SP - Practice Quiz AT Flashcards by Josh Selkirk

QUESTION NO: 1
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:

A. Concern that the laser beam may cause eye damage.
B. The iris pattern changes as a person grows older.
C. There is a relatively high rate of false accepts.
D. The optical unit must be positioned so that the sun does not shine into the aperture.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 2
In Mandatory Access Control, sensitivity labels attached to object contain what information?

A. The item’s classification
B. The item’s classification and category set
C. The item’s category
D. The item’s need to know

How well did you know this?

Not at all

Perfectly

QUESTION NO: 3
Which of the following is true about Kerberos?

A. It utilizes public key cryptography.
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text.
C. It depends upon symmetric ciphers.
D. It is a second party authentication system.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 4
Which of the following is needed for System Accountability?

A. Audit mechanisms.
B. Documented design as laid out in the Common Criteria.
C. Authorization.
D. Formal verification of system design.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 5
What is Kerberos?

A. A three-headed dog from the egyptian mythology.
B. A trusted third-party authentication protocol.
C. A security model.
D. A remote authentication dial in user server.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 6
Kerberos depends upon what encryption method?

A. Public Key cryptography.
B. Secret Key cryptography.
C. El Gamal cryptography.
D. Blowfish cryptography.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 7
A confidential number used as an authentication factor to verify a user’s identity is called a:

A. PIN
B. User ID
C. Password
D. Challenge

How well did you know this?

Not at all

Perfectly

QUESTION NO: 8
Individual accountability does not include which of the following?

A. unique identifiers
B. policies & procedures
C. access rules
D. audit trails

How well did you know this?

Not at all

Perfectly

QUESTION NO: 9
Which of the following exemplifies proper separation of duties?

A. Operators are not permitted modify the system time.
B. Programmers are permitted to use the system console.
C. Console operators are permitted to mount tapes and disks.
D. Tape operators are permitted to use the system console.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 10
An access control policy for a bank teller is an example of the implementation of which of thefollowing?

A. Rule-based policy
B. Identity-based policy
C. User-based policy
D. Role-based policy

How well did you know this?

Not at all

Perfectly

QUESTION NO: 11
Which one of the following authentication mechanisms creates a problem for mobile users?

A. Mechanisms based on IP addresses
B. Mechanism with reusable passwords
C. One-time password mechanism.
D. Challenge response mechanism.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 12
Organizations should consider which of the following first before allowing external access to theirLANs via the Internet?

A. Plan for implementing workstation locking mechanisms.
B. Plan for protecting the modem pool.
C. Plan for providing the user with his account usage information.
D. Plan for considering proper authentication options.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 13
Kerberos can prevent which one of the following attacks?

A. Tunneling attack.
B. Playback (replay) attack.
C. Destructive attack.
D. Process attack.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 14
In discretionary access environments, which of the following entities is authorized to grant information access to other people?

A. Manager
B. Group Leader
C. Security Manager
D. Data Owner

How well did you know this?

Not at all

Perfectly

QUESTION NO: 15
What is the main concern with single sign-on?

A. Maximum unauthorized access would be possible if a password is disclosed.
B. The security administrator’s workload would increase.
C. The users’ password would be too hard to remember.
D. User access rights would be increased.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 16
Who developed one of the first mathematical models of a multilevel-security computer system?

A. Diffie and Hellman.
B. Clark and Wilson.
C. Bell and LaPadula.
D. Gasser and Lipner.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 17
Which of the following attacks could capture network user passwords?

A. Data diddling
B. Sniffing
C. IP Spoofing
D. Smurfing

How well did you know this?

Not at all

Perfectly

QUESTION NO: 18
Which of the following would constitute the best example of a password to use for access to asystem by a network administrator?

A. holiday
B. Christmas12
C. Jenny
D. GyN19Za!

How well did you know this?

Not at all

Perfectly

QUESTION NO: 19
What physical characteristic does a retinal scan biometric device measure?

A. The amount of light reaching the retina
B. The amount of light reflected by the retina
C. The pattern of light receptors at the back of the eye
D. The pattern of blood vessels at the back of the eye

How well did you know this?

Not at all

Perfectly

QUESTION NO: 20
The Computer Security Policy Model the Orange Book is based on is which of the following?

A. Bell-LaPadula
B. Data Encryption Standard
C. Kerberos
D. Tempest

How well did you know this?

Not at all

Perfectly

QUESTION NO: 21
The end result of implementing the principle of least privilege means which of the following?

A. Users would get access to only the info for which they have a need to know
B. Users can access all systems.
C. Users get new privileges added when they change positions.
D. Authorization creep.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 22
Which of the following is the most reliable authentication method for remote access?

A. Variable callback system
B. Synchronous token
C. Fixed callback system
D. Combination of callback and caller ID

How well did you know this?

Not at all

Perfectly

QUESTION NO: 23
Which of the following is true of two-factor authentication?

A. It uses the RSA public-key signature based on integers with large prime factors.
B. It requires two measurements of hand geometry.
C. It does not use single sign-on technology.
D. It relies on two independent proofs of identity.

How well did you know this?

Not at all

Perfectly

QUESTION NO: 24
The primary service provided by Kerberos is which of the following?

A. non-repudiation
B. confidentiality
C. authentication
D. authorization

How well did you know this?

Not at all

Perfectly

QUESTION NO: 25 There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? A. public keys B. private keys C. public-key certificates D. private-key certificates

QUESTION NO: 26 In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place? A. Bell-LaPadula model B. Biba model C. Access Matrix model D. Take-Grant model

QUESTION NO: 27 Which of the following was developed to address some of the weaknesses in Kerberos and usespublic key cryptography for the distribution of secret keys and provides additional access controlsupport? A. SESAME B. RADIUS C. KryptoKnight D. TACACS+

QUESTION NO: 28 Single Sign-on (SSO) is characterized by which of the following advantages? A. Convenience B. Convenience and centralized administration C. Convenience and centralized data administration D. Convenience and centralized network administration

QUESTION NO: 29 What is the primary role of smartcards in a PKI? A. Transparent renewal of user keys B. Easy distribution of the certificates between the users C. Fast hardware encryption of the raw data D. Tamper resistant, mobile storage and application of private keys of the users

QUESTION NO: 30 What kind of certificate is used to validate a user identity? A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate

QUESTION NO: 31 The following is NOT a security characteristic we need to consider while choosing a biometric identification systems: A. data acquisition process B. cost C. enrollment process D. speed and user interface

QUESTION NO: 32 In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering 2 questions : A. what was the sex of a person and his age B. what part of body to be used and how to accomplish identification that is viable C. what was the age of a person and his income level D. what was the tone of the voice of a person and his habits

QUESTION NO: 33 In biometric identification systems, the parts of the body conveniently available for identification are: A. neck and mouth B. hands, face, and eyes C. feet and hair D. voice and neck

QUESTION NO: 34 Controlling access to information systems and associated networks is necessary for the preservation of their: A. Authenticity, confidentiality and availability B. Confidentiality, integrity, and availability. C. integrity and availability. D. authenticity,confidentiality, integrity and availability.

QUESTION NO: 35 To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up: A. Access Rules B. Access Matrix C. Identification controls D. Access terminal

QUESTION NO: 36 Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control? A. Discretionary Access Control (DAC) B. Mandatory Access control (MAC) C. Non-Discretionary Access Control (NDAC) D. Lattice-based Access control

QUESTION NO: 37 The type of discretionary access control (DAC) that is based on an individual's identity is also called: A. Identity-based Access control B. Rule-based Access control C. Non-Discretionary Access Control D. Lattice-based Access control

QUESTION NO: 38 Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy? A. Mandatory Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Rule-based Access control

QUESTION NO: 39 Which of the following control pairings include: organizational policies and procedures, pre employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks? A. Preventive/Administrative Pairing B. Preventive/Technical Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing

QUESTION NO: 40 Technical controls such as encryption and access control can be built into the operating system,be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing? A. Preventive/Administrative Pairing B. Preventive/Technical Pairing C. Preventive/Physical Pairing D. Detective/Technical Pairing

QUESTION NO: 41 What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources? A. Micrometrics B. Macrometrics C. Biometrics D. MicroBiometrics

QUESTION NO: 42 What is called the access protection system that limits connections by calling back the number of a previously authorized location? A. Sendback systems B. Callback forward systems C. Callback systems D. Sendback forward systems

QUESTION NO: 43 What are called user interfaces that limit the functions that can be selected by a user? A. Constrained user interfaces B. Limited user interfaces C. Mini user interfaces D. Unlimited user interfaces

QUESTION NO: 44 Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative

QUESTION NO: 45 The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative

QUESTION NO: 46 The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with: A. Preventive/physical B. Detective/technical C. Detective/physical D. Detective/administrative

QUESTION NO: 47 External consistency ensures that the data stored in the database is: A. in-consistent with the real world. B. remains consistent when sent from one system to another. C. consistent with the logical world. D. consistent with the real world.

QUESTION NO: 48 A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: A. Mandatory Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Rule-based Access control

QUESTION NO: 49 What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? A. Authentication B. Identification C. Authorization D. Confidentiality

QUESTION NO: 50 Which one of the following factors is NOT one on which Authentication is based? A. Type 1 Something you know, such as a PIN or password B. Type 2 Something you have, such as an ATM card or smart card C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan D. Type 4 Something you are, such as a system administrator or security administrator

QUESTION NO: 51 A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: A. Mandatory Access Control B. Discretionary Access Control C. Non-Discretionary Access Control D. Rule-based Access control

QUESTION NO: 52 What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? A. Authentication B. Identification C. Authorization D. Confidentiality

QUESTION NO: 53 What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time? A. Authentication B. Identification C. Integrity D. Confidentiality

QUESTION NO: 54 Which one of the following factors is NOT one on which Authentication is based? A. Type 1 Something you know, such as a PIN or password B. Type 2 Something you have, such as an ATM card or smart card C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan D. Type 4 Something you are, such as a system administrator or security administrator

QUESTION NO: 55 The act of requiring two of the three factors to be used in the authentication process refers to: A. Two-Factor Authentication B. One-Factor Authentication C. Bi-Factor Authentication D. Double Authentication

QUESTION NO: 56 Which type of password provides maximum security because a new password is required for each new log-on? A. One-time or dynamic password B. Cognitive password C. Static password D. Passphrase

QUESTION NO: 57 What is called a password that is the same for each log-on session? A. "one-time password" B. "two-time password" C. static password D. dynamic password

QUESTION NO: 58 What is called a sequence of characters that is usually longer than the allotted number for a password? A. passphrase B. cognitive phrase C. anticipated phrase D. Real phrase

QUESTION NO: 59 Which best describes a tool (i.e. keyfob, calculator, memory card or smart card) used to supply dynamic passwords? A. Tickets B. Tokens C. Token passing networks D. Coupons

QUESTION NO: 60 Which of the following would be true about Static password tokens? A. The owner identity is authenticated by the token B. The owner will never be authenticated by the token. C. The owner will authenticate himself to the system. D. The token does not authenticates the token owner but the system.

QUESTION NO: 61 In Synchronous dynamic password tokens: A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key). C. The unique password is not entered into a system or workstation along with an owner's PIN. D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.

QUESTION NO: 62 In biometrics, "one-to-many" search against database of stored biometric images is done in: A. Authentication B. Identification C. Identities D. Identity-based access control

QUESTION NO: 63 Which of the following is true of biometrics? A. It is used for identification in physical controls and it is not used in logical controls. B. It is used for authentication in physical controls and for identification in logical controls. C. It is used for identification in physical controls and for authentication in logical controls. D. Biometrics has not role in logical controls.

QUESTION NO: 64 What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system? A. False Rejection Rate (FRR) or Type I Error B. False Acceptance Rate (FAR) or Type II Error C. Crossover Error Rate (CER) D. True Rejection Rate (TRR) or Type III Error

QUESTION NO: 65 What is called the percentage of invalid subjects that are falsely accepted by a Biometric authentication system? A. False Rejection Rate (FRR) or Type I Error B. False Acceptance Rate (FAR) or Type II Error C. Crossover Error Rate (CER) D. True Acceptance Rate (TAR) or Type III Error

QUESTION NO: 66 What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate? A. False Rejection Rate (FRR) or Type I Error B. False Acceptance Rate (FAR) or Type II Error C. Crossover Error Rate (CER) D. Failure to enroll rate (FTE or FER)

QUESTION NO: 67 Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following? A. Accountability of biometrics systems B. Acceptability of biometrics systems C. Availability of biometrics systems D. Adaptability of biometrics systems

QUESTION NO: 68 Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access? A. Smart cards B. Single Sign-On (SSO) C. Symmetric Ciphers D. Public Key Infrastructure (PKI)

QUESTION NO: 69 Which of the following describes the major disadvantage of many Single Sign-On (SSO)implementations? A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to. B. The initial logon process is cumbersome to discourage potential intruders. C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications. D. Once a user obtains access to the system through the initial log-on, he has to logout from allother systems

QUESTION NO: 70 Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services? A. Single Sign-On B. Dynamic Sign-On C. Smart cards D. Kerberos

QUESTION NO: 71Which of the following is NOT true of the Kerberos protocol? A. Only a single login is required per session. B. The initial authentication steps are done using public key algorithm. C. The KDC is aware of all systems in the network and is trusted by all of them D. It performs mutual authentication

QUESTION NO: 72 The authenticator within Kerberos provides a requested service to the client after validating whichof the following? A. timestamp B. client public key C. client private key D. server public key

QUESTION NO: 73 Which of the following is addressed by Kerberos? A. Confidentiality and Integrity B. Authentication and Availability C. Validation and Integrity D. Auditability and Integrity

QUESTION NO: 74 Kerberos is vulnerable to replay in which of the following circumstances? A. When a private key is compromised within an allotted time window. B. When a public key is compromised within an allotted time window. C. When a ticket is compromised within an allotted time window. D. When the KSD is compromised within an allotted time window.

QUESTION NO: 75 Like the Kerberos protocol, SESAME is also subject to which of the following? A. timeslot replay B. password guessing C. symmetric key guessing D. asymmetric key guessing

QUESTION NO: 76 RADIUS incorporates which of the following services? A. Authentication server and PIN codes. B. Authentication of clients and static passwords generation. C. Authentication of clients and dynamic passwords generation. D. Authentication server as well as support for Static and Dynamic passwords.

QUESTION NO: 77 Which of the following protects a password from eavesdroppers and supports the encryption of communication? A. Challenge Handshake Authentication Protocol (CHAP) B. Challenge Handshake Identification Protocol (CHIP) C. Challenge Handshake Encryption Protocol (CHEP) D. Challenge Handshake Substitution Protocol (CHSP)

QUESTION NO: 78 Which of the following represents the columns of the table in a relational database? A. attributes B. relation C. record retention D. records or tuples

QUESTION NO: 79 A database view is the results of which of the following operations? A. Join and Select. B. Join, Insert, and Project. C. Join, Project, and Create. D. Join, Project, and Select.

QUESTION NO: 80 Which of the following is used to create and modify the structure of your tables and other objects in the database? A. SQL Data Definition Language (DDL) B. SQL Data Manipulation Language (DML) C. SQL Data Relational Language (DRL) D. SQL Data Identification Language (DIL)

QUESTION NO: 81 Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place? A. Intrusion Detection System B. Compliance Validation System C. Intrusion Management System (IMS) D. Compliance Monitoring System

QUESTION NO: 82 Which of the following monitors network traffic in real time? A. network-based IDS B. host-based IDS C. application-based IDS D. firewall-based IDS

QUESTION NO: 83 A host-based IDS is resident on which of the following? A. On each of the critical hosts B. decentralized hosts C. central hosts D. bastion hosts

QUESTION NO: 84 Which of the following usually provides reliable, real-time information without consuming networkor host resources? A. network-based IDS B. host-based IDS C. application-based IDS D. firewall-based IDS

QUESTION NO: 85 The fact that a network-based IDS reviews packets payload and headers enable which of the following? A. Detection of denial of service B. Detection of all viruses C. Detection of data corruption D. Detection of all password guessing attacks

QUESTION NO: 86 Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful? A. host-based IDS B. firewall-based IDS C. bastion-based IDS D. server-based IDS

QUESTION NO: 87 What would be considered the biggest drawback of Host-based Intrusion Detection systems(HIDS)? A. It can be very invasive to the host operating system B. Monitors all processes and activities on the host system only C. Virtually eliminates limits associated with encryption D. They have an increased level of visibility and control compared to NIDS

QUESTION NO: 88 Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)? A. signature-based IDS B. statistical anomaly-based IDS C. event-based IDS D. inferent-based IDS

QUESTION NO: 89 Which of the following is an issue with signature-based intrusion detection systems? A. Only previously identified attack signatures are detected. B. Signature databases must be augmented with inferential elements. C. It runs only on the windows operating system D. Hackers can circumvent signature evaluations.

QUESTION NO: 90 Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host? A. Statistical Anomaly-Based ID B. Signature-Based ID C. dynamical anomaly-based ID D. inferential anomaly-based ID

QUESTION NO: 91 Which of the following is most relevant to determining the maximum effective cost of access control? A. the value of information that is protected. B. management's perceptions regarding data importance. C. budget planning related to base versus incremental spending. D. the cost to replace lost data.

QUESTION NO: 92 Which of the following is NOT a factor related to Access Control? A. integrity B. authenticity C. confidentiality D. availability

QUESTION NO: 93 Which of the following is most appropriate to notify an external user that session monitoring is being conducted? A. Logon Banners B. Wall poster C. Employee Handbook D. Written agreement

QUESTION NO: 94 Which of the following pairings uses technology to enforce access control policies? A. Preventive/Administrative B. Preventive/Technical C. Preventive/Physical D. Detective/Administrative

QUESTION NO: 95 In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in? A. Recovery B. Containment C. Triage D. Analysis and tracking

QUESTION NO: 96 Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to: A. specify what users can do B. specify which resources they can access C. specify how to restrain hackers D. specify what operations they can perform on a system.

QUESTION NO: 97 Access Control techniques do not include which of the following choices? A. Relevant Access Controls B. Discretionary Access Control C. Mandatory Access Control D. Lattice Based Access Control

QUESTION NO: 98 Which of the following statements relating to the Bell-LaPadula security model is FALSE(assuming the Strong Star property is not being used)? A. A subject is not allowed to read up. B. The *- property restriction can be escaped by temporarily downgrading a high level subject. C. A subject is not allowed to read down. D. It is restricted to confidentiality.

QUESTION NO: 99 When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED? A. Type I error B. Type II error C. Type III error D. Crossover error

QUESTION NO: 100 Which of the following is the FIRST step in protecting data's confidentiality? A. Install a firewall B. Implement encryption C. Identify which information is sensitive D. Review all user access rights

QUESTION NO: 101 Which of the following best ensures accountability of users for the actions taken within a system or domain? A. Identification B. Authentication C. Authorization D. Credentials

QUESTION NO: 102 Which of the following statements pertaining to biometrics is FALSE? A. User can be authenticated based on behavior. B. User can be authenticated based on unique physical attributes. C. User can be authenticated by what he knows. D. A biometric system's accuracy is determined by its crossover error rate (CER).

QUESTION NO: 103 Which of the following biometric devices offers the LOWEST CER? A. Keystroke dynamics B. Voice verification C. Iris scan D. Fingerprint

QUESTION NO: 104 Which of the following is the WEAKEST authentication mechanism? A. Passphrases B. Passwords C. One-time passwords D. Token devices

QUESTION NO: 105 Which of the following statements pertaining to access control is false? A. Users should only access data on a need-to-know basis. B. If access is not explicitly denied, it should be implicitly allowed. C. Access rights should be granted based on the level of trust a company has on a subject. D. Roles can be an efficient way to assign rights to a type of user who performs certain tasks.

QUESTION NO: 106 Which of the following is NOT part of the Kerberos authentication protocol? A. Symmetric key cryptography B. Authentication service (AS) C. Principals D. Public Key

QUESTION NO: 107 Which access control model enables the OWNER of the resource to specify what subjects canaccess specific resources based on their identity? A. Discretionary Access Control B. Mandatory Access Control C. Sensitive Access Control D. Role-based Access Control

QUESTION NO: 108 Which of the following access control models is based on sensitivity labels? A. Discretionary access control B. Mandatory access control C. Rule-based access control D. Role-based access control

QUESTION NO: 109 Which access control model is also called Non Discretionary Access Control (NDAC)? A. Lattice based access control B. Mandatory access control C. Role-based access control D. Label-based access control

QUESTION NO: 110 Which access model is most appropriate for companies with a high employee turnover? A. Role-based access control B. Mandatory access control C. Lattice-based access control D. Discretionary access control

QUESTION NO: 111 In a security context what are database views used for? A. To ensure referential integrity B. To allow easier access to data in a database C. To restrict user access to data in a database D. To provide audit trails

QUESTION NO: 112 What can be defined as a list of subjects along with their access rights that are authorized toaccess a specific object? A. A capability table B. An access control list C. An access control matrix D. A role-based matrix

QUESTION NO: 113 What is the difference between Access Control Lists (ACLs) and Capability Tables? A. Access control lists are related/attached to a subject whereas capability tables arerelated/attached to an object. B. Access control lists are related/attached to an object whereas capability tables arerelated/attached to a subject. C. Capability tables are used for objects whereas access control lists are used for users. D. They are basically the same.

QUESTION NO: 114 What can be defined as a table of subjects and objects indicating what actions individual subjectscan take upon individual objects? A. A capacity table B. An access control list C. An access control matrix D. A capability table

QUESTION NO: 115 Which access control model is best suited in an environment where a high security level isrequired and where it is desired that only the administrator grants access control? A. DAC B. MAC C. Access control matrix D. TACACS

QUESTION NO: 116 What is the primary goal of setting up a honey pot? A. To lure hackers into attacking unused systems B. To entrap and track down possible hackers C. To set up a sacrificial lamb on the network D. To know when certain types of attacks are in progress and to learn about attack techniques sothe network can be fortified.

QUESTION NO: 117 Which of the following countermeasures would be the most appropriate to prevent possibleintrusion or damage from wardialing attacks? A. Monitoring and auditing for such activity B. Require user authentication C. Making sure only necessary phone numbers are made public D. Using completely different numbers for voice and data accesses

QUESTION NO: 118 Which access control model provides upper and lower bounds of access capabilities for a subject? A. Role-based access control B. Lattice-based access control C. Biba access control D. Content-dependent access control

QUESTION NO: 119 How are memory cards and smart cards different? A. Memory cards normally hold more memory than smart cards B. Smart cards provide a two-factor authentication whereas memory cards don't C. Memory cards have no processing power D. Only smart cards can be used for ATM cards

QUESTION NO: 120 Which of the following issues is not addressed by Kerberos? A. Availability B. Confidentiality C. Integrity D. Authentication

QUESTION NO: 121 Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit D. Because of insufficient system memory

QUESTION NO: 122 What is the main focus of the Bell-LaPadula security model? A. Accountability B. Integrity C. Confidentiality D. Availability

QUESTION NO: 123 Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT makinguse of the strong star property? A. It allows "read up." B. It addresses covert channels. C. It addresses management of access controls. D. It allows "write up."

QUESTION NO: 124 Which security model introduces access to objects only through programs? A. The Biba model B. The Bell-LaPadula model C. The Clark-Wilson model D. The information flow model

QUESTION NO: 125 An Intrusion Detection System (IDS) is what type of control? A. A preventive control. B. A detective control. C. A recovery control. D. A directive control.

QUESTION NO: 126 Smart cards are an example of which type of control? A. Detective control B. Administrative control C. Technical control D. Physical control

QUESTION NO: 127 What ensures that the control mechanisms correctly implement the security policy for the entire lifecycle of an information system? A. Accountability controls B. Mandatory access controls C. Assurance procedures D. Administrative controls

QUESTION NO: 128 What security model is dependent on security labels? A. Discretionary access control B. Label-based access control C. Mandatory access control D. Non-discretionary access control

QUESTION NO: 129 What security model implies a central authority that define rules and sometimes global rules,dictating what subjects can have access to what objects? A. Flow Model B. Discretionary access control C. Mandatory access control D. Non-discretionary access control

QUESTION NO: 130 Which type of password token involves time synchronization? A. Static password tokens B. Synchronous dynamic password tokens C. Asynchronous dynamic password tokens D. Challenge-response tokens

QUESTION NO: 131 Which of the following statements pertaining to biometrics is false? A. Increased system sensitivity can cause a higher false rejection rate B. The crossover error rate is the point at which false rejection rate equals the false acceptance rate. C. False acceptance rate is also known as Type II error. D. Biometrics are based on the Type 2 authentication mechanism.

QUESTION NO: 132 Which of the following statements pertaining to Kerberos is TRUE? A. Kerberos does not address availability B. Kerberos does not address integrity C. Kerberos does not make use of Symmetric Keys D. Kerberos cannot address confidentiality of information

QUESTION NO: 133 Database views are NOT used to: A. Implement referential integrity B. Implement least privilege C. To implement content-dependent access restrictions D. Implement need-to-know

QUESTION NO: 134 What IDS approach relies on a database of known attacks? A. Signature-based intrusion detection B. Statistical anomaly-based intrusion detection C. Behavior-based intrusion detection D. Network-based intrusion detection

QUESTION NO: 135 What refers to legitimate users accessing networked services that would normally be restricted to them? A. Spoofing B. Piggybacking C. Eavesdropping D. Logon abuse

QUESTION NO: 136 Which of the following is not a two-factor authentication mechanism? A. Something you have and something you know. B. Something you do and a password. C. A smartcard and something you are. D. Something you know and a password.

QUESTION NO: 137 Which of the following access control models introduces user security clearance and data classification? A. Role-based access control B. Discretionary access control C. Non-discretionary access control D. Mandatory access control

QUESTION NO: 138 Password management falls into which control category? A. Compensating B. Detective C. Preventive D. Technical

QUESTION NO: 139 Which of the following access control models requires security clearance for subjects? A. Identity-based access control B. Role-based access control C. Discretionary access control D. Mandatory access control

QUESTION NO: 140 Which of the following would describe a type of biometric error refers to as false rejection rate? A. Type I error B. Type II error C. Type III error D. CER error

QUESTION NO: 141 Which of the following access control models requires defining classification for objects? A. Role-based access control B. Discretionary access control C. Identity-based access control D. Mandatory access control

QUESTION NO: 142 In the context of access control, locks, gates, guards are examples of which of the following? A. Administrative controls B. Technical controls C. Physical controls D. Logical controls

QUESTION NO: 143 Which of the following statements pertaining to Kerberos is true? A. Kerberos uses public key cryptography. B. Kerberos uses X.509 certificates. C. Kerberos is a credential-based authentication system. D. Kerberos was developed by Microsoft.

QUESTION NO: 144 Which of the following statements pertaining to using Kerberos without any extension is false? A. A client can be impersonated by password-guessing. B. Kerberos is mostly a third-party authentication protocol. C. Kerberos uses public key cryptography. D. Kerberos provides robust authentication.

QUESTION NO: 145 Which access control model would a lattice-based access control model be an example of? A. Mandatory access control. B. Discretionary access control. C. Non-discretionary access control. D. Rule-based access control.

QUESTION NO: 146 Which of the following is an example of discretionary access control? A. Identity-based access control B. Task-based access control C. Role-based access control D. Rule-based access control

QUESTION NO: 147 Which of the following would be used to implement Mandatory Access Control (MAC)? A. Clark-Wilson Access Control B. Role-based access control C. Lattice-based access control D. User dictated access control

QUESTION NO: 148 What does the Clark-Wilson security model focus on? A. Confidentiality B. Integrity C. Accountability D. Availability

QUESTION NO: 149 What does the simple security (ss) property mean in the Bell-LaPadula model? A. No read up B. No write down C. No read down D. No write up

QUESTION NO: 150 What does the * (star) property mean in the Bell-LaPadula model? A. No write up B. No read up C. No write down D. No read down

QUESTION NO: 151 What does the * (star) integrity axiom mean in the Biba model? A. No read up B. No write down C. No read down D. No write up

QUESTION NO: 152 What is the Biba security model concerned with? A. Confidentiality B. Reliability C. Availability D. Integrity

QUESTION NO: 153 Which security model uses division of operations into different parts and requires different users toperform each part? A. Bell-LaPadula model B. Biba model C. Clark-Wilson model D. Non-interference model

QUESTION NO: 154 Which type of control is concerned with avoiding occurrences of risks? A. Deterrent controls B. Detective controls C. Preventive controls D. Compensating controls

QUESTION NO: 155 Which type of control is concerned with restoring controls? A. Compensating controls B. Corrective controls C. Detective controls D. Preventive controls

QUESTION NO: 156 Which of the following biometric parameters are better suited for authentication use over a longperiod of time? A. Iris pattern B. Voice pattern C. Signature dynamics D. Retina pattern

QUESTION NO: 157 Which of the following is required in order to provide accountability? A. Authentication B. Integrity C. Confidentiality D. Audit trails

QUESTION NO: 158 Which of the following access control techniques best gives the security officers the ability tospecify and enforce enterprise-specific security policies in a way that maps naturally to anorganization's structure? A. Access control lists B. Discretionary access control C. Role-based access control D. Non-mandatory access control

QUESTION NO: 159 Which access control model was proposed for enforcing access control in government and military applications? A. Bell-LaPadula model B. Biba model C. Sutherland model D. Brewer-Nash model

QUESTION NO: 160 Which access control model achieves data integrity through well-formed transactions andseparation of duties? A. Clark-Wilson model B. Biba model C. Non-interference model D. Sutherland model

QUESTION NO: 161 This is a common security issue that is extremely hard to control in large environments. It occurswhen a user has more computer rights, permissions, and access than what is required for thetasks the user needs to fulfill. What best describes this scenario? A. Excessive Rights B. Excessive Access C. Excessive Permissions D. Excessive Privileges

QUESTION NO: 162 Which of the following are additional access control objectives? A. Consistency and utility B. Reliability and utility C. Usefulness and utility D. Convenience and utility

QUESTION NO: 163 Controls are implemented to: A. eliminate risk and reduce the potential for loss B. mitigate risk and eliminate the potential for loss C. mitigate risk and reduce the potential for loss D. eliminate risk and eliminate the potential for loss

QUESTION NO: 164 Logical or technical controls involve the restriction of access to systems and the protection ofinformation. Which of the following statements pertaining to these types of controls is correct? A. Examples of these types of controls include policies and procedures, security awarenesstraining, background checks, work habit checks but do not include a review of vacation history,and also do not include increased supervision. B. Examples of these types of controls do not include encryption, smart cards, access lists, andtransmission protocols. C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols. D. Examples of these types of controls include policies and procedures, security awarenesstraining, background checks, work habit checks, a review of vacation history, and increasedsupervision.

QUESTION NO: 165 Controls provide accountability for individuals who are accessing sensitive information. Thisaccountability is accomplished: A. through access control mechanisms that require identification and authentication and throughthe audit function. B. through logical or technical controls involving the restriction of access to systems and theprotection of information. C. through logical or technical controls but not involving the restriction of access to systems andthe protection of information D. through access control mechanisms that do not require identification and authentication and donot operate through the audit function.

QUESTION NO: 166 In non-discretionary access control using Role Based Access Control (RBAC), a central authoritydetermines what subjects can have access to certain objects based on the organizational securitypolicy. The access controls may be based on: A. The societies role in the organization B. The individual's role in the organization C. The group-dynamics as they relate to the individual's role in the organization D. The group-dynamics as they relate to the master-slave role in the organization

QUESTION NO: 167 In an organization where there are frequent personnel changes, non-discretionary access controlusing Role Based Access Control (RBAC) is useful because: A. people need not use discretion B. the access controls are based on the individual's role or title within the organization. C. the access controls are not based on the individual's role or title within the organization D. the access controls are often based on the individual's role or title within the organization

QUESTION NO: 168 Another type of access control is lattice-based access control. In this type of control a lattice modelis applied. How is this type of access control concept applied? A. The pair of elements is the subject and object, and the subject has an upper bound equal orhigher than the upper bound of the object being accessed. B. The pair of elements is the subject and object, and the subject has an upper bound lower thenthe upper bound of the object being accessed. C. The pair of elements is the subject and object, and the subject has no special upper or lowerbound needed within the lattice. D. The pair of elements is the subject and object, and the subject has no access rights in relationto an object.

QUESTION NO: 169 Detective/Technical measures: A. include intrusion detection systems and automatically-generated violation reports from audittrail information. B. do not include intrusion detection systems and automatically-generated violation reports fromaudit trail information. C. include intrusion detection systems but do not include automatically-generated violation reportsfrom audit trail information. D. include intrusion detection systems and customised-generated violation reports from audit trailinformation.

QUESTION NO: 170 Passwords can be required to change monthly, quarterly, or at other intervals: A. depending on the criticality of the information needing protection B. depending on the criticality of the information needing protection and the password's frequencyof use. C. depending on the password's frequency of use. D. not depending on the criticality of the information needing protection but depending on thepassword's frequency of use.

