SP - Practice Quiz AT COPY Flashcards
1
Q
QUESTION NO: 1
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:
A. Concern that the laser beam may cause eye damage.
B. The iris pattern changes as a person grows older.
C. There is a relatively high rate of false accepts.
D. The optical unit must be positioned so that the sun does not shine into the aperture.
A
D
2
Q
QUESTION NO: 2
In Mandatory Access Control, sensitivity labels attached to object contain what information?
A. The item’s classification
B. The item’s classification and category set
C. The item’s category
D. The item’s need to know
A
B
3
Q
QUESTION NO: 3
Which of the following is true about Kerberos?
A. It utilizes public key cryptography.
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text.
C. It depends upon symmetric ciphers.
D. It is a second party authentication system.
A
C
4
Q
QUESTION NO: 4
Which of the following is needed for System Accountability?
A. Audit mechanisms.
B. Documented design as laid out in the Common Criteria.
C. Authorization.
D. Formal verification of system design.
A
A
5
Q
QUESTION NO: 5
What is Kerberos?
A. A three-headed dog from the egyptian mythology.
B. A trusted third-party authentication protocol.
C. A security model.
D. A remote authentication dial in user server.
A
B
6
Q
QUESTION NO: 6
Kerberos depends upon what encryption method?
A. Public Key cryptography.
B. Secret Key cryptography.
C. El Gamal cryptography.
D. Blowfish cryptography.
A
B
7
Q
QUESTION NO: 7
A confidential number used as an authentication factor to verify a user’s identity is called a:
A. PIN
B. User ID
C. Password
D. Challenge
A
A
8
Q
QUESTION NO: 8
Individual accountability does not include which of the following?
A. unique identifiers
B. policies & procedures
C. access rules
D. audit trails
A
B
9
Q
QUESTION NO: 9
Which of the following exemplifies proper separation of duties?
A. Operators are not permitted modify the system time.
B. Programmers are permitted to use the system console.
C. Console operators are permitted to mount tapes and disks.
D. Tape operators are permitted to use the system console.
A
A
10
Q
QUESTION NO: 10
An access control policy for a bank teller is an example of the implementation of which of thefollowing?
A. Rule-based policy
B. Identity-based policy
C. User-based policy
D. Role-based policy
A
D
11
Q
QUESTION NO: 11
Which one of the following authentication mechanisms creates a problem for mobile users?
A. Mechanisms based on IP addresses
B. Mechanism with reusable passwords
C. One-time password mechanism.
D. Challenge response mechanism.
A
A
12
Q
QUESTION NO: 12
Organizations should consider which of the following first before allowing external access to theirLANs via the Internet?
A. Plan for implementing workstation locking mechanisms.
B. Plan for protecting the modem pool.
C. Plan for providing the user with his account usage information.
D. Plan for considering proper authentication options.
A
D
13
Q
QUESTION NO: 13
Kerberos can prevent which one of the following attacks?
A. Tunneling attack.
B. Playback (replay) attack.
C. Destructive attack.
D. Process attack.
A
B
14
Q
QUESTION NO: 14
In discretionary access environments, which of the following entities is authorized to grant information access to other people?
A. Manager
B. Group Leader
C. Security Manager
D. Data Owner
A
D
15
Q
QUESTION NO: 15
What is the main concern with single sign-on?
A. Maximum unauthorized access would be possible if a password is disclosed.
B. The security administrator’s workload would increase.
C. The users’ password would be too hard to remember.
D. User access rights would be increased.
A
A
16
Q
QUESTION NO: 16
Who developed one of the first mathematical models of a multilevel-security computer system?
A. Diffie and Hellman.
B. Clark and Wilson.
C. Bell and LaPadula.
D. Gasser and Lipner.
A
C
17
Q
QUESTION NO: 17
Which of the following attacks could capture network user passwords?
A. Data diddling
B. Sniffing
C. IP Spoofing
D. Smurfing
A
B
18
Q
QUESTION NO: 18
Which of the following would constitute the best example of a password to use for access to asystem by a network administrator?
A. holiday
B. Christmas12
C. Jenny
D. GyN19Za!
A
D
19
Q
QUESTION NO: 19
What physical characteristic does a retinal scan biometric device measure?
A. The amount of light reaching the retina
B. The amount of light reflected by the retina
C. The pattern of light receptors at the back of the eye
D. The pattern of blood vessels at the back of the eye
A
D
20
Q
QUESTION NO: 20
The Computer Security Policy Model the Orange Book is based on is which of the following?
A. Bell-LaPadula
B. Data Encryption Standard
C. Kerberos
D. Tempest
A
A
21
Q
QUESTION NO: 21
The end result of implementing the principle of least privilege means which of the following?
A. Users would get access to only the info for which they have a need to know
B. Users can access all systems.
C. Users get new privileges added when they change positions.
D. Authorization creep.
A
A
22
Q
QUESTION NO: 22
Which of the following is the most reliable authentication method for remote access?
A. Variable callback system
B. Synchronous token
C. Fixed callback system
D. Combination of callback and caller ID
A
B
23
Q
QUESTION NO: 23
Which of the following is true of two-factor authentication?
A. It uses the RSA public-key signature based on integers with large prime factors.
B. It requires two measurements of hand geometry.
C. It does not use single sign-on technology.
D. It relies on two independent proofs of identity.
A
D
24
Q
QUESTION NO: 24
The primary service provided by Kerberos is which of the following?
A. non-repudiation
B. confidentiality
C. authentication
D. authorization
A
C
25
QUESTION NO: 25
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?
A. public keys
B. private keys
C. public-key certificates
D. private-key certificates
C
26
QUESTION NO: 26
In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
A. Bell-LaPadula model
B. Biba model
C. Access Matrix model
D. Take-Grant model
A
27
QUESTION NO: 27
Which of the following was developed to address some of the weaknesses in Kerberos and usespublic key cryptography for the distribution of secret keys and provides additional access controlsupport?
A. SESAME
B. RADIUS
C. KryptoKnight
D. TACACS+
A
28
QUESTION NO: 28
Single Sign-on (SSO) is characterized by which of the following advantages?
A. Convenience
B. Convenience and centralized administration
C. Convenience and centralized data administration
D. Convenience and centralized network administration
B
29
QUESTION NO: 29
What is the primary role of smartcards in a PKI?
A. Transparent renewal of user keys
B. Easy distribution of the certificates between the users
C. Fast hardware encryption of the raw data
D. Tamper resistant, mobile storage and application of private keys of the users
D
30
QUESTION NO: 30
What kind of certificate is used to validate a user identity?
A. Public key certificate
B. Attribute certificate
C. Root certificate
D. Code signing certificate
A
31
QUESTION NO: 31
The following is NOT a security characteristic we need to consider while choosing a biometric identification systems:
A. data acquisition process
B. cost
C. enrollment process
D. speed and user interface
B
32
QUESTION NO: 32
In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering 2 questions :
A. what was the sex of a person and his age
B. what part of body to be used and how to accomplish identification that is viable
C. what was the age of a person and his income level
D. what was the tone of the voice of a person and his habits
B
33
QUESTION NO: 33
In biometric identification systems, the parts of the body conveniently available for identification are:
A. neck and mouth
B. hands, face, and eyes
C. feet and hair
D. voice and neck
B
34
QUESTION NO: 34
Controlling access to information systems and associated networks is necessary for the preservation of their:
A. Authenticity, confidentiality and availability
B. Confidentiality, integrity, and availability.
C. integrity and availability.
D. authenticity,confidentiality, integrity and availability.
B
35
QUESTION NO: 35
To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up:
A. Access Rules
B. Access Matrix
C. Identification controls
D. Access terminal
A
36
QUESTION NO: 36
Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control?
A. Discretionary Access Control (DAC)
B. Mandatory Access control (MAC)
C. Non-Discretionary Access Control (NDAC)
D. Lattice-based Access control
C
37
QUESTION NO: 37
The type of discretionary access control (DAC) that is based on an individual's identity is also called:
A. Identity-based Access control
B. Rule-based Access control
C. Non-Discretionary Access Control
D. Lattice-based Access control
A
38
QUESTION NO: 38
Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
C
39
QUESTION NO: 39
Which of the following control pairings include: organizational policies and procedures, pre employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Administrative Pairing
A
40
QUESTION NO: 40
Technical controls such as encryption and access control can be built into the operating system,be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?
A. Preventive/Administrative Pairing
B. Preventive/Technical Pairing
C. Preventive/Physical Pairing
D. Detective/Technical Pairing
B
41
QUESTION NO: 41
What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources?
A. Micrometrics
B. Macrometrics
C. Biometrics
D. MicroBiometrics
C
42
QUESTION NO: 42
What is called the access protection system that limits connections by calling back the number of a previously authorized location?
A. Sendback systems
B. Callback forward systems
C. Callback systems
D. Sendback forward systems
C
43
QUESTION NO: 43
What are called user interfaces that limit the functions that can be selected by a user?
A. Constrained user interfaces
B. Limited user interfaces
C. Mini user interfaces
D. Unlimited user interfaces
A
44
QUESTION NO: 44
Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with:
A. Preventive/physical
B. Detective/technical
C. Detective/physical
D. Detective/administrative
D
45
QUESTION NO: 45
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:
A. Preventive/physical
B. Detective/technical
C. Detective/physical
D. Detective/administrative
B
46
QUESTION NO: 46
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:
A. Preventive/physical
B. Detective/technical
C. Detective/physical
D. Detective/administrative
C
47
QUESTION NO: 47
External consistency ensures that the data stored in the database is:
A. in-consistent with the real world.
B. remains consistent when sent from one system to another.
C. consistent with the logical world.
D. consistent with the real world.
D
48
QUESTION NO: 48
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
C
49
QUESTION NO: 49
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
A. Authentication
B. Identification
C. Authorization
D. Confidentiality
B
50
QUESTION NO: 50
Which one of the following factors is NOT one on which Authentication is based?
A. Type 1 Something you know, such as a PIN or password
B. Type 2 Something you have, such as an ATM card or smart card
C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan
D. Type 4 Something you are, such as a system administrator or security administrator
D
51
QUESTION NO: 51
A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
A. Mandatory Access Control
B. Discretionary Access Control
C. Non-Discretionary Access Control
D. Rule-based Access control
C
52
QUESTION NO: 52
What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
A. Authentication
B. Identification
C. Authorization
D. Confidentiality
B
53
QUESTION NO: 53
What is called the verification that the user's claimed identity is valid and is usually implemented through a user password at log-on time?
A. Authentication
B. Identification
C. Integrity
D. Confidentiality
A
54
QUESTION NO: 54
Which one of the following factors is NOT one on which Authentication is based?
A. Type 1 Something you know, such as a PIN or password
B. Type 2 Something you have, such as an ATM card or smart card
C. Type 3 Something you are (based upon one or more intrinsic physical or behavioral traits), such as a fingerprint or retina scan
D. Type 4 Something you are, such as a system administrator or security administrator
D
55
QUESTION NO: 55
The act of requiring two of the three factors to be used in the authentication process refers to:
A. Two-Factor Authentication
B. One-Factor Authentication
C. Bi-Factor Authentication
D. Double Authentication
A
56
QUESTION NO: 56
Which type of password provides maximum security because a new password is required for each new log-on?
A. One-time or dynamic password
B. Cognitive password
C. Static password
D. Passphrase
A
57
QUESTION NO: 57
What is called a password that is the same for each log-on session?
A. "one-time password"
B. "two-time password"
C. static password
D. dynamic password
C
58
QUESTION NO: 58
What is called a sequence of characters that is usually longer than the allotted number for a password?
A. passphrase
B. cognitive phrase
C. anticipated phrase
D. Real phrase
A
59
QUESTION NO: 59
Which best describes a tool (i.e. keyfob, calculator, memory card or smart card) used to supply dynamic passwords?
A. Tickets
B. Tokens
C. Token passing networks
D. Coupons
B
60
QUESTION NO: 60
Which of the following would be true about Static password tokens?
A. The owner identity is authenticated by the token
B. The owner will never be authenticated by the token.
C. The owner will authenticate himself to the system.
D. The token does not authenticates the token owner but the system.
A
61
QUESTION NO: 61
In Synchronous dynamic password tokens:
A. The token generates a new password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
B. The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
C. The unique password is not entered into a system or workstation along with an owner's PIN.
D. The authentication entity in a system or workstation knows an owner's secret key and PIN, and the entity verifies that the entered password is invalid and that it was entered during the invalid time window.
B
62
QUESTION NO: 62
In biometrics, "one-to-many" search against database of stored biometric images is done in:
A. Authentication
B. Identification
C. Identities
D. Identity-based access control
B
63
QUESTION NO: 63
Which of the following is true of biometrics?
A. It is used for identification in physical controls and it is not used in logical controls.
B. It is used for authentication in physical controls and for identification in logical controls.
C. It is used for identification in physical controls and for authentication in logical controls.
D. Biometrics has not role in logical controls.
C
64
QUESTION NO: 64
What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?
A. False Rejection Rate (FRR) or Type I Error
B. False Acceptance Rate (FAR) or Type II Error
C. Crossover Error Rate (CER)
D. True Rejection Rate (TRR) or Type III Error
A
65
QUESTION NO: 65
What is called the percentage of invalid subjects that are falsely accepted by a Biometric authentication system?
A. False Rejection Rate (FRR) or Type I Error
B. False Acceptance Rate (FAR) or Type II Error
C. Crossover Error Rate (CER)
D. True Acceptance Rate (TAR) or Type III Error
B
66
QUESTION NO: 66
What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate?
A. False Rejection Rate (FRR) or Type I Error
B. False Acceptance Rate (FAR) or Type II Error
C. Crossover Error Rate (CER)
D. Failure to enroll rate (FTE or FER)
C
67
QUESTION NO: 67
Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following?
A. Accountability of biometrics systems
B. Acceptability of biometrics systems
C. Availability of biometrics systems
D. Adaptability of biometrics systems
B
68
QUESTION NO: 68
Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access?
A. Smart cards
B. Single Sign-On (SSO)
C. Symmetric Ciphers
D. Public Key Infrastructure (PKI)
B
69
QUESTION NO: 69
Which of the following describes the major disadvantage of many Single Sign-On (SSO)implementations?
A. Once an individual obtains access to the system through the initial log-on, they have access to all resources within the environment that the account has access to.
B. The initial logon process is cumbersome to discourage potential intruders.
C. Once a user obtains access to the system through the initial log-on, they only need to logon to some applications.
D. Once a user obtains access to the system through the initial log-on, he has to logout from allother systems
A
70
QUESTION NO: 70
Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services?
A. Single Sign-On
B. Dynamic Sign-On
C. Smart cards
D. Kerberos
A
71
QUESTION NO:
71Which of the following is NOT true of the Kerberos protocol?
A. Only a single login is required per session.
B. The initial authentication steps are done using public key algorithm.
C. The KDC is aware of all systems in the network and is trusted by all of them
D. It performs mutual authentication
B
72
QUESTION NO: 72
The authenticator within Kerberos provides a requested service to the client after validating whichof the following?
A. timestamp
B. client public key
C. client private key
D. server public key
A
73
QUESTION NO: 73
Which of the following is addressed by Kerberos?
A. Confidentiality and Integrity
B. Authentication and Availability
C. Validation and Integrity
D. Auditability and Integrity
A
74
QUESTION NO: 74
Kerberos is vulnerable to replay in which of the following circumstances?
A. When a private key is compromised within an allotted time window.
B. When a public key is compromised within an allotted time window.
C. When a ticket is compromised within an allotted time window.
D. When the KSD is compromised within an allotted time window.
C
75
QUESTION NO: 75
Like the Kerberos protocol, SESAME is also subject to which of the following?
A. timeslot replay
B. password guessing
C. symmetric key guessing
D. asymmetric key guessing
B
76
QUESTION NO: 76
RADIUS incorporates which of the following services?
A. Authentication server and PIN codes.
B. Authentication of clients and static passwords generation.
C. Authentication of clients and dynamic passwords generation.
D. Authentication server as well as support for Static and Dynamic passwords.
D
77
QUESTION NO: 77
Which of the following protects a password from eavesdroppers and supports the encryption of communication?
A. Challenge Handshake Authentication Protocol (CHAP)
B. Challenge Handshake Identification Protocol (CHIP)
C. Challenge Handshake Encryption Protocol (CHEP)
D. Challenge Handshake Substitution Protocol (CHSP)
A
78
QUESTION NO: 78
Which of the following represents the columns of the table in a relational database?
A. attributes
B. relation
C. record retention
D. records or tuples
A
79
QUESTION NO: 79
A database view is the results of which of the following operations?
A. Join and Select.
B. Join, Insert, and Project.
C. Join, Project, and Create.
D. Join, Project, and Select.
D
80
QUESTION NO: 80
Which of the following is used to create and modify the structure of your tables and other objects in the database?
A. SQL Data Definition Language (DDL)
B. SQL Data Manipulation Language (DML)
C. SQL Data Relational Language (DRL)
D. SQL Data Identification Language (DIL)
A
81
QUESTION NO: 81
Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?
A. Intrusion Detection System
B. Compliance Validation System
C. Intrusion Management System (IMS)
D. Compliance Monitoring System
A
82
QUESTION NO: 82
Which of the following monitors network traffic in real time?
A. network-based IDS
B. host-based IDS
C. application-based IDS
D. firewall-based IDS
A
83
QUESTION NO: 83
A host-based IDS is resident on which of the following?
A. On each of the critical hosts
B. decentralized hosts
C. central hosts
D. bastion hosts
A
84
QUESTION NO: 84
Which of the following usually provides reliable, real-time information without consuming networkor host resources?
A. network-based IDS
B. host-based IDS
C. application-based IDS
D. firewall-based IDS
A
85
QUESTION NO: 85
The fact that a network-based IDS reviews packets payload and headers enable which of the following?
A. Detection of denial of service
B. Detection of all viruses
C. Detection of data corruption
D. Detection of all password guessing attacks
A
86
QUESTION NO: 86
Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?
A. host-based IDS
B. firewall-based IDS
C. bastion-based IDS
D. server-based IDS
A
87
QUESTION NO: 87
What would be considered the biggest drawback of Host-based Intrusion Detection systems(HIDS)?
A. It can be very invasive to the host operating system
B. Monitors all processes and activities on the host system only
C. Virtually eliminates limits associated with encryption
D. They have an increased level of visibility and control compared to NIDS
A
88
QUESTION NO: 88
Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)?
A. signature-based IDS
B. statistical anomaly-based IDS
C. event-based IDS
D. inferent-based IDS
A
89
QUESTION NO: 89
Which of the following is an issue with signature-based intrusion detection systems?
A. Only previously identified attack signatures are detected.
B. Signature databases must be augmented with inferential elements.
C. It runs only on the windows operating system
D. Hackers can circumvent signature evaluations.
A
90
QUESTION NO: 90
Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?
A. Statistical Anomaly-Based ID
B. Signature-Based ID
C. dynamical anomaly-based ID
D. inferential anomaly-based ID
A
91
QUESTION NO: 91
Which of the following is most relevant to determining the maximum effective cost of access control?
A. the value of information that is protected.
B. management's perceptions regarding data importance.
C. budget planning related to base versus incremental spending.
D. the cost to replace lost data.
A
92
QUESTION NO: 92
Which of the following is NOT a factor related to Access Control?
A. integrity
B. authenticity
C. confidentiality
D. availability
B
93
QUESTION NO: 93
Which of the following is most appropriate to notify an external user that session monitoring is being conducted?
A. Logon Banners
B. Wall poster
C. Employee Handbook
D. Written agreement
A
94
QUESTION NO: 94
Which of the following pairings uses technology to enforce access control policies?
A. Preventive/Administrative
B. Preventive/Technical
C. Preventive/Physical
D. Detective/Administrative
B
95
QUESTION NO: 95
In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in?
A. Recovery
B. Containment
C. Triage
D. Analysis and tracking
D
96
QUESTION NO: 96
Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to:
A. specify what users can do
B. specify which resources they can access
C. specify how to restrain hackers
D. specify what operations they can perform on a system.
C
97
QUESTION NO: 97
Access Control techniques do not include which of the following choices?
A. Relevant Access Controls
B. Discretionary Access Control
C. Mandatory Access Control
D. Lattice Based Access Control
A
98
QUESTION NO: 98
Which of the following statements relating to the Bell-LaPadula security model is FALSE(assuming the Strong Star property is not being used)?
A. A subject is not allowed to read up.
B. The *- property restriction can be escaped by temporarily downgrading a high level subject.
C. A subject is not allowed to read down.
D. It is restricted to confidentiality.
C
99
QUESTION NO: 99
When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED?
A. Type I error
B. Type II error
C. Type III error
D. Crossover error
B
100
QUESTION NO: 100
Which of the following is the FIRST step in protecting data's confidentiality?
A. Install a firewall
B. Implement encryption
C. Identify which information is sensitive
D. Review all user access rights
C
101
QUESTION NO: 101
Which of the following best ensures accountability of users for the actions taken within a system or domain?
A. Identification
B. Authentication
C. Authorization
D. Credentials
B
102
QUESTION NO: 102
Which of the following statements pertaining to biometrics is FALSE?
A. User can be authenticated based on behavior.
B. User can be authenticated based on unique physical attributes.
C. User can be authenticated by what he knows.
D. A biometric system's accuracy is determined by its crossover error rate (CER).
C
103
QUESTION NO: 103
Which of the following biometric devices offers the LOWEST CER?
A. Keystroke dynamics
B. Voice verification
C. Iris scan
D. Fingerprint
C
104
QUESTION NO: 104
Which of the following is the WEAKEST authentication mechanism?
A. Passphrases
B. Passwords
C. One-time passwords
D. Token devices
B
105
QUESTION NO: 105
Which of the following statements pertaining to access control is false?
A. Users should only access data on a need-to-know basis.
B. If access is not explicitly denied, it should be implicitly allowed.
C. Access rights should be granted based on the level of trust a company has on a subject.
D. Roles can be an efficient way to assign rights to a type of user who performs certain tasks.
B
106
QUESTION NO: 106
Which of the following is NOT part of the Kerberos authentication protocol?
A. Symmetric key cryptography
B. Authentication service (AS)
C. Principals
D. Public Key
D
107
QUESTION NO: 107
Which access control model enables the OWNER of the resource to specify what subjects canaccess specific resources based on their identity?
A. Discretionary Access Control
B. Mandatory Access Control
C. Sensitive Access Control
D. Role-based Access Control
A
108
QUESTION NO: 108
Which of the following access control models is based on sensitivity labels?
A. Discretionary access control
B. Mandatory access control
C. Rule-based access control
D. Role-based access control
B
109
QUESTION NO: 109
Which access control model is also called Non Discretionary Access Control (NDAC)?
A. Lattice based access control
B. Mandatory access control
C. Role-based access control
D. Label-based access control
C
110
QUESTION NO: 110
Which access model is most appropriate for companies with a high employee turnover?
A. Role-based access control
B. Mandatory access control
C. Lattice-based access control
D. Discretionary access control
A
111
QUESTION NO: 111
In a security context what are database views used for?
A. To ensure referential integrity
B. To allow easier access to data in a database
C. To restrict user access to data in a database
D. To provide audit trails
C
112
QUESTION NO: 112
What can be defined as a list of subjects along with their access rights that are authorized toaccess a specific object?
A. A capability table
B. An access control list
C. An access control matrix
D. A role-based matrix
B
113
QUESTION NO: 113
What is the difference between Access Control Lists (ACLs) and Capability Tables?
A. Access control lists are related/attached to a subject whereas capability tables arerelated/attached to an object.
B. Access control lists are related/attached to an object whereas capability tables arerelated/attached to a subject.
C. Capability tables are used for objects whereas access control lists are used for users.
D. They are basically the same.
B
114
QUESTION NO: 114
What can be defined as a table of subjects and objects indicating what actions individual subjectscan take upon individual objects?
A. A capacity table
B. An access control list
C. An access control matrix
D. A capability table
C
115
QUESTION NO: 115
Which access control model is best suited in an environment where a high security level isrequired and where it is desired that only the administrator grants access control?
A. DAC
B. MAC
C. Access control matrix
D. TACACS
B
116
QUESTION NO: 116
What is the primary goal of setting up a honey pot?
A. To lure hackers into attacking unused systems
B. To entrap and track down possible hackers
C. To set up a sacrificial lamb on the network
D. To know when certain types of attacks are in progress and to learn about attack techniques sothe network can be fortified.
D
117
QUESTION NO: 117
Which of the following countermeasures would be the most appropriate to prevent possibleintrusion or damage from wardialing attacks?
A. Monitoring and auditing for such activity
B. Require user authentication
C. Making sure only necessary phone numbers are made public
D. Using completely different numbers for voice and data accesses
B
118
QUESTION NO: 118
Which access control model provides upper and lower bounds of access capabilities for a subject?
A. Role-based access control
B. Lattice-based access control
C. Biba access control
D. Content-dependent access control
B
119
QUESTION NO: 119
How are memory cards and smart cards different?
A. Memory cards normally hold more memory than smart cards
B. Smart cards provide a two-factor authentication whereas memory cards don't
C. Memory cards have no processing power
D. Only smart cards can be used for ATM cards
C
120
QUESTION NO: 120
Which of the following issues is not addressed by Kerberos?
A. Availability
B. Confidentiality
C. Integrity
D. Authentication
A
121
QUESTION NO: 121
Why do buffer overflows happen? What is the main cause?
A. Because buffers can only hold so much data
B. Because of improper parameter checking within the application
C. Because they are an easy weakness to exploit
D. Because of insufficient system memory
B
122
QUESTION NO: 122
What is the main focus of the Bell-LaPadula security model?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability
C
123
QUESTION NO: 123
Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT makinguse of the strong star property?
A. It allows "read up."
B. It addresses covert channels.
C. It addresses management of access controls.
D. It allows "write up."
D
124
QUESTION NO: 124
Which security model introduces access to objects only through programs?
A. The Biba model
B. The Bell-LaPadula model
C. The Clark-Wilson model
D. The information flow model
C
125
QUESTION NO: 125
An Intrusion Detection System (IDS) is what type of control?
A. A preventive control.
B. A detective control.
C. A recovery control.
D. A directive control.
B
126
QUESTION NO: 126
Smart cards are an example of which type of control?
A. Detective control
B. Administrative control
C. Technical control
D. Physical control
C
127
QUESTION NO: 127
What ensures that the control mechanisms correctly implement the security policy for the entire lifecycle of an information system?
A. Accountability controls
B. Mandatory access controls
C. Assurance procedures
D. Administrative controls
C
128
QUESTION NO: 128
What security model is dependent on security labels?
A. Discretionary access control
B. Label-based access control
C. Mandatory access control
D. Non-discretionary access control
C
129
QUESTION NO: 129
What security model implies a central authority that define rules and sometimes global rules,dictating what subjects can have access to what objects?
A. Flow Model
B. Discretionary access control
C. Mandatory access control
D. Non-discretionary access control
D
130
QUESTION NO: 130
Which type of password token involves time synchronization?
A. Static password tokens
B. Synchronous dynamic password tokens
C. Asynchronous dynamic password tokens
D. Challenge-response tokens
B
131
QUESTION NO: 131
Which of the following statements pertaining to biometrics is false?
A. Increased system sensitivity can cause a higher false rejection rate
B. The crossover error rate is the point at which false rejection rate equals the false acceptance rate.
C. False acceptance rate is also known as Type II error.
D. Biometrics are based on the Type 2 authentication mechanism.
D
132
QUESTION NO: 132
Which of the following statements pertaining to Kerberos is TRUE?
A. Kerberos does not address availability
B. Kerberos does not address integrity
C. Kerberos does not make use of Symmetric Keys
D. Kerberos cannot address confidentiality of information
A
133
QUESTION NO: 133
Database views are NOT used to:
A. Implement referential integrity
B. Implement least privilege
C. To implement content-dependent access restrictions
D. Implement need-to-know
A
134
QUESTION NO: 134
What IDS approach relies on a database of known attacks?
A. Signature-based intrusion detection
B. Statistical anomaly-based intrusion detection
C. Behavior-based intrusion detection
D. Network-based intrusion detection
A
135
QUESTION NO: 135
What refers to legitimate users accessing networked services that would normally be restricted to them?
A. Spoofing
B. Piggybacking
C. Eavesdropping
D. Logon abuse
D
136
QUESTION NO: 136
Which of the following is not a two-factor authentication mechanism?
A. Something you have and something you know.
B. Something you do and a password.
C. A smartcard and something you are.
D. Something you know and a password.
D
137
QUESTION NO: 137
Which of the following access control models introduces user security clearance and data classification?
A. Role-based access control
B. Discretionary access control
C. Non-discretionary access control
D. Mandatory access control
D
138
QUESTION NO: 138
Password management falls into which control category?
A. Compensating
B. Detective
C. Preventive
D. Technical
C
139
QUESTION NO: 139
Which of the following access control models requires security clearance for subjects?
A. Identity-based access control
B. Role-based access control
C. Discretionary access control
D. Mandatory access control
D
140
QUESTION NO: 140
Which of the following would describe a type of biometric error refers to as false rejection rate?
A. Type I error
B. Type II error
C. Type III error
D. CER error
A
141
QUESTION NO: 141
Which of the following access control models requires defining classification for objects?
A. Role-based access control
B. Discretionary access control
C. Identity-based access control
D. Mandatory access control
D
142
QUESTION NO: 142
In the context of access control, locks, gates, guards are examples of which of the following?
A. Administrative controls
B. Technical controls
C. Physical controls
D. Logical controls
C
143
QUESTION NO: 143
Which of the following statements pertaining to Kerberos is true?
A. Kerberos uses public key cryptography.
B. Kerberos uses X.509 certificates.
C. Kerberos is a credential-based authentication system.
D. Kerberos was developed by Microsoft.
C
144
QUESTION NO: 144
Which of the following statements pertaining to using Kerberos without any extension is false?
A. A client can be impersonated by password-guessing.
B. Kerberos is mostly a third-party authentication protocol.
C. Kerberos uses public key cryptography.
D. Kerberos provides robust authentication.
C
145
QUESTION NO: 145
Which access control model would a lattice-based access control model be an example of?
A. Mandatory access control.
B. Discretionary access control.
C. Non-discretionary access control.
D. Rule-based access control.
A
146
QUESTION NO: 146
Which of the following is an example of discretionary access control?
A. Identity-based access control
B. Task-based access control
C. Role-based access control
D. Rule-based access control
A
147
QUESTION NO: 147
Which of the following would be used to implement Mandatory Access Control (MAC)?
A. Clark-Wilson Access Control
B. Role-based access control
C. Lattice-based access control
D. User dictated access control
C
148
QUESTION NO: 148
What does the Clark-Wilson security model focus on?
A. Confidentiality
B. Integrity
C. Accountability
D. Availability
B
149
QUESTION NO: 149
What does the simple security (ss) property mean in the Bell-LaPadula model?
A. No read up
B. No write down
C. No read down
D. No write up
A
150
QUESTION NO: 150
What does the * (star) property mean in the Bell-LaPadula model?
A. No write up
B. No read up
C. No write down
D. No read down
C
151
QUESTION NO: 151
What does the * (star) integrity axiom mean in the Biba model?
A. No read up
B. No write down
C. No read down
D. No write up
D
152
QUESTION NO: 152
What is the Biba security model concerned with?
A. Confidentiality
B. Reliability
C. Availability
D. Integrity
D
153
QUESTION NO: 153
Which security model uses division of operations into different parts and requires different users toperform each part?
A. Bell-LaPadula model
B. Biba model
C. Clark-Wilson model
D. Non-interference model
C
154
QUESTION NO: 154
Which type of control is concerned with avoiding occurrences of risks?
A. Deterrent controls
B. Detective controls
C. Preventive controls
D. Compensating controls
C
155
QUESTION NO: 155
Which type of control is concerned with restoring controls?
A. Compensating controls
B. Corrective controls
C. Detective controls
D. Preventive controls
B
156
QUESTION NO: 156
Which of the following biometric parameters are better suited for authentication use over a longperiod of time?
A. Iris pattern
B. Voice pattern
C. Signature dynamics
D. Retina pattern
A
157
QUESTION NO: 157
Which of the following is required in order to provide accountability?
A. Authentication
B. Integrity
C. Confidentiality
D. Audit trails
D
158
QUESTION NO: 158
Which of the following access control techniques best gives the security officers the ability tospecify and enforce enterprise-specific security policies in a way that maps naturally to anorganization's structure?
A. Access control lists
B. Discretionary access control
C. Role-based access control
D. Non-mandatory access control
C
159
QUESTION NO: 159
Which access control model was proposed for enforcing access control in government and military applications?
A. Bell-LaPadula model
B. Biba model
C. Sutherland model
D. Brewer-Nash model
A
160
QUESTION NO: 160
Which access control model achieves data integrity through well-formed transactions andseparation of duties?
A. Clark-Wilson model
B. Biba model
C. Non-interference model
D. Sutherland model
A
161
QUESTION NO: 161
This is a common security issue that is extremely hard to control in large environments. It occurswhen a user has more computer rights, permissions, and access than what is required for thetasks the user needs to fulfill. What best describes this scenario?
A. Excessive Rights
B. Excessive Access
C. Excessive Permissions
D. Excessive Privileges
D
162
QUESTION NO: 162
Which of the following are additional access control objectives?
A. Consistency and utility
B. Reliability and utility
C. Usefulness and utility
D. Convenience and utility
B
163
QUESTION NO: 163
Controls are implemented to:
A. eliminate risk and reduce the potential for loss
B. mitigate risk and eliminate the potential for loss
C. mitigate risk and reduce the potential for loss
D. eliminate risk and eliminate the potential for loss
C
164
QUESTION NO: 164
Logical or technical controls involve the restriction of access to systems and the protection ofinformation. Which of the following statements pertaining to these types of controls is correct?
A. Examples of these types of controls include policies and procedures, security awarenesstraining, background checks, work habit checks but do not include a review of vacation history,and also do not include increased supervision.
B. Examples of these types of controls do not include encryption, smart cards, access lists, andtransmission protocols.
C. Examples of these types of controls are encryption, smart cards, access lists, and transmission protocols.
D. Examples of these types of controls include policies and procedures, security awarenesstraining, background checks, work habit checks, a review of vacation history, and increasedsupervision.
C
165
QUESTION NO: 165
Controls provide accountability for individuals who are accessing sensitive information. Thisaccountability is accomplished:
A. through access control mechanisms that require identification and authentication and throughthe audit function.
B. through logical or technical controls involving the restriction of access to systems and theprotection of information.
C. through logical or technical controls but not involving the restriction of access to systems andthe protection of information
D. through access control mechanisms that do not require identification and authentication and donot operate through the audit function.
A
166
QUESTION NO: 166
In non-discretionary access control using Role Based Access Control (RBAC), a central authoritydetermines what subjects can have access to certain objects based on the organizational securitypolicy. The access controls may be based on:
A. The societies role in the organization
B. The individual's role in the organization
C. The group-dynamics as they relate to the individual's role in the organization
D. The group-dynamics as they relate to the master-slave role in the organization
B
167
QUESTION NO: 167
In an organization where there are frequent personnel changes, non-discretionary access controlusing Role Based Access Control (RBAC) is useful because:
A. people need not use discretion
B. the access controls are based on the individual's role or title within the organization.
C. the access controls are not based on the individual's role or title within the organization
D. the access controls are often based on the individual's role or title within the organization
B
168
QUESTION NO: 168
Another type of access control is lattice-based access control. In this type of control a lattice modelis applied. How is this type of access control concept applied?
A. The pair of elements is the subject and object, and the subject has an upper bound equal orhigher than the upper bound of the object being accessed.
B. The pair of elements is the subject and object, and the subject has an upper bound lower thenthe upper bound of the object being accessed.
C. The pair of elements is the subject and object, and the subject has no special upper or lowerbound needed within the lattice.
D. The pair of elements is the subject and object, and the subject has no access rights in relationto an object.
A
169
QUESTION NO: 169
Detective/Technical measures:
A. include intrusion detection systems and automatically-generated violation reports from audittrail information.
B. do not include intrusion detection systems and automatically-generated violation reports fromaudit trail information.
C. include intrusion detection systems but do not include automatically-generated violation reportsfrom audit trail information.
D. include intrusion detection systems and customised-generated violation reports from audit trailinformation.
A
170
QUESTION NO: 170
Passwords can be required to change monthly, quarterly, or at other intervals:
A. depending on the criticality of the information needing protection
B. depending on the criticality of the information needing protection and the password's frequencyof use.
C. depending on the password's frequency of use.
D. not depending on the criticality of the information needing protection but depending on thepassword's frequency of use.
B
171
QUESTION NO: 171
When submitting a passphrase for authentication, the passphrase is converted into ...
A. a virtual password by the system.
B. a new passphrase by the system.
C. a new passphrase by the encryption technologyISC CISSP Exam"
D. a real password by the system which can be used forever.
A
172
QUESTION NO: 172
In the context of Biometric authentication, what is a quick way to compare the accuracy of devices.In general, the device that have the lowest value would be the most accurate. Which of thefollowing would be used to compare accuracy of devices?
A. the CER is used.
B. the FRR is used
C. the FAR is used
D. The FER is used
A
173
QUESTION NO: 173
The throughput rate is the rate at which individuals, once enrolled, can be processed and identifiedor authenticated by a biometric system. Acceptable throughput rates are in the range of:
A. 100 subjects per minute.
B. 25 subjects per minute.
C. 10 subjects per minute.
D. 50 subjects per minute.
C
174
QUESTION NO: 174
Which of the following biometric devices has the lowest user acceptance level?
A. Retina Scan
B. Fingerprint scan
C. Hand geometry
D. Signature recognition
A
175
QUESTION NO: 175
Which of the following would be an example of the best password?
A. golf001
B. Elizabeth
C. T1me4g0lF
D. password
C
176
QUESTION NO: 176
Which of the following tools is less likely to be used by a hacker?
A. l0phtcrack
B. Tripwire
C. OphCrack
D. John the Ripper
B
177
QUESTION NO: 177
What is an error called that causes a system to be vulnerable because of the environment in whichit is installed?
A. Configuration error
B. Environmental error
C. Access validation error
D. Exceptional condition handling error
B
178
QUESTION NO: 178
A network-based vulnerability assessment is a type of test also referred to as:
A. An active vulnerability assessment.
B. A routing vulnerability assessment.
C. A host-based vulnerability assessment.
D. A passive vulnerability assessment.
A
179
QUESTION NO: 179
Why would anomaly detection IDSs often generate a large number of false positives?
A. Because they can only identify correctly attacks they already know about.
B. Because they are application-based are more subject to attacks.
C. Because they can't identify abnormal behavior.
D. Because normal patterns of user and system behavior can vary wildly.
D
180
QUESTION NO: 180
Ensuring least privilege does not require:
A. Identifying what the user's job is.
B. Ensuring that the user alone does not have sufficient rights to subvert an important process.
C. Determining the minimum set of privileges required for a user to perform their duties.
D. Restricting the user to required privileges and nothing more.
B
181
QUESTION NO: 181
Which of the following is NOT a form of detective technical control?
A. Audit trails
B. Access control software
C. Honeypot
D. Intrusion detection system
B
182
QUESTION NO: 182
Which of the following does not apply to system-generated passwords?
A. Passwords are harder to remember for users.
B. If the password-generating algorithm gets to be known, the entire system is in jeopardy.
C. Passwords are more vulnerable to brute force and dictionary attacks.
D. Passwords are harder to guess for attackers.
C
183
QUESTION NO: 183
Which of the following is not a preventive login control?
A. Last login message
B. Password aging
C. Minimum password length
D. Account expiration
A
184
QUESTION NO: 184
What is the most critical characteristic of a biometric identifying system?
A. Perceived intrusiveness
B. Storage requirements
C. Accuracy
D. Scalability
C
185
QUESTION NO: 185
What is considered the most important type of error to avoid for a biometric access control system?
A. Type I Error
B. Type II Error
C. Combined Error Rate
D. Crossover Error Rate
B
186
QUESTION NO: 186
How can an individual/person best be identified or authenticated to prevent local masquerading attacks?
A. User Id and password
B. Smart card and PIN code
C. Two-factor authentication
D. Biometrics
D
187
QUESTION NO: 187
Which authentication technique best protects against hijacking?
A. Static authentication
B. Continuous authentication
C. Robust authentication
D. Strong authentication
B
188
QUESTION NO: 188
Which of the following is not a security goal for remote access?
A. Reliable authentication of users and systems
B. Protection of confidential data
C. Easy to manage access control to systems and network resources
D. Automated login for remote users
D
189
QUESTION NO: 189
Which of the following is most concerned with personnel security?
A. Management controls
B. Operational controls
C. Technical controls
D. Human resources controls
B
190
QUESTION NO: 190
Which of the following questions is less likely to help in assessing identification and authentication controls?
A. Is a current list maintained and approved of authorized users and their access?
B. Are passwords changed at least every ninety days or earlier if needed?
C. Are inactive user identifications disabled after a specified period of time?
D. Is there a process for reporting incidents?
D
191
QUESTION NO: 191
How would nonrepudiation be best classified as?
A. A preventive control
B. A logical control
C. A corrective control
D. A compensating control
A
192
QUESTION NO: 192
What are cognitive passwords?
