SU Practice exam bank Flashcards

1
Q

(Random Partial Bank) 1 - An updated security system is being considered for implementation to your company’s building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs?

A. Electronic combination lock
B. Combination lock
C. Magnetic stripe card
D. Proximity card

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

2 - What Common Criteria assurance level is the first to require that the product is formally verified, designed, and tested?

A. EAL6
B. EAL5
C. EAL7
D. EAL4

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3 – Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method?

A. Something you know
B. Something you use
C. Something you are
D. Something you have

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

4 – Which cipher is most susceptible to frequency analysis attacks?

A. Polyalphabetic Substitution Cipher
B. Caesar Cipher
C. Running Key Cipher
D. Transposition Cipher

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

5 – Before the recovery strategies from the Disaster Recovery Plan (DRP) are put into action, an event is triggered that starts the event management process.

A

4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

6 – What does the term “trusted computing base” best address?

A. The level of communication a system provides
B. The level of security a system provides
C. The level of application portability a system provides
D. The level of trust a system provides

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

7- What can you use to determine whether an information security program is on track and on budget?

A. Operational metrics
B. Strategic metrics
C. Management metrics
D. Technical metrics

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

8 – There are various threats that directly affect your operations environment. It is important that your environment is protected against these threats. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad?

A. Destruction and theft
B. Interruption and disclosure
C. Corruption and modification
D. Disclosure and corruption

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

9 – What would be the least effective method to prevent an intruder from gaining access to a facility?

A. Guard dogs
B. CCTV
C. Smartcards
D. A fence

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

10 – Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network?

A. Disable all modems that are not required for incoming calls.
B. Change the phone numbers for the modems within the RAS server
C. Decrease the number of rings that will occur before the RAS server answers an incoming call.
D. Increase the number of rings that will occur before the RAS server answers an incoming call.

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

11 – Which of the following is an example of a brute force attack?

A. A program that covers up the login screen and captures the values once they are inputted by the user
B. A program that sniffs the network and captures packets
C. A program that uses a pre-defined list of values and compares it to captured values
D. A Program that uses ever possible input combination to try to determine the correct value

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

12 – Which access control model makes use of ACLs?

A. Mandatory access control
B. Discretionary access control
C. Nondiscretionary access control
D. Role-based access control

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

13 – Which statement best describes a properly implemented incident handling program?

A. Incident handling should be part of the disaster recovery plan
B. Incident handling should be part of the business continuity plan
C. Incident handling should be approached in a reactive manner.
D. Incident reporting should be decentralized

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

15 – A BCP team determines the scope of the plan, creates a timeline, and prepares a policy statement that all department managers will sign. What other important step for initiating the project must the team perform?

A. Consider the legal regulations that apply to the industry in particular.
B. Conduct a business impact analysis (BIA).
C. Obtain senior management support for the project.
D. List the assets that the company has and their replacement values.

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

16 – During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase?

A. Human resources
B. Data and voice equipment
C. Computer and network equipment
D. Environmental issues

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

17 – You need to implement a method of verifying that only authorized individuals are able to gain access to a restricted section of your facility. You need to implement an automated system that ensures every person is individually identified and authorized before they are permitted to enter. What authentication methods would best suit your needs?

A. Mantrap
B. An annuciator capable system
C. Security guards
D. Smart lock

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

18 – What best describes an information protection environment?

A. An environment for software security that encompasses all software used in an organization
B. An environment for operations security that encompasses all computing resources in an organization
C. Audits, logs, policies, and procedures used to track user activities throughout the organization
D. An environment for hardware security that encompasses all dedicated hardware in an organization

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

19 – What law protects company logos from illegal duplication?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

20 – Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded?

A. Overwriting
B. Degausing
C. Destroying
D. Clearing

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

21 – (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics. Identify one of the mandatory canons in the CISSP Code of Ethics.

A. Thou shalt not use a computer to steal.
B. Provide diligent and competent service to principals
C. I will not misuse any information or privileges I am afforded as part of my responsibilities
D. Discharge professional responsibilities with diligence and honesty.

A

B

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

22 – The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router?

A. Layer 3
B. Layer 1
C. Layer 2
D. Layer 7

A

A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

23 – Which methodological framework categorizes IT processes and activities into four domains for governance?

A. COSO
B. ITIL
C. ISO 27000
D. COBIT version 4.1

A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

24 – Which attack involves sending malformed packets to a system in order to cause it to crash or end processing?

