SU Practice exam bank Flashcards
(Random Partial Bank) 1 - An updated security system is being considered for implementation to your company’s building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs?
A. Electronic combination lock
B. Combination lock
C. Magnetic stripe card
D. Proximity card
D
2 - What Common Criteria assurance level is the first to require that the product is formally verified, designed, and tested?
A. EAL6
B. EAL5
C. EAL7
D. EAL4
C
3 – Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method?
A. Something you know
B. Something you use
C. Something you are
D. Something you have
D
4 – Which cipher is most susceptible to frequency analysis attacks?
A. Polyalphabetic Substitution Cipher
B. Caesar Cipher
C. Running Key Cipher
D. Transposition Cipher
B
5 – Before the recovery strategies from the Disaster Recovery Plan (DRP) are put into action, an event is triggered that starts the event management process.
4
6 – What does the term “trusted computing base” best address?
A. The level of communication a system provides
B. The level of security a system provides
C. The level of application portability a system provides
D. The level of trust a system provides
D
7- What can you use to determine whether an information security program is on track and on budget?
A. Operational metrics
B. Strategic metrics
C. Management metrics
D. Technical metrics
B
8 – There are various threats that directly affect your operations environment. It is important that your environment is protected against these threats. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad?
A. Destruction and theft
B. Interruption and disclosure
C. Corruption and modification
D. Disclosure and corruption
C
9 – What would be the least effective method to prevent an intruder from gaining access to a facility?
A. Guard dogs
B. CCTV
C. Smartcards
D. A fence
B
10 – Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network?
A. Disable all modems that are not required for incoming calls.
B. Change the phone numbers for the modems within the RAS server
C. Decrease the number of rings that will occur before the RAS server answers an incoming call.
D. Increase the number of rings that will occur before the RAS server answers an incoming call.
D
11 – Which of the following is an example of a brute force attack?
A. A program that covers up the login screen and captures the values once they are inputted by the user
B. A program that sniffs the network and captures packets
C. A program that uses a pre-defined list of values and compares it to captured values
D. A Program that uses ever possible input combination to try to determine the correct value
D
12 – Which access control model makes use of ACLs?
A. Mandatory access control
B. Discretionary access control
C. Nondiscretionary access control
D. Role-based access control
B
13 – Which statement best describes a properly implemented incident handling program?
A. Incident handling should be part of the disaster recovery plan
B. Incident handling should be part of the business continuity plan
C. Incident handling should be approached in a reactive manner.
D. Incident reporting should be decentralized
A
15 – A BCP team determines the scope of the plan, creates a timeline, and prepares a policy statement that all department managers will sign. What other important step for initiating the project must the team perform?
A. Consider the legal regulations that apply to the industry in particular.
B. Conduct a business impact analysis (BIA).
C. Obtain senior management support for the project.
D. List the assets that the company has and their replacement values.
C
16 – During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase?
A. Human resources
B. Data and voice equipment
C. Computer and network equipment
D. Environmental issues
A
17 – You need to implement a method of verifying that only authorized individuals are able to gain access to a restricted section of your facility. You need to implement an automated system that ensures every person is individually identified and authorized before they are permitted to enter. What authentication methods would best suit your needs?
A. Mantrap
B. An annuciator capable system
C. Security guards
D. Smart lock
A
18 – What best describes an information protection environment?
A. An environment for software security that encompasses all software used in an organization
B. An environment for operations security that encompasses all computing resources in an organization
C. Audits, logs, policies, and procedures used to track user activities throughout the organization
D. An environment for hardware security that encompasses all dedicated hardware in an organization
B
19 – What law protects company logos from illegal duplication?
A. Copyright
B. Patent
C. Trademark
D. Trade Secret
C
20 – Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded?
A. Overwriting
B. Degausing
C. Destroying
D. Clearing
D
21 – (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics. Identify one of the mandatory canons in the CISSP Code of Ethics.
A. Thou shalt not use a computer to steal.
B. Provide diligent and competent service to principals
C. I will not misuse any information or privileges I am afforded as part of my responsibilities
D. Discharge professional responsibilities with diligence and honesty.
B
22 – The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router?
A. Layer 3
B. Layer 1
C. Layer 2
D. Layer 7
A
23 – Which methodological framework categorizes IT processes and activities into four domains for governance?
A. COSO
B. ITIL
C. ISO 27000
D. COBIT version 4.1
D
24 – Which attack involves sending malformed packets to a system in order to cause it to crash or end processing?
A. SYN flood attack
B. Smurf attack
C. Denial of Service (DoS) attack
D. Fraggle attack
C
25 – Which type of lock provides the least amount of security?
A. Electronic combination lock
B. Smart lock
C. Warded lock
D. Tumbler lock
C
26 – IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode?
A. Only the header information is protected.
B. Only the header and trailer information are protected.
C. The payload as well as the header and trailer information is protected.
D. Only the payload of the message is protected.
C
27 – What is an example of a deterrent control?
A. Smart cards
B. Security policies
C. Fences
D. Audit logs
C
28 – The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs?
A. Rollback
B. Inference
C. Savepoint
D. Commit
C
29 – Management has approached you and would like you to explain how they can possibly prevent collusion within the organization. What should you tell them?
A. Force employees to take mandatory vacations.
B. Implement separation of duties.
C. Implement the rule of least privilege.
D. Implement job rotation.
D
30 – What is the first level in the Orange Book that requires users to be individually identified and accountable for their actions?
A. C2
B. B2
C. C1
D. B1
A
31 – Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis?
A. Uses a lot of educated guesses
B. Does not take into consideration cost/benefit analysis
C. Requires calculations
D. Presents yearly losses
E. Opinions are provided by process experts
Quantitative Risk Analysis: C, D
Qualitative risk analysis: A, E, and B
32 – Which statement best describes the Business Continuity Planning (BCP) recovery strategies?
A. They are predefined activities that will be used when a disaster strikes.
B. They are measures put into place to help reduce the likelihood of a disaster.
C. They are predefined activities that will be used to prevent a disaster from occurring.
D. They are measures put into place to help detect when a disaster strikes.
A
33 – Which is not a term that is used to identify the type of response an operating system will take when a failure occurs?
A. Emergency system restart
B. System reboot
C. System cold start
D. Warm reboot
D
34 – What is considered the appropriate height for a fence to deter a determined intruder?
A. Three to four feet high
B. Six to seven feet high
C. Eight feet high
D. One to two feet high
C
35 – A one-time pad is one of the most powerful substitution ciphers. What must be true order to maintain the integrity of the algorithm for the one-time pad?
A. Physical protection against disclosure for the one-time pad should be considered.
B. The one-time pad should be used no more than three times.
C. At a minimum, the key must be as long as the message that it will be encrypting.
D. The encryption key that is used for the one-time pad must be manually created.
C
36 – What is one of the best ways to keep a Business Continuity Plan (BCP) up to date?
A. Maintain a record of any revisions made to the BCP plan.
B. Integrate the BCP plan into the change management process
C. Review the BCP plan at least once a year
D. Include maintenance responsibilities in job descriptions.
B
37 – What are the advantages and disadvantages of a warm site?
A. No certainty that the site will be up and running within hours after being fully configured
B. Partially configured
C. Less expensive to maintain than a hot site
D. Testing of the site is done on an annual basisE. Good choice for organizations requiring proprietary hardwareF. Includes computers and servers
Advantages: E, CDisadvantages: B, A
38 – What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986?
A. To gain authorized access to personal medical information
B. To use classified data for the benefit of a foreign nation
C. To disclose personal medical information
D. To gain unauthorized access to government computers
D
39 – Which method is most secure when updating routing information?
A. Static updates
B. Link-state updates
C. Dynamic updates
D. Distance-vector updates
A
40 – An attacker deleting specific incriminating information out of an audit log is referred to as what?
A. Spoofing
B. Sniffing
C. Scrubbing
D. Purging
C
41 – What is the first level in the Orange Bok that requires labeled security?
A. B2
B. C1
C. C2
D. B1
D
42 – What would be the least effective method used to secure a fax transmission?
A. Require users to encrypt their own transmissions
B. Implement a fax encryptor
C. Use a fax server on the network
D. Enable logging and auditing of fax transmissions
A
43 – Which is NOT a type of programming language?
A. High-Level
B. Assembly
C. Machine
D. Interpreter
D
44 – Which option is not classified as a presentation layer standard?
A. JPEG
B. MPEG
C. TIFF
D. HTTP
D
45 – You need to send several classified documents to one of your company’s clients. You want to implement a method of detecting any illegal copying of these classified documents. Which method could you use?
A. Steganography
B. Running key cipher
C. Watermarking
D. Code words
C
46 – What is the term that describes an understanding with another company to use their facilities in the event of a disaster?A. Mobile hot siteB. Reciprocal agreementC. Redundant siteD. Alternate off-site facility
B
47 – Which access control concept is used when operational secrecy is a major concern?
A. Compartmentalization
B. Security domain
C. Need to know
D. Least privilege
C
48 – Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators?
A. There are only a few laws that specifically address computer crimes
B. Most attacks are performed by individuals located outside of the network
C. Most companies do not use firewalls
D. Many attackers spoof their IP addresses and erase logs to cover their tracks.
D
49 – You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as?
A. Affirmation
B. Certification
C. Hallmark
D. Accreditation
B
50 – Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why?
A. For use in future employee training sessions
B. In order to share information between corporate sites
C. In order to reflect the constant change in the corporate landscape
D. To keep track of constant changes in software and hardware
D
51 – The application layer of the TCP/IP model maps to which layers of the OSI model?
A. Presentation, Session, Transport
B. Application, Session, Transport
C. Transport, Network, Data Link
D. Application, Presentation, Session
D
52 – What might a security architect use as a starting point for their design?
A. Bell-LaPadula model
B. Reference architecture
C. Access control matrix
D. Distributed data model
B
53 – The risk management framework defines six major areas of risk management. The operational risk management area is broken down further into which specific areas of risk?
A. Financial, strategic, technology
B. People process, events
C. People, credit, market
D. Process, market, events
B
54 – You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mail where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BWEST meet these needs?
A. Landscaping
B. Fences
C. Bollards
D. Gates
B
55 – What is the main factor for strengthening the functions of cryptographic systems?
A. Increase in classified information
B. Increase in computational power
C. Increase in the number of cryptographic algorithms
D. Increase in the number of hackers
B
56 – Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation?
A. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information.
B. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information.
C. A user has the permissions to access information, and does not have the required permissions to access subsets of the same information.
D. A user has the permissions to access information, and also has the required permissions to access subsets of the same information.
B
57 – Which cryptographic attack involves learning the cryptographic key by comparing false results from an error state with known good information?
A. Fault analysis
B. Linear cryptanalysis
C. Related key attack
D. Probing attack
A
58 – There are many different types of computer crimes, each of which can be committed differently. An employee who makes small, periodic changes to the company’s financial records in an effort to go unnoticed is committing what type of crime?
A. Salami attack
B. Data diddling
C. Denial of Service (DoS)
D. Emanations capturing
A
59 – Management has approached you about the current Rdundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level supports multiple drive failures. What should you tell them?
A. RIAD 10
B. RAID 5
C. RAID 1
D. RAID 0
A
60 – Which type of attack involves deceiving a trusting person into sharing confidential information?
A. Passive
B. Active
C. Spoofing
D. Social engineering
D
61 – What Common Criteria assurance level is the first to require that the product is methodically tested and checked?
A. EAL 5
B. EAL 4
C. EAL 3
D. EAL 2
C
62 – What is NOT true regarding the services that MPLS provides?
A. Traffic engineering is provided
B. Encryption is provided
C. Packet labeling is provided
D. QoS is provided
B
63 – Which method does not provide integrity for a message?
A. Hashing a message
B. Encrypting a message
C. Encrypting and digitally signing a message
D. Digitally signing a message
B
64 - Which option is NOT TRUE in regards to key management?
A. The lifetime of a key should be dictated by the amount of usage.
B. Key lengths should be long enough to provide the level of protection that is required.
C. Keys should be maintained in a secure location when their lifetime expires.
D. Keys should be stored and transmitted in a secure manner.
C
65 – Disk mirroring is an electronic backup method that reduces the risk of data loss due to component failure. What is also true of disk mirroring?
A. It increases disk overhead.
B. It offers a higher level of protection than disk duplexing.
C. The controller is not a single point of failure.
D. It transfers exact copies of data files to a remote location.
A
66 – What is not a type of attribute that can be used to make authentication decisions in a biometric system?
A. Skin scan
B. Keyboard dynamics
C. Facial scan
D. Hand geometry
A
67 – Which access control threats match each description?
A. Dictionary Attacks
B. Brute force attacks
C. Spoofing
- Involves a fake user logon screen being presented to a user for them to input their username and password
- Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password
- Involves trying different input combinations in an attempt to find a correct password
- [C] Involves a fake user logon screen being presented to a user for them to input their username and password
- [A] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password
- [B] Involves trying different input combinations in an attempt to find a correct password
68 – A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her?
A. You should tell her to only hire honest people.
B. You should tell her to implement logs.
C. You should tell her to implement auditing.
D. You should tell her to implement an accountability server.
C
69 – Which of the following is NOT one of the principles identified by the Directive on Data Protection?
A. Notice
B. Data confidentiality
C. Choice
D. Data integrity
B
70 – What type of iris lens would typically be used in an area that has fixed lighting?
A. Annuciator
B. Charged-coupled
C. Manual
D. Automatic
C
71 – You are attempting to determine the types of preventative measures to put in place to protect your company’s facility. What is not a preventative measure you might implement?
A. Purchase generators
B. Implement a hot site
C. Create redundant power lines
D. Increase inventory
B
72 – What is not true with respect to the relationships between threat, vulnerability, exposure, countermeasure and risk?
A. A threat agent takes advantage of a vulnerability
B. A vulnerability can expose a system to possible damage.
C. A countermeasure can mitigate a vulnerability.
D. The probability of a fire causing damage is a risk.
C
74 – What type of alarm system triggers an alarm at your organization’s security command center when it detects an intruder?
A. Local
B. Proprietary
C. Central station
D. Auxiliary station
B
76 – Which type of attack is considered a passive attack?
A. Replay attack
B. Chosen-Plaintext attack
C. Ciphertext-Only attack
D. Sniffing attack
D
77 – What attributes are used when evaluating a system’s protection mechanisms under the Information Technology Security Evaluation Criteria (ITSEC)?
A. Integrity and Authentication
B. Assurance and Integrity
C. Functionality and Assurance
D. Confidentiality and Functionality
C
78 – What is the second stage of the SDLC?
A. Defining system requirements
B. Project initiation and planning
C. Defining functional objectives
D. Developing and implementing
C
79 – What is the correct order of sensitivity levels for military data classification?
A. Top secret, Secret, Private, Sensitive, Unclassified
B. Top secret, Secret, Confidential, Sensitive but unclassified, Unclassified
C. Top secret, Confidential, Secret, Sensitive but unclassified, Unclassified
D. Top secret, Sensitive, Sensitive but unclassified, Private, Unclassified
B
80 – Which identity management system characteristics match with the identity management system?
A. Provides packet delivery with UDP
B. Uses PPP connections
C. Supports the Apple Talk protocol
D. Combines services for authentication and authorizationE. Provides packet delivery with TCPF. Encrypts packets between the server and the client-TACAS+-RADIUS
TACAS+: C, F, and E
RADIUS: A, B, and D
81 – Which user requirement is true for compartmented security mode but not for multilevel security mode?
A. A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system.
B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system.
C. All users must have a valid need to know some of the information on the system.
D. There must be formal access approval for all information that the user will access on the system.
A
82 – Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination?
A. Session
B. Physical
C. Data link
D. Network
D
83 – Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer; however, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization?
A. Chief security officer
B. Chief financial officer
C. Chief information officer
D. Chief executive officer
C
84 – Which information concealment methods match to each description?
A. Code words
B. Watermarking
C. Stenography
D. Cryptography
- Uses additional information within a file for detecting the theft of information
- Uses sophisticated mathematical techniques to hide information
- Uses a specific medium to hide information within
- Uses letters to represent an idea or sentiment
- [B] Uses additional information within a file for detecting the theft of information
- [D] Uses sophisticated mathematical techniques to hide information
- [C] Uses a specific medium to hide information within
- [A] Uses letters to represent an idea or sen
85 – A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic Interference (EMI). What should you tell them?
A. Unshielded Twisted Pair
B. Fiber-optic
C. Shielded Twisted Pair
D. Coaxial
A
86 – Which mode of the Data Ecryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)?
A. Cipher Feedback
B. Electric Code Book
C. Counter
D. Cipher Block Chaining
C
87 – Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement?
A. Protect resources that are required for data processing.
B. Ensure that resource security is maintained during a failure.
C. Ensure that vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced.
D. Provide a balance between the implemented security controls and the user’s productivity.
B
88 – It is important to conduct a risk assessment as part of the planning process to determine what threatens the organization. Risk assessment also determines ways in which available resources should be used to guard against the identified threats. What is the probability of a threat?
A. The need to insure against it
B. The severity of the damage it could inflict
C. The likelihood that it will occur
D. The cost of implementing a plant o curb its effects
C
93 – You need to deploy a video surveillance solution in the front lobby of your organization’s building. It is important that the security guards are able to monitor the full lobby, but you want to limit the number of cameras needed to facilitate this. What capability will allow you to meet your goals?
A. PTZ capable system
B. CCD capable system
C. Automatic iris capable system
D. A photometric system
A
(Bank 1) 1 – Which of the following is an example of a dictionary attack?
A. A program that sniffs the network and captures packets
B. A program that covers up the login screen and captures the values once they are inputted by the user.
C. A program that uses every possible input combination to try to determine what the correct value would beD. A program that uses a pre-defined list of values and compares it to captured values
D
2 – What is the main factor for strengthening the functions of cryptographic systems?
A. Increase in the number of hackers
B. Increase in classified information
C. Increase in the number of cryptographic algorithms
D. Increase in computational power
D
3 – A computer crime has been reported and an investigation by the company’s incident response team has confirmed that an actual crime has been committed. The initial evidence indicates that the crime appears to have been committed by an employee within the company. What department should be notified?
A. Software Development
B. Human Resources
C. Finance
D. Marketing
B
4 – What Common Criteria assurance level is the first to require that the product is methodically tested and checked?
A. EAL4
B. EAL5
C. EAL3
D. EAL2
C
5 - What is the benefit of using clustering in your enterprise data management scheme?
A. Creates a single point of failure
B. Scalability and redundancy
C. Requires less memory to operate
D. Amount of data storage is increased
B
6 - You have been tasked with implementing an intrusion detection system that learns as it performs its day-to-day tasks and uses this knowledge to detect any changes that could mean an intrusion is occurring. Which one should you implement?
A. Statistical anomaly-based intrusion detection
B. Signature-based intrusion detection
C. Network-based intrusion detection system
D. Host-based intrusion detection system
A
7 - Which is the final step that you should include in any backup plan?
A. Determine what type of backup media you will require.
B. Test the backup plan.
C. Determine where you should store the backup media and how long you should store it there.
D. Determine what data you will need to back up.
B
8 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this?
A. Piggybacking
B. Modemsurfing
C. Wardriving
D. Wardialing
D
9 - Which of the following is NOT true in regards to content-dependent access control?
A. Content-dependent filtering can be used with email programs and web browsers.
B. It uses rules to define what can and cannot occur between an object and a user.
C. It is often used within databases.
D. Access to objects is determined by the actual content of the object.
B
10 - Which method is most secure when updating routing information?
A. Distance-vector updates
B. Static updates
C. Link-state updates
D. Dynamic updates
B
11 - Ten professional practice areas make up the basis of NFPA 1600. Which practice area involves determining the threats that apply to an organization and limiting their potential impact?
A. Project initiation and management
B. Risk evaluation and control
C. Maintaining and exercising BCPs
D. Awareness and training programs
B
12 - Which type of security device is set into a door's edge? A. Biometric reader B. Card reader C. Mortise lock D. Rim lock
C
13 - Companies that have been attacked often choose not to release this information to the media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account?
A. Kevin Mitnick
B. Chaos Computer Club
C. Legion of Doom
D. Cult of the Dead Cow
B
14 - Biometric devices are among the most accurate and secure methods of authentication available. However, some users find them obtrusive and are therefore reluctant to use them. What biometric recognition system is the most widely accepted and implemented?
A. Iris patterns
B. Facial features
C. Retinal patterns
D. Fingerprints
D
15 - Which term defines a group of networks that work together for the sole purpose of propagating code that performs undesirable functions?
A. Malnets
B. Botnets
C. Extranets
D. Malvertisements
A
16 - What ITSEC rating is concerned with a high level of integrity during communications?
A. F6
B. F8
C. F7
D. F9
B
17 - Which regulation for financial institutions emphasizes resuming and maintaining business operations after a disaster?
A. FFIEC
B. NYSE Rule 446
C. Electronic Funds Transfer Act
D. NASD Rule 3510
A
18 - Electronic devices emit electrical and eloctromagnetic signals through the airwaves. This is referred to as what?
A. White noise
B. Emanation
C. EMI
D. Tempest
B
19 - What can you use to determine whether an information security program is on track and on budget?
A. Management metrics
B. Technical metrics
C. Strategic metrics
D. Operational metrics
C
20 - What methodology focuses mainly on risk management related to information systems?
A. NIST SP 800-39
B. NIST SP 800-30
C. ORION
D. CRAMM
B
21 - What is NOT one of the three critical requirements for operations controls?
A. Resource protection
B. Privileged-entry control
C. Software control
D. Hardware control
C
22 - What law protects company logos from illegal duplication?
A. Patent
B. Copyright
C. Trademark
D. Trade secret
C
23 - Which technology provides availability, load balancing, redundancy, and failover?
A. Clustering
B. RADIUS
C. RAID
D.Redundant Servers
A
24 - Which is NOT a type of programming language?
A. Assembly
B. High-Level
C. Machine
D. Interpreter
D
25 - Which type of attack exploits the communications session between two communicating devices so that the session can be hijacked?
A. Ping of Death Attack
B. DNS Poisoning
C. Sniffer Attack
D. TCP Sequence Number Attack
D
26 - What is the most common security issue for most companies?