A. Passwords that can be used only once.
B. Fact or opinion-based information used to verify an individual's identity.
C. Password generators that use a challenge response scheme.
D. Passphrases.
B
193
QUESTION NO: 193
Which of the following Kerberos components holds all users' and services' cryptographic keys?
A. The Key Distribution Service
B. The Authentication Service
C. The Key Distribution Center
D. The Key Granting Service
C
194
QUESTION NO: 194
Most access violations are:
A. Accidental
B. Caused by internal hackers
C. Caused by external hackers
D. Related to Internet
A
195
QUESTION NO: 195
Which of the following biometrics devices has the highest Crossover Error Rate (CER)?
A. Iris scan
B. Hand geometry
C. Voice pattern
D. Fingerprints
C
196
QUESTION NO: 196
Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)?
A. Authentication
B. Administration
C. Accounting
D. Authorization
B
197
QUESTION NO: 197
Which of the following protocol was used by the INITIAL version of the Terminal Access ControllerAccess Control System TACACS for communication between clients and servers?
A. TCP
B. SSL
C. UDP
D. SSH
C
198
QUESTION NO: 198
Which of the following can best eliminate dial-up access through a Remote Access Server as ahacking vector?
A. Using a TACACS+ server.
B. Installing the Remote Access Server outside the firewall and forcing legitimate users toauthenticate to the firewall.
C. Setting modem ring count to at least 5
D. Only attaching modems to non-networked hosts.
B
199
QUESTION NO: 199
In the Bell-LaPadula model, the Star-property is also called:
A. The simple security property
B. The confidentiality property
C. The confinement property
D. The tranquility property
C
200
QUESTION NO: 200
An attack initiated by an entity that is authorized to access system resources but uses them in away not approved by those who granted the authorization is known as a(n):
A. active attack.
B. outside attack.
C. inside attack.
D. passive attack.
C
201
QUESTION NO: 201
Which of the following can be defined as a framework that supports multiple, optional
authentication mechanisms for PPP, including cleartext passwords, challenge-response, and
arbitrary dialog sequences?
A. Extensible Authentication Protocol
B. Challenge Handshake Authentication Protocol
C. Remote Authentication Dial-In User Service
D. Multilevel Authentication Protocol.
A
202
QUESTION NO: 202
What is the name of the first mathematical model of a multi-level security policy used to define the
concept of a secure state, the modes of access, and rules for granting access?
A. Clark and Wilson Model
B. Harrison-Ruzzo-Ullman Model
C. Rivest and Shamir Model
D. Bell-LaPadula Model
D
203
QUESTION NO: 203
What is the PRIMARY use of a password?
A. Allow access to files.
B. Identify the user.
C. Authenticate the user.
D. Segregate various user's accesses.
C
204
QUESTION NO: 204
The three classic ways of authenticating yourself to the computer security software are: something
you know, something you have, and something:
A. you need.
B. you read.
C. you are.
D. you do.
C
205
```
QUESTION NO: 205
An access system that grants users only those rights necessary for them to perform their work is
operating on which security principle?
A. Discretionary Access
B. Least Privilege
C. Mandatory Access
D. Separation of Duties
```
B
206
QUESTION NO: 206
Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be
used for Authentication. When one of these item listed above in conjunction with a second factor
to validate authentication, it provides robust authentication of the individual by practicing which of
the following?
A. Multi-party authentication
B. Two-factor authentication
C. Mandatory authentication
D. Discretionary authentication
B
207
QUESTION NO: 207
What would you call a network security control deployed in line to detects, alerts, and takes action
when a possible intrusion is detected.
A. Application Based Instrusion Detection Systems (AIDS)
B. Network Based Intrusion Detection System (NIDS)
C. Intrusion Prevention System (IPS)
D. Host Based Intrusion Detection System (HIDS)
C
208
QUESTION NO: 208
What is a security policy?
A. High level statements on management's expectations that must be met in regards to security
B. A policy that defines authentication to the network.
C. A policy that focuses on ensuring a secure posture and expresses management approval. It
explains in detail how to implement the requirements.
D. A statement that focuses on the authorization process for a system
A
209
QUESTION NO: 209
Legacy single sign on (SSO) is:
A. Technology to allow users to authenticate to every application by entering the same user ID
and password each time, thus having to remember only a single password.
B. Technology to manage passwords consistently across multiple platforms, enforcing policies
such as password change intervals.
C. A mechanism where users can authenticate themselves once, and then a central repository of
their credentials is used to launch various legacy applications.
D. Another way of referring to SESAME and KryptoKnight, now that Kerberos is the de-facto industry standard single sign on mechanism.
C
210
QUESTION NO: 210
Identity Management solutions include such technologies as Directories services, Single Sign-On
and Web Access management. There are many reasons for management to choose an identity
management solution.
Which of the following is a key management challenge regarding identity management solutions?
A. Increasing the number of points of failures.
B. Users will no longer be able to “recycle” their password for different applications.
C. Costs increase as identity management technologies require significant resources.
D. It must be able to scale to support high volumes of data and peak transaction rates.
D
211
QUESTION NO: 211
Which of the following describes the sequence of steps required for a Kerberos session to be
established between a user (Principal P1), and an application server (Principal P2)?
A. Principals P1 and Principals P2 authenticate to the Key Distribution Center (KDC),
B. Principal P1 receives a Ticket Granting Ticket (TGT), and then Principal P2 requests a service
ticket from the KDC.
C. Principal P1 authenticates to the Key Distribution Center(KDC), Principal P1 receives a Ticket
Granting Ticket (TGT), and Principal P1 requests a service ticket from the Ticket Granting Service
(TGS) in order to access the application server P2
D. Principal P1 authenticates to the Key Distribution Center (KDC),
E. Principal P1 requests a Ticket Granting Ticket (TGT) from the authentication server, and then
Principal P1 requests a service ticket from the application server P2
F. Principals P1 and P2 authenticate to the Key Distribution Center (KDC), Principal P1 requests a
Ticket Granting Ticket (TGT) from the authentication server, and application server P2 requests a service ticket from P1
C
212
QUESTION NO: 212
Which type of security control is also known as "Logical" control?
A. Physical
B. Technical
C. Administrative
D. Risk
B
213
QUESTION NO: 213
Which of the following term best describes a weakness that could potentially be exploited?
A. Vulnerability
B. Risk
C. Threat
D. Target of evaluation (TOE)
A
214
QUESTION NO: 214
Which of the following best describes an exploit?
A. An intentional hidden message or feature in an object such as a piece of software or a movie.
B. A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability
in order to cause unintended or unanticipated behavior to occur on computer software
C. An anomalous condition where a process attempts to store data beyond the boundaries of a
fixed-length buffer
D. A condition where a program (either an application or part of the operating system) stops
performing its expected function and also stops responding to other parts of the system
B
215
QUESTION NO: 215
A smart Card that has two chips with the Capability of utilizing both Contact and Contactless
formats is called:
A. Contact Smart Cards
B. Contactless Smart Cards
C. Hybrid Cards
D. Combi Cards
C
216
QUESTION NO: 216
An employee ensures all cables are shielded, builds concrete walls that extend from the true floor
to the true ceiling and installs a white noise generator. What attack is the employee trying to
protect against?
A. Emanation Attacks
B. Social Engineering
C. Object reuse
D. Wiretaping
A
217
QUESTION NO: 217
The best technique to authenticate to a system is to:
A. Establish biometric access through a secured server or Web site.
B. Ensure the person is authenticated by something he knows and something he has.
C. Maintain correct and accurate ACLs (access control lists) to allow access to applications.
D. Allow access only through user ID and password.
B
218
QUESTION NO: 218
Business Impact Analysis (BIA) is about
A. Technology
B. Supporting the mission of the organization
C. Due Care
D. Risk Assessment
B
219
QUESTION NO: 219
You wish to make use of "port knocking" technologies. How can you BEST explain this?
A. Port knocking is where the client will attempt to connect to a predefined set of ports to identify
him as an authorized client.
B. Port knocking is where the user calls the server operator to have him start the service he wants
to connect to.
C. This is where all the ports are open on the server and the connecting client scans the open port
to which he wants to connect to see if it's open and running.
D. Port knocking is where the port sequence is encrypted with 3DES and only the server has the
other key to decrypt the port sequence.
A
220
QUESTION NO: 220
Tim is a network administrator of Acme inc. He is responsible for configuring the network devices.
John the new security manager reviews the configuration of the Firewall configured by Tim and
identifies an issue. This specific firewall is configured in failover mode with another firewall. A
sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used
by Tim while configuring the firewalls. Which of the following should be used by Tim to ensure a
that no one can eavesdrop on the communication?
A. SSH
B. SFTP
C. SCP
D. RSH
A
221
QUESTION NO: 221
Tim's day to day responsibilities include monitoring health of devices on the network. He uses a
Network Monitoring System supporting SNMP to monitor the devices for any anomalies or high
traffic passing through the interfaces. Which of the protocols would be BEST to use if some of the
requirements are to prevent easy disclosure of the SNMP strings and authentication of the source
of the packets?
A. UDP
B. SNMP V1
C. SNMP V3
D. SNMP V2
C
222
QUESTION NO: 222
You have been approached by one of your clients . They are interested in doing some security reengineering
. The client is looking at various information security models. It is a highly secure
environment where data at high classifications cannot be leaked to subjects at lower
classifications . Of primary concern to them, is the identification of potential covert channel. As an
Information Security Professional , which model would you recommend to the client?
A. Information Flow Model combined with Bell Lapadula
B. Bell Lapadula
C. Biba
D. Information Flow Model
A
223
QUESTION NO: 223
Which of the following is a reasonable response from the Intrusion Detection System (IDS) when
it detects Internet Protocol (IP) packets where the IP source address and port is the same as the
destination IP address and port?
A. Allow the packet to be processed by the network and record the event
B. Record selected information about the packets and drop the packets
C. Resolve the destination address and process the packet
D. Translate the source address and resend the packet
B
224
QUESTION NO: 224
What is the BEST definition of SQL injection.
A. SQL injection is a database problem.
B. SQL injection is a web Server problem.
C. SQL injection is a windows and Linux website problem that could be corrected by applying a
website vendors patch.
D. SQL injection is an input validation problem.
D
225
QUESTION NO: 225
You are a security consultant who is required to perform penetration testing on a client's network.
During penetration testing, you are required to use a compromised system to attack other systems
on the network to avoid network restrictions like firewalls. Which method would you use in this
scenario:
A. Black box Method
B. Pivoting method
C. White Box Method.
D. Grey Box Method
B
226
QUESTION NO: 226
Which answer best describes a computer software attack that takes advantage of a previously
unpublished vulnerability?
A. Zero-Day Attack
B. Exploit Attack
C. Vulnerability Attack
D. Software Crack
A
227
QUESTION NO: 227
Data which is properly secured and can be described with terms like genuine or not corrupted from
the original refers to data that has a high level of what?
A. Authenticity
B. Authorization
C. Availability
D. Non-Repudiation
A
228
QUESTION NO: 228
Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?
A. Logon Banners
B. Wall poster
C. Employee Handbook
D. Written agreement
D
229
QUESTION NO: 229
A Differential backup process will:
A. Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1
B. Backs up data labeled with archive bit 1 and changes the data label to archive bit 0
C. Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0
D. Backs up data labeled with archive bit 0 and changes the data label to archive bit 1
A
230
QUESTION NO: 230
When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason?
A. Human error
B. The Windows Operating system
C. Insecure programming languages
D. Insecure Transport Protocols
A
231
QUESTION NO: 231
Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE
standards that describe technologies at that layer?
A. LCL and MAC; IEEE 8022 and 8023
B. LCL and MAC; IEEE 8021 and 8023
C. Network and MAC; IEEE 8021 and 8023
A
232
QUESTION NO: 232
Which of the following is NOT part of user provisioning?
A. Creation and deactivation of user accounts
B. Business process implementation
C. Maintenance and deactivation of user objects and attributes
D. Delegating user administration
B
233
QUESTION NO: 233
Which of the following answers best describes the type of penetration testing where the analyst
has full knowledge of the network on which he is going to perform his test?
A. White-Box Penetration Testing
B. Black-Box Pen Testing
C. Penetration Testing
D. Gray-Box Pen Testing
A
234
QUESTION NO: 234
Which access control method allows the data owner (the person who created the file) to control
access to the information they own?
A. DAC - Discretionary Access Control
B. MAC - Mandatory Access Control
C. RBAC - Role-Based Access Control
D. NDAC - Non-Discretionary Access Control
A
235
QUESTION NO: 235
Suppose you are a domain administrator and are choosing an employee to carry out backups.
Which access control method do you think would be best for this scenario?
A. RBAC - Role-Based Access Control
B. MAC - Mandatory Access Control
C. DAC - Discretionary Access Control
D. RBAC - Rule-Based Access Control
A
236
QUESTION NO: 236
Of the seven types of Access Control Categories, which is described as such?
Designed to specify rules of acceptable behavior in the organization.
Example: Policy stating that employees may not spend time on social media websites
A. Directive Access Control
B. Deterrent Access Control
C. Preventive Access Control
D. Detective Access Control
A
237
QUESTION NO: 237
Which of the following is NOT a disadvantage of Single Sign On (SSO)?
A. Support for all major operating system environment is difficult
B. The cost associated with SSO development can be significant
C. SSO could be single point of failure and total compromise of an organization asset
D. SSO improves an administrator's ability to manage user's account and authorization to all
associated system
D
238
QUESTION NO: 238
You are a manager for a large international bank and periodically move employees between
positions in your department. What is this process called?
A. Job Rotation
B. Separation of Duties
C. Mandatory Rotations
D. Dual Control
A
239
QUESTION NO: 239
Which of the following control is intended to discourage a potential attacker?
A. Deterrent
B. Preventive
C. Corrective
D. Recovery
A
240
QUESTION NO: 240
Which of the following security control is intended to avoid an incident from occurring?
A. Deterrent
B. Preventive
C. Corrective
D. Recovery
B
241
QUESTION NO: 241
Which of the following control helps to identify an incident’s activities and potentially an intruder?
A. Deterrent
B. Preventive
C. Detective
D. Compensating
C
242
QUESTION NO: 242
Which of the following is NOT an example of preventive control?
A. Physical access control like locks and door
B. User login screen which allows only authorize user to access website
C. Encrypt the data so that only authorize user can view the same
D. Duplicate checking of a calculations
D
243
QUESTION NO: 243
Which of the following is NOT an example of corrective control?
A. OS Upgrade
B. Backup and restore
C. Contingency planning
D. System Monitoring
D
244
QUESTION NO: 244
Which of the following is NOT an example of a detective control?
A. System Monitor
B. IDS
C. Monitor detector
D. Backup data restore
D
245
QUESTION NO: 245
During an IS audit, auditor has observed that authentication and authorization steps are split into
two functions and there is a possibility to force the authorization step to be completed before the
authentication step. Which of the following technique an attacker could user to force authorization
step before authentication?
A. Eavesdropping
B. Traffic analysis
C. Masquerading
D. Race Condition
D
246
QUESTION NO: 246
Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)?
A. Eavesdropping
B. Traffic analysis
C. Masquerading
D. Race Condition
D
247
QUESTION NO: 247
Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST
accepted by users?
A. Palm Scan
B. Hand Geometry
C. Fingerprint
D. Retina scan
D
248
QUESTION NO: 248
During an IS audit, one of your auditor has observed that some of the critical servers in your
organization can be accessed ONLY by using shared/common user name and password. What
should be the auditor's PRIMARY concern be with this approach?
A. Password sharing
B. Accountability
C. Shared account management
D. Difficulty in auditing shared account
B
249
QUESTION NO: 249
Which of the following testing method examines the functionality of an application without peering
into its internal structure or knowing the details of it's internals?
A. Black-box testing
B. Parallel Test
C. Regression Testing
D. Pilot Testing
A
250
QUESTION NO: 250
Which of the following testing method examines internal structure or working of an application?
A. White-box testing
B. Parallel Test
C. Regression Testing
D. Pilot Testing
A
251
QUESTION NO: 251
Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing
the context or state of the request?
A. ICMP
B. TCP
C. UDP
D. IP
B
252
QUESTION NO: 252
When referring to the data structures of a packet, the term Protocol Data Unit (PDU) is used, what
is the proper term to refer to a single unit of TCP data at the transport layer?
A. TCP segment.
B. TCP datagram.
C. TCP frame.
D. TCP packet.
A
253
QUESTION NO: 253
How do you distinguish between a bridge and a router?
A. A bridge simply connects multiple networks, a router examines each packet to determine which
network to forward it to.
B. "Bridge" and "router" are synonyms for equipment used to join two networks.
C. The bridge is a specific type of router used to connect a LAN to the global Internet.
D. The bridge connects multiple networks at the data link layer, while router connects multiple
networks at the network layer.
D
254
QUESTION NO: 254
ICMP and IGMP belong to which layer of the OSI model?
A. Datagram Layer.
B. Network Layer.
C. Transport Layer.
D. Data Link Layer.
B
255
QUESTION NO: 255
What is a limitation of TCP Wrappers?
A. It cannot control access to running UDP services.
B. It stops packets before they reach the application layer, thus confusing some proxy servers.
C. The hosts.* access control system requires a complicated directory tree.
D. They are too expensive.
A
256
QUESTION NO: 256
The IP header contains a protocol field. If this field contains the value of 1, what type of data is
contained within the IP datagram?
A. TCP.
B. ICMP.
C. UDP.
D. IGMP.
B
257
QUESTION NO: 257
The IP header contains a protocol field. If this field contains the value of 2, what type of data is
contained within the IP datagram?
A. TCP.
B. ICMP.
C. UDP.
D. IGMP.
D
258
QUESTION NO: 258
What is the proper term to refer to a single unit of IP data?
A. IP segment.
B. IP datagram.
C. IP frame.
D. IP fragment.
B
259
QUESTION NO: 259
A packet containing a long string of NOP's followed by a command is usually indicative of what?
A. A syn scan.
B. A half-port scan.
C. A buffer overflow attack.
D. A packet destined for the network's broadcast address.
C
260
QUESTION NO: 260
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized
by classes. Which of the following would have been true of a Class C network?
A. The first bit of the IP address would be set to zero.
B. The first bit of the IP address would be set to one and the second bit set to zero.
C. The first two bits of the IP address would be set to one, and the third bit set to zero.
D. The first three bits of the IP address would be set to one.
C
261
QUESTION NO: 261
Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a
valid address to use on the Internet)?
A. 192.168.42.5
B. 192.166.42.5
C. 192.175.42.5
D. 192.1.42.5
A
262
QUESTION NO: 262
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized
by classes. Which of the following would have been true of a Class A network?
A. The first bit of the IP address would be set to zero.
B. The first bit of the IP address would be set to one and the second bit set to zero.
C. The first two bits of the IP address would be set to one, and the third bit set to zero.
D. The first three bits of the IP address would be set to one.
A
263
QUESTION NO: 263
Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a
valid address to use on the Internet)?
A. 10.0.42.5
B. 11.0.42.5
C. 12.0.42.5
D. 13.0.42.5
A
264
QUESTION NO: 264
Which one of the following authentication mechanisms creates a problem for mobile users?
A. Mechanisms based on IP addresses
B. Mechanism with reusable passwords
C. one-time password mechanism.
D. challenge response mechanism.
A
265
QUESTION NO: 265
Which of the following media is MOST resistant to tapping?
A. microwave.
B. twisted pair.
C. coaxial cable.
D. fiber optic.
D
266
QUESTION NO: 266
Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has
external connections by filtering Ingress and Egress traffic?
A. a firewall.
B. dial-up.
C. passwords.
D. fiber optics.
A
267
QUESTION NO: 267
Which one of the following is usually not a benefit resulting from the use of firewalls?
A. reduces the risks of external threats from malicious hackers.
B. prevents the spread of viruses.
C. reduces the threat level on internal system.
D. allows centralized management and control of services.
B
268
QUESTION NO: 268
Which of the following DoD Model layer provides non-repudiation services?
A. network layer.
B. application layer.
C. transport layer.
D. data link layer.
B
269
QUESTION NO: 269
What is the 802.11 standard related to?
A. Public Key Infrastructure (PKI)
B. Wireless network communications
C. Packet-switching technology
D. The OSI/ISO model
B
270
QUESTION NO: 270
Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a
program located in another computer in a network. Within which OSI/ISO layer is RPC
implemented?
A. Session layer
B. Transport layer
C. Data link layer
D. Network layer
A
271
QUESTION NO: 271
Frame relay and X.25 networks are part of which of the following?
A. Circuit-switched services
B. Cell-switched services
C. Packet-switched services
D. Dedicated digital services
C
272
QUESTION NO: 272
Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided?
A. Data Link
B. Transport
C. Presentation
D. Application
A
273
QUESTION NO: 273
In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP
provided?
A. Transport
B. Network
C. Presentation
D. Application
A
274
QUESTION NO: 274
Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User
Datagram Protocol (UDP)?
A. TCP is connection-oriented, UDP is not.
B. UDP provides for Error Correction, TCP does not.
C. UDP is useful for longer messages, rather than TCP.
D. TCP does not guarantee delivery of data, while UDP does guarantee data delivery.
A
275
QUESTION NO: 275
The standard server port number for HTTP is which of the following?
A. 81
B. 80
C. 8080
D. 8180
B
276
QUESTION NO: 276
Looking at the choices below, which ones would be the most suitable protocols/tools for securing
e-mail?
A. PGP and S/MIME
B. IPsec and IKE
C. TLS and SSL
D. SSH
A
277
QUESTION NO: 277
Which of the following are suitable protocols for securing VPN connections at the lower layers of
the OSI model?
A. S/MIME and SSH
B. TLS and SSL
C. IPsec and L2TP
D. PKCS#10 and X.509
C
278
QUESTION NO: 278
What is the role of IKE within the IPsec protocol?
A. peer authentication and key exchange
B. data encryption
C. data signature
D. enforcing quality of service
A
279
QUESTION NO: 279
What is NOT an authentication method within IKE and IPSec?
A. CHAP
B. Pre shared key
C. certificate based authentication
D. Public key authentication
A
280
QUESTION NO: 280
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
A. Pre shared key authentication is normally based on simple passwords
B. Needs a Public Key Infrastructure (PKI) to work
C. IKE is used to setup Security Associations
D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
B
281
QUESTION NO: 281
In SSL/TLS protocol, what kind of authentication is supported when you establish a secure
session between a client and a server?
A. Peer-to-peer authentication
B. Only server authentication (optional)
C. Server authentication (mandatory) and client authentication (optional)
D. Role based authentication scheme
C
282
QUESTION NO: 282
What kind of encryption is realized in the S/MIME-standard?
A. Asymmetric encryption scheme
B. Password based encryption scheme
C. Public key based, hybrid encryption scheme
D. Elliptic curve based encryption
C
283
QUESTION NO: 283
Which of the following is true of network security?
A. A firewall is a not a necessity in today's connected world.
B. A firewall is a necessity in today's connected world.
C. A whitewall is a necessity in today's connected world.
D. A black firewall is a necessity in today's connected world.
B
284
QUESTION NO: 284
Which of the following best describes signature-based detection?
A. Compare source code, looking for events or sets of events that could cause damage to a
system or network.
B. Compare system activity for the behaviour patterns of new attacks.
C. Compare system activity, looking for events or sets of events that match a predefined pattern of
events that describe a known attack.
D. Compare network nodes looking for objects or sets of objects that match a predefined pattern
of objects that may describe a known attack.
C
285
QUESTION NO: 285
Which layer deals with Media Access Control (MAC) addresses?
A. Data link layer
B. Physical layer
C. Transport layer
D. Network layer
A
286
QUESTION NO: 286
What is a decrease in amplitude as a signal propagates along a transmission medium best known
as?
A. Crosstalk
B. Noise
C. Delay distortion
D. Attenuation
D
287
QUESTION NO: 287
Which device acting as a translator is used to connect two networks or applications from layer 4
up to layer 7 of the ISO/OSI Model?
A. Bridge
B. Repeater
C. Router
D. Gateway
D
288
QUESTION NO: 288
In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of
protocols?
A. Transport layer
B. Application layer
C. Physical layer
D. Network layer
A
289
QUESTION NO: 289
Which of the following transmission media would NOT be affected by cross talk or interference?
A. Copper cable
B. Radio System
C. Satellite radiolink
D. Fiber optic cables
D
290
QUESTION NO: 290
What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO
broadcast packet so it seems to have originated at the victim's system, in order to flood it with
REPLY packets?
A. SYN Flood attack
B. Smurf attack
C. Ping of Death attack
D. Denial of Service (DOS) attack
B
291
QUESTION NO: 291
Why are coaxial cables called "coaxial"?
A. it includes two physical channels that carries the signal surrounded (after a layer of insulation)
by another concentric physical channel, both running along the same axis.
B. it includes one physical channel that carries the signal surrounded (after a layer of insulation)
by another concentric physical channel, both running along the same axis
C. it includes two physical channels that carries the signal surrounded (after a layer of insulation)
by another two concentric physical channels, both running along the same axis.
D. it includes one physical channel that carries the signal surrounded (after a layer of insulation)
by another concentric physical channel, both running perpendicular and along the different axis
B
292
QUESTION NO: 292
The International Organization for Standardization / Open Systems Interconnection (ISO/OSI)
Layer 7 does NOT include which of the following?
A. SMTP (Simple Mail Transfer Protocol)
B. TCP (Transmission Control Protocol )
C. SNMP (Simple Network Management Protocol
D. HTTP (Hypertext Transfer Protocol)
B
293
QUESTION NO: 293
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does
NOT have which of the following characteristics?
A. Standard model for network communications
B. Used to gain information from network devices such as count of packets received and routing
tables
C. Enables dissimilar networks to communicate
D. Defines 7 protocol layers (a.k.a. protocol stack)
B
294
QUESTION NO: 294
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is
which of the following?
A. Application Layer
B. Presentation Layer
C. Data Link Layer
D. Network Layer
B
295
QUESTION NO: 295
In telephony different types of connections are being used. The connection from the phone
company's branch office to local customers is referred to as which of the following choices?
A. new loop
B. local loop
C. loopback
D. indigenous loop
B
296
QUESTION NO: 296
Communications and network security relates to transmission of which of the following?
A. voice
B. voice and multimedia
C. data and multimedia
D. voice, data and multimedia
D
297
QUESTION NO: 297
One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec)
A. Data cannot be read by unauthorized parties
B. The identity of all IPsec endpoints are confirmed by other endpoints
C. Data is delivered in the exact order in which it is sent
D. The number of packets being exchanged can be counted.
C
298
QUESTION NO: 298
One of these statements about the key elements of a good configuration process is NOT true
A. Accommodate the reuse of proven standards and best practices
B. Ensure that all requirements remain clear, concise, and valid
C. Control modifications to system hardware in order to prevent resource changes
D. Ensure changes, standards, and requirements are communicated promptly and precisely
C
299
QUESTION NO: 299
One of the following statements about the differences between PPTP and L2TP is NOT true
A. PPTP can run only on top of IP networks.
B. PPTP is an encryption protocol and L2TP is not.
C. L2TP works well with all firewalls and network devices that perform NAT.
D. L2TP supports AAA servers
C
300
QUESTION NO: 300
You have been tasked to develop an effective information classification program. Which one of the
following steps should be performed first?
A. Establish procedures for periodically reviewing the classification and ownership
B. Specify the security controls required for each classification level
C. Identify the data custodian who will be responsible for maintaining the security level of data
D. Specify the criteria that will determine how data is classified
D
301
QUESTION NO: 301
In the course of responding to and handling an incident, you work on determining the root cause of
the incident. In which step are you in?
A. Recovery
B. Containment
C. Triage
D. Analysis and tracking
D
302
QUESTION NO: 302
Which of the following assertions is NOT true about pattern matching and anomaly detection in
intrusion detection?
A. Anomaly detection tends to produce more data
B. A pattern matching IDS can only identify known attacks
C. Stateful matching scans for attack signatures by analyzing individual packets instead of traffic
streams
D. An anomaly-based engine develops baselines of normal traffic activity and throughput, and
alerts on deviations from these baselines
C
303
QUESTION NO: 303
Which of the following is NOT a characteristic of a host-based intrusion detection system?
A. A HIDS does not consume large amounts of system resources
B. A HIDS can analyse system logs, processes and resources
C. A HIDS looks for unauthorized changes to the system
D. A HIDS can notify system administrators when unusual events are identified
A
304
QUESTION NO: 304
Which of the following is NOT a correct notation for an IPv6 address?
A. 2001:0db8:0:0:0:0:1428:57ab
B. ABCD:EF01:2345:6789:
C. ABCD:EF01:2345:6789::1
D. 2001:DB8::8:800::417A
D
305
QUESTION NO: 305
Another example of Computer Incident Response Team (CIRT) activities is:
A. Management of the netware logs, including collection, retention, review, and analysis of data
B. Management of the network logs, including collection and analysis of data
C. Management of the network logs, including review and analysis of data
D. Management of the network logs, including collection, retention, review, and analysis of data
D
306
QUESTION NO: 306
An area of the Telecommunications and Network Security domain that directly affects the
Information Systems Security tenet of Availability can be defined as:
A. Netware availability
B. Network availability
C. Network acceptability
D. Network accountability
A
307
QUESTION NO: 307
Which of the following is the correct set of assurance requirements for EAL 5?
A. Semiformally verified design and tested
B. Semiformally tested and checked
C. Semiformally designed and tested
D. Semiformally verified tested and checked
C
308
QUESTION NO: 308
Which of the following defines when RAID separates the data into multiple units and stores it on
multiple disks?
A. striping
B. scanning
C. screening
D. shadowing
A
309
QUESTION NO: 309
What is the process that RAID Level 0 uses as it creates one large disk by using several disks?
A. striping
B. mirroring
C. integrating
D. clustering
A
310
QUESTION NO: 310
RAID Level 1 mirrors the data from one disk or set of disks using which of the following
techniques?
A. duplicating the data onto another disk or set of disks.
B. moving the data onto another disk or set of disks.
C. establishing dual connectivity to another disk or set of disks.
D. establishing dual addressing to another disk or set of disks.
A
311
QUESTION NO: 311
Which of the following stripes the data and the parity information at the block level across all the
drives in the set?
A. RAID Level 5
B. RAID Level 0
C. RAID Level 2
D. RAID Level 1
A
312
QUESTION NO: 312
A group of independent servers, which are managed as a single system, that provides higher
availability, easier manageability, and greater scalability is:
A. server cluster.
B. client cluster.
C. guest cluster.
D. host cluster.
A
313
QUESTION NO: 313
If any server in the cluster crashes, processing continues transparently, however, the cluster
suffers some performance degradation. This implementation is sometimes called a:
A. server farm
B. client farm
C. cluster farm
D. host farm
A
314
QUESTION NO: 314
Which of the following backup methods is primarily run when time and tape space permits, and is
used for the system archive or baselined tape sets?
A. full backup method.
B. incremental backup method.
C. differential backup method.
D. tape backup method.
A
315
QUESTION NO: 315
Which backup method is used if backup time is critical and tape space is at an extreme premium?
A. Incremental backup method.
B. Differential backup method.
C. Full backup method.
D. Tape backup method.
A
316
QUESTION NO: 316
Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore
has a much longer effective usable length?
A. Fiber Optic cable
B. Coaxial cable
C. Twisted Pair cable
D. Axial cable
A
317
QUESTION NO: 317
Which of the following methods of providing telecommunications continuity involves the use of an
alternative media?
A. Alternative routing
B. Diverse routing
C. Long haul network diversity
D. Last mile circuit protection
A
318
QUESTION NO: 318
Which SERVICE usually runs on port 25?
A. File Transfer Protocol (FTP)
B. Telnet
C. Simple Mail Transfer Protocol (SMTP)
D. Domain Name Service (DNS)
C
319
QUESTION NO: 319
Which port does the Post Office Protocol Version 3 (POP3) make use of?
A. 110
B. 109
C. 139
D. 119
A
320
QUESTION NO: 320
Which of the following are WELL KNOWN PORTS assigned by the IANA?
A. Ports 0 to 255
B. Ports 0 to 1024
C. Ports 0 to 1023
D. Ports 0 to 127
C
321
QUESTION NO: 321
What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T
cable?
A. 80 meters
B. 100 meters
C. 185 meters
D. 500 meters
B
322
QUESTION NO: 322
Secure Sockets Layer (SSL) is very heavily used for protecting which of the following?
A. Web transactions.
B. EDI transactions.
C. Telnet transactions.
D. Electronic Payment transactions.
A
323
QUESTION NO: 323
Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the
TLS Record Protocol and the::
A. Transport Layer Security (TLS) Internet Protocol.
B. Transport Layer Security (TLS) Data Protocol.
C. Transport Layer Security (TLS) Link Protocol.
D. Transport Layer Security (TLS) Handshake Protocol.
D
324
QUESTION NO: 324
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for
encrypting the bulk of the data being sent over the session and it uses asymmetric or public key
cryptography for:
A. Peer Authentication
B. Peer Identification
C. Server Authentication
D. Name Resolution
A
325
QUESTION NO: 325
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
A. message non-repudiation.
B. message confidentiality.
C. message interleave checking.
D. message integrity.
D
326
QUESTION NO: 326
Packet Filtering Firewalls can also enable access for:
A. only authorized application port or service numbers.
B. only unauthorized application port or service numbers.
C. only authorized application port or ex-service numbers.
D. only authorized application port or service integers.
A
327
QUESTION NO: 327
A packet filtering firewall looks at the data packet to get information about the source and
destination addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source
and destination port for the:
A. desired service.
B. dedicated service.
C. delayed service.
D. distributed service.
A
328
QUESTION NO: 328
A Packet Filtering Firewall system is considered a:
A. first generation firewall.
B. second generation firewall.
C. third generation firewall.
D. fourth generation firewall.
A
329
QUESTION NO: 329
Proxies works by transferring a copy of each accepted data packet from one network to another,
thereby masking the:
A. data's payload.
B. data's details.
C. data's owner.
D. data's origin.
D
330
QUESTION NO: 330
An application layer firewall is also called a:
A. Proxy
B. A Presentation Layer Gateway.
C. A Session Layer Gateway.
D. A Transport Layer Gateway.
A
331
QUESTION NO: 331
Application Layer Firewalls operate at the:
A. OSI protocol Layer seven, the Application Layer.
B. OSI protocol Layer six, the Presentation Layer.
C. OSI protocol Layer five, the Session Layer.
D. OSI protocol Layer four, the Transport Layer.
A
332
QUESTION NO: 332
One drawback of Application Level Firewall is that it reduces network performance due to the fact
that it must analyze every packet and:
A. decide what to do with each application.
B. decide what to do with each user.
C. decide what to do with each port.
D. decide what to do with each packet.
D
333
QUESTION NO: 333
A circuit level proxy is ___________________ when compared to an application level proxy.
A. lower in processing overhead.
B. more difficult to maintain.
C. more secure.
D. slower.
A
334
QUESTION NO: 334
In a stateful inspection firewall, data packets are captured by an inspection engine that is
operating at the:
A. Network or Transport Layer.
B. Application Layer.
C. Inspection Layer.
D. Data Link Layer.
A
335
QUESTION NO: 335
When an outgoing request is made on a port number greater than 1023, this type of firewall
creates an ACL to allow the incoming reply on that port to pass:
A. packet filtering
B. CIrcuit level proxy
C. Dynamic packet filtering
D. Application level proxy
C
336
QUESTION NO: 336
A demilitarized zone is:
A. a part of a network perfectly safe from hackers
B. a militarized network segment
C. a firewall
D. the network segment between the Internet and a private network
D
337
QUESTION NO: 337
A DMZ is located:
A. right behind your first Internet facing firewall
B. right in front of your first Internet facing firewall
C. right behind your first network active firewall
D. right behind your first network passive Internet http firewall
A
338
QUESTION NO: 338
The DMZ does not normally contain:
A. encryption server
B. web server
C. external DNS server
D. mail relay
A
339
QUESTION NO: 339
Good security is built on which of the following concept?
A. The concept of a pass-through device that only allows certain traffic in and out
B. The Concept of defense in depth
C. The Concept of Preventative controls
D. The Concept of Defensive Controls
B
340
QUESTION NO: 340
A DMZ is also known as a
A. screened subnet
B. three legged firewall
C. a place to attract hackers
D. bastion host
A
341
QUESTION NO: 341
The Telecommunications Security Domain of information security is also concerned with the
prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of:
A. Confidentiality, Integrity, and Entity (C.I.E.).
B. Confidentiality, Integrity, and Authenticity (C.I.A.).
C. Confidentiality, Integrity, and Availability (C.I.A.).
D. Confidentiality, Integrity, and Liability (C.I.L.).
C
342
QUESTION NO: 342
Network-based Intrusion Detection systems:
A. Commonly reside on a discrete network segment and monitor the traffic on that network
segment.
B. Commonly will not reside on a discrete network segment and monitor the traffic on that network
segment.
C. Commonly reside on a discrete network segment and does not monitor the traffic on that
network segment.
D. Commonly reside on a host and and monitor the traffic on that specific host.
A
343
QUESTION NO: 343
Which of the following are additional terms used to describe knowledge-based IDS and behaviorbased
IDS?
A. signature-based IDS and statistical anomaly-based IDS, respectively.
B. signature-based IDS and dynamic anomaly-based IDS, respectively.
C. anomaly-based IDS and statistical-based IDS, respectively.
D. signature-based IDS and motion anomaly-based IDS, respectively.
A
344
QUESTION NO: 344
Knowledge-based Intrusion Detection Systems (IDS) are more common than:
A. Network-based IDS
B. Host-based IDS
C. Behavior-based IDS
D. Application-Based IDS
C
345
QUESTION NO: 345
Which RAID Level often implements a one-for-one disk to disk ratio?
A. RAID Level 1
B. RAID Level 0
C. RAID Level 2
D. RAID Level 5
A
346
QUESTION NO: 346
Which cable technology refers to the CAT3 and CAT5 categories?
A. Coaxial cables
B. Fiber Optic cables
C. Axial cables
D. Twisted Pair cables
D
347
QUESTION NO: 347
The older coaxial cable has been widely replaced with twisted pair, which is extremely easy to
work with, inexpensive, and also resistant to multiple hosts failure at once, especially when used in
one of the following topology:
A. Token Passing Configuration.
B. Star Configuration.
C. Ring Configuration.
D. Point to Point Configuration.
B
348
QUESTION NO: 348
Which of the following was designed as a more fault-tolerant topology than Ethernet, and very
resilient when properly implemented?
A. Token Link.
B. Token system.
C. Token Ring.
D. Duplicate ring.
C
349
QUESTION NO: 349
Frame relay uses a public switched network to provide:
A. Local Area Network (LAN) connectivity.
B. Metropolitan Area Network (MAN) connectivity.
C. Wide Area Network (WAN) connectivity.
D. World Area Network (WAN) connectivity.
C
350
QUESTION NO: 350
Which of the following items is NOT primarily used to ensure integrity?
A. Cyclic Redundancy Check (CRC)
B. Redundant Array of Inexpensive Disks (RAID) system
C. Hashing Algorithms
D. The Biba Security model
B
351
QUESTION NO: 351
Which of the following is most affected by denial-of-service (DOS) attacks?
A. Confidentiality
B. Integrity
C. Accountability
D. Availability
D
352
QUESTION NO: 352
Which conceptual approach to intrusion detection system is the most common?
A. Behavior-based intrusion detection
B. Knowledge-based intrusion detection
C. Statistical anomaly-based intrusion detection
D. Host-based intrusion detection
B
353
QUESTION NO: 353
Several analysis methods can be employed by an IDS, each with its own strengths and
weaknesses, and their applicability to any given situation should be carefully considered. There
are two basic IDS analysis methods that exists. Which of the basic method is more prone to false
positive?
A. Pattern Matching (also called signature analysis)
B. Anomaly Detection
C. Host-based intrusion detection
D. Network-based intrusion detection
B
354
QUESTION NO: 354
What is the primary purpose of using redundant array of inexpensive disks (RAID) level zero?
A. To improve system performance.
B. To maximize usage of hard disk space.
C. To provide fault tolerance and protection against file server hard disk crashes.
D. To implement integrity.
A
355
QUESTION NO: 355
Which RAID implementation stripes data and parity at block level across all the drives?
A. RAID level 1
B. RAID level 2
C. RAID level 4
D. RAID level 5
D
356
QUESTION NO: 356
Which RAID level concept is considered more expensive and is applied to servers to create what
is commonly known as server fault tolerance?
A. RAID level 0
B. RAID level 1
C. RAID level 2
D. RAID level 5
B
357
QUESTION NO: 357
Which backup method only copies files that have been recently added or changed and also leaves
the archive bit unchanged?
A. Full backup method
B. Incremental backup method
C. Fast backup method
D. Differential backup method
D
358
QUESTION NO: 358
Which backup method does not reset the archive bit on files that are backed up?
A. Full backup method
B. Incremental backup method
C. Differential backup method
D. Additive backup method
C
359
QUESTION NO: 359
Which of the following is a drawback of fiber optic cables?
A. It is affected by electromagnetic interference (EMI).
B. It can easily be tapped.
C. The expertise needed to install it.
D. The limited distance at high speeds.
C
360
QUESTION NO: 360
What refers to legitimate users accessing networked services that would normally be restricted to
them?