QUESTION NO: 171 When submitting a passphrase for authentication, the passphrase is converted into ... A. a virtual password by the system. B. a new passphrase by the system. C. a new passphrase by the encryption technologyISC CISSP Exam" D. a real password by the system which can be used forever.

QUESTION NO: 172 In the context of Biometric authentication, what is a quick way to compare the accuracy of devices.In general, the device that have the lowest value would be the most accurate. Which of thefollowing would be used to compare accuracy of devices? A. the CER is used. B. the FRR is used C. the FAR is used D. The FER is used

QUESTION NO: 173 The throughput rate is the rate at which individuals, once enrolled, can be processed and identifiedor authenticated by a biometric system. Acceptable throughput rates are in the range of: A. 100 subjects per minute. B. 25 subjects per minute. C. 10 subjects per minute. D. 50 subjects per minute.

QUESTION NO: 174 Which of the following biometric devices has the lowest user acceptance level? A. Retina Scan B. Fingerprint scan C. Hand geometry D. Signature recognition

QUESTION NO: 175 Which of the following would be an example of the best password? A. golf001 B. Elizabeth C. T1me4g0lF D. password

QUESTION NO: 176 Which of the following tools is less likely to be used by a hacker? A. l0phtcrack B. Tripwire C. OphCrack D. John the Ripper

QUESTION NO: 177 What is an error called that causes a system to be vulnerable because of the environment in whichit is installed? A. Configuration error B. Environmental error C. Access validation error D. Exceptional condition handling error

QUESTION NO: 178 A network-based vulnerability assessment is a type of test also referred to as: A. An active vulnerability assessment. B. A routing vulnerability assessment. C. A host-based vulnerability assessment. D. A passive vulnerability assessment.

QUESTION NO: 179 Why would anomaly detection IDSs often generate a large number of false positives? A. Because they can only identify correctly attacks they already know about. B. Because they are application-based are more subject to attacks. C. Because they can't identify abnormal behavior. D. Because normal patterns of user and system behavior can vary wildly.

QUESTION NO: 180 Ensuring least privilege does not require: A. Identifying what the user's job is. B. Ensuring that the user alone does not have sufficient rights to subvert an important process. C. Determining the minimum set of privileges required for a user to perform their duties. D. Restricting the user to required privileges and nothing more.

QUESTION NO: 181 Which of the following is NOT a form of detective technical control? A. Audit trails B. Access control software C. Honeypot D. Intrusion detection system

QUESTION NO: 182 Which of the following does not apply to system-generated passwords? A. Passwords are harder to remember for users. B. If the password-generating algorithm gets to be known, the entire system is in jeopardy. C. Passwords are more vulnerable to brute force and dictionary attacks. D. Passwords are harder to guess for attackers.

QUESTION NO: 183 Which of the following is not a preventive login control? A. Last login message B. Password aging C. Minimum password length D. Account expiration

QUESTION NO: 184 What is the most critical characteristic of a biometric identifying system? A. Perceived intrusiveness B. Storage requirements C. Accuracy D. Scalability

QUESTION NO: 185 What is considered the most important type of error to avoid for a biometric access control system? A. Type I Error B. Type II Error C. Combined Error Rate D. Crossover Error Rate

QUESTION NO: 186 How can an individual/person best be identified or authenticated to prevent local masquerading attacks? A. User Id and password B. Smart card and PIN code C. Two-factor authentication D. Biometrics

QUESTION NO: 187 Which authentication technique best protects against hijacking? A. Static authentication B. Continuous authentication C. Robust authentication D. Strong authentication

QUESTION NO: 188 Which of the following is not a security goal for remote access? A. Reliable authentication of users and systems B. Protection of confidential data C. Easy to manage access control to systems and network resources D. Automated login for remote users

QUESTION NO: 189 Which of the following is most concerned with personnel security? A. Management controls B. Operational controls C. Technical controls D. Human resources controls

QUESTION NO: 190 Which of the following questions is less likely to help in assessing identification and authentication controls? A. Is a current list maintained and approved of authorized users and their access? B. Are passwords changed at least every ninety days or earlier if needed? C. Are inactive user identifications disabled after a specified period of time? D. Is there a process for reporting incidents?

QUESTION NO: 191 How would nonrepudiation be best classified as? A. A preventive control B. A logical control C. A corrective control D. A compensating control

QUESTION NO: 192 What are cognitive passwords? A. Passwords that can be used only once. B. Fact or opinion-based information used to verify an individual's identity. C. Password generators that use a challenge response scheme. D. Passphrases.

QUESTION NO: 193 Which of the following Kerberos components holds all users' and services' cryptographic keys? A. The Key Distribution Service B. The Authentication Service C. The Key Distribution Center D. The Key Granting Service

QUESTION NO: 194 Most access violations are: A. Accidental B. Caused by internal hackers C. Caused by external hackers D. Related to Internet

QUESTION NO: 195 Which of the following biometrics devices has the highest Crossover Error Rate (CER)? A. Iris scan B. Hand geometry C. Voice pattern D. Fingerprints

QUESTION NO: 196 Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)? A. Authentication B. Administration C. Accounting D. Authorization

QUESTION NO: 197 Which of the following protocol was used by the INITIAL version of the Terminal Access ControllerAccess Control System TACACS for communication between clients and servers? A. TCP B. SSL C. UDP D. SSH

QUESTION NO: 198 Which of the following can best eliminate dial-up access through a Remote Access Server as ahacking vector? A. Using a TACACS+ server. B. Installing the Remote Access Server outside the firewall and forcing legitimate users toauthenticate to the firewall. C. Setting modem ring count to at least 5 D. Only attaching modems to non-networked hosts.

QUESTION NO: 199 In the Bell-LaPadula model, the Star-property is also called: A. The simple security property B. The confidentiality property C. The confinement property D. The tranquility property

QUESTION NO: 200 An attack initiated by an entity that is authorized to access system resources but uses them in away not approved by those who granted the authorization is known as a(n): A. active attack. B. outside attack. C. inside attack. D. passive attack.

QUESTION NO: 201 Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences? A. Extensible Authentication Protocol B. Challenge Handshake Authentication Protocol C. Remote Authentication Dial-In User Service D. Multilevel Authentication Protocol.

QUESTION NO: 202 What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A. Clark and Wilson Model B. Harrison-Ruzzo-Ullman Model C. Rivest and Shamir Model D. Bell-LaPadula Model

QUESTION NO: 203 What is the PRIMARY use of a password? A. Allow access to files. B. Identify the user. C. Authenticate the user. D. Segregate various user's accesses.

QUESTION NO: 204 The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something: A. you need. B. you read. C. you are. D. you do.

``` QUESTION NO: 205 An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? A. Discretionary Access B. Least Privilege C. Mandatory Access D. Separation of Duties ```

QUESTION NO: 206 Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these item listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following? A. Multi-party authentication B. Two-factor authentication C. Mandatory authentication D. Discretionary authentication

QUESTION NO: 207 What would you call a network security control deployed in line to detects, alerts, and takes action when a possible intrusion is detected. A. Application Based Instrusion Detection Systems (AIDS) B. Network Based Intrusion Detection System (NIDS) C. Intrusion Prevention System (IPS) D. Host Based Intrusion Detection System (HIDS)

QUESTION NO: 208 What is a security policy? A. High level statements on management's expectations that must be met in regards to security B. A policy that defines authentication to the network. C. A policy that focuses on ensuring a secure posture and expresses management approval. It explains in detail how to implement the requirements. D. A statement that focuses on the authorization process for a system

QUESTION NO: 209 Legacy single sign on (SSO) is: A. Technology to allow users to authenticate to every application by entering the same user ID and password each time, thus having to remember only a single password. B. Technology to manage passwords consistently across multiple platforms, enforcing policies such as password change intervals. C. A mechanism where users can authenticate themselves once, and then a central repository of their credentials is used to launch various legacy applications. D. Another way of referring to SESAME and KryptoKnight, now that Kerberos is the de-facto industry standard single sign on mechanism.

QUESTION NO: 210 Identity Management solutions include such technologies as Directories services, Single Sign-On and Web Access management. There are many reasons for management to choose an identity management solution. Which of the following is a key management challenge regarding identity management solutions? A. Increasing the number of points of failures. B. Users will no longer be able to “recycle” their password for different applications. C. Costs increase as identity management technologies require significant resources. D. It must be able to scale to support high volumes of data and peak transaction rates.

QUESTION NO: 211 Which of the following describes the sequence of steps required for a Kerberos session to be established between a user (Principal P1), and an application server (Principal P2)? A. Principals P1 and Principals P2 authenticate to the Key Distribution Center (KDC), B. Principal P1 receives a Ticket Granting Ticket (TGT), and then Principal P2 requests a service ticket from the KDC. C. Principal P1 authenticates to the Key Distribution Center(KDC), Principal P1 receives a Ticket Granting Ticket (TGT), and Principal P1 requests a service ticket from the Ticket Granting Service (TGS) in order to access the application server P2 D. Principal P1 authenticates to the Key Distribution Center (KDC), E. Principal P1 requests a Ticket Granting Ticket (TGT) from the authentication server, and then Principal P1 requests a service ticket from the application server P2 F. Principals P1 and P2 authenticate to the Key Distribution Center (KDC), Principal P1 requests a Ticket Granting Ticket (TGT) from the authentication server, and application server P2 requests a service ticket from P1

QUESTION NO: 212 Which type of security control is also known as "Logical" control? A. Physical B. Technical C. Administrative D. Risk

QUESTION NO: 213 Which of the following term best describes a weakness that could potentially be exploited? A. Vulnerability B. Risk C. Threat D. Target of evaluation (TOE)

QUESTION NO: 214 Which of the following best describes an exploit? A. An intentional hidden message or feature in an object such as a piece of software or a movie. B. A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software C. An anomalous condition where a process attempts to store data beyond the boundaries of a fixed-length buffer D. A condition where a program (either an application or part of the operating system) stops performing its expected function and also stops responding to other parts of the system

QUESTION NO: 215 A smart Card that has two chips with the Capability of utilizing both Contact and Contactless formats is called: A. Contact Smart Cards B. Contactless Smart Cards C. Hybrid Cards D. Combi Cards

QUESTION NO: 216 An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to the true ceiling and installs a white noise generator. What attack is the employee trying to protect against? A. Emanation Attacks B. Social Engineering C. Object reuse D. Wiretaping

QUESTION NO: 217 The best technique to authenticate to a system is to: A. Establish biometric access through a secured server or Web site. B. Ensure the person is authenticated by something he knows and something he has. C. Maintain correct and accurate ACLs (access control lists) to allow access to applications. D. Allow access only through user ID and password.

QUESTION NO: 218 Business Impact Analysis (BIA) is about A. Technology B. Supporting the mission of the organization C. Due Care D. Risk Assessment

QUESTION NO: 219 You wish to make use of "port knocking" technologies. How can you BEST explain this? A. Port knocking is where the client will attempt to connect to a predefined set of ports to identify him as an authorized client. B. Port knocking is where the user calls the server operator to have him start the service he wants to connect to. C. This is where all the ports are open on the server and the connecting client scans the open port to which he wants to connect to see if it's open and running. D. Port knocking is where the port sequence is encrypted with 3DES and only the server has the other key to decrypt the port sequence.

QUESTION NO: 220 Tim is a network administrator of Acme inc. He is responsible for configuring the network devices. John the new security manager reviews the configuration of the Firewall configured by Tim and identifies an issue. This specific firewall is configured in failover mode with another firewall. A sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used by Tim while configuring the firewalls. Which of the following should be used by Tim to ensure a that no one can eavesdrop on the communication? A. SSH B. SFTP C. SCP D. RSH

QUESTION NO: 221 Tim's day to day responsibilities include monitoring health of devices on the network. He uses a Network Monitoring System supporting SNMP to monitor the devices for any anomalies or high traffic passing through the interfaces. Which of the protocols would be BEST to use if some of the requirements are to prevent easy disclosure of the SNMP strings and authentication of the source of the packets? A. UDP B. SNMP V1 C. SNMP V3 D. SNMP V2

QUESTION NO: 222 You have been approached by one of your clients . They are interested in doing some security reengineering . The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications . Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional , which model would you recommend to the client? A. Information Flow Model combined with Bell Lapadula B. Bell Lapadula C. Biba D. Information Flow Model

QUESTION NO: 223 Which of the following is a reasonable response from the Intrusion Detection System (IDS) when it detects Internet Protocol (IP) packets where the IP source address and port is the same as the destination IP address and port? A. Allow the packet to be processed by the network and record the event B. Record selected information about the packets and drop the packets C. Resolve the destination address and process the packet D. Translate the source address and resend the packet

QUESTION NO: 224 What is the BEST definition of SQL injection. A. SQL injection is a database problem. B. SQL injection is a web Server problem. C. SQL injection is a windows and Linux website problem that could be corrected by applying a website vendors patch. D. SQL injection is an input validation problem.

QUESTION NO: 225 You are a security consultant who is required to perform penetration testing on a client's network. During penetration testing, you are required to use a compromised system to attack other systems on the network to avoid network restrictions like firewalls. Which method would you use in this scenario: A. Black box Method B. Pivoting method C. White Box Method. D. Grey Box Method

QUESTION NO: 226 Which answer best describes a computer software attack that takes advantage of a previously unpublished vulnerability? A. Zero-Day Attack B. Exploit Attack C. Vulnerability Attack D. Software Crack

QUESTION NO: 227 Data which is properly secured and can be described with terms like genuine or not corrupted from the original refers to data that has a high level of what? A. Authenticity B. Authorization C. Availability D. Non-Repudiation

QUESTION NO: 228 Which of the following is most appropriate to notify an internal user that session monitoring is being conducted? A. Logon Banners B. Wall poster C. Employee Handbook D. Written agreement

QUESTION NO: 229 A Differential backup process will: A. Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1 B. Backs up data labeled with archive bit 1 and changes the data label to archive bit 0 C. Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0 D. Backs up data labeled with archive bit 0 and changes the data label to archive bit 1

QUESTION NO: 230 When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason? A. Human error B. The Windows Operating system C. Insecure programming languages D. Insecure Transport Protocols

QUESTION NO: 231 Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer? A. LCL and MAC; IEEE 8022 and 8023 B. LCL and MAC; IEEE 8021 and 8023 C. Network and MAC; IEEE 8021 and 8023

QUESTION NO: 232 Which of the following is NOT part of user provisioning? A. Creation and deactivation of user accounts B. Business process implementation C. Maintenance and deactivation of user objects and attributes D. Delegating user administration

QUESTION NO: 233 Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test? A. White-Box Penetration Testing B. Black-Box Pen Testing C. Penetration Testing D. Gray-Box Pen Testing

QUESTION NO: 234 Which access control method allows the data owner (the person who created the file) to control access to the information they own? A. DAC - Discretionary Access Control B. MAC - Mandatory Access Control C. RBAC - Role-Based Access Control D. NDAC - Non-Discretionary Access Control

QUESTION NO: 235 Suppose you are a domain administrator and are choosing an employee to carry out backups. Which access control method do you think would be best for this scenario? A. RBAC - Role-Based Access Control B. MAC - Mandatory Access Control C. DAC - Discretionary Access Control D. RBAC - Rule-Based Access Control

QUESTION NO: 236 Of the seven types of Access Control Categories, which is described as such? Designed to specify rules of acceptable behavior in the organization. Example: Policy stating that employees may not spend time on social media websites A. Directive Access Control B. Deterrent Access Control C. Preventive Access Control D. Detective Access Control

QUESTION NO: 237 Which of the following is NOT a disadvantage of Single Sign On (SSO)? A. Support for all major operating system environment is difficult B. The cost associated with SSO development can be significant C. SSO could be single point of failure and total compromise of an organization asset D. SSO improves an administrator's ability to manage user's account and authorization to all associated system

QUESTION NO: 238 You are a manager for a large international bank and periodically move employees between positions in your department. What is this process called? A. Job Rotation B. Separation of Duties C. Mandatory Rotations D. Dual Control

QUESTION NO: 239 Which of the following control is intended to discourage a potential attacker? A. Deterrent B. Preventive C. Corrective D. Recovery

QUESTION NO: 240 Which of the following security control is intended to avoid an incident from occurring? A. Deterrent B. Preventive C. Corrective D. Recovery

QUESTION NO: 241 Which of the following control helps to identify an incident’s activities and potentially an intruder? A. Deterrent B. Preventive C. Detective D. Compensating

QUESTION NO: 242 Which of the following is NOT an example of preventive control? A. Physical access control like locks and door B. User login screen which allows only authorize user to access website C. Encrypt the data so that only authorize user can view the same D. Duplicate checking of a calculations

QUESTION NO: 243 Which of the following is NOT an example of corrective control? A. OS Upgrade B. Backup and restore C. Contingency planning D. System Monitoring

QUESTION NO: 244 Which of the following is NOT an example of a detective control? A. System Monitor B. IDS C. Monitor detector D. Backup data restore

QUESTION NO: 245 During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication? A. Eavesdropping B. Traffic analysis C. Masquerading D. Race Condition

QUESTION NO: 246 Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)? A. Eavesdropping B. Traffic analysis C. Masquerading D. Race Condition

QUESTION NO: 247 Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users? A. Palm Scan B. Hand Geometry C. Fingerprint D. Retina scan

QUESTION NO: 248 During an IS audit, one of your auditor has observed that some of the critical servers in your organization can be accessed ONLY by using shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach? A. Password sharing B. Accountability C. Shared account management D. Difficulty in auditing shared account

QUESTION NO: 249 Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of it's internals? A. Black-box testing B. Parallel Test C. Regression Testing D. Pilot Testing

QUESTION NO: 250 Which of the following testing method examines internal structure or working of an application? A. White-box testing B. Parallel Test C. Regression Testing D. Pilot Testing

QUESTION NO: 251 Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request? A. ICMP B. TCP C. UDP D. IP

QUESTION NO: 252 When referring to the data structures of a packet, the term Protocol Data Unit (PDU) is used, what is the proper term to refer to a single unit of TCP data at the transport layer? A. TCP segment. B. TCP datagram. C. TCP frame. D. TCP packet.

QUESTION NO: 253 How do you distinguish between a bridge and a router? A. A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to. B. "Bridge" and "router" are synonyms for equipment used to join two networks. C. The bridge is a specific type of router used to connect a LAN to the global Internet. D. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.

QUESTION NO: 254 ICMP and IGMP belong to which layer of the OSI model? A. Datagram Layer. B. Network Layer. C. Transport Layer. D. Data Link Layer.

QUESTION NO: 255 What is a limitation of TCP Wrappers? A. It cannot control access to running UDP services. B. It stops packets before they reach the application layer, thus confusing some proxy servers. C. The hosts.* access control system requires a complicated directory tree. D. They are too expensive.

QUESTION NO: 256 The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

QUESTION NO: 257 The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.

QUESTION NO: 258 What is the proper term to refer to a single unit of IP data? A. IP segment. B. IP datagram. C. IP frame. D. IP fragment.

QUESTION NO: 259 A packet containing a long string of NOP's followed by a command is usually indicative of what? A. A syn scan. B. A half-port scan. C. A buffer overflow attack. D. A packet destined for the network's broadcast address.

QUESTION NO: 260 In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network? A. The first bit of the IP address would be set to zero. B. The first bit of the IP address would be set to one and the second bit set to zero. C. The first two bits of the IP address would be set to one, and the third bit set to zero. D. The first three bits of the IP address would be set to one.

QUESTION NO: 261 Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 192.168.42.5 B. 192.166.42.5 C. 192.175.42.5 D. 192.1.42.5

QUESTION NO: 262 In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class A network? A. The first bit of the IP address would be set to zero. B. The first bit of the IP address would be set to one and the second bit set to zero. C. The first two bits of the IP address would be set to one, and the third bit set to zero. D. The first three bits of the IP address would be set to one.

QUESTION NO: 263 Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)? A. 10.0.42.5 B. 11.0.42.5 C. 12.0.42.5 D. 13.0.42.5

QUESTION NO: 264 Which one of the following authentication mechanisms creates a problem for mobile users? A. Mechanisms based on IP addresses B. Mechanism with reusable passwords C. one-time password mechanism. D. challenge response mechanism.

QUESTION NO: 265 Which of the following media is MOST resistant to tapping? A. microwave. B. twisted pair. C. coaxial cable. D. fiber optic.

QUESTION NO: 266 Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic? A. a firewall. B. dial-up. C. passwords. D. fiber optics.

QUESTION NO: 267 Which one of the following is usually not a benefit resulting from the use of firewalls? A. reduces the risks of external threats from malicious hackers. B. prevents the spread of viruses. C. reduces the threat level on internal system. D. allows centralized management and control of services.

QUESTION NO: 268 Which of the following DoD Model layer provides non-repudiation services? A. network layer. B. application layer. C. transport layer. D. data link layer.

QUESTION NO: 269 What is the 802.11 standard related to? A. Public Key Infrastructure (PKI) B. Wireless network communications C. Packet-switching technology D. The OSI/ISO model

QUESTION NO: 270 Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network. Within which OSI/ISO layer is RPC implemented? A. Session layer B. Transport layer C. Data link layer D. Network layer

QUESTION NO: 271 Frame relay and X.25 networks are part of which of the following? A. Circuit-switched services B. Cell-switched services C. Packet-switched services D. Dedicated digital services

QUESTION NO: 272 Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided? A. Data Link B. Transport C. Presentation D. Application

QUESTION NO: 273 In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided? A. Transport B. Network C. Presentation D. Application

QUESTION NO: 274 Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)? A. TCP is connection-oriented, UDP is not. B. UDP provides for Error Correction, TCP does not. C. UDP is useful for longer messages, rather than TCP. D. TCP does not guarantee delivery of data, while UDP does guarantee data delivery.

QUESTION NO: 275 The standard server port number for HTTP is which of the following? A. 81 B. 80 C. 8080 D. 8180

QUESTION NO: 276 Looking at the choices below, which ones would be the most suitable protocols/tools for securing e-mail? A. PGP and S/MIME B. IPsec and IKE C. TLS and SSL D. SSH

QUESTION NO: 277 Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. S/MIME and SSH B. TLS and SSL C. IPsec and L2TP D. PKCS#10 and X.509

QUESTION NO: 278 What is the role of IKE within the IPsec protocol? A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service

QUESTION NO: 279 What is NOT an authentication method within IKE and IPSec? A. CHAP B. Pre shared key C. certificate based authentication D. Public key authentication

QUESTION NO: 280 What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol.

QUESTION NO: 281 In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server? A. Peer-to-peer authentication B. Only server authentication (optional) C. Server authentication (mandatory) and client authentication (optional) D. Role based authentication scheme

QUESTION NO: 282 What kind of encryption is realized in the S/MIME-standard? A. Asymmetric encryption scheme B. Password based encryption scheme C. Public key based, hybrid encryption scheme D. Elliptic curve based encryption

QUESTION NO: 283 Which of the following is true of network security? A. A firewall is a not a necessity in today's connected world. B. A firewall is a necessity in today's connected world. C. A whitewall is a necessity in today's connected world. D. A black firewall is a necessity in today's connected world.

QUESTION NO: 284 Which of the following best describes signature-based detection? A. Compare source code, looking for events or sets of events that could cause damage to a system or network. B. Compare system activity for the behaviour patterns of new attacks. C. Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack. D. Compare network nodes looking for objects or sets of objects that match a predefined pattern of objects that may describe a known attack.

QUESTION NO: 285 Which layer deals with Media Access Control (MAC) addresses? A. Data link layer B. Physical layer C. Transport layer D. Network layer

QUESTION NO: 286 What is a decrease in amplitude as a signal propagates along a transmission medium best known as? A. Crosstalk B. Noise C. Delay distortion D. Attenuation

QUESTION NO: 287 Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model? A. Bridge B. Repeater C. Router D. Gateway

QUESTION NO: 288 In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols? A. Transport layer B. Application layer C. Physical layer D. Network layer

QUESTION NO: 289 Which of the following transmission media would NOT be affected by cross talk or interference? A. Copper cable B. Radio System C. Satellite radiolink D. Fiber optic cables

QUESTION NO: 290 What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets? A. SYN Flood attack B. Smurf attack C. Ping of Death attack D. Denial of Service (DOS) attack

QUESTION NO: 291 Why are coaxial cables called "coaxial"? A. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis. B. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running along the same axis C. it includes two physical channels that carries the signal surrounded (after a layer of insulation) by another two concentric physical channels, both running along the same axis. D. it includes one physical channel that carries the signal surrounded (after a layer of insulation) by another concentric physical channel, both running perpendicular and along the different axis

QUESTION NO: 292 The International Organization for Standardization / Open Systems Interconnection (ISO/OSI) Layer 7 does NOT include which of the following? A. SMTP (Simple Mail Transfer Protocol) B. TCP (Transmission Control Protocol ) C. SNMP (Simple Network Management Protocol D. HTTP (Hypertext Transfer Protocol)

QUESTION NO: 293 The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics? A. Standard model for network communications B. Used to gain information from network devices such as count of packets received and routing tables C. Enables dissimilar networks to communicate D. Defines 7 protocol layers (a.k.a. protocol stack)

QUESTION NO: 294 The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following? A. Application Layer B. Presentation Layer C. Data Link Layer D. Network Layer

QUESTION NO: 295 In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices? A. new loop B. local loop C. loopback D. indigenous loop

QUESTION NO: 296 Communications and network security relates to transmission of which of the following? A. voice B. voice and multimedia C. data and multimedia D. voice, data and multimedia

QUESTION NO: 297 One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec) A. Data cannot be read by unauthorized parties B. The identity of all IPsec endpoints are confirmed by other endpoints C. Data is delivered in the exact order in which it is sent D. The number of packets being exchanged can be counted.

QUESTION NO: 298 One of these statements about the key elements of a good configuration process is NOT true A. Accommodate the reuse of proven standards and best practices B. Ensure that all requirements remain clear, concise, and valid C. Control modifications to system hardware in order to prevent resource changes D. Ensure changes, standards, and requirements are communicated promptly and precisely

QUESTION NO: 299 One of the following statements about the differences between PPTP and L2TP is NOT true A. PPTP can run only on top of IP networks. B. PPTP is an encryption protocol and L2TP is not. C. L2TP works well with all firewalls and network devices that perform NAT. D. L2TP supports AAA servers

QUESTION NO: 300 You have been tasked to develop an effective information classification program. Which one of the following steps should be performed first? A. Establish procedures for periodically reviewing the classification and ownership B. Specify the security controls required for each classification level C. Identify the data custodian who will be responsible for maintaining the security level of data D. Specify the criteria that will determine how data is classified

QUESTION NO: 301 In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in? A. Recovery B. Containment C. Triage D. Analysis and tracking

QUESTION NO: 302 Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection? A. Anomaly detection tends to produce more data B. A pattern matching IDS can only identify known attacks C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams D. An anomaly-based engine develops baselines of normal traffic activity and throughput, and alerts on deviations from these baselines

QUESTION NO: 303 Which of the following is NOT a characteristic of a host-based intrusion detection system? A. A HIDS does not consume large amounts of system resources B. A HIDS can analyse system logs, processes and resources C. A HIDS looks for unauthorized changes to the system D. A HIDS can notify system administrators when unusual events are identified

QUESTION NO: 304 Which of the following is NOT a correct notation for an IPv6 address? A. 2001:0db8:0:0:0:0:1428:57ab B. ABCD:EF01:2345:6789: C. ABCD:EF01:2345:6789::1 D. 2001:DB8::8:800::417A

QUESTION NO: 305 Another example of Computer Incident Response Team (CIRT) activities is: A. Management of the netware logs, including collection, retention, review, and analysis of data B. Management of the network logs, including collection and analysis of data C. Management of the network logs, including review and analysis of data D. Management of the network logs, including collection, retention, review, and analysis of data

QUESTION NO: 306 An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as: A. Netware availability B. Network availability C. Network acceptability D. Network accountability

QUESTION NO: 307 Which of the following is the correct set of assurance requirements for EAL 5? A. Semiformally verified design and tested B. Semiformally tested and checked C. Semiformally designed and tested D. Semiformally verified tested and checked

QUESTION NO: 308 Which of the following defines when RAID separates the data into multiple units and stores it on multiple disks? A. striping B. scanning C. screening D. shadowing

QUESTION NO: 309 What is the process that RAID Level 0 uses as it creates one large disk by using several disks? A. striping B. mirroring C. integrating D. clustering

QUESTION NO: 310 RAID Level 1 mirrors the data from one disk or set of disks using which of the following techniques? A. duplicating the data onto another disk or set of disks. B. moving the data onto another disk or set of disks. C. establishing dual connectivity to another disk or set of disks. D. establishing dual addressing to another disk or set of disks.

QUESTION NO: 311 Which of the following stripes the data and the parity information at the block level across all the drives in the set? A. RAID Level 5 B. RAID Level 0 C. RAID Level 2 D. RAID Level 1

QUESTION NO: 312 A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is: A. server cluster. B. client cluster. C. guest cluster. D. host cluster.

QUESTION NO: 313 If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a: A. server farm B. client farm C. cluster farm D. host farm

QUESTION NO: 314 Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.

QUESTION NO: 315 Which backup method is used if backup time is critical and tape space is at an extreme premium? A. Incremental backup method. B. Differential backup method. C. Full backup method. D. Tape backup method.

QUESTION NO: 316 Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? A. Fiber Optic cable B. Coaxial cable C. Twisted Pair cable D. Axial cable

QUESTION NO: 317 Which of the following methods of providing telecommunications continuity involves the use of an alternative media? A. Alternative routing B. Diverse routing C. Long haul network diversity D. Last mile circuit protection

QUESTION NO: 318 Which SERVICE usually runs on port 25? A. File Transfer Protocol (FTP) B. Telnet C. Simple Mail Transfer Protocol (SMTP) D. Domain Name Service (DNS)

QUESTION NO: 319 Which port does the Post Office Protocol Version 3 (POP3) make use of? A. 110 B. 109 C. 139 D. 119

QUESTION NO: 320 Which of the following are WELL KNOWN PORTS assigned by the IANA? A. Ports 0 to 255 B. Ports 0 to 1024 C. Ports 0 to 1023 D. Ports 0 to 127

QUESTION NO: 321 What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable? A. 80 meters B. 100 meters C. 185 meters D. 500 meters

QUESTION NO: 322 Secure Sockets Layer (SSL) is very heavily used for protecting which of the following? A. Web transactions. B. EDI transactions. C. Telnet transactions. D. Electronic Payment transactions.

QUESTION NO: 323 Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the:: A. Transport Layer Security (TLS) Internet Protocol. B. Transport Layer Security (TLS) Data Protocol. C. Transport Layer Security (TLS) Link Protocol. D. Transport Layer Security (TLS) Handshake Protocol.

QUESTION NO: 324 Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for: A. Peer Authentication B. Peer Identification C. Server Authentication D. Name Resolution

QUESTION NO: 325 Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. message non-repudiation. B. message confidentiality. C. message interleave checking. D. message integrity.

QUESTION NO: 326 Packet Filtering Firewalls can also enable access for: A. only authorized application port or service numbers. B. only unauthorized application port or service numbers. C. only authorized application port or ex-service numbers. D. only authorized application port or service integers.

QUESTION NO: 327 A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source and destination port for the: A. desired service. B. dedicated service. C. delayed service. D. distributed service.

QUESTION NO: 328 A Packet Filtering Firewall system is considered a: A. first generation firewall. B. second generation firewall. C. third generation firewall. D. fourth generation firewall.

QUESTION NO: 329 Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the: A. data's payload. B. data's details. C. data's owner. D. data's origin.

QUESTION NO: 330 An application layer firewall is also called a: A. Proxy B. A Presentation Layer Gateway. C. A Session Layer Gateway. D. A Transport Layer Gateway.

QUESTION NO: 331 Application Layer Firewalls operate at the: A. OSI protocol Layer seven, the Application Layer. B. OSI protocol Layer six, the Presentation Layer. C. OSI protocol Layer five, the Session Layer. D. OSI protocol Layer four, the Transport Layer.

QUESTION NO: 332 One drawback of Application Level Firewall is that it reduces network performance due to the fact that it must analyze every packet and: A. decide what to do with each application. B. decide what to do with each user. C. decide what to do with each port. D. decide what to do with each packet.

QUESTION NO: 333 A circuit level proxy is ___________________ when compared to an application level proxy. A. lower in processing overhead. B. more difficult to maintain. C. more secure. D. slower.

QUESTION NO: 334 In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the: A. Network or Transport Layer. B. Application Layer. C. Inspection Layer. D. Data Link Layer.

QUESTION NO: 335 When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass: A. packet filtering B. CIrcuit level proxy C. Dynamic packet filtering D. Application level proxy

QUESTION NO: 336 A demilitarized zone is: A. a part of a network perfectly safe from hackers B. a militarized network segment C. a firewall D. the network segment between the Internet and a private network

QUESTION NO: 337 A DMZ is located: A. right behind your first Internet facing firewall B. right in front of your first Internet facing firewall C. right behind your first network active firewall D. right behind your first network passive Internet http firewall

QUESTION NO: 338 The DMZ does not normally contain: A. encryption server B. web server C. external DNS server D. mail relay

QUESTION NO: 339 Good security is built on which of the following concept? A. The concept of a pass-through device that only allows certain traffic in and out B. The Concept of defense in depth C. The Concept of Preventative controls D. The Concept of Defensive Controls

QUESTION NO: 340 A DMZ is also known as a A. screened subnet B. three legged firewall C. a place to attract hackers D. bastion host

QUESTION NO: 341 The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of: A. Confidentiality, Integrity, and Entity (C.I.E.). B. Confidentiality, Integrity, and Authenticity (C.I.A.). C. Confidentiality, Integrity, and Availability (C.I.A.). D. Confidentiality, Integrity, and Liability (C.I.L.).

QUESTION NO: 342 Network-based Intrusion Detection systems: A. Commonly reside on a discrete network segment and monitor the traffic on that network segment. B. Commonly will not reside on a discrete network segment and monitor the traffic on that network segment. C. Commonly reside on a discrete network segment and does not monitor the traffic on that network segment. D. Commonly reside on a host and and monitor the traffic on that specific host.

QUESTION NO: 343 Which of the following are additional terms used to describe knowledge-based IDS and behaviorbased IDS? A. signature-based IDS and statistical anomaly-based IDS, respectively. B. signature-based IDS and dynamic anomaly-based IDS, respectively. C. anomaly-based IDS and statistical-based IDS, respectively. D. signature-based IDS and motion anomaly-based IDS, respectively.

QUESTION NO: 344 Knowledge-based Intrusion Detection Systems (IDS) are more common than: A. Network-based IDS B. Host-based IDS C. Behavior-based IDS D. Application-Based IDS

QUESTION NO: 345 Which RAID Level often implements a one-for-one disk to disk ratio? A. RAID Level 1 B. RAID Level 0 C. RAID Level 2 D. RAID Level 5

QUESTION NO: 346 Which cable technology refers to the CAT3 and CAT5 categories? A. Coaxial cables B. Fiber Optic cables C. Axial cables D. Twisted Pair cables

QUESTION NO: 347 The older coaxial cable has been widely replaced with twisted pair, which is extremely easy to work with, inexpensive, and also resistant to multiple hosts failure at once, especially when used in one of the following topology: A. Token Passing Configuration. B. Star Configuration. C. Ring Configuration. D. Point to Point Configuration.

QUESTION NO: 348 Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient when properly implemented? A. Token Link. B. Token system. C. Token Ring. D. Duplicate ring.

QUESTION NO: 349 Frame relay uses a public switched network to provide: A. Local Area Network (LAN) connectivity. B. Metropolitan Area Network (MAN) connectivity. C. Wide Area Network (WAN) connectivity. D. World Area Network (WAN) connectivity.

QUESTION NO: 350 Which of the following items is NOT primarily used to ensure integrity? A. Cyclic Redundancy Check (CRC) B. Redundant Array of Inexpensive Disks (RAID) system C. Hashing Algorithms D. The Biba Security model

QUESTION NO: 351 Which of the following is most affected by denial-of-service (DOS) attacks? A. Confidentiality B. Integrity C. Accountability D. Availability

QUESTION NO: 352 Which conceptual approach to intrusion detection system is the most common? A. Behavior-based intrusion detection B. Knowledge-based intrusion detection C. Statistical anomaly-based intrusion detection D. Host-based intrusion detection

QUESTION NO: 353 Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive? A. Pattern Matching (also called signature analysis) B. Anomaly Detection C. Host-based intrusion detection D. Network-based intrusion detection

QUESTION NO: 354 What is the primary purpose of using redundant array of inexpensive disks (RAID) level zero? A. To improve system performance. B. To maximize usage of hard disk space. C. To provide fault tolerance and protection against file server hard disk crashes. D. To implement integrity.

QUESTION NO: 355 Which RAID implementation stripes data and parity at block level across all the drives? A. RAID level 1 B. RAID level 2 C. RAID level 4 D. RAID level 5

QUESTION NO: 356 Which RAID level concept is considered more expensive and is applied to servers to create what is commonly known as server fault tolerance? A. RAID level 0 B. RAID level 1 C. RAID level 2 D. RAID level 5

QUESTION NO: 357 Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged? A. Full backup method B. Incremental backup method C. Fast backup method D. Differential backup method

QUESTION NO: 358 Which backup method does not reset the archive bit on files that are backed up? A. Full backup method B. Incremental backup method C. Differential backup method D. Additive backup method

QUESTION NO: 359 Which of the following is a drawback of fiber optic cables? A. It is affected by electromagnetic interference (EMI). B. It can easily be tapped. C. The expertise needed to install it. D. The limited distance at high speeds.

QUESTION NO: 360 What refers to legitimate users accessing networked services that would normally be restricted to them? A. Spoofing B. Piggybacking C. Eavesdropping D. Logon abuse

QUESTION NO: 361 What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests? A. Ping of death attack B. SYN attack C. Smurf attack D. Buffer overflow attack

QUESTION NO: 362 Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number? A. IP spoofing attack B. SYN flood attack C. TCP sequence number attack D. Smurf attack

QUESTION NO: 363 Which OSI/ISO layer defines how to address the physical devices on the network? A. Session layer B. Data Link layer C. Application layer D. Transport layer

QUESTION NO: 364 Which layer defines how packets are routed between end systems? A. Session layer B. Transport layer C. Network layer D. Data link layer

QUESTION NO: 365 At which of the OSI/ISO model layer is IP implemented? A. Session layer B. Transport layer C. Network layer D. Data link layer

QUESTION NO: 366 Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel? A. Transport layer B. Network layer C. Data link layer D. Physical layer

QUESTION NO: 367 Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of? A. Transport layer B. Network layer C. Data link layer D. Physical layer

QUESTION NO: 368 Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces? A. Transport layer B. Network layer C. Data link layer D. Physical layer

QUESTION NO: 369 How many layers are defined within the US Department of Defense (DoD) TCP/IP Model? A. 7 B. 5 C. 4 D. 3

QUESTION NO: 370 Which layer of the TCP/IP protocol model defines the IP datagram and handles the routing of data across networks? A. Application layer B. Host-to-host transport layer C. Internet layer D. Network access layer

QUESTION NO: 371 Which layer of the TCP/IP protocol model would best correspond to the OSI/ISO model's network layer? A. Network access layer B. Application layer C. Host-to-host transport layer D. Internet layer

QUESTION NO: 372 Which layer of the DoD TCP/IP model controls the communication flow between hosts? A. Internet layer B. Host-to-host transport layer C. Application layer D. Network access layer

QUESTION NO: 373 How many bits compose an IPv6 address? A. 32 bits B. 64 bits C. 96 bits D. 128 bits

QUESTION NO: 374 What protocol is used on the Local Area Network (LAN) to obtain an IP address from it's known MAC address? A. Reverse address resolution protocol (RARP) B. Address resolution protocol (ARP) C. Data link layer D. Network address translation (NAT)

QUESTION NO: 375 Which of the following security-focused protocols has confidentiality services operating at a layer different from the others? A. Secure HTTP (S-HTTP) B. FTP Secure (FTPS) C. Secure socket layer (SSL) D. Sequenced Packet Exchange (SPX)

QUESTION NO: 376 Which of the following is the most secure firewall implementation? A. Dual-homed host firewalls B. Screened-subnet firewalls C. Screened-host firewalls D. Packet-filtering firewalls

QUESTION NO: 377 Which of the following is NOT a VPN communications protocol standard? A. Point-to-point tunnelling protocol (PPTP) B. Challenge Handshake Authentication Protocol (CHAP) C. Layer 2 tunnelling protocol (L2TP) D. IP Security

QUESTION NO: 378 What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at? A. Data link layer B. Transport layer C. Session layer D. Network layer

QUESTION NO: 379 Which of the following statements pertaining to VPN protocol standards is false? A. L2TP is a combination of PPTP and L2F. B. L2TP and PPTP were designed for single point-to-point client to server communication. C. L2TP operates at the network layer. D. PPTP uses native PPP authentication and encryption services.

QUESTION NO: 380 Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet? A. Authentication mode B. Tunnel mode C. Transport mode D. Safe mode

QUESTION NO: 381 Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards? A. Category 5e UTP B. Category 2 UTP C. Category 3 UTP D. Category 1e UTP

QUESTION NO: 382 In which LAN transmission method is a source packet copied and sent to specific multiple destinations but not ALL of the destinations on the network? A. Overcast B. Unicast C. Multicast D. Broadcast

QUESTION NO: 383 Which of the following can prevent hijacking of a web session? A. RSA B. SET C. SSL D. PPP

QUESTION NO: 384 What is defined as the rules for communicating between computers on a Local Area Network (LAN)? A. LAN Media Access methods B. LAN topologies C. LAN transmission methods D. Contention Access Control

QUESTION NO: 385 Which of the following is a LAN transmission method? A. Broadcast B. Carrier-sense multiple access with collision detection (CSMA/CD) C. Token ring D. Fiber Distributed Data Interface (FDDI)

QUESTION NO: 386 In what LAN topology do all the transmissions of the network travel the full length of cable and are received by all other stations? A. Bus topology B. Ring topology C. Star topology D. FDDI topology

QUESTION NO: 387 Which of the following IEEE standards defines the token ring media access method? A. 802.3 B. 802.11 C. 802.5 D. 802.2

QUESTION NO: 388 Which of the following LAN devices only operates at the physical layer of the OSI/ISO model? A. Switch B. Bridge C. Hub D. Router

QUESTION NO: 389 Which of the following technologies has been developed to support TCP/IP networking over lowspeed serial interfaces? A. ISDN B. SLIP C. xDSL D. T1

QUESTION NO: 390 Which xDSL flavour, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance? A. VDSL B. SDSL C. ADSL D. HDSL

QUESTION NO: 391 Which of the following services is provided by S-RPC? A. Availability B. Accountability C. Integrity D. Authentication

QUESTION NO: 392 What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility? A. DS-0 B. DS-1 C. DS-2 D. DS-3

QUESTION NO: 393 Which of the following is the biggest concern with firewall security? A. Internal hackers B. Complex configuration rules leading to misconfiguration C. Buffer overflows D. Distributed denial of service (DDOS) attacks

QUESTION NO: 394 Which of the following is the simplest type of firewall? A. Stateful packet filtering firewall B. Packet filtering firewall C. Dual-homed host firewall D. Application gateway

QUESTION NO: 395 Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit? A. Router B. Multiplexer C. Channel service unit/Data service unit (CSU/DSU) D. Wan switch

QUESTION NO: 396 Which of the following is NOT an advantage that TACACS+ has over TACACS? A. Event logging B. Use of two-factor password authentication C. User has the ability to change his password D. Ability for security tokens to be resynchronized

QUESTION NO: 397 Which of the following remote access authentication systems is the most robust? A. TACACS+ B. RADIUS C. PAP D. TACACS

QUESTION NO: 398 Which of the following is true about link encryption? A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.

QUESTION NO: 399 Which of the following protects Kerberos against replay attacks? A. Tokens B. Passwords C. Cryptography D. Time stamps

QUESTION NO: 400 Which of the following offers security to wireless communications? A. S-WAP B. WTLS C. WSP D. WDP

QUESTION NO: 401 Which of the following offers confidentiality to an e-mail message? A. The sender encrypting it with its private key. B. The sender encrypting it with its public key. C. The sender encrypting it with the receiver's public key. D. The sender encrypting it with the receiver's private key.

QUESTION NO: 402 Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange? A. the Internet. B. the Intranet. C. the extranet. D. the Ethernet.

QUESTION NO: 403 An intranet is an Internet-like logical network that uses: A. a firm's internal, physical network infrastructure. B. a firm's external, physical network infrastructure. C. a firm's external, physical netBIOS infrastructure. D. a firm's internal, physical netBIOS infrastructure.

QUESTION NO: 404 An intranet provides more security and control than which of the following: A. private posting on the Internet. B. public posting on the Ethernet. C. public posting on the Internet. D. public posting on the Extranet.

