SP - Practice Quiz AT Flashcards
QUESTION NO: 1
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:
A. Concern that the laser beam may cause eye damage.
B. The iris pattern changes as a person grows older.
C. There is a relatively high rate of false accepts.
D. The optical unit must be positioned so that the sun does not shine into the aperture.
D
QUESTION NO: 2
In Mandatory Access Control, sensitivity labels attached to object contain what information?
A. The item’s classification
B. The item’s classification and category set
C. The item’s category
D. The item’s need to know
B
QUESTION NO: 3
Which of the following is true about Kerberos?
A. It utilizes public key cryptography.
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text.
C. It depends upon symmetric ciphers.
D. It is a second party authentication system.
C
QUESTION NO: 4
Which of the following is needed for System Accountability?
A. Audit mechanisms.
B. Documented design as laid out in the Common Criteria.
C. Authorization.
D. Formal verification of system design.
A
QUESTION NO: 5
What is Kerberos?
A. A three-headed dog from the egyptian mythology.
B. A trusted third-party authentication protocol.
C. A security model.
D. A remote authentication dial in user server.
B
QUESTION NO: 6
Kerberos depends upon what encryption method?
A. Public Key cryptography.
B. Secret Key cryptography.
C. El Gamal cryptography.
D. Blowfish cryptography.
B
QUESTION NO: 7
A confidential number used as an authentication factor to verify a user’s identity is called a:
A. PIN
B. User ID
C. Password
D. Challenge
A
QUESTION NO: 8
Individual accountability does not include which of the following?
A. unique identifiers
B. policies & procedures
C. access rules
D. audit trails
B
QUESTION NO: 9
Which of the following exemplifies proper separation of duties?
A. Operators are not permitted modify the system time.
B. Programmers are permitted to use the system console.
C. Console operators are permitted to mount tapes and disks.
D. Tape operators are permitted to use the system console.
A
QUESTION NO: 10
An access control policy for a bank teller is an example of the implementation of which of thefollowing?
A. Rule-based policy
B. Identity-based policy
C. User-based policy
D. Role-based policy
D
QUESTION NO: 11
Which one of the following authentication mechanisms creates a problem for mobile users?
A. Mechanisms based on IP addresses
B. Mechanism with reusable passwords
C. One-time password mechanism.
D. Challenge response mechanism.
A
QUESTION NO: 12
Organizations should consider which of the following first before allowing external access to theirLANs via the Internet?
A. Plan for implementing workstation locking mechanisms.
B. Plan for protecting the modem pool.
C. Plan for providing the user with his account usage information.
D. Plan for considering proper authentication options.
D
QUESTION NO: 13
Kerberos can prevent which one of the following attacks?
A. Tunneling attack.
B. Playback (replay) attack.
C. Destructive attack.
D. Process attack.
B
QUESTION NO: 14
In discretionary access environments, which of the following entities is authorized to grant information access to other people?
A. Manager
B. Group Leader
C. Security Manager
D. Data Owner
D
QUESTION NO: 15
What is the main concern with single sign-on?
A. Maximum unauthorized access would be possible if a password is disclosed.
B. The security administrator’s workload would increase.
C. The users’ password would be too hard to remember.
D. User access rights would be increased.
A
QUESTION NO: 16
Who developed one of the first mathematical models of a multilevel-security computer system?
A. Diffie and Hellman.
B. Clark and Wilson.
C. Bell and LaPadula.
D. Gasser and Lipner.
C
QUESTION NO: 17
Which of the following attacks could capture network user passwords?
A. Data diddling
B. Sniffing
C. IP Spoofing
D. Smurfing
B
QUESTION NO: 18
Which of the following would constitute the best example of a password to use for access to asystem by a network administrator?
A. holiday
B. Christmas12
C. Jenny
D. GyN19Za!
D
QUESTION NO: 19
What physical characteristic does a retinal scan biometric device measure?
A. The amount of light reaching the retina
B. The amount of light reflected by the retina
C. The pattern of light receptors at the back of the eye
D. The pattern of blood vessels at the back of the eye
D
QUESTION NO: 20
The Computer Security Policy Model the Orange Book is based on is which of the following?
A. Bell-LaPadula
B. Data Encryption Standard
C. Kerberos
D. Tempest
A
QUESTION NO: 21
The end result of implementing the principle of least privilege means which of the following?
A. Users would get access to only the info for which they have a need to know
B. Users can access all systems.
C. Users get new privileges added when they change positions.
D. Authorization creep.
A
QUESTION NO: 22
Which of the following is the most reliable authentication method for remote access?
A. Variable callback system
B. Synchronous token
C. Fixed callback system
D. Combination of callback and caller ID
B
QUESTION NO: 23
Which of the following is true of two-factor authentication?
A. It uses the RSA public-key signature based on integers with large prime factors.
B. It requires two measurements of hand geometry.
C. It does not use single sign-on technology.
D. It relies on two independent proofs of identity.
D
QUESTION NO: 24
The primary service provided by Kerberos is which of the following?
A. non-repudiation
B. confidentiality
C. authentication
D. authorization
C
QUESTION NO: 25
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?
A. public keys
B. private keys
C. public-key certificates
D. private-key certificates
C
QUESTION NO: 26
In which of the following security models is the subject’s clearance compared to the object’s classification such that specific rules can be applied to control how the subject-to-object interactions take place?
A. Bell-LaPadula model
B. Biba model
C. Access Matrix model
D. Take-Grant model
A
QUESTION NO: 27
Which of the following was developed to address some of the weaknesses in Kerberos and usespublic key cryptography for the distribution of secret keys and provides additional access controlsupport?
A. SESAME
B. RADIUS
C. KryptoKnight
D. TACACS+
A
QUESTION NO: 28
Single Sign-on (SSO) is characterized by which of the following advantages?
A. Convenience
B. Convenience and centralized administration
C. Convenience and centralized data administration
D. Convenience and centralized network administration
B
QUESTION NO: 29
What is the primary role of smartcards in a PKI?
A. Transparent renewal of user keys
B. Easy distribution of the certificates between the users
C. Fast hardware encryption of the raw data
D. Tamper resistant, mobile storage and application of private keys of the users
D
QUESTION NO: 30
What kind of certificate is used to validate a user identity?
A. Public key certificate
B. Attribute certificate
C. Root certificate
D. Code signing certificate
A
QUESTION NO: 31
The following is NOT a security characteristic we need to consider while choosing a biometric identification systems:
A. data acquisition process
B. cost
C. enrollment process
D. speed and user interface
B
QUESTION NO: 32
In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering 2 questions :
A. what was the sex of a person and his age
B. what part of body to be used and how to accomplish identification that is viable
C. what was the age of a person and his income level
D. what was the tone of the voice of a person and his habits
B
QUESTION NO: 33
In biometric identification systems, the parts of the body conveniently available for identification are:
A. neck and mouth
B. hands, face, and eyes
C. feet and hair
D. voice and neck
B
QUESTION NO: 34
Controlling access to information systems and associated networks is necessary for the preservation of their:
A. Authenticity, confidentiality and availability
B. Confidentiality, integrity, and availability.
C. integrity and availability.
D. authenticity,confidentiality, integrity and availability.
B
QUESTION NO: 35
To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up:
A. Access Rules
B. Access Matrix
C. Identification controls
D. Access terminal
A
QUESTION NO: 36
Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control?
A. Discretionary Access Control (DAC)
B. Mandatory Access control (MAC)
C. Non-Discretionary Access Control (NDAC)
D. Lattice-based Access control
C
QUESTION NO: 37
The type of discretionary access control (DAC) that is based on an individual’s identity is also called:
A. Identity-based Access control
B. Rule-based Access control
C. Non-Discretionary Access Control
D. Lattice-based Access control
A
QUESTION NO: 38
Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
C
QUESTION NO: 39
Which of the following control pairings include: organizational policies and procedures, pre employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Administrative Pairing
A
QUESTION NO: 40
Technical controls such as encryption and access control can be built into the operating system,be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Technical Pairing
B
QUESTION NO: 41
What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources?
A. Micrometrics
B. Macrometrics
C. Biometrics
D. MicroBiometrics
C
QUESTION NO: 42
What is called the access protection system that limits connections by calling back the number of a previously authorized location?
A. Sendback systems
B. Callback forward systems
C. Callback systems
D. Sendback forward systems
C
QUESTION NO: 43
What are called user interfaces that limit the functions that can be selected by a user?
A. Constrained user interfaces
B. Limited user interfaces
C. Mini user interfaces
D. Unlimited user interfaces
A
QUESTION NO: 44
Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with:
A. Preventive/physical
B. Detective/technical
C. Detective/physical
D. Detective/administrative
D
QUESTION NO: 45
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:
A. Preventive/physical
B. Detective/technical
C. Detective/physical
D. Detective/administrative
B
QUESTION NO: 46
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:
A. Preventive/physical
B. Detective/technical
C. Detective/physical
D. Detective/administrative
C
QUESTION NO: 47
External consistency ensures that the data stored in the database is:
A. in-consistent with the real world.
B. remains consistent when sent from one system to another.
C. consistent with the logical world.
D. consistent with the real world.
D
QUESTION NO: 48
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
C
QUESTION NO: 49
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
A. Authentication
B. Identification
C. Authorization
D. Confidentiality
B
QUESTION NO: 50
Which one of the following factors is NOT one on which Authentication is based?
A. Type 1 Something you know, such as a PIN or password
B. Type 2 Something you have, such as an ATM card or smart card
C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan
D. Type 4 Something you are, such as a system administrator or security administrator
D
QUESTION NO: 51
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
C
QUESTION NO: 52
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
A. Authentication
B. Identification
C. Authorization
D. Confidentiality
B
QUESTION NO: 53
What is called the verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time?
A. Authentication
B. Identification
C. Integrity
D. Confidentiality
A
QUESTION NO: 54
Which one of the following factors is NOT one on which Authentication is based?
A. Type 1 Something you know, such as a PIN or password
B. Type 2 Something you have, such as an ATM card or smart card
C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan
D. Type 4 Something you are, such as a system administrator or security administrator
D
QUESTION NO: 55
The act of requiring two of the three factors to be used in the authentication process refers to:
A. Two-Factor Authentication
B. One-Factor Authentication
C. Bi-Factor Authentication
D. Double Authentication
A
QUESTION NO: 56
Which type of password provides maximum security because a new password is required for each new log-on?
A. One-time or dynamic password
B. Cognitive password
C. Static password
D. Passphrase
A
QUESTION NO: 57
What is called a password that is the same for each log-on session?
A. “one-time password”
B. “two-time password”
C. static password
D. dynamic password
C
QUESTION NO: 58
What is called a sequence of characters that is usually longer than the allotted number for a password?
A. passphrase
B. cognitive phrase
C. anticipated phrase
D. Real phrase
A
QUESTION NO: 59
Which best describes a tool (i.e. keyfob, calculator, memory card or smart card) used to supply dynamic passwords?
A. Tickets
B. Tokens
C. Token passing networks
D. Coupons
B
QUESTION NO: 60
Which of the following would be true about Static password tokens?
A. The owner identity is authenticated by the token
B. The owner will never be authenticated by the token.
C. The owner will authenticate himself to the system.
D. The token does not authenticates the token owner but the system.
A
QUESTION NO: 61
In Synchronous dynamic password tokens:
A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
C. The unique password is not entered into a system or workstation along with an owner’s PIN.
D. The authentication entity in a system or workstation knows an owner’s secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.
B
QUESTION NO: 62
In biometrics, “one-to-many” search against database of stored biometric images is done in:
A. Authentication
B. Identification
C. Identities
D. Identity-based access control
B
QUESTION NO: 63
Which of the following is true of biometrics?
A. It is used for identification in physical controls and it is not used in logical controls.
B. It is used for authentication in physical controls and for identification in logical controls.
C. It is used for identification in physical controls and for authentication in logical controls.
D. Biometrics has not role in logical controls.
C
QUESTION NO: 64
What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?
A. False Rejection Rate (FRR) or Type I Error
B. False Acceptance Rate (FAR) or Type II Error
C. Crossover Error Rate (CER)
D. True Rejection Rate (TRR) or Type III Error
A
QUESTION NO: 65
What is called the percentage of invalid subjects that are falsely accepted by a Biometric authentication system?
A. False Rejection Rate (FRR) or Type I Error
B. False Acceptance Rate (FAR) or Type II Error
C. Crossover Error Rate (CER)
D. True Acceptance Rate (TAR) or Type III Error
B
QUESTION NO: 66
What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate?
A. False Rejection Rate (FRR) or Type I Error
B. False Acceptance Rate (FAR) or Type II Error
C. Crossover Error Rate (CER)
D. Failure to enroll rate (FTE or FER)
C
QUESTION NO: 67
Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following?
A. Accountability of biometrics systems
B. Acceptability of biometrics systems
C. Availability of biometrics systems
D. Adaptability of biometrics systems
B
QUESTION NO: 68
Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access?
A. Smart cards
B. Single Sign-On (SSO)
C. Symmetric Ciphers
D. Public Key Infrastructure (PKI)
B
QUESTION NO: 69
Which of the following describes the major disadvantage of many Single Sign-On (SSO)implementations?
A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.
B. The initial logon process is cumbersome to discourage potential intruders.
C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications.
D. Once a user obtains access to the system through the initial log-on, he has to logout from allother systems
A
QUESTION NO: 70
Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user’s identity which permit access to system services?
A. Single Sign-On
B. Dynamic Sign-On
C. Smart cards
D. Kerberos
A
QUESTION NO:
71Which of the following is NOT true of the Kerberos protocol?
A. Only a single login is required per session.
B. The initial authentication steps are done using public key algorithm.
C. The KDC is aware of all systems in the network and is trusted by all of them
D. It performs mutual authentication
B
QUESTION NO: 72
The authenticator within Kerberos provides a requested service to the client after validating whichof the following?
A. timestamp
B. client public key
C. client private key
D. server public key
A
QUESTION NO: 73
Which of the following is addressed by Kerberos?
A. Confidentiality and Integrity
B. Authentication and Availability
C. Validation and Integrity
D. Auditability and Integrity
A
QUESTION NO: 74
Kerberos is vulnerable to replay in which of the following circumstances?
A. When a private key is compromised within an allotted time window.
B. When a public key is compromised within an allotted time window.
C. When a ticket is compromised within an allotted time window.
D. When the KSD is compromised within an allotted time window.
C
QUESTION NO: 75
Like the Kerberos protocol, SESAME is also subject to which of the following?
A. timeslot replay
B. password guessing
C. symmetric key guessing
D. asymmetric key guessing
B
QUESTION NO: 76
RADIUS incorporates which of the following services?
A. Authentication server and PIN codes.
B. Authentication of clients and static passwords generation.
C. Authentication of clients and dynamic passwords generation.
D. Authentication server as well as support for Static and Dynamic passwords.
D
QUESTION NO: 77
Which of the following protects a password from eavesdroppers and supports the encryption of communication?
A. Challenge Handshake Authentication Protocol (CHAP)
B. Challenge Handshake Identification Protocol (CHIP)
C. Challenge Handshake Encryption Protocol (CHEP)
D. Challenge Handshake Substitution Protocol (CHSP)
A
QUESTION NO: 78
Which of the following represents the columns of the table in a relational database?
A. attributes
B. relation
C. record retention
D. records or tuples
A
QUESTION NO: 79
A database view is the results of which of the following operations?