A. DoS attacks
B. Excessive privileges
C. IP spoofing attacks
D. Data diddling
B
27 - What type of water sprinkler system is best used in an environment that contains a lot of expensive computer and electronic equipment?
A. Deluge
B. Dry pipe
C. Preaction
D. Wet Pipe
C
28 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence?
A. CCTV
B. PPTP
C. TDR
D. DSA
C
29 - Which OSI reference model layers match to each function?
A. Transport B. Data-link C. Application D. Session E. Presentation F. Network
- Specifies how data is routed from hosts on one network to hosts on another network
- Responsible for error-free packet transfers between network nodes
- Establishes, maintains, and terminates connections between devices and applications
- Segments data in the appropriate size and format
- Interacts directly with end users to provide network services
- Ensures that data represented by one system can be interpreted by another system
[F]- Specifies how data is routed from hosts on one network to hosts on another network
[B]- Responsible for error-free packet transfers between network nodes
[D]- Establishes, maintains, and terminates connections between devices and applications
[A]- Segments data in the appropriate size and format
[C]- Interacts directly with end users to provide network services
[E]- Ensures that data represented by one system can be interpreted by another system
30 - What is the Biba model most concerned with?
A. Integrity
B. Verification
C. Confidentiality
D. Repudiation
A
31 - What type of threat involves retransmitting packets to perform undesirable effects?
A. Impersonation
B. Dumpster diving
C. Data remanence
D. Replay
D
32 - A temporary site has been set up for various users that will be working on a project in a remote location. The users will be dialing-in to a RAS server within the central office to gain access to the corporate network as required. Management is worried that unauthorized users at unauthorized locations will be able to dial-in to the RAS server and gain access to the corporate network. What should you implement for increased security?
A. Callback
B. A firewall
C. Encryption
D. VPN
A
33 - Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method?
A. Something you know
B. Something you have
C. Something you use
D. Something you are
B
34 - Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded?
A. Destroying
B. Degaussing
C. Cleaning
D. Overwriting
C
35 - In regards to data within an organization, what is the Clark-Wilson model most concerned with?
A. Confidentiality
B. Authentication
C. Integrity
D. Availability
C
36 - What is an example of a detective control?
A. Firewall
B. Fences
C. Job rotation
D. Lighting
C
37 - Which stage descriptions match to each lifecycle?
A. Ideas are brainstormed for the system and security measures are considered.
B. Errors are identified and traced once the system is in production.
C. How the system will be created to fulfill the functional objectives is determined.
D. All the planning, designs, and system requirements are physically created.
E. Weaknesses are resolved by implementing new improvements.
- Systems Development Life Cycle
- System Life Cycle
[A, C, D] -Systems Development Life Cycle
[B, E] - System Life Cycle
38 - What is an example of a deterrent control?
A. Audit logs
B. Security policies
C. Fences
D. Smart cards
C
39 - It is important to conduct a risk assessment as part of the planning process to determine what threatens the organization. Risk assessment also determines ways in which available resources should be used to guard against the identified threats. What is the probability of a threat?
A. The likelihood that it will occur
B. The need to insure against it
C. The severity of the damage it could inflict
D. The cost of implementing a plan to curb its effects
A
40 - A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her?
A. You should tell her to implement auditing.
B. You should tell her to implement an accountability server.
C. You should tell her to implement logs.
D. You should tell her to only hire honest people.
A
41 - What is the most secure method of storing private keys in a PKI implementation for a commercial bank?
A. Key repository
B. Key escrow service
C. Simple offline storage system
D. M-of-N process
B
42 - Which statement is not true in relation to the term “back door”?
A. There are various tools on the market that allow you to easily create and execute back door attacks.
B. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes.
C. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in.
D. A back door attack allows an attacker to masquerade themselves as someone else.
D
43 - Which access control model makes use of ACLs?
A. Discretionary access control
B. Role-based access control
C. Nondiscretionary access control
D. Mandatory access control
A
44 - What is an organization exercising when senior management understands the security risk faced by the company and it investigates possible weaknesses and vulnerabilities?
A. Due diligence
B. Due care
C. Demonstrative evidence
D. Incident recognition
A
45 - What type of backup will contain any files that have changed since the last full backup?
A. Full
B. Incremental
C. Differential
D. Complete
C
46 - Which statement best describes what occurs during a Chosen Plaintext attack?
A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all the messages with that key.
B. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key.
C. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient.
D. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender.
C
47 - What is the first level in the Orange Book that requires users to be individually identified and accountable for their actions?
A. C1
B. B2
C. C2
D. B1
C
48 - You need to provide security for your client’s connections to your web server. You need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this?
A. HTTP
B. HTTPS
C. S-HTTP
D. SET
B
49 - A biometric system that weighs people entering a facility to ensure that only one person is being granted access is typically used in what type of security prevention method?
A. Fail-safe
B. Mantrap
C. Fail-secure
D. Piggybacking
B
50 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion?
A. Intrusion detection
B. Access control
C. Separation of duties
D. Rotation of duties
D
51 - Which protocol relies on a “web of trust” for its key management approach instead of a hierarchy of certificate authorities?
A. Deffie-Hellman
B. RSA
C. PGP
D. SSL
C
52 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack?
A. Quantitative risk analysis
B. Forensic engineering
C. Software forensics
D. Business impact analysis
C
53 - The terms threat, vulnerability, exposure, countermeasure, and risk are sometimes intermingled and used interchangeably in conversation or writings about security management. Which of the following options contains the statement that accurately describes the relationship between these terms?
A. Option C
B. Option B
C. Option A
D. Option D
A
54 - You are the network administrator for a large company in North America. Many of the employees work from remote locations. You need to set up a secure, private connection between the remote users and their head office so that they can access resources. What would be the best solution?
A. Use the Point-to-Point Tunneling Protocol
B. Use a Virtual Private Network
C. Use the Point-to-Point Protocol
D. Use the Layer 2 Tunneling Protocol
B
55 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them?
A. Fiber-optic
B. Shielded Twisted Pair
C. Unshielded Twisted Pair
D. Coaxial
C
56 - Which access control model is based on a security label system?
A. Discretionary access control
B. Mandatory access control
C. Nondiscretionary access control
D. Role-based access control
B
57 - You are the network administrator for a branch office. You need to secure the network traffic as it enters and leaves your office. Your plan is to implement a hardware based firewall. The firewall should be able to inspect the data’s source and destination address. This will allow you to implement access control lists to control access to specific applications and services. What type of firewall should you implement to meet the branch office security requirements?
A. Stateful Inspection
B. Packet Filtering
C. Application Level
D. Circuit Level
B
58 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs?
A. System cold start
B. Warm reboot
C. Emergency system restart
D. System reboot
B
59 - Which security model has the ability to address the interference attack?
A. Noninterference model
B. Graham-Denning model
C. Biba model
D. Lattice model
A
60 - What type of cipher moves bits, characters, and blocks around to hide the original plaintext message?
A. Transposition cipher
B. Scramble cipher
C. Substitution cipher
D. Replacement cipher.
A
61 - Which attack takes advantage of weaknesses in the design of the TCP protocol?
A. SYN flood
B. Teardrop
C. Fraggle
D. Smurf
A
62 - When does a buffer overflow occur?
A. When an application sends too much information to another application cuasing a blue screen
B. When too much data is entered into the buffer
C. When the operating system runs out of RAM and causes a reboot
D. When an application runs out of memory and crashes the system
B
63 - What is not true of a qualitative risk analysis?
A. It is scenario-based.
B. Assets are defined as tangible physical objects.
C. Its results are easier to understand than that of a quantitative risk analysis.
D. Threats are given an exposure rating.
B
64 - Which RAID levels match each characteristic?
A. Level 10 B. Level 5 C. Level 3 D. Level 0 E. Level 1
- Parity
- No parity
- [C, B] Parity
- [D, E, A] No parity
65 - The company’s database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significant amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in?
A. Normal
B. Nonessential
C. Critical
D. Urgent
D
66 - What law protects software programs from illegal distribution?
A. Trade secret
B. Trademark
C. Patent
D. Copyright
D
67 - Which term represents a collection of technologies that gathers and stores access control information and specified system activity for later study?
A. SIEM
B. FMEA
C. ITIL
D. MTBF
A
68 - The act of monitoring, auditing, and logging provides which measure within an organization?
A. Integrity
B. Accountability
C. Availability
D. Confidentiality
B
69 - What is the best method of preventing a buffer overflow?
A. Limit the amount of data that can be entered into memory
B. Limit the amount of data that is accepted by an application
C. Increase the amount of virtual memory available to the operating system
D. Add RAM to the computer
A
70 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence?
A. Evidence must be returned to its owner once presented in court
B. Modifying computer-generated evidence is impossible
C. Evidence must not be admissible
D. Evidence must be legally permissible
D
71 - Why are most companies unaware that they have ever been attacked?
A. Attackers usually spoof their IP addresses.
B. There are only a few laws that specifically address computer crimes.
C. Attackers usually erase any logs that record their activities.
D. Most attacks are performed by individuals located inside the target network.
C
72 - Once the risk analysis has been completed, the organization must decide how to handle the risk. What four options are available for handling risk?
A. Reject, transfer, reduce, and accept
B. Reject, transfer, recover, and accept
C. Transmit, accept, refer, and reject
D. Accept, refer reject, and transmit
A
73- What type of intrusion detection system (IDS) is used to detect any sound that can be made by someone trying to force their way into a facility?
A. Acoustical detection system
B. Electro-mechanical system
C. Photometric system
D. Proximity detector
A
74 - What type of mobile code control serves as a protected area for a program to execute?
A. Access matrix
B. Kernel
C. Covert channel
D. Sandbox
D
75 - Management has approached you about the current Redundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level supports multiple drive failures. What should you tell them?
A. RAID 0
B. RAID 1
C. RAID 10
D. RAID 5
C
76 - What is the Bell-La Padula model most concerned with?
A. Repudiation
B. Integrity
C. Verification
D. Confidentiality
D
77 - Administrative, technical, and physical controls should be used by security administrators to meet an organization’s security requirements. What is an example of a preventive physical control?
A. Biometric system
B. Router
C. Data backup
D. Closed-circuit TV
A
78 - Which algorithms match to each type?
A. Knapsack B. Blowfish C. DES D. RSA E. ECC F. AES
- Asymmetric
- Symmetric
[D, E, A] - Asymmetric
[F, C, B] - Symmetric
79 - The reporting structure for the information security officer (ISO) will vary from organization to organization. The ISO should report as high up in the organization as possible, as this reinforces the importance of information security to the organization. When deciding which organizational role the ISO needs to report to, it is important to acknowledge that there is a potential conflict of interest. A conflict of interest could arise from having the ISO report to which organizational role?
A. Risk management department
B. Chief executive officer
C. Chief security officer
D. Internal audit department
D
80 - Which type of virus takes advantage of system precedence?
A. Polymorphic virus
B. Macro virus
C. Multipartite virus
D. Companion virus
D
81 - A junior network technician has approached you and asked for your opinion on what would be the most secure cable to implement within the organization. What should you tell them?
A. Coaxial
B. Unshielded Twisted Pair (UTP)
C. Fiber-optic
D. Shielded Twisted Pair (STP)
C
82 - The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs?
A. Inference
B. Commit
C. Rollback
D. Savepoint
D
83 - What type of technology makes use of a sandbox as a security mechanism?
A. Malware
B. ActiveX
C. DBMS
D. Java
D
84 - Which is NOT an integrity goal that is addressed by the Clark Wilson model?
A. All users must be identified and authenticated.
B. Unauthorized users should be prevented from making changes.
C. Authorized users should be prevented from making unauthorized changes.
D. Internal and external consistency should be maintained at all times.
A
85 - What is not considered when determining a recovery strategy as part of a business continuity plan?
A. User recovery
B. Data recovery
C. Technical recovery
D. Certificate recovery
D
86 - What best describes an information protection environment?
A. Audits, logs, policies, and procedures used to track user activities throughout the organization
B. An environment for hardware security that encompasses all dedicated hardware in an organization
C. An environment for operations security that encompasses all computing resources in an organization
D. An environment for software security that encompasses all software used in an organization
C
87 - At which stage of the SLC does the development team observe how the system operates to make sure it is functioning as expected?
A. Operations and maintenance support
B. Recording and documenting
C. Producing and installing
D. Revisions and system replacement
A
88 - What type of power fluctuation occurs due to a loss of power?
A. Fault
B. Spike
C. Brownout
D. Sag
A
89 - What type of alarm system triggers an alarm at your organization’s security command center when it detects an intruder?
A. Proprietary
B. Local
C. Central station
D. Auxiliary station
A
90 - Which piece of equipment is not recommended for use by incident response teams?
A. Digital camera
B. Plastic containers
C. Spiral notebook
D. Ball-point pen
C
91 - What needs to be done by the organization to help ensure that the insurance company is responsible for coverage in the event of a disaster?
A. The organization must practice due care
B. The organization must practice due diligence
C. The organization must purchase a Business Interruption Insurance policy
D. Nothing, the insurance company is always responsible
A
92 - What classification of gate is designed to secure an industrial yard that only authorized individuals are permitted entry?
A. Class II
B. Class IV
C. Class I
D. Class III
D
93 - What is the first level in the Orange Book that requires verified protection?
A. A1
B. B1
C. B2
D. C1
A
94 - Which examples match with the types of controls?
A. Classifying data B. Clipping levels C. Hiring procedures D. Supervisory activities E. Monitoring keystrokes F. Access control lists
- Technical
- Administrative
[E, F, B] - Technical
[C, A, D] - Administrative
95 - Which type of detective software intelligently analyzes unknown code?
A. Change detection software
B. Heuristic scanner
C. Signature scanner
D. Activity monitor
B
96 - Which statement specifies a characteristic of quantum cryptography?
A. It is used to encrypt and store the encrypted data.
B. It uses physics as its fundamental mechanism.
C. It is used to transfer encrypted data between two hosts.
D. It uses special encryption algorithms to encrypt information.
B
97 - Which backup strategy copies only the files that have changed since the last backup without altering their archive bits?
A. Differential backup
B. Full backup
C. Copy backup
D. Incremental backup
A
98 - Which rule is also classified as the “no read down” rule?
A. Simple integrity axiom
B. Simple security rule
C. Star integrity axiom
D. Star property rule
A
99 - Which statement best describes maintenance hooks?
A. They are cycles of downtime for software access controls.
B. They are backdoors into software that only the developer knows about.
C. They are periods of time in which the software security is lax.
D. They are Trojan horses placed in the software by hackers.
B
100 - What type of fire suppression system would be the worst choice to use in an environment that contains a lot of expensive computer and electronic equipment?
A. FM 200
B. Preaction
C. Deluge
D. Dry pipe
C
101 - For applications to Interact with various types of databases, a type of interface is needed. What type of database interface language is used for structuring data so that it can be shared between applications and web technologies?
A. ADO
B. OLE DB
C. ODBC
D. XML
D
102 - Which type of cryptographic algorithm uses public and private keys?
A. AES
B. RSA
C. DES
D. 3DES
B
103 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you to determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher?
A. Transposition
B. Substitution
C. Null
D. Running key
A
104 - Which type of access control involves the installation of a lock on a server room door?
A. Directive
B. Compensating
C. Preventive
D. Deterrent
C
105 - Which statement best defines a clipping level?
A. A baseline that defines a threshold that must be met before a violation is recorded for further review
B. The implementation of assurance levels and the management of security features
C. A threshold that defines a baseline that must be met before a violation is recorded for further review
D. The act of discovering a problem before it becomes a major issue and causes damage
A
106 - Which task is not part of the initial steps an attacker would perform when attacking a network?
A. Start building a network topology
B. Determining which computers are physically active.
C. Determining which operating systems are installed on the active computers
D. Determining which ports are open by performing port scans
D
107 - Your current network uses the Open Shortest Path First (OSPF) dynamic routing protocol to update routes to different destinations on the network. It has been brought to your attention that a rouge router is updating routes on the internal network. This is creating false routes to destinations internally and externally which imposes a security issue. What should you do to prevent the rogue router from updating your internal routing information?
A. Implement a different type of dynamic routing protocol.
B. Implement update authentication between the internal routers.
C. Unplug the rogue router.
D. Contact the local authorities.
B
108 - Which type of media access technology is primarily used in Ethernet networks?
A. Token Passing
B. Polling
C. CSMA
D. Ethernet
C
109 - A stateful firewall uses what type of access control?
A. Content-dependent access control
B. Context-dependent access control
C. Rule-based access control
D. Access control matrix
B
110 - Which type of operations security control deals with the behavior expected of employees when accessing information resources within the organization?
A. Corrective controls
B. Directive controls
C. Preventive controls
D. Detective controls
B
111 - With Biometrics systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied?
A. FRR
B. FAR
C. CER
D. EMP
B
112 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization,. For what is the information security officer primarily responsible?
A. Ensuring the security program complies with regulations
B. Evaluating risk management practices in the organization
C. Identifying emerging security risks
D. Facilitating information security within the organization
D
113 - Carrie has a secret message that she wants only Todd to read. A hybrid approach is used for this transaction. Which statements regarding hybrid cryptography are true and which statements are false?
A. Todd decrypts the encrypted symmetric key with his private key and decrypts Carrie’s message with the symmetric key
B. Carrie encrypts the message with her private key and her private key with Todd’s public key
C. Todd decrypts Carrie’s encrypted private key with his public key and decrypts Carrie’s message with Carrie’s private key
D. Carrie encrypts the message with a symmetric key and the symmetric key with Todd’s public key
[B, C]-False
[D, A]-True
114 - Which type of cipher is typically used in an application where encryption is not needed, but the system itself requires encryption?
A. Transposition cipher
B. Running key cipher
C. Substitution cipher
D. Null cipher
D
115 - (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics, Identify one of the mandatory cannons in the CISSP Code of Ethics.
A. Discharge professional responsibilities with diligence and honesty
B. Provide diligent and competent service to principals
C. Thou shalt not use a computer to steal
D. I will not misuse any information or privileges I am afforded as part of my responsibilities
B
116 - What type of database integrity exists if all foreign keys point to existing primary keys?
A. Referential
B. Entity
C. Semantic
D. Structural
A
117 - The risk management framework defines six major areas of risk management. The operational risk management area is broken down further into which specific areas of risk?
A. People, credit, market
B. Financial, strategic, technology
C. Process, market, events
D. People, process, events
D
118 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure?
A. RAID 0
B. RAID 5
C. RAID 3
D. RAID 1
B
119 - Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis?
A. Does not take into consideration cost/benefit analysis
B. Requires calculations
C. Uses a lot of educated guesses
D. Opinions are provided by process experts
E. Presents yearly losses
- Qualitative risk analysis
- Quantitative risk analysis
[C, D, A]- Qualitative risk analysis
[B, E]- Quantitative risk analysis
120 - Which Common Criteria Evaluation Assurance Level (EAL) involves semiformal design and testing of systems?
A. EAL 7
B. EAL 5
C. EAL 3
D. EAL 1
B
121 - Which access control concept involves isolating groups of people and information so that information is not passed between the groups?
A. Least privilege
B. Compartmentalization
C. Need to know
D. Security domain
B
122 - Which attack involves sending malformed packets to a system in order to cause it to crash or end processing?
A. SYN flood attack
B. Smurf attack
C. Denial of Service (DoS) attack
D. Fraggle attack
C
123 - Which examples match security frameworks and risk assessment methodologies?
A. CRAMM B. OCTAVE C. COBIT D. FRAP E. ITIL F. COSO
- Security Frameworks
- Risk Assessment Methodologies
[C, F, E]- Security Frameworks
[A, D, B]- Risk Assessment Methodologies
124 - After determining the risks that could affect business functions, what would be the least effective type of measure that could be implemented to help reduce the impact as much as possible?
A. Reactive
B. Cost-effective
C. Preventative
D. Proactive
A
125 - Which is TRUE in relation to a one-way hash function?
A. It takes a variable-length string and produces a fixed-length value.
B. It takes a variable -length string and produces a variable-length value.
C. It takes a fixed-length string and produces a fixed-length value.
D. It takes a fixed-length string and produces and variable-length value.
A
126 - Which viable weekly backup strategy will take the least amount of time to complete?
A. Perform a full backup every Monday and a differential backup on the remaining days of the week.
B. Perform a differential backup every Monday and an incremental backup on the remaining days of the week
C. Perform a full backup every Monday and an incremental backup on the remaining days of the week.
D. Perform a full backup every day.
C
127 - Which attack occurs when an attacker sends packets that are too small?
A. Smurf
B. Fraggle
C. Teardrop
D.SYN flood
C
128 - What type of interference can be caused by the fluorescent lights that are commonly found in office buildings?
A. Electrostatic discharge
B. Intermodulation
C. Radio frequency interference
D. Electromagnetic Interference
C
129 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the user currently resides?
A. Simple integrity axiom
B. Star integrity axiom
C. Simple security rule
D. Star property rule
D
130 - Which system security modes match to each description?
A. Multilevel Security Mode
B. Dedicated Security Mode
C. Compartmented Security Mode
D. System High-Security Mode
- All users lack formal need to know, but possess the necessary clearance.
- All users possess a formal need to know and clearance for all the data in the system.
- All users possess system high-security clearance, but may lack formal approval or need to know.
- Various classification levels are required to be processed at the same time.
- [D] All users lack formal need to know, but possess the necessary clearance.
- [B] All users possess a formal need to know and clearance for all the data in the system.
- [C] All users possess system high-security clearance, but may lack formal approval or need to know.
- [A] Various classification levels are required to be processed at the same time.
131 - Which algorithms match to each type?
A. MD5 B. AES C. SHA-1 D. HAVAL E. IDEA F. RSA
- Hashing algorithm
- Encryption algorithm
- [D, A, C] Hashing algorithm
- [B, E, F] Encryption algorithm
132 - What should be the first step completed in the project initiation phase?
A. Define plan goals
B. Appoint a leader
C. Appoint a BCP team
D. Obtain management support
D
133 - Which type of law acts on civil violations against an organization or individual?
A. Regulatory
B. Criminal
C. Tort
D. Administrative
C
134 - An updated security system is being considered for implementation to your company’s building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs?
