Security

Question 1

Phrenal is selling a used laptop in an online auction. Phrenal has estimated the value of the laptop to be $100, but has seen other laptops of similar type and quality sell for both more and less than that amount. Phrenal hopes that the laptop will sell for $100 or more, but is prepared to take less for it if nobody bids that amount. This is an example of ___________. (D1, L1.2.2)

Answer 1

Risk Tolerance

Question 1

Grampon municipal code requires that all companies that operate within city limits will have a set of processes to ensure employees are safe while working with hazardous materials. Triffid Corporation creates a checklist of activities employees must follow while working with hazardous materials inside Grampon city limits. The municipal code is a ______, and the Triffid checklist is a ________. (D1, L1.4.2)

Answer 1

Law, Procedure

Question 2

In risk management concepts, a(n) _________ is something a security practitioner might need to protect. (D1, L1.2.1)

Answer 2

Asset

Question 3

Which of the following is an example of a “something you are” authentication factor? (D1, L1.1.1)

Answer 3

A photograph of your face

Question 4

Which of the following probably poses the most risk? (D1, L1.2.1)

Answer 4

A high-liklihood, high-impact event

Question 5

Which of the following is an example of a “something you know” authentication factor? (D1, L1.1.1)

Answer 5

Password

Question 6

Steve is a security practitioner assigned to come up with a protective measure for ensuring cars don’t collide with pedestrians. What is probably the most effective type of control for this task? (D1, L1.3.1)

Answer 6

Physical

Question 7

Of the following, which would probably not be considered a threat? (D1, L1.2.1)

Answer 7

A laptop with sensitive data on it

Question 8

Triffid Corporation has a policy that all employees must receive security awareness instruction before using email; the company wants to make employees aware of potential phishing attempts that the employees might receive via email. What kind of control is this instruction? (D1, L1.3.1)

Answer 8

Administrative

Question 9

Siobhan is an (ISC)² member who works for Triffid Corporation as a security analyst. Yesterday, Siobhan got a parking ticket while shopping after work. What should Siobhan do? (D1, L1.5.1)

Answer 9

Pay the parking ticket

Question 10

Tina is an (ISC)² member and is invited to join an online group of IT security enthusiasts. After attending a few online sessions, Tina learns that some participants in the group are sharing malware with each other, in order to use it against other organizations online. What should Tina do? (D1, L1.5.1)

Answer 10

Stop participating in the group

Question 11

In risk management concepts, a(n) ___________ is something or someone that poses risk to an organization or asset. (D1, L1.2.1)

Answer 11

Threat

Question 12

Hoshi is an (ISC)2  member who works for the Triffid Corporation as a data manager. Triffid needs a new firewall solution, and Hoshi is asked to recommend a product for Triffid to acquire and implement. Hoshi’s cousin works for a firewall vendor; that vendor happens to make the best firewall available. What should Hoshi do? (D1, L1.5.1)

Answer 12

disclose the relationship, but recommend the vendor/product

Question 13

The Triffid Corporation publishes a strategic overview of the company’s intent to secure all the data the company possesses. This document is signed by Triffid senior management. What kind of document is this? (D1, L1.4.1)

Answer 13

Policy

Question 14

A vendor sells a particular operating system (OS). In order to deploy the OS securely on different platforms, the vendor publishes several sets of instructions on how to install it, depending on which platform the customer is using. This is an example of a ________. (D1, L1.4.2)

Answer 14

Procedure

Question 15

The senior leadership of Triffid Corporation decides that the best way to minimize liability for the company is to demonstrate the company’s commitment to adopting best practices recognized throughout the industry. Triffid management issues a document that explains that Triffid will follow the best practices published by SANS, an industry body that addresses computer and information security.

The Triffid document is a ______, and the SANS documents are ________. (D1, L1.4.2)

Answer 15

Policy, standard

Question 16

The city of Grampon wants to ensure that all of its citizens are protected from malware, so the city council creates a rule that anyone caught creating and launching malware within the city limits will receive a fine and go to jail. What kind of rule is this? (D1, L1.4.1)

Answer 16

Law

Question 17

Kerpak works in the security office of a medium-sized entertainment company. Kerpak is asked to assess a particular threat, and he suggests that the best way to counter this threat would be to purchase and implement a particular security solution. This is an example of _______. (D1, L1.2.2)

Answer 17

Mitigation

Question 18

For which of the following systems would the security concept of availability probably be most important? (D1, L1.1.1)

Answer 18

Medical systems that monitor patient condition in an intensive care unit

Question 19

For which of the following assets is integrity probably the most important security aspect? (D1, L1.1.1)

Answer 19

The file that contains passwords used to authenticate users

Question 20

What is the goal of an incident response effort? (D2, L2.1.1)

Answer 20

Reduce the impact of incidents on operations

Question 21

What is the goal of Business Continuity efforts? (D2, L2.2.1)

Answer 21

Keep critical business functions operational

Business Continuity efforts are about sustaining critical business functions during periods of potential interruption, such as emergencies, incidents, and disasters.