A. Join and Select.
B. Join, Insert, and Project.
C. Join, Project, and Create.
D. Join, Project, and Select.
D
QUESTION NO: 80
Which of the following is used to create and modify the structure of your tables and other objects in the database?
A. SQL Data Definition Language (DDL)
B. SQL Data Manipulation Language (DML)
C. SQL Data Relational Language (DRL)
D. SQL Data Identification Language (DIL)
A
QUESTION NO: 81
Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?
A. Intrusion Detection System
B. Compliance Validation System
C. Intrusion Management System (IMS)
D. Compliance Monitoring System
A
QUESTION NO: 82
Which of the following monitors network traffic in real time?
A. network-based IDS
B. host-based IDS
C. application-based IDS
D. firewall-based IDS
A
QUESTION NO: 83
A host-based IDS is resident on which of the following?
A. On each of the critical hosts
B. decentralized hosts
C. central hosts
D. bastion hosts
A
QUESTION NO: 84
Which of the following usually provides reliable, real-time information without consuming networkor host resources?
A. network-based IDS
B. host-based IDS
C. application-based IDS
D. firewall-based IDS
A
QUESTION NO: 85
The fact that a network-based IDS reviews packets payload and headers enable which of the following?
A. Detection of denial of service
B. Detection of all viruses
C. Detection of data corruption
D. Detection of all password guessing attacks
A
QUESTION NO: 86
Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?
A. host-based IDS
B. firewall-based IDS
C. bastion-based IDS
D. server-based IDS
A
QUESTION NO: 87
What would be considered the biggest drawback of Host-based Intrusion Detection systems(HIDS)?
A. It can be very invasive to the host operating system
B. Monitors all processes and activities on the host system only
C. Virtually eliminates limits associated with encryption
D. They have an increased level of visibility and control compared to NIDS
A
QUESTION NO: 88
Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)?
A. signature-based IDS
B. statistical anomaly-based IDS
C. event-based IDS
D. inferent-based IDS
A
QUESTION NO: 89
Which of the following is an issue with signature-based intrusion detection systems?
A. Only previously identified attack signatures are detected.
B. Signature databases must be augmented with inferential elements.
C. It runs only on the windows operating system
D. Hackers can circumvent signature evaluations.
A
QUESTION NO: 90
Which of the following is an IDS that acquires data and defines a “normal” usage profile for the network or host?
A. Statistical Anomaly-Based ID
B. Signature-Based ID
C. dynamical anomaly-based ID
D. inferential anomaly-based ID
A
QUESTION NO: 91
Which of the following is most relevant to determining the maximum effective cost of access control?
A. the value of information that is protected.
B. management’s perceptions regarding data importance.
C. budget planning related to base versus incremental spending.
D. the cost to replace lost data.
A
QUESTION NO: 92
Which of the following is NOT a factor related to Access Control?
A. integrity
B. authenticity
C. confidentiality
D. availability
B
QUESTION NO: 93
Which of the following is most appropriate to notify an external user that session monitoring is being conducted?
A. Logon Banners
B. Wall poster
C. Employee Handbook
D. Written agreement
A
QUESTION NO: 94
Which of the following pairings uses technology to enforce access control policies?
A. Preventive/Administrative
B. Preventive/Technical
C. Preventive/Physical
D. Detective/Administrative
B
QUESTION NO: 95
In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in?
A. Recovery
B. Containment
C. Triage
D. Analysis and tracking
D
QUESTION NO: 96
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to:
A. specify what users can do
B. specify which resources they can access
C. specify how to restrain hackers
D. specify what operations they can perform on a system.
C
QUESTION NO: 97
Access Control techniques do not include which of the following choices?
A. Relevant Access Controls
B. Discretionary Access Control
C. Mandatory Access Control
D. Lattice Based Access Control
A
QUESTION NO: 98
Which of the following statements relating to the Bell-LaPadula security model is FALSE(assuming the Strong Star property is not being used)?
A. A subject is not allowed to read up.
B. The *- property restriction can be escaped by temporarily downgrading a high level subject.
C. A subject is not allowed to read down.
D. It is restricted to confidentiality.
C
QUESTION NO: 99
When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED?
A. Type I error
B. Type II error
C. Type III error
D. Crossover error
B
QUESTION NO: 100
Which of the following is the FIRST step in protecting data’s confidentiality?
A. Install a firewall
B. Implement encryption
C. Identify which information is sensitive
D. Review all user access rights
C
QUESTION NO: 101
Which of the following best ensures accountability of users for the actions taken within a system or domain?
A. Identification
B. Authentication
C. Authorization
D. Credentials
B
QUESTION NO: 102
Which of the following statements pertaining to biometrics is FALSE?
A. User can be authenticated based on behavior.
B. User can be authenticated based on unique physical attributes.
C. User can be authenticated by what he knows.
D. A biometric system’s accuracy is determined by its crossover error rate (CER).
C
QUESTION NO: 103
Which of the following biometric devices offers the LOWEST CER?
A. Keystroke dynamics
B. Voice verification
C. Iris scan
D. Fingerprint
C
QUESTION NO: 104
Which of the following is the WEAKEST authentication mechanism?
A. Passphrases
B. Passwords
C. One-time passwords
D. Token devices
B
QUESTION NO: 105
Which of the following statements pertaining to access control is false?
A. Users should only access data on a need-to-know basis.
B. If access is not explicitly denied, it should be implicitly allowed.
C. Access rights should be granted based on the level of trust a company has on a subject.
D. Roles can be an efficient way to assign rights to a type of user who performs certain tasks.
B
QUESTION NO: 106
Which of the following is NOT part of the Kerberos authentication protocol?
A. Symmetric key cryptography
B. Authentication service (AS)
C. Principals
D. Public Key
D
QUESTION NO: 107
Which access control model enables the OWNER of the resource to specify what subjects canaccess specific resources based on their identity?
A. Discretionary Access Control
B. Mandatory Access Control
C. Sensitive Access Control
D. Role-based Access Control
A
QUESTION NO: 108
Which of the following access control models is based on sensitivity labels?
A. Discretionary access control
B. Mandatory access control
C. Rule-based access control
D. Role-based access control
B
QUESTION NO: 109
Which access control model is also called Non Discretionary Access Control (NDAC)?
A. Lattice based access control
B. Mandatory access control
C. Role-based access control
D. Label-based access control
C
QUESTION NO: 110
Which access model is most appropriate for companies with a high employee turnover?
A. Role-based access control
B. Mandatory access control
C. Lattice-based access control
D. Discretionary access control
A
QUESTION NO: 111
In a security context what are database views used for?
A. To ensure referential integrity
B. To allow easier access to data in a database
C. To restrict user access to data in a database
D. To provide audit trails
C
QUESTION NO: 112
What can be defined as a list of subjects along with their access rights that are authorized toaccess a specific object?
A. A capability table
B. An access control list
C. An access control matrix
D. A role-based matrix
B
QUESTION NO: 113
What is the difference between Access Control Lists (ACLs) and Capability Tables?
A. Access control lists are related/attached to a subject whereas capability tables arerelated/attached to an object.
B. Access control lists are related/attached to an object whereas capability tables arerelated/attached to a subject.
C. Capability tables are used for objects whereas access control lists are used for users.
D. They are basically the same.
B
QUESTION NO: 114
What can be defined as a table of subjects and objects indicating what actions individual subjectscan take upon individual objects?
A. A capacity table
B. An access control list
C. An access control matrix
D. A capability table
C
QUESTION NO: 115
Which access control model is best suited in an environment where a high security level isrequired and where it is desired that only the administrator grants access control?
A. DAC
B. MAC
C. Access control matrix
D. TACACS
B
QUESTION NO: 116
What is the primary goal of setting up a honey pot?
A. To lure hackers into attacking unused systems
B. To entrap and track down possible hackers
C. To set up a sacrificial lamb on the network
D. To know when certain types of attacks are in progress and to learn about attack techniques sothe network can be fortified.
D
QUESTION NO: 117
Which of the following countermeasures would be the most appropriate to prevent possibleintrusion or damage from wardialing attacks?
A. Monitoring and auditing for such activity
B. Require user authentication
C. Making sure only necessary phone numbers are made public
D. Using completely different numbers for voice and data accesses
B
QUESTION NO: 118
Which access control model provides upper and lower bounds of access capabilities for a subject?
A. Role-based access control
B. Lattice-based access control
C. Biba access control
D. Content-dependent access control
B
QUESTION NO: 119
How are memory cards and smart cards different?
A. Memory cards normally hold more memory than smart cards
B. Smart cards provide a two-factor authentication whereas memory cards don’t
C. Memory cards have no processing power
D. Only smart cards can be used for ATM cards
C
QUESTION NO: 120
Which of the following issues is not addressed by Kerberos?
A. Availability
B. Confidentiality
C. Integrity
D. Authentication
A
QUESTION NO: 121
Why do buffer overflows happen? What is the main cause?
A. Because buffers can only hold so much data
B. Because of improper parameter checking within the application
C. Because they are an easy weakness to exploit
D. Because of insufficient system memory
B
QUESTION NO: 122
What is the main focus of the Bell-LaPadula security model?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability
C
QUESTION NO: 123
Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT makinguse of the strong star property?
A. It allows “read up.”
B. It addresses covert channels.
C. It addresses management of access controls.
D. It allows “write up.”
D
QUESTION NO: 124
Which security model introduces access to objects only through programs?
A. The Biba model
B. The Bell-LaPadula model
C. The Clark-Wilson model
D. The information flow model
C
QUESTION NO: 125
An Intrusion Detection System (IDS) is what type of control?
A. A preventive control.
B. A detective control.
C. A recovery control.
D. A directive control.
B
QUESTION NO: 126
Smart cards are an example of which type of control?
A. Detective control
B. Administrative control
C. Technical control
D. Physical control
C
QUESTION NO: 127
What ensures that the control mechanisms correctly implement the security policy for the entire lifecycle of an information system?
A. Accountability controls
B. Mandatory access controls
C. Assurance procedures
D. Administrative controls
C
QUESTION NO: 128
What security model is dependent on security labels?
A. Discretionary access control
B. Label-based access control
C. Mandatory access control
D. Non-discretionary access control
C
QUESTION NO: 129
What security model implies a central authority that define rules and sometimes global rules,dictating what subjects can have access to what objects?
A. Flow Model
B. Discretionary access control
C. Mandatory access control
D. Non-discretionary access control
D
QUESTION NO: 130
Which type of password token involves time synchronization?
A. Static password tokens
B. Synchronous dynamic password tokens
C. Asynchronous dynamic password tokens
D. Challenge-response tokens
B
QUESTION NO: 131
Which of the following statements pertaining to biometrics is false?
A. Increased system sensitivity can cause a higher false rejection rate
B. The crossover error rate is the point at which false rejection rate equals the false acceptance rate.
C. False acceptance rate is also known as Type II error.
D. Biometrics are based on the Type 2 authentication mechanism.
D
QUESTION NO: 132
Which of the following statements pertaining to Kerberos is TRUE?
A. Kerberos does not address availability
B. Kerberos does not address integrity
C. Kerberos does not make use of Symmetric Keys
D. Kerberos cannot address confidentiality of information
A
QUESTION NO: 133
Database views are NOT used to:
A. Implement referential integrity
B. Implement least privilege
C. To implement content-dependent access restrictions
D. Implement need-to-know
A
QUESTION NO: 134
What IDS approach relies on a database of known attacks?
A. Signature-based intrusion detection
B. Statistical anomaly-based intrusion detection
C. Behavior-based intrusion detection
D. Network-based intrusion detection
A
QUESTION NO: 135
What refers to legitimate users accessing networked services that would normally be restricted to them?
A. Spoofing
B. Piggybacking
C. Eavesdropping
D. Logon abuse
D
QUESTION NO: 136
Which of the following is not a two-factor authentication mechanism?
A. Something you have and something you know.
B. Something you do and a password.
C. A smartcard and something you are.
D. Something you know and a password.
D
QUESTION NO: 137
Which of the following access control models introduces user security clearance and data classification?
A. Role-based access control
B. Discretionary access control
C. Non-discretionary access control
D. Mandatory access control
D
QUESTION NO: 138
Password management falls into which control category?
A. Compensating
B. Detective
C. Preventive
D. Technical
C
QUESTION NO: 139
Which of the following access control models requires security clearance for subjects?
A. Identity-based access control
B. Role-based access control
C. Discretionary access control
D. Mandatory access control
D
QUESTION NO: 140
Which of the following would describe a type of biometric error refers to as false rejection rate?
A. Type I error
B. Type II error
C. Type III error
D. CER error
A
QUESTION NO: 141
Which of the following access control models requires defining classification for objects?
A. Role-based access control
B. Discretionary access control
C. Identity-based access control
D. Mandatory access control
D
QUESTION NO: 142
In the context of access control, locks, gates, guards are examples of which of the following?
A. Administrative controls
B. Technical controls
C. Physical controls
D. Logical controls
C
QUESTION NO: 143
Which of the following statements pertaining to Kerberos is true?
A. Kerberos uses public key cryptography.
B. Kerberos uses X.509 certificates.
C. Kerberos is a credential-based authentication system.
D. Kerberos was developed by Microsoft.
C
QUESTION NO: 144
Which of the following statements pertaining to using Kerberos without any extension is false?
A. A client can be impersonated by password-guessing.
B. Kerberos is mostly a third-party authentication protocol.
C. Kerberos uses public key cryptography.
D. Kerberos provides robust authentication.
C
QUESTION NO: 145
Which access control model would a lattice-based access control model be an example of?
A. Mandatory access control.
B. Discretionary access control.
C. Non-discretionary access control.
D. Rule-based access control.
A
QUESTION NO: 146
Which of the following is an example of discretionary access control?
A. Identity-based access control
B. Task-based access control
C. Role-based access control
D. Rule-based access control
A
QUESTION NO: 147
Which of the following would be used to implement Mandatory Access Control (MAC)?
A. Clark-Wilson Access Control
B. Role-based access control
C. Lattice-based access control
D. User dictated access control
C
QUESTION NO: 148
What does the Clark-Wilson security model focus on?
A. Confidentiality
B. Integrity
C. Accountability
D. Availability
B
QUESTION NO: 149
What does the simple security (ss) property mean in the Bell-LaPadula model?
A. No read up
B. No write down
C. No read down
D. No write up
A
QUESTION NO: 150
What does the * (star) property mean in the Bell-LaPadula model?
A. No write up
B. No read up
C. No write down
D. No read down
C
QUESTION NO: 151
What does the * (star) integrity axiom mean in the Biba model?
A. No read up
B. No write down
C. No read down
D. No write up
D
QUESTION NO: 152
What is the Biba security model concerned with?
A. Confidentiality
B. Reliability
C. Availability
D. Integrity
D
QUESTION NO: 153
Which security model uses division of operations into different parts and requires different users toperform each part?
A. Bell-LaPadula model
B. Biba model
C. Clark-Wilson model
D. Non-interference model
C
QUESTION NO: 154
Which type of control is concerned with avoiding occurrences of risks?
A. Deterrent controls
B. Detective controls
C. Preventive controls
D. Compensating controls
C
QUESTION NO: 155
Which type of control is concerned with restoring controls?
A. Compensating controls
B. Corrective controls
C. Detective controls
D. Preventive controls
B
QUESTION NO: 156
Which of the following biometric parameters are better suited for authentication use over a longperiod of time?