A. Magnetic stripe card
B. Proximity card
C. Electronic combination lock
D. Combination lock
B
135 - What should you configure to ensure that received fax documents are kept confidential and secure?
A. Configure a fax server to print the faxes to the nearest printer and include a cover page that separates the printed faxes by user name
B. Configure the fax device to only accept faxes when a user is present to receive it.
C. Configure a fax server to route the received faxes to the fax device that is nearest to the recipient.
D.Configure a fax server to route the received faxes to the appropriate user’s electronic mailbox
D
136 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment?
A. Brownout
B. Blackout
C. Fault
D. Sag
C
137 - What is not an example of a physical control?
A. Subnets
B. Building location
C. External lights
D. Data backups
A
138 - When developing a business continuity plan, what recovery strategy would address transportation and accommodation requirements for employees in the event of a disaster?
A. User recovery
B. Business recovery
C. Data recovery
D. Technical recovery
A
139 - Which user requirement is true for compartmented security mode but not for multilevel security mode?
A. There must be formal access approval for all information that the user will access on the system.
B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system.
C.A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system.
D. All users must have a valid need to know some of the information on the system.
C
140 - What security mode is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it?
A. Multilevel Security Mode
B. Dedicated Security Mode
C. System High-Security Mode
D. Compartmented Security Mode
C
141 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is the process referring to?
A. Accreditation
B. Certification
C. Affirmation
D. Verification
A
142 - Most alternate off-site facilities are provided by third party companies that charge a subscription fee for usage. What is the term for an alternate off-side facility that is owned by the company?
A. Redundant site
B. Warm site
C. Hot site
D. Cold site
A
143 - Which of the standard listed identifies the format for public key certificates?
A. X21
B. X500
C. X509
D. X400
C
144 - What often happens unexpectedly because of the development of a company’s contingency plan?
A. Support from senior management is realized
B. RTOs are discovered
C. Improved business operations
D. Hot sites are found to be expensive to maintain
C
145 - Which algorithm requires that the sender and receiver use two instances of the same key?
A. RSA
B. Diffie-Hellman
C. Knapsack
D. 3DES
D
146 - What part of the product evaluation process deals with product development and maintenance?
A. Life-cycle assurance
B. Clipping levels
C. Operational assurance
D. Change control
A
147 - While away on business you are forced to leave a company laptop unattended in your hotel room for several hours. What would be the best method of securing the sensitive data stored on its laptop from theft?
A. Maintain backups of the sensitive data in a secure location
B. Have the laptop engraved with an ID number
C. Use encryption software to encrypt the sensitive data
D. Secure the laptop to a hotel desk using a locking cable
C
148 - IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode?
A. Only the header and trailer information are protected.
B. The payload as well as the header and trailer information is protected.
C. Only the payload of the message is protected.
D. Only the header information is protected.
B
149 - According to the event management process, which action should be taken immediately after an event occurs?
A. Report to the assessment team
B. Assess the event
C. Report to the communications center
D. Implement a recovery strategy and and plans
C
150 - When developing the business continuity plan (BCP), what is not the responsibility of management?
A. Making the necessary resources available
B. Creating the policy statement and setting goals
C. Determining any legal and regulatory requirements
D. The outcome of the BCP development process
C
151 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients?
A. Relational data model
B. Distributed data model
C. Hierarchical data model
D. Rational data model
B
152 - Your security department has been gathering information to present to management about the security mechanisms that are implemented within the organization and an evaluation of their overall effectiveness. What is this process referred to as?
A. Affirmation
B. Accreditation
C. Certification
D. Hallmark
C
153 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as?
A. Hallmark
B. Affirmation
C. Certification
D. Accreditation
C
154 - Which statements match each organization’s code of ethics?
A. Compromising the privacy of others
B. Act honorably, honestly, justly, responsibly, and legally
C. Provide diligent and competent services to principals
D. Seeking to gain unauthorized access to internet resources
E. Destroying the integrity of computer-based information
F. Advance and protect the security profession
- ISC2
- IAB
- [B, C, F] ISC2
- [E, D, A] IAB
155 - Which IDS technologies match each characteristics?
A. Anomaly-based
B. Signature-based
- Has the ability to identify new attacks
- Is synonymous with heuristic-based
- Is able to identify several activities and compare them to known patterns simultaneously
- Does not have the ability to identify new attacks
- [A] Has the ability to identify new attacks
- [A] Is synonymous with heuristic-based
- [B] Is able to identify several activities and compare them to known patterns simultaneously
- [B] Does not have the ability to identify new attacks
156 - which component is used to create digital signatures?
A. DSA
B. PPTP
C. SKIP
D. IPSec
A
157 - Why should an organization implement auditing for its Business Continuity Plan (BCP)?
A. To identify possible business interruptions
B. To reveal weaknesses in a system
C. To detect unauthorized activity
D. To keep it up to date
D
158 - Which information concealment methods match to each description?
A. Watermarking
B. Cryptography
C. Code words
D. Stenography
- Uses letters to represent an idea or sentiment
- Uses sophisticated mathematical techniques to hid information
- Uses a specific medium to hid information within
- Uses additional information within a file for detecting the theft of information
- [C] Uses letters to represent an idea or sentiment
- [B] Uses sophisticated mathematical techniques to hid information
- [D] Uses a specific medium to hid information within
- [A] Uses additional information within a file for detecting the theft of information
159 - What ensures the accountability and integrity of evidence once it is collected?
A. Chain of evidence
B. Tangibility
C. Due care
D. Due diligence
A
160 - What is true regarding the relationship between laws and ethics?
A. Ethics and laws are synonymous.
B. Most laws are derived from ethics.
C. Ethics are always derived from laws.
D. An action that is legal is also ethical.
B
161 - An organization that partners with other corporations has multiple communication channels. What should be taken into consideration by all employees regarding these channels?
A. Single sign-on
B. Intrusion detection
C. Privacy compliance
D. Monitoring technologies
C
162 - Which component is used by operators to monitor controllers in a SCADA system?
A. HMI
B. RTU
C. PLC
D. TCP
A
163 - Which aspect of IAM involves creating, modifying, and deleting user accounts?
A. Authorization
B. Entitlement
C. Identify management
D. Provisioning
D
164 - Fire suppression systems use different methods to combat fires. What substance is non-toxic, does not deplete the ozone, and is safe to use around electrical equipment?
A. Halon
B. Deluge
C. FM 200
D. Carbon dioxide (CO2)
C
165 - Which type of lock provides the least amount of security?
A. Warded lock
B. Smart lock
C. Tumbler lock
D. Electronic combination lock
A
166 - Which access control threats match each description?
A. Brute force attacks
B. Spoofing
C. Dictionary attacks
- Involves trying different input combinations in an attempt to find a correct password
- Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password
- Involves a fake user logon screen being presented to a user for them to input their username and password
- [A] Involves trying different input combinations in an attempt to find a correct password
- [C] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password
- [B] Involves a fake user logon screen being presented to a user for them to input their username and password
167 - The international information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory cannon in the CISSP Code of Ethics?
A. Protect society, the commonwealth, and the infrastructure.
B. Act honorably, honestly, justly, responsibly, and legally.
C. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty.
D. Provide diligent and competent service to principals.
C
168 - Which standard is recommended by the Implementing the 9/11 Commission Recommendations Act of 2007?
A. NFPA 1600
B. TCSEC
C. ISO/IEC/27002
D. Common Criteria
A
169 - Which characteristics match to each type of offsite facility?
A. Configured with some equipment
B. Are usually ready within a few hours after equipment arrive
C. Can be operational very quickly
D. Fully configured spaces with all the technical equipment and resources an organization requires
E. No technical equipment or resources, except for air conditioning, power, and telecommunications
F. May take several hours or longer to get set up
- Hot sites
- Warm sites
- Cold sites
- [D, C] Hot sites
- [A, B] Warm sites
- [E, F] Cold sites
170 - A security practitioner is designing access control monitoring. The design includes a non-filtering router, a firewall, and a company network. In particular, the company wants to correctly place an IPS so that the number of alerts is significantly reduced.
Internet
[ ]- / \-[ ]
Firewall Router
|-[ ] |-[ ]
Company Net Company Net
The point between the firewall and the company network.
171 - What would be the least effective method used to secure a fax transmission?
A. Enable logging and auditing of fax transmissions
B. Use a fax server on the network
C. Implement a fax encryptor
D. Require users to encrypt their own transmissions
D
172 - Which method involves the hiding of data within another form of media so that the existence of the original data is concealed?
A. Tasseography
B. Cryptography
C. Stenography
D. Steganography
D
173 - You have received a change request from your client on a project you are currently developing for them. What is the correct order of steps you should take to ensure that you follow the change control process?
A. Make a formal request, Analyze the request, Record the request, Submit the request for approval, Develop the change, Report the results to management
B. Analyze the request, Record the request, Make a formal request, Submit the request for approval, Develop the change, Report the results to management
C. Make a formal request, Submit the request for approval, Develop the change, Analyze the request, Record the request, Report the results to management
D. Submit the request for approval, Make a formal request, Analyze the request, Record the request, Develop the change, Report the results to management
A
174 - Which rule will protect data at an integrity level from being corrupted by data at a lower integrity level?
A. Strong star property rule
B. Star property rule
C. Simple integrity axiom
D. Simple security rule
C
175 - An NDA addresses which security principal?
A. Availability
B. Integrity
C. Authenticity
D. Confidentiality
D
176 - Your company is implementing wireless technologies to provide users with the mobility they require to perform their day to day activities. Management has approached you and is questioning the security of the wireless technologies in relation to wardriving. You need to assure them that the network will be secured against wardriving. Which security measure will not provide protection against wardriving?
A. Enable the broadcasting of SSIDs on the access points that will be implemented within the network.
B. Change the SSID that will be used to identify the access point on the network.
C. Physically place the access points within the middle of the buildings.
D. Use 128-bit WEP as the encryption standard on the wireless network
A
177 - What method for database security involves having multiple instances of rows with the same primary key, each displaying a different set of data depending on the user’s security level?
A. Polyinstantiation
B. Aggregation
C. Views
D. Inference
A
178 - What is considered a felony under the US Computer Fraud and Abuse Act of 1986?
A. To gain unauthorized access to government systems
B. To disclose personal medical information
C. To use classified data for the benefit of a foreign nation
D. To exchange passwords for unauthorized access to systems
C
179 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out?
A. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings
B. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings
C. Reconnaissance, Enumeration, Execution, Vulnerability Analysis, Document Findings
D. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution
B
180 - What is the most common method used to locate unsecured wireless networks?
A. Wardialing
B. Piggybacking
C. Wardriving
D. Salami
C
181 - In a secure network, personnel play a key role in the maintenance and promotion of security procedures. Allotting different roles and responsibilities to different personnel provides increased security. It is important that each participant’s role is clearly defined and understood by the participants and by their peers. Which role is responsible for ensuring that the company complies with software license agreements?
A. Process owner
B. Product-line manager
C. Data analyst
D. Solution provider
B
182 - The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise data integrity?
A. Denial-of-Service (DoS) attack
B. Dumpster diving
C. Social engineering
D. Virus
D
183 - Security policies can be categorized as regulatory, advisory or informative. What is true of an advisory policy?
A. An advisory policy is designed for educational purposes.
B. An advisory policy cannot be enforced.
C. An advisory policy is specific to the company’s industry.
D. An advisory policy may describe the consequences of not abiding by the rules and procedures.
D
184 - The terms threat, vulnerability, exposure, countermeasure and risk are sometimes intermingled and used interchangeably in conversation or writings about security management. Which of the following options contain the statement that accurately describes the relationship between these terms?
A. Option C
B. Option A
C. Option B
D. Option D
C
185 - What is a security professional considered when they use hacking tools to test their own network for vulnerabilities?
A. Script kiddie
B. White hat
C. Red hat
D. Black hat
B
186 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs?
A. Accidental disclosure of confidential, private information
B. Susceptibility to DoS attacks
C. Their being used to identify wireless hotspots that attackers can use to initiate attacks
D. Their being used to facilitate the spread of malicious code
A
187 - What has a primary focus on ensuring the business functions that are critical to the organization’s survival are available in the event of a business interruption?
A. Resource dependency analysis
B. Business impact analysis
C. NYSE Rule 446
D. Corporate contingency planning
D
188 - Which identity management system characteristics match with the identity management system?
A. Combines services for authentication and authorization
B. Provides packet delivery with TCP
C. Supports the AppleTalk protocol
D. Usess PPP connections
E. Encrypts packets between the server and the client
F. Provides packet delivery with UDP
- RADIUS
- TACACS+
- [F, D, A] RADIUS
- [C, E, B] TACACS+
189 - An attacker deleting specific incriminating information out of an audit log is referred to as what?
A. Sniffing
B. Scrubbing
C. Spoofing
D. Purging
B
190 - What type of attack involves the capturing of packets as they pass from a source to a destination over a network link?
A. Spamming attack
B. Teardrop attack
C. Ping of death attack
D. Sniffer attack
D
191 - When might an organization require an export license?
A. To implement cloud computing
B. To employ a key escrow service
C. To permit trans-border data flows
D. To establish a distributed data model
C
192 - Which database model allows for the storage of a wide spectrum of different types of data, including images, audio, and documents?
A. Object-oriented database model
B. Hierarchical database model
C. Distributed database model
D. Relational database model
A
193 - What can be done to enforce employee accountability?
A. Ensuring employees arrive on time for work
B. Employee’s maintaining corporate documentation
C. Including employee IDs in the audit logs
D. Employee’s providing a password or passphrase
C
194 - Which option is not classified as a presentation layer standard?
A. TIFF
B. MPEG
C. JPEG
D. HTTP
D
195 - Vulnerability scanning is a common method used by intruders to determine the weaknesses within a system. What is the first line of defense against vulnerability scanning?
A. Close all open ports that are not required for daily activities.
B. Apply the most current patches to the system.
C. Perform a periodic vulnerability scan on the network.
D. Have defined change control procedures within the organization.
A
196 - There are many different types of computer crimes, each of which can be committed differently. An employee who eavesdrops on the electronic signals emitted by a computer is committing what type of attack?
A. TEMPEST
B. Emanations capturing
C. Data diddling
C. Salami attack
B
197 - Which term best describes an access control concept that is responsible for the mediation of access controls to objects by subjects?
A. Secure state
B. Security kernel
C. Security perimeter
D. Reference monitor
D
198 - Which of the following is NOT one of the principles identified by the Directive on Data Protection?
A. Notice
B. Choice
C. Data integrity
D. Data confidentiality
D
199 - What is the BEST way to secure all data at rest on a portable computer without degrading system performance?
A. Software-based FDE
B. Hardware-based FDE
C. Cloud computing
D. SSL
B
200 - What is not a necessary step for developing a data classification program?
A. Assign responsibility for data classification to the data custodian.
B. Assign a data custodian.
C. Define procedures for declassifying data.
D. Define the classification levels.
A
201 - What is NOT true regarding the services that MPLS provides?
A. Packet labeling is provided
B. Encryption is provided
C. QoS is provided
D. Traffic engineering is provided
B
202 - Which layer of the OSI model maps to the Host-to-Host layer of the TCP/IP model?
A. Data link
B. Physical
C. Transport
D. Network
C
203 - What is not a basic principle used to help protect against threats to data integrity?
A. Rotation of duties
B. Need-to-know
C. Separation of duties
D. Repudiation
D
204 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance?
A. Keyboard monitoring
B. Audit logs
C. Closed Circuit Television (CCTV)
D. Fencing
C
205 - Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination?
A. Network
B. Session
C. Physical
D. Data link
A
206 - Which stages match to each lifecycle?
A. Operations and maintenance support B. Revisions and system replacement C. Testing and evaluating D. Recording and documenting E. Defining functional objectives
- Systems Development Life Cycle
- System Life Cycle
- [E, D, C] Systems Development Life Cycle
- [B, A] System Life Cycle
207 - Mantraps are an example of what type of security control?
A. Detective controls
B. Corrective controls
C. Recovery controls
D. Preventive controls
D
208 - What type of attack prevents a system from responding to legitimate traffic from authorized clients?
A. An IP spoofing attack
B. A password cracking attack
C. A denial of service attack
D. A Trojan horse attack
C
209 - The planning phase should involve creating a timeline for developing the BCP. It is important to prioritize certain areas and to specify when plans for those areas will be completed. For a medium-sized company with an experienced planner and the full support of management, when should a BIA be completed?
A. Six to nine months
B. Nine to 12 months
C. Within the first month
D. Within six months
D
210 - Which phase of the Business Continuity Plan (BCP) involves the first widespread interaction between business areas and security managers?
A. Plan Design and Development
B. Project Management and initiation
C. Recovery Strategies
D. Business Impact Analysis (BIA)
D
211 - Which standard is most commonly used by IPsec for key management?
A. IKE
B. OAKLEY
C. SKIP
D. ISAKMP
A
212 - A computer crime is suspected and reported to senior management. What should the incident response team consider during the preliminary investigation?
A. Which company officials should be informed viea e-mail
B. Whether the suspect should be contacted
C. Whether the police should be contacted
D. Who will communicate with the media.
C
213 - Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network?
A. Decrease the number of rings that will occur before the RAS server answers an incoming call.
B. Change the phone numbers for the modems within the RAS server.
C. Disable all modems that are not required for incoming calls.
D. Increase the number of rings that will occur before the RAS server answers an incoming call.
D
214 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs?
A. Gates
B. Landscaping
C. Fences
D. Bollards
C
215 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company’s president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora’s Fourth Amendment rights?
A. If Debora is acting as a police agent, management’s Fourth Amendment rights would not be violated.
B. If management is acting as private citizens, Debora’s Fourth Amendment rights would be violated.
C. If management is acting as a police agent, Debora’s Fourth Amendment rights would not be violated.
D. If management is acting as private citizens, Debora’s Fourth Amendment rights would not be violated.
D
216 - What is not a valid type of test for a Business Continuity Plan (BCP)?
A. Partial interruption
B. Parallel
C. Checklist
D. Simulation
A
217 - Which feature defines the protocols needed to register public key information?
A. SHA-1
B. X-KISS
C. HAVAL
D. X-KRSS
D
218 - The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise availability?
A. Denial-of-Service attack
B. Social engineering
C. Human error
D. Dumpster diving
A
219 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occurring if one of the steps fails?
A. Isolation
B. Consistency
C. Durability
D. Atomicity
D
220 - Which algorithms match to each type?
A. Diffie-Hellman B. IDEA C. DSA D. RC6 E. El Gamal F. 3DES
- Asymmetric
- Symmetric
- [A, C, E] Asymmetric
- [B, D, F] Symmetric
221 - What is the first step that should be performed for a penetration test?
A. Vulnerability analysis
B. Reconnaissance
C. Enumeration
D. Exploitation
B
222 - Which type of light is ideal for indoor lighting but not for outdoor lighting?
A. Mercury vapor
B. Fluorescent
C. Quartz lamps
D. Sodium Vapor
B
223 - What can users inherit from group memberships or roles that they have within an organization?
A. Covert channels
B. Inference
C. Entitlements
D. Emanation
C
224 - Which type of lock allows for a certain amount of individual accountability?
A. Cipher lock
B. Smart lock
C. Electronic combination lock
D. Combination lock
B
225 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router?
A. Layer 3
B. Layer 2
C. Layer 7
D. Layer 1
A
226 - Several ethical bases have been identified to help with IT decision making. Which statement provides the basis for the golden rule?
A. Assume that all property and information belongs to someone.
B. Incur least harm or cost.
C. If an action is not repeatable at all times, it is not right at any time.
D. Treat others as you wish to be treated.
D
227 - Which layers of the OSI model map to the Network Access layer of the TCP/IP model?
A. Network and Physical
B. Transport and Network
C. Network and Data Link
D. Data Link and Physical
D
228 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources?
A. Business impact analysis
B. Plan maintenance
C. Policy statement and team creation
D. Develop recovery strategies
A
229 - Several measures can be taken to help protect against electric power issues. What is not a recommended method of protecting devices?
A. Use shielded cables.
B. Do not run cables close to fluorescent lights.
C. Plug all devices into surge protectors.
D. Plug power bars into other power bars to help provide additional protection.
D
230 - Which security standard consists of five principles and seven enablers?
A. COBIT version 5
B. ISO/IEC 15408
C. ISO/IEC 27001; 2005
D. ITSEC
A
231 - Security management is supported by the three core information security principles. They are confidentiality, availability, and integrity. Which controls are used for availability and integrity?
A. Physical access controls B. Database encryption C. Hashing D. Clustering E. Warm sites
- Availability
- Integrity
- [D, E] Availability
- [A, C] Integrity
232 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators?
A. Most attacks are performed by individuals located outside of the network
B. Most companies do not use firewalls
C. Many attackers spoof their IP addresses and erase logs to cover their tracks
D. There are only a few laws that specifically address computer crimes
C
233 - The first step in performing a risk assessment is to identify vulnerabilities. Which of the following is considered a security vulnerability?
A. The absence of a security guard
B. A disgruntled employee
C. An access control system not functioning properly
D. A piece of code written to create a DoS attack
A
234 - Which intellectual property laws match each example?
A. Trade Secret
B. Trademark
C. Patent
D. Copyright
- Double tapping a screen for enlarging documents on a tablet
- A recipe for chicken batter at a popular restaurant chain
- A logo of a large restaurant chain
- Printed sheet music for a popular song
- [C] Double tapping a screen for enlarging documents on a tablet
- [A] A recipe for chicken batter at a popular restaurant chain
- [B] A logo of a large restaurant chain
- [D] Printed sheet music for a popular song
235 - What is the highest level of information classification used by the majority of organizations?
A. Confidential
B. Internal use only
C. Secret
D. Restricted
D
236 - Which access cards match to each description?
A. Magnetic stripe card
B. Proximity card
C. Smart card
- Contains a microchip and can store a large amount of data
- Contains a microchip and opens a magnetic lock
- Made of PVC material and is easily damaged
- [C] Contains a microchip and can store a large amount of data
- [B] Contains a microchip and opens a magnetic lock
- [A] Made of PVC material and is easily damaged
237 - What is NOT a valid method of protecting against static electricity?