``` QUESTION NO: 405 Which of the following Common Data Network Services is used to share data files and subdirectories on file servers? A. File services. B. Mail services. C. Print services. D. Client/Server services. ```

QUESTION NO: 406 Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device? A. File services. B. Mail services. C. Print services. D. Client/Server services.

158. Asynchronous Communication transfers data by sending: A. bits of data sequentially B. bits of data sequentially in irregular timing patterns C. bits of data in sync with a heartbeat or clock D. bits of data simultaneously

QUESTION NO: 407 Communications devices must operate: A. at different speeds to communicate. B. at the same speed to communicate. C. at varying speeds to interact. D. at high speed to interact.

QUESTION NO: 408 The basic language of modems and dial-up remote access systems is: A. Asynchronous Communication. B. Synchronous Communication. C. Asynchronous Interaction. D. Synchronous Interaction.

QUESTION NO: 409 Which of the following Common Data Network Services is used to print documents to a shared printer or a print queue/spooler? A. Mail services. B. Print services. C. Client/Server services. D. Domain Name Service.

162 Which of the following Common Data Network Services allocates computing power resources among workstations with some shared resources centralized on a server? A. Print services B. File services C. Client/Server services D. Domain Name Service

QUESTION NO: 410 Domain Name Service is a distributed database system that is used to map: A. Domain Name to IP addresses. B. MAC addresses to domain names. C. MAC Address to IP addresses. D. IP addresses to MAC Addresses.

164. The Domain Name System (DNS) is a global network of: A. servers that provide these Domain Name Services. B. clients that provide these Domain Name Services. C. hosts that provide these Domain Name Services. D. workstations that provide these Domain Name Services.

QUESTION NO: 411 The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to: A. Netware Architecture. B. Network Architecture. C. WAN Architecture. D. Multiprotocol Architecture.

QUESTION NO: 412 Unshielded Twisted Pair cabling is a: A. four-pair wire medium that is used in a variety of networks. B. three-pair wire medium that is used in a variety of networks. C. two-pair wire medium that is used in a variety of networks. D. one-pair wire medium that is used in a variety of networks.

QUESTION NO: 413 In the UTP category rating, the tighter the wind: A. the higher the rating and its resistance against interference and crosstalk. B. the slower the rating and its resistance against interference and attenuation. C. the shorter the rating and its resistance against interference and attenuation. D. the longer the rating and its resistance against interference and attenuation.

QUESTION NO: 414 What works as an E-mail message transfer agent? A. SMTP B. SNMP C. S-RPC D. S/MIME

QUESTION NO: 415 Which of the following statements pertaining to packet switching is incorrect? A. Most data sent today uses digital signals over network employing packet switching. B. Messages are divided into packets. C. All packets from a message travel through the same route. D. Each network node or point examines each packet for routing.

QUESTION NO: 416 All hosts on an IP network have a logical ID called a(n): A. IP address. B. MAC address. C. TCP address. D. Datagram address.

171. An Ethernet address is composed of how many bits? A. 48-bit address B. 32-bit address. C. 64-bit address D. 128-bit address

QUESTION NO: 417 Address Resolution Protocol (ARP) interrogates the network by sending out a? A. broadcast. B. multicast. C. unicast. D. semicast.

QUESTION NO: 418 When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address? A. Address Resolution Protocol (ARP). B. Reverse Address Resolution Protocol (RARP). C. Internet Control Message protocol (ICMP). D. User Datagram Protocol (UDP).

QUESTION NO: 419 Which protocol's primary function is to facilitate file and directory transfer between two machines? A. Telnet. B. File Transfer Protocol (FTP). C. Trivial File Transfer Protocol (TFTP). D. Simple Mail Transfer Protocol (SMTP)

QUESTION NO: 420 What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)? A. It is too complex to manage user access restrictions under TFTP B. Due to the inherent security risks C. It does not offer high level encryption like FTP D. It cannot support the Lightwight Directory Access Protocol (LDAP)

QUESTION NO: 421 Which protocol is used to send email? A. File Transfer Protocol (FTP). B. Post Office Protocol (POP). C. Network File System (NFS). D. Simple Mail Transfer Protocol (SMTP).

QUESTION NO: 422 Which of the following best describes the Secure Electronic Transaction (SET) protocol? A. Originated by VISA and MasterCard as an Internet credit card protocol using Message Authentication Code. B. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures. C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer. D. Originated by VISA and American Express as an Internet credit card protocol using SSL.

QUESTION NO: 423 Which of the following protocols is designed to send individual messages securely? A. Kerberos B. Secure Electronic Transaction (SET). C. Secure Sockets Layer (SSL). D. Secure HTTP (S-HTTP).

QUESTION NO: 424 Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model? A. Application Layer. B. Transport Layer. C. Session Layer. D. Network Layer.

QUESTION NO: 425 Which of the following statements pertaining to IPSec is incorrect? A. IPSec can help in protecting networks from some of the IP network attacks. B. IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication. C. IPSec protects against man-in-the-middle attacks. D. IPSec protects against spoofing.

QUESTION NO: 426 Which of the following is NOT a characteristic or shortcoming of packet filtering gateways? A. The source and destination addresses, protocols, and ports contained in the IP packet header are the only information that is available to the router in making a decision whether or not to permit traffic access to an internal network. B. They don't protect against IP or DNS address spoofing. C. They do not support strong user authentication. D. They are appropriate for medium-risk environment.

QUESTION NO: 427 In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use: A. Screened subnets B. Digital certificates C. An encrypted Virtual Private Network D. Encryption

QUESTION NO: 428 Which of the following protocols does not operate at the data link layer (layer 2)? A. PPP B. RARP C. L2F D. ICMP

QUESTION NO: 429 Which of the following protocols operates at the session layer (layer 5)? A. RPC B. IGMP C. LPD D. SPX

QUESTION NO: 430 Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)? A. Host-to-host layer B. Internet layer C. Network access layer D. Session layer

QUESTION NO: 431 Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control? A. Physical B. Data link C. Network D. Session

QUESTION NO: 432 The Logical Link Control sub-layer is a part of which of the following? A. The ISO/OSI Data Link layer B. The Reference monitor C. The Transport layer of the TCP/IP stack model D. Change management control

QUESTION NO: 433 Which of the following services relies on UDP? A. FTP B. Telnet C. DNS D. SMTP

QUESTION NO: 434 Which of the following is not a common weakness of packet filtering firewalls? A. Vulnerability to denial-of-service and related attacks. B. Vulnerability to IP spoofing. C. Limited logging functionality. D. No support for advanced user authentication schemes.

QUESTION NO: 435 Which Network Address Translation (NAT) is the most convenient and secure solution? A. Hiding Network Address Translation B. Port Address Translation C. Dedicated Address Translation D. Static Address Translation

QUESTION NO: 436 What is the primary difference between FTP and TFTP? A. Speed of negotiation B. Authentication C. Ability to automate D. TFTP is used to transfer configuration files to and from network equipment.

QUESTION NO: 437 Which of the following cable types is limited in length to 185 meters? A. 10BaseT B. RG8 C. RG58 D. 10Base5

QUESTION NO: 438 In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server

QUESTION NO: 439 Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect? A. PPTP allow the tunnelling of any protocols that can be carried within PPP. B. PPTP does not provide strong encryption. C. PPTP does not support any token-based authentication method for users. D. PPTP is derived from L2TP.

QUESTION NO: 440 During the initial stage of configuration of your firewall, which of the following rules appearing in an Internet firewall policy is inappropriate? A. The firewall software shall run on a dedicated computer. B. Appropriate firewall documentation and a copy of the rulebase shall be maintained on offline storage at all times. C. The firewall shall be configured to deny all services not expressly permitted. D. The firewall should be tested online first to validate proper configuration.

QUESTION NO: 441 SMTP can best be described as: A. a host-to-host email protocol. B. an email retrieval protocol. C. a web-based e-mail reading protocol. D. a standard defining the format of e-mail messages.

QUESTION NO: 442 Which of the following is not a security goal for remote access? A. Reliable authentication of users and systems B. Protection of confidential data C. Easy to manage access control to systems and network resources D. Automated login for remote users

QUESTION NO: 443 What attack involves the perpetrator sending spoofed packet(s) wich contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host? A. Boink attack B. Land attack C. Teardrop attack D. Smurf attack

199. Which of the following is NOT a component of IPSec? A. Authentication Header B. Encapsulating Security Payload C. Key Distribution Center D. Internet Key Exchange

QUESTION NO: 444 Which of the following statements pertaining to IPSec is incorrect? A. A security association has to be defined between two IPSec systems in order for bi-directional communication to be established. B. Integrity and authentication for IP datagrams are provided by AH. C. ESP provides for integrity, authentication and encryption to IP datagrams. D. In transport mode, ESP only encrypts the data payload of each packet.

QUESTION NO: 445 Which of the following statements pertaining to packet filtering is incorrect? A. It is based on ACLs. B. It is not application dependent. C. It operates at the network layer. D. It keeps track of the state of a connection.

QUESTION NO: 446 Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit? A. Time-division multiplexing B. Asynchronous time-division multiplexing C. Statistical multiplexing D. Frequency division multiplexing

QUESTION NO: 447 If an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its information system from the Internet: A. It should be host-based and installed on the most critical system in the DMZ, between the external router and the firewall. B. It should be network-based and installed in the DMZ, between the external router and the firewall. C. It should be network-based and installed between the firewall to the DMZ and the intranet. D. It should be host-based and installed between the external router and the Internet.