A. Iris pattern
B. Voice pattern
C. Signature dynamics
D. Retina pattern
A
QUESTION NO: 157
Which of the following is required in order to provide accountability?
A. Authentication
B. Integrity
C. Confidentiality
D. Audit trails
D
QUESTION NO: 158
Which of the following access control techniques best gives the security officers the ability tospecify and enforce enterprise-specific security policies in a way that maps naturally to anorganization’s structure?
A. Access control lists
B. Discretionary access control
C. Role-based access control
D. Non-mandatory access control
C
QUESTION NO: 159
Which access control model was proposed for enforcing access control in government and military applications?
A. Bell-LaPadula model
B. Biba model
C. Sutherland model
D. Brewer-Nash model
A
QUESTION NO: 160
Which access control model achieves data integrity through well-formed transactions andseparation of duties?
A. Clark-Wilson model
B. Biba model
C. Non-interference model
D. Sutherland model
A
QUESTION NO: 161
This is a common security issue that is extremely hard to control in large environments. It occurswhen a user has more computer rights, permissions, and access than what is required for thetasks the user needs to fulfill. What best describes this scenario?
A. Excessive Rights
B. Excessive Access
C. Excessive Permissions
D. Excessive Privileges
D
QUESTION NO: 162
Which of the following are additional access control objectives?
A. Consistency and utility
B. Reliability and utility
C. Usefulness and utility
D. Convenience and utility
B
QUESTION NO: 163
Controls are implemented to:
A. eliminate risk and reduce the potential for loss
B. mitigate risk and eliminate the potential for loss
C. mitigate risk and reduce the potential for loss
D. eliminate risk and eliminate the potential for loss
C
QUESTION NO: 164
Logical or technical controls involve the restriction of access to systems and the protection ofinformation. Which of the following statements pertaining to these types of controls is correct?
A. Examples of these types of controls include policies and procedures, security awarenesstraining, background checks, work habit checks but do not include a review of vacation history,and also do not include increased supervision.
B. Examples of these types of controls do not include encryption, smart cards, access lists, andtransmission protocols.
C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.
D. Examples of these types of controls include policies and procedures, security awarenesstraining, background checks, work habit checks, a review of vacation history, and increasedsupervision.
C
QUESTION NO: 165
Controls provide accountability for individuals who are accessing sensitive information. Thisaccountability is accomplished:
A. through access control mechanisms that require identification and authentication and throughthe audit function.
B. through logical or technical controls involving the restriction of access to systems and theprotection of information.
C. through logical or technical controls but not involving the restriction of access to systems andthe protection of information
D. through access control mechanisms that do not require identification and authentication and donot operate through the audit function.
A
QUESTION NO: 166
In non-discretionary access control using Role Based Access Control (RBAC), a central authoritydetermines what subjects can have access to certain objects based on the organizational securitypolicy. The access controls may be based on:
A. The societies role in the organization
B. The individual’s role in the organization
C. The group-dynamics as they relate to the individual’s role in the organization
D. The group-dynamics as they relate to the master-slave role in the organization
B
QUESTION NO: 167
In an organization where there are frequent personnel changes, non-discretionary access controlusing Role Based Access Control (RBAC) is useful because:
A. people need not use discretion
B. the access controls are based on the individual’s role or title within the organization.
C. the access controls are not based on the individual’s role or title within the organization
D. the access controls are often based on the individual’s role or title within the organization
B
QUESTION NO: 168
Another type of access control is lattice-based access control. In this type of control a lattice modelis applied. How is this type of access control concept applied?
A. The pair of elements is the subject and object, and the subject has an upper bound equal orhigher than the upper bound of the object being accessed.
B. The pair of elements is the subject and object, and the subject has an upper bound lower thenthe upper bound of the object being accessed.
C. The pair of elements is the subject and object, and the subject has no special upper or lowerbound needed within the lattice.
D. The pair of elements is the subject and object, and the subject has no access rights in relationto an object.
A
QUESTION NO: 169
Detective/Technical measures:
A. include intrusion detection systems and automatically-generated violation reports from audittrail information.
B. do not include intrusion detection systems and automatically-generated violation reports fromaudit trail information.
C. include intrusion detection systems but do not include automatically-generated violation reportsfrom audit trail information.
D. include intrusion detection systems and customised-generated violation reports from audit trailinformation.
A
QUESTION NO: 170
Passwords can be required to change monthly, quarterly, or at other intervals:
A. depending on the criticality of the information needing protection
B. depending on the criticality of the information needing protection and the password’s frequencyof use.
C. depending on the password’s frequency of use.
D. not depending on the criticality of the information needing protection but depending on thepassword’s frequency of use.
B
QUESTION NO: 171
When submitting a passphrase for authentication, the passphrase is converted into …
A. a virtual password by the system.
B. a new passphrase by the system.
C. a new passphrase by the encryption technologyISC CISSP Exam”
D. a real password by the system which can be used forever.
A
QUESTION NO: 172
In the context of Biometric authentication, what is a quick way to compare the accuracy of devices.In general, the device that have the lowest value would be the most accurate. Which of thefollowing would be used to compare accuracy of devices?
A. the CER is used.
B. the FRR is used
C. the FAR is used
D. The FER is used
A
QUESTION NO: 173
The throughput rate is the rate at which individuals, once enrolled, can be processed and identifiedor authenticated by a biometric system. Acceptable throughput rates are in the range of:
A. 100 subjects per minute.
B. 25 subjects per minute.
C. 10 subjects per minute.
D. 50 subjects per minute.
C
QUESTION NO: 174
Which of the following biometric devices has the lowest user acceptance level?
A. Retina Scan
B. Fingerprint scan
C. Hand geometry
D. Signature recognition
A
QUESTION NO: 175
Which of the following would be an example of the best password?
A. golf001
B. Elizabeth
C. T1me4g0lF
D. password
C
QUESTION NO: 176
Which of the following tools is less likely to be used by a hacker?
A. l0phtcrack
B. Tripwire
C. OphCrack
D. John the Ripper
B
QUESTION NO: 177
What is an error called that causes a system to be vulnerable because of the environment in whichit is installed?
A. Configuration error
B. Environmental error
C. Access validation error
D. Exceptional condition handling error
B
QUESTION NO: 178
A network-based vulnerability assessment is a type of test also referred to as:
A. An active vulnerability assessment.
B. A routing vulnerability assessment.
C. A host-based vulnerability assessment.
D. A passive vulnerability assessment.
A
QUESTION NO: 179
Why would anomaly detection IDSs often generate a large number of false positives?
A. Because they can only identify correctly attacks they already know about.
B. Because they are application-based are more subject to attacks.
C. Because they can’t identify abnormal behavior.
D. Because normal patterns of user and system behavior can vary wildly.
D
QUESTION NO: 180
Ensuring least privilege does not require:
A. Identifying what the user’s job is.
B. Ensuring that the user alone does not have sufficient rights to subvert an important process.
C. Determining the minimum set of privileges required for a user to perform their duties.
D. Restricting the user to required privileges and nothing more.
B
QUESTION NO: 181
Which of the following is NOT a form of detective technical control?
A. Audit trails
B. Access control software
C. Honeypot
D. Intrusion detection system
B
QUESTION NO: 182
Which of the following does not apply to system-generated passwords?
A. Passwords are harder to remember for users.
B. If the password-generating algorithm gets to be known, the entire system is in jeopardy.
C. Passwords are more vulnerable to brute force and dictionary attacks.
D. Passwords are harder to guess for attackers.
C
QUESTION NO: 183
Which of the following is not a preventive login control?
A. Last login message
B. Password aging
C. Minimum password length
D. Account expiration
A
QUESTION NO: 184
What is the most critical characteristic of a biometric identifying system?
A. Perceived intrusiveness
B. Storage requirements
C. Accuracy
D. Scalability
C
QUESTION NO: 185
What is considered the most important type of error to avoid for a biometric access control system?
A. Type I Error
B. Type II Error
C. Combined Error Rate
D. Crossover Error Rate
B
QUESTION NO: 186
How can an individual/person best be identified or authenticated to prevent local masquerading attacks?
A. User Id and password
B. Smart card and PIN code
C. Two-factor authentication
D. Biometrics
D
QUESTION NO: 187
Which authentication technique best protects against hijacking?
A. Static authentication
B. Continuous authentication
C. Robust authentication
D. Strong authentication
B
QUESTION NO: 188
Which of the following is not a security goal for remote access?
A. Reliable authentication of users and systems
B. Protection of confidential data
C. Easy to manage access control to systems and network resources
D. Automated login for remote users
D
QUESTION NO: 189
Which of the following is most concerned with personnel security?
A. Management controls
B. Operational controls
C. Technical controls
D. Human resources controls
B
QUESTION NO: 190
Which of the following questions is less likely to help in assessing identification and authentication controls?
A. Is a current list maintained and approved of authorized users and their access?
B. Are passwords changed at least every ninety days or earlier if needed?
C. Are inactive user identifications disabled after a specified period of time?
D. Is there a process for reporting incidents?
D
QUESTION NO: 191
How would nonrepudiation be best classified as?
A. A preventive control
B. A logical control
C. A corrective control
D. A compensating control
A
QUESTION NO: 192
What are cognitive passwords?
A. Passwords that can be used only once.
B. Fact or opinion-based information used to verify an individual’s identity.
C. Password generators that use a challenge response scheme.
D. Passphrases.
B
QUESTION NO: 193
Which of the following Kerberos components holds all users’ and services’ cryptographic keys?
A. The Key Distribution Service
B. The Authentication Service
C. The Key Distribution Center
D. The Key Granting Service
C
QUESTION NO: 194
Most access violations are:
A. Accidental
B. Caused by internal hackers
C. Caused by external hackers
D. Related to Internet
A
QUESTION NO: 195
Which of the following biometrics devices has the highest Crossover Error Rate (CER)?
A. Iris scan
B. Hand geometry
C. Voice pattern
D. Fingerprints
C
QUESTION NO: 196
Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)?
A. Authentication
B. Administration
C. Accounting
D. Authorization
B
QUESTION NO: 197
Which of the following protocol was used by the INITIAL version of the Terminal Access ControllerAccess Control System TACACS for communication between clients and servers?
A. TCP
B. SSL
C. UDP
D. SSH
C
QUESTION NO: 198
Which of the following can best eliminate dial-up access through a Remote Access Server as ahacking vector?
A. Using a TACACS+ server.
B. Installing the Remote Access Server outside the firewall and forcing legitimate users toauthenticate to the firewall.
C. Setting modem ring count to at least 5
D. Only attaching modems to non-networked hosts.
B
QUESTION NO: 199
In the Bell-LaPadula model, the Star-property is also called:
A. The simple security property
B. The confidentiality property
C. The confinement property
D. The tranquility property
C
QUESTION NO: 200
An attack initiated by an entity that is authorized to access system resources but uses them in away not approved by those who granted the authorization is known as a(n):
A. active attack.
B. outside attack.
C. inside attack.
D. passive attack.
C
QUESTION NO: 201
Which of the following can be defined as a framework that supports multiple, optional
authentication mechanisms for PPP, including cleartext passwords, challenge-response, and
arbitrary dialog sequences?
A. Extensible Authentication Protocol
B. Challenge Handshake Authentication Protocol
C. Remote Authentication Dial-In User Service
D. Multilevel Authentication Protocol.
A
QUESTION NO: 202
What is the name of the first mathematical model of a multi-level security policy used to define the
concept of a secure state, the modes of access, and rules for granting access?
A. Clark and Wilson Model
B. Harrison-Ruzzo-Ullman Model
C. Rivest and Shamir Model
D. Bell-LaPadula Model
D
QUESTION NO: 203
What is the PRIMARY use of a password?
A. Allow access to files.
B. Identify the user.
C. Authenticate the user.
D. Segregate various user’s accesses.
C
QUESTION NO: 204
The three classic ways of authenticating yourself to the computer security software are: something
you know, something you have, and something:
A. you need.
B. you read.
C. you are.
D. you do.
C
QUESTION NO: 205 An access system that grants users only those rights necessary for them to perform their work is operating on which security principle? A. Discretionary Access B. Least Privilege C. Mandatory Access D. Separation of Duties
B
QUESTION NO: 206
Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be
used for Authentication. When one of these item listed above in conjunction with a second factor
to validate authentication, it provides robust authentication of the individual by practicing which of
the following?
A. Multi-party authentication
B. Two-factor authentication
C. Mandatory authentication
D. Discretionary authentication
B
QUESTION NO: 207
What would you call a network security control deployed in line to detects, alerts, and takes action
when a possible intrusion is detected.
A. Application Based Instrusion Detection Systems (AIDS)
B. Network Based Intrusion Detection System (NIDS)
C. Intrusion Prevention System (IPS)
D. Host Based Intrusion Detection System (HIDS)
C
QUESTION NO: 208
What is a security policy?
A. High level statements on management’s expectations that must be met in regards to security
B. A policy that defines authentication to the network.
C. A policy that focuses on ensuring a secure posture and expresses management approval. It
explains in detail how to implement the requirements.
D. A statement that focuses on the authorization process for a system
A
QUESTION NO: 209
Legacy single sign on (SSO) is:
A. Technology to allow users to authenticate to every application by entering the same user ID
and password each time, thus having to remember only a single password.
B. Technology to manage passwords consistently across multiple platforms, enforcing policies
such as password change intervals.
C. A mechanism where users can authenticate themselves once, and then a central repository of
their credentials is used to launch various legacy applications.
D. Another way of referring to SESAME and KryptoKnight, now that Kerberos is the de-facto industry standard single sign on mechanism.
C
QUESTION NO: 210
Identity Management solutions include such technologies as Directories services, Single Sign-On
and Web Access management. There are many reasons for management to choose an identity
management solution.
Which of the following is a key management challenge regarding identity management solutions?
A. Increasing the number of points of failures.
B. Users will no longer be able to “recycle” their password for different applications.
C. Costs increase as identity management technologies require significant resources.
D. It must be able to scale to support high volumes of data and peak transaction rates.
D
QUESTION NO: 211
Which of the following describes the sequence of steps required for a Kerberos session to be
established between a user (Principal P1), and an application server (Principal P2)?
A. Principals P1 and Principals P2 authenticate to the Key Distribution Center (KDC),
B. Principal P1 receives a Ticket Granting Ticket (TGT), and then Principal P2 requests a service
ticket from the KDC.
C. Principal P1 authenticates to the Key Distribution Center(KDC), Principal P1 receives a Ticket
Granting Ticket (TGT), and Principal P1 requests a service ticket from the Ticket Granting Service
(TGS) in order to access the application server P2
D. Principal P1 authenticates to the Key Distribution Center (KDC),
E. Principal P1 requests a Ticket Granting Ticket (TGT) from the authentication server, and then
Principal P1 requests a service ticket from the application server P2
F. Principals P1 and P2 authenticate to the Key Distribution Center (KDC), Principal P1 requests a
Ticket Granting Ticket (TGT) from the authentication server, and application server P2 requests a service ticket from P1
C
QUESTION NO: 212
Which type of security control is also known as “Logical” control?
A. Physical
B. Technical
C. Administrative
D. Risk
B
QUESTION NO: 213
Which of the following term best describes a weakness that could potentially be exploited?
A. Vulnerability
B. Risk
C. Threat
D. Target of evaluation (TOE)
A
QUESTION NO: 214
Which of the following best describes an exploit?