Question 22

What is the most important goal of a business continuity effort? (D2, L2.2.1)

Answer 22

Preserve health and human safety

Question 23

Which of the following is likely to be included in the business continuity plan? (D2, L2.2.1)

Answer 23

Alternate work areas for personnel affected by a natural disaster

The business continuity plan should include provisions for alternate work sites, if the primary site is affected by an interruption, such as a natural disaster.

Question 24

What is the risk associated with delaying resumption of full normal operations after a disaster? (D2, L2.3.1)

Answer 24

The impact of running alternate operations for extended periods

Alternate operations are typically more costly than normal operations, in terms of impact to the organization; extended alternate operations could harm the organization as much as a disaster.

Question 25

You are reviewing log data from a router; there is an entry that shows a user sent traffic through the router at 11:45 am, local time, yesterday. This is an example of a(n) _______. (D2, L2.1.1)

Answer 25

Event

An event is any observable occurrence within the IT environment. (Any observable occurrence in a network or system. (Source: NIST SP 800-61 Rev 2)While an event might be part of an incident, attack, or threat, no other information about the event was given in the question.

Question 26

An attacker outside the organization attempts to gain access to the organization’s internal files. This is an example of a(n) ______. (D2, L2.1.1)

Answer 26

Intrusion

An intrusion is an attempt (successful or otherwise) to gain unauthorized access.

Question 27

Which of the following is not an appropriate control to add to privileged accounts? (D3, L3.1.1)

Answer 27

Security deposit

Question 28

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees who are assigned to new positions in the company do not retain whatever access they had in their old positions. Which method should Handel select? (D3, L3.3.1)

Answer 28

Role-based access controls

RBAC can aid in reducing “privilege creep,” where employees who stay with the company for a long period of time might get excess permissions within the environment.

Question 29

Handel is a senior manager at Triffid, Inc., and is in charge of implementing a new access control scheme for the company. Handel wants to ensure that employees transferring from one department to another, getting promoted, or cross-training to new positions can get access to the different assets they’ll need for their new positions, in the most efficient manner. Which method should Handel select? (D3, L3.3.1)

Answer 29

Role-based access controls (RBAC)

RBAC is the most efficient way to assign permissions to users based on their job duties.

Question 30

A _____ is a record of something that has occurred. (D3, L3.2.1)

Answer 30

Log

Question 31

Gelbi is a Technical Support analyst for Triffid, Inc. Gelbi sometimes is required to install or remove software. Which of the following could be used to describe Gelbi’s account? (D3, L3.1.1)

Answer 31

Privileged

an account that typically needs greater permissions than a basic user

Question 32

Visitors to a secure facility need to be controlled. Controls useful for managing visitors include all of the following except: (D3, L3.2.1)

Answer 32

Fence

A fence is useful for controlling visitors, authorized users and potential intruders. This is the only control listed among the possible answers that is not specific to visitors.

Question 33

Which of the following is a biometric access control mechanism? (D3, L3.2.1)

Answer 33

A door locked by a voiceprint identifier

A lock that opens according to a person’s voice is a type of biometric access control.

Question 34

Gary is unable to log in to the production environment. Gary tries three times and is then locked out of trying again for one hour. Why? (D3, L3.3.1)

Answer 34

Gary’s actions look like an attack

Question 35

Which of these is an example of a physical access control mechanism? (D3, L3.2.1)

Answer 35

A lock on a door

A lock on a door restricts physical access to the area on the other side of the door to only those personnel who have the appropriate entry mechanism (key, badge, etc.).

Question 36

All visitors to a secure facility should be _______. (D3, L3.2.1)

Answer 36

Escorted

In a secure facility, visitors should be escorted by an authorized person.

Question 37

Bruce is the branch manager of a bank. Bruce wants to determine which personnel at the branch can get access to systems, and under which conditions they can get access. Which access control methodology would allow Bruce to make this determination? (D3, L3.3.1)

Answer 37

DAC (discretionary access control)

Discretionary access control is a model wherein permissions are granted by operational managers, allowing them to make the determination of which personnel can get specific access to particular assets controlled by the manager.

Question 38

Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but is not allowed to read or modify the data in the database itself. When Prachi logs onto the system, an access control list (ACL) checks to determine which permissions Prachi has.