A. Spoofing
B. Piggybacking
C. Eavesdropping
D. Logon abuse
D
361
QUESTION NO: 361
What is called an attack in which an attacker floods a system with connection requests but does
not respond when the target system replies to those requests?
A. Ping of death attack
B. SYN attack
C. Smurf attack
D. Buffer overflow attack
B
362
QUESTION NO: 362
Which type of attack involves hijacking a session between a host and a target by predicting the
target's choice of an initial TCP sequence number?
A. IP spoofing attack
B. SYN flood attack
C. TCP sequence number attack
D. Smurf attack
C
363
QUESTION NO: 363
Which OSI/ISO layer defines how to address the physical devices on the network?
A. Session layer
B. Data Link layer
C. Application layer
D. Transport layer
B
364
QUESTION NO: 364
Which layer defines how packets are routed between end systems?
A. Session layer
B. Transport layer
C. Network layer
D. Data link layer
C
365
QUESTION NO: 365
At which of the OSI/ISO model layer is IP implemented?
A. Session layer
B. Transport layer
C. Network layer
D. Data link layer
C
366
QUESTION NO: 366
Which ISO/OSI layer establishes the communications link between individual devices over a
physical link or channel?
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer
C
367
QUESTION NO: 367
Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of?
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer
C
368
QUESTION NO: 368
Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces?
A. Transport layer
B. Network layer
C. Data link layer
D. Physical layer
D
369
QUESTION NO: 369
How many layers are defined within the US Department of Defense (DoD) TCP/IP Model?
A. 7
B. 5
C. 4
D. 3
C
370
QUESTION NO: 370
Which layer of the TCP/IP protocol model defines the IP datagram and handles the routing of data
across networks?
A. Application layer
B. Host-to-host transport layer
C. Internet layer
D. Network access layer
C
371
QUESTION NO: 371
Which layer of the TCP/IP protocol model would best correspond to the OSI/ISO model's network
layer?
A. Network access layer
B. Application layer
C. Host-to-host transport layer
D. Internet layer
D
372
QUESTION NO: 372
Which layer of the DoD TCP/IP model controls the communication flow between hosts?
A. Internet layer
B. Host-to-host transport layer
C. Application layer
D. Network access layer
B
373
QUESTION NO: 373
How many bits compose an IPv6 address?
A. 32 bits
B. 64 bits
C. 96 bits
D. 128 bits
D
374
QUESTION NO: 374
What protocol is used on the Local Area Network (LAN) to obtain an IP address from it's known
MAC address?
A. Reverse address resolution protocol (RARP)
B. Address resolution protocol (ARP)
C. Data link layer
D. Network address translation (NAT)
A
375
QUESTION NO: 375
Which of the following security-focused protocols has confidentiality services operating at a layer
different from the others?
A. Secure HTTP (S-HTTP)
B. FTP Secure (FTPS)
C. Secure socket layer (SSL)
D. Sequenced Packet Exchange (SPX)
A
376
QUESTION NO: 376
Which of the following is the most secure firewall implementation?
A. Dual-homed host firewalls
B. Screened-subnet firewalls
C. Screened-host firewalls
D. Packet-filtering firewalls
B
377
QUESTION NO: 377
Which of the following is NOT a VPN communications protocol standard?
A. Point-to-point tunnelling protocol (PPTP)
B. Challenge Handshake Authentication Protocol (CHAP)
C. Layer 2 tunnelling protocol (L2TP)
D. IP Security
B
378
QUESTION NO: 378
What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at?
A. Data link layer
B. Transport layer
C. Session layer
D. Network layer
A
379
QUESTION NO: 379
Which of the following statements pertaining to VPN protocol standards is false?
A. L2TP is a combination of PPTP and L2F.
B. L2TP and PPTP were designed for single point-to-point client to server communication.
C. L2TP operates at the network layer.
D. PPTP uses native PPP authentication and encryption services.
C
380
QUESTION NO: 380
Which IPSec operational mode encrypts the entire data packet (including header and data) into an
IPSec packet?
A. Authentication mode
B. Tunnel mode
C. Transport mode
D. Safe mode
B
381
QUESTION NO: 381
Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1
Gbps) according to the EIA/TIA-568-B standards?
A. Category 5e UTP
B. Category 2 UTP
C. Category 3 UTP
D. Category 1e UTP
A
382
QUESTION NO: 382
In which LAN transmission method is a source packet copied and sent to specific multiple
destinations but not ALL of the destinations on the network?
A. Overcast
B. Unicast
C. Multicast
D. Broadcast
C
383
QUESTION NO: 383
Which of the following can prevent hijacking of a web session?
A. RSA
B. SET
C. SSL
D. PPP
C
384
QUESTION NO: 384
What is defined as the rules for communicating between computers on a Local Area Network
(LAN)?
A. LAN Media Access methods
B. LAN topologies
C. LAN transmission methods
D. Contention Access Control
A
385
QUESTION NO: 385
Which of the following is a LAN transmission method?
A. Broadcast
B. Carrier-sense multiple access with collision detection (CSMA/CD)
C. Token ring
D. Fiber Distributed Data Interface (FDDI)
A
386
QUESTION NO: 386
In what LAN topology do all the transmissions of the network travel the full length of cable and are
received by all other stations?
A. Bus topology
B. Ring topology
C. Star topology
D. FDDI topology
A
387
QUESTION NO: 387
Which of the following IEEE standards defines the token ring media access method?
A. 802.3
B. 802.11
C. 802.5
D. 802.2
C
388
QUESTION NO: 388
Which of the following LAN devices only operates at the physical layer of the OSI/ISO model?
A. Switch
B. Bridge
C. Hub
D. Router
C
389
QUESTION NO: 389
Which of the following technologies has been developed to support TCP/IP networking over lowspeed
serial interfaces?
A. ISDN
B. SLIP
C. xDSL
D. T1
B
390
QUESTION NO: 390
Which xDSL flavour, appropriate for home or small offices, delivers more bandwidth downstream
than upstream and over longer distance?
A. VDSL
B. SDSL
C. ADSL
D. HDSL
C
391
QUESTION NO: 391
Which of the following services is provided by S-RPC?
A. Availability
B. Accountability
C. Integrity
D. Authentication
D
392
QUESTION NO: 392
What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1
facility?
A. DS-0
B. DS-1
C. DS-2
D. DS-3
B
393
QUESTION NO: 393
Which of the following is the biggest concern with firewall security?
A. Internal hackers
B. Complex configuration rules leading to misconfiguration
C. Buffer overflows
D. Distributed denial of service (DDOS) attacks
B
394
QUESTION NO: 394
Which of the following is the simplest type of firewall?
A. Stateful packet filtering firewall
B. Packet filtering firewall
C. Dual-homed host firewall
D. Application gateway
B
395
QUESTION NO: 395
Which of the following devices enables more than one signal to be sent out simultaneously over
one physical circuit?
A. Router
B. Multiplexer
C. Channel service unit/Data service unit (CSU/DSU)
D. Wan switch
B
396
QUESTION NO: 396
Which of the following is NOT an advantage that TACACS+ has over TACACS?
A. Event logging
B. Use of two-factor password authentication
C. User has the ability to change his password
D. Ability for security tokens to be resynchronized
A
397
QUESTION NO: 397
Which of the following remote access authentication systems is the most robust?
A. TACACS+
B. RADIUS
C. PAP
D. TACACS
A
398
QUESTION NO: 398
Which of the following is true about link encryption?
A. Each entity has a common key with the destination node.
B. Encrypted messages are only decrypted by the final node.
C. This mode does not provide protection if anyone of the nodes along the transmission path is
compromised.
D. Only secure nodes are used in this type of transmission.
C
399
QUESTION NO: 399
Which of the following protects Kerberos against replay attacks?
A. Tokens
B. Passwords
C. Cryptography
D. Time stamps
D
400
QUESTION NO: 400
Which of the following offers security to wireless communications?
A. S-WAP
B. WTLS
C. WSP
D. WDP
B
401
QUESTION NO: 401
Which of the following offers confidentiality to an e-mail message?
A. The sender encrypting it with its private key.
B. The sender encrypting it with its public key.
C. The sender encrypting it with the receiver's public key.
D. The sender encrypting it with the receiver's private key.
C
402
QUESTION NO: 402
Which of the following is a Wide Area Network that was originally funded by the Department of
Defense, which uses TCP/IP for data interchange?
A. the Internet.
B. the Intranet.
C. the extranet.
D. the Ethernet.
A
403
QUESTION NO: 403
An intranet is an Internet-like logical network that uses:
A. a firm's internal, physical network infrastructure.
B. a firm's external, physical network infrastructure.
C. a firm's external, physical netBIOS infrastructure.
D. a firm's internal, physical netBIOS infrastructure.
A
404
QUESTION NO: 404
An intranet provides more security and control than which of the following:
A. private posting on the Internet.
B. public posting on the Ethernet.
C. public posting on the Internet.
D. public posting on the Extranet.
C
405
```
QUESTION NO: 405
Which of the following Common Data Network Services is used to share data files and
subdirectories on file servers?
A. File services.
B. Mail services.
C. Print services.
D. Client/Server services.
```
A
406
QUESTION NO: 406
Which of the following Common Data Network Services is used to send and receive email
internally or externally through an email gateway device?
A. File services.
B. Mail services.
C. Print services.
D. Client/Server services.
B
407
158.
Asynchronous Communication transfers data by sending:
A. bits of data sequentially
B. bits of data sequentially in irregular timing patterns
C. bits of data in sync with a heartbeat or clock
D. bits of data simultaneously
B
408
QUESTION NO: 407
Communications devices must operate:
A. at different speeds to communicate.
B. at the same speed to communicate.
C. at varying speeds to interact.
D. at high speed to interact.
B
409
QUESTION NO: 408
The basic language of modems and dial-up remote access systems is:
A. Asynchronous Communication.
B. Synchronous Communication.
C. Asynchronous Interaction.
D. Synchronous Interaction.
A
410
QUESTION NO: 409
Which of the following Common Data Network Services is used to print documents to a shared
printer or a print queue/spooler?
A. Mail services.
B. Print services.
C. Client/Server services.
D. Domain Name Service.
B
411
162
Which of the following Common Data Network Services allocates computing power resources
among workstations with some shared resources centralized on a server?
A. Print services
B. File services
C. Client/Server services
D. Domain Name Service
C
412
QUESTION NO: 410
Domain Name Service is a distributed database system that is used to map:
A. Domain Name to IP addresses.
B. MAC addresses to domain names.
C. MAC Address to IP addresses.
D. IP addresses to MAC Addresses.
A
413
164.
The Domain Name System (DNS) is a global network of:
A. servers that provide these Domain Name Services.
B. clients that provide these Domain Name Services.
C. hosts that provide these Domain Name Services.
D. workstations that provide these Domain Name Services.
A
414
QUESTION NO: 411
The communications products and services, which ensure that the various components of a
network (such as devices, protocols, and access methods) work together refers to:
A. Netware Architecture.
B. Network Architecture.
C. WAN Architecture.
D. Multiprotocol Architecture.
B
415
QUESTION NO: 412
Unshielded Twisted Pair cabling is a:
A. four-pair wire medium that is used in a variety of networks.
B. three-pair wire medium that is used in a variety of networks.
C. two-pair wire medium that is used in a variety of networks.
D. one-pair wire medium that is used in a variety of networks.
A
416
QUESTION NO: 413
In the UTP category rating, the tighter the wind:
A. the higher the rating and its resistance against interference and crosstalk.
B. the slower the rating and its resistance against interference and attenuation.
C. the shorter the rating and its resistance against interference and attenuation.
D. the longer the rating and its resistance against interference and attenuation.
A
417
QUESTION NO: 414
What works as an E-mail message transfer agent?
A. SMTP
B. SNMP
C. S-RPC
D. S/MIME
A
418
QUESTION NO: 415
Which of the following statements pertaining to packet switching is incorrect?
A. Most data sent today uses digital signals over network employing packet switching.
B. Messages are divided into packets.
C. All packets from a message travel through the same route.
D. Each network node or point examines each packet for routing.
C
419
QUESTION NO: 416
All hosts on an IP network have a logical ID called a(n):
A. IP address.
B. MAC address.
C. TCP address.
D. Datagram address.
A
420
171.
An Ethernet address is composed of how many bits?
A. 48-bit address
B. 32-bit address.
C. 64-bit address
D. 128-bit address
A
421
QUESTION NO: 417
Address Resolution Protocol (ARP) interrogates the network by sending out a?
A. broadcast.
B. multicast.
C. unicast.
D. semicast.
A
422
QUESTION NO: 418
When a station communicates on the network for the first time, which of the following protocol
would search for and find the Internet Protocol (IP) address that matches with a known Ethernet
address?
A. Address Resolution Protocol (ARP).
B. Reverse Address Resolution Protocol (RARP).
C. Internet Control Message protocol (ICMP).
D. User Datagram Protocol (UDP).
B
423
QUESTION NO: 419
Which protocol's primary function is to facilitate file and directory transfer between two machines?
A. Telnet.
B. File Transfer Protocol (FTP).
C. Trivial File Transfer Protocol (TFTP).
D. Simple Mail Transfer Protocol (SMTP)
B
424
QUESTION NO: 420
What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol
(TFTP)?
A. It is too complex to manage user access restrictions under TFTP
B. Due to the inherent security risks
C. It does not offer high level encryption like FTP
D. It cannot support the Lightwight Directory Access Protocol (LDAP)
B
425
QUESTION NO: 421
Which protocol is used to send email?
A. File Transfer Protocol (FTP).
B. Post Office Protocol (POP).
C. Network File System (NFS).
D. Simple Mail Transfer Protocol (SMTP).
D
426
QUESTION NO: 422
Which of the following best describes the Secure Electronic Transaction (SET) protocol?
A. Originated by VISA and MasterCard as an Internet credit card protocol using Message
Authentication Code.
B. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures.
C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport
layer.
D. Originated by VISA and American Express as an Internet credit card protocol using SSL.
B
427
QUESTION NO: 423
Which of the following protocols is designed to send individual messages securely?
A. Kerberos
B. Secure Electronic Transaction (SET).
C. Secure Sockets Layer (SSL).
D. Secure HTTP (S-HTTP).
D
428
QUESTION NO: 424
Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the
OSI model?
A. Application Layer.
B. Transport Layer.
C. Session Layer.
D. Network Layer.
A
429
QUESTION NO: 425
Which of the following statements pertaining to IPSec is incorrect?
A. IPSec can help in protecting networks from some of the IP network attacks.
B. IPSec provides confidentiality and integrity to information transferred over IP networks through
transport layer encryption and authentication.
C. IPSec protects against man-in-the-middle attacks.
D. IPSec protects against spoofing.
B
430
QUESTION NO: 426
Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?
A. The source and destination addresses, protocols, and ports contained in the IP packet header
are the only information that is available to the router in making a decision whether or not to permit
traffic access to an internal network.
B. They don't protect against IP or DNS address spoofing.
C. They do not support strong user authentication.
D. They are appropriate for medium-risk environment.
D
431
QUESTION NO: 427
In order to ensure the privacy and integrity of the data, connections between firewalls over public
networks should use:
A. Screened subnets
B. Digital certificates
C. An encrypted Virtual Private Network
D. Encryption
C
432
QUESTION NO: 428
Which of the following protocols does not operate at the data link layer (layer 2)?
A. PPP
B. RARP
C. L2F
D. ICMP
D
433
QUESTION NO: 429
Which of the following protocols operates at the session layer (layer 5)?
A. RPC
B. IGMP
C. LPD
D. SPX
A
434
QUESTION NO: 430
Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)?
A. Host-to-host layer
B. Internet layer
C. Network access layer
D. Session layer
B
435
QUESTION NO: 431
Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline,
error notification, orderly delivery of frames, and optional flow control?
A. Physical
B. Data link
C. Network
D. Session
B
436
QUESTION NO: 432
The Logical Link Control sub-layer is a part of which of the following?
A. The ISO/OSI Data Link layer
B. The Reference monitor
C. The Transport layer of the TCP/IP stack model
D. Change management control
A
437
QUESTION NO: 433
Which of the following services relies on UDP?
A. FTP
B. Telnet
C. DNS
D. SMTP
C
438
QUESTION NO: 434
Which of the following is not a common weakness of packet filtering firewalls?
A. Vulnerability to denial-of-service and related attacks.
B. Vulnerability to IP spoofing.
C. Limited logging functionality.
D. No support for advanced user authentication schemes.
A
439
QUESTION NO: 435
Which Network Address Translation (NAT) is the most convenient and secure solution?
A. Hiding Network Address Translation
B. Port Address Translation
C. Dedicated Address Translation
D. Static Address Translation
B
440
QUESTION NO: 436
What is the primary difference between FTP and TFTP?
A. Speed of negotiation
B. Authentication
C. Ability to automate
D. TFTP is used to transfer configuration files to and from network equipment.
B
441
QUESTION NO: 437
Which of the following cable types is limited in length to 185 meters?
A. 10BaseT
B. RG8
C. RG58
D. 10Base5
C
442
QUESTION NO: 438
In a SSL session between a client and a server, who is responsible for generating the master
secret that will be used as a seed to generate the symmetric keys that will be used during the
session?
A. Both client and server
B. The client's browser
C. The web server
D. The merchant's Certificate Server
B
443
QUESTION NO: 439
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is
incorrect?
A. PPTP allow the tunnelling of any protocols that can be carried within PPP.
B. PPTP does not provide strong encryption.
C. PPTP does not support any token-based authentication method for users.
D. PPTP is derived from L2TP.
D
444
QUESTION NO: 440
During the initial stage of configuration of your firewall, which of the following rules appearing in an
Internet firewall policy is inappropriate?
A. The firewall software shall run on a dedicated computer.
B. Appropriate firewall documentation and a copy of the rulebase shall be maintained on offline
storage at all times.
C. The firewall shall be configured to deny all services not expressly permitted.
D. The firewall should be tested online first to validate proper configuration.
D
445
QUESTION NO: 441
SMTP can best be described as:
A. a host-to-host email protocol.
B. an email retrieval protocol.
C. a web-based e-mail reading protocol.
D. a standard defining the format of e-mail messages.
A
446
QUESTION NO: 442
Which of the following is not a security goal for remote access?
A. Reliable authentication of users and systems
B. Protection of confidential data
C. Easy to manage access control to systems and network resources
D. Automated login for remote users
D
447
QUESTION NO: 443
What attack involves the perpetrator sending spoofed packet(s) wich contains the same
destination and source IP address as the remote host, the same port for the source and
destination, having the SYN flag, and targeting any open ports that are open on the remote host?
A. Boink attack
B. Land attack
C. Teardrop attack
D. Smurf attack
B
448
199.
Which of the following is NOT a component of IPSec?
A. Authentication Header
B. Encapsulating Security Payload
C. Key Distribution Center
D. Internet Key Exchange
C
449
QUESTION NO: 444
Which of the following statements pertaining to IPSec is incorrect?
A. A security association has to be defined between two IPSec systems in order for bi-directional
communication to be established.
B. Integrity and authentication for IP datagrams are provided by AH.
C. ESP provides for integrity, authentication and encryption to IP datagrams.
D. In transport mode, ESP only encrypts the data payload of each packet.
A
450
QUESTION NO: 445
Which of the following statements pertaining to packet filtering is incorrect?
A. It is based on ACLs.
B. It is not application dependent.
C. It operates at the network layer.
D. It keeps track of the state of a connection.
D
451
QUESTION NO: 446
Which of the following is a method of multiplexing data where a communication channel is divided
into an arbitrary number of variable bit-rate digital channels or data streams. This method
allocates bandwidth dynamically to physical channels having information to transmit?
A. Time-division multiplexing
B. Asynchronous time-division multiplexing
C. Statistical multiplexing
D. Frequency division multiplexing
C
452
QUESTION NO: 447
If an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its
information system from the Internet:
A. It should be host-based and installed on the most critical system in the DMZ, between the
external router and the firewall.
B. It should be network-based and installed in the DMZ, between the external router and the
firewall.
C. It should be network-based and installed between the firewall to the DMZ and the intranet.
D. It should be host-based and installed between the external router and the Internet.
B
453
QUESTION NO: 448
Why is infrared generally considered to be more secure to eavesdropping than multidirectional
radio transmissions?
A. Because infrared eavesdropping requires more sophisticated equipment.
B. Because infrared operates only over short distances.
C. Because infrared requires direct line-of-sight paths.
D. Because infrared operates at extra-low frequencies (ELF).
C
454
```
QUESTION NO: 449
Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving
force of IPSec. Authentication Headers (AH) provides the following service except:
```
A. Authentication
B. Integrity
C. Replay resistance and non-repudiations
D. Confidentiality
D
455
QUESTION NO: 450
In IPSec, if the communication is to be gateway-to-gateway or host-to-gateway:
A. Tunnel mode of operation is required
B. Only transport mode can be used
C. Encapsulating Security Payload (ESP) authentication must be used
D. Both tunnel and transport mode can be used
A
456
QUESTION NO: 451
Which of the following is NOT true about IPSec Tunnel mode?
A. Fundamentally an IP tunnel with encryption and authentication
B. Works at the Transport layer of the OSI model
C. Have two sets of IP headers
D. Established for gateway service
B
457
QUESTION NO: 452
Which of the following statements is NOT true of IPSec Transport mode?
A. It is required for gateways providing access to internal systems
B. Set-up when end-point is host or communications terminates at end-points
C. If used in gateway-to-host communication, gateway must act as host
D. When ESP is used for the security protocol, the hash is only applied to the upper layer
protocols contained in the packet
A
458
QUESTION NO: 453
Which of the following statements pertaining to firewalls is incorrect?
A. Firewalls create bottlenecks between the internal and external network.
B. Firewalls allow for centralization of security services in machines optimized and dedicated to
the task.
C. Firewalls protect a network at all layers of the OSI models.
D. Firewalls are used to create security checkpoints at the boundaries of private networks.
C
459
QUESTION NO: 454
Which of the following is an extension to Network Address Translation that permits multiple
devices providing services on a local area network (LAN) to be mapped to a single public IP
address?
A. IP Spoofing
B. IP subnetting
C. Port address translation
D. IP Distribution
C
460
QUESTION NO: 455
At which OSI/ISO layer is an encrypted authentication between a client software package and a
firewall performed?
A. Network layer
B. Session layer
C. Transport layer
D. Data link layer
C
461
QUESTION NO: 456
Which of the following can best eliminate dial-up access through a Remote Access Server as a
hacking vector?
A. Using a TACACS+ server.
B. Installing the Remote Access Server outside the firewall and forcing legitimate users to
authenticate to the firewall.
C. Setting modem ring count to at least 5.
D. Only attaching modems to non-networked hosts.
B
462
QUESTION NO: 457
Which of the following was designed to support multiple network types over the same serial link?
A. Ethernet
B. SLIP
C. PPP
D. PPTP
C
463
QUESTION NO: 458
What is an IP routing table?
A. A list of IP addresses and corresponding MAC addresses.
B. A list of station and network addresses with corresponding gateway IP address.
C. A list of host names and corresponding IP addresses.
D. A list of current network interfaces on which IP routing is enabled.
B
464
QUESTION NO: 459
Which of the following should be allowed through a firewall to easy communication and usage by
users?
A. RIP
B. IGRP
C. DNS
D. OSPF
C
465
QUESTION NO: 460
Which of the following was developed as a simple mechanism for allowing simple network
terminals to load their operating system from a server over the LAN?
A. DHCP
B. BootP
C. DNS
D. ARP
B
466
QUESTION NO: 461
What is the greatest danger from DHCP?
A. An intruder on the network impersonating a DHCP server and thereby misconfiguring the
DHCP clients.
B. Having multiple clients on the same LAN having the same IP address.
C. Having the wrong router used as the default gateway.
D. Having the organization's mail server unreachable.
A
467
QUESTION NO: 462
Which of the following allows two computers to coordinate in executing software?
A. RSH
B. RPC
C. NFS
D. SNMP
B
468
QUESTION NO: 463
Which of the following should NOT normally be allowed through a firewall?
A. SNMP
B. SMTP
C. HTTP
D. SSH
A
469
QUESTION NO: 464
Which of the following NAT firewall translation modes allows a large group of internal clients to
share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities
when communicating with external hosts?
A. Static translation
B. Load balancing translation
C. Network redundancy translation
D. Dynamic translation
D
470
QUESTION NO: 465
Which of the following NAT firewall translation modes offers no protection from hacking attacks to
an internal host using this functionality?
A. Network redundancy translation
B. Load balancing translation
C. Dynamic translation
D. Static translation
D
471
QUESTION NO: 466
Which of the following is the primary security feature of a proxy server?
A. Virus Detection
B. URL blocking
C. Route blocking
D. Content filtering
D
472
QUESTION NO: 467
Which of the following is an advantage of proxies?
A. Proxies provide a single point of access, control, and logging.
B. Proxies must exist for each service.
C. Proxies create a single point of failure.
D. Proxies do not protect the base operating system.
A
473
QUESTION NO: 468
Which of the following packets should NOT be dropped at a firewall protecting an organization's
internal network?
A. Inbound packets with Source Routing option set
B. Router information exchange protocols
C. Inbound packets with an internal address as the source IP address
D. Outbound packets with an external destination IP address
D
474
QUESTION NO: 469
Why does fiber optic communication technology have significant security advantage over other
transmission technology?
A. Higher data rates can be transmitted.
B. Interception of data traffic is more difficult.
C. Traffic analysis is prevented by multiplexing.
D. Single and double-bit errors are correctable.
B
475
QUESTION NO: 470
Another name for a VPN is a:
A. tunnel
B. one-time password
C. pipeline
D. bypass
A
476
QUESTION NO: 471
Which one of the following is used to provide authentication and confidentiality for e-mail
messages?
A. Digital signature
B. PGP
C. IPSEC AH
D. MD4
B
477
QUESTION NO: 472
Which of the following media is MOST resistant to EMI interference?
A. microwave
B. fiber optic
C. twisted pair
D. coaxial cable
B
478
QUESTION NO: 473
Which of the following is NOT a way to secure a wireless network?
A. Disable broadcast of SSID within AP`s configuration
B. Change AP's default values
C. Put the access points (AP) in a location protected by a firewall
D. Give AP's descriptive names
D
479
QUESTION NO: 474
Behavioral-based systems are also known as?
A. Profile-based systems
B. Pattern matching systems
C. Misuse detective systems
D. Rule-based IDS
A
480
QUESTION NO: 475
This OSI layer has a service that negotiates transfer syntax and translates data to and from the
transfer syntax for users, which may represent data using different syntaxes. At which of the
following layers would you find such service?
A. Session
B. Transport
C. Presentation
D. Application
C
481
QUESTION NO: 476
At which layer of ISO/OSI does the fiber optics work?
A. Network layer
B. Transport layer
C. Data link layer
D. Physical layer
D
482
QUESTION NO: 477
What is Dumpster Diving?
A. Going through dust bin
B. Running through another person's garbage for discarded document, information and other
various items that could be used against that person or company
C. Performing media analysis
D. performing forensics on the deleted items
B
483
QUESTION NO: 478
You wish to make use of "port knocking" technologies. How can you BEST explain this?
A. Port knocking is where the client will attempt to connect to a predefined set of ports to identify
him as an authorized client.
B. Port knocking is where the user calls the server operator to have him start the service he wants
to connect to.
C. This is where all the ports are open on the server and the connecting client scans the open port
to which he wants to connect to see if it's open and running.
D. Port knocking is where the port sequence is encrypted with 3DES and only the server has the
other key to decrypt the port sequence.
A
484
QUESTION NO: 479
You are part of a security staff at a highly profitable bank and each day, all traffic on the network is
logged for later review. Every Friday when major deposits are made you're seeing a series of bits
placed in the "Urgent Pointer" field of a TCP packet. This is only 16 bits which isn't much but it
concerns you because:
A. This could be a sign of covert channeling in bank network communications and should be
investigated.
B. It could be a sign of a damaged network cable causing the issue.
C. It could be a symptom of malfunctioning network card or drivers and the source system should
be checked for the problem.
D. It is normal traffic because sometimes the previous fields 16 bit checksum value can over run
into the urgent pointer's 16 bit field causing the condition.
A
485
QUESTION NO: 480
What would you call the process that takes advantages of the security provided by a transmission
protocol by carrying one protocol over another?
A. Piggy Backing
B. Steganography
C. Tunneling
D. Concealing
C
486
QUESTION NO: 481
At which OSI layer does SSL reside in?
A. Application
B. Session
C. Transport
D. Network
C
487
QUESTION NO: 482
What is the BEST answer pertaining to the difference between the Session and Transport layers
of the OSI model?
A. The Session layer sets up communication between protocols, while the Transport layer sets up
connections between computer systems.
B. The Transport layer sets up communication between computer systems, while the Session
layer sets up connections between applications.
C. The Session layer sets up communication between computer systems, while the Transport
layer sets up connections between protocols.
D. The Transport layer sets up communication between applications, while the Session layer sets
up connections between computer systems.
B
488
QUESTION NO: 483
Which of the following protocols offers native encryption?
A. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP
B. IPSEC, SSH, SSL, TFTP
C. IPSEC, SSH, SSL, TLS
D. IPSEC, SSH, PPTP, SSL, MPLS, and L2TP
C
489
QUESTION NO: 484
Of the following, which multiple access method for computer networks does 802.11 Wireless Local
Area Network use?
A. CSMA/CA
B. CSMA/CD
C. 802.11 Doesn't support multiple access methods
D. 802.11 RTS/CTS Exchange
A
490
QUESTION NO: 485
Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE
standards that describe technologies at that layer?
A. LCL and MAC; IEEE 802.2 and 802.3
B. LCL and MAC; IEEE 802.1 and 802.3
C. Network and MAC; IEEE 802.1 and 802.3
D. LLC and MAC; IEEE 802.2 and 802.3
D
491
QUESTION NO: 486
Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table
so that it contains incorrect IP to MAC address mappings?
A. Reverse ARP
B. Poisoning ARP cache
C. ARP table poisoning
D. Reverse ARP table poisoning
C
492
QUESTION NO: 487
What is the three way handshake sequence used to initiate TCP connections?
A. ACK, SYN/ACK, ACK
B. SYN, SYN/ACK, ACK
C. SYN, SYN, ACK/ACK
D. ACK, SYN/ACK, SYN
B
493
QUESTION NO: 488
You are using an open source packet analyzer called Wireshark and are sifting through the
various conversations to see if anything appears to be out of order.
You are observing a UDP conversation between a host and a router. It was a file transfer between
the two on port 69. What protocol was used here to conduct the file transfer?
A. TFTP
B. SFTP
C. FTP
D. SCP
A
494
QUESTION NO: 489
What sort of attack is described by the following: An attacker has a list of broadcast addresses
which it stores into an array, the attacker sends a spoofed icmp echo request to each of those
addresses in series and starts again. The spoofed IP address used by the attacker as the source
of the packets is the target/victim IP address.
A. Smurf Attack
B. Fraggle Attack
C. LAND Attack
D. Replay Attack
A
495
QUESTION NO: 490
View the image below and identify the attack.
```
Master
/|\
-Zombie
-Zombie
-Zombie
-Zombie
\|/
->Victim
```
A. DDoS
B. DOS
C. TFN
D. Reflection Attack
A
496
QUESTION NO: 491
How many bits is the address space reserved for the source IP address within an IPv6 header?
A. 128
B. 32
C. 64
D. 256
A
497
QUESTION NO: 492
Which of the following service is a distributed database that translate host name to IP address to
IP address to host name?
A. DNS
B. FTP
C. SSH
D. SMTP
A
498
QUESTION NO: 493
Which of the following attack is MOSTLY performed by an attacker to steal the identity information
of a user such as credit card number, passwords,etc?
A. Smurf attack
B. Traffic analysis
C. Pharming
D. Interrupt attack
C
499
QUESTION NO: 494
Which of the following protocol is PRIMARILY used to provide confidentiality in a web based
application thus protecting data sent across a client machine and a server?
A. SSL
B. FTP
C. SSH
D. S/MIME
A
500
QUESTION NO: 495
Which one of the following represents an ALE calculation?
A. single loss expectancy x annualized rate of occurrence.
B. gross loss expectancy x loss frequency.
C. actual replacement cost - proceeds of salvage.
D. asset value x loss expectancy.
A
501
QUESTION NO: 496
The control of communications test equipment should be clearly addressed by security policy for
which of the following reasons?
A. Test equipment is easily damaged.
B. Test equipment can be used to browse information passing on a network.
C. Test equipment is difficult to replace if lost or stolen.
D. Test equipment must always be available for the maintenance personnel.
B
502
QUESTION NO: 497
In discretionary access environments, which of the following entities is authorized to grant
information access to other people?
A. Manager
B. Group Leader
C. Security Manager
D. Data Owner
D
503
QUESTION NO: 498
Which of the following groups represents the leading source of computer crime losses?
A. Hackers
B. Industrial saboteurs
C. Foreign intelligence officers
D. Employees
D
504
QUESTION NO: 499
Which of the following is the best reason for the use of an automated risk analysis tool?
A. Much of the data gathered during the review cannot be reused for subsequent analysis.
B. Automated methodologies require minimal training and knowledge of risk analysis.
C. Most software tools have user interfaces that are easy to use and does not require any training.
D. Information gathering would be minimized and expedited due to the amount of information
already built into the tool.
D
505
QUESTION NO: 500
Who is ultimately responsible for the security of computer based information systems within an
organization?
A. The tech support team
B. The Operation Team.
C. The management team.
D. The training team.
C
506
QUESTION NO: 501
The major objective of system configuration management is which of the following?
A. system maintenance.
B. system stability.
C. system operations.
D. system tracking.
B
507
QUESTION NO: 502
Who should measure the effectiveness of Information System security related controls in an
organization?
A. The local security specialist
B. The business manager
C. The systems auditor
D. The central security manager
C
508
QUESTION NO: 503
A deviation from an organization-wide security policy requires which of the following?
A. Risk Acceptance
B. Risk Assignment
C. Risk Reduction
D. Risk Containment
A
509
QUESTION NO: 504
Which must bear the primary responsibility for determining the level of protection needed for
information systems resources?
A. IS security specialists
B. Senior Management
C. Senior security analysts
D. systems Auditors
B
510
QUESTION NO: 505
Within the realm of IT security, which of the following combinations best defines risk?
A. Threat coupled with a breach
B. Threat coupled with a vulnerability
C. Vulnerability coupled with an attack
D. Threat coupled with a breach of security
B
511
QUESTION NO: 506
Which of the following is considered the weakest link in a security system?
A. People
B. Software
C. Communications
D. Hardware
A
512
QUESTION NO: 507
The ISO/IEC 27001:2005 is a standard for:
A. Information Security Management System
B. Implementation and certification of basic security measures
C. Evaluation criteria for the validation of cryptographic algorithms
D. Certification of public key infrastructures
A
513
QUESTION NO: 508
What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the
case where a company employs 100 data entry clerks and every one of them makes one input
error each month?
```
A. 100
B. 120
C. 1
D. 1200
ISC CISSP Exam
"
```
D
514
QUESTION NO: 509
How is Annualized Loss Expectancy (ALE) derived from a threat?
A. ARO x (SLE - EF)
B. SLE x ARO
C. SLE/EF
D. AV x EF
B
515
QUESTION NO: 510
What does "residual risk" mean?
A. The security risk that remains after controls have been implemented
B. Weakness of an assets which can be exploited by a threat
C. Risk that remains after risk assessment has been performed
D. A security risk intrinsic to an asset being audited, where no mitigation has taken place.
A
516
QUESTION NO: 511
Preservation of confidentiality within information systems requires that the information is not
disclosed to:
A. Authorized person
B. Unauthorized persons or processes.
C. Unauthorized persons.
D. Authorized persons and processes
B
517
QUESTION NO: 512
Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson
model?
A. Prevention of the modification of information by unauthorized users.
B. Prevention of the unauthorized or unintentional modification of information by authorized users.
C. Preservation of the internal and external consistency.
D. Prevention of the modification of information by authorized users.
D
518
QUESTION NO: 513
What is called an event or activity that has the potential to cause harm to the information systems
or networks?
A. Vulnerability
B. Threat agent
C. Weakness
D. Threat
D
519
QUESTION NO: 514
A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the
information systems or networks is called a?
A. Vulnerability
B. Risk
C. Threat
D. Overflow
A
520
QUESTION NO: 515
What is called the probability that a threat to an information system will materialize?
A. Threat
B. Risk
C. Vulnerability
D. Hole
B
521
QUESTION NO: 516
Risk mitigation and risk reduction controls for providing information security are classified within
three main categories, which of the following are being used?
A. preventive, corrective, and administrative
B. detective, corrective, and physical
C. Physical, technical, and administrative
D. Administrative, operational, and logical
C
522
QUESTION NO: 517
Which of the following would be best suited to oversee the development of an information security
policy?
A. System Administrators
B. End User
C. Security Officers
D. Security administrators
C
523
QUESTION NO: 518
Which of the following is the MOST important aspect relating to employee termination?
A. The details of employee have been removed from active payroll files.
B. Company property provided to the employee has been returned.
C. User ID and passwords of the employee have been deleted.
D. The appropriate company staff are notified about the termination.
D
524
QUESTION NO: 519
Making sure that only those who are supposed to access the data can access is which of the
following?
A. confidentiality.
B. capability.
C. integrity.
D. availability.
A
525
QUESTION NO: 520
Related to information security, confidentiality is the opposite of which of the following?
A. closure
B. disclosure
C. disposal
D. disaster
B
526
QUESTION NO: 521
Related to information security, integrity is the opposite of which of the following?
A. abstraction
B. alteration
C. accreditation
D. application
B
527
QUESTION NO: 522
Making sure that the data is accessible when and where it is needed is which of the following?
A. confidentiality
B. integrity
C. acceptability
D. availability
D
528
QUESTION NO: 523
Related to information security, availability is the opposite of which of the following?
A. delegation
B. distribution
C. documentation
D. destruction
D
529
QUESTION NO: 524
Related to information security, the prevention of the intentional or unintentional unauthorized
disclosure of contents is which of the following?
A. Confidentiality
B. Integrity
C. Availability
D. capability
A
530
QUESTION NO: 525
Related to information security, the guarantee that the message sent is the message received with
the assurance that the message was not intentionally or unintentionally altered is an example of
which of the following?
A. integrity
B. confidentiality
C. availability
D. identity
A
531
QUESTION NO: 526
One of these statements about the key elements of a good configuration process is NOT true
A. Accommodate the reuse of proven standards and best practices
B. Ensure that all requirements remain clear, concise, and valid
C. Control modifications to system hardware in order to prevent resource changes
D. Ensure changes, standards, and requirements are communicated promptly and precisely
C
532
QUESTION NO: 527
Which of the following is NOT an administrative control?
A. Logical access control mechanisms
B. Screening of personnel
C. Development of policies, standards, procedures and guidelines
D. Change control procedures
A
533
QUESTION NO: 528
Which of the following is NOT a technical control?
A. Password and resource management
B. Identification and authentication methods
C. Monitoring for physical intrusion
D. Intrusion Detection Systems
C
534
QUESTION NO: 529
Which of the following is BEST defined as a physical control?
A. Monitoring of system activity
B. Fencing
C. Identification and authentication methods
D. Logical access control mechanisms
B
535
QUESTION NO: 530
Which of the following would NOT violate the Due Diligence concept?
A. Security policy being outdated
B. Data owners not laying out the foundation of data protection
C. Network administrator not taking mandatory two-week vacation as planned
D. Latest security patches for servers being installed as per the Patch Management process
D
536
QUESTION NO: 531
Which of the following would BEST be defined as an absence or weakness of safeguard that could
be exploited?
A. A threat
B. A vulnerability
C. A risk
D. An exposure
B
537
QUESTION NO: 532
Which of the following could be BEST defined as the likelihood of a threat agent taking advantage
of a vulnerability?
A. A risk
B. A residual risk
C. An exposure
D. A countermeasure
A
538
QUESTION NO: 533
Which approach to a security program ensures people responsible for protecting the company's
assets are DRIVING the program?
A. The Delphi approach
B. The top-down approach
C. The bottom-up approach
D. The technology approach
B
539
QUESTION NO: 534
Which of the following is NOT a part of a risk analysis?
A. Identify risks
B. Quantify the impact of potential threats
C. Provide an economic balance between the impact of the risk and the cost of the associated
countermeasure
D. Choose the best countermeasure
D
540
QUESTION NO: 535
How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of
the risk?
A. Reject the risk
B. Perform another risk analysis
C. Accept the risk
D. Reduce the risk
C
541
QUESTION NO: 536
Which of the following is given the responsibility of the maintenance and protection of the data?
A. Data owner
B. Data custodian
C. User
D. Security administrator
B
542
QUESTION NO: 537
Who should DECIDE how a company should approach security and what security measures
should be implemented?
A. Senior management
B. Data owner
C. Auditor
D. The information security specialist
A
543
QUESTION NO: 538
Which of the following is responsible for MOST of the security issues?
A. Outside espionage
B. Hackers
C. Personnel
D. Equipment failure
C
544
QUESTION NO: 539
What are the three FUNDAMENTAL principles of security?
A. Accountability, confidentiality and integrity
B. Confidentiality, integrity and availability
C. Integrity, availability and accountability
D. Availability, accountability and confidentiality
B
545
QUESTION NO: 540
What would BEST define risk management?