A. An intentional hidden message or feature in an object such as a piece of software or a movie.
B. A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability
in order to cause unintended or unanticipated behavior to occur on computer software
C. An anomalous condition where a process attempts to store data beyond the boundaries of a
fixed-length buffer
D. A condition where a program (either an application or part of the operating system) stops
performing its expected function and also stops responding to other parts of the system
B
QUESTION NO: 215
A smart Card that has two chips with the Capability of utilizing both Contact and Contactless
formats is called:
A. Contact Smart Cards
B. Contactless Smart Cards
C. Hybrid Cards
D. Combi Cards
C
QUESTION NO: 216
An employee ensures all cables are shielded, builds concrete walls that extend from the true floor
to the true ceiling and installs a white noise generator. What attack is the employee trying to
protect against?
A. Emanation Attacks
B. Social Engineering
C. Object reuse
D. Wiretaping
A
QUESTION NO: 217
The best technique to authenticate to a system is to:
A. Establish biometric access through a secured server or Web site.
B. Ensure the person is authenticated by something he knows and something he has.
C. Maintain correct and accurate ACLs (access control lists) to allow access to applications.
D. Allow access only through user ID and password.
B
QUESTION NO: 218
Business Impact Analysis (BIA) is about
A. Technology
B. Supporting the mission of the organization
C. Due Care
D. Risk Assessment
B
QUESTION NO: 219
You wish to make use of “port knocking” technologies. How can you BEST explain this?
A. Port knocking is where the client will attempt to connect to a predefined set of ports to identify
him as an authorized client.
B. Port knocking is where the user calls the server operator to have him start the service he wants
to connect to.
C. This is where all the ports are open on the server and the connecting client scans the open port
to which he wants to connect to see if it’s open and running.
D. Port knocking is where the port sequence is encrypted with 3DES and only the server has the
other key to decrypt the port sequence.
A
QUESTION NO: 220
Tim is a network administrator of Acme inc. He is responsible for configuring the network devices.
John the new security manager reviews the configuration of the Firewall configured by Tim and
identifies an issue. This specific firewall is configured in failover mode with another firewall. A
sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used
by Tim while configuring the firewalls. Which of the following should be used by Tim to ensure a
that no one can eavesdrop on the communication?
A. SSH
B. SFTP
C. SCP
D. RSH
A
QUESTION NO: 221
Tim’s day to day responsibilities include monitoring health of devices on the network. He uses a
Network Monitoring System supporting SNMP to monitor the devices for any anomalies or high
traffic passing through the interfaces. Which of the protocols would be BEST to use if some of the
requirements are to prevent easy disclosure of the SNMP strings and authentication of the source
of the packets?
A. UDP
B. SNMP V1
C. SNMP V3
D. SNMP V2
C
QUESTION NO: 222
You have been approached by one of your clients . They are interested in doing some security reengineering
. The client is looking at various information security models. It is a highly secure
environment where data at high classifications cannot be leaked to subjects at lower
classifications . Of primary concern to them, is the identification of potential covert channel. As an
Information Security Professional , which model would you recommend to the client?
A. Information Flow Model combined with Bell Lapadula
B. Bell Lapadula
C. Biba
D. Information Flow Model
A
QUESTION NO: 223
Which of the following is a reasonable response from the Intrusion Detection System (IDS) when
it detects Internet Protocol (IP) packets where the IP source address and port is the same as the
destination IP address and port?
A. Allow the packet to be processed by the network and record the event
B. Record selected information about the packets and drop the packets
C. Resolve the destination address and process the packet
D. Translate the source address and resend the packet
B
QUESTION NO: 224
What is the BEST definition of SQL injection.
A. SQL injection is a database problem.
B. SQL injection is a web Server problem.
C. SQL injection is a windows and Linux website problem that could be corrected by applying a
website vendors patch.
D. SQL injection is an input validation problem.
D
QUESTION NO: 225
You are a security consultant who is required to perform penetration testing on a client’s network.
During penetration testing, you are required to use a compromised system to attack other systems
on the network to avoid network restrictions like firewalls. Which method would you use in this
scenario:
A. Black box Method
B. Pivoting method
C. White Box Method.
D. Grey Box Method
B
QUESTION NO: 226
Which answer best describes a computer software attack that takes advantage of a previously
unpublished vulnerability?
A. Zero-Day Attack
B. Exploit Attack
C. Vulnerability Attack
D. Software Crack
A
QUESTION NO: 227
Data which is properly secured and can be described with terms like genuine or not corrupted from
the original refers to data that has a high level of what?
A. Authenticity
B. Authorization
C. Availability
D. Non-Repudiation
A
QUESTION NO: 228
Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?
A. Logon Banners
B. Wall poster
C. Employee Handbook
D. Written agreement
D
QUESTION NO: 229
A Differential backup process will:
A. Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1
B. Backs up data labeled with archive bit 1 and changes the data label to archive bit 0
C. Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0
D. Backs up data labeled with archive bit 0 and changes the data label to archive bit 1
A
QUESTION NO: 230
When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason?
A. Human error
B. The Windows Operating system
C. Insecure programming languages
D. Insecure Transport Protocols
A
QUESTION NO: 231
Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE
standards that describe technologies at that layer?
A. LCL and MAC; IEEE 8022 and 8023
B. LCL and MAC; IEEE 8021 and 8023
C. Network and MAC; IEEE 8021 and 8023
A
QUESTION NO: 232
Which of the following is NOT part of user provisioning?
A. Creation and deactivation of user accounts
B. Business process implementation
C. Maintenance and deactivation of user objects and attributes
D. Delegating user administration
B
QUESTION NO: 233
Which of the following answers best describes the type of penetration testing where the analyst
has full knowledge of the network on which he is going to perform his test?
A. White-Box Penetration Testing
B. Black-Box Pen Testing
C. Penetration Testing
D. Gray-Box Pen Testing
A
QUESTION NO: 234
Which access control method allows the data owner (the person who created the file) to control
access to the information they own?
A. DAC - Discretionary Access Control
B. MAC - Mandatory Access Control
C. RBAC - Role-Based Access Control
D. NDAC - Non-Discretionary Access Control
A
QUESTION NO: 235
Suppose you are a domain administrator and are choosing an employee to carry out backups.
Which access control method do you think would be best for this scenario?
A. RBAC - Role-Based Access Control
B. MAC - Mandatory Access Control
C. DAC - Discretionary Access Control
D. RBAC - Rule-Based Access Control
A
QUESTION NO: 236
Of the seven types of Access Control Categories, which is described as such?
Designed to specify rules of acceptable behavior in the organization.
Example: Policy stating that employees may not spend time on social media websites
A. Directive Access Control
B. Deterrent Access Control
C. Preventive Access Control
D. Detective Access Control
A
QUESTION NO: 237
Which of the following is NOT a disadvantage of Single Sign On (SSO)?
A. Support for all major operating system environment is difficult
B. The cost associated with SSO development can be significant
C. SSO could be single point of failure and total compromise of an organization asset
D. SSO improves an administrator’s ability to manage user’s account and authorization to all
associated system
D
QUESTION NO: 238
You are a manager for a large international bank and periodically move employees between
positions in your department. What is this process called?
A. Job Rotation
B. Separation of Duties
C. Mandatory Rotations
D. Dual Control
A
QUESTION NO: 239
Which of the following control is intended to discourage a potential attacker?
A. Deterrent
B. Preventive
C. Corrective
D. Recovery
A
QUESTION NO: 240
Which of the following security control is intended to avoid an incident from occurring?
A. Deterrent
B. Preventive
C. Corrective
D. Recovery
B
QUESTION NO: 241
Which of the following control helps to identify an incident’s activities and potentially an intruder?
A. Deterrent
B. Preventive
C. Detective
D. Compensating
C
QUESTION NO: 242
Which of the following is NOT an example of preventive control?
A. Physical access control like locks and door
B. User login screen which allows only authorize user to access website
C. Encrypt the data so that only authorize user can view the same
D. Duplicate checking of a calculations
D
QUESTION NO: 243
Which of the following is NOT an example of corrective control?
A. OS Upgrade
B. Backup and restore
C. Contingency planning
D. System Monitoring
D
QUESTION NO: 244
Which of the following is NOT an example of a detective control?
A. System Monitor
B. IDS
C. Monitor detector
D. Backup data restore
D
QUESTION NO: 245
During an IS audit, auditor has observed that authentication and authorization steps are split into
two functions and there is a possibility to force the authorization step to be completed before the
authentication step. Which of the following technique an attacker could user to force authorization
step before authentication?
A. Eavesdropping
B. Traffic analysis
C. Masquerading
D. Race Condition
D
QUESTION NO: 246
Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)?
A. Eavesdropping
B. Traffic analysis
C. Masquerading
D. Race Condition
D
QUESTION NO: 247
Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST
accepted by users?
A. Palm Scan
B. Hand Geometry
C. Fingerprint
D. Retina scan
D
QUESTION NO: 248
During an IS audit, one of your auditor has observed that some of the critical servers in your
organization can be accessed ONLY by using shared/common user name and password. What
should be the auditor’s PRIMARY concern be with this approach?
A. Password sharing
B. Accountability
C. Shared account management
D. Difficulty in auditing shared account
B
QUESTION NO: 249
Which of the following testing method examines the functionality of an application without peering
into its internal structure or knowing the details of it’s internals?
A. Black-box testing
B. Parallel Test
C. Regression Testing
D. Pilot Testing
A
QUESTION NO: 250
Which of the following testing method examines internal structure or working of an application?
A. White-box testing
B. Parallel Test
C. Regression Testing
D. Pilot Testing
A
QUESTION NO: 251
Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing
the context or state of the request?
A. ICMP
B. TCP
C. UDP
D. IP
B
QUESTION NO: 252
When referring to the data structures of a packet, the term Protocol Data Unit (PDU) is used, what
is the proper term to refer to a single unit of TCP data at the transport layer?
A. TCP segment.
B. TCP datagram.
C. TCP frame.
D. TCP packet.
A
QUESTION NO: 253
How do you distinguish between a bridge and a router?
A. A bridge simply connects multiple networks, a router examines each packet to determine which
network to forward it to.
B. “Bridge” and “router” are synonyms for equipment used to join two networks.
C. The bridge is a specific type of router used to connect a LAN to the global Internet.
D. The bridge connects multiple networks at the data link layer, while router connects multiple
networks at the network layer.
D
QUESTION NO: 254
ICMP and IGMP belong to which layer of the OSI model?
A. Datagram Layer.
B. Network Layer.
C. Transport Layer.
D. Data Link Layer.
B
QUESTION NO: 255
What is a limitation of TCP Wrappers?
A. It cannot control access to running UDP services.
B. It stops packets before they reach the application layer, thus confusing some proxy servers.
C. The hosts.* access control system requires a complicated directory tree.
D. They are too expensive.
A
QUESTION NO: 256
The IP header contains a protocol field. If this field contains the value of 1, what type of data is
contained within the IP datagram?
A. TCP.
B. ICMP.
C. UDP.
D. IGMP.
B
QUESTION NO: 257
The IP header contains a protocol field. If this field contains the value of 2, what type of data is
contained within the IP datagram?
A. TCP.
B. ICMP.
C. UDP.
D. IGMP.
D
QUESTION NO: 258
What is the proper term to refer to a single unit of IP data?
A. IP segment.
B. IP datagram.
C. IP frame.
D. IP fragment.
B
QUESTION NO: 259
A packet containing a long string of NOP’s followed by a command is usually indicative of what?
A. A syn scan.
B. A half-port scan.
C. A buffer overflow attack.
D. A packet destined for the network’s broadcast address.
C
QUESTION NO: 260
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized
by classes. Which of the following would have been true of a Class C network?
A. The first bit of the IP address would be set to zero.
B. The first bit of the IP address would be set to one and the second bit set to zero.
C. The first two bits of the IP address would be set to one, and the third bit set to zero.
D. The first three bits of the IP address would be set to one.
C
QUESTION NO: 261
Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a
valid address to use on the Internet)?
A. 192.168.42.5
B. 192.166.42.5
C. 192.175.42.5
D. 192.1.42.5
A
QUESTION NO: 262
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized
by classes. Which of the following would have been true of a Class A network?
A. The first bit of the IP address would be set to zero.
B. The first bit of the IP address would be set to one and the second bit set to zero.
C. The first two bits of the IP address would be set to one, and the third bit set to zero.
D. The first three bits of the IP address would be set to one.
A
QUESTION NO: 263
Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a
valid address to use on the Internet)?
A. 10.0.42.5
B. 11.0.42.5
C. 12.0.42.5
D. 13.0.42.5
A
QUESTION NO: 264
Which one of the following authentication mechanisms creates a problem for mobile users?
A. Mechanisms based on IP addresses
B. Mechanism with reusable passwords
C. one-time password mechanism.
D. challenge response mechanism.
A
QUESTION NO: 265
Which of the following media is MOST resistant to tapping?
A. microwave.
B. twisted pair.
C. coaxial cable.
D. fiber optic.
D
QUESTION NO: 266
Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has
external connections by filtering Ingress and Egress traffic?
A. a firewall.
B. dial-up.
C. passwords.
D. fiber optics.
A
QUESTION NO: 267
Which one of the following is usually not a benefit resulting from the use of firewalls?
A. reduces the risks of external threats from malicious hackers.
B. prevents the spread of viruses.
C. reduces the threat level on internal system.
D. allows centralized management and control of services.
B
QUESTION NO: 268
Which of the following DoD Model layer provides non-repudiation services?
A. network layer.
B. application layer.
C. transport layer.
D. data link layer.
B
QUESTION NO: 269
What is the 802.11 standard related to?
A. Public Key Infrastructure (PKI)
B. Wireless network communications
C. Packet-switching technology
D. The OSI/ISO model
B
QUESTION NO: 270
Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a
program located in another computer in a network. Within which OSI/ISO layer is RPC
implemented?
A. Session layer
B. Transport layer
C. Data link layer
D. Network layer
A
QUESTION NO: 271
Frame relay and X.25 networks are part of which of the following?
A. Circuit-switched services
B. Cell-switched services
C. Packet-switched services
D. Dedicated digital services
C
QUESTION NO: 272
Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided?
A. Data Link
B. Transport
C. Presentation
D. Application
A
QUESTION NO: 273
In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP
provided?
A. Transport
B. Network
C. Presentation
D. Application
A
QUESTION NO: 274
Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User
Datagram Protocol (UDP)?
A. TCP is connection-oriented, UDP is not.
B. UDP provides for Error Correction, TCP does not.
C. UDP is useful for longer messages, rather than TCP.
D. TCP does not guarantee delivery of data, while UDP does guarantee data delivery.
A
QUESTION NO: 275
The standard server port number for HTTP is which of the following?
A. 81
B. 80
C. 8080
D. 8180
B
QUESTION NO: 276
Looking at the choices below, which ones would be the most suitable protocols/tools for securing
e-mail?
A. PGP and S/MIME
B. IPsec and IKE
C. TLS and SSL
D. SSH
A
QUESTION NO: 277
Which of the following are suitable protocols for securing VPN connections at the lower layers of
the OSI model?
A. S/MIME and SSH
B. TLS and SSL
C. IPsec and L2TP
D. PKCS#10 and X.509
C
QUESTION NO: 278
What is the role of IKE within the IPsec protocol?