A. Manage humidity levels.
B. Ensure equipment and electrical outlets are grounded.
C. Install carpets on server room floors.
D. Use an ESD Wrist strap.
C
238 - As part of the security steering committee for a high-tech security firm, you suggest that two high level employees are required to have information that, when put together, provides access to a plaintext key. Upon which concept is the suggestion based?
A. Dual control
B. Split knowledge
C. Social engineering
D. Rotation of duties
B
239 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement?
A. Protect resources that are required for data processing.
B. Ensure that resource security is maintained during a failure.
C. Ensure that vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced.
D. Provide a balance between the implemented security controls and the user’s productivity.
B
240 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with?
A. Accreditation
B. Hallmark
C. Affirmation
D. Certification
A
241 - Which is not a characteristic of business impact analysis?
A. Determining the maximum tolerable downtime (MTD)
B. Identifying critical systems
C. Determining a recovery strategy
D. Developing it early in business continuity planning
C
242 - During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase?
A. Human resources
B. Data and voice equipment
C. Environmental issues
D. Computer and network equipment
A
243 - What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986?
A. To use classified data for the benefit of a foreign nation
B. To disclose personal medical information
C. To gain unauthorized access to government computers
D. To gain authorized access to personal medical information
C
244 - What would be the least effective method to prevent an intruder from gaining access to a facility?
A. Smartcards
B. A fence
C. Guard dogs
D. CCTV
D
245 - What type of interference can be caused by a disturbance in the circuit from the difference in the hot, neutral, and ground wires and the magnetic field they generate?
A. Electromagnetic interference
B. Intermodulation
C. Electrostatic discharge
D. Radio frequency interference
A
246 - What is the first level in the Orange Book that requires labeled security?
A. C2
B. B1
C. C1
D. B2
B
247 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls?
A. Provide users with the level of access they require to complete their assigned tasks.
B. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel.
C. Provide all users with administrative-like access control capabilities.
D. Provide specific users with administrative-like access control capabilities.
D
248 - What does the term “trusted computing base” best address?
A. The level of application portability a system provides
B. The level of trust a system provides
C. The level of security a system provides
D. The level of communication a system provides
B
249 - How does DCOM provide security for software applications?
A. It uses garbage collection to leave classified data in unallocated memory locations
B. It creates authentication levels that protect the authenticity, integrity, and confidentiality of data
C. It creates sandboxes, which are security boundaries within which untrusted applets are executed
D. It uses digital signatures, which are verified using the Authenticode technology
B
250 - Which of the following are qualitative risk analysis techniques and quantitative risk analysis techniques?
A. Delphi B. Checklists C. Sensitivity analysis D. Focus groups E. Monte Carlo
- Qualitative risk analysis
- Quantitative risk analysis
- [B, A, D] Qualitative risk analysis
- [E, C] Quantitative risk analysis
1 - Which statement best describes the purpose of a public key infrastructure certificate?
A. It is used to perform certification registration duties.
B. It is used to maintain and issue certificates.
C. It is used to associate a public key with various identification information so that an owner can be uniquely identified.
D. It is used to provide a secure means of communication between a wide range of geographically dispersed individuals.
C
2 - Which type of security threat would be used by an attacker to delete a resource on a specific date or time?
A. SYN flood attack
B. Logic bomb
C. DoS attack
D. Companion virus
B
3 - Which device can help protect against water damage?
A. Acoustical detection system
B. Surge suppressor
C. Closed-loop recirculating system
D. Water detector
D
4 - There are different types of eavesdropping methods. Which method involves tampering with a transmission medium in order to create a covert signaling channel?
A. Passive Eavesdropping
B. Covert Channel Eavesdropping
C. Channel Eavesdropping
D. Active Eavesdropping
D
5 - During a project, what process determines if a software product provides its intended services?
A. Verification
B. Software escrow
C. Validation
D. Change control
C
6 - Which Redundant Array of Independent Disks (RAID) level writes data to two different drives at the exact same time so that both drives contain the exact same data?
A. RAID 3
B. RAID 0
C. RAID 5
D. RAID 1
D
7 - Which statement accurately describes key distribution and maintenance?
A. Key backups should be highly secured and not readily accessible.
B. The process should be manual.
C. Keys should be stored in plaintext for easy recovery in case of disaster.
D. The process should be automated.
D
8 - What attributes are used when evaluating a system’s protection mechanisms under the information Technology Security Evaluation Criteria (ITSEC)?
A. Assurance and integrity
B. Integrity and Authentication
C. Functionality and Assurance
D. Confidentiality and Functionality
C
9 - You are attempting to determine the types of preventative measures to put in place to protect your company’s facility. What is not a preventative measure you might implement?
A. Increase inventory
B. Implement a hot site
C. Purchase generators
D. Create redundant power lines
B
10 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence?
A. CCTV
B. TDR
C. DSA
D. PPTP
B
11 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence?
A. Modifying computer-generated evidence is impossible
B. Evidence must be returned to its owner once presented in court
C. Evidence must be legally permissible
D. Evidence must not be admissible
C
12 - Which type of lock provides the least amount of security?
A. Electronic combination lock
B. Warded lock
C. Tumbler lock
D. Smart lock
B
13 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance?
A. Fencing
B. Keyboard monitoring
C. Closed Circuit Television (CCTV)
D. Audit logs
C
14 - Which term represenets a collection of technologies that gathers and stores access control information and specified system activity for later study?
A. MTBF
B. SIEM
C. ITIL
D.FMEA
B
15 - What has a primary focus on ensuring the business functions that are critical to the organization’s survival are available in the event of a business interruption?
A. NYSE Rule 446
B. Resource dependency analysis
C. Corporate contingency planning
D. Business impact analysis
C
16 - Which statement best defines a clipping level?
A. The implementation of assurance levels and the management of security features.
B. The act of discovering a problem before it becomes a major issue and causes damage
C. A threshold that defines a baseline that must be met before a violation is recorded and further review
D. A baseline that defines a threshold that must be met before a violation is recorded for further review
D
17 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is a typical threat to confidentiality?
A. Shoulder surfing
B. Separation of duties
C. Encryption
D. Denial-of-Service (DoS) attack
A
18 - What ITSEC rating is concerned with a high level of integrity during communications?
A. F7
B. F6
C. F9
D. F8
D
19 - You need to select a server room fire suppressant that is considered environmentally safe and less damaging to hardware. What should you choose?
A. Carbon Dioxide
B. FM200
C. Halon 1301
B
20 - What is considered a felony under the US Computer Fraud and Abuse At of 1986?
A. To gain unauthorized access to government systems
B. To disclose personal medical information
C. To use classified data fro the benefit of a foreign nation
D. To exchange passwords for unauthorized access to systems.
C
21 - What classification of gate is designed to secure an industrial yard that only authorized individuals are permitted entry?
A. Class I
B. Class III
C. Class IV
D. Class II
B
22 - Management plans to implement a security policy that enforces the proper use of company e-mail, address monitoring, and privacy issues. What type of security policy is best suited for this purpose?
A. Advisory
B. Informative
C. Issue-specific
D. System-specific
C
23 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this?
A. Wardialing
B. Piggybacking
C. Wardriving
D. Modemsurfing
A
24 - What is the most common method used to locate unsecured wireless networks?
A. Wardriving
B. Salami
C. Wardialing
D. Piggybacking
A
25 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occurring if one of the steps fails?
A. Consistency
B. Durability
C. Isolation
D. Atomicity
D
26 - What method of securing an object-oriented DBMS only provides discretionary access controls?
A. SORION
B. ORION
C. Views
D. SODA
B
27 - What is not a basic principle used to help protect against threats to data integrity?
A. Need-to-know
B. Repudiation
C. Separation of duties
D. Rotation of duties
B
28 - Which constraint should be the primary concern when creating procedures for background checks on new hires?
A. Organizational policies
B. Privacy laws
C. Senior management’s sign-off
D. Employee acceptance
B
29 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure?
A. RAID 1
B. RAID 3
C. RAID 0
D. RAID 5
D
30 - What is true regarding the relationship between laws and ethics?
A. Ethics and laws are synonymous.
B. Most laws are derived from ethics.
C. Ethics are always derived from laws.
D. An action that is legal is also ethical.
B
31 - Which is TRUE in relation to a one-way hash function?
A. It takes a fixed-length string and produces a fixed-length value.
B. It takes a variable-length string and produces a fixed-length value.
C. It takes a fixed-length string and produces and variable-length value.
D. It takes a variable-length string and produces a variable-length value.
B
32 - Which option is NOT TRUE in regards to key management?
A. Key lengths should be long enough to provide the level of protection that is required.
B. Keys should be maintained in a secure location when their lifetime expires.
C. Keys should be stored and transmitted in a secure manner.
D. The lifetime of a key should be dictated by the amount of usage.
B
33 - Which type of law is based on the traditions of the region?
A. Common
B. Customary
C. Mixed
D. Religious
B
34 - What best describes an information protection environment?
A. An environment for operations security that encompasses all computing resources in an organization
B. An environment for software security that encompasses all software used in an organization
C. Audits, logs, policies, and procedures used to track user activities throughout the organization
D. An environment for hardware security that encompasses all dedicated hardware in an organization
A
35 - Which type of security document should management use to mandate that all employees wear photo ID badges, and that they be visible at all times?
A. Procedure
B. Guideline
C. Baseline
D. Informative security policy
C
36 - Which statement best identifies what vulnerability tools are used for and who they are used by?
A. They are used by network administrators to fix security vulnerabilities that are present within a network.
B. They are used by hackers to determine what security vulnerabilities are present within a network.
C. They are used by network administrators to determine what security vulnerabilities are present within a network.
D. They are used by hackers and network administrators to determine what security vulnerabilities are present within a network.
D
37 - There are different types of offsite solutions for facility recovery. What is the most common type of subscription-based backup facility?
A. Warm
B. Cold
C. Hot
D. Redundant
A
38 - What security mode is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it?
A. Multilevel Security Mode
B. System High-Security Mode
C. Compartmented Security Mode
D. Dedicated Security Mode
B
39 - Which rule will protect data at an integrity level from being corrupted by data at a lower integrity level?
A. Star property rule
B. Strong star property rule
C. Simple security rule
D. Simple integrity axiom
D
40 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as?
A. Certification
B. Hallmark
C. Accreditation
D. Affirmation
A
41 - What is NOT true regarding the services that MPLS provides?
A. QoS is provided
B. Encryption is provided
C. Traffic engineering is provided
D. Packet labeling is provided
B
42 - Several measures can be taken to help protect against electric power issues. What is NOT a recommended method of protecting devices?
A. Do not run cables close to fluorescent lights.
B. Plug all devices into surge protectors.
C. Plug power bars into other power bars to help provide additional protection.
D. Use shielded cables.
C
43 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the use currently resides?
A. Simple security rule
B. Simple integrity axiom
C. Star integrity axiom
D. Star property rule
D
44 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources?
A. Plan maintenance
B. Business impact analysis
C. Develop recovery strategies
D. Policy statement and team creation
B
45 - Which type of security device is set into a door’s edge?
A. Rim lock
B. Biometric reader
C. Card reader
D. Mortise lock
D
46 - What process involves data from multiple databases or data sources being combined into a large database for the purpose of running queries for data analysis and retrieval?
A. Data mining
B. Data warehousing
C. Data sifting
D. Data digging
B
47 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is this process referring to?
A. Accreditation
B. Certification
C. Affirmation
D. Verification
A
48 - Which security principle ensures that information is not disclosed to unauthorized individuals?
A. Confidentiality
B. Integrity
C. Availability
D. Authorization
A
49 - What is the best method of preventing a buffer overflow?
A. Increase the amount of virtual memory available to the operating system
B. Add RAM to the computer
C. Limit the amount of data that is accepted by an application
D. Limit the amount of data that can be entered into memory
D
50 - What type of alarm system triggers an alarm at your organization’s security command center when it detects an intruder?
A. Auxiliary station
B. Proprietary
C. Central station
D. Local
B
51 - What is not a valid type of test for a Business Continuity Plan (BCP)?
A. Parallel
B. Partial interruption
C. Simulation
D. Checklist
B
52 - Which of the following is an example of a technical control?
A. Background checks
B. Mantraps
C.Encryption
D. Policies and procedures
C
53 - Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer. However, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization?
A. Chief financial officer
B. Chief security officer
C. Chief information officer
D. Chief executive officer
C
54 - Which type of law acts on civil violations against an organization or individual?
A. Criminal
B. Regulatory
C. Tort
D. Administrative
C
55 - Which access control model is also referred to as nondiscretionary access control?
A. Role-based access control
B. Discretionary access control
C. Mandatory access control
D. Rule-based access control
A
56 - Which Capability Maturity Model integration maturity levels match to each description?
A. Managed B. Repeatable C. Initial D. Defined E. Optimizing
- The company uses an ad hoc development process for its products and software.
- The company has formal procedures for outlining process and has a method that can help with process improvement.
- The company’s plans are integrated with a budget used for continually improving processes
- The company has formal processes to collect and study data and defined metrics for their program used for process improvement
- The company does not use a formal process model, but they can replicate the processes needed.
[C] - The company uses an ad hoc development process for its products and software.
[D] - The company has formal procedures for outlining process and has a method that can help with process improvement.
[E] - The company’s plans are integrated with a budget used for continually improving processes
[A] - The company has formal processes to collect and study data and defined metrics for their program used for process improvement
[B] - The company does not use a formal process model, but they can replicate the processes needed.
57 - Various resources are available to aid in the development of an information security strategy. Which resource sets the allowable boundaries that are used to determine if policy requirements have been met?
A. Procedure
B. Policy
C. Standard
D. Guideline
C
58 - Which IDS technologies match each characteristic?
A. Signature-based
B. Anomaly-based
- Is able to identify several activities and compare them to known patterns simultaneously
- Is synonymous with heuristic-based
- Does not have the ability to identify new attacks
- Has the ability to identify new attacks
- [A] Is able to identify several activities and compare them to known patterns simultaneously
- [B] Is synonymous with heuristic-based
- [A] Does not have the ability to identify new attacks
- [B] Has the ability to identify new attacks
59 - What is NOT one of the three critical requirements for operations controls?
A. Hardware control
B. Resource protection
C. Software control
D. Privileged-entry control
C
60 - An NDA addresses which security principal?
A. Authenticity
B. Integrity
C. Availability
D. Confidentiality
D
61 - At which stage of the SLC does the development team observe how the system operates to make sure it is functioning as expected?
A. Recording and documenting
B. Revisions and system replacement
C. Producing and installing
D. Operations and maintenance support
D
62 - What law protects software programs from illegal distribution?
A. Patent
B. Copyright
C. Trademark
D. Trade secret
B
63 - You have received a change request from your client on a project you are currently developing for them. What is the correct order of steps you should take to ensure that you follow the change control process?
A. Make a formal request, Submit the request for approval, Develop the change, Analyze the request, Record the request, Report the results to management
B. Make a formal request, Analyze the request, Record the request, Submit the request for approval, Develop the change, Report the results to management
C. Submit the request for approval, Make a formal request, Analyze the request, Record the request, Develop the change, Report the results to management
D. Analyze the request, Record the request, Make a formal request, Submit the request for approval, Develop the change, Report the results to management
B
64 - Companies tha thave been attacked often choose not to release this information to the media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account?
A. Kevin Mitnick
B. Cult of Dead Cow
C. Chaos Computer Club
D. Legion of Doom
C
65 - What ensures the accountability and integrity of evidence once it is collected?
A. Tangibility
B. Chain of evidence
C. Due care
D. Due diligence
B
66 - What type of test involves selected members from each department coming together to review and discuss each section of the Business Continuity Plan (BCP)?
A. Simulation test
B. Checklist test
C. Parallel test
D. Structured Walk-Through test
D
67 - Which identity management system characteristics match with the identity management system?
A. Supports the Apple Talk protocol
B. Provides packet delivery with TCP
C. Encrypts packets between the server and the client
D. Combines services for authentication and authorization
E. Provides packet delivery with UDP
F. Uses PPP connections
- TACACS+
- RADIUS
- [A, C, B] TACACS+
- [E, F, D] RADIUS
68 - What type of database integrity exists if all foreign keys point to existing primary keys?
A. Semantic
B. Entity
C. Structural
D. Referential
D
69 - Which component is used to create digital signatures?
A. IPsec
B. DSA
C. SKIP
D. PPTP
B
70 - There are various methodologies available for assessing an organization’s security risks. Which risk assessment methodology would be best to use to prescreen systems and applications to determine whether further risk analysis is warranted?
A. FRAP
B. CRAMM
C. NIST SP 800-66
D. FMEA
A
71 - Your organization is performing business continuity and disaster recovery planning, and you are the lead planner for this project. The overall scope of the effort required for planning has ben determined and you have begun to look at the resource requirements to complete the development of the plan. Which statement is not true concerning the resource requirements that are required to develop the project plan?
A. Outside consultants may be hired to assist with the initial planning stages.
B. Software tools may be used to help with the collection of information for planning.
C. People used on the planning team should not be the same individuals that perform the recovery.
D. The planning team needs to be represented by individuals from business operations and technology areas.
C
72 - Which rule is also classified as the “no read down” rule?
A. Star integrity axiom
B. Simple security rule
C. Star property rule
D. Simple integrity axiom
D
73 - Which layer of the SABSA model operates across all the other layers?
A. Logical
B. Physical
C. Contextual
D. Operational
D
74 - The International Information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory canon in the CISSP Code of Ethics?
A. Protect society, the commonwealth, and the infrastructure.
B. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty.
C. Provide diligent and competent service to principals.
D. Act honorably, honestly, justly, responsibly, and legally.
B
75 - What type of technology makes use of a sandbox as a security mechanism?
A. ActiveX
B. Malware
C. Java
D. DBMS
C
76 - Which organization provides the standards for reinforced filing cabinets?
A. Office of Government Commerce
B. U.S. Government
C. Underwriters Laboratory
D. Pearson VUE
B
77 - What type of water sprinkler system is best used in an environment that contains a lot of expensive computer and electronic equipment?
A. Deluge
B. Dry pipe
C. Wet pipe
D. Preaction
D
78 - What type of mobile code control serves as a protected area for a program to execute?
A. Kernel
B. Access matrix
C. Covert channel
D. Sandbox
D
79 - You need to purchase video surveillance equipment for your organization. Your boss has requested that you implement an automated system that is able to trigger alarms when it detects noise or movement. What type of camera system should you deploy?
A. A CCD capable system
B. An annunciator capable system
C. An automatic iris capable system
D. A PTZ capable system
B
80 - Which database models match each description?
A. Network
B. Object-oriented
C. Hierarchical
D. Relational
- The data stored in this model is based on two-dimensional tables consisting of tuples and attributes.
- The data stored in this model is linked in a way that each record or child has only one owner or parent.
- The data stored in this model is linked in a way that establishes a multiple child-parent relationship.
- The data stored in this model is in the form of objects using programming features.
- [B] The data stored in this model is based on two-dimensional tables consisting of tuples and attributes.
- [C] The data stored in this model is linked in a way that each record or child has only one owner or parent.
- [A] The data stored in this model is linked in a way that establishes a multiple child-parent relationship.
- [D] The data stored in this model is in the form of objects using programming features.
81 - The company’s database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significant amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in?
A. Urgent
B. Normal
C. Critical
D. Nonessential
A
82 - In terms of a biometric system, what is referred to as a Type II error?
A. False rejection rate
B. Equal error rate
C. False acceptance rate
D. Crossover error rate
C
83 - Mantraps are an example of what type of security control?
A. Corrective controls
B. Detective controls
C. Preventive controls
D. Recovery controls
C
84 - To which type of attack is a PBX system vulnerable?
A. Sniffing attack
B. Privilege escalation attack
C. Phreak attack
D. DNS spoofing attack
C
85 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. What is NOT a concern for the resource protection critical requirement?
A. Ensure that resource security is maintained during a failure.
B. Protect resources that are required for data processing.
C. Provide a balance between the implemented security controls and the user’s productivity.
D. Ensure the vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced.
A
86 - The Application layer of the TCP/IP model maps to which layers of the OSI model?
A. Application, Session, Transport
B. Presentation, Session, Transport
C. Application, Presentation, Session
D. Transport, Network, Data Link
C
87 - When might an organization require an export license?
A. To implement cloud computing
B. To permit trans-border data flows
C. To employ a key escrow service
D. To establish a distributed data model
B
88 - There are various types of evidence that can be used in a court of law. What type of evidence cannot be used on its own, but may be admissible to prove other, more substantial evidence?
A. Opinion evidence
B .Circumstantial evidence
C. Hearsay evidence
D. Corroborative evidence
D
89 - What is the BEST way to secure all data at rest on a portable computer without degrading system performance?
A. Hardware-based FDE
B. Software-based FDE
C. SSL
D. Cloud computing
A
90 - What is the first level in the Orange Book that requires verified protection?
A. B2
B. C1
C. B1
D. A1
D
91 - Which technology provides availability, load balancing, redundancy, and failover?
A. RADIUS
B. Redundant Servers
C. RAID
D. Clustering
D
92 - A security practitioner is designing a network diagram that includes two routers and a firewall. A demilitarized zone (DMZ) is required for controlling a DMZ access from untrusted and trusted sites.
[Internet]
|
(Router)
|
[*Link*]-- [Firewall]
|
[*Link*]
|
(Router)
|
[*Link*]
|
[host - server]
[host - host ]
The link off to the side from the firewall
93 - You need to provide security for your client’s connections to your web server. you need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this?
A. SET
B. HTTPS
C. HTTP
D. S-HTTP
B
94 - Which cipher is most susceptible to frequency analysis attacks?
A. Caesar Cipher
B. Transposition Cipher
C. Polyalphabetic Substitution Cipher
D. Running Key Cipher
A
95 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router?
A. Layer 2
B. Layer 1
C. Layer 7
D. Layer 3
D
96 - What is an example of a preventive control?
A. Motion detectors
B. Routers
C. Audit logs
D. IDS
B
97 - What type of attack involves interference that overpowers the sending and receiving of data signal on a communications link?