A. The process of eliminating the risk
B. The process of assessing the risks
C. The process of reducing risk to an acceptable level
D. The process of transferring risk
C
546
QUESTION NO: 541
Within the context of the CBK, which of the following provides a MINIMUM level of security
ACCEPTABLE for an environment?
A. A baseline
B. A standard
C. A procedure
D. A guideline
A
547
QUESTION NO: 542
According to private sector data classification levels, how would salary levels and medical
information be classified?
A. Public.
B. Internal Use Only.
C. Restricted.
D. Confidential.
D
548
QUESTION NO: 543
Which of the following would be the best criterion to consider in determining the classification of an
information asset?
A. Value
B. Age
C. Useful life
D. Personal association
A
549
QUESTION NO: 544
Which of the following is not a responsibility of an information (data) owner?
A. Determine what level of classification the information requires.
B. Periodically review the classification assignments against business needs.
C. Delegate the responsibility of data protection to data custodians.
D. Running regular backups and periodically testing the validity of the backup data.
D
550
QUESTION NO: 545
Which of the following embodies all the detailed actions that personnel are required to follow?
A. Standards
B. Guidelines
C. Procedures
D. Baselines
C
551
QUESTION NO: 546
Who is responsible for providing reports to the senior management on the effectiveness of the
security controls?
A. Information systems security professionals
B. Data owners
C. Data custodians
D. Information systems auditors
D
552
QUESTION NO: 547
What is the highest amount a company should spend annually on countermeasures for protecting
an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of
once every five years and an exposure factor (EF) of 30%?
A. $300,000
B. $150,000
C. $60,000
D. $1,500
C
Explanation: The cost of a countermeasure should not be greater in cost than the risk it mitigates
(ALE). For a quantitative risk assessment, the equation is ALE = ARO x SLE where the SLE is
calculated as the product of asset value x exposure factor. An event that happen once every five
years would have an ARO of .2 (1 divided by 5).
SLE = Asset Value (AV) x Exposure Fact (EF)
SLE = 1,000,000 x .30 = 300,000
ALE = SLE x Annualized Rate of Occurance (ARO)
ALE = 300,000 x .2 = 60,000
Know your acronyms:
ALE -- Annual loss expectancy
ARO -- Annual rate of occurrence
SLE -- Single loss expectancy
553
QUESTION NO: 548
Which of the following statements pertaining to quantitative risk analysis is false?
A. Portion of it can be automated
B. It involves complex calculations
C. It requires a high volume of information
D. It requires little experience to apply
D
554
QUESTION NO: 549
Which property ensures that only the intended recipient can access the data and nobody else?
A. Confidentiality
B. Capability
C. Integrity
D. Availability
A
555
QUESTION NO: 550
Making sure that the data has not been changed unintentionally, due to an accident or malice is:
A. Integrity.
B. Confidentiality.
C. Availability.
D. Auditability.
A
556
QUESTION NO: 551
Which of the following are the steps usually followed in the development of documents such as
security policy, standards and procedures?
A. design, development, publication, coding, and testing.
B. design, evaluation, approval, publication, and implementation.
C. initiation, evaluation, development, approval, publication, implementation, and maintenance.
D. feasibility, development, approval, implementation, and integration.
C
557
QUESTION NO: 552
What is the goal of the Maintenance phase in a common development process of a security
policy?
A. to review the document on the specified review date
B. publication within the organization
C. to write a proposal to management that states the objectives of the policy
D. to present the document to an approving body
A
558
QUESTION NO: 553
What is the difference between Advisory and Regulatory security policies?
A. there is no difference between them
B. regulatory policies are high level policy, while advisory policies are very detailed
C. Advisory policies are not mandated. Regulatory policies must be implemented.
D. Advisory policies are mandated while Regulatory policies are not
C
559
QUESTION NO: 554
In regards to information classification what is the main responsibility of information (data) owner?
A. determining the data sensitivity or classification level
B. running regular data backups
C. audit the data users
D. periodically check the validity and accuracy of the data
A
560
QUESTION NO: 555
What is the main purpose of Corporate Security Policy?
A. To transfer the responsibility for the information security to all users of the organization
B. To communicate management's intentions in regards to information security
C. To provide detailed steps for performing specific actions
D. To provide a common framework for all development activities
B
561
QUESTION NO: 556
Which of the following is not a component of a Operations Security "triples"?
A. Asset
B. Threat
C. Vulnerability
D. Risk
D
562
QUESTION NO: 557
The absence of a safeguard, or a weakness in a system that may possibly be exploited is called
a(n)?
A. Threat
B. Exposure
C. Vulnerability
D. Risk
C
563
QUESTION NO: 558
In the CIA triad, what does the letter A stand for?
A. Auditability
B. Accountability
C. Availability
D. Authentication
C
564
QUESTION NO: 559
Controls are implemented to:
A. eliminate risk and reduce the potential for loss
B. mitigate risk and eliminate the potential for loss
C. mitigate risk and reduce the potential for loss
D. eliminate risk and eliminate the potential for loss
C
565
QUESTION NO: 560
What can be described as a measure of the magnitude of loss or impact on the value of an asset?
A. Probability
B. Exposure factor
C. Vulnerability
D. Threat
B
566
QUESTION NO: 561
Computer security should be first and foremost which of the following:
A. Cover all identified risks
B. Be cost-effective.
C. Be examined in both monetary and non-monetary terms.
D. Be proportionate to the value of IT systems.
B
567
QUESTION NO: 562
Which of the following best allows risk management results to be used knowledgeably?
A. A vulnerability analysis
B. A likelihood assessment
C. An uncertainty analysis
D. A threat identification
C
568
QUESTION NO: 563
Who is responsible for initiating corrective measures and capabilities used when there are security
violations?
A. Information systems auditor
B. Security administrator
C. Management
D. Data owners
C
569
QUESTION NO: 564
What can best be defined as high-level statements, beliefs, goals and objectives?
A. Standards
B. Policies
C. Guidelines
D. Procedures
B
570
QUESTION NO: 565
In an organization, an Information Technology security function should:
A. Be a function within the information systems function of an organization.
B. Report directly to a specialized business unit such as legal, corporate security or insurance.
C. Be lead by a Chief Security Officer and report directly to the CEO.
D. Be independent but report to the Information Systems function.
C
571
QUESTION NO: 566
IT security measures should:
A. Be complex
B. Be tailored to meet organizational security goals.
C. Make sure that every asset of the organization is well protected.
D. Not be developed in a layered fashion.
B
572
QUESTION NO: 567
What can be best defined as the examination of threat sources against system vulnerabilities to
determine the threats for a particular system in a particular operational environment?
A. Risk management
B. Risk analysis
C. Threat analysis
D. Due diligence
C
573
QUESTION NO: 568
Which of the following is NOT a common integrity goal?
A. Prevent unauthorized users from making modifications.
B. Maintain internal and external consistency.
C. Prevent authorized users from making improper modifications.
D. Prevent paths that could lead to inappropriate disclosure.
D
574
QUESTION NO: 569
Who of the following is responsible for ensuring that proper controls are in place to address
integrity, confidentiality, and availability of IT systems and data?
A. Business and functional managers
B. IT Security practitioners
C. System and information owners
D. Chief information officer
C
575
QUESTION NO: 570
Which of the following is an advantage of a qualitative over a quantitative risk analysis?
A. It prioritizes the risks and identifies areas for immediate improvement in addressing the
vulnerabilities.
B. It provides specific quantifiable measurements of the magnitude of the impacts.
C. It makes a cost-benefit analysis of recommended controls easier.
D. It can easily be automated.
A
576
QUESTION NO: 571
An effective information security policy should not have which of the following characteristic?
A. Include separation of duties
B. Be designed with a short- to mid-term focus
C. Be understandable and supported by all stakeholders
D. Specify areas of responsibility and authority
B
577
QUESTION NO: 572
Which of the following choice is NOT normally part of the questions that would be asked in regards
to an organization's information security policy?
A. Who is involved in establishing the security policy?
B. Where is the organization's security policy defined?
C. What are the actions that need to be performed in case of a disaster?
D. Who is responsible for monitoring compliance to the organization's security policy?
C
578
QUESTION NO: 573
The property of a system or a system resource being accessible and usable upon demand by an
authorized system entity, according to performance specifications for the system is referred to as?
A. Confidentiality
B. Availability
C. Integrity
D. Reliability
B
579
QUESTION NO: 574
Which of the following would best classify as a management control?
A. Review of security controls
B. Personnel security
C. Physical and environmental protection
D. Documentation
A
580
QUESTION NO: 575
What can be defined as an event that could cause harm to the information systems?
A. A risk
B. A threat
C. A vulnerability
D. A weakness
B
581
QUESTION NO: 576
Which of the following statements pertaining to a security policy is incorrect?
A. Its main purpose is to inform the users, administrators and managers of their obligatory
requirements for protecting technology and information assets.
B. It specifies how hardware and software should be used throughout the organization.
C. It needs to have the acceptance and support of all levels of employees within the organization
in order for it to be appropriate and effective.
D. It must be flexible to the changing environment.
B
582
QUESTION NO: 577
Which of the following best defines add-on security?
A. Physical security complementing logical security measures.
B. Protection mechanisms implemented as an integral part of an information system.
C. Layer security.
D. Protection mechanisms implemented after an information system has become operational.
D
583
QUESTION NO: 578
The preliminary steps to security planning include all of the following EXCEPT which of the
following?
A. Establish objectives.
B. List planning assumptions.
C. Establish a security audit function.
D. Determine alternate courses of action
C
584
QUESTION NO: 579
Step-by-step instructions used to satisfy control requirements is called a:
A. policy
B. standard
C. guideline
D. procedure
D
585
QUESTION NO: 580
One purpose of a security awareness program is to modify:
A. employee's attitudes and behaviors towards enterprise's security posture
B. management's approach towards enterprise's security posture
C. attitudes of employees with sensitive data
D. corporate attitudes about safeguarding data
A
586
QUESTION NO: 581
Whose role is it to assign classification level to information?
A. Security Administrator
B. User
C. Owner
D. Auditor
C
587
QUESTION NO: 582
Which type of security control is also known as "Logical" control?
A. Physical
B. Technical
C. Administrative
D. Risk
B
588
QUESTION NO: 583
What is surreptitious transfer of information from a higher classification compartment to a lower
classification compartment without going through the formal communication channels?
A. Object Reuse
B. Covert Channel
C. Security domain
D. Data Transfer
B
589
QUESTION NO: 584
The owner of a system should have the confidence that the system will behave according to its
specifications. This is termed as :
A. Integrity
B. Accountability
C. Assurance
D. Availability
C
590
QUESTION NO: 585
Which of the following is best practice to employ in order to reduce the risk of collusion?
A. Least Privilege
B. Job Rotation
C. Seperation of Duties
D. Mandatory Vacations
B
591
QUESTION NO: 586
Which of the following is not classified as a "Security and Audit Frameworks and Methodologies"
A. Bell LaPadula
B. Committee of Sponsoring Organizations of the Treadway Commission (COSO)
C. IT Infrastructure Library (ITIL)
D. Control Objectives for Information and related Technology (COBIT)
A
592
QUESTION NO: 587
Which Security and Audit Framework has been adopted by some organizations working towards
Sarbanes—Oxley Section 404 compliance?
A. Committee of Sponsoring Organizations of the Treadway Commission (COSO)
B. BIBA
C. National Institute of Standards and Technology Special Publication 800-66 (NIST SP 800-66)
D. CCTA Risk Analysis and Management Method (CRAMM)
A
593
QUESTION NO: 588
The Widget company decided to take their company public and while they were in the process of
doing so had an external auditor come and look at their company. As part of the external audit
they brought in an technology expert, who incidentally was a new CISSP. The auditor's expert
asked to see their last risk analysis from the technology manager. The technology manager did
not get back to him for a few days and then the Chief Financial Officer gave the auditors a 2 page
risk assesment that was signed by both the Chief Financial Officer and the Technology Manager.
While reviewing it, the auditor noticed that only parts of their financial data were being backed up
on site and no where else; the Chief Financial Officer accepted the risk of only partial financial
data being backed up with no off-site copies available.
Who owns the risk with regards to the data that is being backed up and where it is stored?
A. Only the Chief Financial Officer
B. Only the most Senior Management such as the Chief Executive Officer
C. Both the Chief Financial Officer and Technology Manager
D. Only The Technology Manager
A
594
QUESTION NO: 589
Common Criteria 15408 generally outlines assurance and functional requirements through a
security evaluation process concept of ______________, ____________, __________ for
Evaluated Assurance Levels (EALs) to certify a product or system.
A. EAL, Security Target, Target of Evaluation
B. SFR, Protection Profile, Security Target
C. Protection Profile, Target of Evaluation, Security Target
D. SFR, Security Target, Target of Evaluation
C
595
QUESTION NO: 590
What are the four domains that make up CobiT?
A. Plan and Organize, Maintain and Implement, Deliver and Support, and Monitor and Evaluate
B. Plan and Organize, Acquire and Implement, Support and Purchase, and Monitor and Evaluate
C. Acquire and Implement, Deliver and Support, Monitor, and Evaluate
D. Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate
D
596
QUESTION NO: 591
CobiT was developed from the COSO framework. Which of the choices below best describe the
COSO's main objectives and purpose?
A. COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an
organization
B. COSO main purpose is to define a sound risk management approach within financial
companies.
C. COSO addresses corporate culture and policy development.
D. COSO is risk management system used for the protection of federal systems.
A
597
QUESTION NO: 592
Which of the following answers is the BEST example of Risk Transference?
A. Insurance
B. Results of Cost Benefit Analysis
C. Acceptance
D. Not hosting the services at all
A
598
QUESTION NO: 593
Which of the following answer BEST relates to the type of risk analysis that involves committees,
interviews, opinions and subjective input from staff?
A. Qualitative Risk Analysis
B. Quantitative Risk Analysis
C. Interview Approach to Risk Analysis
D. Managerial Risk Assessment
A
599
QUESTION NO: 594
Regarding risk reduction, which of the following answers is BEST defined by the process of giving
only just enough access to information necessary for them to perform their job functions?
A. Least Privilege Principle
B. Minimum Privilege Principle
C. Mandatory Privilege Requirement
D. Implicit Information Principle
A
600
QUESTION NO: 595
Which term BEST describes a practice used to detect fraud for users or a user by forcing them to
be away from the workplace for a while?
A. Mandatory Vacations
B. Least Privilege Principle
C. Obligatory Separation
D. Job Rotation
A
601
QUESTION NO: 596
Which of the following is a fraud detection method whereby employees are moved from position to
position?
A. Job Rotation
B. Mandatory Rotation
C. Mandatory Vacations
D. Mandatory Job Duties
A
602
QUESTION NO: 597
Which answer BEST describes information access permissions where, unless the user is
specifically given access to certain data they are denied any access by default?
A. Implicit Deny
B. Explicit Deny
C. Implied Permissions
D. Explicit Permit
A
603
QUESTION NO: 598
Which of the following activities would not be included in the contingency planning process phase?
A. Prioritization of applications
B. Development of test procedures
C. Assessment of threat impact on the organization
D. Development of recovery scenarios
B
604
QUESTION NO: 599
In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated?
A. Avoidance
B. Acceptance
C. Transference
D. Mitigation
A
605
QUESTION NO: 600
Of the multiple methods of handling risks which we must undertake to carry out business
operations, which one involves using controls to reduce the risk?
A. Mitigation
B. Avoidance
C. Acceptance
D. Transference
A
606
QUESTION NO: 601
There is no way to completely abolish or avoid risks, you can only manage them. A risk free
environment does not exist. If you have risks that have been identified, understood and evaluated
to be acceptable in order to conduct business operations. What is this this approach to risk
management called?
A. Risk Acceptance
B. Risk Avoidance
C. Risk Transference
D. Risk Mitigation
A
607
QUESTION NO: 602
John is the product manager for an information system. His product has undergone under security
review by an IS auditor. John has decided to apply appropriate security controls to reduce the
security risks suggested by an IS auditor. Which of the following technique is used by John to treat
the identified risk provided by an IS auditor?
A. Risk Mitigation
B. Risk Acceptance
C. Risk Avoidance
D. Risk transfer
A
608
QUESTION NO: 603
Sam is the security Manager of an financial institute. Senior management has requested he
performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing
the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that
risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that
could be incurred. What kind of a strategy should Sam recommend to the senior management to
treat these risks?
A. Risk Mitigation
B. Risk Acceptance
C. Risk Avoidance
D. Risk transfer
B
609
QUESTION NO: 604
Which of the following risk handling technique involves the practice of being proactive so that the
risk in question is not realized?
A. Risk Mitigation
B. Risk Acceptance
C. Risk Avoidance
D. Risk transfer
C
610
QUESTION NO: 605
Which of the following risk handling technique involves the practice of passing on the risk to
another entity, such as an insurance company?
A. Risk Mitigation
B. Risk Acceptance
C. Risk Avoidance
D. Risk transfer
D
611
QUESTION NO: 606
Which of the following security control is intended to bring environment back to regular operation?
A. Deterrent
B. Preventive
C. Corrective
D. Recovery
D
612
QUESTION NO: 607
Which of the following is NOT an example of a detective control?
A. System Monitor
B. IDS
C. Monitor detector
D. Backup data restore
D
613
QUESTION NO: 608
Which type of risk assessment is the formula ALE = ARO x SLE used for?
A. Quantitative Analysis
B. Qualitative Analysis
C. Objective Analysis
D. Expected Loss Analysis
A
614
QUESTION NO: 609
Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of
least privilege by providing access to information only to authorized and intended users?
A. Confidentiality
B. Integrity
C. Availability
D. Accuracy
A
615
QUESTION NO: 610
What does "System Integrity" mean?
A. The software of the system has been implemented as designed.
B. Users can't tamper with processes they do not own.
C. Hardware and firmware have undergone periodic testing to verify that they are functioning
properly.
D. Design specifications have been verified against the formal top-level specification.
C
616
QUESTION NO: 611
In computing what is the name of a non-self-replicating type of malware program containing
malicious code that appears to have some useful purpose but also contains code that has a
malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown
to the person installing it, typically causing loss or theft of data, and possible system harm.
A. virus.
B. worm.
C. Trojan horse.
D. trapdoor.
C
617
QUESTION NO: 612
The security of a computer application is most effective and economical in which of the following
cases?
A. The system is optimized prior to the addition of security.
B. The system is procured off-the-shelf.
C. The system is customized to meet the specific security threat.
D. The system is originally designed to provide the necessary security.
D
618
QUESTION NO: 613
Which of the following virus types changes some of its characteristics as it spreads?
A. Boot Sector
B. Parasitic
C. Stealth
D. Polymorphic
D
619
QUESTION NO: 614
Which of the following is commonly used for retrofitting multilevel security to a database
management system?
A. trusted front-end.
B. trusted back-end.
C. controller.
D. kernel.
A
620
QUESTION NO: 615
Which of the following is an advantage of using a high-level programming language?
A. It decreases execution times for programs
B. It allows programmers to define syntax
C. It requires programmer-controlled storage management
D. It enforces coding standards
D
621
QUESTION NO: 616
In an online transaction processing system (OLTP), which of the following actions should be taken
when erroneous or invalid transactions are detected?
A. The transactions should be dropped from processing.
B. The transactions should be processed after the program makes adjustments.
C. The transactions should be written to a report and reviewed.
D. The transactions should be corrected and reprocessed.
C
622
QUESTION NO: 617
Who can best decide what are the adequate technical security controls in a computer-based
application system in regards to the protection of the data being used, the criticality of the data,
and it's sensitivity level?
A. System Auditor
B. Data or Information Owner
C. System Manager
D. Data or Information user
B
623
QUESTION NO: 618
A security evaluation report and an accreditation statement are produced in which of the following
phases of the system development life cycle?
A. project initiation and planning phase
B. system design specification phase
C. development & documentation phase
D. acceptance phase
D
624
QUESTION NO: 619
Which of the following is often the greatest challenge of distributed computing solutions?
A. scalability
B. security
C. heterogeneity
D. usability
B
625
QUESTION NO: 620
What is the appropriate role of the security analyst in the application system development or
acquisition project?
A. policeman
B. control evaluator & consultant
C. data owner
D. application user
B
626
QUESTION NO: 621
The information security staff's participation in which of the following system development life
cycle phases provides maximum benefit to the organization?
A. project initiation and planning phase
B. system design specifications phase
C. development and documentation phase
D. in parallel with every phase throughout the project
D
627
QUESTION NO: 622
Operations Security seeks to primarily protect against which of the following?
A. object reuse
B. facility disaster
C. compromising emanations
D. asset threats
D
628
QUESTION NO: 623
A 'Pseudo flaw' is which of the following?
A. An apparent loophole deliberately implanted in an operating system program as a trap for
intruders.
B. An omission when generating Psuedo-code.
C. Used for testing for bounds violations in application programming.
D. A normally generated page fault causing the system to halt.
A
629
QUESTION NO: 624
With SQL Relational databases where is the actual data stored?
A. Views
B. Tables
C. Schemas and sub-schemas
D. Index-sequential tables
B
630
QUESTION NO: 625
Which of the following is based on the premise that the quality of a software product is a direct
function of the quality of its associated software development and maintenance processes?
A. The Software Capability Maturity Model (CMM)
B. The Spiral Model
C. The Waterfall Model
D. Expert Systems Model
A
631
QUESTION NO: 626
Which of the following determines that the product developed meets the projects goals?
A. verification
B. validation
C. concurrence
D. accuracy
B
632
QUESTION NO: 627
Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?
A. Validation
B. Verification
C. Assessment
D. Accuracy
B
633
QUESTION NO: 628
Which of the following is one of the oldest and most common problem in software development
that is still very prevalent today?
A. Buffer Overflow
B. Social Engineering
C. Code injection for machine language
D. Unassembled reversable DOS instructions.
A
634
QUESTION NO: 629
Which of the following is NOT true concerning Application Control?
A. It limits end users use of applications in such a way that only particular screens are visible.
B. Only specific records can be requested through the application controls
C. Particular usage of the application can be recorded for audit purposes
D. It is non-transparent to the endpoint applications so changes are needed to the applications
and databases involved
D
635
QUESTION NO: 630
The object-relational and object-oriented models are better suited to managing complex data such
as required for which of the following?
A. computer-aided development and imaging.
B. computer-aided duplexing and imaging.
C. computer-aided processing and imaging.
D. computer-aided design and imaging.
D
636
QUESTION NO: 631
Which of the following is not an element of a relational database model?
A. Relations , tuples , attributes and domains
B. Data Manipulation Language (DML) on how the data will be accessed and manipulated
C. Constraints to determine valid ranges and values
D. Security structures called referential validation within tables
D
637
QUESTION NO: 632
A persistent collection of interrelated data items can be defined as which of the following?
A. database
B. database management system
C. database security
D. database shadowing
A
638
QUESTION NO: 633
The description of the database is called a schema. The schema is defined by which of the
following?
A. Data Control Language (DCL).
B. Data Manipulation Language (DML).
C. Data Definition Language (DDL).
D. Search Query Language (SQL).
C
639
QUESTION NO: 634
Which of the following defines the software that maintains and provides access to the database?
A. database management system (DBMS)
B. relational database management system (RDBMS)
C. database identification system (DBIS)
D. Interface Definition Language system (IDLS)
A
640
QUESTION NO: 635
Which of the following represents a relation, which is the basis of a relational database?
A. One-dimensional table
B. Two-dimensional table
C. Three-dimensional table
D. Four-dimensional table
B
641
QUESTION NO: 636
Which of the following represents the rows of the table in a relational database?
A. attributes
B. records or tuples
C. record retention
D. relation
B
642
QUESTION NO: 637
Which of the following can be defined as the set of allowable values that an attribute can take?
A. domain of a relation
B. domain name service of a relation
C. domain analysis of a relation
D. domains, in database of a relation
A
643
QUESTION NO: 638
Which of the following can be defined as a unique identifier in the table that unambiguously points
to an individual tuple or record in the table?
A. primary key
B. candidate key
C. secondary key
D. foreign key
A
644
QUESTION NO: 639
Which of the following can be defined as THE unique attribute used as a unique identifier within a
given table to identify a tuple?
A. primary key
B. candidate key
C. foreign key
D. secondary key
A
645
QUESTION NO: 640
Which of the following can be defined as an attribute in one relation that has values matching the
primary key in another relation?
A. foreign key
B. candidate key
C. primary key
D. secondary key
A
646
QUESTION NO: 641
Referential Integrity requires that for any foreign key attribute, the referenced relation must have a
tuple with the same value for which of the following?
A. primary key
B. secondary key
C. foreign key
D. candidate key
A
647
QUESTION NO: 642
Matches between which of the following are important because they represent references from
one relation to another and establish the connections among these relations?
A. foreign key to primary key
B. foreign key to candidate key
C. candidate key to primary key
D. primary key to secondary key
A
648
QUESTION NO: 643
A database view is the results of which of the following operations?
A. Join and Select.
B. Join, Insert, and Project.
C. Join, Project, and Create.
D. Join, Project, and Select.
D
649
QUESTION NO: 644
In regards to the query function of relational database operations, which of the following represent
implementation procedures that correspond to each of the low-level operations in the query?
A. query plan
B. relational plan
C. database plan
D. structuring plan
A
650
QUESTION NO: 645
In regards to relational database operations using the Structure Query Language (SQL), which of
the following is a value that can be bound to a placeholder declared within an SQL statement?
A. A bind value
B. An assimilation value
C. A reduction value
D. A resolution value
A
651
QUESTION NO: 646
Which of the following are placeholders for literal values in a Structured Query Language (SQL)
query being sent to the database on a server?
A. Bind variables
B. Assimilation variables
C. Reduction variables
D. Resolution variables
A
652
QUESTION NO: 647
Which of the following is an important part of database design that ensures that attributes in a
table depend only on the primary key?
A. Normalization
B. Assimilation
C. Reduction
D. Compaction
A
653
QUESTION NO: 648
Normalizing data within a database could includes all or some of the following except which one?
A. Eliminate duplicative columns from the same table.
B. Eliminates functional dependencies on a partial key by putting the fields in a separate table
from those that are dependent on the whole key
C. Eliminated Functional dependencies on non-key fields by putting them in a separate table. At
this level, all non-key fields are dependent on the primary key.
D. Eliminating duplicate key fields by putting them into separate tables.
D
654
QUESTION NO: 649
Which of the following is used to create and modify the structure of your tables and other objects
in the database?
A. SQL Data Definition Language (DDL)
B. SQL Data Manipulation Language (DML)
C. SQL Data Relational Language (DRL)
D. SQL Data Identification Language (DIL)
A
655
QUESTION NO: 650
SQL commands do not include which of the following?
A. Select, Update
B. Grant, Revoke
C. Delete, Insert
D. Add, Relist
D
656
QUESTION NO: 651
Complex applications involving multimedia, computer aided design, video, graphics, and expert
systems are more suited to which of the following database type?
A. Object-Oriented Data Bases (OODB)
B. Object-Relational Data Bases
C. Relational Data Bases
D. Data base management systems (DBMS)
A
657
QUESTION NO: 652
With regard to databases, which of the following has characteristics of ease of reusing code and
analysis and reduced maintenance?
A. Object-Oriented Data Bases (OODB)
B. Object-Relational Data Bases (ORDB)
C. Relational Data Bases
D. Data base management systems (DBMS)
A
658
QUESTION NO: 653
Which of the following is the marriage of object-oriented and relational technologies combining the
attributes of both?
A. object-relational database
B. object-oriented database
C. object-linking database
D. object-management database
A
659
QUESTION NO: 654
What is used to hide data from unauthorized users by allowing a relation in a database to contain
multiple tuples with the same primary keys with each instance distinguished by a security level?
A. Data mining
B. Polyinstantiation
C. Cell suppression
D. Noise and perturbation
B
660
QUESTION NO: 655
Which of the following translates source code one command at a time for execution on a
computer?
A. A translator
B. An interpreter
C. A compiler
D. An assembler
B
661
QUESTION NO: 656
Which of the following is a Microsoft technology for communication among software components
distributed across networked computers?
A. DDE
B. OLE
C. ODBC
D. DCOM
D
662
QUESTION NO: 657
Which of the following statements relating to Distributed Computing Environment (DCE) is
FALSE?
A. It is a layer of software that sits on the top of the network layer and provides services to the
applications above it.
B. It uses a Universal Unique Identifier (UUID) to uniquely identify users, resources and
components.
C. It provides the same functionality as DCOM, but it is more proprietary than DCOM.
D. It is a set of management services with a communication layer based on RPC.
C
663
QUESTION NO: 658
Which virus category has the capability of changing its own code, making it harder to detect by
anti-virus software?
A. Stealth viruses
B. Polymorphic viruses
C. Trojan horses
D. Logic bombs
B
664
QUESTION NO: 659
Why would a database be denormalized?
A. To ensure data integrity
B. To increase processing efficiency
C. To prevent duplication of data
D. To save storage space
B
665
QUESTION NO: 660
Risk analysis is MOST useful when applied during which phase of the system development
process?
A. Project initiation and Planning
B. Functional Requirements definition
C. System Design Specification
D. Development and Implementation
A
666
QUESTION NO: 661
Which of the following would MOST likely ensure that a system development project meets
business objectives?
A. Development and tests are run by different individuals
B. User involvement in system specification and acceptance
C. Development of a project plan identifying all development activities
D. Strict deadlines and budgets
B
667
QUESTION NO: 662
What is RAD?
A. A development methodology
B. A project management technique
C. A measure of system complexity
D. Risk-assessment diagramming
A
668
QUESTION NO: 663
Which of the following best describes the purpose of debugging programs?
A. To generate random data that can be used to test programs before implementing them.
B. To ensure that program coding flaws are detected and corrected.
C. To protect, during the programming phase, valid changes from being overwritten by other
changes.
D. To compare source code versions before transferring to the test environment
B
669
QUESTION NO: 664
Which of the following would best describe the difference between white-box testing and black-box
testing?
A. White-box testing is performed by an independent programmer team.
B. Black-box testing uses the bottom-up approach.
C. White-box testing examines the program internal logical structure.
D. Black-box testing involves the business units
C
670
QUESTION NO: 665
Which of the following is a not a preventative control?
A. Deny programmer access to production data.
B. Require change requests to include information about dates, descriptions, cost analysis and
anticipated effects.
C. Run a source comparison program between control and current source periodically.
D. Establish procedures for emergency changes.
C
671
QUESTION NO: 666
Which of the following would provide the BEST stress testing environment taking under
consideration and avoiding possible data exposure and leaks of sensitive data?
A. Test environment using test data.
B. Test environment using sanitized live workloads data.
C. Production environment using test data.
D. Production environment using sanitized live workloads data.
B
672
QUESTION NO: 667
Which of the following BEST explains why computerized information systems frequently fail to
meet the needs of users?
A. Inadequate quality assurance (QA) tools.
B. Constantly changing user needs.
C. Inadequate user participation in defining the system's requirements.
D. Inadequate project management.
C
673
QUESTION NO: 668
Which of the following would be the MOST serious risk where a systems development life cycle
methodology is inadequate?
A. The project will be completed late.
B. The project will exceed the cost estimates.
C. The project will be incompatible with existing systems.
D. The project will fail to meet business and user needs.
D
674
QUESTION NO: 669
Which of the following is an advantage of prototyping?
A. Prototype systems can provide significant time and cost savings.
B. Change control is often less complicated with prototype systems.
C. It ensures that functions or extras are not added to the intended system.
D. Strong internal controls are easier to implement.
A
675
QUESTION NO: 670
Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to
Threats and Risks Analysis?
A. DSS is aimed at solving highly structured problems.
B. DSS emphasizes flexibility in the decision making approach of users.
C. DSS supports only structured decision-making tasks.
D. DSS combines the use of models with non-traditional data access and retrieval functions.
B
676
QUESTION NO: 671
Which of the following is an advantage in using a bottom-up versus a top-down approach to
software testing?
A. Interface errors are detected earlier.
B. Errors in critical modules are detected earlier.
C. Confidence in the system is achieved earlier.
D. Major functions and processing are tested earlier.
B
677
QUESTION NO: 672
Which of the following would be the best reason for separating the test and development
environments?
A. To restrict access to systems under test.
B. To control the stability of the test environment.
C. To segregate user and development staff.
D. To secure access to systems under development.
B
678
QUESTION NO: 673
Why do buffer overflows happen? What is the main cause?
A. Because buffers can only hold so much data
B. Because of improper parameter checking within the application
C. Because they are an easy weakness to exploit
D. Because of insufficient system memory
B
679
QUESTION NO: 674
What is called the number of columns in a table?
A. Schema
B. Relation
C. Degree
D. Cardinality
C
680
QUESTION NO: 675
Which of the following would not correspond to the number of primary keys values found in a table
in a relational database?
A. Degree
B. Number of tuples
C. Cardinality
D. Number of rows
A
681
QUESTION NO: 676
Which of the following represents the best programming?
A. Low cohesion, low coupling
B. Low cohesion, high coupling
C. High cohesion, low coupling
D. High cohesion, high coupling
C
682
QUESTION NO: 677
Java is not:
A. Object-oriented.
B. Distributed.
C. Architecture Specific.
D. Multithreaded.
C
683
QUESTION NO: 678
In which of the following phases of system development life cycle (SDLC) is contingency planning
most important?
A. Initiation
B. Development/acquisition
C. Implementation
D. Operation/maintenance
A
684
QUESTION NO: 679
Buffer overflow and boundary condition errors are subsets of which of the following?
A. Race condition errors.
B. Access validation errors.
C. Exceptional condition handling errors.
D. Input validation errors.
D
685
QUESTION NO: 680
Which of the following does not address Database Management Systems (DBMS) Security?
A. Perturbation
B. Cell suppression
C. Padded cells
D. Partitioning
C
686
QUESTION NO: 681
During which phase of an IT system life cycle are security requirements developed?
A. Operation
B. Initiation
C. Functional design analysis and Planning
D. Implementation
C
687
QUESTION NO: 682
Which of the following phases of a system development life-cycle is most concerned with
establishing a good security policy as the foundation for design?
A. Development/acquisition
B. Implementation
C. Initiation
D. Maintenance
C
688
QUESTION NO: 683
When considering an IT System Development Life-cycle, security should be:
A. Mostly considered during the initiation phase.
B. Mostly considered during the development phase.
C. Treated as an integral part of the overall system design.
D. Added once the design is completed.
C
689
QUESTION NO: 684
Risk reduction in a system development life-cycle should be applied:
A. Mostly to the initiation phase.
B. Mostly to the development phase.
C. Mostly to the disposal phase.
D. Equally to all phases.
D
690
QUESTION NO: 685
Which of the following phases of a system development life-cycle is most concerned with
maintaining proper authentication of users and processes to ensure appropriate access control
decisions?
A. Development/acquisition
B. Implementation
C. Operation/Maintenance
D. Initiation
C
691
QUESTION NO: 686
What can be defined as: It confirms that users’ needs have been met by the supplied solution?
A. Accreditation
B. Certification
C. Assurance
D. Acceptance
D
692
QUESTION NO: 687
Which of the following statements pertaining to software testing is incorrect?
A. Unit testing should be addressed and considered when the modules are being designed.
B. Test data should be part of the specifications.
C. Testing should be performed with live data to cover all possible situations.
D. Test data generators can be used to systematically generate random test data that can be used
to test programs.
C
693
QUESTION NO: 688
Which of the following can be defined as the process of rerunning a portion of the test scenario or
test plan to ensure that changes or corrections have not introduced new errors?
A. Unit testing
B. Pilot testing
C. Regression testing
D. Parallel testing
C
694
QUESTION NO: 689
Which of the following statements pertaining to software testing approaches is correct?
A. A bottom-up approach allows interface errors to be detected earlier.
B. A top-down approach allows errors in critical modules to be detected earlier.
C. The test plan and results should be retained as part of the system's permanent documentation.
D. Black box testing is predicated on a close examination of procedural detail.
C
695
QUESTION NO: 690
Which of the following test makes sure the modified or new system includes appropriate access
controls and does not introduce any security holes that might compromise other systems?
A. Recovery testing
B. Security testing
C. Stress/volume testing
D. Interface testing
B
696
QUESTION NO: 691
Which of the following phases of a software development life cycle normally addresses Due Care
and Due Diligence?
A. Implementation
B. System feasibility
C. Product design
D. Software plans and requirements
D
697
QUESTION NO: 692
Which of the following phases of a software development life cycle normally incorporates the
security specifications, determines access controls, and evaluates encryption options?
A. Detailed design
B. Implementation
C. Product design
D. Software plans and requirements
C
698
QUESTION NO: 693
In a database management system (DBMS), what is the "cardinality?"
A. The number of rows in a relation.
B. The number of columns in a relation.
C. The set of allowable values that an attribute can take.
D. The number of relations in a database.
A
699
QUESTION NO: 694
At which of the basic phases of the System Development Life Cycle are security requirements
formalized?
A. Disposal
B. System Design Specifications
C. Development and Implementation
D. Functional Requirements Definition
D
700
QUESTION NO: 695
Which of the following is less likely to be included in the change control sub-phase of the
maintenance phase of a software product?
A. Estimating the cost of the changes requested
B. Recreating and analyzing the problem
C. Determining the interface that is presented to the user
D. Establishing the priorities of requests
A
701
QUESTION NO: 696
Sensitivity labels are an example of what application control type?
A. Preventive security controls
B. Detective security controls
C. Compensating administrative controls
D. Preventive accuracy controls
A
702
QUESTION NO: 697
What is the act of obtaining information of a higher sensitivity by combining information from lower
levels of sensitivity?
A. Polyinstantiation
B. Inference
C. Aggregation
D. Data mining
C
703
QUESTION NO: 698
Which expert system operating mode allows determining if a given hypothesis is valid?
A. Blackboard
B. Lateral chaining
C. Forward chaining
D. Backward chaining
D
704
QUESTION NO: 699
Why does compiled code pose more of a security risk than interpreted code?
A. Because malicious code can be embedded in compiled code and be difficult to detect.
B. If the executed compiled code fails, there is a chance it will fail insecurely.
C. Because compilers are not reliable.
D. There is no risk difference between interpreted code and compiled code.
A
705
QUESTION NO: 700
Which of the following is not a defined maturity level within the Software Capability Maturity
Model?
A. Repeatable
B. Defined
C. Managed
D. Oriented
D
706
QUESTION NO: 701
Which software development model is actually a meta-model that incorporates a number of the
software development models?
A. The Waterfall model
B. The modified Waterfall model
C. The Spiral model
D. The Critical Path Model (CPM)
C
707
QUESTION NO: 702
Which of the following is used in database information security to hide information?
A. Inheritance
B. Polyinstantiation
C. Polymorphism
D. Delegation
B
708
QUESTION NO: 703
Which model, based on the premise that the quality of a software product is a direct function of the
quality of its associated software development and maintenance processes, introduced five levels
with which the maturity of an organization involved in the software process is evaluated?
A. The Total Quality Model (TQM)
B. The IDEAL Model
C. The Software Capability Maturity Model
D. The Spiral Model
C
709
QUESTION NO: 704
Which of the following characteristics pertaining to databases is not true?
A. A data model should exist and all entities should have a significant name.
B. Justifications must exist for normalized data.
C. No NULLs should be allowed for primary keys.
D. All relations must have a specific cardinality.
B
710
QUESTION NO: 705
Which of the following is best defined as a circumstance in which a collection of information items
is required to be classified at a higher security level than any of the individual items that comprise
it?
A. Aggregation
B. Inference
C. Clustering
D. Collision
A
711
QUESTION NO: 706
At what stage of the applications development process should the security department become
involved?
A. Prior to the implementation
B. Prior to systems testing
C. During unit testing
D. During requirements development
D
712
QUESTION NO: 707
What is one disadvantage of content-dependent protection of information?
A. It increases processing overhead.
B. It requires additional password entry.
C. It exposes the system to data locking.
D. It limits the user's individual address space.
A
713
QUESTION NO: 708
In what way could Java applets pose a security threat?
A. Their transport can interrupt the secure distribution of World Wide Web pages over the Internet
by removing SSL and S-HTTP
B. Java interpreters do not provide the ability to limit system access that an applet could have on a
client system.
C. Executables from the Internet may attempt an intentional attack when they are downloaded on
a client system.
D. Java does not check the bytecode at runtime or provide other safety mechanisms for program
isolation from the client system.
C
714
QUESTION NO: 709
A system file that has been patched numerous times becomes infected with a virus. The anti-virus
software warns that disinfecting the file may damage it. What course of action should be taken?
A. Replace the file with the original version from master media
B. Proceed with automated disinfection
C. Research the virus to see if it is benign
D. Restore an uninfected version of the patched file from backup media
D
715
QUESTION NO: 710
For competitive reasons, the customers of a large shipping company called the "Integrated
International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various
cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access
control model to keep this information private. Different information in this database is classified at
different levels. For example, the time and date a ship departs is labeled Unclassified, so
customers can estimate when their cargos will arrive, but the contents of all shipping containers on
the ship are labeled Top Secret to keep different shippers from viewing each other's cargos.