In this situation, what is the database? (D3, L3.1.1)

Answer 38

The object

Question 39

Which of the following is probably most useful at the perimeter of a property? (D3, L3.2.1)

Answer 39

A fence

Question 40

Network traffic originating from outside the organization might be admitted to the internal IT environment or blocked at the perimeter by a ________. (D3, L3.2.1)

Answer 40

Firewall

A firewall is a solution used to filter traffic between networks, including between the internal environment and the outside world.

Question 41

In order for a biometric security to function properly, an authorized person’s physiological data must be ______. (D3, L3.2.1)

Answer 41

Stored

A biometric security system works by capturing and recording a physiological trait of the authorized person and storing it for comparison whenever that person presents the same trait in the future.

Question 42

Prina is a database manager. Prina is allowed to add new users to the database, remove current users and create new usage functions for the users. Prina is not allowed to read the data in the fields of the database itself. This is an example of: (D3, L3.3.1)

Answer 42

Role-based access controls

Role-based access controls often function in this manner, where the employee’s job responsibilities dictate exactly which kinds of access the employee has. This also enforces the concept of “least privilege.”

Question 43

Suvid works at Triffid, Inc. When Suvid attempts to log in to the production environment, a message appears stating that Suvid has to reset the password. What may have occurred to cause this? (D3, L3.3.1)

Answer 43

Suvid’s password has expired

Typically, users are required to reset passwords when the password has reached a certain age. Permanent passwords are more likely to be compromised or revealed.

Question 44

Which common cloud deployment model typically features only a single customer’s data/functionality stored on specific systems/hardware?(D4.3 L4.3.2)

Answer 44

Private

this is the defining feature of private cloud.A is incorrect; in public cloud, multiple customers (or “tenants”) typically share the underlying systems.

Question 45

Garfield is a security analyst at Triffid, Inc. Garfield notices that a particular application in the production environment is being copied very quickly, across systems and devices utilized by many users. What kind of attack could this be? (D4.2 L4.2.1)

Answer 45

Worm

Activity of this type, where an application or file is replicating rapidly across an entire environment, is often indicative of a worm.

Question 46

Bert wants to add a flashlight capability to a smartphone. Bert searches the internet for a free flashlight app, and downloads it to the phone. The app allows Bert to use the phone as a flashlight, but also steals Bert’s contacts list. What kind of app is this?(D4.2 L4.2.1)

Answer 46

Trojan

This is a textbook example of a Trojan horse application. Bert has intentionally downloaded the application with the intent to get a desired service, but the app also includes a hostile component Bert is unaware of.

Question 47

Which of the following activities is usually part of the configuration management process, but is also extremely helpful in countering potential attacks?(D4.2 L4.2.3)

Answer 47

Updating and patching systems

Keeping systems up to date is typically part of both the configuration management process and enacting best security practices.

Question 48

Cheryl is browsing the Web. Which of the following protocols is she probably using? (D4, L4.1.2)

Answer 48

HTTP (Hypertext Transfer Protocol)

HTTP is designed for Web browsing

Question 49

Inbound traffic from an external source seems to indicate much higher rates of communication than normal, to the point where the internal systems might be overwhelmed. Which security solution can often identify and potentially counter this risk?(D4.2 L4.2.2)

Answer 49

Firewall

Firewalls can often identify hostile inbound traffic, and potentially counter it.

Question 50

A tool that monitors local devices to reduce potential threats from hostile software.(D4.2 L4.2.3)

Answer 50

Anti-malware

this is the purpose of anti-malware solutions

Question 51

The logical address of a device connected to the network or Internet. (D4.1 L4.1.1)

Answer 51

Internet Protocol (IP) address

The IP address is the logical address assigned to a device connected to a network or the Internet.

Question 52

Gary is an attacker. Gary is able to get access to the communication wire between Dauphine’s machine and Linda’s machine and can then surveil the traffic between the two when they’re communicating. What kind of attack is this?(D4.2 L4.2.1)

Answer 52

On-path

This is a textbook example of an on-path attack, where the attackers insert themselves between communicating parties.

Question 53

Which type of fire-suppression system is typically the least expensive?

(D4.3 L4.3.1)

Answer 53

Water

Water is typically the least expensive type of fire-suppression system, as water is one of the most common chemicals on the planet.

Question 54

The section of the IT environment that is closest to the external world; where we locate IT systems that communicate with the Internet.(D4.3 L4.3.3)

Answer 54

DMZ

we often call this portion of the environment the “demilitarized zone.”A is incorrect; a VLAN is a way to segment portions of the internal network.