A. SYN flood attack
B. Smurf attack
C. Denial of Service (DoS) attack
D. Fraggle attack

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

25 – Which type of lock provides the least amount of security?

A. Electronic combination lock
B. Smart lock
C. Warded lock
D. Tumbler lock

A

C

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
26 – IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode? A. Only the header information is protected. B. Only the header and trailer information are protected. C. The payload as well as the header and trailer information is protected. D. Only the payload of the message is protected.
C
26
27 – What is an example of a deterrent control? A. Smart cards B. Security policies C. Fences D. Audit logs
C
27
28 – The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs? A. Rollback B. Inference C. Savepoint D. Commit
C
28
29 – Management has approached you and would like you to explain how they can possibly prevent collusion within the organization. What should you tell them? A. Force employees to take mandatory vacations. B. Implement separation of duties. C. Implement the rule of least privilege. D. Implement job rotation.
D
29
30 – What is the first level in the Orange Book that requires users to be individually identified and accountable for their actions? A. C2 B. B2 C. C1 D. B1
A
30
31 – Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis? A. Uses a lot of educated guesses B. Does not take into consideration cost/benefit analysis C. Requires calculations D. Presents yearly losses E. Opinions are provided by process experts
Quantitative Risk Analysis: C, D | Qualitative risk analysis: A, E, and B
31
32 – Which statement best describes the Business Continuity Planning (BCP) recovery strategies? A. They are predefined activities that will be used when a disaster strikes. B. They are measures put into place to help reduce the likelihood of a disaster. C. They are predefined activities that will be used to prevent a disaster from occurring. D. They are measures put into place to help detect when a disaster strikes.
A
32
33 – Which is not a term that is used to identify the type of response an operating system will take when a failure occurs? A. Emergency system restart B. System reboot C. System cold start D. Warm reboot
D
33
34 – What is considered the appropriate height for a fence to deter a determined intruder? A. Three to four feet high B. Six to seven feet high C. Eight feet high D. One to two feet high
C
34
35 – A one-time pad is one of the most powerful substitution ciphers. What must be true order to maintain the integrity of the algorithm for the one-time pad? A. Physical protection against disclosure for the one-time pad should be considered. B. The one-time pad should be used no more than three times. C. At a minimum, the key must be as long as the message that it will be encrypting. D. The encryption key that is used for the one-time pad must be manually created.
C
35
36 – What is one of the best ways to keep a Business Continuity Plan (BCP) up to date? A. Maintain a record of any revisions made to the BCP plan. B. Integrate the BCP plan into the change management process C. Review the BCP plan at least once a year D. Include maintenance responsibilities in job descriptions.
B
36
37 – What are the advantages and disadvantages of a warm site? A. No certainty that the site will be up and running within hours after being fully configured B. Partially configured C. Less expensive to maintain than a hot site D. Testing of the site is done on an annual basisE. Good choice for organizations requiring proprietary hardwareF. Includes computers and servers
Advantages: E, CDisadvantages: B, A
37
38 – What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986? A. To gain authorized access to personal medical information B. To use classified data for the benefit of a foreign nation C. To disclose personal medical information D. To gain unauthorized access to government computers
D
38
39 – Which method is most secure when updating routing information? A. Static updates B. Link-state updates C. Dynamic updates D. Distance-vector updates
A
39
40 – An attacker deleting specific incriminating information out of an audit log is referred to as what? A. Spoofing B. Sniffing C. Scrubbing D. Purging
C
40
41 – What is the first level in the Orange Bok that requires labeled security? A. B2 B. C1 C. C2 D. B1
D
41
42 – What would be the least effective method used to secure a fax transmission? A. Require users to encrypt their own transmissions B. Implement a fax encryptor C. Use a fax server on the network D. Enable logging and auditing of fax transmissions
A
42
43 – Which is NOT a type of programming language? A. High-Level B. Assembly C. Machine D. Interpreter
D
43
44 – Which option is not classified as a presentation layer standard? A. JPEG B. MPEG C. TIFF D. HTTP
D
44
45 – You need to send several classified documents to one of your company’s clients. You want to implement a method of detecting any illegal copying of these classified documents. Which method could you use? A. Steganography B. Running key cipher C. Watermarking D. Code words
C
45
46 – What is the term that describes an understanding with another company to use their facilities in the event of a disaster?A. Mobile hot siteB. Reciprocal agreementC. Redundant siteD. Alternate off-site facility
B
46
47 – Which access control concept is used when operational secrecy is a major concern? A. Compartmentalization B. Security domain C. Need to know D. Least privilege
C
47