A. peer authentication and key exchange
B. data encryption
C. data signature
D. enforcing quality of service
A
QUESTION NO: 279
What is NOT an authentication method within IKE and IPSec?
A. CHAP
B. Pre shared key
C. certificate based authentication
D. Public key authentication
A
QUESTION NO: 280
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
A. Pre shared key authentication is normally based on simple passwords
B. Needs a Public Key Infrastructure (PKI) to work
C. IKE is used to setup Security Associations
D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
B
QUESTION NO: 281
In SSL/TLS protocol, what kind of authentication is supported when you establish a secure
session between a client and a server?
A. Peer-to-peer authentication
B. Only server authentication (optional)
C. Server authentication (mandatory) and client authentication (optional)
D. Role based authentication scheme
C
QUESTION NO: 282
What kind of encryption is realized in the S/MIME-standard?
A. Asymmetric encryption scheme
B. Password based encryption scheme
C. Public key based, hybrid encryption scheme
D. Elliptic curve based encryption
C
QUESTION NO: 283
Which of the following is true of network security?
A. A firewall is a not a necessity in today’s connected world.
B. A firewall is a necessity in today’s connected world.
C. A whitewall is a necessity in today’s connected world.
D. A black firewall is a necessity in today’s connected world.
B
QUESTION NO: 284
Which of the following best describes signature-based detection?
A. Compare source code, looking for events or sets of events that could cause damage to a
system or network.
B. Compare system activity for the behaviour patterns of new attacks.
C. Compare system activity, looking for events or sets of events that match a predefined pattern of
events that describe a known attack.
D. Compare network nodes looking for objects or sets of objects that match a predefined pattern
of objects that may describe a known attack.
C
QUESTION NO: 285
Which layer deals with Media Access Control (MAC) addresses?
A. Data link layer
B. Physical layer
C. Transport layer
D. Network layer
A
QUESTION NO: 286
What is a decrease in amplitude as a signal propagates along a transmission medium best known
as?
A. Crosstalk
B. Noise
C. Delay distortion
D. Attenuation
D
QUESTION NO: 287
Which device acting as a translator is used to connect two networks or applications from layer 4
up to layer 7 of the ISO/OSI Model?
A. Bridge
B. Repeater
C. Router
D. Gateway
D
QUESTION NO: 288
In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of
protocols?
A. Transport layer
B. Application layer
C. Physical layer
D. Network layer
A
QUESTION NO: 289
Which of the following transmission media would NOT be affected by cross talk or interference?
A. Copper cable
B. Radio System
C. Satellite radiolink
D. Fiber optic cables
D
QUESTION NO: 290
What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO
broadcast packet so it seems to have originated at the victim’s system, in order to flood it with
REPLY packets?
A. SYN Flood attack
B. Smurf attack
C. Ping of Death attack
D. Denial of Service (DOS) attack
B
QUESTION NO: 291
Why are coaxial cables called “coaxial”?
A. it includes two physical channels that carries the signal surrounded (after a layer of insulation)
by another concentric physical channel, both running along the same axis.
B. it includes one physical channel that carries the signal surrounded (after a layer of insulation)
by another concentric physical channel, both running along the same axis
C. it includes two physical channels that carries the signal surrounded (after a layer of insulation)
by another two concentric physical channels, both running along the same axis.
D. it includes one physical channel that carries the signal surrounded (after a layer of insulation)
by another concentric physical channel, both running perpendicular and along the different axis
B
QUESTION NO: 292
The International Organization for Standardization / Open Systems Interconnection (ISO/OSI)
Layer 7 does NOT include which of the following?
A. SMTP (Simple Mail Transfer Protocol)
B. TCP (Transmission Control Protocol )
C. SNMP (Simple Network Management Protocol
D. HTTP (Hypertext Transfer Protocol)
B
QUESTION NO: 293
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does
NOT have which of the following characteristics?
A. Standard model for network communications
B. Used to gain information from network devices such as count of packets received and routing
tables
C. Enables dissimilar networks to communicate
D. Defines 7 protocol layers (a.k.a. protocol stack)
B
QUESTION NO: 294
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is
which of the following?
A. Application Layer
B. Presentation Layer
C. Data Link Layer
D. Network Layer
B
QUESTION NO: 295
In telephony different types of connections are being used. The connection from the phone
company’s branch office to local customers is referred to as which of the following choices?
A. new loop
B. local loop
C. loopback
D. indigenous loop
B
QUESTION NO: 296
Communications and network security relates to transmission of which of the following?
A. voice
B. voice and multimedia
C. data and multimedia
D. voice, data and multimedia
D
QUESTION NO: 297
One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec)
A. Data cannot be read by unauthorized parties
B. The identity of all IPsec endpoints are confirmed by other endpoints
C. Data is delivered in the exact order in which it is sent
D. The number of packets being exchanged can be counted.
C
QUESTION NO: 298
One of these statements about the key elements of a good configuration process is NOT true
A. Accommodate the reuse of proven standards and best practices
B. Ensure that all requirements remain clear, concise, and valid
C. Control modifications to system hardware in order to prevent resource changes
D. Ensure changes, standards, and requirements are communicated promptly and precisely
C
QUESTION NO: 299
One of the following statements about the differences between PPTP and L2TP is NOT true
A. PPTP can run only on top of IP networks.
B. PPTP is an encryption protocol and L2TP is not.
C. L2TP works well with all firewalls and network devices that perform NAT.
D. L2TP supports AAA servers
C
QUESTION NO: 300
You have been tasked to develop an effective information classification program. Which one of the
following steps should be performed first?
A. Establish procedures for periodically reviewing the classification and ownership
B. Specify the security controls required for each classification level
C. Identify the data custodian who will be responsible for maintaining the security level of data
D. Specify the criteria that will determine how data is classified
D
QUESTION NO: 301
In the course of responding to and handling an incident, you work on determining the root cause of
the incident. In which step are you in?
A. Recovery
B. Containment
C. Triage
D. Analysis and tracking
D
QUESTION NO: 302
Which of the following assertions is NOT true about pattern matching and anomaly detection in
intrusion detection?
A. Anomaly detection tends to produce more data
B. A pattern matching IDS can only identify known attacks
C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic
streams
D. An anomaly-based engine develops baselines of normal traffic activity and throughput, and
alerts on deviations from these baselines
C
QUESTION NO: 303
Which of the following is NOT a characteristic of a host-based intrusion detection system?
A. A HIDS does not consume large amounts of system resources
B. A HIDS can analyse system logs, processes and resources
C. A HIDS looks for unauthorized changes to the system
D. A HIDS can notify system administrators when unusual events are identified
A
QUESTION NO: 304
Which of the following is NOT a correct notation for an IPv6 address?
A. 2001:0db8:0:0:0:0:1428:57ab
B. ABCD:EF01:2345:6789:
C. ABCD:EF01:2345:6789::1
D. 2001:DB8::8:800::417A
D
QUESTION NO: 305
Another example of Computer Incident Response Team (CIRT) activities is:
A. Management of the netware logs, including collection, retention, review, and analysis of data
B. Management of the network logs, including collection and analysis of data
C. Management of the network logs, including review and analysis of data
D. Management of the network logs, including collection, retention, review, and analysis of data
D
QUESTION NO: 306
An area of the Telecommunications and Network Security domain that directly affects the
Information Systems Security tenet of Availability can be defined as:
A. Netware availability
B. Network availability
C. Network acceptability
D. Network accountability
A
QUESTION NO: 307
Which of the following is the correct set of assurance requirements for EAL 5?
A. Semiformally verified design and tested
B. Semiformally tested and checked
C. Semiformally designed and tested
D. Semiformally verified tested and checked
C
QUESTION NO: 308
Which of the following defines when RAID separates the data into multiple units and stores it on
multiple disks?
A. striping
B. scanning
C. screening
D. shadowing
A
QUESTION NO: 309
What is the process that RAID Level 0 uses as it creates one large disk by using several disks?
A. striping
B. mirroring
C. integrating
D. clustering
A
QUESTION NO: 310
RAID Level 1 mirrors the data from one disk or set of disks using which of the following
techniques?
A. duplicating the data onto another disk or set of disks.
B. moving the data onto another disk or set of disks.
C. establishing dual connectivity to another disk or set of disks.
D. establishing dual addressing to another disk or set of disks.
A
QUESTION NO: 311
Which of the following stripes the data and the parity information at the block level across all the
drives in the set?
A. RAID Level 5
B. RAID Level 0
C. RAID Level 2
D. RAID Level 1
A
QUESTION NO: 312
A group of independent servers, which are managed as a single system, that provides higher
availability, easier manageability, and greater scalability is:
A. server cluster.
B. client cluster.
C. guest cluster.
D. host cluster.
A
QUESTION NO: 313
If any server in the cluster crashes, processing continues transparently, however, the cluster
suffers some performance degradation. This implementation is sometimes called a:
A. server farm
B. client farm
C. cluster farm
D. host farm
A
QUESTION NO: 314
Which of the following backup methods is primarily run when time and tape space permits, and is
used for the system archive or baselined tape sets?
A. full backup method.
B. incremental backup method.
C. differential backup method.
D. tape backup method.
A
QUESTION NO: 315
Which backup method is used if backup time is critical and tape space is at an extreme premium?
A. Incremental backup method.
B. Differential backup method.
C. Full backup method.
D. Tape backup method.
A
QUESTION NO: 316
Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore
has a much longer effective usable length?
A. Fiber Optic cable
B. Coaxial cable
C. Twisted Pair cable
D. Axial cable
A
QUESTION NO: 317
Which of the following methods of providing telecommunications continuity involves the use of an
alternative media?
A. Alternative routing
B. Diverse routing
C. Long haul network diversity
D. Last mile circuit protection
A
QUESTION NO: 318
Which SERVICE usually runs on port 25?
A. File Transfer Protocol (FTP)
B. Telnet
C. Simple Mail Transfer Protocol (SMTP)
D. Domain Name Service (DNS)
C
QUESTION NO: 319
Which port does the Post Office Protocol Version 3 (POP3) make use of?
A. 110
B. 109
C. 139
D. 119
A
QUESTION NO: 320
Which of the following are WELL KNOWN PORTS assigned by the IANA?
A. Ports 0 to 255
B. Ports 0 to 1024
C. Ports 0 to 1023
D. Ports 0 to 127
C
QUESTION NO: 321
What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T
cable?
A. 80 meters
B. 100 meters
C. 185 meters
D. 500 meters
B
QUESTION NO: 322
Secure Sockets Layer (SSL) is very heavily used for protecting which of the following?
A. Web transactions.
B. EDI transactions.
C. Telnet transactions.
D. Electronic Payment transactions.
A
QUESTION NO: 323
Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the
TLS Record Protocol and the::
A. Transport Layer Security (TLS) Internet Protocol.
B. Transport Layer Security (TLS) Data Protocol.
C. Transport Layer Security (TLS) Link Protocol.
D. Transport Layer Security (TLS) Handshake Protocol.
D
QUESTION NO: 324
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for
encrypting the bulk of the data being sent over the session and it uses asymmetric or public key
cryptography for:
A. Peer Authentication
B. Peer Identification
C. Server Authentication
D. Name Resolution
A
QUESTION NO: 325
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
A. message non-repudiation.
B. message confidentiality.
C. message interleave checking.
D. message integrity.
D
QUESTION NO: 326
Packet Filtering Firewalls can also enable access for:
A. only authorized application port or service numbers.
B. only unauthorized application port or service numbers.
C. only authorized application port or ex-service numbers.
D. only authorized application port or service integers.
A
QUESTION NO: 327
A packet filtering firewall looks at the data packet to get information about the source and
destination addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source
and destination port for the:
A. desired service.
B. dedicated service.
C. delayed service.
D. distributed service.
A
QUESTION NO: 328
A Packet Filtering Firewall system is considered a:
A. first generation firewall.
B. second generation firewall.
C. third generation firewall.
D. fourth generation firewall.
A
QUESTION NO: 329
Proxies works by transferring a copy of each accepted data packet from one network to another,
thereby masking the:
A. data’s payload.
B. data’s details.
C. data’s owner.
D. data’s origin.
D
QUESTION NO: 330
An application layer firewall is also called a:
A. Proxy
B. A Presentation Layer Gateway.
C. A Session Layer Gateway.
D. A Transport Layer Gateway.
A
QUESTION NO: 331
Application Layer Firewalls operate at the:
A. OSI protocol Layer seven, the Application Layer.
B. OSI protocol Layer six, the Presentation Layer.
C. OSI protocol Layer five, the Session Layer.
D. OSI protocol Layer four, the Transport Layer.
A
QUESTION NO: 332
One drawback of Application Level Firewall is that it reduces network performance due to the fact
that it must analyze every packet and:
A. decide what to do with each application.
B. decide what to do with each user.
C. decide what to do with each port.
D. decide what to do with each packet.
D
QUESTION NO: 333
A circuit level proxy is ___________________ when compared to an application level proxy.
A. lower in processing overhead.
B. more difficult to maintain.
C. more secure.
D. slower.
A
QUESTION NO: 334
In a stateful inspection firewall, data packets are captured by an inspection engine that is
operating at the:
A. Network or Transport Layer.
B. Application Layer.
C. Inspection Layer.
D. Data Link Layer.
A
QUESTION NO: 335
When an outgoing request is made on a port number greater than 1023, this type of firewall
creates an ACL to allow the incoming reply on that port to pass:
A. packet filtering
B. CIrcuit level proxy
C. Dynamic packet filtering
D. Application level proxy
C
QUESTION NO: 336
A demilitarized zone is:
A. a part of a network perfectly safe from hackers
B. a militarized network segment
C. a firewall
D. the network segment between the Internet and a private network
D
QUESTION NO: 337
A DMZ is located:
A. right behind your first Internet facing firewall
B. right in front of your first Internet facing firewall
C. right behind your first network active firewall
D. right behind your first network passive Internet http firewall
A
QUESTION NO: 338
The DMZ does not normally contain:
A. encryption server
B. web server
C. external DNS server
D. mail relay
A
QUESTION NO: 339
Good security is built on which of the following concept?
A. The concept of a pass-through device that only allows certain traffic in and out
B. The Concept of defense in depth
C. The Concept of Preventative controls
D. The Concept of Defensive Controls
B
QUESTION NO: 340
A DMZ is also known as a
A. screened subnet
B. three legged firewall
C. a place to attract hackers
D. bastion host
A
QUESTION NO: 341
The Telecommunications Security Domain of information security is also concerned with the
prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of:
A. Confidentiality, Integrity, and Entity (C.I.E.).
B. Confidentiality, Integrity, and Authenticity (C.I.A.).
C. Confidentiality, Integrity, and Availability (C.I.A.).
D. Confidentiality, Integrity, and Liability (C.I.L.).
C
QUESTION NO: 342
Network-based Intrusion Detection systems:
A. Commonly reside on a discrete network segment and monitor the traffic on that network
segment.
B. Commonly will not reside on a discrete network segment and monitor the traffic on that network
segment.
C. Commonly reside on a discrete network segment and does not monitor the traffic on that
network segment.
D. Commonly reside on a host and and monitor the traffic on that specific host.
A
QUESTION NO: 343
Which of the following are additional terms used to describe knowledge-based IDS and behaviorbased
IDS?