A. Covert Wireless Channel
B. Eavesdropping
C. Denial of Service jamming
D. Man-in-the-Middle attacks
C
98 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients?
A. Relational data model
B. Distributed data model
C. Rational data model
D. Hierarchical data model
B
99 - Which type of light is ideal for indoor lighting but not for outdoor lighting?
A. Quartz lamps
B. Fluorescent
C. Sodium vapor
D. Mercury vapor
B
100 - A disaster recovery plan should ensure that salaries will be paid to employees while the organization’s normal business operations are suspended. What type of insurance policy provides coverage for this?
A. Cyberinsurance
B. Business interruption insurance
C. Accounts receivable insurance
D. Liability insurance
B
101 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out?
A. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution
B. Reconnaissance, Enumeration, Execution, Vulnerability Analysis, Document Findings
C. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings
D. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings
D
102 - When developing the business continuity plan (BCP), what is not the responsibility of management?
A. The outcome of the BCP development process
B. Creating the policy statement and setting goals
C. Determining any legal and regulatory requirements
D. Making the necessary resources available
C
103 - What is the Bell-LaPadula model most concerned with?
A. Integrity
B. Confidentiality
C. Repudiation
D. Verification
B
104 - What needs to be done by the organization to help ensure that the insurance company is responsible for coverage in the event of a disaster?
A. Nothing, the insurance company is always responsible
B. The organization must practice due diligence
C. The organization must purchase a Business Interruption Insurance policy
D. The organization must practice due care
D
105 - Which encryption method characteristics match to each encryption method?
A. Can be used for key distribution B. Number of keys can be determined by n(n-1)/2 C. Uses two instances of the same key D. Provides authentication E. Provides confidentiality only F. Uses a public key and a private key
- Symmetric
- Asymmetric
- [B, E, C] Symmetric
- [A, D, F] Asymmetric
106 - Which access control concept involves using a common set of process and controls for an area to segregate its resources and services from other entities on the network?
A. Least privilege
B. Need to know
C. Compartmentalization
D. Security domain
D
107 - What type of intrusion detection system (IDS) uses strips of foil, or preassure pads, near an entry point that sounds an alarm when the contact is broken?
A. Acoustical detection system
B. Photometric system
C. Electro-mechanical system
D. Proximity detector
C
108 - The Clark-Wilson model may be used to implement system integrity in a security policy. What best describes the Clark-Wilson integrity model?
A. Rights are specified using a table consisting of ACLs and capability lists.
B. Transformational procedures define the relationship between subject and object.
C. When compared to their assigned security levels, users cannot read data at lower levels or write data at higher levels.
D. Subjects are granted write access to objects with the same or higher security level as their own.
B
109 - What part of the product evaluation process deals with product development and maintenance?
A. Life-cycle assurance
B. Change control
C. Operational assurance
D. Clipping levels
A
110 - Which mode of the Data Encryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)?
A. Counter
B. Cipher Feedback
C. Cipher Block Chaining
D. Electric Code Book
A
111 - What method for database security involves having multiple instances of rows with the same primary key, each displaying a different set of data depending on the user’s security level?
A. Aggregation
B. Views
C. Polyinstantiation
D. Inference
C
112 - Which of the following is NOT one of the principles identified by the Directive on Data Protection?
A. Data confidentiality
B. Choice
C. Notice
D. Data integrity
A
113 - Which type of attack does not involve the use of the encryption key or encryption algorithm to gain access to secret information? A. Chosen ciphertext B. Brute force C. Chosen plaintext D. Social engineering
D
114 - What should be the last step in the project initiation phase?
A. Appoint a leader
B. Appoint a BCP team
C. Create a project plan
D. Present a project plan to management
D
115 - Which standard includes resources to help organizations maintain the safe treatment of cardholder information for payment card services?
A. NFPA 1600
B. XML
C. PCI-DSS
D. PGP
C
116 - What type of interference can be caused by a disturbance in the circuit from the difference in the hot, neutral, and ground wires and the magnetic field they generate?
A. Intermodulation
B. Radio frequency interference
C. Electromagnetic interference
D. Electrostatic discharge
C
117 - Which type of attack exploits the communications session between two communicating devices so that the session can be hijacked?
A. DNS poisoning
B. Sniffer Attack
C. TCP Sequence Number Attack
D. Ping of Death Attack
C
118 - Which attack takes advantage of weaknesses in the design of the TCP protocol?
A. Fraggle
B. Smurf
C. Teardrop
D. SYN flood
D
119 - What is not a phase involve din preparing a Business Continuity Plan (BCP)?
A. Recovery Strategies
B. Classify Resources
C. Project Management and Initiation
D. Testing, Maintenance, Awareness, and Training
B
120 - What should be the first step completed in the project initiation phase?
A. Define plan goals
B. Appoint a BCP team
C. Appoint a leader
D. Obtain management support
D
121 - What is one of the best ways to prevent piggybacking from occurring at the access points into a facility?
A. Programmable locks
B. Swipe cards
C. Proximity cards
D. Security gurards
D
122 - Which task is not part of the initial steps an attacker would perform when attacking a network?
A. Determining which ports are open by performing port scans
B. Start building a network topology
C. Determining which operating systems are installed on the active computers
D. Determining which computers are physically active
A
123 - What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986?
A. To gain unauthorized access to government computers
B. To gain authorized access to personal medical information
C. To disclose personal medical information
D. To use classified data for the benefit of a foreign nation
A
124 - Tem professional practice areas make up the basis of NFPA 1600. Which practice area involve determining the threats that apply to an organization and limiting their potential impact?
A. Project initiation and management
B. Risk evaluation and control
C. Awareness and training programs
D. Maintaining and exercising BCPs
B
125 - A junior network technician has approached you and asked for your opinion on what would be the most secure cable to implement within the organization. What should you tell them?
A. Fiber-optic
B. Unshielded Twisted Pair (UTP)
C. Shielded Twisted Pair (STP)
D. Coaxial
A
126 - When does a buffer overflow occur?
A. When the operating system runs out of RAM and causes a reboot
B. When an application runs out of memory and crashes the system
C. When too much data is entered into the buffer
D. When an application sends too much information to another application causing a blue screen
C
127 - An organization that partners with other corporations has multiple communication channels. What should be taken into consideration by all employees regarding these channels?
A. Single sign-on
B. Privacy compliance
C. Monitoring technologies
D. Intrusion detection
B
128 - Why are most companies unaware that they have ever been attacked?
A. Most attacks are performed by individuals located inside the target network.
B. There are only a few laws that specifically address computer crimes.
C. Attackers usually spoof their IP addresses.
D. Attackers usually erase any logs that record their activities.
D
129 - Which is not a characteristic of business impact analysis?
A. Determining a recovery strategy
B. Determining the maximum tolerable downtime (MTD)
C. Identifying critical systems
D. Developing it early in business continuity planning
A
130 - Which viable weekly backup strategy will take the least amount of time to complete?
A. Perform a differential backup every Monday and an incremental backup on the remaining days of the week.
B. Perform a full backup every Monday and a differential backup on the remaining days of the week.
C. Perform a full backup every day.
D. Perform a full backup every Monday and an incremental backup on the remaining days of the week.
D
131 - What is not an example of a physical control?
A. Subnets
B. External lights
C. Data backups
D. Building location
A
132 - What type of backup will contain any files that have changed since the last full backup?
A. Full
B. Complete
C. Differential
D. Incremental
C
133 - A security practitioner is designing access control monitoring. The design includes a non-filtering router, a firewall, and a company network. in particular, the company wants to correctly place an IPS so that the number of alerts is significantly reduced.
[Internet]
[Point] \/ \/ [Point]
[Firewall] (Router)
| |
- [Point] -[Point]
| |
[Company Net][Company Net]
The point between the firewall and the company network
134 - Which wireless technology matches to each description?
A. Cellular
B. Infrared
C. IEEE 802.11
D. Bluetooth
- Requires a network-aware device or dongle and an active account
- Switches between any of the 79 frequencies available in the 2.45 GHz range
- Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz
- Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another
- [A] Requires a network-aware device or dongle and an active account
- [D] Switches between any of the 79 frequencies available in the 2.45 GHz range
- [C] Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz
- [B] Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another
135 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them?
A. Coaxial
B. Fiber-optic
C. Shielded Twisted Pair
D. Unshielded Twisted Pair
D
136 - In a secure network, personnel play a key role in the maintenance and promotion of security procedures. Allotting different roles and responsibilities to different personnel provides increased security. It is important that each participant’s role is clearly defined and understood by the participants and by their peers. Which role is responsible for ensuring that the company complies with software license agreements?
A. Data analyst
B. Solution provider
C. Product-line manager
D. Process owner
C
137 - Administrative, technical, and physical controls should be used by security administrators to meet the organization’s security requirements. What is an example of a technical control?
A. Router
B. Closed -circuit TV (CCTV)
C. Data backup
D. Biometric system
A
138 - What law protects company logos from illegal duplication?
A. Patent
B. Copyright
C. Trademark
D. Trade secret
C
139 - Which aspect of IAM involves creating, modifying, and deleting user accounts?
A. Identity management
B. Authorization
C. Entitlement
D. Provisioning
D
140 - A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her?
A. You should tell her to implement logs.
B. You should tell her to implement auditing.
C. You should tell her to only hire honest people.
D. You should tell her to implement an accountability server.
B
141 - With Biometric systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied?
A. EMP
B. FAR
C. FRR
D. CER
B
142 - What is a security professional considered when they use hacking tools to test their own network for vulnerabilities?
A. Script kiddie
B. Black hat
C. Red Hat
D. White hat
D
143 - To help maintain operational resilience, your organization has implemented redundant fans and power supplies in key systems. In addition, they are looking to move away from concatenated disks by implementing proper RAID levels. On a system that is used for general storage, the requirement is that it can survive the failure of any one disk. Which RAID level will best meet this requirement?
A. RAID 0
B. RAID 4
C. RAID 3
D. RAID 5
D
144 - There are various threats that directly affect your operations environment it is important that your environment is protected against these threats. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad?
A. Corruption and modification
B. Disclosure and corruption
C. Destruction and theft
D. Interruption and disclosure
A
145 - Which piece of equipment is not recommended for use by incident response teams?
A. Plastic containers
B. Ball-point pen
C. Spiral notebook
D. Digital camera
C
146 - Which of these algorithms is NOT a symmetric algorithm?
A. DES
B. RSA
C. AES
D. 3DES
B
147 - Which statement best describes a properly implemented incident handling program?
A. Incident handling should be approached in a reactive manner
B. Incident reporting should be decentralized
C. Incident handling should be part of the business continuity plan
D. Incident handling should be part of the disaster recovery plan
D
148 - You have been tasked with implementing an intrusion detection system that learns as it performs its day-to-day tasks and uses this knowledge to detect any changes that could mean an intrusion is occurring. Which one should you implement?
A. Network-based intrusion detection system
B. Signature-based intrusion detection
C. Statistical anomaly-based intrusion detection
D. Host-based intrusion detection system
C
149 - Which method does not provide integrity for a message?
A. Hashing a message
B. Encrypting a message
C. Encrypting and digitally signing a message
D. Digitally signing a message
B
150 - Electronic devices emit electrical and electromagnetic signals through the airwaves. This is referred to as what?
A. Emanation
B. EMI
C. White noise
D. Tempest
A
151 - Which of these security models ensure that you cannot write to an object that resides at a security level lower than the one you possess?
A. Latice model
B. Biba model
C. Bell-LaPadula model
D. Clark-Wilson model
C
152 - What can be done to enforce employee accountability?
A. Ensuring employees arrive on time for work
B. Employee’s providing a password or passphrase
C. Employee’s maintaining corporate documentation
D. Including employee IDs in the audit logs
D
153 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company’s president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora’s Fourth Amendment rights?
A. If Debora is acting as a police agent, management’s Fourth Amendment rights would not be violated.
B. If management is acting as a police agent, Debora’s Fourth Amendment rights would not be violated.
C. If management is acting as a private citizens, Debora’s Fourth Amendment rights would be violated.
D. If management is acting as private citizens, Debora’s Fourth Amendment rights would not be violated.
D
154 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls?
A. Provide all users with administrative-like access control capabilities.
B. Provide users with the level of access they require to complete their assigned tasks.
C. Provide specific users with administrative-like access control capabilities.
D. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel.
C
155 - The integrity of data within a database can be protected by different types of operations. Which is NOT an operation that will protect the integrity of data within a database?
A. Savepoint
B. Commit
C. Inference
D. Rollback
C
156 - Which access control concept is used when operational secrecy is a major concern?
A. Security domain
B. Need to know
C. Compartmentalization
D. Least privilege
B
157 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher?
A. Running key
B. Transposition
C. Substitution
D. Null
B
158 - Knowledge discovery in databases (KDD) is a process where patterns within a database are identified using various approaches and techniques. Which is NOT one of the approaches used in the KDD system to determine patterns?
A. Statistical
B. Heuristic
C. Probabilistic
D. Classification
B
159 - What is the best strategy for outsourcing?
A. Omitting business continuity and disaster recovery considerations from the outsourcing strategy
B. Including appropriate terms and conditions in the SLA
C. Excluding service improvement expectations from the outsourcing contract
D. Developing an outsourcing strategy independent of auditing considerations related to outsourcing
B
160 - Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings?
A. Reverse ARP
B. Revers ARP table poising
C. ARP table poisoning
D. Poisoning ARP cache
C
161 - Your current network uses the Open Shortest Path First (OSPF) dynamic routing protocol to update routes to different destinations on the network. It has been brought to your attention that a rougue router is updating routes on the internal network. This is creating false routes to destinations internally and externally which imposes a security issue. What should you do to prevent the rogue router from updating your internal routing information?
A. Contact the local authorities.
B. Unplug the rogue router.
C. Implement update authentication between the internal routers.
D. Implement a different type of dynamic routing protocol
C
162 - Fire suppression systems use different methods to combat fires. What substance is non=-toxic, does not deplete the ozone, and is safe to use around electrical equipment?
A. Carbon dioxide (CO2)
B. FM 200
C. Deluge
D. Halon
B
163 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment?
A. Fault
B. Brownout
C. Sag
D. Blackout
A
164 - Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation?
A. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information.
B. A user has the permissions to access information, and also has the required permissions to access subsets of the same information.
C. A user has the permissions to access information, and does not have the required permissions to access subsets of the same information.
D. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information.
A
165 - Several methods have been developed to be used as the basis for assessing an organization’s security posture. Which information security risk assessment methodology is made up of a suite of tools and focuses on the principle of self-direction?
A. OCTAVE
B. PUSH
C. SOMAP
D. VAR
A
166 - Which type of attack involves deceiving a trusting person into sharing confidential information?
A. Active
B. Social engineering
C. Passive
D. Spoofing
B
167 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with?
A. Affirmation
B. Hallmark
C. Certification
D. Accreditation
D
168 - Which security models match each characteristic?
A. Lipner
B. Biba
C. Bell-LaPadula
D. Clark-Wilson
- Confidentiality
- Integrity
- Confidentiality and Integrity
- [C] Confidentiality
- [B, D] Integrity
- [A] Confidentiality and Integrity
169 - Which statement is not true in relation to the term “back door”?
A. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in.
B. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes.
C. A back door attack allows an attacker to masquerade themselves as someone else.
D. There are various tools on the market that allow you to easily create and execute back door attacks.
C
170 - Which security model has the ability to address the inference attack?
A. Graham-Denning model
B. Noninterference model
C. Lattice model
D. Biba model
B
171 - What often happens unexpectedly because of the development of a company’s contingency plan?
A. RTOs are discovered
B. Hot sites are found to be expensive to maintain
C. Support from senior management is realized
D. Improved business operations
D
172 - Which access control model makes use of ACLs?
A. Mandatory access control
B. Nondiscretionary access control
C. Role-based access control
D. Discretionary access control
D
173 - During the system development process, logging should be enabled to ensure that the development life cycle is tracked. What should you track in the logs?
A. Completion codes
B. Edits
C. Operating instructions
D. Who accessed the resource, what resource was accessed, and when the resource was accessed
D
174 - Which statement is TRUE in relation to work factor?
A. Work factor is an estimate of the effort and resources that are required to penetrate a cryptosystem.
B. Work factor is the total value of the overall cryptographic strength.
C. Work factor is an estimate of the overall cryptographic strength.
D. Work factor is the total amount of effort and resources that are required to penetrate a cryptosystem.
A
175 - What Common Criteria assurance level is the first to require that the product is formally verified, designed, and tested?
A. EAL 5
B. EAL 4
C. EAL 7
D. EAL 6
C
176 - The planning phase should involve creating a timeline for developing the BCP. It is important to prioritize certain areas and to specify when plans for those areas will be completed. For a medium-sized company with an experienced planner and the full support of management, when should a BIA be completed?
A. Within six months
B. Nine to 12 months
C. Six to nine months
D. Within the first month
A
177 - For applications to interact with various types of databases, a type of interface is needed. What type of database interface language is used for structuring data so that it can be shared between applications and web technologies?
A. OLE DB
B. ADO
C. XML
D. ODBC
C
178 - Which features match to each key technology?
A. Can be re-pinned by using a master key
B. Contains a built-in microprocessor
C. Allows for 10 to 15 lock changes
D. Identifies the individual key holder
- Instakey
- Intellikey
- [A, C] Instakey
- [B, D] Intellikey
179 - An organization has hired contractors for a project requiring a confidentiality agreement. Issues with one of the contractors require that they be terminated. When should the contractor be terminated?
A. Upon completion of the project
B. After the completion of a termination interview
C. After a two-week notice period
D. immediately
D
180 - Which item is typically used for the implementation of a key control system for securing access to areas containing sensitive equipment?
A. Biometric reader
B. Patented cylinders
C. One time keypad
D. Public Key Infrastructure
B
181 - What would be the maximum tolerable downtime (MTD) of a business function categorized as urgent?
A. 24 hours
B. Up to 4 hours
C. 30 days
D. 7 days
A
182 - What are the strengths and weaknesses of asymmetric cryptography?
A. Provides authenticity
B. Uses more computational power than the other cryptography method
C. Does not scale well in terms of key management
D. Uses less computational power than the other cryptography method
E. Better key distribution than the other cryptography method
F. Provides confidentiality only
- Weakness
- Strength
- [B] Weakness
- [A, E] Strength
183 - Which access cards match to each description?
A. Proximity card
B. Magnetic stripe card
C. Smart card
- Contains a microchip and can store a large amount of data
- Made of PVC material and is easily damaged
- Contains a microchip and opens a magnetic lock
- [C] Contains a microchip and can store a large amount of data
- [B] Made of PVC material and is easily damaged
- [A] Contains a microchip and opens a magnetic lock
184 - Which attack occurs when an attacker sends packets that are too small?
A. Fraggle
B. SYN flood
C. Smurf
D. Teardrop
D
185 - There are many different types of computer crimes, each of which can be committed differently. An employee who eavesdrops on the electronic signals emitted by a computer is committing what type of attack?
A. Emanations capturing
B. TEMPEST
C. Salami attack
D. Data diddling
A
186 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs?
A. Accidental disclosure of confidential, private information
B. Susceptibility to DoS attacks
C. Their being used to facilitate the spread of malicious code
D. Their being used to identify wireless hotspots that attackers can use to initiate attacks
A
187 - You are currently in the process of implementing Network Address Translation (NAT) within your organization. Which IP address range would be best suited for your internal client needs?
A. 169.54.0.0 to 169.254.255.255
B. 172.168.0.0 to 172.168.255.255
C. 172.16.0.0 to 172.31.255.255
D. 192.169.0.0 to 192.169.255.255
C
188 - Which type of media access technology is primarily used in Ethernet networks?
A. Polling
B. CSMA
C. Token Passing
D. Ethernet
B
189 - Which NIST 800-34 standard steps that can be applied to business continuity planning match each description?
A. Develop recovery strategies.
B. Conduct the BIA.
C. Develop the contingency plan.
D. Maintain the plan.
- Identify threats and calculate risks.
- Implement procedures to keep the BCP updated on a frequent basis.
- Select methods to ensure systems are efficiently brought back online.
- Provide procedures for the organization to remain operational while functions and systems are offline.
- [B] Identify threats and calculate risks.
- [D] Implement procedures to keep the BCP updated on a frequent basis.
- [A] Select methods to ensure systems are efficiently brought back online.
- [C] Provide procedures for the organization to remain operational while functions and systems are offline.
190 - The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs?
A. Commit
B. Savepoint
C. Rollback
D. Inference
B
191 - Which access control model is based on a security label system?
A. Nondiscretionary access control
B. Mandatory access control
C. Role-based access control
D. Discretionary access control
B
192 - In which mode is a system operating if all users have a formal need to know as well as a clearance for all data in the system?
A. Multilevel Security Mode
B. Compartmented Security Mode
C. System High-Security Mode
D. Dedicated Security Mode
D
193 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators?
A. Many attackers spoof their IP addresses and erase logs to cover their tracks
B. Most attacks are performed by individuals located outside of the network
C. There are only a few laws that specifically address computer crimes
D. Most companies do not use firewalls
A
194 - You want to guard against social engineering attacks, including fraudulent e-mails and fraudulent telephone calls. What would be the best choice to ensure security?
A. Access control
B. Employee training
C. IDS
D. Separation of duties
B
195 - Which security roles match each security responsibility description?
A. Information Systems Professional B. Guard C. Systems Administrator D. Secretary E. Information Systems Auditor
- Responsible for the setup and maintenance of an organization’s network
- Designs security controls
- Checks to ensure people are following the organization’s security policies
- Responsible to sign for packages that enter or leave the main office in a small organization
- Protecting the safety of an organization’s employees
- [C] Responsible for the setup and maintenance of an organization’s network
- [A] Designs security controls
- [E] Checks to ensure people are following the organization’s security policies
- [D] Responsible to sign for packages that enter or leave the main office in a small organization
- [B] Protecting the safety of an organization’s employees
196 - Which technique involves an attacker probing a host for responses without being able to sniff sequence and acknowledgement messages?
A. Emanation
B. Brute force attack
C. Blind spoofing
D. Scrubbing
C
197 - Carrie has a secret message that she wants only Todd to read. A hybrid approach is used for this transaction. Which statements regarding hybrid cryptography are true and which statements are false?