An unscrupulous fruit shipper, the "Association of Private Fuit Exporters, Limited" (APFEL) wants
to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping
pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret
contents in the IISSCC database because of the access model. A smart APFEL worker, however,
attempts to insert a false, unclassified record in the database that says that FIGCO is shipping
pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record
then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or
not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading
FIGCO's cargo information? What is a secure database technique that could explain why, when
the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping
pineapples?
A. *-Property and Polymorphism
B. Strong *-Property and Polyinstantiation
C. Simple Security Property and Polymorphism
D. Simple Security Property and Polyinstantiation
D
716
QUESTION NO: 711
A shared resource matrix is a technique commonly used to locate:
A. Malicious code
B. Security flaws
C. Trap doors
D. Covert channels
D
717
QUESTION NO: 712
What is NOT included in a data dictionary?
A. Data Element Definitions
B. Schema Objects
C. Reference Keys
D. Structured Query Language
D
718
QUESTION NO: 713
In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained?
A. Functional Requirements Phase
B. Testing and evaluation control
C. Acceptance Phase
D. Postinstallation Phase
B
719
QUESTION NO: 714
Java follows which security model:
A. least priviledge
B. Sand box
C. CIA
D. OSI
B
720
QUESTION NO: 715
What is surreptitious transfer of information from a higher classification compartment to a lower
classification compartment without going through the formal communication channels?
A. Object Reuse
B. Covert Channel
C. Security domain
D. Data Transfer
B
721
QUESTION NO: 716
Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and
useful patterns in data. This is an evolving field of study that includes a variety of automated
analysis solutions such as Data Mining. Which of the following is not an approach used by KDD?
A. Probabilistic
B. Oriented
C. Deviation
D. Classification
B
722
QUESTION NO: 717
Business rules can be enforced within a database through the use of
A. Proxy
B. Redundancy
C. Views
D. Authentication
C
723
QUESTION NO: 718
What is the BEST definition of SQL injection.
A. SQL injection is a database problem.
B. SQL injection is a web Server problem.
C. SQL injection is a windows and Linux website problem that could be corrected by applying a website vendors patch.
D. SQL injection is an input validation problem.
D
724
QUESTION NO: 719
What allows a relation to contain multiple rows with a same primary key?
A. RDBMS
B. Polymorphism
C. Polyinstantiation
D. It is not possible
C
725
QUESTION NO: 720
The Open Web Application Security Project (OWASP) Top Ten list of risks during the past several
years. The following items have been on the list for many year. What of the choices below
represent threats that have been at the top of the list for many years?
A. Cross Site Scripting and Dynamic Unicode injection attacks
B. SQL injection and Cross Site Scripting attacks
C. SQL Injection and Weak Authentication and Session Management attacks
D. Cross Site Scripting and Security Misconfigurations attacks
B
726
QUESTION NO: 721
Which one of the following is NOT a check for Input or Information Accuracy in Software
Development security?
A. Review check
B. Range Check
C. Relationship Check
D. Reasonableness check
A
727
QUESTION NO: 722
What would you call an attack where an attacker can influence the state of the resource between
check and use?
This attack can happen with shared resources such as files, memory, or even variables in
multithreaded programs. This can cause the software to perform invalid actions when the
resource is in an unexpected state. The steps followed by this attack are usually the following:
the software checks the state of a resource before using that resource, but the resource's state
can change between the check and the use in a way that invalidates the results of the check.
A. TOCTOU attack
B. Input checking attack
C. Time of Check attack
D. Time of Use attack
A
728
QUESTION NO: 723
A virus is a program that can replicate itself on a system but not necessarily spread itself by
network connections.
What is malware that can spread itself over open network connections?
A. Worm
B. Rootkit
C. Adware
D. Logic Bomb
A
729
QUESTION NO: 724
Debbie from finance called to tell you that she downloaded and installed a free wallpaper program
that sets the wallpaper on her computer to match the current weather outside but now her
computer runs slowly and the disk drive activity light is always on. You take a closer look and
when you do a simple port scan to see which ports are open on her computer, you notice that
TCP/80 is open. You point a web browser at her computer's IP Address and port and see a site
selling prescription drugs.
Apart from the wallpaper changing software, what did Debbie ... from finance install without her
knowledge?
A. Trojan horse
B. Network mobile code
C. Virus
D. Logic Bomb
A
730
QUESTION NO: 725
Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?
A. Web Applications
B. Intrusion Detection Systems
C. Firewalls
D. DNS Servers
A
731
QUESTION NO: 726
Examine the following characteristics and identify which answer best indicates the likely cause of
this behavior:
- Core operating system files are hidden
- Backdoor access for attackers to return
- Permissions changing on key files
- A suspicious device driver
- Encryption applied to certain files without explanation
- Logfiles being wiped
A. Kernel-mode Rootkit
B. User-mode Rootkit
C. Malware
D. Kernel-mode Badware
A
732
QUESTION NO: 727
Which of the following attack includes social engineering, link manipulation or web site forgery
techniques?
A. smurf attack
B. Traffic analysis
C. Phishing
D. Interrupt attack
C
733
QUESTION NO: 728
Which of the following attack could be avoided by creating more security awareness in the
organization and provide adequate security knowledge to all employees?
A. smurf attack
B. Traffic analysis
C. Phishing
D. Interrupt attack
C
734
QUESTION NO: 729
Which of the following answer specifies the correct sequence of levels within the Capability
Maturity Model (CMM)?
A. Initial, Managed, Defined, Quantitatively managed, optimized
B. Initial, Managed, Defined, optimized, Quantitatively managed
C. Initial, Defined, Managed, Quantitatively managed, optimized
D. Initial, Managed, Quantitatively managed, Defined, optimized
A
735
QUESTION NO: 730
Which of the following is true about Kerberos?
A. It utilizes public key cryptography.
B. It encrypts data after a ticket is granted, but passwords are exchanged in plain text.
C. It depends upon symmetric ciphers.
D. It is a second party authentication system.
C
736
QUESTION NO: 731
The RSA algorithm is an example of what type of cryptography?
A. Asymmetric Key.
B. Symmetric Key.
C. Secret Key.
D. Private Key.
A
737
QUESTION NO: 732
Kerberos depends upon what encryption method?
A. Public Key cryptography.
B. Secret Key cryptography.
C. El Gamal cryptography.
D. Blowfish cryptography.
B
738
QUESTION NO: 733
The DES algorithm is an example of what type of cryptography?
A. Secret Key
B. Two-key
C. Asymmetric Key
D. Public Key
A
739
QUESTION NO: 734
Which of the following encryption methods is known to be unbreakable?
A. Symmetric ciphers.
B. DES codebooks.
C. One-time pads.
D. Elliptic Curve Cryptography.
C
740
QUESTION NO: 735
What algorithm was DES derived from?
A. Twofish.
B. Skipjack.
C. Brooks-Aldeman.
D. Lucifer.
D
741
QUESTION NO: 736
What is a characteristic of using the Electronic Code Book mode of DES encryption?
A. A given block of plaintext and a given key will always produce the same ciphertext.
B. Repetitive encryption obscures any repeated patterns that may have been present in the
plaintext.
C. Individual characters are encoded by combining output from earlier encryption routines with
plaintext.
D. The previous DES output is used as input.
A
742
QUESTION NO: 737
Where parties do not have a shared secret and large quantities of sensitive information must be
passed, the most efficient means of transferring information is to use Hybrid Encryption Methods.
What does this mean?
A. Use of public key encryption to secure a secret key, and message encryption using the secret
key.
B. Use of the recipient's public key for encryption and decryption based on the recipient's private
key.
C. Use of software encryption assisted by a hardware encryption accelerator.
D. Use of elliptic curve encryption.
A
743
QUESTION NO: 738
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator
encrypts information using the intended recipient's "public" key in order to get confidentiality of the
data being sent. The recipients use their own "private" key to decrypt the information. The
"Infrastructure" of this methodology ensures that:
A. The sender and recipient have reached a mutual agreement on the encryption key exchange
that they will use.
B. The channels through which the information flows are secure.
C. The recipient's identity can be positively verified by the sender.
D. The sender of the message is the only other person with access to the recipient's private key.
C
744
QUESTION NO: 739
Which of the following DoD Model layer provides non-repudiation services?
A. network layer.
B. application layer.
C. transport layer.
D. data link layer.
B
745
QUESTION NO: 740
Which of the following statements is true about data encryption as a method of protecting data?
A. It should sometimes be used for password files
B. It is usually easily administered
C. It makes few demands on system resources
D. It requires careful key management
D
746
QUESTION NO: 741
Which type of algorithm is considered to have the highest strength per bit of key length of any of
the asymmetric algorithms?
A. Rivest, Shamir, Adleman (RSA)
B. El Gamal
C. Elliptic Curve Cryptography (ECC)
D. Advanced Encryption Standard (AES)
C
747
QUESTION NO: 742
How many bits is the effective length of the key of the Data Encryption Standard algorithm?
A. 168
B. 128
C. 56
D. 64
C
748
QUESTION NO: 743
The primary purpose for using one-way hashing of user passwords within a password file is which
of the following?
A. It prevents an unauthorized person from trying multiple passwords in one logon attempt.
B. It prevents an unauthorized person from reading the password.
C. It minimizes the amount of storage required for user passwords.
D. It minimizes the amount of processing time used for encrypting passwords.
B
749
QUESTION NO: 744
Which of the following issues is not addressed by digital signatures?
A. nonrepudiation
B. authentication
C. data integrity
D. denial-of-service
D
750
QUESTION NO: 745
Brute force attacks against encryption keys have increased in potency because of increased
computing power. Which of the following is often considered a good protection against the brute
force cryptography attack?
A. The use of good key generators.
B. The use of session keys.
C. Nothing can defend you against a brute force crypto key attack.
D. Algorithms that are immune to brute force key attacks.
B
751
QUESTION NO: 746
The Data Encryption Standard (DES) encryption algorithm has which of the following
characteristics?
A. 64 bits of data input results in 56 bits of encrypted output
B. 128 bit key with 8 bits used for parity
C. 64 bit blocks with a 64 bit total key length
D. 56 bits of data input results in 56 bits of encrypted output
C
752
QUESTION NO: 747
PGP uses which of the following to encrypt data?
A. An asymmetric encryption algorithm
B. A symmetric encryption algorithm
C. A symmetric key distribution system
D. An X.509 digital certificate
B
753
QUESTION NO: 748
A public key algorithm that does both encryption and digital signature is which of the following?
A. RSA
B. DES
C. IDEA
D. Diffie-Hellman
A
754
QUESTION NO: 749
Which of the following is NOT true of Secure Sockets Layer (SSL)?
A. By convention it uses 's-http://' instead of 'http://'.
B. Is the predecessor to the Transport Layer Security (TLS) protocol.
C. It was developed by Netscape.
D. It is used for transmitting private information, data, and documents over the Internet.
A
755
QUESTION NO: 750
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI).
When we compare them side by side, Kerberos tickets correspond most closely to which of the
following?
A. public keys
B. private keys
C. public-key certificates
D. private-key certificates
C
756
QUESTION NO: 751
Which of the following identifies the encryption algorithm selected by NIST for the new Advanced
Encryption Standard?
A. Twofish
B. Serpent
C. RC6
D. Rijndael
D
757
QUESTION NO: 752
Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?
A. It has been mathematically proved to be more secure.
B. It has been mathematically proved to be less secure.
C. It is believed to require longer key for equivalent security.
D. It is believed to require shorter keys for equivalent security.
D
758
QUESTION NO: 753
What are the three most important functions that Digital Signatures perform?
A. Integrity, Confidentiality and Authorization
B. Integrity, Authentication and Nonrepudiation
C. Authorization, Authentication and Nonrepudiation
D. Authorization, Detection and Accountability
B
759
QUESTION NO: 754
Which of the following protocols that provide integrity and authentication for IPSec, can also
provide non-repudiation in IPSec?
A. Authentication Header (AH)
B. Encapsulating Security Payload (ESP)
C. Secure Sockets Layer (SSL)
D. Secure Shell (SSH-2)
A
760
QUESTION NO: 755
Which of the following is a cryptographic protocol and infrastructure developed to send encrypted
credit card numbers over the Internet?
A. Secure Electronic Transaction (SET)
B. MONDEX
C. Secure Shell (SSH-2)
D. Secure Hypertext Transfer Protocol (S-HTTP)
A
761
QUESTION NO: 756
Which of the following cryptographic attacks describes when the attacker has a copy of the
plaintext and the corresponding ciphertext?
A. known plaintext
B. brute force
C. ciphertext only
D. chosen plaintext
A
762
QUESTION NO: 757
Which of the following is NOT a true statement regarding the implementaton of the 3DES modes?
A. DES-EEE1 uses one key
B. DES-EEE2 uses two keys
C. DES-EEE3 uses three keys
D. DES-EDE2 uses two keys
A
763
QUESTION NO: 758
Which one of the following is a key agreement protocol used to enable two entities to agree and
generate a session key (secret key used for one session) over an insecure medium without any
prior secrets or communications between the entities? The negotiated key will subsequently be
used for message encryption using Symmetric Cryptography.
A. RSA
B. PKI
C. Diffie_Hellmann
D. 3DES
C
764
QUESTION NO: 759
Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based
on?
A. Caesar
B. The Jefferson disks
C. Enigma
D. SIGABA
A
765
QUESTION NO: 760
In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
A. the ciphertext and the key
B. the plaintext and the secret key
C. both the plaintext and the associated ciphertext of several messages
D. the plaintext and the algorithm
C
766
QUESTION NO: 761
What is the length of an MD5 message digest?
A. 128 bits
B. 160 bits
C. 256 bits
D. varies depending upon the message size.
A
767
QUESTION NO: 762
The Secure Hash Algorithm (SHA-1) creates:
A. a fixed length message digest from a fixed length input message
B. a variable length message digest from a variable length input message
C. a fixed length message digest from a variable length input message
D. a variable length message digest from a fixed length input message
C
768
QUESTION NO: 763
The RSA Algorithm uses which mathematical concept as the basis of its encryption?
A. Geometry
B. 16-round ciphers
C. PI (3.14159...)
D. Two large prime numbers
D
769
QUESTION NO: 764
The Clipper Chip utilizes which concept in public key cryptography?
A. Substitution
B. Key Escrow
C. An undefined algorithm
D. Super strong encryption
B
770
QUESTION NO: 765
Which of the following are suitable protocols for securing VPN connections at the lower layers of
the OSI model?
A. S/MIME and SSH
B. TLS and SSL
C. IPsec and L2TP
D. PKCS#10 and X.509
C
771
QUESTION NO: 766
What is the role of IKE within the IPsec protocol?
A. peer authentication and key exchange
B. data encryption
C. data signature
D. enforcing quality of service
A
772
QUESTION NO: 767
In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?
A. Pre Initialization Phase
B. Phase 1
C. Phase 2
D. No peer authentication is performed
B
773
QUESTION NO: 768
What is NOT an authentication method within IKE and IPsec?
A. CHAP
B. Pre shared key
C. certificate based authentication
D. Public key authentication
A
774
QUESTION NO: 769
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
A. Pre shared key authentication is normally based on simple passwords
B. Needs a Public Key Infrastructure (PKI) to work
C. IKE is used to setup Security Associations
D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
B
775
QUESTION NO: 770
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one
of the following term?
A. Subordinate CA
B. Top Level CA
C. Big CA
D. Master CA
B
776
QUESTION NO: 771
What is the primary role of cross certification?
A. Creating trust between different PKIs
B. Build an overall PKI hierarchy
C. set up direct trust to a second root CA
D. Prevent the nullification of user certificates by CA certificate revocation
A
777
QUESTION NO: 772
What kind of encryption is realized in the S/MIME-standard?
A. Asymmetric encryption scheme
B. Password based encryption scheme
C. Public key based, hybrid encryption scheme
D. Elliptic curve based encryption
C
778
QUESTION NO: 773
What is the main problem of the renewal of a root CA certificate?
A. It requires key recovery of all end user keys
B. It requires the authentic distribution of the new root CA certificate to all PKI participants
C. It requires the collection of the old root CA certificates from all the users
D. It requires issuance of the new root CA certificate
B
779
QUESTION NO: 774
Virus scanning and content inspection of SMIME encrypted e-mail without doing any further
processing is:
A. Not possible
B. Only possible with key recovery scheme of all user keys
C. It is possible only if X509 Version 3 certificates are used
D. It is possible only by "brute force" decryption
A
780
QUESTION NO: 775
What attribute is included in a X.509-certificate?
A. Distinguished name of the subject
B. Telephone number of the department
C. secret key of the issuing CA
D. the key pair of the certificate holder
A
781
QUESTION NO: 776
Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing
RSA?
A. PKCS #17799
B. PKCS-RSA
C. PKCS#1
D. PKCS#11
C
782
QUESTION NO: 777
What is the primary role of smartcards in a PKI?
A. Transparent renewal of user keys
B. Easy distribution of the certificates between the users
C. Fast hardware encryption of the raw data
D. Tamper resistant, mobile storage and application of private keys of the users
D
783
QUESTION NO: 778
What kind of certificate is used to validate a user identity?
A. Public key certificate
B. Attribute certificate
C. Root certificate
D. Code signing certificate
A
784
QUESTION NO: 779
What does the directive of the European Union on Electronic Signatures deal with?
A. Encryption of classified data
B. Encryption of secret data
C. Non repudiation
D. Authentication of web servers
C
785
QUESTION NO: 780
A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which
of the following?
A. encrypting messages
B. signing messages
C. verifying signed messages
D. decrypt encrypted messages
C
786
QUESTION NO: 781
Which of the following would best describe certificate path validation?
A. Verification of the validity of all certificates of the certificate chain to the root certificate
B. Verification of the integrity of the associated root certificate
C. Verification of the integrity of the concerned private key
D. Verification of the revocation status of the concerned certificate
A
787
QUESTION NO: 782
FIPS-140 is a standard for the security of which of the following?
A. Cryptographic service providers
B. Smartcards
C. Hardware and software cryptographic modules
D. Hardware security modules
C
788
QUESTION NO: 783
Which of the following can best define the "revocation request grace period"?
A. The period of time allotted within which the user must make a revocation request upon a
revocation reason
B. Minimum response time for performing a revocation by the CA
C. Maximum response time for performing a revocation by the CA
D. Time period between the arrival of a revocation request and the publication of the revocation
information
D
789
QUESTION NO: 784
Which is NOT a suitable method for distributing certificate revocation information?
A. CA revocation mailing list
B. Delta CRL
C. OCSP (online certificate status protocol)
D. Distribution point CRL
A
790
QUESTION NO: 785
Which of the following is true about digital certificate?
A. It is the same as digital signature proving Integrity and Authenticity of the data
B. Electronic credential proving that the person the certificate was issued to is who they claim to
be
C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a
specific user.
D. Can't contain geography data such as country for example.
B
791
QUESTION NO: 786
What kind of Encryption technology does SSL utilize?
A. Secret or Symmetric key
B. Hybrid (both Symmetric and Asymmetric)
C. Public Key
D. Private key
B
792
QUESTION NO: 787
What is the name of a one way transformation of a string of characters into a usually shorter fixed length
value or key that represents the original string? Such a transformation cannot be reversed?
A. One-way hash
B. DES
C. Transposition
D. Substitution
A
793
QUESTION NO: 788
Which of the following is NOT an asymmetric key algorithm?
A. RSA
B. Elliptic Curve Cryptosystem (ECC)
C. El Gamal
D. Data Encryption System (DES)
D
794
QUESTION NO: 789
Which of the following is NOT a symmetric key algorithm?
A. Blowfish
B. Digital Signature Standard (DSS)
C. Triple DES (3DES)
D. RC5
B
795
QUESTION NO: 790
Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of factoring large numbers?
A. El Gamal
B. Elliptic Curve Cryptosystems (ECCs)
C. RSA
D. International Data Encryption Algorithm (IDEA)
C
796
QUESTION NO: 791
The Diffie-Hellman algorithm is primarily used to provide which of the following?
A. Confidentiality
B. Key Agreement
C. Integrity
D. Non-repudiation
B
797
QUESTION NO: 792
Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit
card information to merchant's Web server, which digitally signs it and sends it on to its processing
bank?
A. SSH ( Secure Shell)
B. S/MIME (Secure MIME)
C. SET (Secure Electronic Transaction)
D. SSL (Secure Sockets Layer)
C
798
QUESTION NO: 793
Which of the following algorithms does NOT provide hashing?
A. SHA-1
B. MD2
C. RC4
D. MD5
C
799
QUESTION NO: 794
In what type of attack does an attacker try, from several encrypted messages, to figure out the key
used in the encryption process?
A. Known-plaintext attack
B. Ciphertext-only attack
C. Chosen-Ciphertext attack
D. Plaintext-only attack
B
800
QUESTION NO: 795
Which encryption algorithm is BEST suited for communication with handheld wireless devices?
A. ECC (Elliptic Curve Cryptosystem)
B. RSA
C. SHA
D. RC4
A
801
QUESTION NO: 796
Which of the following keys has the SHORTEST lifespan?
A. Secret key
B. Public key
C. Session key
D. Private key
C
802
QUESTION NO: 797
What is the RESULT of a hash algorithm being applied to a message?
A. A digital signature
B. A ciphertext
C. A message digest
D. A plaintext
C
803
QUESTION NO: 798
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
A. message non-repudiation.
B. message confidentiality.
C. message interleave checking.
D. message integrity.
D
804
QUESTION NO: 799
Which of the following services is NOT provided by the digital signature standard (DSS)?
A. Encryption
B. Integrity
C. Digital signature
D. Authentication
A
805
QUESTION NO: 800
What can be defined as an instance of two different keys generating the same ciphertext from the
same plaintext?
A. Key collision
B. Key clustering
C. Hashing
D. Ciphertext collision
B
806
QUESTION NO: 801
Which of the following is true about link encryption?
A. Each entity has a common key with the destination node.
B. Encrypted messages are only decrypted by the final node.
C. This mode does not provide protection if anyone of the nodes along the transmission path is
compromised.
D. Only secure nodes are used in this type of transmission.
C
807
QUESTION NO: 802
What uses a key of the same length as the message where each bit or character from the plaintext
is encrypted by a modular addition?
A. Running key cipher
B. One-time pad
C. Steganography
D. Cipher block chaining
B
808
QUESTION NO: 803
What can be defined as secret communications where the very existence of the message is
hidden?
A. Clustering
B. Steganography
C. Cryptology
D. Vernam cipher
B
809
QUESTION NO: 804
What is the maximum number of different keys that can be used when encrypting with Triple DES?
A. 1
B. 2
C. 3
D. 4
C
810
QUESTION NO: 805
What algorithm has been selected as the AES algorithm, replacing the DES algorithm?
A. RC6
B. Twofish
C. Rijndael
D. Blowfish
C
811
QUESTION NO: 806
Which of the following is a symmetric encryption algorithm?
A. RSA
B. Elliptic Curve
C. RC5
D. El Gamal
C
812
QUESTION NO: 807
Which of the following is NOT a property of the Rijndael block cipher algorithm?
A. The key sizes must be a multiple of 32 bits
B. Maximum block size is 256 bits
C. Maximum key size is 512 bits
D. The key size does not have to match the block size
C
813
QUESTION NO: 808
Which of the following is not a property of the Rijndael block cipher algorithm?
A. It employs a round transformation that is comprised of three layers of distinct and invertible
transformations.
B. It is suited for high speed chips with no area restrictions.
C. It operates on 64-bit plaintext blocks and uses a 128 bit key.
D. It could be used on a smart card.
C
814
QUESTION NO: 809
What is the maximum allowable key size of the Rijndael encryption algorithm?
A. 128 bits
B. 192 bits
C. 256 bits
D. 512 bits
C
815
QUESTION NO: 810
Which of the following algorithms is used today for encryption in PGP?
A. RSA
B. IDEA
C. Blowfish
D. RC5
B
816
QUESTION NO: 811
Which of the following protects Kerberos against replay attacks?
A. Tokens
B. Passwords
C. Cryptography
D. Time stamps
D
817
QUESTION NO: 812
What is the name for a substitution cipher that shifts the alphabet by 13 places?
A. Caesar cipher
B. Polyalphabetic cipher
C. ROT13 cipher
D. Transposition cipher
C
818
QUESTION NO: 813
Which of the following standards concerns digital certificates?
A. X.400
B. X.25
C. X.509
D. X.75
C
819
QUESTION NO: 814
Which of the following offers security to wireless communications?
A. S-WAP
B. WTLS
C. WSP
D. WDP
B
820
QUESTION NO: 815
What is the effective key size of DES?
A. 56 bits
B. 64 bits
C. 128 bits
D. 1024 bits
A
821
QUESTION NO: 816
Which of the following offers confidentiality to an e-mail message?
A. The sender encrypting it with its private key.
B. The sender encrypting it with its public key.
C. The sender encrypting it with the receiver's public key.
D. The sender encrypting it with the receiver's private key.
C
822
QUESTION NO: 817
Which of the following is not a DES mode of operation?
A. Cipher block chaining
B. Electronic code book
C. Input feedback
D. Cipher feedback
C
823
QUESTION NO: 818
What size is an MD5 message digest (hash)?
A. 128 bits
B. 160 bits
C. 256 bits
D. 128 bytes
A
824
QUESTION NO: 819
Which of the following service is not provided by a public key infrastructure (PKI)?
A. Access control
B. Integrity
C. Authentication
D. Reliability
D
825
QUESTION NO: 820
In a Public Key Infrastructure, how are public keys published?
A. They are sent via e-mail.
B. Through digital certificates.
C. They are sent by owners.
D. They are not published.
B
826
QUESTION NO: 821
What principle focuses on the uniqueness of separate objects that must be joined together to
perform a task? It is sometimes referred to as “what each must bring” and joined together when
getting access or decrypting a file. Each of which does not reveal the other?
A. Dual control
B. Separation of duties
C. Split knowledge
D. Need to know
C
827
QUESTION NO: 822
What level of assurance for a digital certificate verifies a user's name, address, social security
number, and other information against a credit bureau database?
A. Level 1/Class 1
B. Level 2/Class 2
C. Level 3/Class 3
D. Level 4/Class 4
B
828
QUESTION NO: 823
Which of the following statements pertaining to stream ciphers is correct?
A. A stream cipher is a type of asymmetric encryption algorithm.
B. A stream cipher generates what is called a keystream.
C. A stream cipher is slower than a block cipher.
D. A stream cipher is not appropriate for hardware-based encryption.
B
829
QUESTION NO: 824
Which of the following statements pertaining to block ciphers is incorrect?
A. It operates on fixed-size blocks of plaintext.
B. It is more suitable for software than hardware implementations.
C. Plain text is encrypted with a public key and decrypted with a private key.
D. Some Block ciphers can operate internally as a stream.
C
830
QUESTION NO: 825
Cryptography does NOT help in:
A. Detecting fraudulent insertion.
B. Detecting fraudulent deletion.
C. Detecting fraudulent modification.
D. Detecting fraudulent disclosure.
D
831
QUESTION NO: 826
What is used to bind a document to its creation at a particular time?
A. Network Time Protocol (NTP)
B. Digital Signature
C. Digital Timestamp
D. Certification Authority (CA)
C
832
QUESTION NO: 827
Which of the following is best at defeating frequency analysis?
A. Substitution cipher
B. Polyalphabetic cipher
C. Transposition cipher
D. Ceasar Cipher
B
833
QUESTION NO: 828
A code, as is pertains to cryptography:
A. Is a generic term for encryption.
B. Is specific to substitution ciphers.
C. Deals with linguistic units.
D. Is specific to transposition ciphers.
C
834
QUESTION NO: 829
Which of the following is the most secure form of triple-DES encryption?
A. DES-EDE3
B. DES-EDE1
C. DES-EEE4
D. DES-EDE2
A
835
QUESTION NO: 830
Which of the following is NOT a known type of Message Authentication Code (MAC)?
A. Keyed-hash message authentication code (HMAC)
B. DES-CBC
C. Signature-based MAC (SMAC)
D. Universal Hashing Based MAC (UMAC)
C
836
QUESTION NO: 831
What is the maximum key size for the RC5 algorithm?
A. 128 bits
B. 256 bits
C. 1024 bits
D. 2040 bits
D
837
QUESTION NO: 832
Which of the following algorithms is a stream cipher?
A. RC2
B. RC4
C. RC5
D. RC6
B
838
QUESTION NO: 833
In a SSL session between a client and a server, who is responsible for generating the master
secret that will be used as a seed to generate the symmetric keys that will be used during the
session?
A. Both client and server
B. The client's browser
C. The web server
D. The merchant's Certificate Server
B
839
QUESTION NO: 834
Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is
incorrect?
A. PPTP allow the tunnelling of any protocols that can be carried within PPP.
B. PPTP does not provide strong encryption.
C. PPTP does not support any token-based authentication method for users.
D. PPTP is derived from L2TP.
D
840
QUESTION NO: 835
Which of the following is less likely to be used today in creating a Virtual Private Network?
A. L2TP
B. PPTP
C. IPSec
D. L2F
D
841
QUESTION NO: 836
Which of the following was not designed to be a proprietary encryption algorithm?
A. RC2
B. RC4
C. Blowfish
D. Skipjack
C
842
QUESTION NO: 837
Which of the following is not an encryption algorithm?
A. Skipjack
B. SHA-1
C. Twofish
D. DEA
B
843
QUESTION NO: 838
What key size is used by the Clipper Chip?
A. 40 bits
B. 56 bits
C. 64 bits
D. 80 bits
D
844
QUESTION NO: 839
Which of the following would best describe a Concealment cipher?
A. Permutation is used, meaning that letters are scrambled.
B. Every X number of words within a text, is a part of the real message.
C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks.
D. Hiding data in another message so that the very existence of the data is concealed.
B
845
QUESTION NO: 840
Which of the following is best provided by symmetric cryptography?
A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation
A
846
QUESTION NO: 841
Which of the following is not a disadvantage of symmetric cryptography when compared with
Asymmetric Ciphers?
A. Provides Limited security services
B. Has no built in Key distribution
C. Speed
D. Large number of keys are needed
C
847
QUESTION NO: 842
Which of the following is more suitable for a hardware implementation?
A. Stream ciphers
B. Block ciphers
C. Cipher block chaining
D. Electronic code book
B
848
QUESTION NO: 843
How many rounds are used by DES?
A. 16
B. 32
C. 64
D. 48
A
849
QUESTION NO: 844
What is the key size of the International Data Encryption Algorithm (IDEA)?
A. 64 bits
B. 128 bits
C. 160 bits
D. 192 bits
B
850
QUESTION NO: 845
Which of the following is not an example of a block cipher?
A. Skipjack
B. IDEA
C. Blowfish
D. RC4
D
851
QUESTION NO: 846
The Diffie-Hellman algorithm is used for:
A. Encryption
B. Digital signature
C. Key agreement
D. Non-repudiation
C
852
QUESTION NO: 847
A one-way hash provides which of the following?
A. Confidentiality
B. Availability
C. Integrity
D. Authentication
C
853
QUESTION NO: 848
Which of the following is not a one-way hashing algorithm?
A. MD2
B. RC4
C. SHA-1
D. HAVAL
B
854
QUESTION NO: 849
Which of the following statements pertaining to key management is incorrect?
A. The more a key is used, the shorter its lifetime should be.
B. When not using the full keyspace, the key should be extremely random.
C. Keys should be backed up or escrowed in case of emergencies.
D. A key's lifetime should correspond with the sensitivity of the data it is protecting.
B
855
QUESTION NO: 850
Which of the following statements pertaining to link encryption is false?
A. It encrypts all the data along a specific communication path.
B. It provides protection against packet sniffers and eavesdroppers.
C. Information stays encrypted from one end of its journey to the other.
D. User information, header, trailers, addresses and routing data that are part of the packets are
encrypted.
C
856
QUESTION NO: 851
Which of the following should be used as a replacement for Telnet for secure remote login over an
insecure network?
A. S-Telnet
B. SSL
C. Rlogin
D. SSH
D
857
QUESTION NO: 852
Cryptography does not concern itself with which of the following choices?
A. Availability
B. Integrity
C. Confidentiality
D. Validation
D
858
QUESTION NO: 853
Which of the following does NOT concern itself with key management?
A. Internet Security Association Key Management Protocol (ISAKMP)
B. Diffie-Hellman (DH)
C. Cryptology (CRYPTO)
D. Key Exchange Algorithm (KEA)
C
859
QUESTION NO: 854
Which of the following encryption algorithms does not deal with discrete logarithms?
A. El Gamal
B. Diffie-Hellman
C. RSA
D. Elliptic Curve
C
860
QUESTION NO: 855
Which of the following statements pertaining to message digests is incorrect?
A. The original file cannot be created from the message digest.
B. Two different files should not have the same message digest.
C. The message digest should be calculated using at least 128 bytes of the file.
D. Messages digests are usually of fixed size.
C
861
```
QUESTION NO: 856
Which type of attack is based on the probability of two different messages using the same hash
function producing a common message digest?
```
A. Differential cryptanalysis
B. Differential linear cryptanalysis
C. Birthday attack
D. Statistical attack
C
862
QUESTION NO: 857
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?
A. Timestamping
B. Repository
C. Certificate revocation
D. Internet Key Exchange (IKE)
D
863
QUESTION NO: 858
Which of the following was developed in order to protect against fraud in electronic fund transfers
(EFT) by ensuring the message comes from its claimed originator and that it has not been altered
in transmission?
A. Secure Electronic Transaction (SET)
B. Message Authentication Code (MAC)
C. Cyclic Redundancy Check (CRC)
D. Secure Hash Standard (SHS)
B
864
QUESTION NO: 859
Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?
A. The SSL protocol was developed by Netscape to secure Internet client-server transactions.
B. The SSL protocol's primary use is to authenticate the client to the server using public key
cryptography and digital certificates.
C. Web pages using the SSL protocol start with HTTPS
D. SSL can be used with applications such as Telnet, FTP and email protocols.
B
865
QUESTION NO: 860
What is the name of the protocol use to set up and manage Security Associations (SA) for IP
Security (IPSec)?
A. Internet Key Exchange (IKE)
B. Secure Key Exchange Mechanism
C. Oakley
D. Internet Security Association and Key Management Protocol
A
866
QUESTION NO: 861
Which of the following binds a subject name to a public key value?
A. A public-key certificate
B. A public key infrastructure
C. A secret key infrastructure
D. A private key certificate
B
867
QUESTION NO: 862
What can be defined as a digital certificate that binds a set of descriptive data items, other than a
public key, either directly to a subject name or to the identifier of another certificate that is a publickey
certificate?
A. A public-key certificate
B. An attribute certificate
C. A digital certificate
D. A descriptive certificate
B
868
QUESTION NO: 863
What can be defined as a data structure that enumerates digital certificates that were issued to
CAs but have been invalidated by their issuer prior to when they were scheduled to expire?
A. Certificate revocation list
B. Certificate revocation tree
C. Authority revocation list
D. Untrusted certificate list
C
869
QUESTION NO: 864
Who vouches for the binding between the data items in a digital certificate?
A. Registration authority
B. Certification authority
C. Issuing authority
D. Vouching authority
B
870
QUESTION NO: 865
What enables users to validate each other's certificate when they are certified under different
certification hierarchies?
A. Cross-certification
B. Multiple certificates
C. Redundant certification authorities
D. Root certification authorities
A
871
QUESTION NO: 866
Which of the following would best define a digital envelope?
A. A message that is encrypted and signed with a digital certificate.
B. A message that is signed with a secret key and encrypted with the sender's private key.
C. A message encrypted with a secret key attached with the message. The secret key is
encrypted with the public key of the receiver.
D. A message that is encrypted with the recipient's public key and signed with the sender's private
key.
C
872
QUESTION NO: 867
What can be defined as a value computed with a cryptographic algorithm and appended to a data
object in such a way that any recipient of the data can use the signature to verify the data's origin
and integrity?
A. A digital envelope
B. A cryptographic hash
C. A Message Authentication Code
D. A digital signature
D
873
QUESTION NO: 868
Which of the following can be best defined as computing techniques for inseparably embedding
unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?
A. Steganography
B. Digital watermarking
C. Digital enveloping
D. Digital signature
B
874
QUESTION NO: 869
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete
security associations, and to exchange key generation and authentication data, independent of the
details of any specific key generation technique, key establishment protocol, encryption algorithm,
or authentication mechanism?
A. OAKLEY
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP)
D. IPsec Key exchange (IKE)
B
875
QUESTION NO: 870
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman
algorithm proposed for IPsec but superseded by IKE?
A. Diffie-Hellman Key Exchange Protocol
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP)
D. OAKLEY
D
876
QUESTION NO: 871
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on
OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP
and for other security associations?
A. Internet Key exchange (IKE)
B. Security Association Authentication Protocol (SAAP)
C. Simple Key-management for Internet Protocols (SKIP)
D. Key Exchange Algorithm (KEA)
A
877
QUESTION NO: 872
Which of the following can best be defined as a key distribution protocol that uses hybrid
encryption to convey session keys. This protocol establishes a long-term key once, and then
requires no prior communication in order to establish or exchange keys on a session-by-session
basis?
A. Internet Security Association and Key Management Protocol (ISAKMP)
B. Simple Key-management for Internet Protocols (SKIP)
C. Diffie-Hellman Key Distribution Protocol
D. IPsec Key exchange (IKE)
B
878
QUESTION NO: 873
Which of the following can best be defined as a key recovery technique for storing knowledge of a
cryptographic key by encrypting it with another key and ensuring that that only certain third parties
can perform the decryption operation to retrieve the stored key?
A. Key escrow
B. Fair cryptography
C. Key encapsulation
D. Zero-knowledge recovery
C
879
QUESTION NO: 874
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries
to determine the key from knowledge of some plaintext-ciphertext pairs?
A. A known-plaintext attack
B. A known-algorithm attack
C. A chosen-ciphertext attack
D. A chosen-plaintext attack
A
880
QUESTION NO: 875
Which of the following is NOT a property of a one-way hash function?
A. It converts a message of a fixed length into a message digest of arbitrary length.
B. It is computationally infeasible to construct two different messages with the same digest.
C. It converts a message of arbitrary length into a message digest of a fixed length.
D. Given a digest value, it is computationally infeasible to find the corresponding message.
A
881
QUESTION NO: 876
The Data Encryption Algorithm performs how many rounds of substitution and permutation?
A. 4
B. 16
C. 54
D. 64
B
882
QUESTION NO: 877
Which of the following statements is most accurate regarding a digital signature?
A. It is a method used to encrypt confidential data.
B. It is the art of transferring handwritten signature to electronic media.
C. It allows the recipient of data to prove the source and integrity of data.
D. It can be used as a signature system and a cryptosystem.
C
883
QUESTION NO: 878
The computations involved in selecting keys and in enciphering data are complex, and are not
practical for manual use. However, using mathematical properties of modular arithmetic and a
method known as "_________________," RSA is quite feasible for computer use.
A. computing in Galois fields
B. computing in Gladden fields
C. computing in Gallipoli fields
D. computing in Galbraith fields
A
884
QUESTION NO: 879
Which of the following concerning the Rijndael block cipher algorithm is false?
A. The design of Rijndael was strongly influenced by the design of the block cipher Square.
B. A total of 25 combinations of key length and block length are possible
C. Both block size and key length can be extended to multiples of 64 bits.
D. The cipher has a variable block length and key length.
C
885
QUESTION NO: 880
This type of attack is generally most applicable to public-key cryptosystems, what type of attack
am I?
A. Chosen-Ciphertext attack
B. Ciphertext-only attack
C. Plaintext Only Attack
D. Adaptive-Chosen-Plaintext attack
A
886
QUESTION NO: 881
What is NOT true about a one-way hashing function?
A. It provides authentication of the message
B. A hash cannot be reverse to get the message used to create the hash
C. The results of a one-way hash is a message digest
D. It provides integrity of the message
A
887
QUESTION NO: 882
You've decided to authenticate the source who initiated a particular transfer while ensuring
integrity of the data being transferred. You can do this by:
A. Having the sender encrypt the message with his private key.
B. Having the sender encrypt the hash with his private key.
C. Having the sender encrypt the message with his symmetric key.
D. Having the sender encrypt the hash with his public key.
B
888
QUESTION NO: 883
Which key agreement scheme uses implicit signatures ?
A. MQV
B. DH
C. ECC
D. RSA
A
889
QUESTION NO: 884
While using IPsec, the ESP and AH protocols both provides integrity services. However when
using AH, some special attention needs to be paid if one of the peers uses NAT for address
translation service. Which of the items below would affects the use of AH and it´s Integrity Check
Value (ICV) the most?
A. Key session exchange
B. Packet Header Source or Destination address
C. VPN cryptographic key size
D. Crypotographic algorithm used
B
890
QUESTION NO: 885
Which of the following protocols offers native encryption?
A. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP
B. IPSEC, SSH, SSL, TFTP
C. IPSEC, SSH, SSL, TLS
D. IPSEC, SSH, PPTP, SSL, MPLS, and L2TP
C
891
QUESTION NO: 886
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate
Revocation List (CRL)?
A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a
Certificate Revocation List (CRL) has a delay in the updates.
B. The OCSP (Online Certificate Status Protocol) is a propietary certifcate mechanism developed
by Microsoft and a Certificate Revocation List (CRL) is an open standard.
C. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate
Revocation List (CRL) is used by Certificate Authorites
D. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate
and a Certificate Revocation List (CRL) is used by Certificate Authorites.