A. signature-based IDS and statistical anomaly-based IDS, respectively.
B. signature-based IDS and dynamic anomaly-based IDS, respectively.
C. anomaly-based IDS and statistical-based IDS, respectively.
D. signature-based IDS and motion anomaly-based IDS, respectively.
A
QUESTION NO: 344
Knowledge-based Intrusion Detection Systems (IDS) are more common than:
A. Network-based IDS
B. Host-based IDS
C. Behavior-based IDS
D. Application-Based IDS
C
QUESTION NO: 345
Which RAID Level often implements a one-for-one disk to disk ratio?
A. RAID Level 1
B. RAID Level 0
C. RAID Level 2
D. RAID Level 5
A
QUESTION NO: 346
Which cable technology refers to the CAT3 and CAT5 categories?
A. Coaxial cables
B. Fiber Optic cables
C. Axial cables
D. Twisted Pair cables
D
QUESTION NO: 347
The older coaxial cable has been widely replaced with twisted pair, which is extremely easy to
work with, inexpensive, and also resistant to multiple hosts failure at once, especially when used in
one of the following topology:
A. Token Passing Configuration.
B. Star Configuration.
C. Ring Configuration.
D. Point to Point Configuration.
B
QUESTION NO: 348
Which of the following was designed as a more fault-tolerant topology than Ethernet, and very
resilient when properly implemented?
A. Token Link.
B. Token system.
C. Token Ring.
D. Duplicate ring.
C
QUESTION NO: 349
Frame relay uses a public switched network to provide:
A. Local Area Network (LAN) connectivity.
B. Metropolitan Area Network (MAN) connectivity.
C. Wide Area Network (WAN) connectivity.
D. World Area Network (WAN) connectivity.
C
QUESTION NO: 350
Which of the following items is NOT primarily used to ensure integrity?
A. Cyclic Redundancy Check (CRC)
B. Redundant Array of Inexpensive Disks (RAID) system
C. Hashing Algorithms
D. The Biba Security model
B
QUESTION NO: 351
Which of the following is most affected by denial-of-service (DOS) attacks?
A. Confidentiality
B. Integrity
C. Accountability
D. Availability
D
QUESTION NO: 352
Which conceptual approach to intrusion detection system is the most common?
A. Behavior-based intrusion detection
B. Knowledge-based intrusion detection
C. Statistical anomaly-based intrusion detection
D. Host-based intrusion detection
B
QUESTION NO: 353
Several analysis methods can be employed by an IDS, each with its own strengths and
weaknesses, and their applicability to any given situation should be carefully considered. There
are two basic IDS analysis methods that exists. Which of the basic method is more prone to false
positive?
A. Pattern Matching (also called signature analysis)
B. Anomaly Detection
C. Host-based intrusion detection
D. Network-based intrusion detection
B
QUESTION NO: 354
What is the primary purpose of using redundant array of inexpensive disks (RAID) level zero?
A. To improve system performance.
B. To maximize usage of hard disk space.
C. To provide fault tolerance and protection against file server hard disk crashes.
D. To implement integrity.
A
QUESTION NO: 355
Which RAID implementation stripes data and parity at block level across all the drives?
A. RAID level 1
B. RAID level 2
C. RAID level 4
D. RAID level 5
D
QUESTION NO: 356
Which RAID level concept is considered more expensive and is applied to servers to create what
is commonly known as server fault tolerance?
A. RAID level 0
B. RAID level 1
C. RAID level 2
D. RAID level 5
B
QUESTION NO: 357
Which backup method only copies files that have been recently added or changed and also leaves
the archive bit unchanged?
A. Full backup method
B. Incremental backup method
C. Fast backup method
D. Differential backup method
D
QUESTION NO: 358
Which backup method does not reset the archive bit on files that are backed up?
A. Full backup method
B. Incremental backup method
C. Differential backup method
D. Additive backup method
C
QUESTION NO: 359
Which of the following is a drawback of fiber optic cables?
A. It is affected by electromagnetic interference (EMI).
B. It can easily be tapped.
C. The expertise needed to install it.
D. The limited distance at high speeds.
C
QUESTION NO: 360
What refers to legitimate users accessing networked services that would normally be restricted to
them?
A. Spoofing
B. Piggybacking
C. Eavesdropping
D. Logon abuse
D
QUESTION NO: 361
What is called an attack in which an attacker floods a system with connection requests but does
not respond when the target system replies to those requests?
A. Ping of death attack
B. SYN attack
C. Smurf attack
D. Buffer overflow attack
B
QUESTION NO: 362
Which type of attack involves hijacking a session between a host and a target by predicting the
target’s choice of an initial TCP sequence number?
A. IP spoofing attack
B. SYN flood attack
C. TCP sequence number attack
D. Smurf attack
C
QUESTION NO: 363
Which OSI/ISO layer defines how to address the physical devices on the network?
A. Session layer
B. Data Link layer
C. Application layer
D. Transport layer
B
QUESTION NO: 364
Which layer defines how packets are routed between end systems?
A. Session layer
B. Transport layer
C. Network layer
D. Data link layer
C
QUESTION NO: 365
At which of the OSI/ISO model layer is IP implemented?
A. Session layer
B. Transport layer
C. Network layer
D. Data link layer
C
QUESTION NO: 366
Which ISO/OSI layer establishes the communications link between individual devices over a
physical link or channel?
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer
C
QUESTION NO: 367
Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of?
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer
C
QUESTION NO: 368
Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces?
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer
D
QUESTION NO: 369
How many layers are defined within the US Department of Defense (DoD) TCP/IP Model?
A. 7
B. 5
C. 4
D. 3
C
QUESTION NO: 370
Which layer of the TCP/IP protocol model defines the IP datagram and handles the routing of data
across networks?
A. Application layer
B. Host-to-host transport layer
C. Internet layer
D. Network access layer
C
QUESTION NO: 371
Which layer of the TCP/IP protocol model would best correspond to the OSI/ISO model’s network
layer?
A. Network access layer
B. Application layer
C. Host-to-host transport layer
D. Internet layer
D
QUESTION NO: 372
Which layer of the DoD TCP/IP model controls the communication flow between hosts?
A. Internet layer
B. Host-to-host transport layer
C. Application layer
D. Network access layer
B
QUESTION NO: 373
How many bits compose an IPv6 address?
A. 32 bits
B. 64 bits
C. 96 bits
D. 128 bits
D
QUESTION NO: 374
What protocol is used on the Local Area Network (LAN) to obtain an IP address from it’s known
MAC address?
A. Reverse address resolution protocol (RARP)
B. Address resolution protocol (ARP)
C. Data link layer
D. Network address translation (NAT)
A
QUESTION NO: 375
Which of the following security-focused protocols has confidentiality services operating at a layer
different from the others?
A. Secure HTTP (S-HTTP)
B. FTP Secure (FTPS)
C. Secure socket layer (SSL)
D. Sequenced Packet Exchange (SPX)
A
QUESTION NO: 376
Which of the following is the most secure firewall implementation?
A. Dual-homed host firewalls
B. Screened-subnet firewalls
C. Screened-host firewalls
D. Packet-filtering firewalls
B
QUESTION NO: 377
Which of the following is NOT a VPN communications protocol standard?
A. Point-to-point tunnelling protocol (PPTP)
B. Challenge Handshake Authentication Protocol (CHAP)
C. Layer 2 tunnelling protocol (L2TP)
D. IP Security
B
QUESTION NO: 378
What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at?
A. Data link layer
B. Transport layer
C. Session layer
D. Network layer
A
QUESTION NO: 379
Which of the following statements pertaining to VPN protocol standards is false?
A. L2TP is a combination of PPTP and L2F.
B. L2TP and PPTP were designed for single point-to-point client to server communication.
C. L2TP operates at the network layer.
D. PPTP uses native PPP authentication and encryption services.
C
QUESTION NO: 380
Which IPSec operational mode encrypts the entire data packet (including header and data) into an
IPSec packet?
A. Authentication mode
B. Tunnel mode
C. Transport mode
D. Safe mode
B
QUESTION NO: 381
Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1
Gbps) according to the EIA/TIA-568-B standards?
A. Category 5e UTP
B. Category 2 UTP
C. Category 3 UTP
D. Category 1e UTP
A
QUESTION NO: 382
In which LAN transmission method is a source packet copied and sent to specific multiple
destinations but not ALL of the destinations on the network?
A. Overcast
B. Unicast
C. Multicast
D. Broadcast
C
QUESTION NO: 383
Which of the following can prevent hijacking of a web session?
A. RSA
B. SET
C. SSL
D. PPP
C
QUESTION NO: 384
What is defined as the rules for communicating between computers on a Local Area Network
(LAN)?
A. LAN Media Access methods
B. LAN topologies
C. LAN transmission methods
D. Contention Access Control
A
QUESTION NO: 385
Which of the following is a LAN transmission method?
A. Broadcast
B. Carrier-sense multiple access with collision detection (CSMA/CD)
C. Token ring
D. Fiber Distributed Data Interface (FDDI)
A
QUESTION NO: 386
In what LAN topology do all the transmissions of the network travel the full length of cable and are
received by all other stations?
A. Bus topology
B. Ring topology
C. Star topology
D. FDDI topology
A
QUESTION NO: 387
Which of the following IEEE standards defines the token ring media access method?
A. 802.3
B. 802.11
C. 802.5
D. 802.2
C
QUESTION NO: 388
Which of the following LAN devices only operates at the physical layer of the OSI/ISO model?
A. Switch
B. Bridge
C. Hub
D. Router
C
QUESTION NO: 389
Which of the following technologies has been developed to support TCP/IP networking over lowspeed
serial interfaces?
A. ISDN
B. SLIP
C. xDSL
D. T1
B
QUESTION NO: 390
Which xDSL flavour, appropriate for home or small offices, delivers more bandwidth downstream
than upstream and over longer distance?
A. VDSL
B. SDSL
C. ADSL
D. HDSL
C
QUESTION NO: 391
Which of the following services is provided by S-RPC?
A. Availability
B. Accountability
C. Integrity
D. Authentication
D
QUESTION NO: 392
What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1
facility?
A. DS-0
B. DS-1
C. DS-2
D. DS-3
B
QUESTION NO: 393
Which of the following is the biggest concern with firewall security?
A. Internal hackers
B. Complex configuration rules leading to misconfiguration
C. Buffer overflows
D. Distributed denial of service (DDOS) attacks
B
QUESTION NO: 394
Which of the following is the simplest type of firewall?
A. Stateful packet filtering firewall
B. Packet filtering firewall
C. Dual-homed host firewall
D. Application gateway
B
QUESTION NO: 395
Which of the following devices enables more than one signal to be sent out simultaneously over
one physical circuit?
A. Router
B. Multiplexer
C. Channel service unit/Data service unit (CSU/DSU)
D. Wan switch
B
QUESTION NO: 396
Which of the following is NOT an advantage that TACACS+ has over TACACS?
A. Event logging
B. Use of two-factor password authentication
C. User has the ability to change his password
D. Ability for security tokens to be resynchronized
A
QUESTION NO: 397
Which of the following remote access authentication systems is the most robust?
A. TACACS+
B. RADIUS
C. PAP
D. TACACS
A
QUESTION NO: 398
Which of the following is true about link encryption?
A. Each entity has a common key with the destination node.
B. Encrypted messages are only decrypted by the final node.
C. This mode does not provide protection if anyone of the nodes along the transmission path is
compromised.
D. Only secure nodes are used in this type of transmission.
C
QUESTION NO: 399
Which of the following protects Kerberos against replay attacks?
A. Tokens
B. Passwords
C. Cryptography
D. Time stamps
D
QUESTION NO: 400
Which of the following offers security to wireless communications?
A. S-WAP
B. WTLS
C. WSP
D. WDP
B
QUESTION NO: 401
Which of the following offers confidentiality to an e-mail message?
A. The sender encrypting it with its private key.
B. The sender encrypting it with its public key.
C. The sender encrypting it with the receiver’s public key.
D. The sender encrypting it with the receiver’s private key.
C
QUESTION NO: 402
Which of the following is a Wide Area Network that was originally funded by the Department of
Defense, which uses TCP/IP for data interchange?
A. the Internet.
B. the Intranet.
C. the extranet.
D. the Ethernet.
A
QUESTION NO: 403
An intranet is an Internet-like logical network that uses:
A. a firm’s internal, physical network infrastructure.
B. a firm’s external, physical network infrastructure.
C. a firm’s external, physical netBIOS infrastructure.
D. a firm’s internal, physical netBIOS infrastructure.
A
QUESTION NO: 404
An intranet provides more security and control than which of the following:
A. private posting on the Internet.
B. public posting on the Ethernet.
C. public posting on the Internet.
D. public posting on the Extranet.
C
QUESTION NO: 405 Which of the following Common Data Network Services is used to share data files and subdirectories on file servers? A. File services. B. Mail services. C. Print services. D. Client/Server services.
A
QUESTION NO: 406
Which of the following Common Data Network Services is used to send and receive email
internally or externally through an email gateway device?
A. File services.
B. Mail services.
C. Print services.
D. Client/Server services.
B
158.
Asynchronous Communication transfers data by sending:
A. bits of data sequentially
B. bits of data sequentially in irregular timing patterns
C. bits of data in sync with a heartbeat or clock
D. bits of data simultaneously
B
QUESTION NO: 407
Communications devices must operate:
A. at different speeds to communicate.
B. at the same speed to communicate.
C. at varying speeds to interact.
D. at high speed to interact.
B
QUESTION NO: 408
The basic language of modems and dial-up remote access systems is:
A. Asynchronous Communication.
B. Synchronous Communication.
C. Asynchronous Interaction.
D. Synchronous Interaction.
A
QUESTION NO: 409
Which of the following Common Data Network Services is used to print documents to a shared
printer or a print queue/spooler?
A. Mail services.
B. Print services.
C. Client/Server services.
D. Domain Name Service.
B
162
Which of the following Common Data Network Services allocates computing power resources
among workstations with some shared resources centralized on a server?
A. Print services
B. File services
C. Client/Server services
D. Domain Name Service
C
QUESTION NO: 410
Domain Name Service is a distributed database system that is used to map:
A. Domain Name to IP addresses.
B. MAC addresses to domain names.
C. MAC Address to IP addresses.
D. IP addresses to MAC Addresses.
A
164.
The Domain Name System (DNS) is a global network of:
A. servers that provide these Domain Name Services.
B. clients that provide these Domain Name Services.
C. hosts that provide these Domain Name Services.
D. workstations that provide these Domain Name Services.
A
QUESTION NO: 411
The communications products and services, which ensure that the various components of a
network (such as devices, protocols, and access methods) work together refers to:
A. Netware Architecture.
B. Network Architecture.
C. WAN Architecture.
D. Multiprotocol Architecture.
B
QUESTION NO: 412
Unshielded Twisted Pair cabling is a:
A. four-pair wire medium that is used in a variety of networks.
B. three-pair wire medium that is used in a variety of networks.
C. two-pair wire medium that is used in a variety of networks.
D. one-pair wire medium that is used in a variety of networks.
A
QUESTION NO: 413
In the UTP category rating, the tighter the wind:
A. the higher the rating and its resistance against interference and crosstalk.
B. the slower the rating and its resistance against interference and attenuation.
C. the shorter the rating and its resistance against interference and attenuation.
D. the longer the rating and its resistance against interference and attenuation.
A
QUESTION NO: 414
What works as an E-mail message transfer agent?