QUESTION NO: 448 Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions? A. Because infrared eavesdropping requires more sophisticated equipment. B. Because infrared operates only over short distances. C. Because infrared requires direct line-of-sight paths. D. Because infrared operates at extra-low frequencies (ELF).

``` QUESTION NO: 449 Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except: ``` A. Authentication B. Integrity C. Replay resistance and non-repudiations D. Confidentiality

QUESTION NO: 450 In IPSec, if the communication is to be gateway-to-gateway or host-to-gateway: A. Tunnel mode of operation is required B. Only transport mode can be used C. Encapsulating Security Payload (ESP) authentication must be used D. Both tunnel and transport mode can be used

QUESTION NO: 451 Which of the following is NOT true about IPSec Tunnel mode? A. Fundamentally an IP tunnel with encryption and authentication B. Works at the Transport layer of the OSI model C. Have two sets of IP headers D. Established for gateway service

QUESTION NO: 452 Which of the following statements is NOT true of IPSec Transport mode? A. It is required for gateways providing access to internal systems B. Set-up when end-point is host or communications terminates at end-points C. If used in gateway-to-host communication, gateway must act as host D. When ESP is used for the security protocol, the hash is only applied to the upper layer protocols contained in the packet

QUESTION NO: 453 Which of the following statements pertaining to firewalls is incorrect? A. Firewalls create bottlenecks between the internal and external network. B. Firewalls allow for centralization of security services in machines optimized and dedicated to the task. C. Firewalls protect a network at all layers of the OSI models. D. Firewalls are used to create security checkpoints at the boundaries of private networks.

QUESTION NO: 454 Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address? A. IP Spoofing B. IP subnetting C. Port address translation D. IP Distribution

QUESTION NO: 455 At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed? A. Network layer B. Session layer C. Transport layer D. Data link layer

QUESTION NO: 456 Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector? A. Using a TACACS+ server. B. Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall. C. Setting modem ring count to at least 5. D. Only attaching modems to non-networked hosts.

QUESTION NO: 457 Which of the following was designed to support multiple network types over the same serial link? A. Ethernet B. SLIP C. PPP D. PPTP

QUESTION NO: 458 What is an IP routing table? A. A list of IP addresses and corresponding MAC addresses. B. A list of station and network addresses with corresponding gateway IP address. C. A list of host names and corresponding IP addresses. D. A list of current network interfaces on which IP routing is enabled.

QUESTION NO: 459 Which of the following should be allowed through a firewall to easy communication and usage by users? A. RIP B. IGRP C. DNS D. OSPF

QUESTION NO: 460 Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN? A. DHCP B. BootP C. DNS D. ARP

QUESTION NO: 461 What is the greatest danger from DHCP? A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients. B. Having multiple clients on the same LAN having the same IP address. C. Having the wrong router used as the default gateway. D. Having the organization's mail server unreachable.

QUESTION NO: 462 Which of the following allows two computers to coordinate in executing software? A. RSH B. RPC C. NFS D. SNMP

QUESTION NO: 463 Which of the following should NOT normally be allowed through a firewall? A. SNMP B. SMTP C. HTTP D. SSH

QUESTION NO: 464 Which of the following NAT firewall translation modes allows a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts? A. Static translation B. Load balancing translation C. Network redundancy translation D. Dynamic translation

QUESTION NO: 465 Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality? A. Network redundancy translation B. Load balancing translation C. Dynamic translation D. Static translation

QUESTION NO: 466 Which of the following is the primary security feature of a proxy server? A. Virus Detection B. URL blocking C. Route blocking D. Content filtering

QUESTION NO: 467 Which of the following is an advantage of proxies? A. Proxies provide a single point of access, control, and logging. B. Proxies must exist for each service. C. Proxies create a single point of failure. D. Proxies do not protect the base operating system.

QUESTION NO: 468 Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network? A. Inbound packets with Source Routing option set B. Router information exchange protocols C. Inbound packets with an internal address as the source IP address D. Outbound packets with an external destination IP address

QUESTION NO: 469 Why does fiber optic communication technology have significant security advantage over other transmission technology? A. Higher data rates can be transmitted. B. Interception of data traffic is more difficult. C. Traffic analysis is prevented by multiplexing. D. Single and double-bit errors are correctable.

QUESTION NO: 470 Another name for a VPN is a: A. tunnel B. one-time password C. pipeline D. bypass

QUESTION NO: 471 Which one of the following is used to provide authentication and confidentiality for e-mail messages? A. Digital signature B. PGP C. IPSEC AH D. MD4

QUESTION NO: 472 Which of the following media is MOST resistant to EMI interference? A. microwave B. fiber optic C. twisted pair D. coaxial cable

QUESTION NO: 473 Which of the following is NOT a way to secure a wireless network? A. Disable broadcast of SSID within AP`s configuration B. Change AP's default values C. Put the access points (AP) in a location protected by a firewall D. Give AP's descriptive names

QUESTION NO: 474 Behavioral-based systems are also known as? A. Profile-based systems B. Pattern matching systems C. Misuse detective systems D. Rule-based IDS

QUESTION NO: 475 This OSI layer has a service that negotiates transfer syntax and translates data to and from the transfer syntax for users, which may represent data using different syntaxes. At which of the following layers would you find such service? A. Session B. Transport C. Presentation D. Application

QUESTION NO: 476 At which layer of ISO/OSI does the fiber optics work? A. Network layer B. Transport layer C. Data link layer D. Physical layer

QUESTION NO: 477 What is Dumpster Diving? A. Going through dust bin B. Running through another person's garbage for discarded document, information and other various items that could be used against that person or company C. Performing media analysis D. performing forensics on the deleted items

QUESTION NO: 478 You wish to make use of "port knocking" technologies. How can you BEST explain this? A. Port knocking is where the client will attempt to connect to a predefined set of ports to identify him as an authorized client. B. Port knocking is where the user calls the server operator to have him start the service he wants to connect to. C. This is where all the ports are open on the server and the connecting client scans the open port to which he wants to connect to see if it's open and running. D. Port knocking is where the port sequence is encrypted with 3DES and only the server has the other key to decrypt the port sequence.

QUESTION NO: 479 You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the "Urgent Pointer" field of a TCP packet. This is only 16 bits which isn't much but it concerns you because: A. This could be a sign of covert channeling in bank network communications and should be investigated. B. It could be a sign of a damaged network cable causing the issue. C. It could be a symptom of malfunctioning network card or drivers and the source system should be checked for the problem. D. It is normal traffic because sometimes the previous fields 16 bit checksum value can over run into the urgent pointer's 16 bit field causing the condition.

QUESTION NO: 480 What would you call the process that takes advantages of the security provided by a transmission protocol by carrying one protocol over another? A. Piggy Backing B. Steganography C. Tunneling D. Concealing

QUESTION NO: 481 At which OSI layer does SSL reside in? A. Application B. Session C. Transport D. Network

QUESTION NO: 482 What is the BEST answer pertaining to the difference between the Session and Transport layers of the OSI model? A. The Session layer sets up communication between protocols, while the Transport layer sets up connections between computer systems. B. The Transport layer sets up communication between computer systems, while the Session layer sets up connections between applications. C. The Session layer sets up communication between computer systems, while the Transport layer sets up connections between protocols. D. The Transport layer sets up communication between applications, while the Session layer sets up connections between computer systems.

QUESTION NO: 483 Which of the following protocols offers native encryption? A. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP B. IPSEC, SSH, SSL, TFTP C. IPSEC, SSH, SSL, TLS D. IPSEC, SSH, PPTP, SSL, MPLS, and L2TP

QUESTION NO: 484 Of the following, which multiple access method for computer networks does 802.11 Wireless Local Area Network use? A. CSMA/CA B. CSMA/CD C. 802.11 Doesn't support multiple access methods D. 802.11 RTS/CTS Exchange

QUESTION NO: 485 Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer? A. LCL and MAC; IEEE 802.2 and 802.3 B. LCL and MAC; IEEE 802.1 and 802.3 C. Network and MAC; IEEE 802.1 and 802.3 D. LLC and MAC; IEEE 802.2 and 802.3

QUESTION NO: 486 Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings? A. Reverse ARP B. Poisoning ARP cache C. ARP table poisoning D. Reverse ARP table poisoning

QUESTION NO: 487 What is the three way handshake sequence used to initiate TCP connections? A. ACK, SYN/ACK, ACK B. SYN, SYN/ACK, ACK C. SYN, SYN, ACK/ACK D. ACK, SYN/ACK, SYN

QUESTION NO: 488 You are using an open source packet analyzer called Wireshark and are sifting through the various conversations to see if anything appears to be out of order. You are observing a UDP conversation between a host and a router. It was a file transfer between the two on port 69. What protocol was used here to conduct the file transfer? A. TFTP B. SFTP C. FTP D. SCP

QUESTION NO: 489 What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores into an array, the attacker sends a spoofed icmp echo request to each of those addresses in series and starts again. The spoofed IP address used by the attacker as the source of the packets is the target/victim IP address. A. Smurf Attack B. Fraggle Attack C. LAND Attack D. Replay Attack

QUESTION NO: 490 View the image below and identify the attack. ``` Master /|\ -Zombie -Zombie -Zombie -Zombie \|/ ->Victim ``` A. DDoS B. DOS C. TFN D. Reflection Attack

QUESTION NO: 491 How many bits is the address space reserved for the source IP address within an IPv6 header? A. 128 B. 32 C. 64 D. 256

QUESTION NO: 492 Which of the following service is a distributed database that translate host name to IP address to IP address to host name? A. DNS B. FTP C. SSH D. SMTP

QUESTION NO: 493 Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords,etc? A. Smurf attack B. Traffic analysis C. Pharming D. Interrupt attack

QUESTION NO: 494 Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server? A. SSL B. FTP C. SSH D. S/MIME

QUESTION NO: 495 Which one of the following represents an ALE calculation? A. single loss expectancy x annualized rate of occurrence. B. gross loss expectancy x loss frequency. C. actual replacement cost - proceeds of salvage. D. asset value x loss expectancy.

QUESTION NO: 496 The control of communications test equipment should be clearly addressed by security policy for which of the following reasons? A. Test equipment is easily damaged. B. Test equipment can be used to browse information passing on a network. C. Test equipment is difficult to replace if lost or stolen. D. Test equipment must always be available for the maintenance personnel.

QUESTION NO: 497 In discretionary access environments, which of the following entities is authorized to grant information access to other people? A. Manager B. Group Leader C. Security Manager D. Data Owner

QUESTION NO: 498 Which of the following groups represents the leading source of computer crime losses? A. Hackers B. Industrial saboteurs C. Foreign intelligence officers D. Employees

QUESTION NO: 499 Which of the following is the best reason for the use of an automated risk analysis tool? A. Much of the data gathered during the review cannot be reused for subsequent analysis. B. Automated methodologies require minimal training and knowledge of risk analysis. C. Most software tools have user interfaces that are easy to use and does not require any training. D. Information gathering would be minimized and expedited due to the amount of information already built into the tool.

QUESTION NO: 500 Who is ultimately responsible for the security of computer based information systems within an organization? A. The tech support team B. The Operation Team. C. The management team. D. The training team.

QUESTION NO: 501 The major objective of system configuration management is which of the following? A. system maintenance. B. system stability. C. system operations. D. system tracking.

QUESTION NO: 502 Who should measure the effectiveness of Information System security related controls in an organization? A. The local security specialist B. The business manager C. The systems auditor D. The central security manager

QUESTION NO: 503 A deviation from an organization-wide security policy requires which of the following? A. Risk Acceptance B. Risk Assignment C. Risk Reduction D. Risk Containment

QUESTION NO: 504 Which must bear the primary responsibility for determining the level of protection needed for information systems resources? A. IS security specialists B. Senior Management C. Senior security analysts D. systems Auditors

QUESTION NO: 505 Within the realm of IT security, which of the following combinations best defines risk? A. Threat coupled with a breach B. Threat coupled with a vulnerability C. Vulnerability coupled with an attack D. Threat coupled with a breach of security

QUESTION NO: 506 Which of the following is considered the weakest link in a security system? A. People B. Software C. Communications D. Hardware

QUESTION NO: 507 The ISO/IEC 27001:2005 is a standard for: A. Information Security Management System B. Implementation and certification of basic security measures C. Evaluation criteria for the validation of cryptographic algorithms D. Certification of public key infrastructures

QUESTION NO: 508 What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month? ``` A. 100 B. 120 C. 1 D. 1200 ISC CISSP Exam " ```

QUESTION NO: 509 How is Annualized Loss Expectancy (ALE) derived from a threat? A. ARO x (SLE - EF) B. SLE x ARO C. SLE/EF D. AV x EF

QUESTION NO: 510 What does "residual risk" mean? A. The security risk that remains after controls have been implemented B. Weakness of an assets which can be exploited by a threat C. Risk that remains after risk assessment has been performed D. A security risk intrinsic to an asset being audited, where no mitigation has taken place.

QUESTION NO: 511 Preservation of confidentiality within information systems requires that the information is not disclosed to: A. Authorized person B. Unauthorized persons or processes. C. Unauthorized persons. D. Authorized persons and processes

QUESTION NO: 512 Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model? A. Prevention of the modification of information by unauthorized users. B. Prevention of the unauthorized or unintentional modification of information by authorized users. C. Preservation of the internal and external consistency. D. Prevention of the modification of information by authorized users.

QUESTION NO: 513 What is called an event or activity that has the potential to cause harm to the information systems or networks? A. Vulnerability B. Threat agent C. Weakness D. Threat

QUESTION NO: 514 A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called a? A. Vulnerability B. Risk C. Threat D. Overflow

QUESTION NO: 515 What is called the probability that a threat to an information system will materialize? A. Threat B. Risk C. Vulnerability D. Hole

QUESTION NO: 516 Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used? A. preventive, corrective, and administrative B. detective, corrective, and physical C. Physical, technical, and administrative D. Administrative, operational, and logical

QUESTION NO: 517 Which of the following would be best suited to oversee the development of an information security policy? A. System Administrators B. End User C. Security Officers D. Security administrators

QUESTION NO: 518 Which of the following is the MOST important aspect relating to employee termination? A. The details of employee have been removed from active payroll files. B. Company property provided to the employee has been returned. C. User ID and passwords of the employee have been deleted. D. The appropriate company staff are notified about the termination.

QUESTION NO: 519 Making sure that only those who are supposed to access the data can access is which of the following? A. confidentiality. B. capability. C. integrity. D. availability.

QUESTION NO: 520 Related to information security, confidentiality is the opposite of which of the following? A. closure B. disclosure C. disposal D. disaster

QUESTION NO: 521 Related to information security, integrity is the opposite of which of the following? A. abstraction B. alteration C. accreditation D. application

QUESTION NO: 522 Making sure that the data is accessible when and where it is needed is which of the following? A. confidentiality B. integrity C. acceptability D. availability

QUESTION NO: 523 Related to information security, availability is the opposite of which of the following? A. delegation B. distribution C. documentation D. destruction

QUESTION NO: 524 Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following? A. Confidentiality B. Integrity C. Availability D. capability

QUESTION NO: 525 Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following? A. integrity B. confidentiality C. availability D. identity

QUESTION NO: 526 One of these statements about the key elements of a good configuration process is NOT true A. Accommodate the reuse of proven standards and best practices B. Ensure that all requirements remain clear, concise, and valid C. Control modifications to system hardware in order to prevent resource changes D. Ensure changes, standards, and requirements are communicated promptly and precisely

QUESTION NO: 527 Which of the following is NOT an administrative control? A. Logical access control mechanisms B. Screening of personnel C. Development of policies, standards, procedures and guidelines D. Change control procedures

QUESTION NO: 528 Which of the following is NOT a technical control? A. Password and resource management B. Identification and authentication methods C. Monitoring for physical intrusion D. Intrusion Detection Systems

QUESTION NO: 529 Which of the following is BEST defined as a physical control? A. Monitoring of system activity B. Fencing C. Identification and authentication methods D. Logical access control mechanisms

QUESTION NO: 530 Which of the following would NOT violate the Due Diligence concept? A. Security policy being outdated B. Data owners not laying out the foundation of data protection C. Network administrator not taking mandatory two-week vacation as planned D. Latest security patches for servers being installed as per the Patch Management process

QUESTION NO: 531 Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited? A. A threat B. A vulnerability C. A risk D. An exposure

QUESTION NO: 532 Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability? A. A risk B. A residual risk C. An exposure D. A countermeasure

QUESTION NO: 533 Which approach to a security program ensures people responsible for protecting the company's assets are DRIVING the program? A. The Delphi approach B. The top-down approach C. The bottom-up approach D. The technology approach

QUESTION NO: 534 Which of the following is NOT a part of a risk analysis? A. Identify risks B. Quantify the impact of potential threats C. Provide an economic balance between the impact of the risk and the cost of the associated countermeasure D. Choose the best countermeasure

QUESTION NO: 535 How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of the risk? A. Reject the risk B. Perform another risk analysis C. Accept the risk D. Reduce the risk

QUESTION NO: 536 Which of the following is given the responsibility of the maintenance and protection of the data? A. Data owner B. Data custodian C. User D. Security administrator

QUESTION NO: 537 Who should DECIDE how a company should approach security and what security measures should be implemented? A. Senior management B. Data owner C. Auditor D. The information security specialist

QUESTION NO: 538 Which of the following is responsible for MOST of the security issues? A. Outside espionage B. Hackers C. Personnel D. Equipment failure

QUESTION NO: 539 What are the three FUNDAMENTAL principles of security? A. Accountability, confidentiality and integrity B. Confidentiality, integrity and availability C. Integrity, availability and accountability D. Availability, accountability and confidentiality

QUESTION NO: 540 What would BEST define risk management? A. The process of eliminating the risk B. The process of assessing the risks C. The process of reducing risk to an acceptable level D. The process of transferring risk

QUESTION NO: 541 Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment? A. A baseline B. A standard C. A procedure D. A guideline

QUESTION NO: 542 According to private sector data classification levels, how would salary levels and medical information be classified? A. Public. B. Internal Use Only. C. Restricted. D. Confidential.

QUESTION NO: 543 Which of the following would be the best criterion to consider in determining the classification of an information asset? A. Value B. Age C. Useful life D. Personal association

QUESTION NO: 544 Which of the following is not a responsibility of an information (data) owner? A. Determine what level of classification the information requires. B. Periodically review the classification assignments against business needs. C. Delegate the responsibility of data protection to data custodians. D. Running regular backups and periodically testing the validity of the backup data.

QUESTION NO: 545 Which of the following embodies all the detailed actions that personnel are required to follow? A. Standards B. Guidelines C. Procedures D. Baselines

QUESTION NO: 546 Who is responsible for providing reports to the senior management on the effectiveness of the security controls? A. Information systems security professionals B. Data owners C. Data custodians D. Information systems auditors

QUESTION NO: 547 What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%? A. $300,000 B. $150,000 C. $60,000 D. $1,500

C Explanation: The cost of a countermeasure should not be greater in cost than the risk it mitigates (ALE). For a quantitative risk assessment, the equation is ALE = ARO x SLE where the SLE is calculated as the product of asset value x exposure factor. An event that happen once every five years would have an ARO of .2 (1 divided by 5). SLE = Asset Value (AV) x Exposure Fact (EF) SLE = 1,000,000 x .30 = 300,000 ALE = SLE x Annualized Rate of Occurance (ARO) ALE = 300,000 x .2 = 60,000 Know your acronyms: ALE -- Annual loss expectancy ARO -- Annual rate of occurrence SLE -- Single loss expectancy

QUESTION NO: 548 Which of the following statements pertaining to quantitative risk analysis is false? A. Portion of it can be automated B. It involves complex calculations C. It requires a high volume of information D. It requires little experience to apply

QUESTION NO: 549 Which property ensures that only the intended recipient can access the data and nobody else? A. Confidentiality B. Capability C. Integrity D. Availability

QUESTION NO: 550 Making sure that the data has not been changed unintentionally, due to an accident or malice is: A. Integrity. B. Confidentiality. C. Availability. D. Auditability.

QUESTION NO: 551 Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures? A. design, development, publication, coding, and testing. B. design, evaluation, approval, publication, and implementation. C. initiation, evaluation, development, approval, publication, implementation, and maintenance. D. feasibility, development, approval, implementation, and integration.

QUESTION NO: 552 What is the goal of the Maintenance phase in a common development process of a security policy? A. to review the document on the specified review date B. publication within the organization C. to write a proposal to management that states the objectives of the policy D. to present the document to an approving body

QUESTION NO: 553 What is the difference between Advisory and Regulatory security policies? A. there is no difference between them B. regulatory policies are high level policy, while advisory policies are very detailed C. Advisory policies are not mandated. Regulatory policies must be implemented. D. Advisory policies are mandated while Regulatory policies are not

QUESTION NO: 554 In regards to information classification what is the main responsibility of information (data) owner? A. determining the data sensitivity or classification level B. running regular data backups C. audit the data users D. periodically check the validity and accuracy of the data

QUESTION NO: 555 What is the main purpose of Corporate Security Policy? A. To transfer the responsibility for the information security to all users of the organization B. To communicate management's intentions in regards to information security C. To provide detailed steps for performing specific actions D. To provide a common framework for all development activities

QUESTION NO: 556 Which of the following is not a component of a Operations Security "triples"? A. Asset B. Threat C. Vulnerability D. Risk

QUESTION NO: 557 The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)? A. Threat B. Exposure C. Vulnerability D. Risk

QUESTION NO: 558 In the CIA triad, what does the letter A stand for? A. Auditability B. Accountability C. Availability D. Authentication

QUESTION NO: 559 Controls are implemented to: A. eliminate risk and reduce the potential for loss B. mitigate risk and eliminate the potential for loss C. mitigate risk and reduce the potential for loss D. eliminate risk and eliminate the potential for loss

QUESTION NO: 560 What can be described as a measure of the magnitude of loss or impact on the value of an asset? A. Probability B. Exposure factor C. Vulnerability D. Threat

QUESTION NO: 561 Computer security should be first and foremost which of the following: A. Cover all identified risks B. Be cost-effective. C. Be examined in both monetary and non-monetary terms. D. Be proportionate to the value of IT systems.

QUESTION NO: 562 Which of the following best allows risk management results to be used knowledgeably? A. A vulnerability analysis B. A likelihood assessment C. An uncertainty analysis D. A threat identification

QUESTION NO: 563 Who is responsible for initiating corrective measures and capabilities used when there are security violations? A. Information systems auditor B. Security administrator C. Management D. Data owners

QUESTION NO: 564 What can best be defined as high-level statements, beliefs, goals and objectives? A. Standards B. Policies C. Guidelines D. Procedures

QUESTION NO: 565 In an organization, an Information Technology security function should: A. Be a function within the information systems function of an organization. B. Report directly to a specialized business unit such as legal, corporate security or insurance. C. Be lead by a Chief Security Officer and report directly to the CEO. D. Be independent but report to the Information Systems function.

QUESTION NO: 566 IT security measures should: A. Be complex B. Be tailored to meet organizational security goals. C. Make sure that every asset of the organization is well protected. D. Not be developed in a layered fashion.

QUESTION NO: 567 What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment? A. Risk management B. Risk analysis C. Threat analysis D. Due diligence

QUESTION NO: 568 Which of the following is NOT a common integrity goal? A. Prevent unauthorized users from making modifications. B. Maintain internal and external consistency. C. Prevent authorized users from making improper modifications. D. Prevent paths that could lead to inappropriate disclosure.

QUESTION NO: 569 Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? A. Business and functional managers B. IT Security practitioners C. System and information owners D. Chief information officer

QUESTION NO: 570 Which of the following is an advantage of a qualitative over a quantitative risk analysis? A. It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities. B. It provides specific quantifiable measurements of the magnitude of the impacts. C. It makes a cost-benefit analysis of recommended controls easier. D. It can easily be automated.

QUESTION NO: 571 An effective information security policy should not have which of the following characteristic? A. Include separation of duties B. Be designed with a short- to mid-term focus C. Be understandable and supported by all stakeholders D. Specify areas of responsibility and authority

QUESTION NO: 572 Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy? A. Who is involved in establishing the security policy? B. Where is the organization's security policy defined? C. What are the actions that need to be performed in case of a disaster? D. Who is responsible for monitoring compliance to the organization's security policy?

QUESTION NO: 573 The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as? A. Confidentiality B. Availability C. Integrity D. Reliability

QUESTION NO: 574 Which of the following would best classify as a management control? A. Review of security controls B. Personnel security C. Physical and environmental protection D. Documentation

QUESTION NO: 575 What can be defined as an event that could cause harm to the information systems? A. A risk B. A threat C. A vulnerability D. A weakness

QUESTION NO: 576 Which of the following statements pertaining to a security policy is incorrect? A. Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets. B. It specifies how hardware and software should be used throughout the organization. C. It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective. D. It must be flexible to the changing environment.

QUESTION NO: 577 Which of the following best defines add-on security? A. Physical security complementing logical security measures. B. Protection mechanisms implemented as an integral part of an information system. C. Layer security. D. Protection mechanisms implemented after an information system has become operational.

QUESTION NO: 578 The preliminary steps to security planning include all of the following EXCEPT which of the following? A. Establish objectives. B. List planning assumptions. C. Establish a security audit function. D. Determine alternate courses of action

QUESTION NO: 579 Step-by-step instructions used to satisfy control requirements is called a: A. policy B. standard C. guideline D. procedure

QUESTION NO: 580 One purpose of a security awareness program is to modify: A. employee's attitudes and behaviors towards enterprise's security posture B. management's approach towards enterprise's security posture C. attitudes of employees with sensitive data D. corporate attitudes about safeguarding data

QUESTION NO: 581 Whose role is it to assign classification level to information? A. Security Administrator B. User C. Owner D. Auditor

QUESTION NO: 582 Which type of security control is also known as "Logical" control? A. Physical B. Technical C. Administrative D. Risk

QUESTION NO: 583 What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels? A. Object Reuse B. Covert Channel C. Security domain D. Data Transfer

QUESTION NO: 584 The owner of a system should have the confidence that the system will behave according to its specifications. This is termed as : A. Integrity B. Accountability C. Assurance D. Availability

QUESTION NO: 585 Which of the following is best practice to employ in order to reduce the risk of collusion? A. Least Privilege B. Job Rotation C. Seperation of Duties D. Mandatory Vacations

QUESTION NO: 586 Which of the following is not classified as a "Security and Audit Frameworks and Methodologies" A. Bell LaPadula B. Committee of Sponsoring Organizations of the Treadway Commission (COSO) C. IT Infrastructure Library (ITIL) D. Control Objectives for Information and related Technology (COBIT)

QUESTION NO: 587 Which Security and Audit Framework has been adopted by some organizations working towards Sarbanes—Oxley Section 404 compliance? A. Committee of Sponsoring Organizations of the Treadway Commission (COSO) B. BIBA C. National Institute of Standards and Technology Special Publication 800-66 (NIST SP 800-66) D. CCTA Risk Analysis and Management Method (CRAMM)

QUESTION NO: 588 The Widget company decided to take their company public and while they were in the process of doing so had an external auditor come and look at their company. As part of the external audit they brought in an technology expert, who incidentally was a new CISSP. The auditor's expert asked to see their last risk analysis from the technology manager. The technology manager did not get back to him for a few days and then the Chief Financial Officer gave the auditors a 2 page risk assesment that was signed by both the Chief Financial Officer and the Technology Manager. While reviewing it, the auditor noticed that only parts of their financial data were being backed up on site and no where else; the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available. Who owns the risk with regards to the data that is being backed up and where it is stored? A. Only the Chief Financial Officer B. Only the most Senior Management such as the Chief Executive Officer C. Both the Chief Financial Officer and Technology Manager D. Only The Technology Manager

QUESTION NO: 589 Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to certify a product or system. A. EAL, Security Target, Target of Evaluation B. SFR, Protection Profile, Security Target C. Protection Profile, Target of Evaluation, Security Target D. SFR, Security Target, Target of Evaluation

QUESTION NO: 590 What are the four domains that make up CobiT? A. Plan and Organize, Maintain and Implement, Deliver and Support, and Monitor and Evaluate B. Plan and Organize, Acquire and Implement, Support and Purchase, and Monitor and Evaluate C. Acquire and Implement, Deliver and Support, Monitor, and Evaluate D. Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate

QUESTION NO: 591 CobiT was developed from the COSO framework. Which of the choices below best describe the COSO's main objectives and purpose? A. COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization B. COSO main purpose is to define a sound risk management approach within financial companies. C. COSO addresses corporate culture and policy development. D. COSO is risk management system used for the protection of federal systems.

QUESTION NO: 592 Which of the following answers is the BEST example of Risk Transference? A. Insurance B. Results of Cost Benefit Analysis C. Acceptance D. Not hosting the services at all

QUESTION NO: 593 Which of the following answer BEST relates to the type of risk analysis that involves committees, interviews, opinions and subjective input from staff? A. Qualitative Risk Analysis B. Quantitative Risk Analysis C. Interview Approach to Risk Analysis D. Managerial Risk Assessment

QUESTION NO: 594 Regarding risk reduction, which of the following answers is BEST defined by the process of giving only just enough access to information necessary for them to perform their job functions? A. Least Privilege Principle B. Minimum Privilege Principle C. Mandatory Privilege Requirement D. Implicit Information Principle

QUESTION NO: 595 Which term BEST describes a practice used to detect fraud for users or a user by forcing them to be away from the workplace for a while? A. Mandatory Vacations B. Least Privilege Principle C. Obligatory Separation D. Job Rotation

QUESTION NO: 596 Which of the following is a fraud detection method whereby employees are moved from position to position? A. Job Rotation B. Mandatory Rotation C. Mandatory Vacations D. Mandatory Job Duties

QUESTION NO: 597 Which answer BEST describes information access permissions where, unless the user is specifically given access to certain data they are denied any access by default? A. Implicit Deny B. Explicit Deny C. Implied Permissions D. Explicit Permit

QUESTION NO: 598 Which of the following activities would not be included in the contingency planning process phase? A. Prioritization of applications B. Development of test procedures C. Assessment of threat impact on the organization D. Development of recovery scenarios

QUESTION NO: 599 In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated? A. Avoidance B. Acceptance C. Transference D. Mitigation

QUESTION NO: 600 Of the multiple methods of handling risks which we must undertake to carry out business operations, which one involves using controls to reduce the risk? A. Mitigation B. Avoidance C. Acceptance D. Transference

QUESTION NO: 601 There is no way to completely abolish or avoid risks, you can only manage them. A risk free environment does not exist. If you have risks that have been identified, understood and evaluated to be acceptable in order to conduct business operations. What is this this approach to risk management called? A. Risk Acceptance B. Risk Avoidance C. Risk Transference D. Risk Mitigation

QUESTION NO: 602 John is the product manager for an information system. His product has undergone under security review by an IS auditor. John has decided to apply appropriate security controls to reduce the security risks suggested by an IS auditor. Which of the following technique is used by John to treat the identified risk provided by an IS auditor? A. Risk Mitigation B. Risk Acceptance C. Risk Avoidance D. Risk transfer

QUESTION NO: 603 Sam is the security Manager of an financial institute. Senior management has requested he performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. What kind of a strategy should Sam recommend to the senior management to treat these risks? A. Risk Mitigation B. Risk Acceptance C. Risk Avoidance D. Risk transfer

QUESTION NO: 604 Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized? A. Risk Mitigation B. Risk Acceptance C. Risk Avoidance D. Risk transfer

QUESTION NO: 605 Which of the following risk handling technique involves the practice of passing on the risk to another entity, such as an insurance company? A. Risk Mitigation B. Risk Acceptance C. Risk Avoidance D. Risk transfer

QUESTION NO: 606 Which of the following security control is intended to bring environment back to regular operation? A. Deterrent B. Preventive C. Corrective D. Recovery

QUESTION NO: 607 Which of the following is NOT an example of a detective control? A. System Monitor B. IDS C. Monitor detector D. Backup data restore

QUESTION NO: 608 Which type of risk assessment is the formula ALE = ARO x SLE used for? A. Quantitative Analysis B. Qualitative Analysis C. Objective Analysis D. Expected Loss Analysis

QUESTION NO: 609 Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users? A. Confidentiality B. Integrity C. Availability D. Accuracy

QUESTION NO: 610 What does "System Integrity" mean? A. The software of the system has been implemented as designed. B. Users can't tamper with processes they do not own. C. Hardware and firmware have undergone periodic testing to verify that they are functioning properly. D. Design specifications have been verified against the formal top-level specification.

QUESTION NO: 611 In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm. A. virus. B. worm. C. Trojan horse. D. trapdoor.

QUESTION NO: 612 The security of a computer application is most effective and economical in which of the following cases? A. The system is optimized prior to the addition of security. B. The system is procured off-the-shelf. C. The system is customized to meet the specific security threat. D. The system is originally designed to provide the necessary security.

QUESTION NO: 613 Which of the following virus types changes some of its characteristics as it spreads? A. Boot Sector B. Parasitic C. Stealth D. Polymorphic

QUESTION NO: 614 Which of the following is commonly used for retrofitting multilevel security to a database management system? A. trusted front-end. B. trusted back-end. C. controller. D. kernel.

QUESTION NO: 615 Which of the following is an advantage of using a high-level programming language? A. It decreases execution times for programs B. It allows programmers to define syntax C. It requires programmer-controlled storage management D. It enforces coding standards

QUESTION NO: 616 In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? A. The transactions should be dropped from processing. B. The transactions should be processed after the program makes adjustments. C. The transactions should be written to a report and reviewed. D. The transactions should be corrected and reprocessed.

QUESTION NO: 617 Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level? A. System Auditor B. Data or Information Owner C. System Manager D. Data or Information user

QUESTION NO: 618 A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle? A. project initiation and planning phase B. system design specification phase C. development & documentation phase D. acceptance phase

QUESTION NO: 619 Which of the following is often the greatest challenge of distributed computing solutions? A. scalability B. security C. heterogeneity D. usability

QUESTION NO: 620 What is the appropriate role of the security analyst in the application system development or acquisition project? A. policeman B. control evaluator & consultant C. data owner D. application user

QUESTION NO: 621 The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization? A. project initiation and planning phase B. system design specifications phase C. development and documentation phase D. in parallel with every phase throughout the project

QUESTION NO: 622 Operations Security seeks to primarily protect against which of the following? A. object reuse B. facility disaster C. compromising emanations D. asset threats

QUESTION NO: 623 A 'Pseudo flaw' is which of the following? A. An apparent loophole deliberately implanted in an operating system program as a trap for intruders. B. An omission when generating Psuedo-code. C. Used for testing for bounds violations in application programming. D. A normally generated page fault causing the system to halt.

QUESTION NO: 624 With SQL Relational databases where is the actual data stored? A. Views B. Tables C. Schemas and sub-schemas D. Index-sequential tables

QUESTION NO: 625 Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? A. The Software Capability Maturity Model (CMM) B. The Spiral Model C. The Waterfall Model D. Expert Systems Model

QUESTION NO: 626 Which of the following determines that the product developed meets the projects goals? A. verification B. validation C. concurrence D. accuracy

QUESTION NO: 627 Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements? A. Validation B. Verification C. Assessment D. Accuracy

QUESTION NO: 628 Which of the following is one of the oldest and most common problem in software development that is still very prevalent today? A. Buffer Overflow B. Social Engineering C. Code injection for machine language D. Unassembled reversable DOS instructions.

QUESTION NO: 629 Which of the following is NOT true concerning Application Control? A. It limits end users use of applications in such a way that only particular screens are visible. B. Only specific records can be requested through the application controls C. Particular usage of the application can be recorded for audit purposes D. It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved

QUESTION NO: 630 The object-relational and object-oriented models are better suited to managing complex data such as required for which of the following? A. computer-aided development and imaging. B. computer-aided duplexing and imaging. C. computer-aided processing and imaging. D. computer-aided design and imaging.

QUESTION NO: 631 Which of the following is not an element of a relational database model? A. Relations , tuples , attributes and domains B. Data Manipulation Language (DML) on how the data will be accessed and manipulated C. Constraints to determine valid ranges and values D. Security structures called referential validation within tables

QUESTION NO: 632 A persistent collection of interrelated data items can be defined as which of the following? A. database B. database management system C. database security D. database shadowing

QUESTION NO: 633 The description of the database is called a schema. The schema is defined by which of the following? A. Data Control Language (DCL). B. Data Manipulation Language (DML). C. Data Definition Language (DDL). D. Search Query Language (SQL).

QUESTION NO: 634 Which of the following defines the software that maintains and provides access to the database? A. database management system (DBMS) B. relational database management system (RDBMS) C. database identification system (DBIS) D. Interface Definition Language system (IDLS)

QUESTION NO: 635 Which of the following represents a relation, which is the basis of a relational database? A. One-dimensional table B. Two-dimensional table C. Three-dimensional table D. Four-dimensional table

QUESTION NO: 636 Which of the following represents the rows of the table in a relational database? A. attributes B. records or tuples C. record retention D. relation

QUESTION NO: 637 Which of the following can be defined as the set of allowable values that an attribute can take? A. domain of a relation B. domain name service of a relation C. domain analysis of a relation D. domains, in database of a relation

QUESTION NO: 638 Which of the following can be defined as a unique identifier in the table that unambiguously points to an individual tuple or record in the table? A. primary key B. candidate key C. secondary key D. foreign key

QUESTION NO: 639 Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple? A. primary key B. candidate key C. foreign key D. secondary key

QUESTION NO: 640 Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation? A. foreign key B. candidate key C. primary key D. secondary key

QUESTION NO: 641 Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following? A. primary key B. secondary key C. foreign key D. candidate key

QUESTION NO: 642 Matches between which of the following are important because they represent references from one relation to another and establish the connections among these relations? A. foreign key to primary key B. foreign key to candidate key C. candidate key to primary key D. primary key to secondary key

QUESTION NO: 643 A database view is the results of which of the following operations? A. Join and Select. B. Join, Insert, and Project. C. Join, Project, and Create. D. Join, Project, and Select.

QUESTION NO: 644 In regards to the query function of relational database operations, which of the following represent implementation procedures that correspond to each of the low-level operations in the query? A. query plan B. relational plan C. database plan D. structuring plan

QUESTION NO: 645 In regards to relational database operations using the Structure Query Language (SQL), which of the following is a value that can be bound to a placeholder declared within an SQL statement? A. A bind value B. An assimilation value C. A reduction value D. A resolution value

QUESTION NO: 646 Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server? A. Bind variables B. Assimilation variables C. Reduction variables D. Resolution variables

QUESTION NO: 647 Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key? A. Normalization B. Assimilation C. Reduction D. Compaction

QUESTION NO: 648 Normalizing data within a database could includes all or some of the following except which one? A. Eliminate duplicative columns from the same table. B. Eliminates functional dependencies on a partial key by putting the fields in a separate table from those that are dependent on the whole key C. Eliminated Functional dependencies on non-key fields by putting them in a separate table. At this level, all non-key fields are dependent on the primary key. D. Eliminating duplicate key fields by putting them into separate tables.

QUESTION NO: 649 Which of the following is used to create and modify the structure of your tables and other objects in the database? A. SQL Data Definition Language (DDL) B. SQL Data Manipulation Language (DML) C. SQL Data Relational Language (DRL) D. SQL Data Identification Language (DIL)

QUESTION NO: 650 SQL commands do not include which of the following? A. Select, Update B. Grant, Revoke C. Delete, Insert D. Add, Relist

QUESTION NO: 651 Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following database type? A. Object-Oriented Data Bases (OODB) B. Object-Relational Data Bases C. Relational Data Bases D. Data base management systems (DBMS)

QUESTION NO: 652 With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance? A. Object-Oriented Data Bases (OODB) B. Object-Relational Data Bases (ORDB) C. Relational Data Bases D. Data base management systems (DBMS)

QUESTION NO: 653 Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both? A. object-relational database B. object-oriented database C. object-linking database D. object-management database

QUESTION NO: 654 What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple tuples with the same primary keys with each instance distinguished by a security level? A. Data mining B. Polyinstantiation C. Cell suppression D. Noise and perturbation

QUESTION NO: 655 Which of the following translates source code one command at a time for execution on a computer? A. A translator B. An interpreter C. A compiler D. An assembler

QUESTION NO: 656 Which of the following is a Microsoft technology for communication among software components distributed across networked computers? A. DDE B. OLE C. ODBC D. DCOM

QUESTION NO: 657 Which of the following statements relating to Distributed Computing Environment (DCE) is FALSE? A. It is a layer of software that sits on the top of the network layer and provides services to the applications above it. B. It uses a Universal Unique Identifier (UUID) to uniquely identify users, resources and components. C. It provides the same functionality as DCOM, but it is more proprietary than DCOM. D. It is a set of management services with a communication layer based on RPC.

QUESTION NO: 658 Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software? A. Stealth viruses B. Polymorphic viruses C. Trojan horses D. Logic bombs

QUESTION NO: 659 Why would a database be denormalized? A. To ensure data integrity B. To increase processing efficiency C. To prevent duplication of data D. To save storage space

QUESTION NO: 660 Risk analysis is MOST useful when applied during which phase of the system development process? A. Project initiation and Planning B. Functional Requirements definition C. System Design Specification D. Development and Implementation

QUESTION NO: 661 Which of the following would MOST likely ensure that a system development project meets business objectives? A. Development and tests are run by different individuals B. User involvement in system specification and acceptance C. Development of a project plan identifying all development activities D. Strict deadlines and budgets

QUESTION NO: 662 What is RAD? A. A development methodology B. A project management technique C. A measure of system complexity D. Risk-assessment diagramming

QUESTION NO: 663 Which of the following best describes the purpose of debugging programs? A. To generate random data that can be used to test programs before implementing them. B. To ensure that program coding flaws are detected and corrected. C. To protect, during the programming phase, valid changes from being overwritten by other changes. D. To compare source code versions before transferring to the test environment

QUESTION NO: 664 Which of the following would best describe the difference between white-box testing and black-box testing? A. White-box testing is performed by an independent programmer team. B. Black-box testing uses the bottom-up approach. C. White-box testing examines the program internal logical structure. D. Black-box testing involves the business units

QUESTION NO: 665 Which of the following is a not a preventative control? A. Deny programmer access to production data. B. Require change requests to include information about dates, descriptions, cost analysis and anticipated effects. C. Run a source comparison program between control and current source periodically. D. Establish procedures for emergency changes.

QUESTION NO: 666 Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data? A. Test environment using test data. B. Test environment using sanitized live workloads data. C. Production environment using test data. D. Production environment using sanitized live workloads data.

QUESTION NO: 667 Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users? A. Inadequate quality assurance (QA) tools. B. Constantly changing user needs. C. Inadequate user participation in defining the system's requirements. D. Inadequate project management.

QUESTION NO: 668 Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate? A. The project will be completed late. B. The project will exceed the cost estimates. C. The project will be incompatible with existing systems. D. The project will fail to meet business and user needs.

QUESTION NO: 669 Which of the following is an advantage of prototyping? A. Prototype systems can provide significant time and cost savings. B. Change control is often less complicated with prototype systems. C. It ensures that functions or extras are not added to the intended system. D. Strong internal controls are easier to implement.

QUESTION NO: 670 Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis? A. DSS is aimed at solving highly structured problems. B. DSS emphasizes flexibility in the decision making approach of users. C. DSS supports only structured decision-making tasks. D. DSS combines the use of models with non-traditional data access and retrieval functions.

QUESTION NO: 671 Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing? A. Interface errors are detected earlier. B. Errors in critical modules are detected earlier. C. Confidence in the system is achieved earlier. D. Major functions and processing are tested earlier.

QUESTION NO: 672 Which of the following would be the best reason for separating the test and development environments? A. To restrict access to systems under test. B. To control the stability of the test environment. C. To segregate user and development staff. D. To secure access to systems under development.

QUESTION NO: 673 Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit D. Because of insufficient system memory

QUESTION NO: 674 What is called the number of columns in a table? A. Schema B. Relation C. Degree D. Cardinality

QUESTION NO: 675 Which of the following would not correspond to the number of primary keys values found in a table in a relational database? A. Degree B. Number of tuples C. Cardinality D. Number of rows

QUESTION NO: 676 Which of the following represents the best programming? A. Low cohesion, low coupling B. Low cohesion, high coupling C. High cohesion, low coupling D. High cohesion, high coupling

QUESTION NO: 677 Java is not: A. Object-oriented. B. Distributed. C. Architecture Specific. D. Multithreaded.

QUESTION NO: 678 In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. Initiation B. Development/acquisition C. Implementation D. Operation/maintenance

QUESTION NO: 679 Buffer overflow and boundary condition errors are subsets of which of the following? A. Race condition errors. B. Access validation errors. C. Exceptional condition handling errors. D. Input validation errors.

QUESTION NO: 680 Which of the following does not address Database Management Systems (DBMS) Security? A. Perturbation B. Cell suppression C. Padded cells D. Partitioning

QUESTION NO: 681 During which phase of an IT system life cycle are security requirements developed? A. Operation B. Initiation C. Functional design analysis and Planning D. Implementation

QUESTION NO: 682 Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design? A. Development/acquisition B. Implementation C. Initiation D. Maintenance

QUESTION NO: 683 When considering an IT System Development Life-cycle, security should be: A. Mostly considered during the initiation phase. B. Mostly considered during the development phase. C. Treated as an integral part of the overall system design. D. Added once the design is completed.

QUESTION NO: 684 Risk reduction in a system development life-cycle should be applied: A. Mostly to the initiation phase. B. Mostly to the development phase. C. Mostly to the disposal phase. D. Equally to all phases.

QUESTION NO: 685 Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. Development/acquisition B. Implementation C. Operation/Maintenance D. Initiation

QUESTION NO: 686 What can be defined as: It confirms that users’ needs have been met by the supplied solution? A. Accreditation B. Certification C. Assurance D. Acceptance

QUESTION NO: 687 Which of the following statements pertaining to software testing is incorrect? A. Unit testing should be addressed and considered when the modules are being designed. B. Test data should be part of the specifications. C. Testing should be performed with live data to cover all possible situations. D. Test data generators can be used to systematically generate random test data that can be used to test programs.

QUESTION NO: 688 Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors? A. Unit testing B. Pilot testing C. Regression testing D. Parallel testing

QUESTION NO: 689 Which of the following statements pertaining to software testing approaches is correct? A. A bottom-up approach allows interface errors to be detected earlier. B. A top-down approach allows errors in critical modules to be detected earlier. C. The test plan and results should be retained as part of the system's permanent documentation. D. Black box testing is predicated on a close examination of procedural detail.

QUESTION NO: 690 Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems? A. Recovery testing B. Security testing C. Stress/volume testing D. Interface testing

QUESTION NO: 691 Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence? A. Implementation B. System feasibility C. Product design D. Software plans and requirements

QUESTION NO: 692 Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options? A. Detailed design B. Implementation C. Product design D. Software plans and requirements

QUESTION NO: 693 In a database management system (DBMS), what is the "cardinality?" A. The number of rows in a relation. B. The number of columns in a relation. C. The set of allowable values that an attribute can take. D. The number of relations in a database.

QUESTION NO: 694 At which of the basic phases of the System Development Life Cycle are security requirements formalized? A. Disposal B. System Design Specifications C. Development and Implementation D. Functional Requirements Definition

QUESTION NO: 695 Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product? A. Estimating the cost of the changes requested B. Recreating and analyzing the problem C. Determining the interface that is presented to the user D. Establishing the priorities of requests

QUESTION NO: 696 Sensitivity labels are an example of what application control type? A. Preventive security controls B. Detective security controls C. Compensating administrative controls D. Preventive accuracy controls

QUESTION NO: 697 What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity? A. Polyinstantiation B. Inference C. Aggregation D. Data mining

QUESTION NO: 698 Which expert system operating mode allows determining if a given hypothesis is valid? A. Blackboard B. Lateral chaining C. Forward chaining D. Backward chaining

QUESTION NO: 699 Why does compiled code pose more of a security risk than interpreted code? A. Because malicious code can be embedded in compiled code and be difficult to detect. B. If the executed compiled code fails, there is a chance it will fail insecurely. C. Because compilers are not reliable. D. There is no risk difference between interpreted code and compiled code.

QUESTION NO: 700 Which of the following is not a defined maturity level within the Software Capability Maturity Model? A. Repeatable B. Defined C. Managed D. Oriented

QUESTION NO: 701 Which software development model is actually a meta-model that incorporates a number of the software development models? A. The Waterfall model B. The modified Waterfall model C. The Spiral model D. The Critical Path Model (CPM)

QUESTION NO: 702 Which of the following is used in database information security to hide information? A. Inheritance B. Polyinstantiation C. Polymorphism D. Delegation

QUESTION NO: 703 Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated? A. The Total Quality Model (TQM) B. The IDEAL Model C. The Software Capability Maturity Model D. The Spiral Model

QUESTION NO: 704 Which of the following characteristics pertaining to databases is not true? A. A data model should exist and all entities should have a significant name. B. Justifications must exist for normalized data. C. No NULLs should be allowed for primary keys. D. All relations must have a specific cardinality.

QUESTION NO: 705 Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it? A. Aggregation B. Inference C. Clustering D. Collision

QUESTION NO: 706 At what stage of the applications development process should the security department become involved? A. Prior to the implementation B. Prior to systems testing C. During unit testing D. During requirements development

QUESTION NO: 707 What is one disadvantage of content-dependent protection of information? A. It increases processing overhead. B. It requires additional password entry. C. It exposes the system to data locking. D. It limits the user's individual address space.

QUESTION NO: 708 In what way could Java applets pose a security threat? A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet by removing SSL and S-HTTP B. Java interpreters do not provide the ability to limit system access that an applet could have on a client system. C. Executables from the Internet may attempt an intentional attack when they are downloaded on a client system. D. Java does not check the bytecode at runtime or provide other safety mechanisms for program isolation from the client system.

QUESTION NO: 709 A system file that has been patched numerous times becomes infected with a virus. The anti-virus software warns that disinfecting the file may damage it. What course of action should be taken? A. Replace the file with the original version from master media B. Proceed with automated disinfection C. Research the virus to see if it is benign D. Restore an uninfected version of the patched file from backup media

QUESTION NO: 710 For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos. An unscrupulous fruit shipper, the "Association of Private Fuit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples? A. *-Property and Polymorphism B. Strong *-Property and Polyinstantiation C. Simple Security Property and Polymorphism D. Simple Security Property and Polyinstantiation

QUESTION NO: 711 A shared resource matrix is a technique commonly used to locate: A. Malicious code B. Security flaws C. Trap doors D. Covert channels

QUESTION NO: 712 What is NOT included in a data dictionary? A. Data Element Definitions B. Schema Objects C. Reference Keys D. Structured Query Language

QUESTION NO: 713 In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained? A. Functional Requirements Phase B. Testing and evaluation control C. Acceptance Phase D. Postinstallation Phase

QUESTION NO: 714 Java follows which security model: A. least priviledge B. Sand box C. CIA D. OSI

QUESTION NO: 715 What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels? A. Object Reuse B. Covert Channel C. Security domain D. Data Transfer

QUESTION NO: 716 Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and useful patterns in data. This is an evolving field of study that includes a variety of automated analysis solutions such as Data Mining. Which of the following is not an approach used by KDD? A. Probabilistic B. Oriented C. Deviation D. Classification

QUESTION NO: 717 Business rules can be enforced within a database through the use of A. Proxy B. Redundancy C. Views D. Authentication

QUESTION NO: 718 What is the BEST definition of SQL injection. A. SQL injection is a database problem. B. SQL injection is a web Server problem. C. SQL injection is a windows and Linux website problem that could be corrected by applying a website vendors patch. D. SQL injection is an input validation problem.

QUESTION NO: 719 What allows a relation to contain multiple rows with a same primary key? A. RDBMS B. Polymorphism C. Polyinstantiation D. It is not possible

QUESTION NO: 720 The Open Web Application Security Project (OWASP) Top Ten list of risks during the past several years. The following items have been on the list for many year. What of the choices below represent threats that have been at the top of the list for many years? A. Cross Site Scripting and Dynamic Unicode injection attacks B. SQL injection and Cross Site Scripting attacks C. SQL Injection and Weak Authentication and Session Management attacks D. Cross Site Scripting and Security Misconfigurations attacks

QUESTION NO: 721 Which one of the following is NOT a check for Input or Information Accuracy in Software Development security? A. Review check B. Range Check C. Relationship Check D. Reasonableness check

QUESTION NO: 722 What would you call an attack where an attacker can influence the state of the resource between check and use? This attack can happen with shared resources such as files, memory, or even variables in multithreaded programs. This can cause the software to perform invalid actions when the resource is in an unexpected state. The steps followed by this attack are usually the following: the software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. A. TOCTOU attack B. Input checking attack C. Time of Check attack D. Time of Use attack

QUESTION NO: 723 A virus is a program that can replicate itself on a system but not necessarily spread itself by network connections. What is malware that can spread itself over open network connections? A. Worm B. Rootkit C. Adware D. Logic Bomb

QUESTION NO: 724 Debbie from finance called to tell you that she downloaded and installed a free wallpaper program that sets the wallpaper on her computer to match the current weather outside but now her computer runs slowly and the disk drive activity light is always on. You take a closer look and when you do a simple port scan to see which ports are open on her computer, you notice that TCP/80 is open. You point a web browser at her computer's IP Address and port and see a site selling prescription drugs. Apart from the wallpaper changing software, what did Debbie ... from finance install without her knowledge? A. Trojan horse B. Network mobile code C. Virus D. Logic Bomb

QUESTION NO: 725 Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks? A. Web Applications B. Intrusion Detection Systems C. Firewalls D. DNS Servers

QUESTION NO: 726 Examine the following characteristics and identify which answer best indicates the likely cause of this behavior: - Core operating system files are hidden - Backdoor access for attackers to return - Permissions changing on key files - A suspicious device driver - Encryption applied to certain files without explanation - Logfiles being wiped A. Kernel-mode Rootkit B. User-mode Rootkit C. Malware D. Kernel-mode Badware

QUESTION NO: 727 Which of the following attack includes social engineering, link manipulation or web site forgery techniques? A. smurf attack B. Traffic analysis C. Phishing D. Interrupt attack

QUESTION NO: 728 Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees? A. smurf attack B. Traffic analysis C. Phishing D. Interrupt attack

QUESTION NO: 729 Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)? A. Initial, Managed, Defined, Quantitatively managed, optimized B. Initial, Managed, Defined, optimized, Quantitatively managed C. Initial, Defined, Managed, Quantitatively managed, optimized D. Initial, Managed, Quantitatively managed, Defined, optimized

QUESTION NO: 730 Which of the following is true about Kerberos? A. It utilizes public key cryptography. B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text. C. It depends upon symmetric ciphers. D. It is a second party authentication system.

QUESTION NO: 731 The RSA algorithm is an example of what type of cryptography? A. Asymmetric Key. B. Symmetric Key. C. Secret Key. D. Private Key.

QUESTION NO: 732 Kerberos depends upon what encryption method? A. Public Key cryptography. B. Secret Key cryptography. C. El Gamal cryptography. D. Blowfish cryptography.

QUESTION NO: 733 The DES algorithm is an example of what type of cryptography? A. Secret Key B. Two-key C. Asymmetric Key D. Public Key

QUESTION NO: 734 Which of the following encryption methods is known to be unbreakable? A. Symmetric ciphers. B. DES codebooks. C. One-time pads. D. Elliptic Curve Cryptography.

QUESTION NO: 735 What algorithm was DES derived from? A. Twofish. B. Skipjack. C. Brooks-Aldeman. D. Lucifer.

QUESTION NO: 736 What is a characteristic of using the Electronic Code Book mode of DES encryption? A. A given block of plaintext and a given key will always produce the same ciphertext. B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext. C. Individual characters are encoded by combining output from earlier encryption routines with plaintext. D. The previous DES output is used as input.

QUESTION NO: 737 Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean? A. Use of public key encryption to secure a secret key, and message encryption using the secret key. B. Use of the recipient's public key for encryption and decryption based on the recipient's private key. C. Use of software encryption assisted by a hardware encryption accelerator. D. Use of elliptic curve encryption.

QUESTION NO: 738 Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent. The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that: A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use. B. The channels through which the information flows are secure. C. The recipient's identity can be positively verified by the sender. D. The sender of the message is the only other person with access to the recipient's private key.

QUESTION NO: 739 Which of the following DoD Model layer provides non-repudiation services? A. network layer. B. application layer. C. transport layer. D. data link layer.

QUESTION NO: 740 Which of the following statements is true about data encryption as a method of protecting data? A. It should sometimes be used for password files B. It is usually easily administered C. It makes few demands on system resources D. It requires careful key management

QUESTION NO: 741 Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms? A. Rivest, Shamir, Adleman (RSA) B. El Gamal C. Elliptic Curve Cryptography (ECC) D. Advanced Encryption Standard (AES)

QUESTION NO: 742 How many bits is the effective length of the key of the Data Encryption Standard algorithm? A. 168 B. 128 C. 56 D. 64

QUESTION NO: 743 The primary purpose for using one-way hashing of user passwords within a password file is which of the following? A. It prevents an unauthorized person from trying multiple passwords in one logon attempt. B. It prevents an unauthorized person from reading the password. C. It minimizes the amount of storage required for user passwords. D. It minimizes the amount of processing time used for encrypting passwords.

QUESTION NO: 744 Which of the following issues is not addressed by digital signatures? A. nonrepudiation B. authentication C. data integrity D. denial-of-service

QUESTION NO: 745 Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack? A. The use of good key generators. B. The use of session keys. C. Nothing can defend you against a brute force crypto key attack. D. Algorithms that are immune to brute force key attacks.

QUESTION NO: 746 The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics? A. 64 bits of data input results in 56 bits of encrypted output B. 128 bit key with 8 bits used for parity C. 64 bit blocks with a 64 bit total key length D. 56 bits of data input results in 56 bits of encrypted output

QUESTION NO: 747 PGP uses which of the following to encrypt data? A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate

QUESTION NO: 748 A public key algorithm that does both encryption and digital signature is which of the following? A. RSA B. DES C. IDEA D. Diffie-Hellman

QUESTION NO: 749 Which of the following is NOT true of Secure Sockets Layer (SSL)? A. By convention it uses 's-http://' instead of 'http://'. B. Is the predecessor to the Transport Layer Security (TLS) protocol. C. It was developed by Netscape. D. It is used for transmitting private information, data, and documents over the Internet.

QUESTION NO: 750 There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? A. public keys B. private keys C. public-key certificates D. private-key certificates

QUESTION NO: 751 Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard? A. Twofish B. Serpent C. RC6 D. Rijndael

QUESTION NO: 752 Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)? A. It has been mathematically proved to be more secure. B. It has been mathematically proved to be less secure. C. It is believed to require longer key for equivalent security. D. It is believed to require shorter keys for equivalent security.

QUESTION NO: 753 What are the three most important functions that Digital Signatures perform? A. Integrity, Confidentiality and Authorization B. Integrity, Authentication and Nonrepudiation C. Authorization, Authentication and Nonrepudiation D. Authorization, Detection and Accountability

QUESTION NO: 754 Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec? A. Authentication Header (AH) B. Encapsulating Security Payload (ESP) C. Secure Sockets Layer (SSL) D. Secure Shell (SSH-2)

QUESTION NO: 755 Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet? A. Secure Electronic Transaction (SET) B. MONDEX C. Secure Shell (SSH-2) D. Secure Hypertext Transfer Protocol (S-HTTP)

QUESTION NO: 756 Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext? A. known plaintext B. brute force C. ciphertext only D. chosen plaintext

QUESTION NO: 757 Which of the following is NOT a true statement regarding the implementaton of the 3DES modes? A. DES-EEE1 uses one key B. DES-EEE2 uses two keys C. DES-EEE3 uses three keys D. DES-EDE2 uses two keys

QUESTION NO: 758 Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography. A. RSA B. PKI C. Diffie_Hellmann D. 3DES

QUESTION NO: 759 Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on? A. Caesar B. The Jefferson disks C. Enigma D. SIGABA

QUESTION NO: 760 In a known plaintext attack, the cryptanalyst has knowledge of which of the following? A. the ciphertext and the key B. the plaintext and the secret key C. both the plaintext and the associated ciphertext of several messages D. the plaintext and the algorithm

QUESTION NO: 761 What is the length of an MD5 message digest? A. 128 bits B. 160 bits C. 256 bits D. varies depending upon the message size.

QUESTION NO: 762 The Secure Hash Algorithm (SHA-1) creates: A. a fixed length message digest from a fixed length input message B. a variable length message digest from a variable length input message C. a fixed length message digest from a variable length input message D. a variable length message digest from a fixed length input message

QUESTION NO: 763 The RSA Algorithm uses which mathematical concept as the basis of its encryption? A. Geometry B. 16-round ciphers C. PI (3.14159...) D. Two large prime numbers

QUESTION NO: 764 The Clipper Chip utilizes which concept in public key cryptography? A. Substitution B. Key Escrow C. An undefined algorithm D. Super strong encryption

QUESTION NO: 765 Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model? A. S/MIME and SSH B. TLS and SSL C. IPsec and L2TP D. PKCS#10 and X.509

QUESTION NO: 766 What is the role of IKE within the IPsec protocol? A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service

QUESTION NO: 767 In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? A. Pre Initialization Phase B. Phase 1 C. Phase 2 D. No peer authentication is performed

QUESTION NO: 768 What is NOT an authentication method within IKE and IPsec? A. CHAP B. Pre shared key C. certificate based authentication D. Public key authentication

QUESTION NO: 769 What is NOT true with pre shared key authentication within IKE / IPsec protocol? A. Pre shared key authentication is normally based on simple passwords B. Needs a Public Key Infrastructure (PKI) to work C. IKE is used to setup Security Associations D. IKE builds upon the Oakley protocol and the ISAKMP protocol.

QUESTION NO: 770 In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term? A. Subordinate CA B. Top Level CA C. Big CA D. Master CA

QUESTION NO: 771 What is the primary role of cross certification? A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certificates by CA certificate revocation

QUESTION NO: 772 What kind of encryption is realized in the S/MIME-standard? A. Asymmetric encryption scheme B. Password based encryption scheme C. Public key based, hybrid encryption scheme D. Elliptic curve based encryption

QUESTION NO: 773 What is the main problem of the renewal of a root CA certificate? A. It requires key recovery of all end user keys B. It requires the authentic distribution of the new root CA certificate to all PKI participants C. It requires the collection of the old root CA certificates from all the users D. It requires issuance of the new root CA certificate

QUESTION NO: 774 Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is: A. Not possible B. Only possible with key recovery scheme of all user keys C. It is possible only if X509 Version 3 certificates are used D. It is possible only by "brute force" decryption

QUESTION NO: 775 What attribute is included in a X.509-certificate? A. Distinguished name of the subject B. Telephone number of the department C. secret key of the issuing CA D. the key pair of the certificate holder

QUESTION NO: 776 Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA? A. PKCS #17799 B. PKCS-RSA C. PKCS#1 D. PKCS#11

QUESTION NO: 777 What is the primary role of smartcards in a PKI? A. Transparent renewal of user keys B. Easy distribution of the certificates between the users C. Fast hardware encryption of the raw data D. Tamper resistant, mobile storage and application of private keys of the users

QUESTION NO: 778 What kind of certificate is used to validate a user identity? A. Public key certificate B. Attribute certificate C. Root certificate D. Code signing certificate

QUESTION NO: 779 What does the directive of the European Union on Electronic Signatures deal with? A. Encryption of classified data B. Encryption of secret data C. Non repudiation D. Authentication of web servers

QUESTION NO: 780 A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following? A. encrypting messages B. signing messages C. verifying signed messages D. decrypt encrypted messages

QUESTION NO: 781 Which of the following would best describe certificate path validation? A. Verification of the validity of all certificates of the certificate chain to the root certificate B. Verification of the integrity of the associated root certificate C. Verification of the integrity of the concerned private key D. Verification of the revocation status of the concerned certificate

QUESTION NO: 782 FIPS-140 is a standard for the security of which of the following? A. Cryptographic service providers B. Smartcards C. Hardware and software cryptographic modules D. Hardware security modules

QUESTION NO: 783 Which of the following can best define the "revocation request grace period"? A. The period of time allotted within which the user must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation request and the publication of the revocation information

QUESTION NO: 784 Which is NOT a suitable method for distributing certificate revocation information? A. CA revocation mailing list B. Delta CRL C. OCSP (online certificate status protocol) D. Distribution point CRL

QUESTION NO: 785 Which of the following is true about digital certificate? A. It is the same as digital signature proving Integrity and Authenticity of the data B. Electronic credential proving that the person the certificate was issued to is who they claim to be C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user. D. Can't contain geography data such as country for example.

QUESTION NO: 786 What kind of Encryption technology does SSL utilize? A. Secret or Symmetric key B. Hybrid (both Symmetric and Asymmetric) C. Public Key D. Private key

QUESTION NO: 787 What is the name of a one way transformation of a string of characters into a usually shorter fixed length value or key that represents the original string? Such a transformation cannot be reversed? A. One-way hash B. DES C. Transposition D. Substitution

QUESTION NO: 788 Which of the following is NOT an asymmetric key algorithm? A. RSA B. Elliptic Curve Cryptosystem (ECC) C. El Gamal D. Data Encryption System (DES)

QUESTION NO: 789 Which of the following is NOT a symmetric key algorithm? A. Blowfish B. Digital Signature Standard (DSS) C. Triple DES (3DES) D. RC5

QUESTION NO: 790 Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of factoring large numbers? A. El Gamal B. Elliptic Curve Cryptosystems (ECCs) C. RSA D. International Data Encryption Algorithm (IDEA)

QUESTION NO: 791 The Diffie-Hellman algorithm is primarily used to provide which of the following? A. Confidentiality B. Key Agreement C. Integrity D. Non-repudiation

QUESTION NO: 792 Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank? A. SSH ( Secure Shell) B. S/MIME (Secure MIME) C. SET (Secure Electronic Transaction) D. SSL (Secure Sockets Layer)

QUESTION NO: 793 Which of the following algorithms does NOT provide hashing? A. SHA-1 B. MD2 C. RC4 D. MD5

QUESTION NO: 794 In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process? A. Known-plaintext attack B. Ciphertext-only attack C. Chosen-Ciphertext attack D. Plaintext-only attack

QUESTION NO: 795 Which encryption algorithm is BEST suited for communication with handheld wireless devices? A. ECC (Elliptic Curve Cryptosystem) B. RSA C. SHA D. RC4

QUESTION NO: 796 Which of the following keys has the SHORTEST lifespan? A. Secret key B. Public key C. Session key D. Private key

QUESTION NO: 797 What is the RESULT of a hash algorithm being applied to a message? A. A digital signature B. A ciphertext C. A message digest D. A plaintext

QUESTION NO: 798 Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. message non-repudiation. B. message confidentiality. C. message interleave checking. D. message integrity.

QUESTION NO: 799 Which of the following services is NOT provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signature D. Authentication

QUESTION NO: 800 What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? A. Key collision B. Key clustering C. Hashing D. Ciphertext collision

QUESTION NO: 801 Which of the following is true about link encryption? A. Each entity has a common key with the destination node. B. Encrypted messages are only decrypted by the final node. C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised. D. Only secure nodes are used in this type of transmission.

QUESTION NO: 802 What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition? A. Running key cipher B. One-time pad C. Steganography D. Cipher block chaining

QUESTION NO: 803 What can be defined as secret communications where the very existence of the message is hidden? A. Clustering B. Steganography C. Cryptology D. Vernam cipher

QUESTION NO: 804 What is the maximum number of different keys that can be used when encrypting with Triple DES? A. 1 B. 2 C. 3 D. 4

QUESTION NO: 805 What algorithm has been selected as the AES algorithm, replacing the DES algorithm? A. RC6 B. Twofish C. Rijndael D. Blowfish

QUESTION NO: 806 Which of the following is a symmetric encryption algorithm? A. RSA B. Elliptic Curve C. RC5 D. El Gamal

QUESTION NO: 807 Which of the following is NOT a property of the Rijndael block cipher algorithm? A. The key sizes must be a multiple of 32 bits B. Maximum block size is 256 bits C. Maximum key size is 512 bits D. The key size does not have to match the block size

QUESTION NO: 808 Which of the following is not a property of the Rijndael block cipher algorithm? A. It employs a round transformation that is comprised of three layers of distinct and invertible transformations. B. It is suited for high speed chips with no area restrictions. C. It operates on 64-bit plaintext blocks and uses a 128 bit key. D. It could be used on a smart card.

QUESTION NO: 809 What is the maximum allowable key size of the Rijndael encryption algorithm? A. 128 bits B. 192 bits C. 256 bits D. 512 bits

QUESTION NO: 810 Which of the following algorithms is used today for encryption in PGP? A. RSA B. IDEA C. Blowfish D. RC5

QUESTION NO: 811 Which of the following protects Kerberos against replay attacks? A. Tokens B. Passwords C. Cryptography D. Time stamps

QUESTION NO: 812 What is the name for a substitution cipher that shifts the alphabet by 13 places? A. Caesar cipher B. Polyalphabetic cipher C. ROT13 cipher D. Transposition cipher

QUESTION NO: 813 Which of the following standards concerns digital certificates? A. X.400 B. X.25 C. X.509 D. X.75

QUESTION NO: 814 Which of the following offers security to wireless communications? A. S-WAP B. WTLS C. WSP D. WDP

QUESTION NO: 815 What is the effective key size of DES? A. 56 bits B. 64 bits C. 128 bits D. 1024 bits

QUESTION NO: 816 Which of the following offers confidentiality to an e-mail message? A. The sender encrypting it with its private key. B. The sender encrypting it with its public key. C. The sender encrypting it with the receiver's public key. D. The sender encrypting it with the receiver's private key.

QUESTION NO: 817 Which of the following is not a DES mode of operation? A. Cipher block chaining B. Electronic code book C. Input feedback D. Cipher feedback

QUESTION NO: 818 What size is an MD5 message digest (hash)? A. 128 bits B. 160 bits C. 256 bits D. 128 bytes

QUESTION NO: 819 Which of the following service is not provided by a public key infrastructure (PKI)? A. Access control B. Integrity C. Authentication D. Reliability

QUESTION NO: 820 In a Public Key Infrastructure, how are public keys published? A. They are sent via e-mail. B. Through digital certificates. C. They are sent by owners. D. They are not published.

QUESTION NO: 821 What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as “what each must bring” and joined together when getting access or decrypting a file. Each of which does not reveal the other? A. Dual control B. Separation of duties C. Split knowledge D. Need to know

QUESTION NO: 822 What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database? A. Level 1/Class 1 B. Level 2/Class 2 C. Level 3/Class 3 D. Level 4/Class 4

QUESTION NO: 823 Which of the following statements pertaining to stream ciphers is correct? A. A stream cipher is a type of asymmetric encryption algorithm. B. A stream cipher generates what is called a keystream. C. A stream cipher is slower than a block cipher. D. A stream cipher is not appropriate for hardware-based encryption.

QUESTION NO: 824 Which of the following statements pertaining to block ciphers is incorrect? A. It operates on fixed-size blocks of plaintext. B. It is more suitable for software than hardware implementations. C. Plain text is encrypted with a public key and decrypted with a private key. D. Some Block ciphers can operate internally as a stream.

QUESTION NO: 825 Cryptography does NOT help in: A. Detecting fraudulent insertion. B. Detecting fraudulent deletion. C. Detecting fraudulent modification. D. Detecting fraudulent disclosure.

QUESTION NO: 826 What is used to bind a document to its creation at a particular time? A. Network Time Protocol (NTP) B. Digital Signature C. Digital Timestamp D. Certification Authority (CA)

QUESTION NO: 827 Which of the following is best at defeating frequency analysis? A. Substitution cipher B. Polyalphabetic cipher C. Transposition cipher D. Ceasar Cipher

QUESTION NO: 828 A code, as is pertains to cryptography: A. Is a generic term for encryption. B. Is specific to substitution ciphers. C. Deals with linguistic units. D. Is specific to transposition ciphers.

QUESTION NO: 829 Which of the following is the most secure form of triple-DES encryption? A. DES-EDE3 B. DES-EDE1 C. DES-EEE4 D. DES-EDE2

QUESTION NO: 830 Which of the following is NOT a known type of Message Authentication Code (MAC)? A. Keyed-hash message authentication code (HMAC) B. DES-CBC C. Signature-based MAC (SMAC) D. Universal Hashing Based MAC (UMAC)

QUESTION NO: 831 What is the maximum key size for the RC5 algorithm? A. 128 bits B. 256 bits C. 1024 bits D. 2040 bits

QUESTION NO: 832 Which of the following algorithms is a stream cipher? A. RC2 B. RC4 C. RC5 D. RC6

QUESTION NO: 833 In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server

QUESTION NO: 834 Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect? A. PPTP allow the tunnelling of any protocols that can be carried within PPP. B. PPTP does not provide strong encryption. C. PPTP does not support any token-based authentication method for users. D. PPTP is derived from L2TP.

QUESTION NO: 835 Which of the following is less likely to be used today in creating a Virtual Private Network? A. L2TP B. PPTP C. IPSec D. L2F

QUESTION NO: 836 Which of the following was not designed to be a proprietary encryption algorithm? A. RC2 B. RC4 C. Blowfish D. Skipjack

QUESTION NO: 837 Which of the following is not an encryption algorithm? A. Skipjack B. SHA-1 C. Twofish D. DEA

QUESTION NO: 838 What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits

QUESTION NO: 839 Which of the following would best describe a Concealment cipher? A. Permutation is used, meaning that letters are scrambled. B. Every X number of words within a text, is a part of the real message. C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks. D. Hiding data in another message so that the very existence of the data is concealed.

QUESTION NO: 840 Which of the following is best provided by symmetric cryptography? A. Confidentiality B. Integrity C. Availability D. Non-repudiation

QUESTION NO: 841 Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers? A. Provides Limited security services B. Has no built in Key distribution C. Speed D. Large number of keys are needed

QUESTION NO: 842 Which of the following is more suitable for a hardware implementation? A. Stream ciphers B. Block ciphers C. Cipher block chaining D. Electronic code book

QUESTION NO: 843 How many rounds are used by DES? A. 16 B. 32 C. 64 D. 48

QUESTION NO: 844 What is the key size of the International Data Encryption Algorithm (IDEA)? A. 64 bits B. 128 bits C. 160 bits D. 192 bits

QUESTION NO: 845 Which of the following is not an example of a block cipher? A. Skipjack B. IDEA C. Blowfish D. RC4

QUESTION NO: 846 The Diffie-Hellman algorithm is used for: A. Encryption B. Digital signature C. Key agreement D. Non-repudiation

QUESTION NO: 847 A one-way hash provides which of the following? A. Confidentiality B. Availability C. Integrity D. Authentication

QUESTION NO: 848 Which of the following is not a one-way hashing algorithm? A. MD2 B. RC4 C. SHA-1 D. HAVAL

QUESTION NO: 849 Which of the following statements pertaining to key management is incorrect? A. The more a key is used, the shorter its lifetime should be. B. When not using the full keyspace, the key should be extremely random. C. Keys should be backed up or escrowed in case of emergencies. D. A key's lifetime should correspond with the sensitivity of the data it is protecting.

QUESTION NO: 850 Which of the following statements pertaining to link encryption is false? A. It encrypts all the data along a specific communication path. B. It provides protection against packet sniffers and eavesdroppers. C. Information stays encrypted from one end of its journey to the other. D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.

QUESTION NO: 851 Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network? A. S-Telnet B. SSL C. Rlogin D. SSH

QUESTION NO: 852 Cryptography does not concern itself with which of the following choices? A. Availability B. Integrity C. Confidentiality D. Validation

QUESTION NO: 853 Which of the following does NOT concern itself with key management? A. Internet Security Association Key Management Protocol (ISAKMP) B. Diffie-Hellman (DH) C. Cryptology (CRYPTO) D. Key Exchange Algorithm (KEA)

QUESTION NO: 854 Which of the following encryption algorithms does not deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve

QUESTION NO: 855 Which of the following statements pertaining to message digests is incorrect? A. The original file cannot be created from the message digest. B. Two different files should not have the same message digest. C. The message digest should be calculated using at least 128 bytes of the file. D. Messages digests are usually of fixed size.