A. Carrie encrypts the message with a symmetric key and the symmetric key with Todd’s public key
B. Todd decrypts the encrypted symmetric key with his private key and decrypts Carrie’s message with the symmetric key
C. Carrie encrypts the message with her private key and her private key with Todd’s public key
D. Todd decrypts Carrie’s encrypted private key with his public key and decrypts Carrie’s message with Carrie’s private key
- True
- False
- [A, B] True
- [C, D] False
198 - What type of attack prevents a system from responding to legitimate traffic from authorized clients?
A. A Trojan horse attack
B. A password cracking attack
C. An IP spoofing attack
D. A denial of service attack
D
199 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs?
A. Warm reboot
B. System reboot
C. System cold start
D. Emergency system restart
A
200 - Which statement best describes what occurs during a Ciphertext-Only attack?
A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key.
B. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient.
C. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender.
D. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key.
A
201 - Which statements match each organization’s code of ethics?
A. Seeking to gain unauthorized access to internet resources
B. Destroying the integrity of computer-based information
C. Provide diligent and competent services to principals
D. Compromising the privacy of others
E. Act honorably, honestly, justly, responsibly, and legally
F. Advance and protect the security profession
- IAB
- ISC2
- [B, A, D] IAB
- [E, C, F] ISC2
202 - What would be the least effective method to prevent an intruder from gaining access to a facility?
A. A fence
B. Smartcards
C. Guard dogs
D. CCTV
D
203 - You have been tasked with ensuring that users can only access the information that they absolutely need within a database. What is the best method you should use to accomplish this?
A. Implement view-based access controls
B. Implement discretionary access controls
C. Implement mandatory access controls
D. Implement an access matrix
A
204 - The act of monitoring, auditing, and logging provides which measure within an organization?
A. Confidentiality
B. Accountability
C. Integrity
D. Availability
B
205 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is not a typical threat to confidentiality?
A. Virus
B. Masquerader
C. Trojan horse
D. Insufficient access control
A
206 - What is NOT an example of a detective physical control?
A. Security guards
B. Smoke and fire detectors
C. Library control systems
D. Alarms and sensors
C
207 - What requires publicly listed organizations to produce annual internal financial reports?
A. Sarbanes-Oxley
B. Title IX of the Implementing the 9/11 Commission Recommendations Act of 2007
C. BS 25999
D. TCSEC
A
208 - Which mechanism functions as a security boundary in which an untrusted Java applet is executed?
A. Sandbox
B. “Nobody” permissions
C. Clipping level
D. Digital code signatures
A
209 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization. For what is the information security officer primarily responsible?
A. Evaluating risk management practices in the organization
B. Ensuring the security program complies with regulations
C. Facilitating information security within the organization
D. Identifying emerging security risks
C
210 - Which standard should you implement if you need to provide encryption and digital signatures for electronic mail?
A. MIMES
B. S-HTTP
C. S/MIME
D. HTTPS
C
211 - Which centralized access control technology is typically used by ISPs and only requires simplistic username/password authentication to gain access?
A. RADIUS
B. Diameter
C. Mobile IP
D. TACACS+
A
212 - Which security model uses features of the Bell-LaPadula and Biba security models?
A. Harrison-Ruzzo-Ullman
B. Graham-Denning
C. Lipner
D. Clark-Wilson
C
213 - You work for a high tech development firm that specializes in the development of custom applications for mobile devices. The company is currently working on an application that will be used on smart cards with limited processing power. Which encryption algorithm would not be suitable for this application?
A. Blowfish
B. AES
C. RC5
D. DES
A
214 - Intrusion detection systems are used to determine if attacks are occurring on a network. There are several different types of intrusion detection systems available on the market. You have been tasked with implementing an intrusion detection system that uses predefined knowledge to determine if an attack is occurring. Which one should you implement?
A. Host-based intrusion detection system
B. Signature-based intrusion detection
C. Network-based intrusion detection system
D. Statistical anomaly-based intrusion detection
B
215 - What is an example of a deterrent control?
A. Smart cards
B. Audit logs
C. Fences
D. Security policies
C
216 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion?
A. Separation of duties
B. Rotation of duties
C. Intrusion detection
D. Access control
B
217 - Which security principle can have the greatest effect on user productivity?
A. Integrity
B. Authorization
C. Availability
D. Confidentiality
C
218 - Which access control threats match each description?
A. Dictionary attacks
B. Brute force attacks
C. Spoofing
- Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password
- Involves a fake user logon screen being presented to a user for them to input their username and password
- Involves trying different input combinations in an attempt to find a correct password
- [A] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password
- [C] Involves a fake user logon screen being presented to a user for them to input their username and password
- [B] Involves trying different input combinations in an attempt to find a correct password
219 - What Common Criteria assurance level is the first to require that the product is methodically tested and checked?
A. EAL4
B. EAL3
C. EAL2
D. EAL5
B
220 - Which layers of the OSI model map to the Network Access layer of the TCP/IP model?
A. Transport and Network
B. Network and Data Link
C. Network and Physical
D. Data Link and Physical
D
221 - Which remote connection protocols match to each description?
A. PPP B. IPsec C. PPTP D. L2TP E. SSL VPN F. VPN
- Supports remote access and site-to site topologies
- Encrypts data using GRE or MPPE
- Communicates over UDP port 1701
- Encrypts packets at the network layer
- Requires digital certificates and a PKI
- Encapsulates data, but does not encrypt it
- [F] Supports remote access and site-to site topologies
- [C] Encrypts data using GRE or MPPE
- [D] Communicates over UDP port 1701
- [B] Encrypts packets at the network layer
- [E] Requires digital certificates and a PKI
- [A] Encapsulates data, but does not encrypt it
222 - What can users inherit from group memberships or roles that they have within an organization?
A. Entitlements
B. Covert channels
C. Emanation
D. inference
A
223 - Which user requirement is true for compartmented security mode but not for multilevel security mode?
A. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system.
B. A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system.
C. There must be formal access approval for all information that the user will access on the system.
D. All users must have a valid need to know some of the information on the system.
B
224 - Which statement is not true of an incident handling program?
A. It should be part of the disaster recovery plan.
B. It should be part of the security awareness program.
C. It should be proactive.
D. It should be independent of outside agencies.
D
225 - you are the network administrator for a large company in North America. Many of the employees work from remote locations. You need to set up a secure, private connection between the remote users and their head office so that they can access resources. What would be the best solution?
A. Use the Point-to-Point Protocol
B. Use the Layer 2 Tunneling Protocol
C. Use the Point-to-Point Tunneling Protocol
D. Use a Virtual Private Network
D
226 - What are the advantages and disadvantages of a warm site?
A. Good choice for organizations requiring proprietary hardware
B. Includes computers and servers
C. Partially configured
D. Testing of the site is done on an annual basis
E. Less expensive to maintain than a hot site
F. No certainty that the site will be up and running within hours after being fully configured
- Disadvantages
- Advantages
- [C, F] Disadvantages
- [A, E] Advantages
227 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack?
A. Business impact analysis
B. Forensic engineering
C. Software forensics
D. Quantitative risk analysis
C
228 - What network device can you implement between end systems on a network to reduce the possibility of sniffing and monitoring attacks by potential intruders?
A. Switches
B. Routers
C. Firewalls
D. Gateways
A
229 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs?
A. Gates
B. Bollards
C. Fences
D. Landscaping
C
230 - What statement is not true in regard to maintenance hooks?
A. A tool used by developers to patch systems after they go into production
B. A security risk if not removed before the software goes into production
C. A method used to bypass access controls to alter software code during the development process
D. A backdoor into software created by the developer
A
231 - What is not true of a qualitative risk analysis?
A. It is scenario-based.
B. Threats are given an exposure rating.
C. Assets are defined as tangible physical objects.
D. Its results are easier to understand than that of a quantitative risk analysis
C
232 - Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded?
A. Degaussing
B. Overwriting
C. Clearing
D. Destroying
C
233 - Which algorithm’s security comes from the difficulty of factoring large prime numbers?
A. RSA
B. 3DES
C. DES
D. AES
A
234 - Which standardized algorithm can produce a message digest value in the range of 128 to 256 bits?
A. HAVAL
B. SHA-3
C. MD5
D. MD4
A
235 - Which is the final step that you should include in any backup plan?
A. Test the backup plan.
B. Determine what type of backup media you will require.
C. Determine what data you will need to back up.
D. Determine where you should store the backup media and how long you should store it there.
A
236 - Which is NOT an integrity goal that is addressed by the Clark-Wilson model?
A. Authorized users should be prevented from making unauthorized changes.
B. All users must be identified and authenticated.
C. Internal and external consistency should be maintained at all times.
D. Unauthorized users should be prevented from making changes.
B
237 - What type of threat to access control consists of a method to bypass the normal user authentication process in a software product?
A. Data remanence
B. Trapdoor
C. Buffer overflow
D. Overt channel
B
238 - An important tool used in risk management is risk analysis. Which statement about risk analysis is not true?
A. Automated tools are required for quantitative risk analysis.
B. Threats are given an exposure rating in a qualitative risk analysis.
C. The Delphi technique can be used in a qualitative risk analysis.
D. A risk analysis must be directed by senior management.
A
239 - Intellectual property can be protected by what types of laws?
A. Patents, trademarks, and certification
B. Trade secrets, patents, and trademarks
C. Trademarks, Trade secrets, and accreditation
D. Copyright, accreditation, and trade secrets
B
240 - Which recovery strategy involves different organizations supporting each others operations in the event of an outage or emergency?
A. Dual data center
B. Reciprocal agreements
C. Multiple processing locations
D. Outsourcing
B
241 - Disk mirroring is an electronic backup method that reduces the risk of data loss due to component failure. What is also true of disk mirroring?
A. It offers a higher level of protection than disk duplexing.
B. It increases disk overhead.
C. It transfers exact copies of data files to a remote location.
D. The controller is not a single point of failure.
B
242 - Which RAID levels match each characteristic?
A. Level 0 B. Level 5 C. Level 10 D. Level 3 E. Level 1
- Parity
- No Parity
- [D, B] Parity
- [A, E, C] No Parity
243 - The penetration testing process does NOT include which of these elements?
A. Gathering information
B. Identifying resources
C. Performing simulated attacks
D. Repairing network vulnerabilities
D
244 - Most alternate off-site facilities are provided by third party companies that charge a subscription fee for usage. What is the term for an alternate off-site facility that is owned by the company?
A. Cold site
B. Warm site
C. Redundant site
D. Hot site
C
245 - Which type of cipher is typically used in an application where encryption is not needed, but the system itself requires encryption?
A. Transposition cipher
B. Substitution cipher
C. Running key cipher
D. Null cipher
D
246 - A quantitative risk analysis begins by determining the asset values and outlining the possible threats being posed to the organization. The three primary steps in a quantitative risk analysis are determining the possible extent of losses by estimating the value of vulnerable assets, identifying and evaluating what the possible threats are, and determining the annualized loss expectancy (ALE). How is the ALE calculated?
A. SLE x ARO
B. Asset value ($) x EF
C. SLE / EF
D. Asset value ($) + ARO x EF
A
247 - Which information concealment methods match to each description?
A. Watermarking
B. Cryptography
C. Stenography
D. Code words
- Uses a specific medium to hide information within
- Uses letters to represent an idea or sentiment
- Uses sophisticated mathematical techniques to hide information
- Uses additional information within a file for detecting the theft of information
- [C] Uses a specific medium to hide information within
- [D] Uses letters to represent an idea or sentiment
- [B] Uses sophisticated mathematical techniques to hide information
- [A] Uses additional information within a file for detecting the theft of information
248 - Which asymmetric algorithm was the first to address the shortfalls of key distribution that occurred with symmetric algorithms?
A. Diffie-Hellman
B. Knapsack
C. RSA
D. El Gamal
A
249 - An updated security system is being considered for implementation to your company’s building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs?
A. Proximity card
B. Electronic combination lock
C. Combination lock
D. Magnetic stripe card
A
250 - Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why?
A. In order to reflect the constant change in the corporate landscape
B. For use in future employee training sessions
C. To keep track of constant changes in software and hardware
D. In order to share information between corporate sites
C
1 - What type of system access control is awareness training classed as?
A. Administrative
B. Physical
C. Technical
D. Logical
A
2 - What is not a characteristic of a signature-based intrusion detection system?
A. Needs constant updating
B. Identifies new types of attacks
C. Can be host-based
D. Uses patter matching
B
3 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out?
A. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution
B. Reconnaissance, Enumeration, Execution, Vulnerability, Analysis, Document Findings
C. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings
D. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings
C
4 - Which access control concept involves using a common set of processes and controls for an area to segregate its resources and services from other entities on the network?
A. Need to know
B. Compartmentalization
C. Security domain
D. Least privilege
C
5 - Two systems are set up to communicate and transfer information between each other using a channel that violates the systems security policy. What does this define?
A. Covert channel
B. Hidden channel
C. Illegal channel
D. Overt channel
A
6 - What is not a valid type of test for a Business Continuity Plan (BCP)?
A. Simulation
B. Checklist
C. Parallel
D. Partial interruption
D
7 - What are the strengths and weaknesses of symmetric cryptography?
A. It does not provide authenticity.
B. It has built in key distribution.
C. Large key sizes make it impractical to break the encryption.
D. It uses more computational power than the other cryptography method.
E. It uses less computational power than the other cryptography method.
- Weakness
- Strength
- [A] Weakness
- [C, E] Strength
8 - Who is ultimately responsible for the organization’s recovery following a disaster?
A. Executive emergency management team
B. Emergency response team
C. Primary site restoration team
D. Emergency management team
A
9 - Knowledge discovery in databases (KDD) is a process where patterns within a database are identified using various approaches and techniques. Which is NOT one of the approaches used in the KDD system to determine patterns?
A. Classification
B. Statistical
C. Probabilistic
D. Heuristic
D
10 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as?
A. Accreditation
B. Hallmark
C. Affirmation
D. Certification
D
11 - Which security model uses features of the Bell-LaPadula and Biba security models?
A. Graham-Denning
B. Clark-Wilson
C. Harrison-Ruzzo-Ullman
D. Lipner
D
12 - Which statement best describes what occurs during a Ciphertext-Only attack?
A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key.
B. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient.
C. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key.
D. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that if it is the legitimate information from the original sender.
A
13 - What is the most common method used to locate unsecured wireless networks?
A. Wardriving
B. Piggybacking
C. Wardialing
D. Salami
A
14 - Which system security modes match to each description?
A. System High-Security Mode
B. Compartmented Security Mode
C. Dedicated Security Mode
D. Multilevel Security Mode
- All users possess a formal need to know and clearance for all the data in the system.
- All users possess system high-security clearance, but may lack formal approval or need to know.
- All users lack formal need to know, but possess the necessary clearance.
- Various classification levels are required to be processed at the same time.
- [C] All users possess a formal need to know and clearance for all the data in the system.
- [B] All users possess system high-security clearance, but may lack formal approval or need to know.
- [A] All users lack formal need to know, but possess the necessary clearance.
- [D] Various classification levels are required to be processed at the same time.
15 - which redundant Array of Independent Disks (RAID) level writes data to two different drives at the exact same time so that both drives contain the exact same data?
A. RAID 3
B. RAID 1
C. RAID 0
D. RAID 5
B
16 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization. For what is the information security officer primarily responsible?
A. Facilitating information security within the organization
B. Ensuring the security program complies with regulations
C. Identifying emerging security risks
D. Evaluating risk management practices in the organization
A
17 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is this process referring to?
A. Certification
B. Accreditation
C. Verification
D. Affirmation
B
18 - Which is are Not true in relation to asymmetric cryptography?
A. It provides confidentiality but not authenticity or non-repudiation.
B. It has better scalability than symmetric systems.
C. It works much more slowly than symmetric keys.
D. It has better key distribution than symmetric systems
A
19 - What is the second stage of the SDLC?
A. Defining functional objectives
B. Project initiation and planning
C. Developing and implementing
D. Defining system requirements
A
20 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack?
A. Forensic engineering
B. Business impact analysis
C. Quantitative risk analysis
D. Software forensics
D
21 - Which constraint should be the primary concern when creating procedures for background checks on new hires?
A. Privacy laws
B. Employee acceptance
C. Organizational policies
D. Senior management’s sign off
A
22 - What law protects company logos from illegal duplication?
A. Copyright
B. Trade secret
C. Trademark
D. Patent
C
23 - What type of mobile code control serves as a protected area for a program to execute?
A. Access matrix
B. Covert channel
C. Sandbox
D. Kernel
C
24 - What type of power fluctuation occurs due to a loss of power?
A. Sag
B. Spike
C. Fault
D. Brownout
C
25 - Which organization provides the standards for reinforced filing cabinets?
A. Pearson VUE
B. Office of Government Commerce
C. U.S. Government
D. Underwriters Laboratory
C
26 - What type of alarm system triggers an alarm at your organization’s security command center when it detects an intruder?
A. Local
B. Proprietary
C. Central station
D. Auxiliary station
B
27 - Which term represents a collection of technologies that gather sand stores access control information and specified system activity for later study?
A. MTBF
B. SIEM
C. ITIL
D. FMEA
B
28 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment?
A. Blackout
B. Brownout
C. Fault
D. Sag
C
29 - The Application layer of the TCP/IP model maps to which layers of the OSI model?
A. Application, Session, Transport
B. Transport, Network, Data Link
C. Presentation, Session, Transport
D. Application, Presentation, Session
D
30 - Which type of cipher replaces bits, characters, or blocks with different bits, characters, or blocks?
A. Replacement cipher
B. Substitution cipher
C. Permutation cipher
D. Transposition cipher
B
31 - Testing and evaluating systems is a very important part of systems development. Which is NOT part of the testing and evaluation phase?
A. Management is required to review the results of the testing.
B. Testing should use copies of the production data.
C. Program librarian should keep test data for later use.
D. Test data should only include data from acceptable ranges.
D
32 - Management has approached you and would like you to explain how they can possibly prevent collusion within the organization. What should you tell them?
A. Implement the rule of least privilege.
B. Implement separation of duties.
C. Implement job rotation
D. Force emplo9yees to take mandatory vacations.
C
33 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is not a typical threat to confidentiality?
A. Virus
B. Insufficient access control
C. Trojan horse
D. Masquerader
A
34 - Which vulnerabilities match to each description of situations where the attack has been made on an application?
A. Broken authentication and session management B. Failure to restrict URL access C. Injection D. Insecure cryptographic storage E. Cross-site scripting
- Encryption keys for a database use a weak password.
- An attacker gains access to a web page by entering the target URL in the browser address field.
- A malicious user gains access to the password file used to verify users.
- A valid request to a SQL server is intercepted by an attacker and modified to intentionally corrupt the database.
- A web site sends JavaScript instructions to the browser accessing the site, requesting access to the user’s hard disk.
- [D] Encryption keys for a database use a weak password.
- [B] An attacker gains access to a web page by entering the target URL in the browser address field.
- [A] A malicious user gains access to the password file used to verify users.
- [C] A valid request to a SQL server is intercepted by an attacker and modified to intentionally corrupt the database.
- [E] A web site sends JavaScript instructions to the browser accessing the site, requesting access to the user’s hard disk.
35 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure?
A. RAID 5
B. RAID 1
C. RAID 3
D. RAID 0
A
36 -Which RAID levels match each characteristic?
A. Level 5 B. Level 10 C. Level 0 D. Level 3 E. Level 1
- Parity
- No parity
- [D, A] Parity
- [C, E, B] No parity
37 - Which form of malware has the ability to reproduce itself and is classified as self-contained?
A. Logic bomb
B. Trojan horse
C. Worm
D. Virus
C
38 - Which tunneling protocols match with the characteristic?
A. IPsec B. PPTP C. L2F D. L2TP E. SSL
- Tunnels PPP traffic
- Works above the Data Link layer
- [C, D, B] Tunnels PPP traffic
- [A, E] Works above the Data Link layer
39 - What is the Bell-LaPadula model most concerned with?
A. Integrity
B. Confidentiality
C. Verification
D. Repudiation
B
40 - Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation?
A. A user has the permissions to access information, and dose not have the required permissions to access subsets of the same information.
B. A user has the permissions to access information, and also has the required permissions to access subsets of the same information.
C. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information.
D. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information.
D
41 - The act of monitoring, auditing, and logging provides which measure within an organization?
A. Confidentiality
B. Accountability
C. Availability
D. Integrity
B
42 - Which wireless technology matches to each description?
A. IEEE 802.11
B. Bluetooth
C. Cellular
D. Infrared
- Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another
- Requires a network-aware device or dongle and an active account
- Switches between any of the 79 frequencies available in the 2.45 GHz range
- Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz
- [D] Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another
- [C] Requires a network-aware device or dongle and an active account
- [B] Switches between any of the 79 frequencies available in the 2.45 GHz range
- [A] Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz
43 - An important tool used in risk management is risk analysis. Which statement about risk analysis is not true?
A. Automated tools are required for quantitative risk analysis.
B. Threats are given an exposure rating in a qualitative risk analysis
C. A risk analysis must be directed by senior management
D. The Delphi technique can be used in a qualitative risk analysis.
A
44 - There are various types of evidence that can be used in a court of law. What type of evidence is considered incidental?
A. Hearsay
B. Circumstantial
C. Real
D. Opinion
B
45 - With Biometric systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied?
A. EMP
B. CER
C. FAR
D. FRR
C
46 - Which statement best describes what occurs during a Chosen Plaintext attack?
A. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender.
B. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key.
C. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key.
D. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient.
D
47 - An NDA addresses which security principal?
A. Authenticity
B. Availability
C. Integrity
D. Confidentiality
D
48 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence?
A. Evidence must be returned to its owner once presented in court
B. Evidence must not be admissible
C. Evidence must be legally permissible
D. Modifying computer-generated evidence is impossible.
C
49 - Which algorithm requires that the sender and receiver use two instances of the same key?
A. RSA
B. 3DES
C. Knapsack
D. Diffie-Hellman
B
50 - What is the benefit of using clustering in your enterprise data management scheme?
A. Creates a single point of failure
B. Amount of data storage is increased
C. Scalability and redundancy
D. Requires less memory to operate
C
51 - When might an organization require an export license?