48 – Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators? A. There are only a few laws that specifically address computer crimes B. Most attacks are performed by individuals located outside of the network C. Most companies do not use firewalls D. Many attackers spoof their IP addresses and erase logs to cover their tracks.
D
48
49 – You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as? A. Affirmation B. Certification C. Hallmark D. Accreditation
B
49
50 – Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why? A. For use in future employee training sessions B. In order to share information between corporate sites C. In order to reflect the constant change in the corporate landscape D. To keep track of constant changes in software and hardware
D
50
51 – The application layer of the TCP/IP model maps to which layers of the OSI model? A. Presentation, Session, Transport B. Application, Session, Transport C. Transport, Network, Data Link D. Application, Presentation, Session
D
51
52 – What might a security architect use as a starting point for their design? A. Bell-LaPadula model B. Reference architecture C. Access control matrix D. Distributed data model
B
52
53 – The risk management framework defines six major areas of risk management. The operational risk management area is broken down further into which specific areas of risk? A. Financial, strategic, technology B. People process, events C. People, credit, market D. Process, market, events
B
53
54 – You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mail where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BWEST meet these needs? A. Landscaping B. Fences C. Bollards D. Gates
B
54
55 – What is the main factor for strengthening the functions of cryptographic systems? A. Increase in classified information B. Increase in computational power C. Increase in the number of cryptographic algorithms D. Increase in the number of hackers
B
55
56 – Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation? A. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information. B. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information. C. A user has the permissions to access information, and does not have the required permissions to access subsets of the same information. D. A user has the permissions to access information, and also has the required permissions to access subsets of the same information.
B
56
57 – Which cryptographic attack involves learning the cryptographic key by comparing false results from an error state with known good information? A. Fault analysis B. Linear cryptanalysis C. Related key attack D. Probing attack
A
57
58 – There are many different types of computer crimes, each of which can be committed differently. An employee who makes small, periodic changes to the company’s financial records in an effort to go unnoticed is committing what type of crime? A. Salami attack B. Data diddling C. Denial of Service (DoS) D. Emanations capturing
A
58
59 – Management has approached you about the current Rdundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level supports multiple drive failures. What should you tell them? A. RIAD 10 B. RAID 5 C. RAID 1 D. RAID 0
A
59
60 – Which type of attack involves deceiving a trusting person into sharing confidential information? A. Passive B. Active C. Spoofing D. Social engineering
D
60
61 – What Common Criteria assurance level is the first to require that the product is methodically tested and checked? A. EAL 5 B. EAL 4 C. EAL 3 D. EAL 2
C
61
62 – What is NOT true regarding the services that MPLS provides? A. Traffic engineering is provided B. Encryption is provided C. Packet labeling is provided D. QoS is provided
B
62
63 – Which method does not provide integrity for a message? A. Hashing a message B. Encrypting a message C. Encrypting and digitally signing a message D. Digitally signing a message
B
63
64 - Which option is NOT TRUE in regards to key management? A. The lifetime of a key should be dictated by the amount of usage. B. Key lengths should be long enough to provide the level of protection that is required. C. Keys should be maintained in a secure location when their lifetime expires. D. Keys should be stored and transmitted in a secure manner.
C
64
65 – Disk mirroring is an electronic backup method that reduces the risk of data loss due to component failure. What is also true of disk mirroring? A. It increases disk overhead. B. It offers a higher level of protection than disk duplexing. C. The controller is not a single point of failure. D. It transfers exact copies of data files to a remote location.
A
65
66 – What is not a type of attribute that can be used to make authentication decisions in a biometric system? A. Skin scan B. Keyboard dynamics C. Facial scan D. Hand geometry
A
66
67 – Which access control threats match each description? A. Dictionary Attacks B. Brute force attacks C. Spoofing - Involves a fake user logon screen being presented to a user for them to input their username and password - Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - Involves trying different input combinations in an attempt to find a correct password
- [C] Involves a fake user logon screen being presented to a user for them to input their username and password - [A] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - [B] Involves trying different input combinations in an attempt to find a correct password
67
68 – A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her? A. You should tell her to only hire honest people. B. You should tell her to implement logs. C. You should tell her to implement auditing. D. You should tell her to implement an accountability server.
C
68