``` QUESTION NO: 856 Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? ``` A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack

QUESTION NO: 857 Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)

QUESTION NO: 858 Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)

QUESTION NO: 859 Which of the following statements pertaining to Secure Sockets Layer (SSL) is false? A. The SSL protocol was developed by Netscape to secure Internet client-server transactions. B. The SSL protocol's primary use is to authenticate the client to the server using public key cryptography and digital certificates. C. Web pages using the SSL protocol start with HTTPS D. SSL can be used with applications such as Telnet, FTP and email protocols.

QUESTION NO: 860 What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)? A. Internet Key Exchange (IKE) B. Secure Key Exchange Mechanism C. Oakley D. Internet Security Association and Key Management Protocol

QUESTION NO: 861 Which of the following binds a subject name to a public key value? A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate

QUESTION NO: 862 What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a publickey certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate

QUESTION NO: 863 What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list

QUESTION NO: 864 Who vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority

QUESTION NO: 865 What enables users to validate each other's certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certification authorities D. Root certification authorities

QUESTION NO: 866 Which of the following would best define a digital envelope? A. A message that is encrypted and signed with a digital certificate. B. A message that is signed with a secret key and encrypted with the sender's private key. C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver. D. A message that is encrypted with the recipient's public key and signed with the sender's private key.

