulnerability. Which of the following best describes the type of vulnerability mentioned in this scenario? A. Dynamic vulnerability that is polymorphic B. Static vulnerability that is exploited by server-side injection parameters C. Vulnerability that does not currently have an associated solution D. Database vulnerability that directly affects concurrency

29. ___________________ provides a machine-readable description of the specific operations provided by a specific Web service. ______________ provides a method for Web services to be registered by service providers and located by service consumers. A. Web Services Description Language, Universal Description, Discovery and Integration B. Universal Description, Discovery and Integration, Web Services Description Language C. Web Services Description Language, Simple Object Access Protocol D. Simple Object Access Protocol, Universal Description, Discovery and Integration

30. Sally has found out that software programmers in her company are making changes to software components and uploading them to the main software repository without following version control or documenting their changes. This has caused a lot of confusion and has caused several teams to use the older versions. Which of the following would be the best solution for this situation? A. Software change control management B. Software escrow C. Software configuration management D. Software configuration management escrow

1. Which of the following is not a common component of configuration management change control steps? A. Tested and presented B. Service-level agreement approval C. Report change to management D. Approval of the change

2. A change management process should include a number of procedures. Which of the following incorrectly describes a characteristic or component of a change control policy? A. Changes that are unanimously approved by the change control committee must be tested to uncover any unforeseen results. B. Changes approved by the change control committee should be entered into a change log. C. A schedule that outlines the projected phases of the change should be developed. D. An individual or group should be responsible for approving proposed changes.

3. The requirement of erasure is the end of the media life cycle if it contains sensitive information. Which of the following best describes purging? A. Changing the polarization of the atoms on the media. B. It is uacceptable when media are to be reused in the same physical environment for the same purposes. C. Data formerly on the media is made unrecoverable by overwriting it with a pattern. D. Information is made unrecoverable, even with extraordinary effort.

4. Device backup and other availability solutions are chosen to balance the value of having information available against the cost of keeping that information available. Which of the following best describes fault-tolerant technologies? A. They are among the most expensive solutions and are usually only for the most mission-critical information. B. They help service providers identify appropriate availability services for the specific customer. C. They are required to maintain integrity, regardless of the other technologies in place. D. They allow a failed component to be replaced while the system continues to run.

5. Which of the following refers to the amount of time it will be expected to take to get a device fixed and back into production? A. SLA B. MTTR C. Hot swap D. MTBF

6. Which of the following correctly describes Direct Access and Sequential Access storage devices? A. Any point on a Direct Access Storage Device may be promptly reached, whereas every point in between the current position and the desired position of a Sequential Access Storage Device must be traversed in order to reach the desired position. B. RAIT is an example of a Direct Access Storage Device, while RAID is an example of a Sequential Access Storage Device. C. MAID is a Direct Access Storage Device, while RAID is an example of a Sequential Access Storage Device. D. As an example of Sequential Access Storage, tape drives are faster than Direct Access Storage Devices.

7. There are classifications for operating system failures. Which of the following refers to what takes place when an unexpected kernel or media failure happens and the regular recovery procedure cannot recover the system to a more consistent state, requiring an administrator to intervene? A. Emergency system restart B. Trusted recovery C. System cold start D. System reboot

8. Various levels of RAID dictate the type of activity that will take place within the RAID system. Which level is associated with byte-level parity? A. RAID Level 0 B. RAID Level 3 C. RAID Level 5 D. RAID Level 10

9. Which of the following incorrectly describes IP spoofing and session hijacking? A. Address spoofing helps an attacker to hijack sessions between two users without being noticed. B. IP spoofing makes it harder to track down an attacker. C. Session hijacking can be prevented with mutual authentication. D. IP spoofing is used to hijack SSL and IPSec secure communications.

10. RAID systems use a number of techniques to provide redundancy and performance. Which of the following activities divides and writes data over several drives? A. Parity B. Mirroring C. Striping D. Hot-swapping

11. What is the difference between hierarchical storage management and storage area network technologies? A. HSM uses optical or tape jukeboxes, and SAN is a standard of how to develop and implement this technology. B. HSM and SAN are one and the same. The difference is in the implementation. C. HSM uses optical or tape jukeboxes, and SAN is a network of connected storage. D. SAN uses optical or tape jukeboxes, and HSM is a network of connected storage systems.

12. John and his team are conducting a penetration test of a client’s network. The team will conduct its testing armed only with knowledge it acquired from the Web. The network staff is aware that the testing will take place, but the penetration testing team will only work with publicly available data and some information from the client. What is the degree of the team’s knowledge and what type of test is the team carrying out? A. Full knowledge; blind test B. Partial knowledge; blind test C. Partial knowledge; double-blind test D. Zero knowledge; targeted test

13. What type of exploited vulnerability allows more input than the program has allocated space to store it? A. Symbolic links B. File descriptors C. Kernel flaws D. Buffer overflows

14. There are often scenarios where the IT staff must react to emergencies and quickly apply fixes or change configurations. When dealing with such emergencies, which of the following is the best approach to making changes? A. Review the changes within 48 hours of making them. B. Review and document the emergency changes after the incident is over. C. Activity should not take place in this manner. D. Formally submit the change to a change control committee and follow the complete change control process.