69 – Which of the following is NOT one of the principles identified by the Directive on Data Protection? A. Notice B. Data confidentiality C. Choice D. Data integrity
B
69
70 – What type of iris lens would typically be used in an area that has fixed lighting? A. Annuciator B. Charged-coupled C. Manual D. Automatic
C
70
71 – You are attempting to determine the types of preventative measures to put in place to protect your company’s facility. What is not a preventative measure you might implement? A. Purchase generators B. Implement a hot site C. Create redundant power lines D. Increase inventory
B
71
72 – What is not true with respect to the relationships between threat, vulnerability, exposure, countermeasure and risk? A. A threat agent takes advantage of a vulnerability B. A vulnerability can expose a system to possible damage. C. A countermeasure can mitigate a vulnerability. D. The probability of a fire causing damage is a risk.
C
72
74 – What type of alarm system triggers an alarm at your organization’s security command center when it detects an intruder? A. Local B. Proprietary C. Central station D. Auxiliary station
B
73
76 – Which type of attack is considered a passive attack? A. Replay attack B. Chosen-Plaintext attack C. Ciphertext-Only attack D. Sniffing attack
D
74
77 – What attributes are used when evaluating a system’s protection mechanisms under the Information Technology Security Evaluation Criteria (ITSEC)? A. Integrity and Authentication B. Assurance and Integrity C. Functionality and Assurance D. Confidentiality and Functionality
C
75
78 – What is the second stage of the SDLC? A. Defining system requirements B. Project initiation and planning C. Defining functional objectives D. Developing and implementing
C
76
79 – What is the correct order of sensitivity levels for military data classification? A. Top secret, Secret, Private, Sensitive, Unclassified B. Top secret, Secret, Confidential, Sensitive but unclassified, Unclassified C. Top secret, Confidential, Secret, Sensitive but unclassified, Unclassified D. Top secret, Sensitive, Sensitive but unclassified, Private, Unclassified
B
77
80 – Which identity management system characteristics match with the identity management system? A. Provides packet delivery with UDP B. Uses PPP connections C. Supports the Apple Talk protocol D. Combines services for authentication and authorizationE. Provides packet delivery with TCPF. Encrypts packets between the server and the client-TACAS+-RADIUS
TACAS+: C, F, and E | RADIUS: A, B, and D
78
81 – Which user requirement is true for compartmented security mode but not for multilevel security mode? A. A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system. B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system. C. All users must have a valid need to know some of the information on the system. D. There must be formal access approval for all information that the user will access on the system.
A
79
82 – Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination? A. Session B. Physical C. Data link D. Network
D
80
83 – Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer; however, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization? A. Chief security officer B. Chief financial officer C. Chief information officer D. Chief executive officer
C
81
84 – Which information concealment methods match to each description? A. Code words B. Watermarking C. Stenography D. Cryptography - Uses additional information within a file for detecting the theft of information - Uses sophisticated mathematical techniques to hide information - Uses a specific medium to hide information within - Uses letters to represent an idea or sentiment
- [B] Uses additional information within a file for detecting the theft of information - [D] Uses sophisticated mathematical techniques to hide information - [C] Uses a specific medium to hide information within - [A] Uses letters to represent an idea or sen
82
85 – A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic Interference (EMI). What should you tell them? A. Unshielded Twisted Pair B. Fiber-optic C. Shielded Twisted Pair D. Coaxial
A
83
86 – Which mode of the Data Ecryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)? A. Cipher Feedback B. Electric Code Book C. Counter D. Cipher Block Chaining
C
84
87 – Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement? A. Protect resources that are required for data processing. B. Ensure that resource security is maintained during a failure. C. Ensure that vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced. D. Provide a balance between the implemented security controls and the user’s productivity.
B
85
88 – It is important to conduct a risk assessment as part of the planning process to determine what threatens the organization. Risk assessment also determines ways in which available resources should be used to guard against the identified threats. What is the probability of a threat? A. The need to insure against it B. The severity of the damage it could inflict C. The likelihood that it will occur D. The cost of implementing a plant o curb its effects
C
86
93 – You need to deploy a video surveillance solution in the front lobby of your organization’s building. It is important that the security guards are able to monitor the full lobby, but you want to limit the number of cameras needed to facilitate this. What capability will allow you to meet your goals? A. PTZ capable system B. CCD capable system C. Automatic iris capable system D. A photometric system
A
87