A. SMTP
B. SNMP
C. S-RPC
D. S/MIME
A
QUESTION NO: 415
Which of the following statements pertaining to packet switching is incorrect?
A. Most data sent today uses digital signals over network employing packet switching.
B. Messages are divided into packets.
C. All packets from a message travel through the same route.
D. Each network node or point examines each packet for routing.
C
QUESTION NO: 416
All hosts on an IP network have a logical ID called a(n):
A. IP address.
B. MAC address.
C. TCP address.
D. Datagram address.
A
171.
An Ethernet address is composed of how many bits?
A. 48-bit address
B. 32-bit address.
C. 64-bit address
D. 128-bit address
A
QUESTION NO: 417
Address Resolution Protocol (ARP) interrogates the network by sending out a?
A. broadcast.
B. multicast.
C. unicast.
D. semicast.
A
QUESTION NO: 418
When a station communicates on the network for the first time, which of the following protocol
would search for and find the Internet Protocol (IP) address that matches with a known Ethernet
address?
A. Address Resolution Protocol (ARP).
B. Reverse Address Resolution Protocol (RARP).
C. Internet Control Message protocol (ICMP).
D. User Datagram Protocol (UDP).
B
QUESTION NO: 419
Which protocol’s primary function is to facilitate file and directory transfer between two machines?
A. Telnet.
B. File Transfer Protocol (FTP).
C. Trivial File Transfer Protocol (TFTP).
D. Simple Mail Transfer Protocol (SMTP)
B
QUESTION NO: 420
What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol
(TFTP)?
A. It is too complex to manage user access restrictions under TFTP
B. Due to the inherent security risks
C. It does not offer high level encryption like FTP
D. It cannot support the Lightwight Directory Access Protocol (LDAP)
B
QUESTION NO: 421
Which protocol is used to send email?
A. File Transfer Protocol (FTP).
B. Post Office Protocol (POP).
C. Network File System (NFS).
D. Simple Mail Transfer Protocol (SMTP).
D
QUESTION NO: 422
Which of the following best describes the Secure Electronic Transaction (SET) protocol?
A. Originated by VISA and MasterCard as an Internet credit card protocol using Message
Authentication Code.
B. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.
C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport
layer.
D. Originated by VISA and American Express as an Internet credit card protocol using SSL.
B
QUESTION NO: 423
Which of the following protocols is designed to send individual messages securely?
A. Kerberos
B. Secure Electronic Transaction (SET).
C. Secure Sockets Layer (SSL).
D. Secure HTTP (S-HTTP).
D
QUESTION NO: 424
Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the
OSI model?
A. Application Layer.
B. Transport Layer.
C. Session Layer.
D. Network Layer.
A
QUESTION NO: 425
Which of the following statements pertaining to IPSec is incorrect?
A. IPSec can help in protecting networks from some of the IP network attacks.
B. IPSec provides confidentiality and integrity to information transferred over IP networks through
transport layer encryption and authentication.
C. IPSec protects against man-in-the-middle attacks.
D. IPSec protects against spoofing.
B
QUESTION NO: 426
Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?
A. The source and destination addresses, protocols, and ports contained in the IP packet header
are the only information that is available to the router in making a decision whether or not to permit
traffic access to an internal network.
B. They don’t protect against IP or DNS address spoofing.
C. They do not support strong user authentication.
D. They are appropriate for medium-risk environment.
D
QUESTION NO: 427
In order to ensure the privacy and integrity of the data, connections between firewalls over public
networks should use:
A. Screened subnets
B. Digital certificates
C. An encrypted Virtual Private Network
D. Encryption
C
QUESTION NO: 428
Which of the following protocols does not operate at the data link layer (layer 2)?
A. PPP
B. RARP
C. L2F
D. ICMP
D
QUESTION NO: 429
Which of the following protocols operates at the session layer (layer 5)?
A. RPC
B. IGMP
C. LPD
D. SPX
A
QUESTION NO: 430
Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)?
A. Host-to-host layer
B. Internet layer
C. Network access layer
D. Session layer
B
QUESTION NO: 431
Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline,
error notification, orderly delivery of frames, and optional flow control?
A. Physical
B. Data link
C. Network
D. Session
B
QUESTION NO: 432
The Logical Link Control sub-layer is a part of which of the following?
A. The ISO/OSI Data Link layer
B. The Reference monitor
C. The Transport layer of the TCP/IP stack model
D. Change management control
A
QUESTION NO: 433
Which of the following services relies on UDP?
A. FTP
B. Telnet
C. DNS
D. SMTP
C
QUESTION NO: 434
Which of the following is not a common weakness of packet filtering firewalls?
A. Vulnerability to denial-of-service and related attacks.
B. Vulnerability to IP spoofing.
C. Limited logging functionality.
D. No support for advanced user authentication schemes.
A
QUESTION NO: 435
Which Network Address Translation (NAT) is the most convenient and secure solution?
A. Hiding Network Address Translation
B. Port Address Translation
C. Dedicated Address Translation
D. Static Address Translation
B
QUESTION NO: 436
What is the primary difference between FTP and TFTP?
A. Speed of negotiation
B. Authentication
C. Ability to automate
D. TFTP is used to transfer configuration files to and from network equipment.
B
QUESTION NO: 437
Which of the following cable types is limited in length to 185 meters?
A. 10BaseT
B. RG8
C. RG58
D. 10Base5
C
QUESTION NO: 438
In a SSL session between a client and a server, who is responsible for generating the master
secret that will be used as a seed to generate the symmetric keys that will be used during the
session?
A. Both client and server
B. The client’s browser
C. The web server
D. The merchant’s Certificate Server
B
QUESTION NO: 439
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is
incorrect?
A. PPTP allow the tunnelling of any protocols that can be carried within PPP.
B. PPTP does not provide strong encryption.
C. PPTP does not support any token-based authentication method for users.
D. PPTP is derived from L2TP.
D
QUESTION NO: 440
During the initial stage of configuration of your firewall, which of the following rules appearing in an
Internet firewall policy is inappropriate?
A. The firewall software shall run on a dedicated computer.
B. Appropriate firewall documentation and a copy of the rulebase shall be maintained on offline
storage at all times.
C. The firewall shall be configured to deny all services not expressly permitted.
D. The firewall should be tested online first to validate proper configuration.
D
QUESTION NO: 441
SMTP can best be described as:
A. a host-to-host email protocol.
B. an email retrieval protocol.
C. a web-based e-mail reading protocol.
D. a standard defining the format of e-mail messages.
A
QUESTION NO: 442
Which of the following is not a security goal for remote access?
A. Reliable authentication of users and systems
B. Protection of confidential data
C. Easy to manage access control to systems and network resources
D. Automated login for remote users
D
QUESTION NO: 443
What attack involves the perpetrator sending spoofed packet(s) wich contains the same
destination and source IP address as the remote host, the same port for the source and
destination, having the SYN flag, and targeting any open ports that are open on the remote host?
A. Boink attack
B. Land attack
C. Teardrop attack
D. Smurf attack
B
199.
Which of the following is NOT a component of IPSec?
A. Authentication Header
B. Encapsulating Security Payload
C. Key Distribution Center
D. Internet Key Exchange
C
QUESTION NO: 444
Which of the following statements pertaining to IPSec is incorrect?
A. A security association has to be defined between two IPSec systems in order for bi-directional
communication to be established.
B. Integrity and authentication for IP datagrams are provided by AH.
C. ESP provides for integrity, authentication and encryption to IP datagrams.
D. In transport mode, ESP only encrypts the data payload of each packet.
A
QUESTION NO: 445
Which of the following statements pertaining to packet filtering is incorrect?
A. It is based on ACLs.
B. It is not application dependent.
C. It operates at the network layer.
D. It keeps track of the state of a connection.
D
QUESTION NO: 446
Which of the following is a method of multiplexing data where a communication channel is divided
into an arbitrary number of variable bit-rate digital channels or data streams. This method
allocates bandwidth dynamically to physical channels having information to transmit?
A. Time-division multiplexing
B. Asynchronous time-division multiplexing
C. Statistical multiplexing
D. Frequency division multiplexing
C
QUESTION NO: 447
If an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its
information system from the Internet:
A. It should be host-based and installed on the most critical system in the DMZ, between the
external router and the firewall.
B. It should be network-based and installed in the DMZ, between the external router and the
firewall.
C. It should be network-based and installed between the firewall to the DMZ and the intranet.
D. It should be host-based and installed between the external router and the Internet.
B
QUESTION NO: 448
Why is infrared generally considered to be more secure to eavesdropping than multidirectional
radio transmissions?
A. Because infrared eavesdropping requires more sophisticated equipment.
B. Because infrared operates only over short distances.
C. Because infrared requires direct line-of-sight paths.
D. Because infrared operates at extra-low frequencies (ELF).
C
QUESTION NO: 449 Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except:
A. Authentication
B. Integrity
C. Replay resistance and non-repudiations
D. Confidentiality
D
QUESTION NO: 450
In IPSec, if the communication is to be gateway-to-gateway or host-to-gateway:
A. Tunnel mode of operation is required
B. Only transport mode can be used
C. Encapsulating Security Payload (ESP) authentication must be used
D. Both tunnel and transport mode can be used
A
QUESTION NO: 451
Which of the following is NOT true about IPSec Tunnel mode?
A. Fundamentally an IP tunnel with encryption and authentication
B. Works at the Transport layer of the OSI model
C. Have two sets of IP headers
D. Established for gateway service
B
QUESTION NO: 452
Which of the following statements is NOT true of IPSec Transport mode?
A. It is required for gateways providing access to internal systems
B. Set-up when end-point is host or communications terminates at end-points
C. If used in gateway-to-host communication, gateway must act as host
D. When ESP is used for the security protocol, the hash is only applied to the upper layer
protocols contained in the packet
A
QUESTION NO: 453
Which of the following statements pertaining to firewalls is incorrect?
A. Firewalls create bottlenecks between the internal and external network.
B. Firewalls allow for centralization of security services in machines optimized and dedicated to
the task.
C. Firewalls protect a network at all layers of the OSI models.
D. Firewalls are used to create security checkpoints at the boundaries of private networks.
C
QUESTION NO: 454
Which of the following is an extension to Network Address Translation that permits multiple
devices providing services on a local area network (LAN) to be mapped to a single public IP
address?
A. IP Spoofing
B. IP subnetting
C. Port address translation
D. IP Distribution
C
QUESTION NO: 455
At which OSI/ISO layer is an encrypted authentication between a client software package and a
firewall performed?
A. Network layer
B. Session layer
C. Transport layer
D. Data link layer
C
QUESTION NO: 456
Which of the following can best eliminate dial-up access through a Remote Access Server as a
hacking vector?
A. Using a TACACS+ server.
B. Installing the Remote Access Server outside the firewall and forcing legitimate users to
authenticate to the firewall.
C. Setting modem ring count to at least 5.
D. Only attaching modems to non-networked hosts.
B
QUESTION NO: 457
Which of the following was designed to support multiple network types over the same serial link?
A. Ethernet
B. SLIP
C. PPP
D. PPTP
C
QUESTION NO: 458
What is an IP routing table?
A. A list of IP addresses and corresponding MAC addresses.
B. A list of station and network addresses with corresponding gateway IP address.
C. A list of host names and corresponding IP addresses.
D. A list of current network interfaces on which IP routing is enabled.
B
QUESTION NO: 459
Which of the following should be allowed through a firewall to easy communication and usage by
users?
A. RIP
B. IGRP
C. DNS
D. OSPF
C
QUESTION NO: 460
Which of the following was developed as a simple mechanism for allowing simple network
terminals to load their operating system from a server over the LAN?
A. DHCP
B. BootP
C. DNS
D. ARP
B
QUESTION NO: 461
What is the greatest danger from DHCP?
A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the
DHCP clients.
B. Having multiple clients on the same LAN having the same IP address.
C. Having the wrong router used as the default gateway.
D. Having the organization’s mail server unreachable.
A
QUESTION NO: 462
Which of the following allows two computers to coordinate in executing software?
A. RSH
B. RPC
C. NFS
D. SNMP
B
QUESTION NO: 463
Which of the following should NOT normally be allowed through a firewall?
A. SNMP
B. SMTP
C. HTTP
D. SSH
A
QUESTION NO: 464
Which of the following NAT firewall translation modes allows a large group of internal clients to
share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities
when communicating with external hosts?
A. Static translation
B. Load balancing translation
C. Network redundancy translation
D. Dynamic translation
D
QUESTION NO: 465
Which of the following NAT firewall translation modes offers no protection from hacking attacks to
an internal host using this functionality?
A. Network redundancy translation
B. Load balancing translation
C. Dynamic translation
D. Static translation
D
QUESTION NO: 466
Which of the following is the primary security feature of a proxy server?
A. Virus Detection
B. URL blocking
C. Route blocking
D. Content filtering
D
QUESTION NO: 467
Which of the following is an advantage of proxies?
A. Proxies provide a single point of access, control, and logging.
B. Proxies must exist for each service.
C. Proxies create a single point of failure.
D. Proxies do not protect the base operating system.
A
QUESTION NO: 468
Which of the following packets should NOT be dropped at a firewall protecting an organization’s
internal network?
A. Inbound packets with Source Routing option set
B. Router information exchange protocols
C. Inbound packets with an internal address as the source IP address
D. Outbound packets with an external destination IP address
D
QUESTION NO: 469
Why does fiber optic communication technology have significant security advantage over other
transmission technology?
A. Higher data rates can be transmitted.
B. Interception of data traffic is more difficult.
C. Traffic analysis is prevented by multiplexing.
D. Single and double-bit errors are correctable.
B
QUESTION NO: 470
Another name for a VPN is a:
A. tunnel
B. one-time password
C. pipeline
D. bypass
A
QUESTION NO: 471
Which one of the following is used to provide authentication and confidentiality for e-mail
messages?
A. Digital signature
B. PGP
C. IPSEC AH
D. MD4
B
QUESTION NO: 472
Which of the following media is MOST resistant to EMI interference?
A. microwave
B. fiber optic
C. twisted pair
D. coaxial cable
B
QUESTION NO: 473
Which of the following is NOT a way to secure a wireless network?
A. Disable broadcast of SSID within AP`s configuration
B. Change AP’s default values
C. Put the access points (AP) in a location protected by a firewall
D. Give AP’s descriptive names
D
QUESTION NO: 474
Behavioral-based systems are also known as?
A. Profile-based systems
B. Pattern matching systems
C. Misuse detective systems
D. Rule-based IDS
A
QUESTION NO: 475
This OSI layer has a service that negotiates transfer syntax and translates data to and from the
transfer syntax for users, which may represent data using different syntaxes. At which of the
following layers would you find such service?
A. Session
B. Transport
C. Presentation
D. Application
C
QUESTION NO: 476
At which layer of ISO/OSI does the fiber optics work?
A. Network layer
B. Transport layer
C. Data link layer
D. Physical layer
D
QUESTION NO: 477
What is Dumpster Diving?
A. Going through dust bin
B. Running through another person’s garbage for discarded document, information and other
various items that could be used against that person or company
C. Performing media analysis
D. performing forensics on the deleted items
B
QUESTION NO: 478
You wish to make use of “port knocking” technologies. How can you BEST explain this?
A. Port knocking is where the client will attempt to connect to a predefined set of ports to identify
him as an authorized client.
B. Port knocking is where the user calls the server operator to have him start the service he wants
to connect to.