QUESTION NO: 867 What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature

QUESTION NO: 868 Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature

QUESTION NO: 869 Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism? A. OAKLEY B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. IPsec Key exchange (IKE)

QUESTION NO: 870 Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY

QUESTION NO: 871 Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations? A. Internet Key exchange (IKE) B. Security Association Authentication Protocol (SAAP) C. Simple Key-management for Internet Protocols (SKIP) D. Key Exchange Algorithm (KEA)

QUESTION NO: 872 Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis? A. Internet Security Association and Key Management Protocol (ISAKMP) B. Simple Key-management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key exchange (IKE)

QUESTION NO: 873 Which of the following can best be defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that that only certain third parties can perform the decryption operation to retrieve the stored key? A. Key escrow B. Fair cryptography C. Key encapsulation D. Zero-knowledge recovery

QUESTION NO: 874 Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs? A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack

QUESTION NO: 875 Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest. C. It converts a message of arbitrary length into a message digest of a fixed length. D. Given a digest value, it is computationally infeasible to find the corresponding message.

QUESTION NO: 876 The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. 4 B. 16 C. 54 D. 64

QUESTION NO: 877 Which of the following statements is most accurate regarding a digital signature? A. It is a method used to encrypt confidential data. B. It is the art of transferring handwritten signature to electronic media. C. It allows the recipient of data to prove the source and integrity of data. D. It can be used as a signature system and a cryptosystem.

QUESTION NO: 878 The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields

QUESTION NO: 879 Which of the following concerning the Rijndael block cipher algorithm is false? A. The design of Rijndael was strongly influenced by the design of the block cipher Square. B. A total of 25 combinations of key length and block length are possible C. Both block size and key length can be extended to multiples of 64 bits. D. The cipher has a variable block length and key length.

QUESTION NO: 880 This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I? A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack

QUESTION NO: 881 What is NOT true about a one-way hashing function? A. It provides authentication of the message B. A hash cannot be reverse to get the message used to create the hash C. The results of a one-way hash is a message digest D. It provides integrity of the message

QUESTION NO: 882 You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by: A. Having the sender encrypt the message with his private key. B. Having the sender encrypt the hash with his private key. C. Having the sender encrypt the message with his symmetric key. D. Having the sender encrypt the hash with his public key.

QUESTION NO: 883 Which key agreement scheme uses implicit signatures ? A. MQV B. DH C. ECC D. RSA

QUESTION NO: 884 While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most? A. Key session exchange B. Packet Header Source or Destination address C. VPN cryptographic key size D. Crypotographic algorithm used

QUESTION NO: 885 Which of the following protocols offers native encryption? A. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP B. IPSEC, SSH, SSL, TFTP C. IPSEC, SSH, SSL, TLS D. IPSEC, SSH, PPTP, SSL, MPLS, and L2TP

QUESTION NO: 886 What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)? A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates. B. The OCSP (Online Certificate Status Protocol) is a propietary certifcate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard. C. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorites D. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate Authorites.

QUESTION NO: 887 Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic? A. SSL or TLS B. 802.1X C. ARP Cache Security D. SSH - Secure Shell

QUESTION NO: 888 What type of key would you find within a browser's list of trusted root CA? A. Private key B. Symmetric key C. Recovery key D. Public key

QUESTION NO: 889 In a PKI infrastructure where are list of revoked certificates stored? A. CRL B. Registration Authority C. Recovery Agent D. Key escrow

QUESTION NO: 890 The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following? A. K(N – 1)/ 2 B. N(K – 1)/ 2 C. K(N + 1)/ 2 D. N(N – 1)/ 2

D Explanation: The formula is: Total number of users multiplied by total number of users minus 1, the results are then divided by 2) When using symmetric algorithms, the sender and receiver use the same key for encryption and decryption functions. Each pair of users who want to exchange data using symmetric key encryption must have two instances of the same key. This means that if Dan and Iqqi want to communicate, both need to obtain a copy of the same key. If Dan also wants to communicate using symmetric encryption with Norm and Dave, he needs to have three separate keys, one for each friend. This might not sound like a big deal until Dan realizes that he may communicate with hundreds of people over a period of several months, and keeping track and using the correct key that corresponds to each specific receiver can become a daunting task. If ten people needed to communicate securely with each other using symmetric keys, then 45 keys would need to be kept track of. If 100 people were going to communicate, then 4,950 keys would be involved. The equation used to calculate the number of symmetric keys needed is N(N – 1)/ 2 = number of keys ISC CISSP Exam "Pass Any Exam. Any Time." - www.actualtests.com 848 The following answers are incorrect: K(N – 1)/ 2 N(K – 1)/ 2 K(N + 1)/ 2 The following reference(s) were/was used to create this question: Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 782). McGraw-Hill. Kindle Edition.

QUESTION NO: 891 In which mode of DES, a block of plaintext and a key will always give the same ciphertext? A. Electronic Code Book (ECB) B. Output Feedback (OFB) C. Counter Mode (CTR) D. Cipher Feedback (CFB)

QUESTION NO: 892 Which of the following modes of DES is MOST Likely used for Database Encryption A. Electronic Code Book(ECB) B. Cipher Block Chaining(CBC) C. Cipher Feedback(CFB) D. Output Feedback(OFB)

QUESTION NO: 893 which of the following is a Hashing Algorithm? A. SHA B. RSA C. Diffie Hellman(DH) D. Elliptic Curve Cryptography(ECC)

QUESTION NO: 894 Complete the following sentence. A digital signature is a ____ A. hash value that has been encrypted with the senders private key B. hash value that has been encrypted with the senders public key C. hash value that has been encrypted with the senders Session key D. it is senders signature signed and scanned in a digital format

QUESTION NO: 895 which of the following example is NOT an asymmetric key algorithms? A. Elliptic curve cryptosystem(ECC) B. Diffie-Hellman C. Advanced Encryption Standard(AES) D. Merkle-Hellman Knapsack

QUESTION NO: 896 Complete the following sentence. A message can be encrypted, which provides __________ A. Confidentiality B. Non-Repudiation C. Authentication D. Integrity

QUESTION NO: 897 A message can be encrypted and digitally signed, which provides _______________ A. Confidentiality, Authentication, Non-repudiation, and Integrity. B. Confidentiality and Authentication C. Confidentiality and Non-repudiation D. Confidentiality and Integrity.

QUESTION NO: 898 Public key infrastructure(PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. This infrastructure is based upon which of the following Standard? A. X.509 B. X.500 C. X.400 D. X.25

QUESTION NO: 899 What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. A. Trusted Platform Module (TPM) B. Trusted BIOS Module (TBM) C. Central Processing Unit (CPU) D. Arithmetic Logical Unit (ALU)

QUESTION NO: 900 Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID Card that she uses to digitally sign and encrypt emails in the PKI. What happens to the certificates contained on the smart card after the security officer takes appropriate action? A. They are added to the CRL B. They are reissued to the user C. New certificates are issued to the user D. The user may no longer have certificates

QUESTION NO: 901 You are an information systems security officer at a mid-sized business and are called upon to investigate a threat conveyed in an email from one employee to another. You gather the evidence from both the email server transaction logs and from the computers of the two individuals involved in the incident and prepare an executive summary. You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn't send the email in question. What concept of PKI - Public Key Infrastructure will implicate the sender? A. Non-repudiation B. The digital signature of the recipient C. Authentication D. Integrity

QUESTION NO: 902 When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this: 0101 0001 Plain text 0111 0011 Key stream 0010 0010 Output What is this cryptographic operation called? A. Exclusive-OR B. Bit Swapping C. Logical-NOR D. Decryption

QUESTION NO: 903 Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part? A. One Time Pad (OTP) B. One time Cryptopad (OTC) C. Cryptanalysis D. Pretty Good Privacy (PGP)

QUESTION NO: 904 Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? A. Steganography B. ADS - Alternate Data Streams C. Encryption D. NTFS ADS

QUESTION NO: 905 Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? A. Symmetric Key Cryptography B. PKI - Public Key Infrastructure C. Diffie-Hellman D. DSS - Digital Signature Standard

QUESTION NO: 906 Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key. A. Private / Public B. Public / Private C. Symmetric / Asymmetric D. Private / Symmetric

QUESTION NO: 907 Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender? A. Message Authentication Code - MAC B. PAM - Pluggable Authentication Module C. NAM - Negative Acknowledgement Message D. Digital Signature Certificate

QUESTION NO: 908 Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer? A. TPM - Trusted Platform Module B. TPM - Trusted Procedure Module C. Smart Card D. Enigma Machine

QUESTION NO: 909 There are basic goals of Cryptography. Which of the following most benefits from the process of encryption? A. Confidentiality B. Authentication C. Integrity D. Non-Repudiation

QUESTION NO: 910 Readable is to unreadable just as plain text is to _____? A. Cipher Text B. Encryption C. Unplain Text D. Digitally Signed

QUESTION NO: 911 In Mandatory Access Control, sensitivity labels attached to object contain what information? A. The item's classification B. The item's classification and category set C. The item's category D. The items's need to know

QUESTION NO: 912 The Orange Book describes four hierarchical levels to categorize security systems. Which of the following levels require mandatory protection? A. A and B. B. B and C. C. A, B, and C. D. B and D.

QUESTION NO: 913 What mechanism does a system use to compare the security labels of a subject and an object? A. Validation Module. B. Reference Monitor. C. Clearance Check. D. Security Module.

QUESTION NO: 914 What are the components of an object's sensitivity label? A. A Classification Set and a single Compartment. B. A single classification and a single compartment. C. A Classification Set and user credentials. D. A single classification and a Compartment Set.

QUESTION NO: 915 What does it mean to say that sensitivity labels are "incomparable"? A. The number of classification in the two labels is different. B. Neither label contains all the classifications of the other. C. the number of categories in the two labels are different. D. Neither label contains all the categories of the other.

QUESTION NO: 916 As per the Orange Book, what are two types of system assurance? A. Operational Assurance and Architectural Assurance. B. Design Assurance and Implementation Assurance. C. Architectural Assurance and Implementation Assurance. D. Operational Assurance and Life-Cycle Assurance.

QUESTION NO: 917 The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels? A. C1 and above. B. C2 and above. C. B1 and above. D. B2 and above.

QUESTION NO: 918 Which of the following are required for Life-Cycle Assurance? A. System Architecture and Design specification. B. Security Testing and Covert Channel Analysis. C. Security Testing and Trusted distribution. D. Configuration Management and Trusted Facility Management.

QUESTION NO: 919 Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean? A. System functions are layered, and none of the functions in a given layer can access data outside that layer. B. Auditing processes and their memory addresses cannot be accessed by user processes. C. Only security processes are allowed to write to ring zero memory. D. It is a form of strong encryption cipher.

QUESTION NO: 920 The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for: A. Security Testing. B. Design Verification. C. System Integrity. D. System Architecture Specification.

QUESTION NO: 921 Which of the following can be used as a covert channel? A. Storage and timing. B. Storage and low bits. C. Storage and permissions. D. Storage and classification.

QUESTION NO: 922 Covert Channel Analysis is first introduced at what level of the TCSEC rating? A. C2 and above. B. B1 and above. C. B2 and above. D. B3 and above.

QUESTION NO: 923 At what Orange Book evaluation levels are design specification and verification first required? A. C1 and above. B. C2 and above. C. B1 and above. D. B2 and above.

QUESTION NO: 924 Configuration Management controls what? A. Auditing of changes to the Trusted Computing Base. B. Control of changes to the Trusted Computing Base. C. Changes in the configuration access to the Trusted Computing Base. D. Auditing and controlling any changes to the Trusted Computing Base.

QUESTION NO: 925 At which of the Orange Book evaluation levels is configuration management required? A. C1 and above. B. C2 and above. C. B1 and above. D. B2 and above.

QUESTION NO: 926 What is the purpose of Trusted Distribution? A. To ensure that messages sent from a central office to remote locations are free from tampering. B. To prevent the sniffing of data as it travels through an untrusted network enroute to a trusted network. C. To ensure that the Trusted Computing Base is not tampered with during shipment or installation. D. To ensure that messages received at the Trusted Computing Base are not old messages being resent as part of a replay attack.

QUESTION NO: 927 Which Orange Book evaluation level is described as "Verified Design"? A. A1. B. B3. C. B2. D. B1.

QUESTION NO: 928 Which Orange Book evaluation level is described as "Structured Protection"? A. A1 B. B3 C. B2 D. B1

QUESTION NO: 929 Who developed one of the first mathematical models of a multilevel-security computer system? A. Diffie and Hellman. B. Clark and Wilson. C. Bell and LaPadula. D. Gasser and Lipner.

QUESTION NO: 930 If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Data leakage through covert channels. D. Denial of service through a deadly embrace.

QUESTION NO: 931 The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address? A. integrity and confidentiality. B. confidentiality and availability. C. integrity and availability. D. none of the above.

QUESTION NO: 932 An Architecture where there are more than two execution domains or privilege levels is called: A. Ring Architecture. B. Ring Layering C. Network Environment. D. Security Models

QUESTION NO: 933 Which of the following components are considered part of the Trusted Computing Base? A. trusted hardware and firmware B. trusted hardware and software C. trusted hardware, software and firmware D. trusted computer operators and system managers

QUESTION NO: 934 Which of the following places the Orange Book classifications in order from most secure to least secure? A. A, B, C, D B. D, C, B, A C. D, B, A, C D. C, D, B, A

QUESTION NO: 935 The Orange Book is founded upon which security policy model? A. The Biba Model B. The Bell LaPadula Model C. Clark-Wilson Model D. TEMPEST

QUESTION NO: 936 Which of the following is NOT a basic component of security architecture? A. Motherboard B. Central Processing Unit (CPU C. Storage Devices D. Peripherals (input/output devices)

QUESTION NO: 937 Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles? A. B2 B. B1 C. A1 D. A2

QUESTION NO: 938 In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified. Such a model can be used to quickly summarize what permissions a subject has for various system objects. A. Access Control Matrix model B. Take-Grant model C. Bell-LaPadula model D. Biba model

QUESTION NO: 939 In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place? A. Bell-LaPadula model B. Biba model C. Access Matrix model D. Take-Grant model

QUESTION NO: 940 Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection? A. B B. A C. C D. D

QUESTION NO: 941 Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection? A. C B. B C. A D. D

QUESTION NO: 942 Which of the following division is defined in the TCSEC (Orange Book) as minimal protection? A. Division D B. Division C C. Division B D. Division A

QUESTION NO: 943 Which of the following establishes the minimal national standards for certifying and accrediting national security systems? A. NIACAP B. DIACAP C. HIPAA D. TCSEC

QUESTION NO: 944 Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense? A. TCSEC B. ITSEC C. DIACAP D. NIACAP

QUESTION NO: 945 Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions? A. pipelining B. complex-instruction-set-computer (CISC) C. reduced-instruction-set-computer (RISC) D. multitasking

QUESTION NO: 946 Which of the following describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time? A. Very-Long Instruction-Word Processor (VLIW) B. Complex-Instruction-Set-Computer (CISC) C. Reduced-Instruction-Set-Computer (RISC) D. Super Scalar Processor Architecture (SCPA)

QUESTION NO: 947 Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location? A. direct addressing B. Indirect addressing C. implied addressing D. indexed addressing

QUESTION NO: 948 The steps of an access control model should follow which logical flow: A. Authorization, Identification, authentication B. Identification, accountability, authorization C. Identification, authentication, authorization D. Authentication, Authorization, Identification

QUESTION NO: 949 Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing. Which of following assure the Target of Evaluation (or TOE) is methodically designed, tested and reviewed? A. EAL 3 B. EAL 4 C. EAL 5 D. EAL 6

QUESTION NO: 950 Attributable data should be: A. always traced to individuals responsible for observing and recording the data B. sometimes traced to individuals responsible for observing and recording the data C. never traced to individuals responsible for observing and recording the data D. often traced to individuals responsible for observing and recording the data

QUESTION NO: 951 If an internal database holds a number of printers in every department and this equals the total number of printers for the whole organization recorded elsewhere in the database, it is an example of: A. External consistency of the information system. B. Differential consistency of the information system. C. Internal consistency of the information system. D. Referential consistency of the information system.

QUESTION NO: 952 What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values? A. Mandatory model B. Discretionary model C. Lattice model D. Rule model

QUESTION NO: 953 Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used)? A. A subject is not allowed to read up. B. The *- property restriction can be escaped by temporarily downgrading a high level subject. C. A subject is not allowed to read down. D. It is restricted to confidentiality.

QUESTION NO: 954 What would BEST define a covert channel? A. An undocumented backdoor that has been left by a programmer in an operating system B. An open system port that should be closed. C. A communication channel that allows transfer of information in a manner that violates the system's security policy. D. A trojan horse.

QUESTION NO: 955 Which of the following statements relating to the Biba security model is FALSE? A. It is a state machine model. B. A subject is not allowed to write up. C. Integrity levels are assigned to subjects and objects. D. Programs serve as an intermediate layer between subjects and objects.

QUESTION NO: 956 Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)? A. The National Computer Security Center (NCSC) B. The National Institute of Standards and Technology (NIST) C. The National Security Agency (NSA) D. The American National Standards Institute (ANSI)

QUESTION NO: 957 Why do buffer overflows happen? What is the main cause? A. Because buffers can only hold so much data B. Because of improper parameter checking within the application C. Because they are an easy weakness to exploit D. Because of insufficient system memory

QUESTION NO: 958 Which of the following choices describe a condition when RAM and Secondary storage are used together? A. Primary storage B. Secondary storage C. Virtual storage D. Real storage

QUESTION NO: 959 Which of the following statements pertaining to protection rings is false? A. They provide strict boundaries and definitions on what the processes that work within each ring can access. B. Programs operating in inner rings are usually referred to as existing in a privileged mode. C. They support the CIA triad requirements of multitasking operating systems. D. They provide users with a direct access to peripherals

QUESTION NO: 960 What is it called when a computer uses more than one CPU in parallel to execute instructions? A. Multiprocessing B. Multitasking C. Multithreading D. Parallel running

QUESTION NO: 961 Which of the following statements pertaining to the trusted computing base (TCB) is false? A. Its enforcement of security policy is independent of parameters supplied by system administrators. B. It is defined in the Orange Book. C. It includes hardware, firmware and software. D. A higher TCB rating will require that details of their testing procedures and documentation be reviewed with more granularity.

QUESTION NO: 962 What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access? A. The Reference Monitor B. The Security Kernel C. The Trusted Computing Base D. The Security Domain

QUESTION NO: 963 Which of the following is not a method to protect objects and the data within the objects? A. Layering B. Data mining C. Abstraction D. Data hiding

QUESTION NO: 964 What is the main focus of the Bell-LaPadula security model? A. Accountability B. Integrity C. Confidentiality D. Availability

QUESTION NO: 965 Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property? A. It allows "read up." B. It addresses covert channels. C. It addresses management of access controls. D. It allows "write up."

``` QUESTION NO: 966 Which security model introduces access to objects only through programs? A. The Biba model B. The Bell-LaPadula model C. The Clark-Wilson model D. The information flow model ```

QUESTION NO: 967 Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? A. The Bell-LaPadula model B. The information flow model C. The noninterference model D. The Clark-Wilson model

QUESTION NO: 968 Which of the following security models does NOT concern itself with the flow of data? A. The information flow model B. The Biba model C. The Bell-LaPadula model D. The noninterference model

QUESTION NO: 969 Which of the following Orange Book ratings represents the highest level of trust? A. B1 B. B2 C. F6 D. C2

QUESTION NO: 970 What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions? A. A B. D C. E D. F

QUESTION NO: 971 Which Orange book security rating introduces the object reuse protection? A. C1 B. C2 C. B1 D. B2

QUESTION NO: 972 Which Orange book security rating introduces security labels? A. C2 B. B1 C. B2 D. B3

QUESTION NO: 973 Which Orange book security rating is the FIRST to be concerned with covert channels? A. A1 B. B3 C. B2 D. B1

QUESTION NO: 974 What is called the formal acceptance of the adequacy of a system's overall security by the management? A. Certification B. Acceptance C. Accreditation D. Evaluation

QUESTION NO: 975 Which division of the Orange Book deals with discretionary protection (need-to-know)? A. D B. C C. B D. A

QUESTION NO: 976 What does the Clark-Wilson security model focus on? A. Confidentiality B. Integrity C. Accountability D. Availability

QUESTION NO: 977 What does the simple security (ss) property mean in the Bell-LaPadula model? A. No read up B. No write down C. No read down D. No write up

QUESTION NO: 978 What does the * (star) property mean in the Bell-LaPadula model? A. No write up B. No read up C. No write down D. No read down

QUESTION NO: 979 What does the * (star) integrity axiom mean in the Biba model? A. No read up B. No write down C. No read down D. No write up

QUESTION NO: 980 What does the simple integrity axiom mean in the Biba model? A. No write down B. No read down C. No read up D. No write up

QUESTION NO: 981 What is the Biba security model concerned with? A. Confidentiality B. Reliability C. Availability D. Integrity

QUESTION NO: 982 Which security model uses division of operations into different parts and requires different users to perform each part? A. Bell-LaPadula model B. Biba model C. Clark-Wilson model D. Non-interference model

QUESTION NO: 983 A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)? A. Covert channel B. Overt channel C. Opened channel D. Closed channel

QUESTION NO: 984 What can best be described as a domain of trust that shares a single security policy and single management? A. The reference monitor B. A security domain C. The security kernel D. The security perimeter

QUESTION NO: 985 Which of the following describes a technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind? A. Multitasking B. Multiprogramming C. Pipelining D. Multiprocessing

QUESTION NO: 986 Who first described the DoD multilevel military security policy in abstract, formal terms? A. David Bell and Leonard LaPadula B. Rivest, Shamir and Adleman C. Whitfield Diffie and Martin Hellman D. David Clark and David Wilson

QUESTION NO: 987 Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle? A. Pipelining B. Reduced Instruction Set Computers (RISC) C. Complex Instruction Set Computers (CISC) D. Scalar processors

QUESTION NO: 988 What is used to protect programs from all unauthorized modification or executional interference? A. A protection domain B. A security perimeter C. Security labels D. Abstraction

QUESTION NO: 989 What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it? A. A fail safe system B. A fail soft system C. A fault-tolerant system D. A failover system

QUESTION NO: 990 Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? A. The Take-Grant model B. The Biba integrity model C. The Clark Wilson integrity model D. The Bell-LaPadula integrity model

QUESTION NO: 991 What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept? A. The reference monitor B. Protection rings C. A security kernel D. A protection domain

QUESTION NO: 992 According to the Orange Book, which security level is the first to require a system to protect against covert timing channels? A. A1 B. B3 C. B2 D. B1

QUESTION NO: 993 According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles? A. A1 B. B1 C. B2 D. B3

QUESTION NO: 994 In the Bell-LaPadula model, the Star-property is also called: A. The simple security property B. The confidentiality property C. The confinement property D. The tranquility property

QUESTION NO: 995 Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards? A. Certification B. Declaration C. Audit D. Accreditation

QUESTION NO: 996 Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system? A. Fail proof B. Fail soft C. Fail safe D. Fail Over

QUESTION NO: 997 The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept: A. The reference monitor. B. Discretionary Access Control. C. The Security Kernel. D. Mandatory Access Control.

QUESTION NO: 998 What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A. Clark and Wilson Model B. Harrison-Ruzzo-Ullman Model C. Rivest and Shamir Model D. Bell-LaPadula Model

QUESTION NO: 999 Which of the following models does NOT include data integrity or conflict of interest? A. Biba B. Clark-Wilson C. Bell-LaPadula D. Brewer-Nash

QUESTION NO: 1000 Which of the following describes a logical form of separation used by secure computing systems? A. Processes use different levels of security for input and output devices. B. Processes are constrained so that each cannot access objects outside its permitted domain. C. Processes conceal data and computations to inhibit access by outside processes. D. Processes are granted access based on granularity of controlled objects.

QUESTION NO: 1001 What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Denial of service through a deadly embrace. D. Data leakage through covert channels.

QUESTION NO: 1002 In access control terms, the word "dominate" refers to which of the following? A. Higher or equal to access class B. Rights are superceded C. Valid need-to-know with read privileges D. A higher clearance level than other users

QUESTION NO: 1003 The biggest difference between System High Security Mode and Dedicated Security Mode is: A. The clearance required B. Object classification C. Subjects cannot access all objects D. Need-to-know

QUESTION NO: 1004 For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos. An unscrupulous fruit shipper, the "Association of Private Fruit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples? A. *-Property and Polymorphism B. Strong *-Property and Polyinstantiation C. Simple Security Property and Polymorphism D. Simple Security Property and Polyinstantiation

QUESTION NO: 1005 What is a trusted shell? A. It means that someone who is working in that shell cannot "bust out of it", and other processes cannot "bust into it". B. It means that it is a communications channel between the user, or program, and the kernel. C. It means that someone working in that shell can communicate with someone else in another trusted shell. D. It means that it won't let processes overwrite other processes' data.

QUESTION NO: 1006 Which security model uses an access control triple and also require separation of duty? A. DAC B. Lattice C. Clark-Wilson D. Bell-LaPadula

QUESTION NO: 1007 You have been approached by one of your clients . They are interested in doing some security reengineering . The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications . Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional , which model would you recommend to the client? A. Information Flow Model combined with Bell Lapadula B. Bell Lapadula C. Biba D. Information Flow Model

QUESTION NO: 1008 Which of the following security models introduced the idea of mutual exclusivity which generates dynamically changing permissions? A. Biba B. Brewer & Nash C. Graham-Denning D. Clark-Wilson

QUESTION NO: 1009 Pervasive Computing and Mobile Computing Devices have to sacrifice certain functions. Which statement concerning those devices is false. A. In many cases, security services has been enhanced due to the lack of services available. B. These devices share common security concerns with other resource-constrained devices. C. In many cases, security services have been sacrificed to provide richer user interaction when processing power is very limited. D. Their mobility has made them a prime vector for data loss since they can be used to transmit and store information in ways that may be difficult to control.

QUESTION NO: 1010 Which International Organization for Standardization standard is commonly referred to as the 'common criteria'? A. 15408 B. 27001 C. 14000 D. 22002

QUESTION NO: 1011 What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units)? Such deployment model may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. A. Private Cloud B. Public Cloud C. Hybrid Cloud D. Community Cloud

QUESTION NO: 1012 When referring to the Cloud Computing Service models. What would you call a service model where the consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment? A. Code as a Service (CaaS) B. Platform as a Service (PaaS) C. Software as a Service (SaaS) D. Infrastructure as a Service (IaaS)

QUESTION NO: 1013 Which of the following was the first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access, and to outline rules of access? A. Biba B. Bell-LaPadula C. Clark-Wilson D. State machine

QUESTION NO: 1014 Which of the following is a true statement pertaining to memory addressing? A. The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are based on a known address and an offset value. B. The CPU uses logical addresses. Applications use absolute addresses. Relative addresses are based on a known address and an offset value. C. The CPU uses absolute addresses. Applications use relative addresses. Logical addresses are based on a known address and an offset value. D. The CPU uses absolute addresses. Applications use logical addresses. Absolute addresses are based on a known address and an offset value.

QUESTION NO: 1015 Which of the following answers BEST describes the Bell La-Padula model of storage and access control of classified information? A. No read up and No write down B. No write up, no read down C. No read over and no write up D. No reading from higher classification levels

QUESTION NO: 1016 In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network? A. Software as a service B. Data as a service C. Platform as a service D. Infrastructure as a service

QUESTION NO: 1017 Which of the following cloud computing service model provides a way to rent operating systems, storage and network capacity over the Internet? A. Software as a service B. Data as a service C. Platform as a service D. Infrastructure as a service

QUESTION NO: 1018 Which of the following cloud computing service model is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components? A. Software as a service B. Data as a service C. Platform as a service D. Infrastructure as a service

QUESTION NO: 1019 Which of the following cloud deployment model operates solely for an organization? A. Private Cloud B. Community Cloud C. Public Cloud D. Hybrid Cloud

QUESTION NO: 1020 Which of the following cloud deployment model can be shared by several organizations? A. Private Cloud B. Community Cloud C. Public Cloud D. Hybrid Cloud

QUESTION NO: 1021 Which of the following cloud deployment model is provisioned for open use by the general public? A. Private Cloud B. Community Cloud C. Public Cloud D. Hybrid Cloud

QUESTION NO: 1022 Which of the following cloud deployment model is formed by the composition of two or more cloud deployment mode? A. Private Cloud B. Community Cloud C. Public Cloud D. Hybrid Cloud

QUESTION NO: 1023 Configuration Management controls what? A. Auditing of changes to the Trusted Computing Base. B. Control of changes to the Trusted Computing Base. C. Changes in the configuration access to the Trusted Computing Base. D. Auditing and controlling any changes to the Trusted Computing Base.

QUESTION NO: 1024 If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist? A. Disclosure of residual data. B. Unauthorized obtaining of a privileged execution state. C. Data leakage through covert channels. D. Denial of service through a deadly embrace.

QUESTION NO: 1025 Operations Security seeks to primarily protect against which of the following? A. object reuse B. facility disaster C. compromising emanations D. asset threats

QUESTION NO: 1026 Which of the following components are considered part of the Trusted Computing Base? A. trusted hardware and firmware B. trusted hardware and software C. trusted hardware, software and firmware D. trusted computer operators and system managers

QUESTION NO: 1027 Which of the following is NOT an example of an operational control? A. backup and recovery B. Auditing C. contingency planning D. operations procedures

QUESTION NO: 1028 Degaussing is used to clear data from all of the following medias except: A. Floppy Disks B. Read-Only Media C. Video Tapes D. Magnetic Hard Disks

QUESTION NO: 1029 It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security? A. security administrator B. security analyst C. systems auditor D. systems programmer

QUESTION NO: 1030 When backing up an applications system's data, which of the following is a key question to be answered first? A. When to make backups B. Where to keep backups C. What records to backup D. How to store backups

QUESTION NO: 1031 The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following? A. clipping level B. acceptance level C. forgiveness level D. logging level

QUESTION NO: 1032 Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette? A. Degaussing B. Parity Bit Manipulation C. Zeroization D. Buffer overflow

QUESTION NO: 1033 Which of the following is true related to network sniffing? A. Sniffers allow an attacker to monitor data passing across a network. B. Sniffers alter the source address of a computer to disguise and exploit weak authentication methods. C. Sniffers take over network connections. D. Sniffers send IP fragments to a system that overlap with each other.

QUESTION NO: 1034 Which of the following is NOT a technique used to perform a penetration test? A. traffic padding B. scanning and probing C. war dialing D. sniffing

QUESTION NO: 1035 Which of the following is NOT a media viability control used to protect the viability of data storage media? A. clearing B. marking C. handling D. storage

QUESTION NO: 1036 Which of the following are the two commonly defined types of covert channels: A. Storage and Timing B. Software and Timing C. Storage and Kernel D. Kernel and Timing

QUESTION NO: 1037 Which of the following refers to the data left on the media after the media has been erased? A. remanence B. recovery C. sticky bits D. semi-hidden

QUESTION NO: 1038 Which of the following ensures that security is not breached when a system crash or other system failure occurs? A. trusted recovery B. hot swappable C. redundancy D. secure boot

QUESTION NO: 1039 Which of the following ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the system's life cycle? A. life cycle assurance B. operational assurance C. covert timing assurance D. covert storage assurance

QUESTION NO: 1040 Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles? A. B2 B. B1 C. A1 D. A2

QUESTION NO: 1041 Which of the following are NOT a countermeasure to traffic analysis? A. Padding messages. B. Eavesdropping. C. Sending noise. D. Faraday Cage

QUESTION NO: 1042 Which of the following are the three classifications of RAID identified by the RAID Advisory Board? A. Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. B. Foreign Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems. C. Failure Resistant Disk Systems (FRDSs), File Transfer Disk Systems, and Disaster Tolerant Disk Systems. D. Federal Resistant Disk Systems (FRDSs), Fault Tolerant Disk Systems, and Disaster Tolerant Disk Systems.

QUESTION NO: 1043 RAID Level 1 is commonly called which of the following? A. mirroring B. striping C. clustering D. hamming

QUESTION NO: 1044 Which of the following is often implemented by a one-for-one disk to disk ratio? A. RAID Level 1 B. RAID Level 0 C. RAID Level 2 D. RAID Level 5

QUESTION NO: 1045 The main issue with Level 1 of RAID is which of the following? A. It is very expensive. B. It is difficult to recover. C. It causes poor performance. D. It is relatively unreliable.

QUESTION NO: 1046 Which of the following effectively doubles the amount of hard drives needed but also provides redundancy? A. RAID Level 0 B. RAID Level 1 C. RAID Level 2 D. RAID Level 5

QUESTION NO: 1047 Which of the following is used to create parity information? A. a hamming code B. a clustering code C. a mirroring code D. a striping code

QUESTION NO: 1048 The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level while level 4 is usually implemented at which of the following? A. block level. B. bridge level. C. channel level. D. buffer level.

QUESTION NO: 1049 The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server in which of the following scenarios? A. system is up and running B. system is quiesced but operational C. system is idle but operational D. system is up and in single-user-mode

QUESTION NO: 1050 RAID level 10 is created by combining which of the following? A. level 0 (striping) with level 1 (mirroring). B. level 0 (striping) with level 2 (hamming). C. level 0 (striping) with level 1 (clustering). D. level 0 (striping) with level 1 (hamming).

QUESTION NO: 1051 A hardware RAID implementation is usually: A. platform-independent. B. platform-dependent. C. operating system dependant. D. software dependant.

QUESTION NO: 1052 RAID levels 3 and 5 run: A. faster on hardware. B. slower on hardware. C. faster on software. D. at the same speed on software and hardware.

QUESTION NO: 1053 When RAID runs as part of the operating system on the file server, it is an example of a: A. software implementation. B. hardware implementation. C. network implementation. D. server implementation.

QUESTION NO: 1054 A server cluster looks like a: A. single server from the user's point of view. B. dual server from the user's point of view. C. triple server from the user's point of view. D. quardle server from the user's point of view.

QUESTION NO: 1055 Which of the following backup methods makes a complete backup of every file on the server every time it is run? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.

QUESTION NO: 1056 Which backup method usually resets the archive bit on the files after they have been backed up? A. Incremental backup method. B. Differential backup method. C. Partial backup method. D. Tape backup method.

QUESTION NO: 1057 Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup? A. differential backup method. B. full backup method. C. incremental backup method. D. tape backup method.

QUESTION NO: 1058 Which of the following backup method must be made regardless of whether Differential or Incremental methods are used? A. Full Backup Method. B. Incremental backup method. C. Supplemental backup method. D. Tape backup method.

QUESTION NO: 1059 Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses? A. Digital Video Tape (DVT). B. Digital Analog Tape (DAT). C. Digital Voice Tape (DVT). D. Digital Audio Tape (DAT).

QUESTION NO: 1060 This type of backup management provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs (Write Once, Read Many): A. Hierarchical Storage Management (HSM). B. Hierarchical Resource Management (HRM). C. Hierarchical Access Management (HAM). D. Hierarchical Instance Management (HIM).

QUESTION NO: 1061 Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the: A. Operations Security Domain. B. Operations Security Domain Analysis. C. Telecommunications and Network Security Domain. D. Business Continuity Planning and Disater Recovery Planning.

QUESTION NO: 1062 The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? A. Black hats B. White hats C. Script kiddies D. Phreakers

QUESTION NO: 1063 Which of the following computer crime is MORE often associated with INSIDERS? A. IP spoofing B. Password sniffing C. Data diddling D. Denial of service (DOS)

QUESTION NO: 1064 Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer? A. Data diddling B. Salami techniques C. Trojan horses D. Viruses

QUESTION NO: 1065 Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of: A. Incident Evaluation B. Incident Recognition C. Incident Protection D. Incident Response

QUESTION NO: 1066 An Intrusion Detection System (IDS) is what type of control? A. A preventive control. B. A detective control. C. A recovery control. D. A directive control.

QUESTION NO: 1067 The main issue with RAID Level 1 is that the one-for-one ratio is: A. very expensive, resulting in the highest cost per megabyte of data capacity. B. very inexpensive, resulting in the lowest cost per megabyte of data capacity. C. very unreliable resulting in a greater risk of losing data. D. very reliable resulting in a lower risk of losing data.

QUESTION NO: 1068 Which of the following RAID levels is not used in practice and was quickly superseded by the more flexible levels? A. RAID Level 0 B. RAID Level 1 C. RAID Level 2 D. RAID Level 7

QUESTION NO: 1069 Which RAID implementation is commonly called mirroring? A. RAID level 2 B. RAID level 3 C. RAID level 5 D. RAID level 1

QUESTION NO: 1070 What is the main objective of proper separation of duties? A. To prevent employees from disclosing sensitive information. B. To ensure access controls are in place. C. To ensure that no single individual can compromise a system. D. To ensure that audit trails are not tampered with.

QUESTION NO: 1071 Which of the following is not a component of a Operations Security "triples"? A. Asset B. Threat C. Vulnerability D. Risk

QUESTION NO: 1072 Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system? A. Detective Controls B. Preventative Controls C. Corrective Controls D. Directive Controls

QUESTION NO: 1073 This type of control is used to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited? A. Processing Controls B. Output Controls C. Input Controls D. Input/Output Controls

QUESTION NO: 1074 When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as? A. Dual Control B. Need to know C. Separation of duties D. Segragation of duties

QUESTION NO: 1075 Configuration Management is a requirement for the following level(s) of the Orange Book? A. B3 and A1 B. B1, B2 and B3 C. A1 D. B2, B3, and A1

QUESTION NO: 1076 Which of the following is NOT a proper component of Media Viability Controls? A. Storage B. Writing C. Handling D. Marking

QUESTION NO: 1077 In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the best choice below. A. Network Address Translation B. Network Address Hijacking C. Network Address Supernetting D. Network Address Sniffing

QUESTION NO: 1078 What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? A. Data fiddling B. Data diddling C. Salami techniques D. Trojan horses

QUESTION NO: 1079 When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation? A. Due care B. Due concern C. Due diligence D. Due practice

QUESTION NO: 1080 Which of the following is not a critical security aspect of Operations Controls? A. Controls over hardware. B. Data media used. C. Operators using resources. D. Environmental controls.

QUESTION NO: 1081 This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? A. Checkpoint level B. Ceiling level C. Clipping level D. Threshold level

QUESTION NO: 1082 In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of? A. Complexity B. Non-transparency C. Transparency D. Simplicity

QUESTION NO: 1083 Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating? A. Security administrators B. Operators C. Data owners D. Data custodians