A. To employ a key escrow service
B. To permit trans-border data flows
C. To implement cloud computing
D. To establish a distributed data model
B
52 - What is an example of a detective control?
A. Fences
B. Firewall
C. Lighting
D. Job rotation
D
53 - Which access control threats match each description?
A. Dictionary attacks
B. Brute force attacks
C. Spoofing
- Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password
- Involves trying different input combinations in an attempt to find a correct password
- Involves a fake user logon screen being presented to a user for them to input their username and password
- [A]Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password
- [B]Involves trying different input combinations in an attempt to find a correct password
- [C]Involves a fake user logon screen being presented to a user for them to input their username and password
54 - Which type of access control involves the installation of a lock on a server room door?
A. Compensating
B. Preventive
C. Directive
D. Deterrent
B
55 - Which PKI elements match each description?
A. Digital certificate B. Certificate authority C. Certificate respository D. Certificate management system E. Registration authority
- The software that takes care of all certificates
- The entity that issues and verifies digital certificates
- An electronic record that identifies the public key
- A verifier for the certificate authority
- A storage location for certificates
- [D] The software that takes care of all certificates
- [B] The entity that issues and verifies digital certificates
- [A] An electronic record that identifies the public key
- [E] A verifier for the certificate authority
- [C] A storage location for certificates
56 - What is NOT true regarding the services that MPLS provides?
A. Packet labeleing is provided
B. QoS is provided
C. Encryption is provided
D. Traffic engineering is provided
C
57 - Which database models match each description?
A. Object-oriented
B. Relational
C. Network
D. Hierarchical
- The data stored in this model is in the form of objects using programming features.
- The data stored in this model is linked in a way that each record or child has only one owner or parent
- The data stored in this model is based on two-dimensional tables consisting of tuples and attributes.
- The data stored in this model is linked in a way that establishes a multiple child-parent relationship
- [B]The data stored in this model is in the form of objects using programming features.
- [D]The data stored in this model is linked in a way that each record or child has only one owner or parent
- [A]The data stored in this model is based on two-dimensional tables consisting of tuples and attributes.
- [C]The data stored in this model is linked in a way that establishes a multiple child-parent relationship
58 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence?
A. PPTP
B. CCTV
C. DSA
D. TDR
D
59 - Which method is most secure when updating routing information?
A. Distance-vector updates
B. Static updates
C. Dynamic updates
D. Link-state updates
B
60 - What would be considered an advantage of using a hot site?
A. Can use any hardware
B. Available for longer timeframes
C. Can be ready quickly
D. Has low cost
C
61 - What should be the first step completed in the project initiation phase?
A. Appoint a BCP team
B. Obtain management support
C. Define plan goals
D. Appoint a leader
B
62 - Which security roles match each security responsibility description?
A. Systems Administrator B. Guard C. Secretary D. Information Systems Auditor E. Information Systems Professional
- Designs security controls
- Responsible to sign for packages that enter or leave the main office in a small organization
- Checks to ensure people are following the organization’s security policies
- Responsible for the setup and maintenance of an organization’s network
- Protecting the safety of an organization’s employees
- [E]Designs security controls
- [C]Responsible to sign for packages that enter or leave the main office in a small organization
- [D]Checks to ensure people are following the organization’s security policies
- [A]Responsible for the setup and maintenance of an organization’s network
- [B]Protecting the safety of an organization’s employees
63 - Which statment is not true of an incident handling program?
A. It should be part of the security awareness program.
B. It should be independent of outside agencies.
C. It should be part of the disaster recovery plan
D. It should be proactive.
B
64 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement?
A. Ensure that vulnerabilities directed at the availability, integrity , and confidentiality of resources is reduced.
B. Protect resources that are required for data processing.
C. Provide a balance between the implemented security controls and the user’s productivity.
D. Ensure that resource security is maintained during a failure.
D
66 - An organization that partners with other corporations has multiple communication channels. What shouldbe taken into consideration by all employees regarding these channels?
A. Monitoring technologies
B. Privacy compliance
C. Single sign-on
D. Intrusion detection
B
67 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router?
A. Layer 3
B. Layer 7
C. Layer 2
D. Layer 1
A
68 - In which area would a symmetric key system be less desirable than an asymmetric key system?
A. Confidentiality
B. Mathematic comlexity
C. Key management
D. Speed
C
69 - Which user requirement is true for compartmented security mode but not for multilevel security mode?
A> A clearance level that is equaql to or higher than the highest resource level of clearance is requirred for information on the system.
B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system.
C. There must be formal access approval for all information that the user will access on the system.
D. All users must have a valid need to know some of the information on the system.
A
70 - A one-time pad is one of the most powerful substitution ciphers. What must be true order to maintain the integrity of the algorithm for the one-time pad?
A. The one-time pad should be used no more than three times.
B. The encryption key that is used for the one-time pad must be manually created.
C. Physical protection against disclosure for the one-time pad should be considered.
D. At a minimum, the key must be as long as the message that it will be encrypting.
D
71 - Why are most companies unaware that they have ever been attacked?
A. There are only a few laws that specifically address computer crimes.
B. Attackers usually erase any logs that record their activities.
C. Most attacks are performed by individuals located inside the target network.
D. Attackers usually spoof their IP addresses.
B
72 - Which backup strategy copies only the files that have changed since the last backup without altering their archive bits?
A. Copy backup
B. Full backup
C. Incremental backup
D. Differential backup
D
73 - What is the most common security issue for most companies?
A. Data diddling
B. IP spoofing attacks
C. DoS attacks
D. Excessive privileges
D
74 - Which rule is also classified as the “no read down” rule?
A. Simple integrity axiom
B. Star property rule
C. Star integrity axiom
D. Simple security rule
A
75 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators?
A. Most attacks are performed by individuals located outside of the network
B. There are only a few laws that specifically address computer crimes
C. Many attackers spoof their IP addresses and erase logs to cover their tracks
D. Most companies do not use firewalls
C
76 - Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method?
A. Something you know
B. Something you are
C. Something you have
D. Something you use
C
77 - What technique utilizes anonymous opinions by members of the risk analysis team?
A. Safeguard
B. Quantitative
C. Delphi
D. Classification
C
78 - Which regulation for financial institutions emphasizes resuming and maintaining business operations after a disaster?
A. NYSE Rule 446
B. FFIEC
C. NASD Rule 3510
D. Electronic Funds Transfer Act
B
79 - Which option identifies the encryption protocol used by the 802.11i standard for wireless local area networks?
A. CCMP
B. AES
C. RSN
D. Rijndael
A
80 - Ensuring that data within your organization is available at all times is a major operations concern. There are various techniques that you can employ within an organization to maintain the availability of data. Implementing backups is an example of such a technique.
Which technique should you employ if you wish to maintain the availability, confidentiality, and integrity of data within your organization?
A. Encrypt all sensitive data within the organization
B. Implenet redudndant njetwork connections and equipment.
C. Implement fault tolerance within the organziation
D. Implement a secure storage solution within the organization
.D
81 - Which task is not part of the initial steps an attacker would perform when attacking a network?
A. Determining which computers are physically active
B. Determining which ports are open by performing port scans
C. Start building a network topology
D. Determining which operating systems are installedon the active computers.
B
82 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them?
A. Fiber-optic
B. Unshielded Twisted Pair
C. Shielded Twisted Pair
D. Coaxial
B
83 - Which security models match each characteristic?
A. Lipner
B. Biba
C. Clark-Wilson
D. Bell-LaPadula
- Confidentiality and integrity
- Integrity
- Confidentiality
- [A]Confidentiality and integrity
- [B, C]Integrity
- [D]Confidentiality
84 - According to the event management process, which action shouldbe taken immediately after an event occurs?
A. Report to the assessment team
B. Report to the communications center
C. Assess the event
D. Implement a recovery strategy and plans
B
85 - Which type of detective software intelligently analyzes unknown code?
A. Heuristic scanner
B. Activity monitor
C. Change detection software
D. Signature scanner
A
86 - What part of the product evaluation process details with product development and maintenance?
A. Clipping levels
B.Operational assurance
C. Change control
D. Life-cycleassurance
D
87 - Which examples match security frameworks and risk assessment methodologies?
A. CRAMM B. OCTAVE C. COBIT D. COSO E. FRAP F. ITIL
- Risk Assessment Methodologies
- Security Frameworks
- [A,E,B]Risk Assessment Methodologies
- [C, D, F]Security Frameworks
88 - IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode?
A. Only the header and trailer information are protected.
B. The payload as well as the header and trailer information
C. Only the payload of the message is protected.
D. Only the header information is protected.
B
89 - What type of virus infects the boot sector and executable files?
A. Polymorphic
B. Self-garbing
C. Multipart
D. Meme
C
90 - Which cryptographic attack is highly specializaed and targets environmental variables?
A. Side channel attack
B. Man-in-the-middle attack
C. Related key attack
D. Chosen plaintext attack
A
91 - There are different types of offsite solutions for facility recovery. What is the most common type of subscription-based backup facility?
A. Warm
B. Cold
C. Rdundant
D. Hot
A
92 - Which recovery strategy involves different organizations supporting each other’s operations in the event of an outage or emergency?
A. Reciprocal agreements
B. Multiple processing locations
C. Outsourcing
D. Dual data center
A
93 - Which type of lock provides the least amount of security?
A. Tumbler lock
B. Smart lock
C. Electronic combination lock
D. Warded lock
D
94 - There are various threats that directly affect your operations environment. It is important that youre environment is protected against these threas. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad?
A. Corruption and modification
B. Disclosure and corruption
C. Interruption and disclosure
D. Destruction and theft
A
95 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls?
A. Provide users with the level of access they require to complete their assigned tasks.
B. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel.
C. Provide specific users with administrative-like access control capabilities.
D. Provide all users with administrative-like access control capabilities.
C
96 - Which statement best describes a properly implemented incident handling program?
A. Incident reporting should be decentralized
B. Incident handling should be part of the disaster recovery plan
C. Incident handling should be approached in a reactive manner
D. Incident handling should be part of the business continuity plan.
B
97 - What statement is not true in regard to maintenance hooks?
A. A backdoor into software created by the developer.
B. A method used to bypass access controls to alter software code during the development process.
C. A tool used by developers to patch systems after they go into production
D. A security risk if not removed before the software goes into production
C
98 - What type of threat involves retransmitting packets to perform undesirable effects?
A. Impersonation
B. Replay
C. Dumpster diving
D. Data remanence
B
99 - What ITSEC rating is concerned with a high level of integrity during communications?
A. F8
B. F7
C. F9
D. F6
A
100 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this?
A. Wardialing
B. Piggybacking
C. Wardriving
D. Modemsurfing
A
101 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients?
A. Relational data model
B. Distributed data model
C. Rational data model
D. Hierarchical data model
B
102 - When contracting a third-party provider to provide penetration testing for your organization, what is the MOST important piece of information that needs to be communicated to the contracted third party?
A. Documation to sign over legal liability and responsibility of the penetration test
B. Documentation providing contact information for each department head within the organization.
C. Documentation showing the layout of the organization’s network
D. Documentation on how the penetration test will be performed
D
103 - Which form of malware activates when a certain time, string or code, date, or event happens?
A. Worm
B. Trojan horse
C. Virus
D. Logic bomb
D
104 - Vulnerability scanning is a common method used by intruders to determine theweaknesses withing a system. What is the first line of defense against vulnerability scanning?
A. Have defined change control procedures within the organization.
B. Apply the most current patches to the system.
C. Close all open ports that are not required for daily activities.
D. Perform a periodic vulnerability scan on the network.
C
105 - Which identity management system characteristics match with the identify management system?
A. Combines services for authentication and authorization
B. Encrypts packets betweenthe server and the client
C. Uses PPP connections
D. Provides packet delivery with UDP
E. Provides packet delivery with TCP
F. Supports the ApplTalk protocol
- TACACS+
- RADIUS
- [F, B, E] TACACS+
- [D, C, A] RADIUS
106 - There are various methodologies available for assessing an organization’s security risks. Which risk assessment methodology would be best to use to prescreen systems and applications to determine wether further risk analysis is warranted?
A. NIST SP 800-66
B. FRAP
C. CRAMM
D. FMEA
B
107 - What might be an important legal matter for a company to consider before selling or discarding older, unused equipment?
A. Drive wiping is illegal
B. Selling a computer system without an operating system may be illegal
C. Erasing all data from a hard disk is illegal
D. Reinstalling an operating system withproper licensing may be illegal
B
108 - Which algorithm’s security comes fromthe difficulty of factoring large prime numbers?
A. 3DES
B. DES
C. RSA
D. AES
C
109 - Which mode of the Data Ecryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)?
A. Cipher Feedback
B. Electric Code Book
C. Counter
D. Cipher Block Chaining
C
110 - (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics, Identify one of the mandatory canons in the CISSP Code of Ethics.
A. Provide diligent and competent service to principals
B. Discharge professional responsibilities with diligence and honesty
C. I will not misuse any information or privileges I am afforded as part of my responsibilities
D. Thou shalt not use a computer to steal
A
111 - The first step in performing a risk assessment is to identify vulnerabilities. Which of the following is considered a security vulnerability?
A. An access control system not functioning properly
B. A disgruntled employee
C. The absence of a security guard
D. A piece of code written to creat a DoS attack
C
112 - What methodology focuses mainly on risk management related to information systesm?
A. ORION
B. NIST SP 800-39
C. CRAMM
D. NIST SP 800-30
D
113 - Which type of cryptographic algorithm uses public and private keys?
A. RSA
B. 3DES
C. DES
D. AES
A
114 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources?
A. Develop recovery strategies
B. Business impact analysis
C. Policy statement and team creation
D. Plan maintenance
B
115 - Which security models match to each description?
A. Bell-LaPadula B.Harrison-Ruzzo-Ullman C. Clark-Wilson D. Biba E. State machine F. Lipner
- It stops subjects from gaining specific privileges by limiting the commands they can execute.
- It prevents corrupted data from flowing to a higher integrity level.
- Subjects must execute a transformation procedure to modify constrained data items.
- System startups, command executions, and shutdowns are secured.
- Lattice-based security levels determine whether a subject can access an object.
- It combines aspects of the Bell-LaPadula and Biba models.
- [B]It stops subjects from gaining specific privileges by limiting the commands they can execute.
- [D]It prevents corrupted data from flowing to a higher integrity level.
- [C]Subjects must execute a transformation procedure to modify constrained data items.
- [E]System startups, command executions, and shutdowns are secured.
- [A]Lattice-based security levels determine whether a subject can access an object.
- [F]It combines aspects of the Bell-LaPadula and Biba models.
116 - What type of technology makes use of a sandbox as a security mechanism?
A. Java
B. Malware
C. DBMS
D. ActiveX
A
117 - Which attack involves sending malformed packets to a system in order to cause it to crash or end processing?
A. SYN flood attack
B. Denial of Service (DoS) attack
C. Fraggle attack
D. Smurf attack
B
118 - What should be the last step in the project initiation phase?
A. Appoint a BCP team
B. Create a project plan
C. Appoint a leader
D. Present a project plan to management
D
119 - Your organization is performing business continuity and disaster recovery planning, and you are the lead planner for this project. The overall scope of the effort required for planning has been determined and you have begun to look at the resource requirements to complete the development of the plan. Which statement is not true concerning the resource requirements that are required to develop the project plan?
A. Software tools may be used to help with the collection of information for planning.
B. The planning team needs to be represented by individuals from business operations and technology areas.
C. People used on the planning team should not be the same individuals that perform the recovery.
D. Outside consultants may be hired to assist with the initial planning stages.
C
120 - Which technology provides availability, load balancing, redundancy, and failover?
A. Clustering
B. Redundant Servers
C. RAID
D. RADIUS
A
121 - Which database model allows for the storage of a wide spectrum of different types of data, including images, audio, and documents?
A. Hierarchical database model
B. Relational database model
C. Object-oriented database model
D. Distributed database model
C
122 - What is not a type of attribute that can be used to make authentication decisions in a biometric system?
A. Keyboard dynamics
B. Hand geometry
C. Facial scan
D. Skin scan
D
123 - Which activity can help identify the systems or network infrastructure points that are most likely to be attacked?
A. Asset valuation
B. Compartmentalization
C. Substantive testing
D. Aggregation
A
124 - Companies that have been attacked often choose not to release this information tot he media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account?
A. Cult of the Dead Cow
B.Chaos Computer Club
C. Legion of Doom
D. Kevin Mitnick
B
125 - What is the correct order of sensitivity level sofr data classification in commercial business?
A. Public Private, Sensitive and Confidential
B. Sensitive, Confidential, Private and Public
C. Public, Sensitive, Private and Confidential
D. Private, Confidential, Sensitive and Public
C
126 - What type of service hides internal IP addresses from external users and will replace IP addresses as necessary so that internal users can access public resources?
A. PAT
B. NIS
C. DHCP
D. NAT
D
127 - Administrative, technical, and physical controls should be used by security administrators to meet the organization’s security requirements. What is an example of a technical control?
A. Closed-circuit TV (CCTV)
B. Router
C. Data backup
D. Biometric system
B
128 - What requires publicly listed organizations to produce annual internal financial reports?
A. Sarbanes-oxley
B. BS 25999
C. Title IX of the implementing the 9/11 Commision Recommendations Act of 2007
D. TCSEC
A
129 - What attributes are used when evaluating a system’s protection mechanisms under the information Technology Security Evaluation Criteria (ITSEC)?
A. Integrity and Authentication
B. Confidentiality and Functionality
C. Assurance and Integrity
D. Functionality and Assurance
D
130 - Where is the ACS activity monitored and recorded for historical purposes?
A. State machine model
B. CCTV
C. UPS system
D. Access Control Head End
D
131 - After determining the risks that could affect business functions, what would be the least effecteive type of measure that could be implemented to help reduce the impact as much as possible?
A. Proactive
B. Preventative
C. Cost-effective
D. Reactive
D
132 - There are many different types of computer crimes, each of which can be committed differently. An employee who makes small, periodic changes to the company’s financial records in an effort to go unnoticed is committing what type of crime?
A. Salami attack
B. Emanations capturing
C. Data diddling
D. Denial of Service (DoS)
A
133 - Which type of law acts on civil violations against an organization or individual?
A. Administrative
B. Criminal
C. Regulatory
D. Tort
D
134 - Which information concealment methods match to each dscription?
A. Stenography
B. Code words
C. Watermarking
D. Cryptography
- Uses sophisticated mathematical techniques to hide information
- Uses additional information within a file for detecting the theft of information
- Uses a specific medium to hide information within
- Uses letters to represent an idea or sentiment
- [D]Uses sophisticated mathematical techniques to hide information
- [C]Uses additional information within a file for detecting the theft of information
- [A]Uses a specific medium to hide information within
- [B]Uses letters to represent an idea or sentiment
135 - What is NOT one of the three critical requirements for operations controls?
A. Software control
B. Resource protection
C. Privileged-entry control
D. Hardware control
A
136 - What type of intrusion detection system (IDS) is used to detect any sound that can be made by someone trying to force their way into a facility?
A. Accoustical detection system
B. Proximity detector
C. Photometric system
D. Electro-mechanical system
A
137 - Which standard was developed to outline countermeasures for emanation by electronic devices?
A. EMSEC
B. EMI
C. EMP
D. TEMPEST
D
138 - An updated security system is being considered for implementation to your company’s building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs?
A. Magnetic stripe card
B. Electronic combination lock
C. Proximity card
D. Combination lock
C
139 - Which security principle ensures that information is protected from being modified by unauthorized individauls?
A. Integrity
B. Confidentiality
C. Availability
D. Authorization
A
140 - Intellectual property can be protected by what types of laws?
A. Trademarks, Trade secrets, and accreditation
B. Patents, trademarks, and certification
C. Copyright, accreditation, and trade secrets
D. Trade secrets, patents, and tradmarks
D
141 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occuring if one of the steps fails?
A. Durability
B. Isolation
C. Atomicity
D. Consistency
C
142 - What network device can you implement between end systems on a network to reduce the possibility of sniffing and monitoring attacks by potential intruders?
A. Switches
B. Routers
C. Gateways
D. Firewalls
A
143 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the user currently resides?
A. Star integrity axiom
B. Simple security rule
C. star property rule
D Simple integrity axiom
C
144 - Which security model has the ability to address the inference attack?
A. Graham-Denning model
B. Biba model
C. Noninterference model
D. Lattice model
C
145 - What type of intrusion detection system (IDS) uses strips of foil or pressure pads, near an entry point that sounds an alarm when the contact is broken?
A. Proximity detector
B. Electro-mechanical system
C. Acoustical detection system
D. Photometric system
B
146 - Which software development models match each description?
A. Spiral
B. SWaterfall
C. Prototyping
- With this model, a rough system is developed quickly and then tested and evaluated to check where improvements need to be ade. A new system is then made with the changes in place and the testing repeated.
- This model consists of a set of phases that run in sequence where each phase has to be completed before it is possible to move on to the next phase.
- In this model, each phase contains four in-built steps: planning, implementing, checking, and acting.
- [C]With this model, a rough system is developed quickly and then tested and evaluated to check where improvements need to be made. A new system is then made with the changes in place and the testing repeated.
- [B]This model consists of a set of phases that run in sequence where each phase has to be completed before it is possible to move on to the next phase.
- [A]In this model, each phase contains four in-built steps: planning, implementing, checking, and acting.
147 - Which technique involves an attacker probing a host for responses without being able to sniff sequence and acknowledgement messages?
A. Scrubbing
B. Brute force attack
C. Blind spoofing
D. Emanation
C
148 - What is the most important consideration when planning the building of a new company facility?
A. Crime rate in the area
B. Saftey of personnel
C. Proximity to airport
D. Materials used in construction
B
149 - Which NIST 800-34 standard steps that can be applied to business continuity planning match each description?
A. Develop recovery strategies.
B.Develop the contingency plan
C. Conduct the BIA
D. Maintain the plan
- Implement procedures to keep the BCP updated on a frequent basis.
- Identify threats and calculate risks
- Provide procedures for the organization to remain operational while functions and stystems are offline
- Select methods to ensure systems are efficiently brought back online
-[D]Implement procedures to keep the BCP updated on a frequent basis.