Question 55

“Wiring _____” is a common term meaning “a place where wires/conduits are often run, and equipment can be placed, in order to facilitate the use of local networks.”(D4.3 L4.3.1)

Answer 55

Closet

“Wiring closet” is the common term used to described small spaces, typically placed on each floor of a building, where IT infrastructure can be placed.

Question 56

A device typically accessed by multiple users, often intended for a single purpose, such as managing email or web pages. (D4.1 L4.1.1)

Answer 56

Server

A server typically offers a specific service, such as hosting web pages or managing email, and is often accessed by multiple users.

Question 57

A device that filters network traffic in order to enhance overall security/performance. (D4.1 L4.1.1)

Answer 57

Firewall

Firewalls filter traffic in order to enhance the overall security or performance of the network, or both.

Question 57

A means to allow remote users to have secure access to the internal IT environment.(D4.3 L4.3.3)

Answer 57

VPN

a virtual private network protects communication traffic over untrusted media.

Question 57

A tool that inspects outbound traffic to reduce potential threats.(D4.2 L4.2.3)

Answer 57

DLP (data loss prevention)

DLP solutions typically inspect outbound communications traffic to check for unauthorized exfiltration of sensitive/valuable information.

Question 58

Which of the following is one of the common ways potential attacks are often identified?(D4.2 L4.2.2)

Answer 58

Users report unusual systems activity/response to Help Desk or the security office

Users often act as an attack-detection capability (although many user reports might be false-positives).

Question 59

Which of the following isnota typical benefit of cloud computing services? (D4.3 L4.3.2)

Answer 59

Freedom from legal constraints

Moving data/operations into the cloud does not relieve the customer from legal constraints (and may even increase them).

Question 60

If two people want to use asymmetric communication to conduct a confidential conversation, how many keys do they need?(D5.1, L5.1.2)

Answer 60

4

In asymmetric encryption, each party needs their own key pair (a public key and a private key) to engage in confidential communication.

Question 61

Archiving is typically done when _________. (D5.1, L5.1.1)

Answer 61

Data is not needed for regular work purposes

Archiving is the action of moving data from the production environment to long-term storage.

Question 62

The organization should keep a copy of every signed Acceptable Use Policy (AUP) on file, and issue a copy to _______. (D5.3, L5.3.1)

Answer 62

The user who signed it

The AUP is an agreement between the user and the organization, so both parties need to keep a copy of it.

Question 63

Security controls on log data should reflect ________. (D5.1, L5.1.2)

Answer 63

The sensitivity of the source device

Log data should be protected with security as high, or higher, than the security level of the systems or devices that log was captured from.

Question 64

When data has reached the end of the retention period, it should be _____. (D5.1, L5.1.1)

Answer 64

Destroyed

At the end of the retention period, data should be securely destroyed.

Question 65

Log data should be kept ______. (D5.1, L5.1.2)

Answer 65

On a device other than where it was captured

Log data can often be useful in diagnosing or investigating the device it was captured from; it is therefore useful to store the data away from the device where it was harvested, in case something happens to the source device.

Question 66

Hashing is often used to provide _______. (D5.1, L5.1.3)

Answer 66

Integrity

Hashing is used for integrity checks.

Question 67

Data retention periods apply to ____ data. (D5.1, L5.1.1)

Answer 67

All

All data should have specific retention periods (even though retention periods may differ for various types of data).

Question 68

______ is used to ensure that configuration management activities are effective and enforced. (D5.2, L5.2.1)

Answer 68

Verification and audit

Verification and audit are methods we use to review the IT environment to ensure that configuration management activities have taken place and are achieving their intended purpose.

Question 69

Proper alignment of security policy and business goals within the organization is important because: (D5.3, L5.3.1)

Answer 69

Security policy that conflicts with business goals can inhibit productivity

Security is a support function in most organizations, not a business function; therefore, security policy must conform to business needs to avoid inhibiting productivity.

Question 70

Bluga works for Triffid, Inc. as a security analyst. Bluga wants to send a message to several people and wants the recipients to know that the message definitely came from Bluga. What type of encryption should Bluga use? (D5.1, L5.1.3)

Answer 70

Asymmetric encryption

With asymmetric encryption, Bluga can provide proof-of-origin for the message, for multiple recipients.

Question 71

By far, the most crucial element of any security instruction program.(D5.4, L5.4.1)

Answer 71

Preserve health and human safety

This is the paramount rule in all security efforts.

Question 72

Security needs to be provided to ____ data. (D5.1, L5.1.1)

Answer 72

All

All data needs some form of security; even data that is not sensitive (such as data intended for public view) needs protection to ensure availability.