``` QUESTION NO: 1084 Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions? ``` A. C2 B. B1 C. B2 D. B3

QUESTION NO: 1085 Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources? A. They are more cost-effective B. They offer a lack of corporate bias C. They use highly talented ex-hackers D. They ensure a more complete reporting

QUESTION NO: 1086 Which of the following statements pertaining to ethical hacking is incorrect? A. An organization should use ethical hackers who do not sell auditing, hardware, software, firewall, hosting, and/or networking services. B. Testing should be done remotely to simulate external threats. C. Ethical hacking should not involve writing to or modifying the target systems negatively. D. Ethical hackers never use tools that have the potential of affecting servers or services.

QUESTION NO: 1087 What is the essential difference between a self-audit and an independent audit? A. Tools used B. Results C. Objectivity D. Competence

QUESTION NO: 1088 When it comes to magnetic media sanitization, what difference can be made between clearing and purging information? A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files. B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack. C. They both involve rewriting the media. D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.

QUESTION NO: 1089 A periodic review of user account management should not determine: A. Conformity with the concept of least privilege. B. Whether active accounts are still being used. C. Strength of user-chosen passwords. D. Whether management authorizations are up-to-date.

QUESTION NO: 1090 What is the main issue with media reuse? A. Degaussing B. Data remanence C. Media destruction D. Purging

QUESTION NO: 1091 Which of the following should NOT be performed by an operator? A. Implementing the initial program load B. Monitoring execution of the system C. Data entry D. Controlling job flow

QUESTION NO: 1092 Which of the following should be performed by an operator? A. Changing profiles B. Approving changes C. Adding and removal of users D. Installing system software

QUESTION NO: 1093 Which of the following is not appropriate in addressing object reuse? A. Degaussing magnetic tapes when they're no longer needed. B. Deleting files on disk before reusing the space. C. Clearing memory blocks before they are allocated to a program or data. D. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.

QUESTION NO: 1094 Which of the following is not a preventive operational control? A. Protecting laptops, personal computers and workstations. B. Controlling software viruses. C. Controlling data media access and disposal. D. Conducting security awareness and technical training.

QUESTION NO: 1095 Which of the following questions is less likely to help in assessing controls over hardware and software maintenance? A. Is access to all program libraries restricted and controlled? B. Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions? C. Is there version control? D. Are system components tested, documented, and approved prior to promotion to production?

QUESTION NO: 1096 Which of the following questions is less likely to help in assessing identification and authentication controls? A. Is a current list maintained and approved of authorized users and their access? B. Are passwords changed at least every ninety days or earlier if needed? C. Are inactive user identifications disabled after a specified period of time? D. Is there a process for reporting incidents?

QUESTION NO: 1097 Which of the following questions are least likely to help in assessing controls covering audit trails? A. Does the audit trail provide a trace of user actions? B. Are incidents monitored and tracked until resolved? C. Is access to online logs strictly controlled? D. Is there separation of duties between security personnel who administer the access control function and those who administer the audit trail?

QUESTION NO: 1098 What setup should an administrator use for regularly testing the strength of user passwords? A. A networked workstation so that the live password database can easily be accessed by the cracking program. B. A networked workstation so the password database can easily be copied locally and processed by the cracking program. C. A standalone workstation on which the password database is copied and processed by the cracking program. D. A password-cracking program is unethical; therefore it should not be used.

QUESTION NO: 1099 Which of the following rules is least likely to support the concept of least privilege? A. The number of administrative accounts should be kept to a minimum. B. Administrators should use regular accounts when performing routine operations like reading mail. C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible. D. Only data to and from critical systems and applications should be allowed through the firewall.

QUESTION NO: 1100 Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of: A. Deterrent controls B. Output controls C. Information flow controls D. Asset controls

QUESTION NO: 1101 Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms? A. A trusted path B. A protection domain C. A covert channel D. A maintenance hook

QUESTION NO: 1102 According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles? A. A1 B. B1 C. B2 D. B3

QUESTION NO: 1103 What is the most effective means of determining that controls are functioning properly within an operating system? A. Interview with computer operator B. Review of software control features and/or parameters C. Review of operating system manual D. Interview with product vendor

QUESTION NO: 1104 Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes? A. Key escrow B. Rotation of duties C. Principle of need-to-know D. Principle of least privilege

QUESTION NO: 1105 Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? A. Limiting the local access of operations personnel B. Job rotation of operations personnel C. Management monitoring of audit logs D. Enforcing regular password changes

QUESTION NO: 1106 An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called: A. a magnetic field. B. a degausser. C. magnetic remanence. D. magnetic saturation.

QUESTION NO: 1107 What is the most secure way to dispose of information on a CD-ROM? A. Sanitizing B. Physical damage C. Degaussing D. Physical destruction

QUESTION NO: 1108 Fault tolerance countermeasures are designed to combat threats to which of the following? A. an uninterruptible power supply. B. backup and retention capability. C. design reliability. D. data integrity.

QUESTION NO: 1109 In what way can violation clipping levels assist in violation tracking and analysis? A. Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred. B. Clipping levels enable a security administrator to customize the audit trail to record only those violations which are deemed to be security relevant. C. Clipping levels enable the security administrator to customize the audit trail to record only actions for users with access to user accounts with a privileged status. D. Clipping levels enable a security administrator to view all reductions in security levels which have been made to user accounts which have incurred violations.

QUESTION NO: 1110 An incremental backup process A. Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0. B. Backs up the files that been modified since the last full backup. It does not change the archive bit value. C. Backs up all the data and changes the archive bit to 0. D. Backs up all the data and changes the archive bit to 1.

QUESTION NO: 1111 In Operations Security trusted paths provide: A. trustworthy integration into integrity functions. B. trusted access to unsecure paths. C. trustworthy interfaces into priviledged user functions. D. trustworthy interfaces into priviledged MTBF functions.

QUESTION NO: 1112 The Loki attack exploits a covert channel using which network protocol? A. TCP B. PPP C. ICMP D. SMTP

QUESTION NO: 1113 Of the various types of "Hackers" that exist, the ones who are not worried about being caught and spending time in jail and have a total disregard for the law or police force, are labeled as what type of hackers? A. Suicide Hackers B. Black Hat Hackers C. White Hat Hackers D. Gray Hat Hackers

QUESTION NO: 1114 A Differential backup process will: A. Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1 B. Backs up data labeled with archive bit 1 and changes the data label to archive bit 0 C. Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0 D. Backs up data labeled with archive bit 0 and changes the data label to archive bit 1

QUESTION NO: 1115 Ding Ltd. is a firm specialized in intellectual property business. A new video streaming application needs to be installed for the purpose of conducting the annual awareness program as per the firm security program. The application will stream internally copyrighted computer based training videos. The requirements for the application installation are to use a single server, low cost technologies, high performance and no high availability capacities. In regards to storage technology, what is the most suitable configuration for the server hard drives? A. Single hard disk (no RAID) B. RAID 0 C. RAID 1 D. RAID 10

QUESTION NO: 1116 According to Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) there is a requirement to “protect stored cardholder data.” Which of the following items cannot be stored by the merchant? A. Primary Account Number B. Cardholder Name C. Expiration Date D. The Card Validation Code (CVV2)

QUESTION NO: 1117 Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test? A. White-Box Penetration Testing B. Black-Box Pen Testing C. Penetration Testing D. Gray-Box Pen Testing

QUESTION NO: 1118 Which of the following answers BEST indicates the most important part of a data backup plan? A. Testing the backups with restore operations B. An effective backup plan C. A reliable network infrastructure D. Expensive backup hardware

QUESTION NO: 1119 Which of the following answers is directly related to providing High Availability to your users? A. Backup data circuits B. Good hiring practices C. Updated Antivirus Software D. Senior Executive Support

QUESTION NO: 1120 Which of the following answers presents the MOST significant threat to network based IDS or IPS systems? A. Encrypted Traffic B. Complex IDS/IPS Signature Syntax C. Digitally Signed Network Packets D. Segregated VLANs

QUESTION NO: 1121 Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media? A. Degaussing B. Overwrite every sector of magnetic media with pattern of 1's and 0's C. Format magnetic media D. Delete File allocation table

QUESTION NO: 1122 Which of the following best describes what would be expected at a "hot site"? A. Computers, climate control, cables and peripherals B. Computers and peripherals C. Computers and dedicated climate control systems. D. Dedicated climate control systems

QUESTION NO: 1123 Who should direct short-term recovery actions immediately following a disaster? A. Chief Information Officer. B. Chief Operating Officer. C. Disaster Recovery Manager. D. Chief Executive Officer.

QUESTION NO: 1124 Prior to a live disaster test also called a Full Interruption test, which of the following is most important? A. Restore all files in preparation for the test. B. Document expected findings. C. Arrange physical security for the test site. D. Conduct of a successful Parallel Test

QUESTION NO: 1125 Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes? A. Composition B. Priorities C. Dependencies D. Service levels

QUESTION NO: 1126 Which of the following recovery plan test results would be most useful to management? A. elapsed time to perform various activities. B. list of successful and unsuccessful activities. C. amount of work completed. D. description of each activity.

QUESTION NO: 1127 Which of the following computer recovery sites is only partially equipped with processing equipment? A. hot site. B. rolling hot site. C. warm site. D. cold site.

QUESTION NO: 1128 Which of the following computer recovery sites is the least expensive and the most difficult to test? A. non-mobile hot site. B. mobile hot site. C. warm site. D. cold site.

QUESTION NO: 1129 Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan? A. It is unlikely to be affected by the same disaster. B. It is close enough to become operational quickly. C. It is close enough to serve its users. D. It is convenient to airports and hotels.

QUESTION NO: 1130 Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement? A. hot site. B. warm site. C. cold site. D. reciprocal agreement.

QUESTION NO: 1131 Organizations should not view disaster recovery as which of the following? A. Committed expense. B. Discretionary expense. C. Enforcement of legal statutes. D. Compliance with regulations.

QUESTION NO: 1132 Which of the following backup sites is the most effective for disaster recovery? A. Time brokers B. Hot sites C. Cold sites D. Reciprocal Agreement

QUESTION NO: 1133 Which of the following is NOT a transaction redundancy implementation? A. on-site mirroring B. Electronic Vaulting C. Remote Journaling D. Database Shadowing

QUESTION NO: 1134 Which of the following provides enterprise management with a prioritized list of time-critical business processes, and estimates a recovery time objective for each of the time critical processes and the components of the enterprise that support those processes? A. Business Impact Assessment B. Current State Assessment C. Risk Mitigation Assessment. D. Business Risk Assessment.

QUESTION NO: 1135 Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA): A. Notifying senior management of the start of the assessment. B. Creating data gathering techniques. C. Identifying critical business functions. D. Calculating the risk for each different business function.

QUESTION NO: 1136 A site that is owned by the company and mirrors the original production site is referred to as a _______? A. Hot site. B. Warm Site. C. Reciprocal site. D. Redundant Site.

QUESTION NO: 1137 Which of the following results in the most devastating business interruptions? A. Loss of Hardware/Software B. Loss of Data C. Loss of Communication Links D. Loss of Applications

QUESTION NO: 1138 Which of the following is the most critical item from a disaster recovery point of view? A. Data B. Hardware/Software C. Communication Links D. Software Applications

QUESTION NO: 1139 Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)? A. Recovery Point Objective B. Recovery Time Objective C. Point of Time Objective D. Critical Time Objective

QUESTION NO: 1140 Valuable paper insurance coverage does not cover damage to which of the following? A. Inscribed, printed and Written documents B. Manuscripts C. Records D. Money and Securities

QUESTION NO: 1141 Which of the following is covered under Crime Insurance Policy Coverage? A. Inscribed, printed and Written documents B. Manuscripts C. Accounts Receivable D. Money and Securities

QUESTION NO: 1142 If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on: A. Value of item on the date of loss B. Replacement with a new item for the old one regardless of condition of lost item C. Value of item one month before the loss D. Value of item on the date of loss plus 10 percent

QUESTION NO: 1143 If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated: A. Based on the value of item on the date of loss B. Based on new, comparable, or identical item for old regardless of condition of lost item C. Based on value of item one month before the loss D. Based on the value listed on the Ebay auction web site

QUESTION NO: 1144 What is the Maximum Tolerable Downtime (MTD)? A. Maximum elapsed time required to complete recovery of application data B. Minimum elapsed time required to complete recovery of application data C. Maximum elapsed time required to move back to primary site after a major disruption D. It is maximum delay businesses can tolerate and still remain viable

QUESTION NO: 1145 Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)? A. Alternate site selection B. Create data-gathering techniques C. Identify the company’s critical business functions D. Select individuals to interview for data gathering

QUESTION NO: 1146 Which one of the following is NOT one of the outcomes of a vulnerability assessment? A. Quantative loss assessment B. Qualitative loss assessment C. Formal approval of BCP scope and initiation document D. Defining critical support areas

QUESTION NO: 1147 The scope and focus of the Business continuity plan development depends most on: A. Directives of Senior Management B. Business Impact Analysis (BIA) C. Scope and Plan Initiation D. Skills of BCP committee

QUESTION NO: 1148 Which of the following items is NOT a benefit of cold sites? A. No resource contention with other organization B. Quick Recovery C. A secondary location is available to reconstruct the environment D. Low Cost

QUESTION NO: 1149 Qualitative loss resulting from the business interruption does NOT usually include: A. Loss of revenue B. Loss of competitive advantage or market share C. Loss of public confidence and credibility D. Loss of market leadership

QUESTION NO: 1150 When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as? A. Shadowing B. Data mirroring C. Backup D. Archiving

QUESTION NO: 1151 Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications? A. External Hot site B. Warm Site C. Internal Hot Site D. Dual Data Center

QUESTION NO: 1152 What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team? A. The most critical operations are moved from alternate site to primary site before others B. Operation may be carried by a completely different team than disaster recovery team C. The least critical functions should be moved back first D. You moves items back in the same order as the categories document in your plan or exactly in the same order as you did on your way to the alternate site

QUESTION NO: 1153 Business Continuity and Disaster Recovery Planning (Primarily) addresses the: A. Availability of the CIA triad B. Confidentiality of the CIA triad C. Integrity of the CIA triad D. Availability, Confidentiality and Integrity of the CIA triad

QUESTION NO: 1154 Which of the following is used to create parity information? A. a hamming code B. a clustering code C. a mirroring code D. a striping code

QUESTION NO: 1155 Which of the following backup methods makes a complete backup of every file on the server every time it is run? A. full backup method. B. incremental backup method. C. differential backup method. D. tape backup method.

QUESTION NO: 1156 Which of the following is a large hardware/software backup system that uses the RAID technology? A. Tape Array. B. Scale Array. C. Crimson Array D. Table Array.

QUESTION NO: 1157 What is the MOST critical piece to disaster recovery and continuity planning? A. Security policy B. Management support C. Availability of backup information processing facilities D. Staff training

QUESTION NO: 1158 During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable? A. Measurement of accuracy B. Elapsed time for completion of critical tasks C. Quantitatively measuring the results of the test D. Evaluation of the observed test results

QUESTION NO: 1159 Which of the following statements regarding an off-site information processing facility is TRUE? A. It should have the same amount of physical access restrictions as the primary processing site. B. It should be located in proximity to the originating site so that it can quickly be made operational. C. It should be easily identified from the outside so in the event of an emergency it can be easily found. D. Need not have the same level of environmental monitoring as the originating site since this would be cost prohibitive.

QUESTION NO: 1160 Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of: A. Incident Evaluation B. Incident Recognition C. Incident Protection D. Incident Response

QUESTION NO: 1161 A server farm consisting of multiple similar servers seen as a single IP address from users interacting with the group of servers is an example of which of the following? A. Server clustering B. Redundant servers C. Multiple servers D. Server fault tolerance

QUESTION NO: 1162 Which of the following is NOT a common backup method? A. Full backup method B. Daily backup method C. Incremental backup method D. Differential backup method

QUESTION NO: 1163 Which common backup method is the fastest on a daily basis? A. Full backup method B. Incremental backup method C. Fast backup method D. Differential backup method

QUESTION NO: 1164 Which of the following backup methods is most appropriate for off-site archiving? A. Incremental backup method B. Off-site backup method C. Full backup method D. Differential backup method

QUESTION NO: 1165 Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)? A. Calculate the risk for each different business function. B. Identify the company’s critical business functions. C. Calculate how long these functions can survive without these resources. D. Develop a mission statement.

QUESTION NO: 1166 Which of the following statements pertaining to RAID technologies is incorrect? A. RAID-5 has a higher performance in read/write speeds than the other levels. B. RAID-3 uses byte-level striping with dedicated parity . C. RAID-0 relies solely on striping. D. RAID-4 uses dedicated parity.

QUESTION NO: 1167 Which of the following is NOT a common category/classification of threat to an IT system? A. Human B. Natural C. Technological D. Hackers

QUESTION NO: 1168 Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks? A. Risk assessment B. Residual risks C. Security controls D. Business units

QUESTION NO: 1169 A contingency plan should address: A. Potential risks. B. Residual risks. C. Identified risks. D. All answers are correct.

QUESTION NO: 1170 Which of the following focuses on sustaining an organization's business functions during and after a disruption? A. Business continuity plan B. Business recovery plan C. Continuity of operations plan D. Disaster recovery plan

QUESTION NO: 1171 Which of the following specifically addresses cyber attacks against an organization's IT systems? A. Continuity of support plan B. Business continuity plan C. Incident response plan D. Continuity of operations plan

QUESTION NO: 1172 Which of the following provides coordinated procedures for minimizing loss of life, injury, and property damage in response to a physical threat? A. Business continuity plan B. Incident response plan C. Disaster recovery plan D. Occupant emergency plan

QUESTION NO: 1173 Which of the following teams should NOT be included in an organization's contingency plan? A. Damage assessment team B. Hardware salvage team C. Tiger team D. Legal affairs team

QUESTION NO: 1174 Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect? A. The plan should be reviewed at least once a year for accuracy and completeness. B. The Contingency Planning Coordinator should make sure that every employee gets an up-todate copy of the plan. C. Strict version control should be maintained. D. Copies of the plan should be provided to recovery personnel for storage offline at home and office.

QUESTION NO: 1175 Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix? A. Contact information for all personnel. B. Vendor contact information, including offsite storage and alternate site. C. Equipment and system requirements lists of the hardware, software, firmware and other resources required to support system operations. D. The Business Impact Analysis.

QUESTION NO: 1176 Which of the following server contingency solutions offers the highest availability? A. System backups B. Electronic vaulting/remote journaling C. Redundant arrays of independent disks (RAID) D. Load balancing/disk replication

QUESTION NO: 1177 What assesses potential loss that could be caused by a disaster? A. The Business Assessment (BA) B. The Business Impact Analysis (BIA) C. The Risk Assessment (RA) D. The Business Continuity Plan (BCP)

QUESTION NO: 1178 Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival? A. A risk assessment B. A business assessment C. A disaster recovery plan D. A business impact analysis

QUESTION NO: 1179 What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization? A. Recovery Point Objectives (RPO) B. Recovery Time Objectives (RTO) C. Recovery Time Period (RTP) D. Critical Recovery Time (CRT)

QUESTION NO: 1180 Which of the following steps should be one of the first step performed in a Business Impact Analysis (BIA)? A. Identify all CRITICAL business units within the organization. B. Evaluate the impact of disruptive events. C. Estimate the Recovery Time Objectives (RTO). D. Identify and Prioritize Critical Organization Functions

QUESTION NO: 1181 A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include? A. Marketing/Public relations B. Data/Telecomm/IS facilities C. IS Operations D. Facilities security

QUESTION NO: 1182 During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first? A. Damage mitigation B. Install LAN communications network and servers C. Assess damage to LAN and servers D. Recover equipment

QUESTION NO: 1183 Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect? A. In order to facilitate recovery, a single plan should cover all locations. B. There should be requirements to form a committee to decide a course of action. These decisions should be made ahead of time and incorporated into the plan. C. In its procedures and tasks, the plan should refer to functions, not specific individuals. D. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a timely manner.

QUESTION NO: 1184 A Business Continuity Plan should be tested: A. Once a month. B. At least twice a year. C. At least once a year. D. At least once every two years.

QUESTION NO: 1185 Which of the following statements pertaining to a Criticality Survey is incorrect? A. It is implemented to gather input from all personnel that is going to be part of the recovery teams. B. The purpose of the survey must be clearly stated. C. Management's approval should be obtained before distributing the survey. D. Its intent is to find out what services and systems are critical to keeping the organization in business.

QUESTION NO: 1186 Which disaster recovery plan test involves functional representatives meeting to review the plan in detail? A. Simulation test B. Checklist test C. Parallel test D. Structured walk-through test

QUESTION NO: 1187 System reliability is increased by: A. A lower MTBF and a lower MTTR. B. A higher MTBF and a lower MTTR. C. A lower MTBF and a higher MTTR. D. A higher MTBF and a higher MTTR.

QUESTION NO: 1188 The first step in the implementation of the contingency plan is to perform: A. A firmware backup B. A data backup C. An operating systems software backup D. An application software backup

QUESTION NO: 1189 The MOST common threat that impacts a business's ability to function normally is: A. Power Outage B. Water Damage C. Severe Weather D. Labor Strike

QUESTION NO: 1190 Failure of a contingency plan is usually: A. A technical failure. B. A management failure. C. Because of a lack of awareness. D. Because of a lack of training.

QUESTION NO: 1191 Which of the following questions is less likely to help in assessing an organization's contingency planning controls? A. Is damaged media stored and/or destroyed? B. Are the backup storage site and alternate site geographically far enough from the primary site? C. Is there an up-to-date copy of the plan stored securely off-site? D. Is the location of stored backups identified?

QUESTION NO: 1192 A business continuity plan is an example of which of the following? A. Corrective control B. Detective control C. Preventive control D. Compensating control

QUESTION NO: 1193 When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems? A. Executive management staff B. Senior business unit management C. BCP committee D. Functional business units

QUESTION NO: 1194 Which of the following statements pertaining to disaster recovery planning is incorrect? A. Every organization must have a disaster recovery plan B. A disaster recovery plan contains actions to be taken before, during and after a disruptive event. C. The major goal of disaster recovery planning is to provide an organized way to make decisions if a disruptive event occurs. D. A disaster recovery plan should cover return from alternate facilities to primary facilities.

QUESTION NO: 1195 Which of the following statements do not apply to a hot site? A. It is expensive. B. There are cases of common overselling of processing capabilities by the service provider. C. It provides a false sense of security. D. It is accessible on a first come first serve basis. In case of large disaster it might not be accessible.

QUESTION NO: 1196What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location? A. Remote journaling B. Electronic vaulting C. Data clustering D. Database shadowing

QUESTION NO: 1197 Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test? A. Full Interruption test B. Checklist test C. Simulation test D. Structured walk-through test

QUESTION NO: 1198 Which of the following statements pertaining to disaster recovery is incorrect? A. A recovery team's primary task is to get the pre-defined critical business functions at the alternate backup processing site. B. A salvage team's task is to ensure that the primary site returns to normal processing conditions. C. The disaster recovery plan should include how the company will return from the alternate site to the primary site. D. When returning to the primary site, the most critical applications should be brought back first.

QUESTION NO: 1199 For which areas of the enterprise are business continuity plans required? A. All areas of the enterprise. B. The financial and information processing areas of the enterprise. C. The operating areas of the enterprise. D. The marketing, finance, and information processing areas.

QUESTION NO: 1200 Which of the following will a Business Impact Analysis NOT identify? A. Areas that would suffer the greatest financial or operational loss in the event of a disaster. B. Systems critical to the survival of the enterprise. C. The names of individuals to be contacted during a disaster. D. The outage time that can be tolerated by the enterprise as a result of a disaster.

QUESTION NO: 1201 What is a hot-site facility? A. A site with pre-installed computers, raised flooring, air conditioning, telecommunications and networking equipment, and UPS. B. A site in which space is reserved with pre-installed wiring and raised floors. C. A site with raised flooring, air conditioning, telecommunications, and networking equipment, and UPS. D. A site with ready made work space with telecommunications equipment, LANs, PCs, and terminals for work groups.

QUESTION NO: 1202 Which of the following best describes remote journaling? A. Send hourly tapes containing transactions off-site. B. Send daily tapes containing transactions off-site. C. Real-time capture of transactions to multiple storage devices. D. Real time transmission of copies of the entries in the journal of transactions to an alternate site.

QUESTION NO: 1203 All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important topic to include within the BCP plan: A. IT Network Support B. Accounting C. Public Relations D. Purchasing

QUESTION NO: 1204 Of the following, which is NOT a specific loss criteria that should be considered while developing a BIA? A. Loss of skilled workers knowledge B. Loss in revenue C. Loss in profits D. Loss in reputation

QUESTION NO: 1205 Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true? A. Personnel turnover B. Large plans can take a lot of work to maintain C. Continous auditing makes a Disaster Recovery plan irrelevant D. Infrastructure and environment changes

QUESTION NO: 1206 Which backup type run at regular intervals would take the least time to complete? A. Full Backup B. Differential Backup C. Incremental Backup D. Disk Mirroring

QUESTION NO: 1207 What is electronic vaulting? A. Information is backed up to tape on a hourly basis and is stored in a on-site vault. B. Information is backed up to tape on a daily basis and is stored in a on-site vault. C. Transferring electronic journals or transaction logs to an off-site storage facility D. A transfer of bulk information to a remote central backup facility.

QUESTION NO: 1208 After a company is out of an emergency state, what should be moved back to the original site first? A. Executives B. Least critical components C. IT support staff D. Most critical components

QUESTION NO: 1209 How often should tests and disaster recovery drills be performed? A. At least once a quarter B. At least once every 6 months C. At least once a year D. At least once every 2 years

QUESTION NO: 1210 A business impact assessment is one element in business continuity planning. What are the three primary goals of a BIA? A. Data processing continuity planning, data recovery plan maintenance, and testing the disaster recovery plan. B. Scope and plan initiation, business continuity plan development, and plan approval and implementation. C. Facility requirements planning, facility security management, and administrative personnel controls. D. Criticality prioritization, downtime estimation, and resource requirements.

QUESTION NO: 1211 Business Continuity Planning (BCP) is not defined as a preparation that facilitates: A. the rapid recovery of mission-critical business operations B. the continuation of critical business functions C. the monitoring of threat activity for adjustment of technical controls D. the reduction of the impact of a disaster

QUESTION NO: 1212 During a test of a disaster recovery plan the IT systems are concurrently set up at the alternate site. The results are compared to the results of regular processing at the original site. What kind of testing has taken place? A. Simulation B. Parallel C. Checklist D. Full interruption

QUESTION NO: 1213 During a business impact analysis it is concluded that a system has maximum tolerable downtime of 2 hours. What would this system be classified as? A. Important B. Urgent C. Critical D. Vital

QUESTION NO: 1214 Business Impact Analysis (BIA) is about A. Technology B. Supporting the mission of the organization C. Due Care D. Risk Assessment

QUESTION NO: 1215 What is the MOST important step in business continuity planning? A. Risk Assessment B. Due Care C. Business Impact Analysis (BIA) D. Due Diligence

QUESTION NO: 1216 You have been tasked with developing a Business Continuity Plan/Disaster Recovery (BCP/DR) plan. After several months of researching the various areas of the organization, you are ready to present the plan to Senior Management. During the presentation meeting, the plan that you have dutifully created is not received positively. Senior Management is not convinced that they need to enact your plan, nor are they prepared to invest any money in the plan. What is the BEST reason, as to why Senior Management is not willing to enact your plan? A. The business case was not initially made and thus did not secure their support. B. They were not included in any of the Risk Assessment meetings. C. They were not included in any of the Business Impact Assessment meetings. D. A Business Impact Assessment was not performed.