A
892
QUESTION NO: 887
Which of the following protocols would BEST mitigate threats of sniffing attacks on web application
traffic?
A. SSL or TLS
B. 802.1X
C. ARP Cache Security
D. SSH - Secure Shell
A
893
QUESTION NO: 888
What type of key would you find within a browser's list of trusted root CA?
A. Private key
B. Symmetric key
C. Recovery key
D. Public key
D
894
QUESTION NO: 889
In a PKI infrastructure where are list of revoked certificates stored?
A. CRL
B. Registration Authority
C. Recovery Agent
D. Key escrow
A
895
QUESTION NO: 890
The equation used to calculate the total number of symmetric keys (K) needed for a group of users
(N) to communicate securely with each other is given by which of the following?
A. K(N – 1)/ 2
B. N(K – 1)/ 2
C. K(N + 1)/ 2
D. N(N – 1)/ 2
D
Explanation: The formula is: Total number of users multiplied by total number of users minus 1,
the results are then divided by 2)
When using symmetric algorithms, the sender and receiver use the same key for encryption and
decryption functions. Each pair of users who want to exchange data using symmetric key
encryption must have two instances of the same key. This means that if Dan and Iqqi want to
communicate, both need to obtain a copy of the same key. If Dan also wants to communicate
using symmetric encryption with Norm and Dave, he needs to have three separate keys, one for
each friend. This might not sound like a big deal until Dan realizes that he may communicate with
hundreds of people over a period of several months, and keeping track and using the correct key
that corresponds to each specific receiver can become a daunting task.
If ten people needed to communicate securely with each other using symmetric keys, then 45 keys
would need to be kept track of. If 100 people were going to communicate, then 4,950 keys would
be involved.
The equation used to calculate the number of symmetric keys needed is N(N – 1)/ 2 = number of
keys
ISC CISSP Exam
"Pass Any Exam. Any Time." - www.actualtests.com 848
The following answers are incorrect:
K(N – 1)/ 2
N(K – 1)/ 2
K(N + 1)/ 2
The following reference(s) were/was used to create this question:
Harris, Shon (2012-10-18). CISSP All-in-One Exam Guide, 6th Edition (p. 782). McGraw-Hill.
Kindle Edition.
896
QUESTION NO: 891
In which mode of DES, a block of plaintext and a key will always give the same ciphertext?
A. Electronic Code Book (ECB)
B. Output Feedback (OFB)
C. Counter Mode (CTR)
D. Cipher Feedback (CFB)
A
897
QUESTION NO: 892
Which of the following modes of DES is MOST Likely used for Database Encryption
A. Electronic Code Book(ECB)
B. Cipher Block Chaining(CBC)
C. Cipher Feedback(CFB)
D. Output Feedback(OFB)
A
898
QUESTION NO: 893
which of the following is a Hashing Algorithm?
A. SHA
B. RSA
C. Diffie Hellman(DH)
D. Elliptic Curve Cryptography(ECC)
A
899
QUESTION NO: 894
Complete the following sentence. A digital signature is a ____
A. hash value that has been encrypted with the senders private key
B. hash value that has been encrypted with the senders public key
C. hash value that has been encrypted with the senders Session key
D. it is senders signature signed and scanned in a digital format
A
900
QUESTION NO: 895
which of the following example is NOT an asymmetric key algorithms?
A. Elliptic curve cryptosystem(ECC)
B. Diffie-Hellman
C. Advanced Encryption Standard(AES)
D. Merkle-Hellman Knapsack
C
901
QUESTION NO: 896
Complete the following sentence. A message can be encrypted, which provides __________
A. Confidentiality
B. Non-Repudiation
C. Authentication
D. Integrity
A
902
QUESTION NO: 897
A message can be encrypted and digitally signed, which provides _______________
A. Confidentiality, Authentication, Non-repudiation, and Integrity.
B. Confidentiality and Authentication
C. Confidentiality and Non-repudiation
D. Confidentiality and Integrity.
A
903
QUESTION NO: 898
Public key infrastructure(PKI) consists of programs, data formats, procedures, communication
protocols, security policies, and public key cryptographic mechanisms working in a comprehensive
manner to enable a wide range of dispersed people to communicate in a secure and predictable
fashion.
This infrastructure is based upon which of the following Standard?
A. X.509
B. X.500
C. X.400
D. X.25
A
904
QUESTION NO: 899
What would you call a microchip installed on the motherboard of modern computers and is
dedicated to carrying out security functions that involve the storage and processing of symmetric
and asymmetric keys, hashes, and digital certificates.
A. Trusted Platform Module (TPM)
B. Trusted BIOS Module (TBM)
C. Central Processing Unit (CPU)
D. Arithmetic Logical Unit (ALU)
A
905
QUESTION NO: 900
Suppose that you are the COMSEC - Communications Security custodian for a large, multinational
corporation. Susie, from Finance approaches you in the break room saying that she lost her smart
ID Card that she uses to digitally sign and encrypt emails in the PKI.
What happens to the certificates contained on the smart card after the security officer takes
appropriate action?
A. They are added to the CRL
B. They are reissued to the user
C. New certificates are issued to the user
D. The user may no longer have certificates
A
906
QUESTION NO: 901
You are an information systems security officer at a mid-sized business and are called upon to
investigate a threat conveyed in an email from one employee to another.
You gather the evidence from both the email server transaction logs and from the computers of
the two individuals involved in the incident and prepare an executive summary.
You find that a threat was sent from one user to the other in a digitally signed email. The sender of
the threat says he didn't send the email in question. What concept of PKI - Public Key Infrastructure will implicate the sender?
A. Non-repudiation
B. The digital signature of the recipient
C. Authentication
D. Integrity
A
907
QUESTION NO: 902
When we encrypt or decrypt data there is a basic operation involving ones and zeros where they
are compared in a process that looks something like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called?
A. Exclusive-OR
B. Bit Swapping
C. Logical-NOR
D. Decryption
A
908
QUESTION NO: 903
Which type of encryption is considered to be unbreakable if the stream is truly random and is as
large as the plaintext and never reused in whole or part?
A. One Time Pad (OTP)
B. One time Cryptopad (OTC)
C. Cryptanalysis
D. Pretty Good Privacy (PGP)
A
909
QUESTION NO: 904
Which of the following terms can be described as the process to conceal data into another file or
media in a practice known as security through obscurity?
A. Steganography
B. ADS - Alternate Data Streams
C. Encryption
D. NTFS ADS
A
910
QUESTION NO: 905
Which of the following type of cryptography is used when both parties use the same key to
communicate securely with each other?
A. Symmetric Key Cryptography
B. PKI - Public Key Infrastructure
C. Diffie-Hellman
D. DSS - Digital Signature Standard
A
911
QUESTION NO: 906
Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The
recipient verifies my signature using my ______ key.
A. Private / Public
B. Public / Private
C. Symmetric / Asymmetric
D. Private / Symmetric
A
912
QUESTION NO: 907
Which of the following BEST describes a function relying on a shared secret key that is used along
with a hashing algorithm to verify the integrity of the communication content as well as the sender?
A. Message Authentication Code - MAC
B. PAM - Pluggable Authentication Module
C. NAM - Negative Acknowledgement Message
D. Digital Signature Certificate
A
913
QUESTION NO: 908
Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic
keys, passwords or certificates in a component located on the motherboard of a computer?
A. TPM - Trusted Platform Module
B. TPM - Trusted Procedure Module
C. Smart Card
D. Enigma Machine
A
914
QUESTION NO: 909
There are basic goals of Cryptography. Which of the following most benefits from the process of
encryption?
A. Confidentiality
B. Authentication
C. Integrity
D. Non-Repudiation
A
915
QUESTION NO: 910
Readable is to unreadable just as plain text is to _____?
A. Cipher Text
B. Encryption
C. Unplain Text
D. Digitally Signed
A
916
QUESTION NO: 911
In Mandatory Access Control, sensitivity labels attached to object contain what information?
A. The item's classification
B. The item's classification and category set
C. The item's category
D. The items's need to know
B
917
QUESTION NO: 912
The Orange Book describes four hierarchical levels to categorize security systems. Which of the
following levels require mandatory protection?
A. A and B.
B. B and C.
C. A, B, and C.
D. B and D.
A
918
QUESTION NO: 913
What mechanism does a system use to compare the security labels of a subject and an object?
A. Validation Module.
B. Reference Monitor.
C. Clearance Check.
D. Security Module.
B
919
QUESTION NO: 914
What are the components of an object's sensitivity label?
A. A Classification Set and a single Compartment.
B. A single classification and a single compartment.
C. A Classification Set and user credentials.
D. A single classification and a Compartment Set.
D
920
QUESTION NO: 915
What does it mean to say that sensitivity labels are "incomparable"?
A. The number of classification in the two labels is different.
B. Neither label contains all the classifications of the other.
C. the number of categories in the two labels are different.
D. Neither label contains all the categories of the other.
D
921
QUESTION NO: 916
As per the Orange Book, what are two types of system assurance?
A. Operational Assurance and Architectural Assurance.
B. Design Assurance and Implementation Assurance.
C. Architectural Assurance and Implementation Assurance.
D. Operational Assurance and Life-Cycle Assurance.
D
922
QUESTION NO: 917
The Orange Book requires auditing mechanisms for any systems evaluated at which of the
following levels?
A. C1 and above.
B. C2 and above.
C. B1 and above.
D. B2 and above.
B
923
QUESTION NO: 918
Which of the following are required for Life-Cycle Assurance?
A. System Architecture and Design specification.
B. Security Testing and Covert Channel Analysis.
C. Security Testing and Trusted distribution.
D. Configuration Management and Trusted Facility Management.
C
924
QUESTION NO: 919
Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding".
What does this mean?
A. System functions are layered, and none of the functions in a given layer can access data
outside that layer.
B. Auditing processes and their memory addresses cannot be accessed by user processes.
C. Only security processes are allowed to write to ring zero memory.
D. It is a form of strong encryption cipher.
A
925
QUESTION NO: 920
The Orange Book states that "Hardware and software features shall be provided that can be used
to periodically validate the correct operation of the on-site hardware and firmware elements of the
TCB [Trusted Computing Base]." This statement is the formal requirement for:
A. Security Testing.
B. Design Verification.
C. System Integrity.
D. System Architecture Specification.
C
926
QUESTION NO: 921
Which of the following can be used as a covert channel?
A. Storage and timing.
B. Storage and low bits.
C. Storage and permissions.
D. Storage and classification.
A
927
QUESTION NO: 922
Covert Channel Analysis is first introduced at what level of the TCSEC rating?
A. C2 and above.
B. B1 and above.
C. B2 and above.
D. B3 and above.
C
928
QUESTION NO: 923
At what Orange Book evaluation levels are design specification and verification first required?
A. C1 and above.
B. C2 and above.
C. B1 and above.
D. B2 and above.
C
929
QUESTION NO: 924
Configuration Management controls what?
A. Auditing of changes to the Trusted Computing Base.
B. Control of changes to the Trusted Computing Base.
C. Changes in the configuration access to the Trusted Computing Base.
D. Auditing and controlling any changes to the Trusted Computing Base.
D
930
QUESTION NO: 925
At which of the Orange Book evaluation levels is configuration management required?
A. C1 and above.
B. C2 and above.
C. B1 and above.
D. B2 and above.
D
931
QUESTION NO: 926
What is the purpose of Trusted Distribution?
A. To ensure that messages sent from a central office to remote locations are free from tampering.
B. To prevent the sniffing of data as it travels through an untrusted network enroute to a trusted
network.
C. To ensure that the Trusted Computing Base is not tampered with during shipment or
installation.
D. To ensure that messages received at the Trusted Computing Base are not old messages being
resent as part of a replay attack.
C
932
QUESTION NO: 927
Which Orange Book evaluation level is described as "Verified Design"?
A. A1.
B. B3.
C. B2.
D. B1.
A
933
QUESTION NO: 928
Which Orange Book evaluation level is described as "Structured Protection"?
A. A1
B. B3
C. B2
D. B1
C
934
QUESTION NO: 929
Who developed one of the first mathematical models of a multilevel-security computer system?
A. Diffie and Hellman.
B. Clark and Wilson.
C. Bell and LaPadula.
D. Gasser and Lipner.
C
935
QUESTION NO: 930
If an operating system permits shared resources such as memory to be used sequentially by
multiple users/application or subjects without a refresh of the objects/memory area, what security
problem is MOST likely to exist?
A. Disclosure of residual data.
B. Unauthorized obtaining of a privileged execution state.
C. Data leakage through covert channels.
D. Denial of service through a deadly embrace.
A
936
QUESTION NO: 931
The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of
the following that the Orange Book did not address?
A. integrity and confidentiality.
B. confidentiality and availability.
C. integrity and availability.
D. none of the above.
C
937
QUESTION NO: 932
An Architecture where there are more than two execution domains or privilege levels is called:
A. Ring Architecture.
B. Ring Layering
C. Network Environment.
D. Security Models
A
938
QUESTION NO: 933
Which of the following components are considered part of the Trusted Computing Base?
A. trusted hardware and firmware
B. trusted hardware and software
C. trusted hardware, software and firmware
D. trusted computer operators and system managers
C
939
QUESTION NO: 934
Which of the following places the Orange Book classifications in order from most secure to least
secure?
A. A, B, C, D
B. D, C, B, A
C. D, B, A, C
D. C, D, B, A
A
940
QUESTION NO: 935
The Orange Book is founded upon which security policy model?
A. The Biba Model
B. The Bell LaPadula Model
C. Clark-Wilson Model
D. TEMPEST
B
941
QUESTION NO: 936
Which of the following is NOT a basic component of security architecture?
A. Motherboard
B. Central Processing Unit (CPU
C. Storage Devices
D. Peripherals (input/output devices)
A
942
QUESTION NO: 937
Which of the following is the lowest TCSEC class wherein the systems must support separate
operator and system administrator roles?
A. B2
B. B1
C. A1
D. A2
A
943
QUESTION NO: 938
In which of the following model are Subjects and Objects identified and the permissions applied to
each subject/object combination are specified. Such a model can be used to quickly summarize
what permissions a subject has for various system objects.
A. Access Control Matrix model
B. Take-Grant model
C. Bell-LaPadula model
D. Biba model
A
944
QUESTION NO: 939
In which of the following security models is the subject's clearance compared to the object's
classification such that specific rules can be applied to control how the subject-to-object
interactions take place?
A. Bell-LaPadula model
B. Biba model
C. Access Matrix model
D. Take-Grant model
A
945
QUESTION NO: 940
Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as
mandatory protection?
A. B
B. A
C. C
D. D
A
946
QUESTION NO: 941
Which of the following classes is defined in the TCSEC (Orange Book) as discretionary
protection?
A. C
B. B
C. A
D. D
A
947
QUESTION NO: 942
Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?
A. Division D
B. Division C
C. Division B
D. Division A
A
948
QUESTION NO: 943
Which of the following establishes the minimal national standards for certifying and accrediting
national security systems?
A. NIACAP
B. DIACAP
C. HIPAA
D. TCSEC
A
949
QUESTION NO: 944
Which of the following was developed by the National Computer Security Center (NCSC) for the
US Department of Defense?
A. TCSEC
B. ITSEC
C. DIACAP
D. NIACAP
A
950
QUESTION NO: 945
Which of the following is a set of data processing elements that increases the performance in a
computer by overlapping the steps of different instructions?
A. pipelining
B. complex-instruction-set-computer (CISC)
C. reduced-instruction-set-computer (RISC)
D. multitasking
A
951
QUESTION NO: 946
Which of the following describes a computer processing architecture in which a language compiler
or pre-processor breaks program instructions down into basic operations that can be performed by
the processor at the same time?
A. Very-Long Instruction-Word Processor (VLIW)
B. Complex-Instruction-Set-Computer (CISC)
C. Reduced-Instruction-Set-Computer (RISC)
D. Super Scalar Processor Architecture (SCPA)
A
952
QUESTION NO: 947
Which of the following addresses a portion of the primary memory by specifying the actual address
of the memory location?
A. direct addressing
B. Indirect addressing
C. implied addressing
D. indexed addressing
A
953
QUESTION NO: 948
The steps of an access control model should follow which logical flow:
A. Authorization, Identification, authentication
B. Identification, accountability, authorization
C. Identification, authentication, authorization
D. Authentication, Authorization, Identification
C
954
QUESTION NO: 949
Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and
testing. Which of following assure the Target of Evaluation (or TOE) is methodically designed,
tested and reviewed?
A. EAL 3
B. EAL 4
C. EAL 5
D. EAL 6
B
955
QUESTION NO: 950
Attributable data should be:
A. always traced to individuals responsible for observing and recording the data
B. sometimes traced to individuals responsible for observing and recording the data
C. never traced to individuals responsible for observing and recording the data
D. often traced to individuals responsible for observing and recording the data
A
956
QUESTION NO: 951
If an internal database holds a number of printers in every department and this equals the total
number of printers for the whole organization recorded elsewhere in the database, it is an example
of:
A. External consistency of the information system.
B. Differential consistency of the information system.
C. Internal consistency of the information system.
D. Referential consistency of the information system.
C
957
QUESTION NO: 952
What is called the type of access control where there are pairs of elements that have the least
upper bound of values and greatest lower bound of values?
A. Mandatory model
B. Discretionary model
C. Lattice model
D. Rule model
C
958
QUESTION NO: 953
Which of the following statements relating to the Bell-LaPadula security model is FALSE
(assuming the Strong Star property is not being used)?
A. A subject is not allowed to read up.
B. The *- property restriction can be escaped by temporarily downgrading a high level subject.
C. A subject is not allowed to read down.
D. It is restricted to confidentiality.
C
959
QUESTION NO: 954
What would BEST define a covert channel?
A. An undocumented backdoor that has been left by a programmer in an operating system
B. An open system port that should be closed.
C. A communication channel that allows transfer of information in a manner that violates the
system's security policy.
D. A trojan horse.
C
960
QUESTION NO: 955
Which of the following statements relating to the Biba security model is FALSE?
A. It is a state machine model.
B. A subject is not allowed to write up.
C. Integrity levels are assigned to subjects and objects.
D. Programs serve as an intermediate layer between subjects and objects.
D
961
QUESTION NO: 956
Which of the following organizations PRODUCES and PUBLISHES the Federal Information
Processing Standards (FIPS)?
A. The National Computer Security Center (NCSC)
B. The National Institute of Standards and Technology (NIST)
C. The National Security Agency (NSA)
D. The American National Standards Institute (ANSI)
B
962
QUESTION NO: 957
Why do buffer overflows happen? What is the main cause?
A. Because buffers can only hold so much data
B. Because of improper parameter checking within the application
C. Because they are an easy weakness to exploit
D. Because of insufficient system memory
B
963
QUESTION NO: 958
Which of the following choices describe a condition when RAM and Secondary storage are used
together?
A. Primary storage
B. Secondary storage
C. Virtual storage
D. Real storage
C
964
QUESTION NO: 959
Which of the following statements pertaining to protection rings is false?
A. They provide strict boundaries and definitions on what the processes that work within each ring
can access.
B. Programs operating in inner rings are usually referred to as existing in a privileged mode.
C. They support the CIA triad requirements of multitasking operating systems.
D. They provide users with a direct access to peripherals
D
965
QUESTION NO: 960
What is it called when a computer uses more than one CPU in parallel to execute instructions?
A. Multiprocessing
B. Multitasking
C. Multithreading
D. Parallel running
A
966
QUESTION NO: 961
Which of the following statements pertaining to the trusted computing base (TCB) is false?
A. Its enforcement of security policy is independent of parameters supplied by system
administrators.
B. It is defined in the Orange Book.
C. It includes hardware, firmware and software.
D. A higher TCB rating will require that details of their testing procedures and documentation be
reviewed with more granularity.
A
967
QUESTION NO: 962
What can be defined as an abstract machine that mediates all access to objects by subjects to
ensure that subjects have the necessary access rights and to protect objects from unauthorized
access?
A. The Reference Monitor
B. The Security Kernel
C. The Trusted Computing Base
D. The Security Domain
A
968
QUESTION NO: 963
Which of the following is not a method to protect objects and the data within the objects?
A. Layering
B. Data mining
C. Abstraction
D. Data hiding
B
969
QUESTION NO: 964
What is the main focus of the Bell-LaPadula security model?
A. Accountability
B. Integrity
C. Confidentiality
D. Availability
C
970
QUESTION NO: 965
Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making
use of the strong star property?
A. It allows "read up."
B. It addresses covert channels.
C. It addresses management of access controls.
D. It allows "write up."
D
971
```
QUESTION NO: 966
Which security model introduces access to objects only through programs?
A. The Biba model
B. The Bell-LaPadula model
C. The Clark-Wilson model
D. The information flow model
```
C
972
QUESTION NO: 967
Which security model ensures that actions that take place at a higher security level do not affect
actions that take place at a lower level?
A. The Bell-LaPadula model
B. The information flow model
C. The noninterference model
D. The Clark-Wilson model
C
973
QUESTION NO: 968
Which of the following security models does NOT concern itself with the flow of data?
A. The information flow model
B. The Biba model
C. The Bell-LaPadula model
D. The noninterference model
D
974
QUESTION NO: 969
Which of the following Orange Book ratings represents the highest level of trust?
A. B1
B. B2
C. F6
D. C2
B
975
QUESTION NO: 970
What Orange Book security rating is reserved for systems that have been evaluated but fail to
meet the criteria and requirements of the higher divisions?
A. A
B. D
C. E
D. F
B
976
QUESTION NO: 971
Which Orange book security rating introduces the object reuse protection?
A. C1
B. C2
C. B1
D. B2
D
977
QUESTION NO: 972
Which Orange book security rating introduces security labels?
A. C2
B. B1
C. B2
D. B3
B
978
QUESTION NO: 973
Which Orange book security rating is the FIRST to be concerned with covert channels?
A. A1
B. B3
C. B2
D. B1
C
979
QUESTION NO: 974
What is called the formal acceptance of the adequacy of a system's overall security by the
management?
A. Certification
B. Acceptance
C. Accreditation
D. Evaluation
C
980
QUESTION NO: 975
Which division of the Orange Book deals with discretionary protection (need-to-know)?
A. D
B. C
C. B
D. A
B
981
QUESTION NO: 976
What does the Clark-Wilson security model focus on?
A. Confidentiality
B. Integrity
C. Accountability
D. Availability
B
982
QUESTION NO: 977
What does the simple security (ss) property mean in the Bell-LaPadula model?
A. No read up
B. No write down
C. No read down
D. No write up
A
983
QUESTION NO: 978
What does the * (star) property mean in the Bell-LaPadula model?
A. No write up
B. No read up
C. No write down
D. No read down
C
984
QUESTION NO: 979
What does the * (star) integrity axiom mean in the Biba model?
A. No read up
B. No write down
C. No read down
D. No write up
D
985
QUESTION NO: 980
What does the simple integrity axiom mean in the Biba model?
A. No write down
B. No read down
C. No read up
D. No write up
B
986
QUESTION NO: 981
What is the Biba security model concerned with?
A. Confidentiality
B. Reliability
C. Availability
D. Integrity
D
987
QUESTION NO: 982
Which security model uses division of operations into different parts and requires different users to
perform each part?
A. Bell-LaPadula model
B. Biba model
C. Clark-Wilson model
D. Non-interference model
C
988
QUESTION NO: 983
A channel within a computer system or network that is designed for the authorized transfer of
information is identified as a(n)?
A. Covert channel
B. Overt channel
C. Opened channel
D. Closed channel
B
989
QUESTION NO: 984
What can best be described as a domain of trust that shares a single security policy and single
management?
A. The reference monitor
B. A security domain
C. The security kernel
D. The security perimeter
B
990
QUESTION NO: 985
Which of the following describes a technique in which a number of processor units are employed
in a single computer system to increase the performance of the system in its application
environment above the performance of a single processor of the same kind?
A. Multitasking
B. Multiprogramming
C. Pipelining
D. Multiprocessing
D
991
QUESTION NO: 986
Who first described the DoD multilevel military security policy in abstract, formal terms?
A. David Bell and Leonard LaPadula
B. Rivest, Shamir and Adleman
C. Whitfield Diffie and Martin Hellman
D. David Clark and David Wilson
A
992
QUESTION NO: 987
Which of the following computer design approaches is based on the fact that in earlier
technologies, the instruction fetch was the longest part of the cycle?
A. Pipelining
B. Reduced Instruction Set Computers (RISC)
C. Complex Instruction Set Computers (CISC)
D. Scalar processors
C
993
QUESTION NO: 988
What is used to protect programs from all unauthorized modification or executional interference?
A. A protection domain
B. A security perimeter
C. Security labels
D. Abstraction
A
994
QUESTION NO: 989
What is called a system that is capable of detecting that a fault has occurred and has the ability to
correct the fault or operate around it?
A. A fail safe system
B. A fail soft system
C. A fault-tolerant system
D. A failover system
C
995
QUESTION NO: 990
Which integrity model defines a constrained data item, an integrity verification procedure and a
transformation procedure?
A. The Take-Grant model
B. The Biba integrity model
C. The Clark Wilson integrity model
D. The Bell-LaPadula integrity model
C
996
QUESTION NO: 991
What is defined as the hardware, firmware and software elements of a trusted computing base
that implement the reference monitor concept?
A. The reference monitor
B. Protection rings
C. A security kernel
D. A protection domain
C
997
QUESTION NO: 992
According to the Orange Book, which security level is the first to require a system to protect
against covert timing channels?
A. A1
B. B3
C. B2
D. B1
B
998
QUESTION NO: 993
According to the Orange Book, which security level is the first to require a system to support
separate operator and system administrator roles?
A. A1
B. B1
C. B2
D. B3
C
999
QUESTION NO: 994
In the Bell-LaPadula model, the Star-property is also called:
A. The simple security property
B. The confidentiality property
C. The confinement property
D. The tranquility property
C
1000
QUESTION NO: 995
Which of the following is best defined as an administrative declaration by a designated authority
that an information system is approved to operate in a particular security configuration with a
prescribed set of safeguards?
A. Certification
B. Declaration
C. Audit
D. Accreditation
D
1001
QUESTION NO: 996
Which of the following is best defined as a mode of system termination that automatically leaves
system processes and components in a secure state when a failure occurs or is detected in a
system?
A. Fail proof
B. Fail soft
C. Fail safe
D. Fail Over
C
1002
QUESTION NO: 997
The Reference Validation Mechanism that ensures the authorized access relationships between
subjects and objects is implementing which of the following concept:
A. The reference monitor.
B. Discretionary Access Control.
C. The Security Kernel.
D. Mandatory Access Control.
A
1003
QUESTION NO: 998
What is the name of the first mathematical model of a multi-level security policy used to define the
concept of a secure state, the modes of access, and rules for granting access?
A. Clark and Wilson Model
B. Harrison-Ruzzo-Ullman Model
C. Rivest and Shamir Model
D. Bell-LaPadula Model
D
1004
QUESTION NO: 999
Which of the following models does NOT include data integrity or conflict of interest?
A. Biba
B. Clark-Wilson
C. Bell-LaPadula
D. Brewer-Nash
C
1005
QUESTION NO: 1000
Which of the following describes a logical form of separation used by secure computing systems?
A. Processes use different levels of security for input and output devices.
B. Processes are constrained so that each cannot access objects outside its permitted domain.
C. Processes conceal data and computations to inhibit access by outside processes.
D. Processes are granted access based on granularity of controlled objects.
B
1006
QUESTION NO: 1001
What security problem is most likely to exist if an operating system permits objects to be used
sequentially by multiple users without forcing a refresh of the objects?
A. Disclosure of residual data.
B. Unauthorized obtaining of a privileged execution state.
C. Denial of service through a deadly embrace.
D. Data leakage through covert channels.
A
1007
QUESTION NO: 1002
In access control terms, the word "dominate" refers to which of the following?
A. Higher or equal to access class
B. Rights are superceded
C. Valid need-to-know with read privileges
D. A higher clearance level than other users
A
1008
QUESTION NO: 1003
The biggest difference between System High Security Mode and Dedicated Security Mode is:
A. The clearance required
B. Object classification
C. Subjects cannot access all objects
D. Need-to-know
D
1009
QUESTION NO: 1004
For competitive reasons, the customers of a large shipping company called the "Integrated
International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various
cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access
control model to keep this information private. Different information in this database is classified at
different levels. For example, the time and date a ship departs is labeled Unclassified, so
customers can estimate when their cargos will arrive, but the contents of all shipping containers on
the ship are labeled Top Secret to keep different shippers from viewing each other's cargos.
An unscrupulous fruit shipper, the "Association of Private Fruit Exporters, Limited" (APFEL) wants
to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping
pineapples on the ship "S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret
contents in the IISSCC database because of the access model. A smart APFEL worker, however,
attempts to insert a false, unclassified record in the database that says that FIGCO is shipping
pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record
then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or
not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading
FIGCO's cargo information? What is a secure database technique that could explain why, when
the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping
pineapples?
A. *-Property and Polymorphism
B. Strong *-Property and Polyinstantiation
C. Simple Security Property and Polymorphism
D. Simple Security Property and Polyinstantiation
D
1010
QUESTION NO: 1005
What is a trusted shell?
A. It means that someone who is working in that shell cannot "bust out of it", and other processes
cannot "bust into it".
B. It means that it is a communications channel between the user, or program, and the kernel.
C. It means that someone working in that shell can communicate with someone else in another
trusted shell.
D. It means that it won't let processes overwrite other processes' data.
A
1011
QUESTION NO: 1006
Which security model uses an access control triple and also require separation of duty?
A. DAC
B. Lattice
C. Clark-Wilson
D. Bell-LaPadula
C
1012
QUESTION NO: 1007
You have been approached by one of your clients . They are interested in doing some security reengineering
. The client is looking at various information security models. It is a highly secure
environment where data at high classifications cannot be leaked to subjects at lower
classifications . Of primary concern to them, is the identification of potential covert channel. As an
Information Security Professional , which model would you recommend to the client?
A. Information Flow Model combined with Bell Lapadula
B. Bell Lapadula
C. Biba
D. Information Flow Model
A
1013
QUESTION NO: 1008
Which of the following security models introduced the idea of mutual exclusivity which generates
dynamically changing permissions?
A. Biba
B. Brewer & Nash
C. Graham-Denning
D. Clark-Wilson
B
1014
QUESTION NO: 1009
Pervasive Computing and Mobile Computing Devices have to sacrifice certain functions. Which
statement concerning those devices is false.
A. In many cases, security services has been enhanced due to the lack of services available.
B. These devices share common security concerns with other resource-constrained devices.
C. In many cases, security services have been sacrificed to provide richer user interaction when
processing power is very limited.
D. Their mobility has made them a prime vector for data loss since they can be used to transmit
and store information in ways that may be difficult to control.
A
1015
QUESTION NO: 1010
Which International Organization for Standardization standard is commonly referred to as the
'common criteria'?
A. 15408
B. 27001
C. 14000
D. 22002
A
1016
QUESTION NO: 1011
What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a
single organization comprising multiple consumers (e.g., business units)? Such deployment
model may be owned, managed, and operated by the organization, a third party, or some
combination of them, and it may exist on or off premises.
A. Private Cloud
B. Public Cloud
C. Hybrid Cloud
D. Community Cloud
A
1017
QUESTION NO: 1012
When referring to the Cloud Computing Service models. What would you call a service model
where the consumer does not manage or control the underlying cloud infrastructure including
networks, servers, operating systems, or storage, but has control over the deployed applications
and possibly configuration settings for the application-hosting environment?
A. Code as a Service (CaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Infrastructure as a Service (IaaS)
B
1018
QUESTION NO: 1013
Which of the following was the first mathematical model of a multilevel security policy used to
define the concepts of a security state and mode of access, and to outline rules of access?
A. Biba
B. Bell-LaPadula
C. Clark-Wilson
D. State machine
B
1019
QUESTION NO: 1014
Which of the following is a true statement pertaining to memory addressing?
A. The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are
based on a known address and an offset value.
B. The CPU uses logical addresses. Applications use absolute addresses. Relative addresses are
based on a known address and an offset value.
C. The CPU uses absolute addresses. Applications use relative addresses. Logical addresses are
based on a known address and an offset value.
D. The CPU uses absolute addresses. Applications use logical addresses. Absolute addresses
are based on a known address and an offset value.
A
1020
QUESTION NO: 1015
Which of the following answers BEST describes the Bell La-Padula model of storage and access
control of classified information?
A. No read up and No write down
B. No write up, no read down
C. No read over and no write up
D. No reading from higher classification levels
A
1021
QUESTION NO: 1016
In which of the following cloud computing service model are applications hosted by the service
provider and made available to the customers over a network?
A. Software as a service
B. Data as a service
C. Platform as a service
D. Infrastructure as a service
A
1022
QUESTION NO: 1017
Which of the following cloud computing service model provides a way to rent operating systems,
storage and network capacity over the Internet?
A. Software as a service
B. Data as a service
C. Platform as a service
D. Infrastructure as a service
C
1023
QUESTION NO: 1018
Which of the following cloud computing service model is a provision model in which an
organization outsources the equipment used to support operations, including storage, hardware,
servers and networking components?
A. Software as a service
B. Data as a service
C. Platform as a service
D. Infrastructure as a service
D
1024
QUESTION NO: 1019
Which of the following cloud deployment model operates solely for an organization?
A. Private Cloud
B. Community Cloud
C. Public Cloud
D. Hybrid Cloud
A
1025
QUESTION NO: 1020
Which of the following cloud deployment model can be shared by several organizations?
A. Private Cloud
B. Community Cloud
C. Public Cloud
D. Hybrid Cloud
B
1026
QUESTION NO: 1021
Which of the following cloud deployment model is provisioned for open use by the general public?
A. Private Cloud
B. Community Cloud
C. Public Cloud
D. Hybrid Cloud
C
1027
QUESTION NO: 1022
Which of the following cloud deployment model is formed by the composition of two or more cloud
deployment mode?
A. Private Cloud
B. Community Cloud
C. Public Cloud
D. Hybrid Cloud
D
1028
QUESTION NO: 1023
Configuration Management controls what?
A. Auditing of changes to the Trusted Computing Base.
B. Control of changes to the Trusted Computing Base.
C. Changes in the configuration access to the Trusted Computing Base.
D. Auditing and controlling any changes to the Trusted Computing Base.
D
1029
QUESTION NO: 1024
If an operating system permits shared resources such as memory to be used sequentially by
multiple users/application or subjects without a refresh of the objects/memory area, what security
problem is MOST likely to exist?
A. Disclosure of residual data.
B. Unauthorized obtaining of a privileged execution state.
C. Data leakage through covert channels.
D. Denial of service through a deadly embrace.
A
1030
QUESTION NO: 1025
Operations Security seeks to primarily protect against which of the following?
A. object reuse
B. facility disaster
C. compromising emanations
D. asset threats
D
1031
QUESTION NO: 1026
Which of the following components are considered part of the Trusted Computing Base?
A. trusted hardware and firmware
B. trusted hardware and software
C. trusted hardware, software and firmware
D. trusted computer operators and system managers
C
1032
QUESTION NO: 1027
Which of the following is NOT an example of an operational control?
A. backup and recovery
B. Auditing
C. contingency planning
D. operations procedures
B
1033
QUESTION NO: 1028
Degaussing is used to clear data from all of the following medias except:
A. Floppy Disks
B. Read-Only Media
C. Video Tapes
D. Magnetic Hard Disks
B
1034
QUESTION NO: 1029
It is a violation of the "separation of duties" principle when which of the following individuals
access the software on systems implementing security?
A. security administrator
B. security analyst
C. systems auditor
D. systems programmer
D
1035
QUESTION NO: 1030
When backing up an applications system's data, which of the following is a key question to be
answered first?
A. When to make backups
B. Where to keep backups
C. What records to backup
D. How to store backups
C
1036
QUESTION NO: 1031
The number of violations that will be accepted or forgiven before a violation record is produced is
called which of the following?
A. clipping level
B. acceptance level
C. forgiveness level
D. logging level
A
1037
QUESTION NO: 1032
Which of the following is the most reliable, secure means of removing data from magnetic storage
media such as a magnetic tape, or a cassette?
A. Degaussing
B. Parity Bit Manipulation
C. Zeroization
D. Buffer overflow
A
1038
QUESTION NO: 1033
Which of the following is true related to network sniffing?
A. Sniffers allow an attacker to monitor data passing across a network.
B. Sniffers alter the source address of a computer to disguise and exploit weak authentication
methods.
C. Sniffers take over network connections.
D. Sniffers send IP fragments to a system that overlap with each other.
A
1039
QUESTION NO: 1034
Which of the following is NOT a technique used to perform a penetration test?
A. traffic padding
B. scanning and probing
C. war dialing
D. sniffing
A
1040
QUESTION NO: 1035
Which of the following is NOT a media viability control used to protect the viability of data storage
media?
A. clearing
B. marking
C. handling
D. storage
A
1041
QUESTION NO: 1036
Which of the following are the two commonly defined types of covert channels:
A. Storage and Timing
B. Software and Timing
C. Storage and Kernel
D. Kernel and Timing
A
1042
QUESTION NO: 1037
Which of the following refers to the data left on the media after the media has been erased?
A. remanence
B. recovery
C. sticky bits
D. semi-hidden
A
1043
QUESTION NO: 1038
Which of the following ensures that security is not breached when a system crash or other system
failure occurs?
A. trusted recovery
B. hot swappable
C. redundancy
D. secure boot
A
1044
QUESTION NO: 1039
Which of the following ensures that a TCB is designed, developed, and maintained with formally
controlled standards that enforces protection at each stage in the system's life cycle?
A. life cycle assurance
B. operational assurance
C. covert timing assurance
D. covert storage assurance
A
1045
QUESTION NO: 1040
Which of the following is the lowest TCSEC class wherein the systems must support separate
operator and system administrator roles?
A. B2
B. B1
C. A1
D. A2
A
1046
QUESTION NO: 1041
Which of the following are NOT a countermeasure to traffic analysis?
A. Padding messages.
B. Eavesdropping.
C. Sending noise.
D. Faraday Cage
B
1047
QUESTION NO: 1042
Which of the following are the three classifications of RAID identified by the RAID Advisory Board?
A. Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant
Disk Systems.
B. Foreign Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster
Tolerant Disk Systems.
C. Failure Resistant Disk Systems (FRDSs), File Transfer Disk Systems, and Disaster Tolerant
Disk Systems.
D. Federal Resistant Disk Systems (FRDSs), Fault Tolerant Disk Systems, and Disaster Tolerant
Disk Systems.
A
1048
QUESTION NO: 1043
RAID Level 1 is commonly called which of the following?
A. mirroring
B. striping
C. clustering
D. hamming
A
1049
QUESTION NO: 1044
Which of the following is often implemented by a one-for-one disk to disk ratio?
A. RAID Level 1
B. RAID Level 0
C. RAID Level 2
D. RAID Level 5
A
1050
QUESTION NO: 1045
The main issue with Level 1 of RAID is which of the following?
A. It is very expensive.
B. It is difficult to recover.
C. It causes poor performance.
D. It is relatively unreliable.
A
1051
QUESTION NO: 1046
Which of the following effectively doubles the amount of hard drives needed but also provides
redundancy?
A. RAID Level 0
B. RAID Level 1
C. RAID Level 2
D. RAID Level 5
B
1052
QUESTION NO: 1047
Which of the following is used to create parity information?
A. a hamming code
B. a clustering code
C. a mirroring code
D. a striping code
A
1053
QUESTION NO: 1048
The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level
while level 4 is usually implemented at which of the following?
A. block level.
B. bridge level.
C. channel level.
D. buffer level.
A
1054
QUESTION NO: 1049
The spare drives that replace the failed drives are usually hot swappable, meaning they can be
replaced on the server in which of the following scenarios?
A. system is up and running
B. system is quiesced but operational
C. system is idle but operational
D. system is up and in single-user-mode
A
1055
QUESTION NO: 1050
RAID level 10 is created by combining which of the following?
A. level 0 (striping) with level 1 (mirroring).
B. level 0 (striping) with level 2 (hamming).
C. level 0 (striping) with level 1 (clustering).
D. level 0 (striping) with level 1 (hamming).
A
1056
QUESTION NO: 1051
A hardware RAID implementation is usually:
A. platform-independent.
B. platform-dependent.
C. operating system dependant.
D. software dependant.
A
1057
QUESTION NO: 1052
RAID levels 3 and 5 run:
A. faster on hardware.
B. slower on hardware.
C. faster on software.
D. at the same speed on software and hardware.
A
1058
QUESTION NO: 1053
When RAID runs as part of the operating system on the file server, it is an example of a:
A. software implementation.
B. hardware implementation.
C. network implementation.
D. server implementation.
A
1059
QUESTION NO: 1054
A server cluster looks like a:
A. single server from the user's point of view.
B. dual server from the user's point of view.
C. triple server from the user's point of view.
D. quardle server from the user's point of view.
A
1060
QUESTION NO: 1055
Which of the following backup methods makes a complete backup of every file on the server every
time it is run?
A. full backup method.
B. incremental backup method.
C. differential backup method.
D. tape backup method.
A
1061
QUESTION NO: 1056
Which backup method usually resets the archive bit on the files after they have been backed up?