C. This is where all the ports are open on the server and the connecting client scans the open port
to which he wants to connect to see if it’s open and running.
D. Port knocking is where the port sequence is encrypted with 3DES and only the server has the
other key to decrypt the port sequence.
A
QUESTION NO: 479
You are part of a security staff at a highly profitable bank and each day, all traffic on the network is
logged for later review. Every Friday when major deposits are made you’re seeing a series of bits
placed in the “Urgent Pointer” field of a TCP packet. This is only 16 bits which isn’t much but it
concerns you because:
A. This could be a sign of covert channeling in bank network communications and should be
investigated.
B. It could be a sign of a damaged network cable causing the issue.
C. It could be a symptom of malfunctioning network card or drivers and the source system should
be checked for the problem.
D. It is normal traffic because sometimes the previous fields 16 bit checksum value can over run
into the urgent pointer’s 16 bit field causing the condition.
A
QUESTION NO: 480
What would you call the process that takes advantages of the security provided by a transmission
protocol by carrying one protocol over another?
A. Piggy Backing
B. Steganography
C. Tunneling
D. Concealing
C
QUESTION NO: 481
At which OSI layer does SSL reside in?
A. Application
B. Session
C. Transport
D. Network
C
QUESTION NO: 482
What is the BEST answer pertaining to the difference between the Session and Transport layers
of the OSI model?
A. The Session layer sets up communication between protocols, while the Transport layer sets up
connections between computer systems.
B. The Transport layer sets up communication between computer systems, while the Session
layer sets up connections between applications.
C. The Session layer sets up communication between computer systems, while the Transport
layer sets up connections between protocols.
D. The Transport layer sets up communication between applications, while the Session layer sets
up connections between computer systems.
B
QUESTION NO: 483
Which of the following protocols offers native encryption?
A. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP
B. IPSEC, SSH, SSL, TFTP
C. IPSEC, SSH, SSL, TLS
D. IPSEC, SSH, PPTP, SSL, MPLS, and L2TP
C
QUESTION NO: 484
Of the following, which multiple access method for computer networks does 802.11 Wireless Local
Area Network use?
A. CSMA/CA
B. CSMA/CD
C. 802.11 Doesn’t support multiple access methods
D. 802.11 RTS/CTS Exchange
A
QUESTION NO: 485
Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE
standards that describe technologies at that layer?
A. LCL and MAC; IEEE 802.2 and 802.3
B. LCL and MAC; IEEE 802.1 and 802.3
C. Network and MAC; IEEE 802.1 and 802.3
D. LLC and MAC; IEEE 802.2 and 802.3
D
QUESTION NO: 486
Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table
so that it contains incorrect IP to MAC address mappings?
A. Reverse ARP
B. Poisoning ARP cache
C. ARP table poisoning
D. Reverse ARP table poisoning
C
QUESTION NO: 487
What is the three way handshake sequence used to initiate TCP connections?
A. ACK, SYN/ACK, ACK
B. SYN, SYN/ACK, ACK
C. SYN, SYN, ACK/ACK
D. ACK, SYN/ACK, SYN
B
QUESTION NO: 488
You are using an open source packet analyzer called Wireshark and are sifting through the
various conversations to see if anything appears to be out of order.
You are observing a UDP conversation between a host and a router. It was a file transfer between
the two on port 69. What protocol was used here to conduct the file transfer?
A. TFTP
B. SFTP
C. FTP
D. SCP
A
QUESTION NO: 489
What sort of attack is described by the following: An attacker has a list of broadcast addresses
which it stores into an array, the attacker sends a spoofed icmp echo request to each of those
addresses in series and starts again. The spoofed IP address used by the attacker as the source
of the packets is the target/victim IP address.
A. Smurf Attack
B. Fraggle Attack
C. LAND Attack
D. Replay Attack
A
QUESTION NO: 490
View the image below and identify the attack.
Master /|\ -Zombie -Zombie -Zombie -Zombie \|/ ->Victim
A. DDoS
B. DOS
C. TFN
D. Reflection Attack
A
QUESTION NO: 491
How many bits is the address space reserved for the source IP address within an IPv6 header?
A. 128
B. 32
C. 64
D. 256
A
QUESTION NO: 492
Which of the following service is a distributed database that translate host name to IP address to
IP address to host name?
A. DNS
B. FTP
C. SSH
D. SMTP
A
QUESTION NO: 493
Which of the following attack is MOSTLY performed by an attacker to steal the identity information
of a user such as credit card number, passwords,etc?
A. Smurf attack
B. Traffic analysis
C. Pharming
D. Interrupt attack
C
QUESTION NO: 494
Which of the following protocol is PRIMARILY used to provide confidentiality in a web based
application thus protecting data sent across a client machine and a server?
A. SSL
B. FTP
C. SSH
D. S/MIME
A
QUESTION NO: 495
Which one of the following represents an ALE calculation?
A. single loss expectancy x annualized rate of occurrence.
B. gross loss expectancy x loss frequency.
C. actual replacement cost - proceeds of salvage.
D. asset value x loss expectancy.
A
QUESTION NO: 496
The control of communications test equipment should be clearly addressed by security policy for
which of the following reasons?
A. Test equipment is easily damaged.
B. Test equipment can be used to browse information passing on a network.
C. Test equipment is difficult to replace if lost or stolen.
D. Test equipment must always be available for the maintenance personnel.
B
QUESTION NO: 497
In discretionary access environments, which of the following entities is authorized to grant
information access to other people?
A. Manager
B. Group Leader
C. Security Manager
D. Data Owner
D
QUESTION NO: 498
Which of the following groups represents the leading source of computer crime losses?
A. Hackers
B. Industrial saboteurs
C. Foreign intelligence officers
D. Employees
D
QUESTION NO: 499
Which of the following is the best reason for the use of an automated risk analysis tool?
A. Much of the data gathered during the review cannot be reused for subsequent analysis.
B. Automated methodologies require minimal training and knowledge of risk analysis.
C. Most software tools have user interfaces that are easy to use and does not require any training.
D. Information gathering would be minimized and expedited due to the amount of information
already built into the tool.
D
QUESTION NO: 500
Who is ultimately responsible for the security of computer based information systems within an
organization?
A. The tech support team
B. The Operation Team.
C. The management team.
D. The training team.
C
QUESTION NO: 501
The major objective of system configuration management is which of the following?
A. system maintenance.
B. system stability.
C. system operations.
D. system tracking.
B
QUESTION NO: 502
Who should measure the effectiveness of Information System security related controls in an
organization?
A. The local security specialist
B. The business manager
C. The systems auditor
D. The central security manager
C
QUESTION NO: 503
A deviation from an organization-wide security policy requires which of the following?
A. Risk Acceptance
B. Risk Assignment
C. Risk Reduction
D. Risk Containment
A
QUESTION NO: 504
Which must bear the primary responsibility for determining the level of protection needed for
information systems resources?
A. IS security specialists
B. Senior Management
C. Senior security analysts
D. systems Auditors
B
QUESTION NO: 505
Within the realm of IT security, which of the following combinations best defines risk?
A. Threat coupled with a breach
B. Threat coupled with a vulnerability
C. Vulnerability coupled with an attack
D. Threat coupled with a breach of security
B
QUESTION NO: 506
Which of the following is considered the weakest link in a security system?
A. People
B. Software
C. Communications
D. Hardware
A
QUESTION NO: 507
The ISO/IEC 27001:2005 is a standard for:
A. Information Security Management System
B. Implementation and certification of basic security measures
C. Evaluation criteria for the validation of cryptographic algorithms
D. Certification of public key infrastructures
A
QUESTION NO: 508
What would be the Annualized Rate of Occurrence (ARO) of the threat “user input error”, in the
case where a company employs 100 data entry clerks and every one of them makes one input
error each month?
A. 100 B. 120 C. 1 D. 1200 ISC CISSP Exam "
D
QUESTION NO: 509
How is Annualized Loss Expectancy (ALE) derived from a threat?
A. ARO x (SLE - EF)
B. SLE x ARO
C. SLE/EF
D. AV x EF
B
QUESTION NO: 510
What does “residual risk” mean?
A. The security risk that remains after controls have been implemented
B. Weakness of an assets which can be exploited by a threat
C. Risk that remains after risk assessment has been performed
D. A security risk intrinsic to an asset being audited, where no mitigation has taken place.
A
QUESTION NO: 511
Preservation of confidentiality within information systems requires that the information is not
disclosed to:
A. Authorized person
B. Unauthorized persons or processes.
C. Unauthorized persons.
D. Authorized persons and processes
B
QUESTION NO: 512
Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson
model?
A. Prevention of the modification of information by unauthorized users.
B. Prevention of the unauthorized or unintentional modification of information by authorized users.
C. Preservation of the internal and external consistency.
D. Prevention of the modification of information by authorized users.
D
QUESTION NO: 513
What is called an event or activity that has the potential to cause harm to the information systems
or networks?
A. Vulnerability
B. Threat agent
C. Weakness
D. Threat
D
QUESTION NO: 514
A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the
information systems or networks is called a?
A. Vulnerability
B. Risk
C. Threat
D. Overflow
A
QUESTION NO: 515
What is called the probability that a threat to an information system will materialize?
A. Threat
B. Risk
C. Vulnerability
D. Hole
B
QUESTION NO: 516
Risk mitigation and risk reduction controls for providing information security are classified within
three main categories, which of the following are being used?
A. preventive, corrective, and administrative
B. detective, corrective, and physical
C. Physical, technical, and administrative
D. Administrative, operational, and logical
C
QUESTION NO: 517
Which of the following would be best suited to oversee the development of an information security
policy?
A. System Administrators
B. End User
C. Security Officers
D. Security administrators
C
QUESTION NO: 518
Which of the following is the MOST important aspect relating to employee termination?
A. The details of employee have been removed from active payroll files.
B. Company property provided to the employee has been returned.
C. User ID and passwords of the employee have been deleted.
D. The appropriate company staff are notified about the termination.
D
QUESTION NO: 519
Making sure that only those who are supposed to access the data can access is which of the
following?
A. confidentiality.
B. capability.
C. integrity.
D. availability.
A
QUESTION NO: 520
Related to information security, confidentiality is the opposite of which of the following?
A. closure
B. disclosure
C. disposal
D. disaster
B
QUESTION NO: 521
Related to information security, integrity is the opposite of which of the following?
A. abstraction
B. alteration
C. accreditation
D. application
B
QUESTION NO: 522
Making sure that the data is accessible when and where it is needed is which of the following?
A. confidentiality
B. integrity
C. acceptability
D. availability
D
QUESTION NO: 523
Related to information security, availability is the opposite of which of the following?
A. delegation
B. distribution
C. documentation
D. destruction
D
QUESTION NO: 524
Related to information security, the prevention of the intentional or unintentional unauthorized
disclosure of contents is which of the following?
A. Confidentiality
B. Integrity
C. Availability
D. capability
A
QUESTION NO: 525
Related to information security, the guarantee that the message sent is the message received with
the assurance that the message was not intentionally or unintentionally altered is an example of
which of the following?
A. integrity
B. confidentiality
C. availability
D. identity
A
QUESTION NO: 526
One of these statements about the key elements of a good configuration process is NOT true
A. Accommodate the reuse of proven standards and best practices
B. Ensure that all requirements remain clear, concise, and valid
C. Control modifications to system hardware in order to prevent resource changes
D. Ensure changes, standards, and requirements are communicated promptly and precisely
C
QUESTION NO: 527
Which of the following is NOT an administrative control?
A. Logical access control mechanisms
B. Screening of personnel
C. Development of policies, standards, procedures and guidelines
D. Change control procedures
A
QUESTION NO: 528
Which of the following is NOT a technical control?
A. Password and resource management
B. Identification and authentication methods
C. Monitoring for physical intrusion
D. Intrusion Detection Systems
C
QUESTION NO: 529
Which of the following is BEST defined as a physical control?
A. Monitoring of system activity
B. Fencing
C. Identification and authentication methods
D. Logical access control mechanisms
B
QUESTION NO: 530
Which of the following would NOT violate the Due Diligence concept?
A. Security policy being outdated
B. Data owners not laying out the foundation of data protection
C. Network administrator not taking mandatory two-week vacation as planned
D. Latest security patches for servers being installed as per the Patch Management process
D
QUESTION NO: 531
Which of the following would BEST be defined as an absence or weakness of safeguard that could
be exploited?
A. A threat
B. A vulnerability
C. A risk
D. An exposure
B
QUESTION NO: 532
Which of the following could be BEST defined as the likelihood of a threat agent taking advantage
of a vulnerability?
A. A risk
B. A residual risk
C. An exposure
D. A countermeasure
A
QUESTION NO: 533
Which approach to a security program ensures people responsible for protecting the company’s
assets are DRIVING the program?
A. The Delphi approach
B. The top-down approach
C. The bottom-up approach
D. The technology approach
B
QUESTION NO: 534
Which of the following is NOT a part of a risk analysis?
A. Identify risks
B. Quantify the impact of potential threats
C. Provide an economic balance between the impact of the risk and the cost of the associated
countermeasure
D. Choose the best countermeasure
D
QUESTION NO: 535
How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of
the risk?
A. Reject the risk
B. Perform another risk analysis
C. Accept the risk
D. Reduce the risk
C
QUESTION NO: 536
Which of the following is given the responsibility of the maintenance and protection of the data?
A. Data owner
B. Data custodian
C. User
D. Security administrator
B
QUESTION NO: 537
Who should DECIDE how a company should approach security and what security measures
should be implemented?
A. Senior management
B. Data owner
C. Auditor
D. The information security specialist
A
QUESTION NO: 538
Which of the following is responsible for MOST of the security issues?
A. Outside espionage
B. Hackers
C. Personnel
D. Equipment failure
C
QUESTION NO: 539
What are the three FUNDAMENTAL principles of security?
A. Accountability, confidentiality and integrity
B. Confidentiality, integrity and availability
C. Integrity, availability and accountability
D. Availability, accountability and confidentiality
B
QUESTION NO: 540
What would BEST define risk management?
A. The process of eliminating the risk
B. The process of assessing the risks
C. The process of reducing risk to an acceptable level
D. The process of transferring risk
C
QUESTION NO: 541
Within the context of the CBK, which of the following provides a MINIMUM level of security
ACCEPTABLE for an environment?
A. A baseline
B. A standard
C. A procedure
D. A guideline
A
QUESTION NO: 542
According to private sector data classification levels, how would salary levels and medical
information be classified?
A. Public.
B. Internal Use Only.
C. Restricted.
D. Confidential.
D
QUESTION NO: 543
Which of the following would be the best criterion to consider in determining the classification of an
information asset?
A. Value
B. Age
C. Useful life
D. Personal association
A
QUESTION NO: 544
Which of the following is not a responsibility of an information (data) owner?
A. Determine what level of classification the information requires.
B. Periodically review the classification assignments against business needs.
C. Delegate the responsibility of data protection to data custodians.
D. Running regular backups and periodically testing the validity of the backup data.
D
QUESTION NO: 545
Which of the following embodies all the detailed actions that personnel are required to follow?
A. Standards
B. Guidelines
C. Procedures
D. Baselines
C
QUESTION NO: 546
Who is responsible for providing reports to the senior management on the effectiveness of the
security controls?
A. Information systems security professionals
B. Data owners
C. Data custodians
D. Information systems auditors
D