QUESTION NO: 1217 How often should a Business Continuity Plan be reviewed? A. At least once a month B. At least every six months C. At least once a year D. At least Quarterly

QUESTION NO: 1218 Mark's manager has tasked him with researching an intrusion detection system for a new dispatching center. Mark identifies the top five products and compares their ratings. Which of the following is the evaluation criteria most in use today for these types of purposes? A. ITSEC B. Common Criteria C. Red Book D. Orange Book

QUESTION NO: 1219 When planning for disaster recovery it is important to know a chain of command should one or more people become missing, incapacitated or otherwise not available to lead the organization. Which of the following terms BEST describes this process? A. Succession Planning B. Continuity of Operations C. Business Impact Analysis D. Business Continuity Planning

QUESTION NO: 1220 Of the three types of alternate sites: hot, warm or cold, which is BEST described by the following facility description? - Configured and functional facility - Available with a few hours - Requires constant maintenance - Is expensive to maintain A. Hot Site B. Warm Site C. Cold Site D. Remote Site

QUESTION NO: 1221 Which of the following plan provides procedures for sustaining essential business operations while recovering from significant disruption? A. Business Continuity Plan B. Occupant Emergency Plan C. Cyber Incident Response Plan D. Disaster Recovery Plan

QUESTION NO: 1222 Which of the following groups represents the leading source of computer crime losses? A. Hackers B. Industrial saboteurs C. Foreign intelligence officers D. Employees

QUESTION NO: 1223 Which of the following is biggest factor that makes Computer Crimes possible? A. The fraudster obtaining advanced training & special knowledge. B. Victim carelessness. C. Collusion with others in information processing. D. System design flaws.

QUESTION NO: 1224 Under United States law, an investigator's notebook may be used in court in which of the following scenarios? A. When the investigator is unwilling to testify. B. When other forms of physical evidence are not available. C. To refresh the investigators memory while testifying. D. If the defense has no objections.

QUESTION NO: 1225 In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected? A. Human Resources B. Industrial Security C. Public Relations D. External Audit Group

QUESTION NO: 1226 To be admissible in court, computer evidence must be which of the following? A. Relevant B. Decrypted C. Edited D. Incriminating

QUESTION NO: 1227 The typical computer fraudsters are usually persons with which of the following characteristics? A. They have had previous contact with law enforcement B. They conspire with others C. They hold a position of trust D. They deviate from the accepted norms of society

QUESTION NO: 1228 Once evidence is seized, a law enforcement officer should emphasize which of the following? A. Chain of command B. Chain of custody C. Chain of control D. Chain of communications

QUESTION NO: 1229 The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP: A. Honesty B. Ethical behavior C. Legality D. Control

QUESTION NO: 1230 Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing? A. System development activity B. Help-desk function C. System Imaging D. Risk management process

QUESTION NO: 1231 Which of the following is from the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087)? A. Access to and use of the Internet is a privilege and should be treated as such by all users of the systems. B. Users should execute responsibilities in a manner consistent with the highest standards of their profession. C. There must not be personal data record-keeping systems whose very existence is secret. D. There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another purpose without their consent.

QUESTION NO: 1232 Which of the following is NOT defined in the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087) as unacceptable and unethical activity? A. uses a computer to steal B. destroys the integrity of computer-based information C. wastes resources such as people, capacity and computers through such actions D. involves negligence in the conduct of Internet-wide experiments

QUESTION NO: 1233 Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography. A. RSA B. PKI C. Diffie_Hellmann D. 3DES

QUESTION NO: 1234 In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process? A. Using a write blocker B. Made a full-disk image C. Created a message digest for log files D. Displayed the contents of a folder

QUESTION NO: 1235 Which of the following tools is NOT likely to be used by a hacker? A. Nessus B. Saint C. Tripwire D. Nmap

QUESTION NO: 1236 Which of the following computer crime is MORE often associated with INSIDERS? A. IP spoofing B. Password sniffing C. Data diddling D. Denial of service (DOS)

QUESTION NO: 1237 What do the ILOVEYOU and Melissa virus attacks have in common? A. They are both denial-of-service (DOS) attacks. B. They have nothing in common. C. They are both masquerading attacks. D. They are both social engineering attacks.

QUESTION NO: 1238 Crackers today are MOST often motivated by their desire to: A. Help the community in securing their networks. B. Seeing how far their skills will take them. C. Getting recognition for their actions. D. Gaining Money or Financial Gains.

QUESTION NO: 1239 Which of the following statements regarding trade secrets is FALSE? A. For a company to have a resource qualify as a trade secret, it must provide the company with some type of competitive value or advantage. B. The Trade Secret Law normally protects the expression of the idea of the resource. C. Many companies require their employees to sign nondisclosure agreements regarding the protection of their trade secrets. D. A resource can be protected by law if it is not generally known and if it requires special skill, ingenuity, and/or expenditure of money and effort to develop it.

QUESTION NO: 1240 What is the PRIMARY goal of incident handling? A. Successfully retrieve all evidence that can be used to prosecute B. Improve the company's ability to be prepared for threats and disasters C. Improve the company's disaster recovery plan D. Contain and repair any damage caused by an event.

QUESTION NO: 1241 Which of the following would be LESS likely to prevent an employee from reporting an incident? A. They are afraid of being pulled into something they don't want to be involved with. B. The process of reporting incidents is centralized. C. They are afraid of being accused of something they didn't do. D. They are unaware of the company's security policies and procedures.

QUESTION NO: 1242 Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations? A. The Computer Security Act of 1987. B. The Federal Sentencing Guidelines of 1991. C. The Economic Espionage Act of 1996. D. The Computer Fraud and Abuse Act of 1986.

QUESTION NO: 1243 What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected? A. To ensure that no evidence is lost. B. To ensure that all possible evidence is gathered. C. To ensure that it will be admissible in court D. To ensure that incidents were handled with due care and due diligence.

QUESTION NO: 1244 Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer? A. Data diddling B. Salami techniques C. Trojan horses D. Viruses

QUESTION NO: 1245 Which of the following is an example of an active attack? A. Traffic analysis B. Scanning C. Eavesdropping D. Wiretapping

QUESTION NO: 1246 The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of the corresponding vulnerability. Therefore, a legal liability may exists when: A. (C L) or C is greather than L D. (C > L - (residual risk)) or C is greather than L minus residual risk

QUESTION NO: 1247 What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent? A. Evidence Circumstance Doctrine B. Exigent Circumstance Doctrine C. Evidence of Admissibility Doctrine D. Exigent Probable Doctrine

QUESTION NO: 1248 A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence? A. Direct evidence B. Circumstantial evidence C. Hearsay evidence D. Secondary evidence

QUESTION NO: 1249 Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses? A. Direct evidence. B. Circumstantial evidence. C. Conclusive evidence. D. Corroborative evidence.

QUESTION NO: 1250 This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario? A. Excessive Rights B. Excessive Access C. Excessive Permissions D. Excessive Privileges

QUESTION NO: 1251 Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud/attack makes use of a device that generates tones to simulate inserting coins in pay phones, thus fooling the system into completing free calls? A. Red Boxes B. Blue Boxes C. White Boxes D. Black Boxes

QUESTION NO: 1252 When companies come together to work in an integrated manner such as extranets, special care must be taken to ensure that each party promises to provide the necessary level of protection, liability and responsibility. These aspects should be defined in the contracts that each party signs. What describes this type of liability? A. Cascade liabilities B. Downstream liabilities C. Down-flow liabilities D. Down-set liabilities

QUESTION NO: 1253 This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence? A. Circumstantial evidence B. Corroborative evidence C. Opinion evidence D. Secondary evidence

QUESTION NO: 1254 Under intellectual property law what would you call information that companies keep secret to give them an advantage over their competitors? A. Copyright B. Patent C. Trademark D. Trade Secrets

QUESTION NO: 1255 Which category of law is also referenced as a Tort law? A. Civil law B. Criminal law C. Administrative law D. Public law

QUESTION NO: 1256 What category of law deals with regulatory standards that regulate performance and conduct? Government agencies create these standards, which are usually applied to companies and individuals within those companies? A. Standards law. B. Conduct law. C. Compliance law. D. Administrative law.

QUESTION NO: 1257 The copyright law ("original works of authorship") protects the right of the owner in all of the following except? A. The public distribution of the idea B. Reproduction of the idea C. The idea itself D. Display of the idea

QUESTION NO: 1258 To understand the 'whys' in crime, many times it is necessary to understand MOM. Which of the following is not a component of MOM? A. Opportunities B. Methods C. Motivation D. Means

QUESTION NO: 1259 In the statement below, fill in the blank: Law enforcement agencies must get a warrant to search and seize an individual's property, as stated in the _____ Amendment. A. First. B. Second. C. Third. D. Fourth.

QUESTION NO: 1260 Within the legal domain what rule is concerned with the legality of how the evidence was gathered? A. Exclusionary rule B. Best evidence rule C. Hearsay rule D. Investigation rule

QUESTION NO: 1261 Computer-generated evidence is considered: A. Best evidence B. Second hand evidence C. Demonstrative evidence D. Direct evidence

QUESTION NO: 1262 Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court? A. It must prove a fact that is immaterial to the case. B. Its reliability must be proven. C. The process for producing it must be documented and repeatable. D. The chain of custody of the evidence must show who collected, secured, controlled, handled, transported the evidence, and that it was not tampered with.

QUESTION NO: 1263 Keeping in mind that these are objectives that are provided for information only within the CBK as they only apply to the committee and not to the individuals. Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect? A. All information systems security professionals who are certified by (ISC)2 recognize that such a certification is a privilege that must be both earned and maintained. B. All information systems security professionals who are certified by (ISC)2 shall provide diligent and competent service to principals. C. All information systems security professionals who are certified by (ISC)2 shall forbid behavior such as associating or appearing to associate with criminals or criminal behavior. D. All information systems security professionals who are certified by (ISC)2 shall promote the understanding and acceptance of prudent information security measures.

QUESTION NO: 1264 Which of the following statements is not listed within the 4 canons of the (ISC)2 Code of Ethics? A. All information systems security professionals who are certified by (ISC)2 shall observe all contracts and agreements, express or implied. B. All information systems security professionals who are certified by (ISC)2 shall render only those services for which they are fully competent and qualified. C. All information systems security professionals who are certified by (ISC)2 shall promote and preserve public trust and confidence in information and systems. D. All information systems security professionals who are certified by (ISC)2 shall think about the social consequences of the program they write.

QUESTION NO: 1265 Regarding codes of ethics covered within the ISC2 CBK, within which of them is the phrase "Discourage unsafe practice" found? A. Computer Ethics Institute commandments B. (ISC)2 Code of Ethics C. Internet Activities Board's Ethics and the Internet (RFC1087) D. CIAC Guidelines

QUESTION NO: 1266 Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect? A. Data collected by an organization can be used for any purpose and for as long as necessary, as long as it is never communicated outside of the organization by which it was collected. B. Individuals have the right to correct errors contained in their personal data. C. Transmission of personal information to locations where "equivalent" personal data protection cannot be assured is prohibited. D. Records kept on an individual should be accurate and up to date.

QUESTION NO: 1267 Which of the following is NOT a Generally Accepted System Security Principle (GASSP)? A. Computer security supports the mission of the organization B. Computer security should be cost-effective C. The conception of computer viruses and worms is unethical. D. Systems owners have security responsibilities outside their organization.

QUESTION NO: 1268 Which of the following would best describe secondary evidence? A. Oral testimony by a non-expert witness B. Oral testimony by an expert witness C. A copy of a piece of evidence D. Evidence that proves a specific act

QUESTION NO: 1269 Why would a memory dump be admissible as evidence in court? A. Because it is used to demonstrate the truth of the contents. B. Because it is used to identify the state of the system. C. Because the state of the memory cannot be used as evidence. D. Because of the exclusionary rule.

QUESTION NO: 1270 Which type of attack would a competitive intelligence attack best classify as? A. Business attack B. Intelligence attack C. Financial attack D. Grudge attack

QUESTION NO: 1271 Due care is not related to: A. Good faith B. Prudent man C. Profit D. Best interest

QUESTION NO: 1272 Which of the following is not a form of passive attack? A. Scavenging B. Data diddling C. Shoulder surfing D. Sniffing

QUESTION NO: 1273 When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first? A. Eliminate all means of intruder access. B. Contain the intrusion. C. Determine to what extent systems and data are compromised. D. Communicate with relevant parties.

QUESTION NO: 1274 When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court? A. Back up the compromised systems. B. Identify the attacks used to gain access. C. Capture and record system information. D. Isolate the compromised systems.

QUESTION NO: 1275 In order to be able to successfully prosecute an intruder: A. A point of contact should be designated to be responsible for communicating with law enforcement and other external agencies. B. A proper chain of custody of evidence has to be preserved. C. Collection of evidence has to be done following predefined procedures. D. Whenever possible, analyze a replica of the compromised resource, not the original, thereby avoiding inadvertently tamping with evidence.

QUESTION NO: 1276 When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence: A. Evidence has to be collected in accordance with all laws and all legal regulations. B. Law enforcement officials should be contacted for advice on how and when to collect critical information. C. Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available. D. Log files containing information regarding an intrusion are retained for at least as long as normal business records, and longer in the case of an ongoing investigation.

QUESTION NO: 1277 When should a post-mortem review meeting be held after an intrusion has been properly taken care of? A. Within the first three months after the investigation of the intrusion is completed. B. Within the first week after prosecution of intruders have taken place, whether successful or not. C. Within the first month after the investigation of the intrusion is completed. D. Within the first week of completing the investigation of the intrusion.

QUESTION NO: 1278 If an organization were to monitor their employees' e-mail, it should not: A. Monitor only a limited number of employees. B. Inform all employees that e-mail is being monitored. C. Explain who can read the e-mail and how long it is backed up. D. Explain what is considered an acceptable use of the e-mail system.

QUESTION NO: 1279 If an employee's computer has been used by a fraudulent employee to commit a crime, the hard disk may be seized as evidence and once the investigation is complete it would follow the normal steps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which of the following steps listed below? A. Acquisition collection and identification B. Analysis C. Storage, preservation, and transportation D. Destruction

QUESTION NO: 1280 Which of the following is a problem regarding computer investigation issues? A. Information is tangible. B. Evidence is easy to gather. C. Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence. D. In many instances, an expert or specialist is not required.

QUESTION NO: 1281 What is defined as inference of information from other, intermediate, relevant facts? A. Secondary evidence B. Conclusive evidence C. Hearsay evidence D. Circumstantial evidence

QUESTION NO: 1282 Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions would have no bearing on the inadmissibility of audit logs and audit trails in a court of law? A. Records are collected during the regular conduct of business. B. Records are collected by senior or executive management. C. Records are collected at or near the time of occurrence of the act being investigated to generate automated reports. D. You can prove no one could have changed the records/data/logs that were collected.

QUESTION NO: 1283 Which of the following is the BEST way to detect software license violations? A. Implementing a corporate policy on copyright infringements and software use. B. Requiring that all PCs be diskless workstations. C. Installing metering software on the LAN so applications can be accessed through the metered software. D. Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.

QUESTION NO: 1284 Which of the following categories of hackers poses the greatest threat? A. Disgruntled employees B. Student hackers C. Criminal hackers D. Corporate spies

QUESTION NO: 1285 Which of the following best defines a Computer Security Incident Response Team (CSIRT)? A. An organization that provides a secure channel for receiving reports about suspected security incidents. B. An organization that ensures that security incidents are reported to the authorities. C. An organization that coordinates and supports the response to security incidents. D. An organization that disseminates incident-related information to its constituency and other involved parties.

QUESTION NO: 1286 Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if: A. The company is not a multi-national company. B. They have not exercised due care protecting computing resources. C. They have failed to properly insure computer resources against loss. D. The company does not prosecute the hacker that caused the breach.

QUESTION NO: 1287 The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called: A. alteration B. investigation C. entrapment D. enticement.

QUESTION NO: 1288 Which element must computer evidence have to be admissible in court? A. It must be relevant. B. It must be annotated. C. It must be printed. D. It must contain source code.

QUESTION NO: 1289 The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior for Internet users? A. Writing computer viruses. B. Monitoring data traffic. C. Wasting computer resources. D. Concealing unauthorized accesses.

QUESTION NO: 1290 A security analyst asks you to look at the traffic he has gathered, and you find several Push flags within the capture. It seems the packets are sent to an unknown Internet Address (IP) that is not in your network from one of your own IP addresses which is a financial database that is critical and must remain up and running 24x7. This traffic was noticed in the middle of the day. What would be the best course of action to follow? A. Shut off the Port to the database and start conducting computer forensics B. Let the connection stay up because you do not want to disrupt availability C. Contact the FBI or the US Secret Service to give guidance on what steps should be taken D. Block the IP address at the perimeter and create a bit level copy of the database server. Run antivirus scan on the database and add to the IPS a rule to automatically block similar traffic.

QUESTION NO: 1291 The US department of Health, Education and Welfare developed a list of fair information practices focused on privacy of individually, personal identifiable information. Which one of the following is incorrect? A. There must be a way for a person to find out what information about them exists and how it is used. B. There must be a personal data record-keeping system whose very existence shall be kept secret. C. There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another purpose without their consent. D. Any organization creating, maintaining, using, or disseminating records of personal identifiable information must ensure reliability of the data for their intended use and must make precautions to prevent misuses of that data.

QUESTION NO: 1292 An attack that involves an fraudster tricking a user into making inappropriate security decisions is known as: A. Spoofing B. Surveillance C. Social Engineering D. Man-in-the-Middle

QUESTION NO: 1293 The US-EU Safe Harbor process has been created to address which of the following? A. Integrity of data transferred between U.S. and European companies B. Confidentiality of data transferred between U.S and European companies C. Protection of personal data transferred between U.S and European companies D. Confidentiality of data transferred between European and international companies

QUESTION NO: 1294 What is Dumpster Diving? A. Going through dust bin B. Running through another person's garbage for discarded document, information and other various items that could be used against that person or company C. Performing media analysis D. performing forensics on the deleted items

QUESTION NO: 1295 Which of the following is the most important ISC2 Code of Ethics Canons? A. Act honorably, honestly, justly, responsibly, and legally B. Advance and protect the profession C. Protect society, the commonwealth, and the infrastructure D. Provide diligent and competent service to principals

QUESTION NO: 1296 What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units)? Such deployment model may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. A. Private Cloud B. Public Cloud C. Hybrid Cloud D. Community Cloud

QUESTION NO: 1297 When referring to the Cloud Computing Service models. What would you call a service model where the consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment? A. Code as a Service (CaaS) B. Platform as a Service (PaaS) C. Software as a Service (SaaS) D. Infrastructure as a Service (IaaS)

QUESTION NO: 1298 The exact requirements for the admissibility of evidence vary across legal systems and between different cases (e.g., criminal versus tort). At a more generic level, evidence should have some probative value, be relevant to the case at hand, and meet the following criteria which are often called the five rules of evidence: A. It has to be encrypted, accurate, complete, convincing, and Admissible. B. It has to be authentic, hashed, complete, convincing, and Admissible. C. It has to be authentic, accurate, complete, convincing, and auditable. D. It has to be authentic, accurate, complete, convincing, and Admissible.

QUESTION NO: 1299 You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals. One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch. What critical step in forensic evidence have you forgotten? A. Chain of custody B. Locking the laptop in your desk C. Making a disk image for examination D. Cracking the admin password with chntpw

QUESTION NO: 1300 Researchers have recently developed a tool that imitates a 14 year old on the Internet. The authors developed a "Chatter Bot" that mimics conversation and treats the dissemination of personal information as the goal to determine if the other participant in the conversation is a pedophile. The tool engages people in conversation and uses artificial intelligence to check for inappropriate questions by the unsuspecting human. If the human types too many suggestive responses to the "artificial" 14 year old, the tool then notifies the police. From a legal perspective, what is the greatest legal challenge to the use of this tool? A. Violation of Privacy B. Enticement C. Entrapment D. Freedom of Speech

QUESTION NO: 1301 You are a criminal hacker and have infiltrated a corporate network via a compromised host and a misconfigured firewall. You find many targets inside the network but all appear to be hardened except for one. It has several notable vulnerable services and it therefore seems out of place with an otherwise secured network. (Except for the misconfigured firewall, of course) What is it that you are likely seeing here? A. A Honeypot B. A Cisco Switch C. IDS - Intrusion Detection System D. File Server

QUESTION NO: 1302 The most prevalent cause of computer center fires is which of the following? A. AC equipment B. Electrical distribution systems C. Heating systems D. Natural causes

QUESTION NO: 1303 Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher? A. When the fire involves paper products B. When the fire is caused by flammable products C. When the fire involves electrical equipment D. When the fire is in an enclosed area

QUESTION NO: 1304 Examples of types of physical access controls include all EXCEPT which of the following? A. badges B. locks C. guards D. passwords

QUESTION NO: 1305 Guards are appropriate whenever the function required by the security program involves which of the following? A. The use of discriminating judgment B. The use of physical force C. The operation of access control devices D. The need to detect unauthorized access

QUESTION NO: 1306 What physical characteristic does a retinal scan biometric device measure? A. The amount of light reaching the retina B. The amount of light reflected by the retina C. The pattern of light receptors at the back of the eye D. The pattern of blood vessels at the back of the eye

QUESTION NO: 1307 Which of the following is the most costly countermeasure to reducing physical security risks? A. Procedural Controls B. Hardware Devices C. Electronic Systems D. Security Guards

QUESTION NO: 1308 Which is the last line of defense in a physical security sense? A. people B. interior barriers C. exterior barriers D. perimeter barriers

QUESTION NO: 1309 Devices that supply power when the commercial utility power system fails are called which of the following? A. power conditioners B. uninterruptible power supplies C. power filters D. power dividers

QUESTION NO: 1310 Which of the following is true about a "dry pipe" sprinkler system? A. It is a substitute for carbon dioxide systems. B. It maximizes chances of accidental discharge of water. C. It reduces the likelihood of the sprinkler system pipes freezing. D. It uses less water than "wet pipe" systems.

``` QUESTION NO: 1311 Which of the following is a class A fire? ``` A. common combustibles B. liquid C. electrical D. Halon

QUESTION NO: 1312 Which of the following is the preferred way to suppress an electrical fire in an information center? A. CO2 B. CO2, soda acid, or Halon C. water or soda acid D. ABC Rated Dry Chemical

QUESTION NO: 1313 What are the four basic elements of Fire? A. Heat, Fuel, Oxygen, and Chain Reaction B. Heat, Fuel, CO2, and Chain Reaction C. Heat, Wood, Oxygen, and Chain Reaction D. Flame, Fuel, Oxygen, and Chain Reaction

QUESTION NO: 1314 Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire? A. Halon B. CO2 C. water D. soda acid

``` QUESTION NO: 1315 Which of the following is a class C fire? ``` A. electrical B. liquid C. common combustibles D. soda acid

QUESTION NO: 1316 Which of the following is NOT a system-sensing wireless proximity card? A. magnetically striped card B. passive device C. field-powered device D. transponder

QUESTION NO: 1317 Which of the following is NOT a type of motion detector? A. Photoelectric sensor B. Passive infrared sensors C. Microwave Sensor. D. Ultrasonic Sensor.

QUESTION NO: 1318 Which of the following is NOT a precaution you can take to reduce static electricity? A. power line conditioning B. anti-static sprays C. maintain proper humidity levels D. anti-static flooring

``` QUESTION NO: 1321 The "vulnerability of a facility" to damage or attack may be assessed by all of the following except: A. Inspection B. History of losses C. Security controls D. security budget ```

QUESTION NO: 1320 Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires? A. traverse-mode noise B. common-mode noise C. crossover-mode noise D. transversal-mode noise

QUESTION NO: 1321 The "vulnerability of a facility" to damage or attack may be assessed by all of the following except: A. Inspection B. History of losses C. Security controls D. security budget

QUESTION NO: 1322 Which of the following is not an EPA-approved replacement for Halon? A. Bromine B. Innergen C. FM-200 D. FE-13

QUESTION NO: 1323 Which of the following is not a physical control for physical security? A. lighting B. fences C. training D. facility construction materials

QUESTION NO: 1324 Crime Prevention Through Environmental Design (CPTED) is a discipline that: A. Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior. B. Outlines how the proper design of the logical environment can reduce crime by directly affecting human behavior. C. Outlines how the proper design of the detective control environment can reduce crime by directly affecting human behavior. D. Outlines how the proper design of the administrative control environment can reduce crime by directly affecting human behavior.

QUESTION NO: 1325 The main risks that physical security components combat are all of the following EXCEPT: A. SYN flood B. physical damage C. theft D. Tailgating

QUESTION NO: 1326 A momentary power outage is a: A. spike B. blackout C. surge D. fault

QUESTION NO: 1327 A momentary high voltage is a: A. spike B. blackout C. surge D. fault

QUESTION NO: 1328 A momentary low voltage, from 1 cycle to a few seconds, is a: A. spike B. blackout C. sag D. fault

QUESTION NO: 1329 A prolonged high voltage is a: A. spike B. blackout C. surge D. fault

QUESTION NO: 1330 A prolonged complete loss of electric power is a: A. brownout B. blackout C. surge D. fault

QUESTION NO: 1331 A prolonged power supply that is below normal voltage is a: A. brownout B. blackout C. surge D. fault

QUESTION NO: 1332 While referring to Physical Security, what does Positive pressurization means? A. The pressure inside your sprinkler system is greater than zero. B. The air goes out of a room when a door is opened and outside air does not go into the room. C. Causes the sprinkler system to go off. D. A series of measures that increase pressure on employees in order to make them more productive.

QUESTION NO: 1333 Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a dropdown ceiling. This area is referred to as the: A. smoke boundary area B. fire detection area C. Plenum area D. Intergen area

QUESTION NO: 1334 Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of: A. Administrative controls B. Logical controls C. Technical controls D. Physical controls

QUESTION NO: 1335 To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it? A. Rate-of-rise temperature sensor installed on the side wall B. Variable heat sensor installed above the suspended ceiling C. Fixed-temperature sensor installed in the air vent D. Rate-of-rise temperature sensor installed below the raised floors

QUESTION NO: 1336 Which type of fire extinguisher is most appropriate for a digital information processing facility? A. Type A B. Type B C. Type C D. Type D

QUESTION NO: 1337 Which of the following controls related to physical security is not an administrative control? A. Personnel controls B. Alarms C. Training D. Emergency response and procedures

QUESTION NO: 1338 Which of the following is related to physical security and is not considered a technical control? A. Access control Mechanisms B. Intrusion Detection Systems C. Firewalls D. Locks

QUESTION NO: 1339 Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor

QUESTION NO: 1340 What can be defined as a momentary low voltage? A. Spike B. Sag C. Fault D. Brownout

QUESTION NO: 1341 Which of the following fire extinguishing systems incorporating a detection system is currently the most recommended water system for a computer room? A. Wet pipe B. Dry pipe C. Deluge D. Preaction

QUESTION NO: 1342 For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)? A. 3' to 4' high. B. 6' to 7' high. C. 8' high and above with strands of barbed wire. D. Double fencing

QUESTION NO: 1343 The viewing of recorded events after the fact using a closed-circuit TV camera is considered a A. Preventative control. B. Detective control C. Compensating control D. Corrective control

QUESTION NO: 1344 Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors

QUESTION NO: 1345 The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is not one of these areas? A. Threats B. Countermeasures C. Vulnerabilities D. Risks

QUESTION NO: 1348 Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? A. Transient Noise B. Faulty Ground C. Brownouts D. UPS

QUESTION NO: 1347 The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis? A. Critical-channel analysis B. Covert channel analysis C. Critical-path analysis D. Critical-conduit analysis

QUESTION NO: 1349 The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts? A. Static electricity B. Corrosion C. Energy-plating D. Element-plating

QUESTION NO: 1350 In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve? A. Relief valve B. Emergency valve C. Release valve D. Clapper valve

QUESTION NO: 1351 The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? A. Illuminated at nine feet high with at least three foot-candles B. Illuminated at eight feet high with at least three foot-candles C. Illuminated at eight feet high with at least two foot-candles D. Illuminated at nine feet high with at least two foot-candles

QUESTION NO: 1352 The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts? A. Static electricity B. Electro-plating C. Energy-plating D. Element-plating

``` QUESTION NO: 1353 Which fire class can water be most appropriate for? ``` A. Class A fires B. Class B fires C. Class C fires D. Class D fires

QUESTION NO: 1354 Critical areas should be lighted: A. Eight feet high and two feet out. B. Eight feet high and four feet out. C. Ten feet high and four feet out. D. Ten feet high and six feet out.

QUESTION NO: 1355 At which temperature does damage start occurring to magnetic media? A. 100 degrees Fahrenheit or 37'7º Celsius B. 125 degrees Fahrenheit or 51.66 Celsius C. 150 degrees Fahrenheit or 65,5º Celsius D. 175 degrees Fahrenheit or 79,4º Celsius

QUESTION NO: 1356 What is the minimum static charge able to cause disk drive data loss? A. 550 volts B. 1000 volts C. 1500 volts D. 2000 volts

QUESTION NO: 1357 What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm

QUESTION NO: 1358 Which of the following questions is less likely to help in assessing physical access controls? A. Does management regularly review the list of persons with physical access to sensitive facilities? B. Is the operating system configured to prevent circumvention of the security software and application controls? C. Are keys or other access devices needed to enter the computer room and media library? D. Are visitors to sensitive areas signed in and escorted?

QUESTION NO: 1359 Which of the following questions is less likely to help in assessing physical and environmental protection? A. Are entry codes changed periodically? B. Are appropriate fire suppression and prevention devices installed and working? C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information? D. Is physical access to data transmission lines controlled?

QUESTION NO: 1360 Which of the following statements pertaining to fire suppression systems is TRUE? A. Halon is today the most common choice as far as agent are concern because it is highly effective in the way that it interferes with the chemical reaction of the elements within a fire. B. Gas masks provide an effective protection against use of CO2 systems. They are recommended for the protection of the employees within data centers. C. CO2 systems are NOT effective because they suppress the oxygen supply required to sustain the fire. D. Water Based extinguisher are NOT an effective fire suppression method for class C (electrical) fires.

QUESTION NO: 1361 How should a doorway of a manned facility with automatic locks be configured? A. It should be configured to be fail-secure. B. It should be configured to be fail-safe. C. It should have a door delay cipher lock. D. It should not allow piggybacking.

QUESTION NO: 1362 Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader? A. A passive system sensing device B. A transponder C. A card swipe D. A magnetic card

QUESTION NO: 1363 According to ISC2, what should be the fire rating for the internal walls of an information processing facility? A. All walls must have a one-hour minimum fire rating. B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating. C. All walls must have a two-hour minimum fire rating. D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a three-hour minimum fire rating.

QUESTION NO: 1364 Which of the following statements pertaining to air conditioning for an information processing facility is correct? A. The AC units must be controllable from outside the area. B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room. C. The AC units must be on the same power source as the equipment in the room to allow for easier shutdown. D. The AC units must be dedicated to the information processing facility.

QUESTION NO: 1365 Which of the following statements pertaining to secure information processing facilities is incorrect? A. Walls should have an acceptable fire rating. B. Windows should be protected with bars. C. Doors must resist forcible entry. D. Location and type of fire suppression systems should be known.

QUESTION NO: 1366 What is a common problem when using vibration detection devices for perimeter control? A. They are vulnerable to non-adversarial disturbances. B. They can be defeated by electronic means. C. Signal amplitude is affected by weather conditions. D. They must be buried below the frost line.

QUESTION NO: 1367 Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to the use of a "Class A" hand-held fire extinguisher? A. When the fire is in its incipient stage. B. When the fire involves electrical equipment. C. When the fire is located in an enclosed area. D. When the fire is caused by flammable products.

QUESTION NO: 1368 To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room? A. Order an immediate refill with Halon 1201 from the manufacturer. B. Contact a Halon recycling bank to make arrangements for a refill. C. Order a Non-Hydrochlorofluorocarbon compound from the manufacturer. D. Order an immediate refill with Halon 1301 from the manufacturer.

QUESTION NO: 1369 Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is best described as: A. Ownership B. Protecting specific areas with different measures C. Localized emissions D. Compromise of the perimeter

QUESTION NO: 1370 In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which of the following configuration? A. Fail Soft B. Fail Open C. Fail Safe D. Fail Secure

QUESTION NO: 1371 Which of the following is a NOT a guideline necessary to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations? A. Restrict access to main air intake points to persons who have a work-related reason to be there B. Maintain access rosters of maintenance personnel who are not authorized to work on the system C. Escort all contractors with access to the system while on site D. Ensure that all air intake points are adequately secured with locking devices

QUESTION NO: 1372 Which of the following type of lock uses a numeric keypad or dial to gain entry? A. Bolting door locks B. Cipher lock C. Electronic door lock D. Biometric door lock

QUESTION NO: 1373 Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users? A. Palm Scan B. Hand Geometry C. Fingerprint D. Retina scan