A. Incremental backup method.
B. Differential backup method.
C. Partial backup method.
D. Tape backup method.
A
1062
QUESTION NO: 1057
Which backup method is additive because the time and tape space required for each night's
backup grows during the week as it copies the day's changed files and the previous days' changed
files up to the last full backup?
A. differential backup method.
B. full backup method.
C. incremental backup method.
D. tape backup method.
A
1063
QUESTION NO: 1058
Which of the following backup method must be made regardless of whether Differential or
Incremental methods are used?
A. Full Backup Method.
B. Incremental backup method.
C. Supplemental backup method.
D. Tape backup method.
A
1064
QUESTION NO: 1059
Which of the following tape formats can be used to backup data systems in addition to its original
intended audio uses?
A. Digital Video Tape (DVT).
B. Digital Analog Tape (DAT).
C. Digital Voice Tape (DVT).
D. Digital Audio Tape (DAT).
D
1065
QUESTION NO: 1060
This type of backup management provides a continuous on-line backup by using optical or tape
"jukeboxes," similar to WORMs (Write Once, Read Many):
A. Hierarchical Storage Management (HSM).
B. Hierarchical Resource Management (HRM).
C. Hierarchical Access Management (HAM).
D. Hierarchical Instance Management (HIM).
A
1066
QUESTION NO: 1061
Physically securing backup tapes from unauthorized access is obviously a security concern and is
considered a function of the:
A. Operations Security Domain.
B. Operations Security Domain Analysis.
C. Telecommunications and Network Security Domain.
D. Business Continuity Planning and Disater Recovery Planning.
A
1067
QUESTION NO: 1062
The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much
technical knowledge has brought a growth in the number of which type of attackers?
A. Black hats
B. White hats
C. Script kiddies
D. Phreakers
C
1068
QUESTION NO: 1063
Which of the following computer crime is MORE often associated with INSIDERS?
A. IP spoofing
B. Password sniffing
C. Data diddling
D. Denial of service (DOS)
C
1069
QUESTION NO: 1064
Which of the following logical access exposures INVOLVES CHANGING data before, or as it is
entered into the computer?
A. Data diddling
B. Salami techniques
C. Trojan horses
D. Viruses
A
1070
QUESTION NO: 1065
Notifying the appropriate parties to take action in order to determine the extent of the severity of an
incident and to remediate the incident's effects is part of:
A. Incident Evaluation
B. Incident Recognition
C. Incident Protection
D. Incident Response
C
1071
QUESTION NO: 1066
An Intrusion Detection System (IDS) is what type of control?
A. A preventive control.
B. A detective control.
C. A recovery control.
D. A directive control.
B
1072
QUESTION NO: 1067
The main issue with RAID Level 1 is that the one-for-one ratio is:
A. very expensive, resulting in the highest cost per megabyte of data capacity.
B. very inexpensive, resulting in the lowest cost per megabyte of data capacity.
C. very unreliable resulting in a greater risk of losing data.
D. very reliable resulting in a lower risk of losing data.
A
1073
QUESTION NO: 1068
Which of the following RAID levels is not used in practice and was quickly superseded by the more
flexible levels?
A. RAID Level 0
B. RAID Level 1
C. RAID Level 2
D. RAID Level 7
C
1074
QUESTION NO: 1069
Which RAID implementation is commonly called mirroring?
A. RAID level 2
B. RAID level 3
C. RAID level 5
D. RAID level 1
D
1075
QUESTION NO: 1070
What is the main objective of proper separation of duties?
A. To prevent employees from disclosing sensitive information.
B. To ensure access controls are in place.
C. To ensure that no single individual can compromise a system.
D. To ensure that audit trails are not tampered with.
C
1076
QUESTION NO: 1071
Which of the following is not a component of a Operations Security "triples"?
A. Asset
B. Threat
C. Vulnerability
D. Risk
D
1077
QUESTION NO: 1072
Which of the following Operation Security controls is intended to prevent unauthorized intruders
from internally or externally accessing the system, and to lower the amount and impact of
unintentional errors that are entering the system?
A. Detective Controls
B. Preventative Controls
C. Corrective Controls
D. Directive Controls
B
1078
QUESTION NO: 1073
This type of control is used to ensure that transactions are properly entered into the system once.
Elements of this type of control may include counting data and time stamping it with the date it was
entered or edited?
A. Processing Controls
B. Output Controls
C. Input Controls
D. Input/Output Controls
C
1079
QUESTION NO: 1074
When two or more separate entities (usually persons) operating in concert to protect sensitive
functions or information must combine their knowledge to gain access to an asset, this is known
as?
A. Dual Control
B. Need to know
C. Separation of duties
D. Segragation of duties
A
1080
QUESTION NO: 1075
Configuration Management is a requirement for the following level(s) of the Orange Book?
A. B3 and A1
B. B1, B2 and B3
C. A1
D. B2, B3, and A1
D
1081
QUESTION NO: 1076
Which of the following is NOT a proper component of Media Viability Controls?
A. Storage
B. Writing
C. Handling
D. Marking
B
1082
QUESTION NO: 1077
In this type of attack, the intruder re-routes data traffic from a network device to a personal
machine. This diversion allows an attacker to gain access to critical resources and user
credentials, such as passwords, and to gain unauthorized access to critical systems of an
organization. Pick the best choice below.
A. Network Address Translation
B. Network Address Hijacking
C. Network Address Supernetting
D. Network Address Sniffing
B
1083
QUESTION NO: 1078
What best describes a scenario when an employee has been shaving off pennies from multiple
accounts and depositing the funds into his own bank account?
A. Data fiddling
B. Data diddling
C. Salami techniques
D. Trojan horses
C
1084
QUESTION NO: 1079
When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or
to abide by what is commonly expected in a situation?
A. Due care
B. Due concern
C. Due diligence
D. Due practice
A
1085
QUESTION NO: 1080
Which of the following is not a critical security aspect of Operations Controls?
A. Controls over hardware.
B. Data media used.
C. Operators using resources.
D. Environmental controls.
D
1086
QUESTION NO: 1081
This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of
these occurrences that can take place before it is considered suspicious?
A. Checkpoint level
B. Ceiling level
C. Clipping level
D. Threshold level
C
1087
QUESTION NO: 1082
In order to enable users to perform tasks and duties without having to go through extra steps it is
important that the security controls and mechanisms that are in place have a degree of?
A. Complexity
B. Non-transparency
C. Transparency
D. Simplicity
C
1088
QUESTION NO: 1083
Who is responsible for implementing user clearances in computer-based information systems at
the B3 level of the TCSEC rating?
A. Security administrators
B. Operators
C. Data owners
D. Data custodians
A
1089
```
QUESTION NO: 1084
Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the
security administrator to perform security-related functions?
```
A. C2
B. B1
C. B2
D. B3
D
1090
QUESTION NO: 1085
Which of the following is NOT a valid reason to use external penetration service firms rather than
corporate resources?
A. They are more cost-effective
B. They offer a lack of corporate bias
C. They use highly talented ex-hackers
D. They ensure a more complete reporting
C
1091
QUESTION NO: 1086
Which of the following statements pertaining to ethical hacking is incorrect?
A. An organization should use ethical hackers who do not sell auditing, hardware, software,
firewall, hosting, and/or networking services.
B. Testing should be done remotely to simulate external threats.
C. Ethical hacking should not involve writing to or modifying the target systems negatively.
D. Ethical hackers never use tools that have the potential of affecting servers or services.
D
1092
QUESTION NO: 1087
What is the essential difference between a self-audit and an independent audit?
A. Tools used
B. Results
C. Objectivity
D. Competence
C
1093
QUESTION NO: 1088
When it comes to magnetic media sanitization, what difference can be made between clearing and
purging information?
A. Clearing completely erases the media whereas purging only removes file headers, allowing the
recovery of files.
B. Clearing renders information unrecoverable by a keyboard attack and purging renders
information unrecoverable against laboratory attack.
C. They both involve rewriting the media.
D. Clearing renders information unrecoverable against a laboratory attack and purging renders
information unrecoverable to a keyboard attack.
B
1094
QUESTION NO: 1089
A periodic review of user account management should not determine:
A. Conformity with the concept of least privilege.
B. Whether active accounts are still being used.
C. Strength of user-chosen passwords.
D. Whether management authorizations are up-to-date.
C
1095
QUESTION NO: 1090
What is the main issue with media reuse?
A. Degaussing
B. Data remanence
C. Media destruction
D. Purging
B
1096
QUESTION NO: 1091
Which of the following should NOT be performed by an operator?
A. Implementing the initial program load
B. Monitoring execution of the system
C. Data entry
D. Controlling job flow
C
1097
QUESTION NO: 1092
Which of the following should be performed by an operator?
A. Changing profiles
B. Approving changes
C. Adding and removal of users
D. Installing system software
D
1098
QUESTION NO: 1093
Which of the following is not appropriate in addressing object reuse?
A. Degaussing magnetic tapes when they're no longer needed.
B. Deleting files on disk before reusing the space.
C. Clearing memory blocks before they are allocated to a program or data.
D. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.
B
1099
QUESTION NO: 1094
Which of the following is not a preventive operational control?
A. Protecting laptops, personal computers and workstations.
B. Controlling software viruses.
C. Controlling data media access and disposal.
D. Conducting security awareness and technical training.
D
1100
QUESTION NO: 1095
Which of the following questions is less likely to help in assessing controls over hardware and
software maintenance?
A. Is access to all program libraries restricted and controlled?
B. Are integrity verification programs used by applications to look for evidences of data tampering,
errors, and omissions?
C. Is there version control?
D. Are system components tested, documented, and approved prior to promotion to production?
B
1101
QUESTION NO: 1096
Which of the following questions is less likely to help in assessing identification and authentication
controls?
A. Is a current list maintained and approved of authorized users and their access?
B. Are passwords changed at least every ninety days or earlier if needed?
C. Are inactive user identifications disabled after a specified period of time?
D. Is there a process for reporting incidents?
D
1102
QUESTION NO: 1097
Which of the following questions are least likely to help in assessing controls covering audit trails?
A. Does the audit trail provide a trace of user actions?
B. Are incidents monitored and tracked until resolved?
C. Is access to online logs strictly controlled?
D. Is there separation of duties between security personnel who administer the access control
function and those who administer the audit trail?
B
1103
QUESTION NO: 1098
What setup should an administrator use for regularly testing the strength of user passwords?
A. A networked workstation so that the live password database can easily be accessed by the
cracking program.
B. A networked workstation so the password database can easily be copied locally and processed
by the cracking program.
C. A standalone workstation on which the password database is copied and processed by the
cracking program.
D. A password-cracking program is unethical; therefore it should not be used.
C
1104
QUESTION NO: 1099
Which of the following rules is least likely to support the concept of least privilege?
A. The number of administrative accounts should be kept to a minimum.
B. Administrators should use regular accounts when performing routine operations like reading
mail.
C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible.
D. Only data to and from critical systems and applications should be allowed through the firewall.
D
1105
QUESTION NO: 1100
Ensuring that printed reports reach proper users and that receipts are signed before releasing
sensitive documents are examples of:
A. Deterrent controls
B. Output controls
C. Information flow controls
D. Asset controls
B
1106
QUESTION NO: 1101
Which of the following is an unintended communication path that is NOT protected by the system's
normal security mechanisms?
A. A trusted path
B. A protection domain
C. A covert channel
D. A maintenance hook
C
1107
QUESTION NO: 1102
According to the Orange Book, which security level is the first to require a system to support
separate operator and system administrator roles?
A. A1
B. B1
C. B2
D. B3
C
1108
QUESTION NO: 1103
What is the most effective means of determining that controls are functioning properly within an
operating system?
A. Interview with computer operator
B. Review of software control features and/or parameters
C. Review of operating system manual
D. Interview with product vendor
B
1109
QUESTION NO: 1104
Which of the following is used to interrupt the opportunity to use or perform collusion to subvert
operation for fraudulent purposes?
A. Key escrow
B. Rotation of duties
C. Principle of need-to-know
D. Principle of least privilege
B
1110
QUESTION NO: 1105
Which of the following security controls might force an operator into collusion with personnel
assigned organizationally within a different function in order to gain access to unauthorized data?
A. Limiting the local access of operations personnel
B. Job rotation of operations personnel
C. Management monitoring of audit logs
D. Enforcing regular password changes
A
1111
QUESTION NO: 1106
An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of
reducing magnetic flux density to zero on storage media or other magnetic media is called:
A. a magnetic field.
B. a degausser.
C. magnetic remanence.
D. magnetic saturation.
B
1112
QUESTION NO: 1107
What is the most secure way to dispose of information on a CD-ROM?
A. Sanitizing
B. Physical damage
C. Degaussing
D. Physical destruction
D
1113
QUESTION NO: 1108
Fault tolerance countermeasures are designed to combat threats to which of the following?
A. an uninterruptible power supply.
B. backup and retention capability.
C. design reliability.
D. data integrity.
C
1114
QUESTION NO: 1109
In what way can violation clipping levels assist in violation tracking and analysis?
A. Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that
threshold will be recorded for analysis of why the violations occurred.
B. Clipping levels enable a security administrator to customize the audit trail to record only those
violations which are deemed to be security relevant.
C. Clipping levels enable the security administrator to customize the audit trail to record only
actions for users with access to user accounts with a privileged status.
D. Clipping levels enable a security administrator to view all reductions in security levels which
have been made to user accounts which have incurred violations.
A
1115
QUESTION NO: 1110
An incremental backup process
A. Backs up all the files that have changed since the last full or incremental backup and sets the
archive bit to 0.
B. Backs up the files that been modified since the last full backup. It does not change the archive
bit value.
C. Backs up all the data and changes the archive bit to 0.
D. Backs up all the data and changes the archive bit to 1.
A
1116
QUESTION NO: 1111
In Operations Security trusted paths provide:
A. trustworthy integration into integrity functions.
B. trusted access to unsecure paths.
C. trustworthy interfaces into priviledged user functions.
D. trustworthy interfaces into priviledged MTBF functions.
C
1117
QUESTION NO: 1112
The Loki attack exploits a covert channel using which network protocol?
A. TCP
B. PPP
C. ICMP
D. SMTP
C
1118
QUESTION NO: 1113
Of the various types of "Hackers" that exist, the ones who are not worried about being caught and
spending time in jail and have a total disregard for the law or police force, are labeled as what type
of hackers?
A. Suicide Hackers
B. Black Hat Hackers
C. White Hat Hackers
D. Gray Hat Hackers
A
1119
QUESTION NO: 1114
A Differential backup process will:
A. Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1
B. Backs up data labeled with archive bit 1 and changes the data label to archive bit 0
C. Backs up data labeled with archive bit 0 and leaves the data labeled as archive bit 0
D. Backs up data labeled with archive bit 0 and changes the data label to archive bit 1
A
1120
QUESTION NO: 1115
Ding Ltd. is a firm specialized in intellectual property business. A new video streaming application
needs to be installed for the purpose of conducting the annual awareness program as per the firm
security program. The application will stream internally copyrighted computer based training
videos. The requirements for the application installation are to use a single server, low cost
technologies, high performance and no high availability capacities.
In regards to storage technology, what is the most suitable configuration for the server hard
drives?
A. Single hard disk (no RAID)
B. RAID 0
C. RAID 1
D. RAID 10
B
1121
QUESTION NO: 1116
According to Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS)
there is a requirement to “protect stored cardholder data.” Which of the following items cannot be
stored by the merchant?
A. Primary Account Number
B. Cardholder Name
C. Expiration Date
D. The Card Validation Code (CVV2)
D
1122
QUESTION NO: 1117
Which of the following answers best describes the type of penetration testing where the analyst
has full knowledge of the network on which he is going to perform his test?
A. White-Box Penetration Testing
B. Black-Box Pen Testing
C. Penetration Testing
D. Gray-Box Pen Testing
A
1123
QUESTION NO: 1118
Which of the following answers BEST indicates the most important part of a data backup plan?
A. Testing the backups with restore operations
B. An effective backup plan
C. A reliable network infrastructure
D. Expensive backup hardware
A
1124
QUESTION NO: 1119
Which of the following answers is directly related to providing High Availability to your users?
A. Backup data circuits
B. Good hiring practices
C. Updated Antivirus Software
D. Senior Executive Support
A
1125
QUESTION NO: 1120
Which of the following answers presents the MOST significant threat to network based IDS or IPS
systems?
A. Encrypted Traffic
B. Complex IDS/IPS Signature Syntax
C. Digitally Signed Network Packets
D. Segregated VLANs
A
1126
QUESTION NO: 1121
Which of the following method is recommended by security professional to PERMANENTLY erase
sensitive data on magnetic media?
A. Degaussing
B. Overwrite every sector of magnetic media with pattern of 1's and 0's
C. Format magnetic media
D. Delete File allocation table
A
1127
QUESTION NO: 1122
Which of the following best describes what would be expected at a "hot site"?
A. Computers, climate control, cables and peripherals
B. Computers and peripherals
C. Computers and dedicated climate control systems.
D. Dedicated climate control systems
A
1128
QUESTION NO: 1123
Who should direct short-term recovery actions immediately following a disaster?
A. Chief Information Officer.
B. Chief Operating Officer.
C. Disaster Recovery Manager.
D. Chief Executive Officer.
C
1129
QUESTION NO: 1124
Prior to a live disaster test also called a Full Interruption test, which of the following is most
important?
A. Restore all files in preparation for the test.
B. Document expected findings.
C. Arrange physical security for the test site.
D. Conduct of a successful Parallel Test
D
1130
QUESTION NO: 1125
Which of the following should be emphasized during the Business Impact Analysis (BIA)
considering that the BIA focus is on business processes?
A. Composition
B. Priorities
C. Dependencies
D. Service levels
C
1131
QUESTION NO: 1126
Which of the following recovery plan test results would be most useful to management?
A. elapsed time to perform various activities.
B. list of successful and unsuccessful activities.
C. amount of work completed.
D. description of each activity.
B
1132
QUESTION NO: 1127
Which of the following computer recovery sites is only partially equipped with processing
equipment?
A. hot site.
B. rolling hot site.
C. warm site.
D. cold site.
C
1133
QUESTION NO: 1128
Which of the following computer recovery sites is the least expensive and the most difficult to test?
A. non-mobile hot site.
B. mobile hot site.
C. warm site.
D. cold site.
D
1134
QUESTION NO: 1129
Which of the following is the most important consideration in locating an alternate computing
facility during the development of a disaster recovery plan?
A. It is unlikely to be affected by the same disaster.
B. It is close enough to become operational quickly.
C. It is close enough to serve its users.
D. It is convenient to airports and hotels.
A
1135
QUESTION NO: 1130
Contracts and agreements are often times unenforceable or hard to enforce in which of the
following alternate facility recovery agreement?
A. hot site.
B. warm site.
C. cold site.
D. reciprocal agreement.
D
1136
QUESTION NO: 1131
Organizations should not view disaster recovery as which of the following?
A. Committed expense.
B. Discretionary expense.
C. Enforcement of legal statutes.
D. Compliance with regulations.
B
1137
QUESTION NO: 1132
Which of the following backup sites is the most effective for disaster recovery?
A. Time brokers
B. Hot sites
C. Cold sites
D. Reciprocal Agreement
B
1138
QUESTION NO: 1133
Which of the following is NOT a transaction redundancy implementation?
A. on-site mirroring
B. Electronic Vaulting
C. Remote Journaling
D. Database Shadowing
A
1139
QUESTION NO: 1134
Which of the following provides enterprise management with a prioritized list of time-critical
business processes, and estimates a recovery time objective for each of the time critical
processes and the components of the enterprise that support those processes?
A. Business Impact Assessment
B. Current State Assessment
C. Risk Mitigation Assessment.
D. Business Risk Assessment.
A
1140
QUESTION NO: 1135
Which of the following steps is NOT one of the eight detailed steps of a Business Impact
Assessment (BIA):
A. Notifying senior management of the start of the assessment.
B. Creating data gathering techniques.
C. Identifying critical business functions.
D. Calculating the risk for each different business function.
A
1141
QUESTION NO: 1136
A site that is owned by the company and mirrors the original production site is referred to as a
_______?
A. Hot site.
B. Warm Site.
C. Reciprocal site.
D. Redundant Site.
D
1142
QUESTION NO: 1137
Which of the following results in the most devastating business interruptions?
A. Loss of Hardware/Software
B. Loss of Data
C. Loss of Communication Links
D. Loss of Applications
B
1143
QUESTION NO: 1138
Which of the following is the most critical item from a disaster recovery point of view?
A. Data
B. Hardware/Software
C. Communication Links
D. Software Applications
A
1144
QUESTION NO: 1139
Which of the following is defined as the most recent point in time to which data must be
synchronized without adversely affecting the organization (financial or operational impacts)?
A. Recovery Point Objective
B. Recovery Time Objective
C. Point of Time Objective
D. Critical Time Objective
A
1145
QUESTION NO: 1140
Valuable paper insurance coverage does not cover damage to which of the following?
A. Inscribed, printed and Written documents
B. Manuscripts
C. Records
D. Money and Securities
D
1146
QUESTION NO: 1141
Which of the following is covered under Crime Insurance Policy Coverage?
A. Inscribed, printed and Written documents
B. Manuscripts
C. Accounts Receivable
D. Money and Securities
D
1147
QUESTION NO: 1142
If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be
compensated based on:
A. Value of item on the date of loss
B. Replacement with a new item for the old one regardless of condition of lost item
C. Value of item one month before the loss
D. Value of item on the date of loss plus 10 percent
A
1148
QUESTION NO: 1143
If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property
will be compensated:
A. Based on the value of item on the date of loss
B. Based on new, comparable, or identical item for old regardless of condition of lost item
C. Based on value of item one month before the loss
D. Based on the value listed on the Ebay auction web site
B
1149
QUESTION NO: 1144
What is the Maximum Tolerable Downtime (MTD)?
A. Maximum elapsed time required to complete recovery of application data
B. Minimum elapsed time required to complete recovery of application data
C. Maximum elapsed time required to move back to primary site after a major disruption
D. It is maximum delay businesses can tolerate and still remain viable
D
1150
QUESTION NO: 1145
Out of the steps listed below, which one is not one of the steps conducted during the Business
Impact Analysis (BIA)?
A. Alternate site selection
B. Create data-gathering techniques
C. Identify the company’s critical business functions
D. Select individuals to interview for data gathering
A
1151
QUESTION NO: 1146
Which one of the following is NOT one of the outcomes of a vulnerability assessment?
A. Quantative loss assessment
B. Qualitative loss assessment
C. Formal approval of BCP scope and initiation document
D. Defining critical support areas
C
1152
QUESTION NO: 1147
The scope and focus of the Business continuity plan development depends most on:
A. Directives of Senior Management
B. Business Impact Analysis (BIA)
C. Scope and Plan Initiation
D. Skills of BCP committee
B
1153
QUESTION NO: 1148
Which of the following items is NOT a benefit of cold sites?
A. No resource contention with other organization
B. Quick Recovery
C. A secondary location is available to reconstruct the environment
D. Low Cost
B
1154
QUESTION NO: 1149
Qualitative loss resulting from the business interruption does NOT usually include:
A. Loss of revenue
B. Loss of competitive advantage or market share
C. Loss of public confidence and credibility
D. Loss of market leadership
A
1155
QUESTION NO: 1150
When you update records in multiple locations or you make a copy of the whole database at a
remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows
as?
A. Shadowing
B. Data mirroring
C. Backup
D. Archiving
A
1156
QUESTION NO: 1151
Recovery Site Strategies for the technology environment depend on how much downtime an
organization can tolerate before the recovery must be completed. What would you call a strategy
where the alternate site is internal, standby ready, with all the technology and equipment
necessary to run the applications?
A. External Hot site
B. Warm Site
C. Internal Hot Site
D. Dual Data Center
C
1157
QUESTION NO: 1152
What is the most correct choice below when talking about the steps to resume normal operation at
the primary site after the green light has been given by the salvage team?
A. The most critical operations are moved from alternate site to primary site before others
B. Operation may be carried by a completely different team than disaster recovery team
C. The least critical functions should be moved back first
D. You moves items back in the same order as the categories document in your plan or exactly in
the same order as you did on your way to the alternate site
C
1158
QUESTION NO: 1153
Business Continuity and Disaster Recovery Planning (Primarily) addresses the:
A. Availability of the CIA triad
B. Confidentiality of the CIA triad
C. Integrity of the CIA triad
D. Availability, Confidentiality and Integrity of the CIA triad
A
1159
QUESTION NO: 1154
Which of the following is used to create parity information?
A. a hamming code
B. a clustering code
C. a mirroring code
D. a striping code
A
1160
QUESTION NO: 1155
Which of the following backup methods makes a complete backup of every file on the server every
time it is run?
A. full backup method.
B. incremental backup method.
C. differential backup method.
D. tape backup method.
A
1161
QUESTION NO: 1156
Which of the following is a large hardware/software backup system that uses the RAID
technology?
A. Tape Array.
B. Scale Array.
C. Crimson Array
D. Table Array.
D
1162
QUESTION NO: 1157
What is the MOST critical piece to disaster recovery and continuity planning?
A. Security policy
B. Management support
C. Availability of backup information processing facilities
D. Staff training
B
1163
QUESTION NO: 1158
During the testing of the business continuity plan (BCP), which of the following methods of results
analysis provides the BEST assurance that the plan is workable?
A. Measurement of accuracy
B. Elapsed time for completion of critical tasks
C. Quantitatively measuring the results of the test
D. Evaluation of the observed test results
C
1164
QUESTION NO: 1159
Which of the following statements regarding an off-site information processing facility is TRUE?
A. It should have the same amount of physical access restrictions as the primary processing site.
B. It should be located in proximity to the originating site so that it can quickly be made
operational.
C. It should be easily identified from the outside so in the event of an emergency it can be easily
found.
D. Need not have the same level of environmental monitoring as the originating site since this
would be cost prohibitive.
A
1165
QUESTION NO: 1160
Notifying the appropriate parties to take action in order to determine the extent of the severity of an
incident and to remediate the incident's effects is part of:
A. Incident Evaluation
B. Incident Recognition
C. Incident Protection
D. Incident Response
D
1166
QUESTION NO: 1161
A server farm consisting of multiple similar servers seen as a single IP address from users
interacting with the group of servers is an example of which of the following?
A. Server clustering
B. Redundant servers
C. Multiple servers
D. Server fault tolerance
A
1167
QUESTION NO: 1162
Which of the following is NOT a common backup method?
A. Full backup method
B. Daily backup method
C. Incremental backup method
D. Differential backup method
B
1168
QUESTION NO: 1163
Which common backup method is the fastest on a daily basis?
A. Full backup method
B. Incremental backup method
C. Fast backup method
D. Differential backup method
B
1169
QUESTION NO: 1164
Which of the following backup methods is most appropriate for off-site archiving?
A. Incremental backup method
B. Off-site backup method
C. Full backup method
D. Differential backup method
C
1170
QUESTION NO: 1165
Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)?
A. Calculate the risk for each different business function.
B. Identify the company’s critical business functions.
C. Calculate how long these functions can survive without these resources.
D. Develop a mission statement.
D
1171
QUESTION NO: 1166
Which of the following statements pertaining to RAID technologies is incorrect?
A. RAID-5 has a higher performance in read/write speeds than the other levels.
B. RAID-3 uses byte-level striping with dedicated parity .
C. RAID-0 relies solely on striping.
D. RAID-4 uses dedicated parity.
A
1172
QUESTION NO: 1167
Which of the following is NOT a common category/classification of threat to an IT system?
A. Human
B. Natural
C. Technological
D. Hackers
D
1173
QUESTION NO: 1168
Which of the following enables the person responsible for contingency planning to focus risk
management efforts and resources in a prioritized manner only on the identified risks?
A. Risk assessment
B. Residual risks
C. Security controls
D. Business units
A
1174
QUESTION NO: 1169
A contingency plan should address:
A. Potential risks.
B. Residual risks.
C. Identified risks.
D. All answers are correct.
D
1175
QUESTION NO: 1170
Which of the following focuses on sustaining an organization's business functions during and after
a disruption?
A. Business continuity plan
B. Business recovery plan
C. Continuity of operations plan
D. Disaster recovery plan
A
1176
QUESTION NO: 1171
Which of the following specifically addresses cyber attacks against an organization's IT systems?
A. Continuity of support plan
B. Business continuity plan
C. Incident response plan
D. Continuity of operations plan
C
1177
QUESTION NO: 1172
Which of the following provides coordinated procedures for minimizing loss of life, injury, and
property damage in response to a physical threat?
A. Business continuity plan
B. Incident response plan
C. Disaster recovery plan
D. Occupant emergency plan
D
1178
QUESTION NO: 1173
Which of the following teams should NOT be included in an organization's contingency plan?
A. Damage assessment team
B. Hardware salvage team
C. Tiger team
D. Legal affairs team
C
1179
QUESTION NO: 1174
Which of the following statements pertaining to the maintenance of an IT contingency plan is
incorrect?
A. The plan should be reviewed at least once a year for accuracy and completeness.
B. The Contingency Planning Coordinator should make sure that every employee gets an up-todate
copy of the plan.
C. Strict version control should be maintained.
D. Copies of the plan should be provided to recovery personnel for storage offline at home and
office.
B
1180
QUESTION NO: 1175
Which of the following is less likely to accompany a contingency plan, either within the plan itself
or in the form of an appendix?
A. Contact information for all personnel.
B. Vendor contact information, including offsite storage and alternate site.
C. Equipment and system requirements lists of the hardware, software, firmware and other
resources required to support system operations.
D. The Business Impact Analysis.
A
1181
QUESTION NO: 1176
Which of the following server contingency solutions offers the highest availability?
A. System backups
B. Electronic vaulting/remote journaling
C. Redundant arrays of independent disks (RAID)
D. Load balancing/disk replication
D
1182
QUESTION NO: 1177
What assesses potential loss that could be caused by a disaster?
A. The Business Assessment (BA)
B. The Business Impact Analysis (BIA)
C. The Risk Assessment (RA)
D. The Business Continuity Plan (BCP)
B
1183
QUESTION NO: 1178
Which of the following item would best help an organization to gain a common understanding of
functions that are critical to its survival?
A. A risk assessment
B. A business assessment
C. A disaster recovery plan
D. A business impact analysis
D
1184
QUESTION NO: 1179
What can be defined as the maximum acceptable length of time that elapses before the
unavailability of the system severely affects the organization?
A. Recovery Point Objectives (RPO)
B. Recovery Time Objectives (RTO)
C. Recovery Time Period (RTP)
D. Critical Recovery Time (CRT)
B
1185
QUESTION NO: 1180
Which of the following steps should be one of the first step performed in a Business Impact
Analysis (BIA)?
A. Identify all CRITICAL business units within the organization.
B. Evaluate the impact of disruptive events.
C. Estimate the Recovery Time Objectives (RTO).
D. Identify and Prioritize Critical Organization Functions
D
1186
QUESTION NO: 1181
A business continuity plan should list and prioritize the services that need to be brought back after
a disaster strikes. Which of the following services is more likely to be of primary concern in the
context of what your Disaster Recovery Plan would include?
A. Marketing/Public relations
B. Data/Telecomm/IS facilities
C. IS Operations
D. Facilities security
B
1187
QUESTION NO: 1182
During the salvage of the Local Area Network and Servers, which of the following steps would
normally be performed first?
A. Damage mitigation
B. Install LAN communications network and servers
C. Assess damage to LAN and servers
D. Recover equipment
C
1188
QUESTION NO: 1183
Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is
incorrect?
A. In order to facilitate recovery, a single plan should cover all locations.
B. There should be requirements to form a committee to decide a course of action. These
decisions should be made ahead of time and incorporated into the plan.
C. In its procedures and tasks, the plan should refer to functions, not specific individuals.
D. Critical vendors should be contacted ahead of time to validate equipment can be obtained in a
timely manner.
A
1189
QUESTION NO: 1184
A Business Continuity Plan should be tested:
A. Once a month.
B. At least twice a year.
C. At least once a year.
D. At least once every two years.
C
1190
QUESTION NO: 1185
Which of the following statements pertaining to a Criticality Survey is incorrect?
A. It is implemented to gather input from all personnel that is going to be part of the recovery
teams.
B. The purpose of the survey must be clearly stated.
C. Management's approval should be obtained before distributing the survey.
D. Its intent is to find out what services and systems are critical to keeping the organization in
business.
A
1191
QUESTION NO: 1186
Which disaster recovery plan test involves functional representatives meeting to review the plan in
detail?
A. Simulation test
B. Checklist test
C. Parallel test
D. Structured walk-through test
D
1192
QUESTION NO: 1187
System reliability is increased by:
A. A lower MTBF and a lower MTTR.
B. A higher MTBF and a lower MTTR.
C. A lower MTBF and a higher MTTR.
D. A higher MTBF and a higher MTTR.
B
1193
QUESTION NO: 1188
The first step in the implementation of the contingency plan is to perform:
A. A firmware backup
B. A data backup
C. An operating systems software backup
D. An application software backup
B
1194
QUESTION NO: 1189
The MOST common threat that impacts a business's ability to function normally is:
A. Power Outage
B. Water Damage
C. Severe Weather
D. Labor Strike
A
1195
QUESTION NO: 1190
Failure of a contingency plan is usually:
A. A technical failure.
B. A management failure.
C. Because of a lack of awareness.
D. Because of a lack of training.
B
1196
QUESTION NO: 1191
Which of the following questions is less likely to help in assessing an organization's contingency
planning controls?
A. Is damaged media stored and/or destroyed?
B. Are the backup storage site and alternate site geographically far enough from the primary site?
C. Is there an up-to-date copy of the plan stored securely off-site?
D. Is the location of stored backups identified?
A
1197
QUESTION NO: 1192
A business continuity plan is an example of which of the following?
A. Corrective control
B. Detective control
C. Preventive control
D. Compensating control
A
1198
QUESTION NO: 1193
When preparing a business continuity plan, who of the following is responsible for identifying and
prioritizing time-critical systems?
A. Executive management staff
B. Senior business unit management
C. BCP committee
D. Functional business units
B
1199
QUESTION NO: 1194
Which of the following statements pertaining to disaster recovery planning is incorrect?
A. Every organization must have a disaster recovery plan
B. A disaster recovery plan contains actions to be taken before, during and after a disruptive
event.
C. The major goal of disaster recovery planning is to provide an organized way to make decisions
if a disruptive event occurs.
D. A disaster recovery plan should cover return from alternate facilities to primary facilities.
A
1200
QUESTION NO: 1195
Which of the following statements do not apply to a hot site?
A. It is expensive.
B. There are cases of common overselling of processing capabilities by the service provider.
C. It provides a false sense of security.
D. It is accessible on a first come first serve basis. In case of large disaster it might not be
accessible.
C
1201
QUESTION NO: 1196What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?
A. Remote journaling
B. Electronic vaulting
C. Data clustering
D. Database shadowing
B
1202
QUESTION NO: 1197
Which of the following is the most complete disaster recovery plan test type, to be performed after
successfully completing the Parallel test?
A. Full Interruption test
B. Checklist test
C. Simulation test
D. Structured walk-through test
A
1203
QUESTION NO: 1198
Which of the following statements pertaining to disaster recovery is incorrect?
A. A recovery team's primary task is to get the pre-defined critical business functions at the
alternate backup processing site.
B. A salvage team's task is to ensure that the primary site returns to normal processing conditions.
C. The disaster recovery plan should include how the company will return from the alternate site to
the primary site.
D. When returning to the primary site, the most critical applications should be brought back first.
D
1204
QUESTION NO: 1199
For which areas of the enterprise are business continuity plans required?
A. All areas of the enterprise.
B. The financial and information processing areas of the enterprise.
C. The operating areas of the enterprise.
D. The marketing, finance, and information processing areas.
A
1205
QUESTION NO: 1200
Which of the following will a Business Impact Analysis NOT identify?
A. Areas that would suffer the greatest financial or operational loss in the event of a disaster.
B. Systems critical to the survival of the enterprise.
C. The names of individuals to be contacted during a disaster.
D. The outage time that can be tolerated by the enterprise as a result of a disaster.
C
1206
QUESTION NO: 1201
What is a hot-site facility?
A. A site with pre-installed computers, raised flooring, air conditioning, telecommunications and
networking equipment, and UPS.
B. A site in which space is reserved with pre-installed wiring and raised floors.
C. A site with raised flooring, air conditioning, telecommunications, and networking equipment, and
UPS.
D. A site with ready made work space with telecommunications equipment, LANs, PCs, and
terminals for work groups.
A
1207
QUESTION NO: 1202
Which of the following best describes remote journaling?
A. Send hourly tapes containing transactions off-site.
B. Send daily tapes containing transactions off-site.
C. Real-time capture of transactions to multiple storage devices.
D. Real time transmission of copies of the entries in the journal of transactions to an alternate site.
D
1208
QUESTION NO: 1203
All of the following can be considered essential business functions that should be identified when
creating a Business Impact Analysis (BIA) except one. Which of the following would not be
considered an essential element of the BIA but an important topic to include within the BCP plan:
A. IT Network Support
B. Accounting
C. Public Relations
D. Purchasing
C
1209
QUESTION NO: 1204
Of the following, which is NOT a specific loss criteria that should be considered while developing a BIA?
A. Loss of skilled workers knowledge
B. Loss in revenue
C. Loss in profits
D. Loss in reputation
A
1210
QUESTION NO: 1205
Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?
A. Personnel turnover
B. Large plans can take a lot of work to maintain
C. Continous auditing makes a Disaster Recovery plan irrelevant
D. Infrastructure and environment changes
C
1211
QUESTION NO: 1206
Which backup type run at regular intervals would take the least time to complete?
A. Full Backup
B. Differential Backup
C. Incremental Backup
D. Disk Mirroring
C
1212
QUESTION NO: 1207
What is electronic vaulting?
A. Information is backed up to tape on a hourly basis and is stored in a on-site vault.
B. Information is backed up to tape on a daily basis and is stored in a on-site vault.
C. Transferring electronic journals or transaction logs to an off-site storage facility
D. A transfer of bulk information to a remote central backup facility.
D
1213
QUESTION NO: 1208
After a company is out of an emergency state, what should be moved back to the original site
first?
A. Executives
B. Least critical components
C. IT support staff
D. Most critical components
B
1214
QUESTION NO: 1209
How often should tests and disaster recovery drills be performed?
A. At least once a quarter
B. At least once every 6 months
C. At least once a year
D. At least once every 2 years
C
1215
QUESTION NO: 1210
A business impact assessment is one element in business continuity planning. What are the three
primary goals of a BIA?
A. Data processing continuity planning, data recovery plan maintenance, and testing the disaster
recovery plan.
B. Scope and plan initiation, business continuity plan development, and plan approval and
implementation.
C. Facility requirements planning, facility security management, and administrative personnel
controls.
D. Criticality prioritization, downtime estimation, and resource requirements.
D
1216
QUESTION NO: 1211
Business Continuity Planning (BCP) is not defined as a preparation that facilitates:
A. the rapid recovery of mission-critical business operations
B. the continuation of critical business functions
C. the monitoring of threat activity for adjustment of technical controls
D. the reduction of the impact of a disaster
C
1217
QUESTION NO: 1212
During a test of a disaster recovery plan the IT systems are concurrently set up at the alternate
site. The results are compared to the results of regular processing at the original site. What kind of
testing has taken place?
A. Simulation
B. Parallel
C. Checklist
D. Full interruption
B
1218
QUESTION NO: 1213
During a business impact analysis it is concluded that a system has maximum tolerable downtime
of 2 hours. What would this system be classified as?
A. Important
B. Urgent
C. Critical
D. Vital
C
1219
QUESTION NO: 1214
Business Impact Analysis (BIA) is about
A. Technology
B. Supporting the mission of the organization
C. Due Care
D. Risk Assessment
B
1220
QUESTION NO: 1215
What is the MOST important step in business continuity planning?
A. Risk Assessment
B. Due Care
C. Business Impact Analysis (BIA)
D. Due Diligence
C
1221
QUESTION NO: 1216
You have been tasked with developing a Business Continuity Plan/Disaster Recovery (BCP/DR)
plan. After several months of researching the various areas of the organization, you are ready to
present the plan to Senior Management.
During the presentation meeting, the plan that you have dutifully created is not received positively.
Senior Management is not convinced that they need to enact your plan, nor are they prepared to
invest any money in the plan.
What is the BEST reason, as to why Senior Management is not willing to enact your plan?
A. The business case was not initially made and thus did not secure their support.
B. They were not included in any of the Risk Assessment meetings.
C. They were not included in any of the Business Impact Assessment meetings.
D. A Business Impact Assessment was not performed.
A
1222
QUESTION NO: 1217
How often should a Business Continuity Plan be reviewed?
A. At least once a month
B. At least every six months
C. At least once a year
D. At least Quarterly
C
1223
QUESTION NO: 1218
Mark's manager has tasked him with researching an intrusion detection system for a new
dispatching center. Mark identifies the top five products and compares their ratings. Which of the
following is the evaluation criteria most in use today for these types of purposes?
A. ITSEC
B. Common Criteria
C. Red Book
D. Orange Book
B
1224
QUESTION NO: 1219
When planning for disaster recovery it is important to know a chain of command should one or
more people become missing, incapacitated or otherwise not available to lead the organization.
Which of the following terms BEST describes this process?