-[C]Identify threats and calculate risks
-[B]Provide procedures for the organization to remain operational while functions and systems are offline
[A]-Select methods to ensure systems are efficiently brought back online
150 - In which mode is a system operating if all users have a formal need to know as well as a clearance for all data in the system?
A. System High-Security Mode
B. Multilevel Security Mode
C. Compartmented Security Mode
D. Dedicated Security Mode
D
151 - Which access control concept involves isolating groups of people and information so that information is not passed between the groups?
A. Compartmentalization
B. Need to know
C. Least privilege
D. Security domain
A
152 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs?
A. Warm reboot
B. Emergency system restart
C. System reboot
D. System cold start
A
153 - What would be the maximum tolerable downtime (MTD) of a business function catergorized as urgent?
A. 24 hours
B. 7 days
C. Up to 4 hours
D. 30 days
A
154 - What is one of the bets ways to prevent piggybacking from occuring at the access points into a facility?
A. Security guards
B. Swipe cards
C. Programmable locks
D. Proximity cards
A
155 - Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination?
A. Session
B. Data link
C. Network
D. Physical
C
156 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs?
A. Their being used to identify wireless hotspots that attackers can use to initiate attacks
B. Susceptibility to DoS attacks
C. Accidental disclosure of confidential, private information
D. Their being used to facilitate the spread of malicious code
C
157 - What would be the least effective method to prevent an intruder from gaining access to a facility?
A. Smartcards
B. CCTV
C. A fence
D. Guard dogs
B
158 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with?
A. Accreditation
B. Affirmation
C. Certification
D. Hallmark
A
159 - Which Common Criteria Evaluation Assurance Level (EAL) involves semiformal design and testing of systems?
A. EAL 7
B. EAL 1
C. EAL 3
D. EAL 5
D
160 - What is the best method to use as a means of ensuring that users adhere to the organization’s security policies?
A. Create security procedures that identify the steps required to achieve thepolicy requirements
B. Identify penalties associated with noncompliance
C. Create security standards that support the policies
D. Conduct security awareness training and education
D
161 - When does a buffer overflow occur?
A. When an application sends too much information to another application causing a blue screen
B. When an application runs out of memory and crashes the system
C. When too much data is entered into the buffer
D. When the operating system runs out of RAM and causes a reboot
C
162 - Which features match to each key technology
A. Can be re-pinned by using a master key
B. Identifies the individual key holder
C. Allows for 10 to 15 lock changes
D. Contains a built-in microprocessor
- Instakey
- Intellikey
- [A, C] Instakey
- [D, B] Intellikey
163 - What is the best strategy for outsourcing?
A. Developing an outsourcing strategy independent of auditing considerations related to outsourcing
B. Including appropriate terms and conditions in the SLA
C. Excluding service improvement expectations from the outsourcing contract
D. Omitting business continuity and disaster recovery considerations from the outsourcing strategy
B
164 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs?
A. Fences
B. Gates
C. Bollards
D. Landscaping
A
165 - There are different types of eavesdropping methods. Which method involves tampering with a transmission medium in order to create a covert signalling channel?
A. Covert Channel Eavesdropping
B. Passive Eavesdropping
C. Channel Eavesdropping
D. Active Eavesdropping
D
166 - You want to guard against social engineering attacks, including fraudulent e-mails and fradulent telephone calls. What would be the best choice to ensure security?
A. Employee training
B. IDS
C. Separation of duties
D. Access control
A
167 - What is the highest level of information classification used by the majority of organizations?
A. Confidential
B. Internal use only
C. Restricted
D. Secret
C
168 - What is the MOST important consideration when collecting and preserving evidence for legal action after a server has been compromised?
A. Maintaining proper chain of custody
B. Obtaining a bit-by-bit copy of the server’s hard disk
C. Disconnecting the server’s power supply
D. Disconnecting the server’s network cable
A
169 - While away on business you are forced to leave a company laptop unattended in your hotel room for several hours. What would be the best method of securing the sensitive data stored on this laptop from theft?
A. Maintain backups of the sensitive data in a secure location
B. Secure the laptop to a hotel desk using a locking cable
C. Use encryption software to encrypt the sensitive data
D. Have the laptop engraved with an ID number
C
170 - What is not true with respect to the relationships between threat, vulnerability, exposure, countermeasure and risk?
A. The probability of a fire causing damage is a risk.
B. A vulnerability can expose a system to possible damage.
C. A threat agent takes advantage of a vulnerability.
D. A countermeasure can mitigate a vulnerability.
D
171 - What is the main factor for strengthening the functions of cryptographic systems?
A. Increase in the number of cryptographic algorithms
B. Increase in classified information
C. Increase in computational power
D. Increase in the number of hackers
C
172 - Which security standard consists of five principles and seven enablers?
A. COBIT version 5
B. ISO/IEC 27001:2005
C. ITSEC
D. ISO/IEC 15408
A
173 - Which is NOT an integrity goal that is addressed by the Clark-Wilson model?
A. Authorized users should be prevented from making unauthorized changes.
B. Unauthorized users should be prevented from making changes.
C. Internal and external consistency should be maintained at all times
D. All users must be identified and authenticated.
D
174 - What law protects software programs from illegal distribution?
A. Trademark
B. Trade secret
C. Patent
D. Copyright
D
175 - A company crime has been reported and an investigation by the company’s incident response team has confirmed that an actual crime has been commited. The initial evidence indicates that the crime appears to have been committed by an employee within the company. What department should be notified?
A. Marketing
B. Human Resources
C. Finance
D. Software Development
B
176 - You need to select a server room fire suppressant that is considered environmentally safe and less damaging to hardware. What should you choose?
A. Carbon Dioxide
B. FM200
C. Halon 1301
B
177 - What best describes an information protection environment?
A. Audits, logs, policies, and procedures used to track user activities throughout the organization
B. An environment for operations security that encompasses all computing resources in an organization
C. An environment for software security that encompasses all software used in an organization
D. An environment for hardware security that encompasses all dedicated hardware in an organization
B
178 - What are the strengths and weaknesses of asymmetric cryptography?
A. Uses more computational power than the other cryptography method
B. Provides confidentialtiy only
C. Provides authenticity
D. Better key distribution than the other cryptography method
E. Uses less computational power than the other cryptography method
F. Does not scale well in terms of key management
- Strength
- Weakness
- [C, D]Strength
- [A]Weakness
179 - What is the term that describes the estimated time a device should last before it stops working?
A. Mean time between failure
B. Mean time to fix
C. Mean time before replacement
D. Mean time to repari
A
180 - Which rules will protect data at an integrity level from being corrupted by data at a lower integrity level?
A. Star property rule
B. Simple security rule
C. Strong start property rule
D. SImple integrity axiom
D
181 - Intrusion detection systems are used to determine if attacks are occuring on a network. There are several different types of intrusion detection systems available on the market. You have been tasked with implementing an intrusion detection system that uses predefined knowledge to determine if an attack is occuring. Which one should you implement?
A. Host-based intrusion detection system
B. Network-based intrusion detection system
C. Statistical anomaly-based intrusion detection
D. Signature-based intrusion detection
D
182 - You need provide security for your client’s connections to your web server. You need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this?
A. HTTP
B. HTTPS
C. S-HTTP
D. SET
B
183 - What is the first step that should be performed for a penetration test?
A. Exploitation
B. Vulnerability analysis
C. Enumeration
D. Reconnaissance
D
184 - Which type of virus takes advantage of system precedence?
A. Macro virus
B. Multipartite virus
C. Polymorphic virus
D. Companion virus
D
185 - Which attack takes advantage of weaknesses in the design of the TCP protocol?
A. SYN flood
B. Fraggle
C. Smurf
D. Teardrop
A
186 - Whcih security principle can have the greatest effect on user productivity?
A. Confidentiality
B. Authorization
C. Integrity
D. Availability
D
187 - Which standard is recommended by the implementing the 9/11 Commission Recommendations Act of 2007?
A. TCSEC
B. NFPA 1600
C. ISO/IEC 27002
D. Common Criteria
B
188 - Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network?
A. Decrease the number of rings that will occur before the RAS server answers an incoming call.
B. Change the phone numbers for the modems wthin the RAS server.
C. Increase the number of rings that will occur before the RAS server answers an incoming call.
D. Disable all modems that are not required for incoming calls.
C
189 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company’s president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora’s Fourth Amendment rights?
A. If management is acting as private citizens, Debora’s Fourth Amendment rights owould not be violated.
B. If management is acting as private citizens, Debora’s Fourth Amendment rights would be violated.
C. If management is acting as a police agent, Debora’s Fourth Amendment rights would not be violated.
D. If Debora is acting as a police agent, management’s Fourth Amendment rights would not be violated.
A
190 - Which is the final step that you should include in any backup plan?
A. Test the backup plan.
B. Determine what type of backup media you will require.
C. Determine where you should store the backup media and how long you should store it there.
D. Determine what data you will need to back up.
A
191 - Which is not a characteristic of business impact analysis?
A. Determining a recover strategy
B. Identifying critical systems
C. Developing it early in business continuity planning
D. Determining the maximum tolerable downtime (MTD)
A
192 - What type of threat to access control consists of a mtehod to bypass the normal user authentication process in a software product?
A. Data remanence
B. Buffer overflow
C. Trapdoor
D. Overt channel
C
193 - Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings?
A. ARP table poisoning
B. Reverse ARP
C. Poisoning ARP cache
D. Reverse ARP table poisoning
A
194 - Which of the following is an example of a brute force attack?
A. A program that covers up the login screen and captures the values once they are innputted by the user.
B. A program that uses a pre-defined list of values and compares it to captured values
C. A program that sniffs the network and captures packets
D. A program that uses every possible input combination to try to determine the correct value
D
195 - During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase?
A. Data and voice equipment
B. Environmental issues
C. Computer and network equipment
D. Human resources
D
196 - The companny’s database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significatnt amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in?
A. Urgent
B. Critical
C. Normal
D. Nonessential
A
197 - What is not a characteristic of decentralized access control administration?
A. Changes in access control happen faster.
B. Uniform access controls across an organization.
C. Access control is implemented closer to the actual resource.
D. Possible overlap in access controls
B
198 -The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise availability?
A. DDenial-of-Service attack
B Human error
C. Dumpster diving
D. Social engineering
A
199 - What should you configure to ensure that received fax documents are kept confidential and secure?
A. Configure a fax server to route the received faxes to the fax device that is nearest to the recipient.
B. Configure the fax device to aonly accept faxes when a user is present to receive it.
C. Configure a fax server to route the received faxes to the appropriate user’s electronic mailbox.
D. Configure a fax server to print the faxes to the nearest printer and include a cover page that separates the printed faxes by user name.
C
200 - A computer crime is suspected and reported to senior management. What should the incedent response team consider during the preliminary investigation?
A. Which company officials should be informed via e-mail
B. Who will communicate with the media
C. Whether the police should be contacted
D. Whether the suspect should be contacted
C
201 - Which standardized algorithm can produce a message digest value in the range of 128 to 256 bits?
A. MD5
B. HAVAL
C. MD4
D. SHA-3
B
202 - During the system development process, logging should be enabled to ensure that the development life cycle is tracked. What should you track in the logs?
A. Completion codes
B. Who accessed the resource, what resource was accessed, and when the resource was accessed
C. Edits
D. Operating instructions
B
203 - Several measures can be taken to help protect against electric power issues. What is NOT a recommended method of protecting devices?
A. Do not run cables close to fluorescent lights.
B. Plug all devices into surge protectors.
C. Use shielded cables.
D. Plug power bars into other power bars to help provide additional protection.
D
204 - A BCP team determines the scope of the plan, creates a timeline, and prepares a policy statement that all department managers will sign. What other important step for initiating the project must the team perform?
A. List the assets that the company has and their replacement values.
B. Obtain senior management support for the project.
C. Consider the legal regulations that apply to the industry in particular.
D. Conduct a business impact analysis (BIA).
B
205 - Biometric devices are among the most accurate and secure methods of authentication available. However, some users find them obtrusive and are therefore reluctant to use them. What biometric recognition system is the most widely accepted and implemented?
A. Fingerprints
B. Facial features
C. Iris patterns
D. Retinal patterns
A
206 - What is NOT an example of a detective physical control?
A. Smoke and fire detectors
B. Alarms and sensors
C. Security guards
D. Library control systems
D
207 - Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis?
A. Uses a lot of educated guesses
B. Presents yearly losses
C. Opinions are provided by process experts
D. Does not take into consideration cost/benefit analysis
E. Requires calculations
- Qualitative risk analysis
- Quantitative risk analysis
- [A, C, and D]Qualitative risk analysis
- [E, and B]Quantitative risk analysis
208 - Management has approached you about the current Redundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level support multiple drive failures. What should you tell them?
A. RAID 1
B. RAID 10
C. RAID 0
D. RAID 5
B
209 - What type of attack involves interference that overpowers the sending and receiving of a data signal on a communications link?
A. Man-in-the-Middle attacks
B. Covert Wireless Channel
C. Eavesdropping
D. Denial of Service Jamming
D
210 - The integrity of data within a database can be protected by different types of operations. Which is NOT an operation that will protect the integrity of data within a database?
A. Rollback
B. Commit
C. Inference
D. Savepoint
C
211 - Which model allows changes to occur dynamically for access controls based on previous actions that a user performed?
A. Graham-Denning model
B. Brewer and Nash model
C. Chinese Firewall model
D. Lattice model
B
212 - Information security responsibilities are inherent to the role within the organization. Which organizational role is best suited to identifying and prioritizing. Security efforts, and recommending security policies to put into place within the organization?
A. Data owner
B. Executive management
C. Steering committee
D. Information security officer
C
213 - You are the network administrator for a branch office. You need to secure the network traffic as it enters and leaves your office. Your plan is to implement a hardware based firewall. The firewall should be able to inspect the data’s source and destination address. This will allow you to implement access control lists to control access to specific applications and services. What type of firewall should you implement to meet the branch office security requirements?
A. Stateful inspection
B. Application Level
C. Packet Filtering
D. Circuit Level
C
214 - Which protocol relies on a “web of trust” for its key management approach instead of a hierarchy of certificate authorities?
A. PGP
B. Deffie-Hellman
C. SSL
D. RSA
A
215 - How does DCOM provide security for software applications?
A. It creates authentication levels that protect the authenticity, integrity, and confidentiality of data
B. It uses digital signatures, which are verified using the Authenticode technology
C. It uses garbage collection to leave classified data in unallocated memory locations
D. It creates sandboxes, which are security boundaries within which untrusted applets are executed
A
216 - A public key infrastructure provides many different types of security services. Which is NOT a security service that a public key infrastructure will provide?
A. Access Control
B. Nonrepudiation
C. Certificate Authority
D. Authentication
C
217 - Which type of attack does not involve the use of the encryption key or encryption algorithm to gain access to secret information?
A. Social engineering
B. Chosen ciphertext
C. Brute force
D. Chosen plaintext
A
218 - Which viable weekly backup strategy will take the least amount of time to complete?
A. Perform a full backup every Monday and an incremental backup on the remaining days of the week.
B. Perform a differential backup every Monday and an incremental backup on the remaining days of the week.
C. Perform a full backup every Monday and a differential backup on the remaining days of the week.
D. Perform a full backup every day.
A
219 - Which option is not classified as a presentation layer standard?
A. MPEG
B. HTTP
C. TIFF
D. JPEG
B
220 - Which type of security threat would be used by an attacker to delete a resource on a specific date or time?
A. SYN flood attack
B. Companion virus
C. Logic bomb
D. DoS attack
C
221 - What security model is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it?
A. System High-Security Mode
B. Dedicated Security Mode
C. Multilevel Security Mode
D. Compartmented Security Mode
A
222 - What is not an example of a physical control?
A. External lights
B. Subnets
C. Building location
D. Data backups
B
223 - Which type of security device is set into a door’s edge?
A. Biometric reader
B. Mortise lock
C. Rim lock
D Card reader
B
224 - Concerning patch management, how should a set of recently released security updates be managed for your organization’s production servers?
A. Install only the updates for fixing problems that your firewall is unable to prevent
B. Install them after ensuring that they work with the current network setup
C. Install them immediately to ensure that no problems will occur
D. Configure automatic updates to download the security updates
B
225 - RADIUS and TACACS+ are both examples of centralized access control technologies. Which of these options is NOT true in regards to TACACS+ and RADIUS?
A. TACACS+ uses the Transmission Control Protocol (TCP) as its transport protocol.
B. TACACS+ separates authentication, authorization, and accounting (AAA) functionalities.
C. TACACS+ encrypts the user’s password only.
D. TACACS+ allows for more granular control.
C
226 - What type of backup will contain any files that have changed since the last full backup?
A. Full
B. Differential
C. Complete
D. Incremental
B
227 - Which statement is not true in relation to the term “back door”?
A. There are various tools on the market that allow you to easily create and execute back door attacks.
B. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in.
C. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes.
D. A back door attack allows an attacker to masquerade themselves as someone else.
D
228 - Which type of light is ideal for indoor lighting but not for outdoor lighting?
A. Fluorescent
B. Sodium vapor
C. Mercury vapor
D. Quartz lamps
A
229 - Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why?
A. In order to share information between corporate sites
B. For use in future employee training sessions
C. To keep track of constant changes in software and hardware
D. In order to reflect the constant change in the corporate landscape
C
230 - An attacker deleting specific incriminating information out of an audit log is referred to as what?
A. Sniffing
B. Scrubbing
C. Purging
D. Spoofing
B
231 - A computer crime has been reported and an investigation by the company’s incident response team has confirmed that an actual crime has been committed. Who should be informed next?
A. Network administrator
B. Police
C. Senior management
D. Human resources department
C
232 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance?
A. Fencing
B. Keyboard monitoring
C. Closed Circuit Television (CCTV)
D. Audit logs
C
233 - Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer. However, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization?
A. Chief security officer
B. Chief financial officer
C. Chief information officer
D. Chief executive officer
C
234 - Which OSI reference model layers match to each function?
A. Network B. Presentation C. Session D. Transport E. Application F. Data-link
- []Responsible for error-free packet transfers between network nodes
- []Establishes, maintains, and terminates connections between devices and applications
- []Segments data in the appropriate size and format
- []Ensures that data represented by one system can be interpreted by another system
- []Specifies how data is routed from hosts on one network to hosts on another network
- []Interacts directly with end users to provide network services
- [F]Responsible for error-free packet transfers between network nodes
- [C]Establishes, maintains, and terminates connections between devices and applications
- [D]Segments data in the appropriate size and format
- [B]Ensures that data represented by one system can be interpreted by another system
- [A]Specifies how data is routed from hosts on one network to hosts on another network
- [E]Interacts directly with end users to provide network services
235 - What are the advantages and disadvantages of a warm site?
A. Less expensive to maintain than a hot site
B. Includes computers and servers
C. No certainty that the site will be up and running within hours after being fully configured
D. Testing of the site is done on an annual basis
E. Good choice for organizations requiring proprietary hardware
F. Partially configured
- Advantages
- Disadvantages
- [E, A]Advantages
- [F, C]Disadvantages
236 - In terms of a biometric system, what is referred to as a Type II error?
A. False acceptance rate
B. Crossover error rate
C. Equal error rate
D. False rejection rate
A
237 - A security practitioner is designing a network diagram that includes two routers and a firewall. A demilitarized zone (DMZ) is required for controlling DMZ access from untrusted and trusted sites.
The link off to the side from the firewall
238 - Which standard concentrates on how security controls are implemented, rather than which controls are implemented?
A. ISO/IEC 27002
B. TCSEC
C. ISO-IEC 27001:2005
D. Common Criteria
A
239 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher?
A. Substitution
B. Running key
C. Transposition
D. Null
C
240 - What is not a necessary step for developing a data classification program?
A. Define procedures for declassifying data.
B. Assign a data custodian.
C. Assign responsibility for data classification to the data custodian.
D. Define the classification levels.
C
241 - Which access cards match to each description?
A. Proximity card
B. Smart card
C. Magnetic stripe card
- Contains a microchip and opens a magnetic lock
- Contains a microchip and can store a large amount of data
- Made of PVC material and is easily damaged
- [A]Contains a microchip and opens a magnetic lock
- [B]Contains a microchip and can store a large amount of data
- [C]Made of PVC material and is easily damaged
242 - What often happens unexpectedly because of the development of a company
s contingency plan?
A. Hot sites are found to be expensive to maintain
B. Improved business operations
C. Support from senior management is realized
D. RTOs are discovered
B
243 - Evidence must meet which criterion to be admissible in a court of law?
A. Corroborative and conclusive
B. Indisputable and intangible
C. Relevant and reliable
D. Insufficient and intangible
C
244 - What is the Biba model most concerned with?
A. Verification
B. Confidentiality
C. Repudiation
D. Integrity
D
245 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion?
A. Separation of duties
B. Access control
C. Rotation of duties
D. Intrusion detection
C
246 - Which algorithm is not a hashing algorithm?
A. HAVAL
B. RC4
C. SHA
D. MD5
B
247 - Which access control model is based on a security label system?
A. Discretionary access control
B. Mandatory access control
C. Nondiscretionary access control
D. Role-based access control
B
248 - Your company is implementing wireless technologies to provide users with the mobility they require to perform their day to day activities. Management has approached you and is questioning the security of the wireless technologies in relation to wardriving. You need to assure them that the network will be secured against wardriving. Which security measure will not provide protection against wardriving?
A. Enable the broadcasting of SSIDs on the access points that will be implemented within the network.
B. Use 128-bit WEP as the encryption standard on the wireless network.
C. Physically place the access points within the middle of the buildings.
D. Change the SSID that will be used to identify the access point on the network
A
249 - The process of transferring transaction logs or journals to an offsite facility is known as what?
A. Disk-shadowing
B. Disk duplexing
C. Remote journaling
D. Electronic vaulting
C
250 - The international Information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory canon in the CISSP Code of Ethics?
A. Act honorably, honestly, justly, responsibly , and legally.
B. Protect society, the commonwealth, and the infrastructure.
C. Provide diligent and competent service to principals.
D. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty.
D