15. Organizations should keep system documentation on hand to ensure that the system is properly cared for, that changes are controlled, and that the organization knows what’s on the system. What does not need to be in this type of documentation? A. Functionality B. Changes C. Volume of transactions D. Identity of system owner

16. Fred is a new security officer who wants to implement a control for detecting and preventing users who attempt to exceed their authority by misusing the access rights that have been assigned to them. Which of the following best fits this need? A. Management review B. Two-factor identification and authentication C. Capturing this data in audit logs D. Implementation of a strong security policy

17. Which of the following is the best way to reduce brute-force attacks that allow intruders to uncover users’ passwords? A. Increase the clipping level. B. Lock out an account for a certain amount of time after the clipping level is reached. C. After a threshold of failed login attempts is met, the administrator must physically lock out the account. D. Choose a weaker algorithm that encrypts the password file.

18. Brandy could not figure out how Sam gained unauthorized access to her system, since he has little computer experience. Which of the following is most likely the attack Sam used? A. Dictionary attack B. Shoulder surfing attack C. Covert channel attack D. Timing attack

19. The relay agent on a mail server plays a role in spam prevention. Which of the following incorrectly describes mail relays? A. Antispam features on mail servers are actually antirelaying features. B. Relays should be configured “wide open” to receive any e-mail message. C. Relay agents are used to send messages from one mail server to another. D. If a relay is configured “wide open,” the mail server can be used to send spam.

20. John is responsible for providing a weekly report to his manager outlining the week’s security incidents and mitigation steps. What steps should he take if a report has no information? A. Send his manager an e-mail telling her so. B. Deliver last week’s report and make sure it’s clearly dated. C. Deliver a report that states “No output.” D. Don’t do anything.

21. Brian, a security administrator, is responding to a virus infection. The antivirus application reports that a file has been infected with a dangerous virus and disinfecting it could damage the file. What course of action should Brian take? A. Replace the file with the file saved from the day before. B. Disinfect the file and contact the vendor. C. Restore an uninfected version of the patched file from backup media. D. Back up the data and disinfect the file.

22. Guidelines should be followed to allow secure remote administration. Which of the following is not one of those guidelines? A. A small number of administrators should be allowed to carry out remote functionality. B. Critical systems should be administered locally instead of remotely. C. Strong authentication should be in place. D. Telnet should be used to send commands and data.

23. In redundant array of inexpensive disks (RAID) systems, data and parity information are striped over several different disks. What is parity information used for? A. Information used to create new data B. Information used to erase data C. Information used to rebuild data D. Information used to build data

24. Mirroring of drives is when data is written to two drives at once for redundancy purposes. What similar type of technology is shown in the graphic that follows? A. Direct access storage B. Disk duplexing C. Striping D. Massive array of inactive disks

25. There are several different types of important architectures within backup technologies. Which architecture does the graphic that follows represent? A. Clustering B. Grid computing C. Backup tier security D. Hierarchical Storage Management

26. Which of the following is not considered a countermeasure to port scanning and operating system fingerprinting? A. Allow access at the perimeter network to all internal ports B. Remove as many banners as possible within operating systems and applications C. Use TCP wrappers on vulnerable services that have to be available D. Disable unnecessary ports and services

27. ___________ provides for availability and scalability. It groups physically different systems and combines them logically, which helps to provide immunity to faults and improves performance. A. Disc duping B. Clustering C. RAID D. Virtualization

28. Bob is a new security administrator at a financial institution. The organization has experienced some suspicious activity on one of the critical servers that contain customer data. When reviewing how the systems are administered, he uncovers some concerning issues pertaining to remote administration. Which of the following should not be put into place to reduce these concerns? i. Commands and data should not be sent in cleartext. ii. Secure Shell (SSH) should be used, not Telnet. iii. Truly critical systems should be administered locally instead of remotely. iv. Only a small number of administrators should be able to carry out remote functionality. v. Strong authentication should be in place for any administration activities. A. i, ii B. None of them C. ii, iv D. All of them

29. John is a network administrator and has been told by one of his network staff members that two servers on the network have recently had suspicious traffic traveling to them and then from them in a sporadic manner. The traffic has been mainly ICMP, but the patterns were unusual compared to other servers over the last 30 days. John lists the directories and subdirectories on the systems and finds nothing unusual. He inspects the running processes and again finds nothing suspicious. He sees that the systems’ NICs are not in promiscuous mode, so he is assured that sniffers have not been planted. Which of the following describes the most likely situation as described in this scenario? A. Servers are not infected, but the traffic illustrates attack attempts. B. Servers have been infected with rootkits. C. Servers are vulnerable and need to be patched. D. Servers have been infected by spyware.

30. John is a network administrator and has been told by one of his network staff members that two servers on the network have recently had suspicious traffic traveling to them and then from them in a sporadic manner. The traffic has been mainly ICMP, but the patterns were unusual compared to other servers over the last 30 days. John lists the directories and subdirectories on the systems and finds nothing unusual. He inspects the running processes and again finds nothing suspicious. He sees that the systems’ NICs are not in promiscuous mode, so he is assured that sniffers have not been planted. Which of the following best explains why John does not see anything suspicious on the reported systems? A. The systems have not yet been infected. B. He is not running the correct tools. He needs to carry out a penetration test on the two systems. C. Trojaned files have been loaded and executed. D. A back door has been installed and the attacker enters the system sporadically.