A. Succession Planning
B. Continuity of Operations
C. Business Impact Analysis
D. Business Continuity Planning
A
1225
QUESTION NO: 1220
Of the three types of alternate sites: hot, warm or cold, which is BEST described by the following
facility description?
- Configured and functional facility
- Available with a few hours
- Requires constant maintenance
- Is expensive to maintain
A. Hot Site
B. Warm Site
C. Cold Site
D. Remote Site
A
1226
QUESTION NO: 1221
Which of the following plan provides procedures for sustaining essential business operations while
recovering from significant disruption?
A. Business Continuity Plan
B. Occupant Emergency Plan
C. Cyber Incident Response Plan
D. Disaster Recovery Plan
A
1227
QUESTION NO: 1222
Which of the following groups represents the leading source of computer crime losses?
A. Hackers
B. Industrial saboteurs
C. Foreign intelligence officers
D. Employees
D
1228
QUESTION NO: 1223
Which of the following is biggest factor that makes Computer Crimes possible?
A. The fraudster obtaining advanced training & special knowledge.
B. Victim carelessness.
C. Collusion with others in information processing.
D. System design flaws.
B
1229
QUESTION NO: 1224
Under United States law, an investigator's notebook may be used in court in which of the following
scenarios?
A. When the investigator is unwilling to testify.
B. When other forms of physical evidence are not available.
C. To refresh the investigators memory while testifying.
D. If the defense has no objections.
C
1230
QUESTION NO: 1225
In addition to the Legal Department, with what company function must the collection of physical
evidence be coordinated if an employee is suspected?
A. Human Resources
B. Industrial Security
C. Public Relations
D. External Audit Group
A
1231
QUESTION NO: 1226
To be admissible in court, computer evidence must be which of the following?
A. Relevant
B. Decrypted
C. Edited
D. Incriminating
A
1232
QUESTION NO: 1227
The typical computer fraudsters are usually persons with which of the following characteristics?
A. They have had previous contact with law enforcement
B. They conspire with others
C. They hold a position of trust
D. They deviate from the accepted norms of society
C
1233
QUESTION NO: 1228
Once evidence is seized, a law enforcement officer should emphasize which of the following?
A. Chain of command
B. Chain of custody
C. Chain of control
D. Chain of communications
B
1234
QUESTION NO: 1229
The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP:
A. Honesty
B. Ethical behavior
C. Legality
D. Control
D
1235
QUESTION NO: 1230
Which of the following cannot be undertaken in conjunction or while computer incident handling is
ongoing?
A. System development activity
B. Help-desk function
C. System Imaging
D. Risk management process
A
1236
QUESTION NO: 1231
Which of the following is from the Internet Architecture Board (IAB) Ethics and the Internet (RFC
1087)?
A. Access to and use of the Internet is a privilege and should be treated as such by all users of the
systems.
B. Users should execute responsibilities in a manner consistent with the highest standards of their
profession.
C. There must not be personal data record-keeping systems whose very existence is secret.
D. There must be a way for a person to prevent information about them, which was obtained for
one purpose, from being used or made available for another purpose without their consent.
A
1237
QUESTION NO: 1232
Which of the following is NOT defined in the Internet Architecture Board (IAB) Ethics and the
Internet (RFC 1087) as unacceptable and unethical activity?
A. uses a computer to steal
B. destroys the integrity of computer-based information
C. wastes resources such as people, capacity and computers through such actions
D. involves negligence in the conduct of Internet-wide experiments
A
1238
QUESTION NO: 1233
Which one of the following is a key agreement protocol used to enable two entities to agree and
generate a session key (secret key used for one session) over an insecure medium without any
prior secrets or communications between the entities? The negotiated key will subsequently be
used for message encryption using Symmetric Cryptography.
A. RSA
B. PKI
C. Diffie_Hellmann
D. 3DES
C
1239
QUESTION NO: 1234
In the process of gathering evidence from a computer attack, a system administrator took a series
of actions which are listed below. Can you identify which one of these actions has compromised
the whole evidence collection process?
A. Using a write blocker
B. Made a full-disk image
C. Created a message digest for log files
D. Displayed the contents of a folder
D
1240
QUESTION NO: 1235
Which of the following tools is NOT likely to be used by a hacker?
A. Nessus
B. Saint
C. Tripwire
D. Nmap
C
1241
QUESTION NO: 1236
Which of the following computer crime is MORE often associated with INSIDERS?
A. IP spoofing
B. Password sniffing
C. Data diddling
D. Denial of service (DOS)
C
1242
QUESTION NO: 1237
What do the ILOVEYOU and Melissa virus attacks have in common?
A. They are both denial-of-service (DOS) attacks.
B. They have nothing in common.
C. They are both masquerading attacks.
D. They are both social engineering attacks.
C
1243
QUESTION NO: 1238
Crackers today are MOST often motivated by their desire to:
A. Help the community in securing their networks.
B. Seeing how far their skills will take them.
C. Getting recognition for their actions.
D. Gaining Money or Financial Gains.
D
1244
QUESTION NO: 1239
Which of the following statements regarding trade secrets is FALSE?
A. For a company to have a resource qualify as a trade secret, it must provide the company with
some type of competitive value or advantage.
B. The Trade Secret Law normally protects the expression of the idea of the resource.
C. Many companies require their employees to sign nondisclosure agreements regarding the
protection of their trade secrets.
D. A resource can be protected by law if it is not generally known and if it requires special skill,
ingenuity, and/or expenditure of money and effort to develop it.
B
1245
QUESTION NO: 1240
What is the PRIMARY goal of incident handling?
A. Successfully retrieve all evidence that can be used to prosecute
B. Improve the company's ability to be prepared for threats and disasters
C. Improve the company's disaster recovery plan
D. Contain and repair any damage caused by an event.
D
1246
QUESTION NO: 1241
Which of the following would be LESS likely to prevent an employee from reporting an incident?
A. They are afraid of being pulled into something they don't want to be involved with.
B. The process of reporting incidents is centralized.
C. They are afraid of being accused of something they didn't do.
D. They are unaware of the company's security policies and procedures.
B
1247
QUESTION NO: 1242
Which of the following outlined how senior management are responsible for the computer and
information security decisions that they make and what actually took place within their
organizations?
A. The Computer Security Act of 1987.
B. The Federal Sentencing Guidelines of 1991.
C. The Economic Espionage Act of 1996.
D. The Computer Fraud and Abuse Act of 1986.
B
1248
QUESTION NO: 1243
What is the PRIMARY reason to maintain the chain of custody on evidence that has been
collected?
A. To ensure that no evidence is lost.
B. To ensure that all possible evidence is gathered.
C. To ensure that it will be admissible in court
D. To ensure that incidents were handled with due care and due diligence.
C
1249
QUESTION NO: 1244
Which of the following logical access exposures INVOLVES CHANGING data before, or as it is
entered into the computer?
A. Data diddling
B. Salami techniques
C. Trojan horses
D. Viruses
A
1250
QUESTION NO: 1245
Which of the following is an example of an active attack?
A. Traffic analysis
B. Scanning
C. Eavesdropping
D. Wiretapping
B
1251
QUESTION NO: 1246
The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the
cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of
the corresponding vulnerability. Therefore, a legal liability may exists when:
A. (C L) or C is greather than L
D. (C > L - (residual risk)) or C is greather than L minus residual risk
A
1252
QUESTION NO: 1247
What is called an exception to the search warrant requirement that allows an officer to conduct a
search without having the warrant in-hand if probable cause is present and destruction of the
evidence is deemed imminent?
A. Evidence Circumstance Doctrine
B. Exigent Circumstance Doctrine
C. Evidence of Admissibility Doctrine
D. Exigent Probable Doctrine
B
1253
QUESTION NO: 1248
A copy of evidence or oral description of its contents; which is not as reliable as best evidence is
what type of evidence?
A. Direct evidence
B. Circumstantial evidence
C. Hearsay evidence
D. Secondary evidence
D
1254
QUESTION NO: 1249
Which of the following proves or disproves a specific act through oral testimony based on
information gathered through the witness's five senses?
A. Direct evidence.
B. Circumstantial evidence.
C. Conclusive evidence.
D. Corroborative evidence.
A
1255
QUESTION NO: 1250
This is a common security issue that is extremely hard to control in large environments. It occurs
when a user has more computer rights, permissions, and access than what is required for the
tasks the user needs to fulfill. What best describes this scenario?
A. Excessive Rights
B. Excessive Access
C. Excessive Permissions
D. Excessive Privileges
D
1256
QUESTION NO: 1251
Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud/attack
makes use of a device that generates tones to simulate inserting coins in pay phones, thus fooling
the system into completing free calls?
A. Red Boxes
B. Blue Boxes
C. White Boxes
D. Black Boxes
A
1257
QUESTION NO: 1252
When companies come together to work in an integrated manner such as extranets, special care
must be taken to ensure that each party promises to provide the necessary level of protection,
liability and responsibility. These aspects should be defined in the contracts that each party signs.
What describes this type of liability?
A. Cascade liabilities
B. Downstream liabilities
C. Down-flow liabilities
D. Down-set liabilities
B
1258
QUESTION NO: 1253
This type of supporting evidence is used to help prove an idea or a point, however It cannot stand
on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence?
A. Circumstantial evidence
B. Corroborative evidence
C. Opinion evidence
D. Secondary evidence
B
1259
QUESTION NO: 1254
Under intellectual property law what would you call information that companies keep secret to give
them an advantage over their competitors?
A. Copyright
B. Patent
C. Trademark
D. Trade Secrets
D
1260
QUESTION NO: 1255
Which category of law is also referenced as a Tort law?
A. Civil law
B. Criminal law
C. Administrative law
D. Public law
A
1261
QUESTION NO: 1256
What category of law deals with regulatory standards that regulate performance and conduct?
Government agencies create these standards, which are usually applied to companies and
individuals within those companies?
A. Standards law.
B. Conduct law.
C. Compliance law.
D. Administrative law.
D
1262
QUESTION NO: 1257
The copyright law ("original works of authorship") protects the right of the owner in all of the
following except?
A. The public distribution of the idea
B. Reproduction of the idea
C. The idea itself
D. Display of the idea
C
1263
QUESTION NO: 1258
To understand the 'whys' in crime, many times it is necessary to understand MOM. Which of the
following is not a component of MOM?
A. Opportunities
B. Methods
C. Motivation
D. Means
B
1264
QUESTION NO: 1259
In the statement below, fill in the blank:
Law enforcement agencies must get a warrant to search and seize an individual's property, as
stated in the _____ Amendment.
A. First.
B. Second.
C. Third.
D. Fourth.
D
1265
QUESTION NO: 1260
Within the legal domain what rule is concerned with the legality of how the evidence was
gathered?
A. Exclusionary rule
B. Best evidence rule
C. Hearsay rule
D. Investigation rule
A
1266
QUESTION NO: 1261
Computer-generated evidence is considered:
A. Best evidence
B. Second hand evidence
C. Demonstrative evidence
D. Direct evidence
B
1267
QUESTION NO: 1262
Which of the following would be MOST important to guarantee that the computer evidence will be
admissible in court?
A. It must prove a fact that is immaterial to the case.
B. Its reliability must be proven.
C. The process for producing it must be documented and repeatable.
D. The chain of custody of the evidence must show who collected, secured, controlled, handled,
transported the evidence, and that it was not tampered with.
D
1268
QUESTION NO: 1263
Keeping in mind that these are objectives that are provided for information only within the CBK as they only apply to the committee and not to the individuals. Which of the following statements
pertaining to the (ISC)2 Code of Ethics is incorrect?
A. All information systems security professionals who are certified by (ISC)2 recognize that such a
certification is a privilege that must be both earned and maintained.
B. All information systems security professionals who are certified by (ISC)2 shall provide diligent
and competent service to principals.
C. All information systems security professionals who are certified by (ISC)2 shall forbid behavior
such as associating or appearing to associate with criminals or criminal behavior.
D. All information systems security professionals who are certified by (ISC)2 shall promote the
understanding and acceptance of prudent information security measures.
C
1269
QUESTION NO: 1264
Which of the following statements is not listed within the 4 canons of the (ISC)2 Code of Ethics?
A. All information systems security professionals who are certified by (ISC)2 shall observe all
contracts and agreements, express or implied.
B. All information systems security professionals who are certified by (ISC)2 shall render only
those services for which they are fully competent and qualified.
C. All information systems security professionals who are certified by (ISC)2 shall promote and
preserve public trust and confidence in information and systems.
D. All information systems security professionals who are certified by (ISC)2 shall think about the
social consequences of the program they write.
D
1270
QUESTION NO: 1265
Regarding codes of ethics covered within the ISC2 CBK, within which of them is the phrase
"Discourage unsafe practice" found?
A. Computer Ethics Institute commandments
B. (ISC)2 Code of Ethics
C. Internet Activities Board's Ethics and the Internet (RFC1087)
D. CIAC Guidelines
B
1271
QUESTION NO: 1266
Which of the following European Union (EU) principles pertaining to the protection of information
on private individuals is incorrect?
A. Data collected by an organization can be used for any purpose and for as long as necessary,
as long as it is never communicated outside of the organization by which it was collected.
B. Individuals have the right to correct errors contained in their personal data.
C. Transmission of personal information to locations where "equivalent" personal data protection
cannot be assured is prohibited.
D. Records kept on an individual should be accurate and up to date.
A
1272
QUESTION NO: 1267
Which of the following is NOT a Generally Accepted System Security Principle (GASSP)?
A. Computer security supports the mission of the organization
B. Computer security should be cost-effective
C. The conception of computer viruses and worms is unethical.
D. Systems owners have security responsibilities outside their organization.
C
1273
QUESTION NO: 1268
Which of the following would best describe secondary evidence?
A. Oral testimony by a non-expert witness
B. Oral testimony by an expert witness
C. A copy of a piece of evidence
D. Evidence that proves a specific act
C
1274
QUESTION NO: 1269
Why would a memory dump be admissible as evidence in court?
A. Because it is used to demonstrate the truth of the contents.
B. Because it is used to identify the state of the system.
C. Because the state of the memory cannot be used as evidence.
D. Because of the exclusionary rule.
B
1275
QUESTION NO: 1270
Which type of attack would a competitive intelligence attack best classify as?
A. Business attack
B. Intelligence attack
C. Financial attack
D. Grudge attack
A
1276
QUESTION NO: 1271
Due care is not related to:
A. Good faith
B. Prudent man
C. Profit
D. Best interest
C
1277
QUESTION NO: 1272
Which of the following is not a form of passive attack?
A. Scavenging
B. Data diddling
C. Shoulder surfing
D. Sniffing
B
1278
QUESTION NO: 1273
When a possible intrusion into your organization's information system has been detected, which of
the following actions should be performed first?
A. Eliminate all means of intruder access.
B. Contain the intrusion.
C. Determine to what extent systems and data are compromised.
D. Communicate with relevant parties.
C
1279
QUESTION NO: 1274
When first analyzing an intrusion that has just been detected and confirming that it is a true
positive, which of the following actions should be done as a first step if you wish to prosecute the
attacker in court?
A. Back up the compromised systems.
B. Identify the attacks used to gain access.
C. Capture and record system information.
D. Isolate the compromised systems.
C
1280
QUESTION NO: 1275
In order to be able to successfully prosecute an intruder:
A. A point of contact should be designated to be responsible for communicating with law
enforcement and other external agencies.
B. A proper chain of custody of evidence has to be preserved.
C. Collection of evidence has to be done following predefined procedures.
D. Whenever possible, analyze a replica of the compromised resource, not the original, thereby
avoiding inadvertently tamping with evidence.
B
1281
QUESTION NO: 1276
When referring to a computer crime investigation, which of the following would be the MOST
important step required in order to preserve and maintain a proper chain of custody of evidence:
A. Evidence has to be collected in accordance with all laws and all legal regulations.
B. Law enforcement officials should be contacted for advice on how and when to collect critical
information.
C. Verifiable documentation indicating the who, what, when, where, and how the evidence was
handled should be available.
D. Log files containing information regarding an intrusion are retained for at least as long as
normal business records, and longer in the case of an ongoing investigation.
C
1282
QUESTION NO: 1277
When should a post-mortem review meeting be held after an intrusion has been properly taken
care of?
A. Within the first three months after the investigation of the intrusion is completed.
B. Within the first week after prosecution of intruders have taken place, whether successful or not.
C. Within the first month after the investigation of the intrusion is completed.
D. Within the first week of completing the investigation of the intrusion.
D
1283
QUESTION NO: 1278
If an organization were to monitor their employees' e-mail, it should not:
A. Monitor only a limited number of employees.
B. Inform all employees that e-mail is being monitored.
C. Explain who can read the e-mail and how long it is backed up.
D. Explain what is considered an acceptable use of the e-mail system.
A
1284
QUESTION NO: 1279
If an employee's computer has been used by a fraudulent employee to commit a crime, the hard
disk may be seized as evidence and once the investigation is complete it would follow the normal
steps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which of
the following steps listed below?
A. Acquisition collection and identification
B. Analysis
C. Storage, preservation, and transportation
D. Destruction
D
1285
QUESTION NO: 1280
Which of the following is a problem regarding computer investigation issues?
A. Information is tangible.
B. Evidence is easy to gather.
C. Computer-generated records are only considered secondary evidence, thus are not as reliable
as best evidence.
D. In many instances, an expert or specialist is not required.
C
1286
QUESTION NO: 1281
What is defined as inference of information from other, intermediate, relevant facts?
A. Secondary evidence
B. Conclusive evidence
C. Hearsay evidence
D. Circumstantial evidence
D
1287
QUESTION NO: 1282
Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions
would have no bearing on the inadmissibility of audit logs and audit trails in a court of law?
A. Records are collected during the regular conduct of business.
B. Records are collected by senior or executive management.
C. Records are collected at or near the time of occurrence of the act being investigated to
generate automated reports.
D. You can prove no one could have changed the records/data/logs that were collected.
B
1288
QUESTION NO: 1283
Which of the following is the BEST way to detect software license violations?
A. Implementing a corporate policy on copyright infringements and software use.
B. Requiring that all PCs be diskless workstations.
C. Installing metering software on the LAN so applications can be accessed through the metered
software.
D. Regularly scanning PCs in use to ensure that unauthorized copies of software have not been
loaded on the PC.
D
1289
QUESTION NO: 1284
Which of the following categories of hackers poses the greatest threat?
A. Disgruntled employees
B. Student hackers
C. Criminal hackers
D. Corporate spies
A
1290
QUESTION NO: 1285
Which of the following best defines a Computer Security Incident Response Team (CSIRT)?
A. An organization that provides a secure channel for receiving reports about suspected security
incidents.
B. An organization that ensures that security incidents are reported to the authorities.
C. An organization that coordinates and supports the response to security incidents.
D. An organization that disseminates incident-related information to its constituency and other
involved parties.
C
1291
QUESTION NO: 1286
Under the principle of culpable negligence, executives can be held liable for losses that result from
computer system breaches if:
A. The company is not a multi-national company.
B. They have not exercised due care protecting computing resources.
C. They have failed to properly insure computer resources against loss.
D. The company does not prosecute the hacker that caused the breach.
B
1292
QUESTION NO: 1287
The deliberate planting of apparent flaws in a system for the purpose of detecting attempted
penetrations or confusing an intruder about which flaws to exploit is called:
A. alteration
B. investigation
C. entrapment
D. enticement.
D
1293
QUESTION NO: 1288
Which element must computer evidence have to be admissible in court?
A. It must be relevant.
B. It must be annotated.
C. It must be printed.
D. It must contain source code.
A
1294
QUESTION NO: 1289
The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior
for Internet users?
A. Writing computer viruses.
B. Monitoring data traffic.
C. Wasting computer resources.
D. Concealing unauthorized accesses.
C
1295
QUESTION NO: 1290
A security analyst asks you to look at the traffic he has gathered, and you find several Push flags
within the capture. It seems the packets are sent to an unknown Internet Address (IP) that is not
in your network from one of your own IP addresses which is a financial database that is critical and
must remain up and running 24x7. This traffic was noticed in the middle of the day. What would be
the best course of action to follow?
A. Shut off the Port to the database and start conducting computer forensics
B. Let the connection stay up because you do not want to disrupt availability
C. Contact the FBI or the US Secret Service to give guidance on what steps should be taken
D. Block the IP address at the perimeter and create a bit level copy of the database server. Run
antivirus scan on the database and add to the IPS a rule to automatically block similar traffic.
D
1296
QUESTION NO: 1291
The US department of Health, Education and Welfare developed a list of fair information practices
focused on privacy of individually, personal identifiable information. Which one of the following is
incorrect?
A. There must be a way for a person to find out what information about them exists and how it is
used.
B. There must be a personal data record-keeping system whose very existence shall be kept
secret.
C. There must be a way for a person to prevent information about them, which was obtained for
one purpose, from being used or made available for another purpose without their consent.
D. Any organization creating, maintaining, using, or disseminating records of personal identifiable
information must ensure reliability of the data for their intended use and must make precautions to
prevent misuses of that data.
B
1297
QUESTION NO: 1292
An attack that involves an fraudster tricking a user into making inappropriate security decisions is
known as:
A. Spoofing
B. Surveillance
C. Social Engineering
D. Man-in-the-Middle
C
1298
QUESTION NO: 1293
The US-EU Safe Harbor process has been created to address which of the following?
A. Integrity of data transferred between U.S. and European companies
B. Confidentiality of data transferred between U.S and European companies
C. Protection of personal data transferred between U.S and European companies
D. Confidentiality of data transferred between European and international companies
C
1299
QUESTION NO: 1294
What is Dumpster Diving?
A. Going through dust bin
B. Running through another person's garbage for discarded document, information and other
various items that could be used against that person or company
C. Performing media analysis
D. performing forensics on the deleted items
B
1300
QUESTION NO: 1295
Which of the following is the most important ISC2 Code of Ethics Canons?
A. Act honorably, honestly, justly, responsibly, and legally
B. Advance and protect the profession
C. Protect society, the commonwealth, and the infrastructure
D. Provide diligent and competent service to principals
C
1301
QUESTION NO: 1296
What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a
single organization comprising multiple consumers (e.g., business units)? Such deployment
model may be owned, managed, and operated by the organization, a third party, or some
combination of them, and it may exist on or off premises.
A. Private Cloud
B. Public Cloud
C. Hybrid Cloud
D. Community Cloud
A
1302
QUESTION NO: 1297
When referring to the Cloud Computing Service models. What would you call a service model
where the consumer does not manage or control the underlying cloud infrastructure including
networks, servers, operating systems, or storage, but has control over the deployed applications
and possibly configuration settings for the application-hosting environment?
A. Code as a Service (CaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Infrastructure as a Service (IaaS)
B
1303
QUESTION NO: 1298
The exact requirements for the admissibility of evidence vary across legal systems and between
different cases (e.g., criminal versus tort). At a more generic level, evidence should have some
probative value, be relevant to the case at hand, and meet the following criteria which are often
called the five rules of evidence:
A. It has to be encrypted, accurate, complete, convincing, and Admissible.
B. It has to be authentic, hashed, complete, convincing, and Admissible.
C. It has to be authentic, accurate, complete, convincing, and auditable.
D. It has to be authentic, accurate, complete, convincing, and Admissible.
D
1304
QUESTION NO: 1299
You work in a police department forensics lab where you examine computers for evidence of
crimes. Your work is vital to the success of the prosecution of criminals.
One day you receive a laptop and are part of a two man team responsible for examining it
together. However, it is lunch time and after receiving the laptop you leave it on your desk and you
both head out to lunch.
What critical step in forensic evidence have you forgotten?
A. Chain of custody
B. Locking the laptop in your desk
C. Making a disk image for examination
D. Cracking the admin password with chntpw
A
1305
QUESTION NO: 1300
Researchers have recently developed a tool that imitates a 14 year old on the Internet. The
authors developed a "Chatter Bot" that mimics conversation and treats the dissemination of
personal information as the goal to determine if the other participant in the conversation is a
pedophile.
The tool engages people in conversation and uses artificial intelligence to check for inappropriate
questions by the unsuspecting human. If the human types too many suggestive responses to the
"artificial" 14 year old, the tool then notifies the police.
From a legal perspective, what is the greatest legal challenge to the use of this tool?
A. Violation of Privacy
B. Enticement
C. Entrapment
D. Freedom of Speech
C
1306
QUESTION NO: 1301
You are a criminal hacker and have infiltrated a corporate network via a compromised host and a
misconfigured firewall. You find many targets inside the network but all appear to be hardened
except for one. It has several notable vulnerable services and it therefore seems out of place with
an otherwise secured network. (Except for the misconfigured firewall, of course)
What is it that you are likely seeing here?
A. A Honeypot
B. A Cisco Switch
C. IDS - Intrusion Detection System
D. File Server
A
1307
QUESTION NO: 1302
The most prevalent cause of computer center fires is which of the following?
A. AC equipment
B. Electrical distribution systems
C. Heating systems
D. Natural causes
B
1308
QUESTION NO: 1303
Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A
extinguisher?
A. When the fire involves paper products
B. When the fire is caused by flammable products
C. When the fire involves electrical equipment
D. When the fire is in an enclosed area
C
1309
QUESTION NO: 1304
Examples of types of physical access controls include all EXCEPT which of the following?
A. badges
B. locks
C. guards
D. passwords
D
1310
QUESTION NO: 1305
Guards are appropriate whenever the function required by the security program involves which of
the following?
A. The use of discriminating judgment
B. The use of physical force
C. The operation of access control devices
D. The need to detect unauthorized access
A
1311
QUESTION NO: 1306
What physical characteristic does a retinal scan biometric device measure?
A. The amount of light reaching the retina
B. The amount of light reflected by the retina
C. The pattern of light receptors at the back of the eye
D. The pattern of blood vessels at the back of the eye
D
1312
QUESTION NO: 1307
Which of the following is the most costly countermeasure to reducing physical security risks?
A. Procedural Controls
B. Hardware Devices
C. Electronic Systems
D. Security Guards
D
1313
QUESTION NO: 1308
Which is the last line of defense in a physical security sense?
A. people
B. interior barriers
C. exterior barriers
D. perimeter barriers
A
1314
QUESTION NO: 1309
Devices that supply power when the commercial utility power system fails are called which of the
following?
A. power conditioners
B. uninterruptible power supplies
C. power filters
D. power dividers
B
1315
QUESTION NO: 1310
Which of the following is true about a "dry pipe" sprinkler system?
A. It is a substitute for carbon dioxide systems.
B. It maximizes chances of accidental discharge of water.
C. It reduces the likelihood of the sprinkler system pipes freezing.
D. It uses less water than "wet pipe" systems.
C
1316
```
QUESTION NO: 1311
Which of the following is a class A fire?
```
A. common combustibles
B. liquid
C. electrical
D. Halon
A
1317
QUESTION NO: 1312
Which of the following is the preferred way to suppress an electrical fire in an information center?
A. CO2
B. CO2, soda acid, or Halon
C. water or soda acid
D. ABC Rated Dry Chemical
A
1318
QUESTION NO: 1313
What are the four basic elements of Fire?
A. Heat, Fuel, Oxygen, and Chain Reaction
B. Heat, Fuel, CO2, and Chain Reaction
C. Heat, Wood, Oxygen, and Chain Reaction
D. Flame, Fuel, Oxygen, and Chain Reaction
A
1319
QUESTION NO: 1314
Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it
kills the fire?
A. Halon
B. CO2
C. water
D. soda acid
A
1320
```
QUESTION NO: 1315
Which of the following is a class C fire?
```
A. electrical
B. liquid
C. common combustibles
D. soda acid
A
1321
QUESTION NO: 1316
Which of the following is NOT a system-sensing wireless proximity card?
A. magnetically striped card
B. passive device
C. field-powered device
D. transponder
A
1322
QUESTION NO: 1317
Which of the following is NOT a type of motion detector?
A. Photoelectric sensor
B. Passive infrared sensors
C. Microwave Sensor.
D. Ultrasonic Sensor.
A
1323
QUESTION NO: 1318
Which of the following is NOT a precaution you can take to reduce static electricity?
A. power line conditioning
B. anti-static sprays
C. maintain proper humidity levels
D. anti-static flooring
A
1324
```
QUESTION NO: 1321
The "vulnerability of a facility" to damage or attack may be assessed by all of the following except:
A. Inspection
B. History of losses
C. Security controls
D. security budget
```
D
1325
QUESTION NO: 1320
Which of the following is electromagnetic interference (EMI) that is noise from the radiation
generated by the difference between the hot and ground wires?
A. traverse-mode noise
B. common-mode noise
C. crossover-mode noise
D. transversal-mode noise
B
1326
QUESTION NO: 1321
The "vulnerability of a facility" to damage or attack may be assessed by all of the following except:
A. Inspection
B. History of losses
C. Security controls
D. security budget
D
1327
QUESTION NO: 1322
Which of the following is not an EPA-approved replacement for Halon?
A. Bromine
B. Innergen
C. FM-200
D. FE-13
A
1328
QUESTION NO: 1323
Which of the following is not a physical control for physical security?
A. lighting
B. fences
C. training
D. facility construction materials
C
1329
QUESTION NO: 1324
Crime Prevention Through Environmental Design (CPTED) is a discipline that:
A. Outlines how the proper design of a physical environment can reduce crime by directly affecting
human behavior.
B. Outlines how the proper design of the logical environment can reduce crime by directly affecting
human behavior.
C. Outlines how the proper design of the detective control environment can reduce crime by
directly affecting human behavior.
D. Outlines how the proper design of the administrative control environment can reduce crime by
directly affecting human behavior.
A
1330
QUESTION NO: 1325
The main risks that physical security components combat are all of the following EXCEPT:
A. SYN flood
B. physical damage
C. theft
D. Tailgating
A
1331
QUESTION NO: 1326
A momentary power outage is a:
A. spike
B. blackout
C. surge
D. fault
D
1332
QUESTION NO: 1327
A momentary high voltage is a:
A. spike
B. blackout
C. surge
D. fault
A
1333
QUESTION NO: 1328
A momentary low voltage, from 1 cycle to a few seconds, is a:
A. spike
B. blackout
C. sag
D. fault
C
1334
QUESTION NO: 1329
A prolonged high voltage is a:
A. spike
B. blackout
C. surge
D. fault
C
1335
QUESTION NO: 1330
A prolonged complete loss of electric power is a:
A. brownout
B. blackout
C. surge
D. fault
B
1336
QUESTION NO: 1331
A prolonged power supply that is below normal voltage is a:
A. brownout
B. blackout
C. surge
D. fault
A
1337
QUESTION NO: 1332
While referring to Physical Security, what does Positive pressurization means?
A. The pressure inside your sprinkler system is greater than zero.
B. The air goes out of a room when a door is opened and outside air does not go into the room.
C. Causes the sprinkler system to go off.
D. A series of measures that increase pressure on employees in order to make them more
productive.
B
1338
QUESTION NO: 1333
Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in
a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes
referred to as HVAC) and typically provided in the space between the structural ceiling and a dropdown
ceiling. This area is referred to as the:
A. smoke boundary area
B. fire detection area
C. Plenum area
D. Intergen area
C
1339
QUESTION NO: 1334
Controls like guards and general steps to maintain building security, securing of server rooms or
laptops, the protection of cables, and usage of magnetic switches on doors and windows are some
of the examples of:
A. Administrative controls
B. Logical controls
C. Technical controls
D. Physical controls
D
1340
QUESTION NO: 1335
To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire
detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type
of sensor would you select and where would you place it?
A. Rate-of-rise temperature sensor installed on the side wall
B. Variable heat sensor installed above the suspended ceiling
C. Fixed-temperature sensor installed in the air vent
D. Rate-of-rise temperature sensor installed below the raised floors
D
1341
QUESTION NO: 1336
Which type of fire extinguisher is most appropriate for a digital information processing facility?
A. Type A
B. Type B
C. Type C
D. Type D
C
1342
QUESTION NO: 1337
Which of the following controls related to physical security is not an administrative control?
A. Personnel controls
B. Alarms
C. Training
D. Emergency response and procedures
B
1343
QUESTION NO: 1338
Which of the following is related to physical security and is not considered a technical control?
A. Access control Mechanisms
B. Intrusion Detection Systems
C. Firewalls
D. Locks
D
1344
QUESTION NO: 1339
Which of the following floors would be most appropriate to locate information processing facilities
in a 6-stories building?
A. Basement
B. Ground floor
C. Third floor
D. Sixth floor
C
1345
QUESTION NO: 1340
What can be defined as a momentary low voltage?
A. Spike
B. Sag
C. Fault
D. Brownout
B
1346
QUESTION NO: 1341
Which of the following fire extinguishing systems incorporating a detection system is currently the
most recommended water system for a computer room?
A. Wet pipe
B. Dry pipe
C. Deluge
D. Preaction
D
1347
QUESTION NO: 1342
For maximum security design, what type of fence is most effective and cost-effective method (Foot
are being used as measurement unit below)?
A. 3' to 4' high.
B. 6' to 7' high.
C. 8' high and above with strands of barbed wire.
D. Double fencing
D
1348
QUESTION NO: 1343
The viewing of recorded events after the fact using a closed-circuit TV camera is considered a
A. Preventative control.
B. Detective control
C. Compensating control
D. Corrective control
B
1349
QUESTION NO: 1344
Which of the following protection devices is used for spot protection within a few inches of the
object, rather than for overall room security monitoring?
A. Wave pattern motion detectors
B. Capacitance detectors
C. Field-powered devices
D. Audio detectors
B
1350
QUESTION NO: 1345
The Physical Security domain focuses on three areas that are the basis to physically protecting
enterprise's resources and sensitive information. Which of the following is not one of these areas?
A. Threats
B. Countermeasures
C. Vulnerabilities
D. Risks
B
1351
QUESTION NO: 1348
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data
operations. Which of the following is not an element that can threaten power systems?
A. Transient Noise
B. Faulty Ground
C. Brownouts
D. UPS
D
1352
QUESTION NO: 1347
The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the
data, the computer systems, and the company assets within the facility. The value of these items
can be determined by what type of analysis?
A. Critical-channel analysis
B. Covert channel analysis
C. Critical-path analysis
D. Critical-conduit analysis
C
1353
QUESTION NO: 1348
Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data
operations. Which of the following is not an element that can threaten power systems?
A. Transient Noise
B. Faulty Ground
C. Brownouts
D. UPS
D
1354
QUESTION NO: 1349
The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater
than 60 percent) can produce what type of problem on computer parts?
A. Static electricity
B. Corrosion
C. Energy-plating
D. Element-plating
B
1355
QUESTION NO: 1350
In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of
valve?
A. Relief valve
B. Emergency valve
C. Release valve
D. Clapper valve
D
1356
QUESTION NO: 1351
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter
protection states that critical areas should be illuminated up to?
A. Illuminated at nine feet high with at least three foot-candles
B. Illuminated at eight feet high with at least three foot-candles
C. Illuminated at eight feet high with at least two foot-candles
D. Illuminated at nine feet high with at least two foot-candles
C
1357
QUESTION NO: 1352
The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than
40 percent) can produce what type of problem on computer parts?
A. Static electricity
B. Electro-plating
C. Energy-plating
D. Element-plating
A
1358
```
QUESTION NO: 1353
Which fire class can water be most appropriate for?
```
A. Class A fires
B. Class B fires
C. Class C fires
D. Class D fires
A
1359
QUESTION NO: 1354
Critical areas should be lighted:
A. Eight feet high and two feet out.
B. Eight feet high and four feet out.
C. Ten feet high and four feet out.
D. Ten feet high and six feet out.
A
1360
QUESTION NO: 1355
At which temperature does damage start occurring to magnetic media?
A. 100 degrees Fahrenheit or 37'7º Celsius
B. 125 degrees Fahrenheit or 51.66 Celsius
C. 150 degrees Fahrenheit or 65,5º Celsius
D. 175 degrees Fahrenheit or 79,4º Celsius
A
1361
QUESTION NO: 1356
What is the minimum static charge able to cause disk drive data loss?
A. 550 volts
B. 1000 volts
C. 1500 volts
D. 2000 volts
C
1362
QUESTION NO: 1357
What mechanism automatically causes an alarm originating in a data center to be transmitted over
the local municipal fire or police alarm circuits for relaying to both the local police/fire station and
the appropriate headquarters?
A. Central station alarm
B. Proprietary alarm
C. A remote station alarm
D. An auxiliary station alarm
D
1363
QUESTION NO: 1358
Which of the following questions is less likely to help in assessing physical access controls?
A. Does management regularly review the list of persons with physical access to sensitive
facilities?
B. Is the operating system configured to prevent circumvention of the security software and
application controls?
C. Are keys or other access devices needed to enter the computer room and media library?
D. Are visitors to sensitive areas signed in and escorted?
B
1364
QUESTION NO: 1359
Which of the following questions is less likely to help in assessing physical and environmental
protection?
A. Are entry codes changed periodically?
B. Are appropriate fire suppression and prevention devices installed and working?
C. Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal
printed or electronic information?
D. Is physical access to data transmission lines controlled?
C
1365
QUESTION NO: 1360
Which of the following statements pertaining to fire suppression systems is TRUE?
A. Halon is today the most common choice as far as agent are concern because it is highly
effective in the way that it interferes with the chemical reaction of the elements within a fire.
B. Gas masks provide an effective protection against use of CO2 systems. They are
recommended for the protection of the employees within data centers.
C. CO2 systems are NOT effective because they suppress the oxygen supply required to sustain
the fire.
D. Water Based extinguisher are NOT an effective fire suppression method for class C (electrical)
fires.
D
1366
QUESTION NO: 1361
How should a doorway of a manned facility with automatic locks be configured?
A. It should be configured to be fail-secure.
B. It should be configured to be fail-safe.
C. It should have a door delay cipher lock.
D. It should not allow piggybacking.
B
1367
QUESTION NO: 1362
Which of the following is a proximity identification device that does not require action by the user
and works by responding with an access code to signals transmitted by a reader?
A. A passive system sensing device
B. A transponder
C. A card swipe
D. A magnetic card
B
1368
QUESTION NO: 1363
According to ISC2, what should be the fire rating for the internal walls of an information processing
facility?
A. All walls must have a one-hour minimum fire rating.
B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms
where records such as paper and media are stored, which should have a two-hour minimum fire
rating.
C. All walls must have a two-hour minimum fire rating.
D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where
records such as paper and media are stored, which should have a three-hour minimum fire rating.
B
1369
QUESTION NO: 1364
Which of the following statements pertaining to air conditioning for an information processing
facility is correct?
A. The AC units must be controllable from outside the area.
B. The AC units must keep negative pressure in the room so that smoke and other gases are
forced out of the room.
C. The AC units must be on the same power source as the equipment in the room to allow for
easier shutdown.
D. The AC units must be dedicated to the information processing facility.
D
1370
QUESTION NO: 1365
Which of the following statements pertaining to secure information processing facilities is
incorrect?
A. Walls should have an acceptable fire rating.
B. Windows should be protected with bars.
C. Doors must resist forcible entry.
D. Location and type of fire suppression systems should be known.
B
1371
QUESTION NO: 1366
What is a common problem when using vibration detection devices for perimeter control?
A. They are vulnerable to non-adversarial disturbances.
B. They can be defeated by electronic means.
C. Signal amplitude is affected by weather conditions.
D. They must be buried below the frost line.
A
1372
QUESTION NO: 1367
Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to
the use of a "Class A" hand-held fire extinguisher?
A. When the fire is in its incipient stage.
B. When the fire involves electrical equipment.
C. When the fire is located in an enclosed area.
D. When the fire is caused by flammable products.
B
1373
QUESTION NO: 1368
To be in compliance with the Montreal Protocol, which of the following options can be taken to refill
a Halon flooding system in the event that Halon is fully discharged in the computer room?
A. Order an immediate refill with Halon 1201 from the manufacturer.
B. Contact a Halon recycling bank to make arrangements for a refill.
C. Order a Non-Hydrochlorofluorocarbon compound from the manufacturer.
D. Order an immediate refill with Halon 1301 from the manufacturer.
C
1374
QUESTION NO: 1369
Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is
best described as:
A. Ownership
B. Protecting specific areas with different measures
C. Localized emissions
D. Compromise of the perimeter
A
1375
QUESTION NO: 1370
In the physical security context, a security door equipped with an electronic lock configured to
ignore the unlock signals sent from the building emergency access control system in the event of
an issue (fire, intrusion, power failure) would be in which of the following configuration?
A. Fail Soft
B. Fail Open
C. Fail Safe
D. Fail Secure
D
1376
QUESTION NO: 1371
Which of the following is a NOT a guideline necessary to enhance security in the critical Heating
Ventilation Air Conditioning (HVAC) aspect of facility operations?
A. Restrict access to main air intake points to persons who have a work-related reason to be there
B. Maintain access rosters of maintenance personnel who are not authorized to work on the
system
C. Escort all contractors with access to the system while on site
D. Ensure that all air intake points are adequately secured with locking devices
B
1377
QUESTION NO: 1372
Which of the following type of lock uses a numeric keypad or dial to gain entry?
A. Bolting door locks
B. Cipher lock
C. Electronic door lock
D. Biometric door lock
B
1378
QUESTION NO: 1373
Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST
accepted by users?
A. Palm Scan
B. Hand Geometry
C. Fingerprint
D. Retina scan
D