(Bank 1) 1 – Which of the following is an example of a dictionary attack? A. A program that sniffs the network and captures packets B. A program that covers up the login screen and captures the values once they are inputted by the user. C. A program that uses every possible input combination to try to determine what the correct value would beD. A program that uses a pre-defined list of values and compares it to captured values
D
88
2 – What is the main factor for strengthening the functions of cryptographic systems? A. Increase in the number of hackers B. Increase in classified information C. Increase in the number of cryptographic algorithms D. Increase in computational power
D
89
3 – A computer crime has been reported and an investigation by the company’s incident response team has confirmed that an actual crime has been committed. The initial evidence indicates that the crime appears to have been committed by an employee within the company. What department should be notified? A. Software Development B. Human Resources C. Finance D. Marketing
B
90
4 – What Common Criteria assurance level is the first to require that the product is methodically tested and checked? A. EAL4 B. EAL5 C. EAL3 D. EAL2
C
91
5 - What is the benefit of using clustering in your enterprise data management scheme? A. Creates a single point of failure B. Scalability and redundancy C. Requires less memory to operate D. Amount of data storage is increased
B
92
6 - You have been tasked with implementing an intrusion detection system that learns as it performs its day-to-day tasks and uses this knowledge to detect any changes that could mean an intrusion is occurring. Which one should you implement? A. Statistical anomaly-based intrusion detection B. Signature-based intrusion detection C. Network-based intrusion detection system D. Host-based intrusion detection system
A
93
7 - Which is the final step that you should include in any backup plan? A. Determine what type of backup media you will require. B. Test the backup plan. C. Determine where you should store the backup media and how long you should store it there. D. Determine what data you will need to back up.
B
94
8 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this? A. Piggybacking B. Modemsurfing C. Wardriving D. Wardialing
D
95
9 - Which of the following is NOT true in regards to content-dependent access control? A. Content-dependent filtering can be used with email programs and web browsers. B. It uses rules to define what can and cannot occur between an object and a user. C. It is often used within databases. D. Access to objects is determined by the actual content of the object.
B
96
10 - Which method is most secure when updating routing information? A. Distance-vector updates B. Static updates C. Link-state updates D. Dynamic updates
B
97
11 - Ten professional practice areas make up the basis of NFPA 1600. Which practice area involves determining the threats that apply to an organization and limiting their potential impact? A. Project initiation and management B. Risk evaluation and control C. Maintaining and exercising BCPs D. Awareness and training programs
B
98
``` 12 - Which type of security device is set into a door's edge? A. Biometric reader B. Card reader C. Mortise lock D. Rim lock ```
C
99
13 - Companies that have been attacked often choose not to release this information to the media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account? A. Kevin Mitnick B. Chaos Computer Club C. Legion of Doom D. Cult of the Dead Cow
B
100
14 - Biometric devices are among the most accurate and secure methods of authentication available. However, some users find them obtrusive and are therefore reluctant to use them. What biometric recognition system is the most widely accepted and implemented? A. Iris patterns B. Facial features C. Retinal patterns D. Fingerprints
D
101
15 - Which term defines a group of networks that work together for the sole purpose of propagating code that performs undesirable functions? A. Malnets B. Botnets C. Extranets D. Malvertisements
A
102
16 - What ITSEC rating is concerned with a high level of integrity during communications? A. F6 B. F8 C. F7 D. F9
B
103
17 - Which regulation for financial institutions emphasizes resuming and maintaining business operations after a disaster? A. FFIEC B. NYSE Rule 446 C. Electronic Funds Transfer Act D. NASD Rule 3510
A
104
18 - Electronic devices emit electrical and eloctromagnetic signals through the airwaves. This is referred to as what? A. White noise B. Emanation C. EMI D. Tempest
B
105
19 - What can you use to determine whether an information security program is on track and on budget? A. Management metrics B. Technical metrics C. Strategic metrics D. Operational metrics
C
106
20 - What methodology focuses mainly on risk management related to information systems? A. NIST SP 800-39 B. NIST SP 800-30 C. ORION D. CRAMM
B
107
21 - What is NOT one of the three critical requirements for operations controls? A. Resource protection B. Privileged-entry control C. Software control D. Hardware control
C
108
22 - What law protects company logos from illegal duplication? A. Patent B. Copyright C. Trademark D. Trade secret
C
109
23 - Which technology provides availability, load balancing, redundancy, and failover? A. Clustering B. RADIUS C. RAID D.Redundant Servers
A
110
24 - Which is NOT a type of programming language? A. Assembly B. High-Level C. Machine D. Interpreter
D
111
25 - Which type of attack exploits the communications session between two communicating devices so that the session can be hijacked? A. Ping of Death Attack B. DNS Poisoning C. Sniffer Attack D. TCP Sequence Number Attack
D
112
26 - What is the most common security issue for most companies? A. DoS attacks B. Excessive privileges C. IP spoofing attacks D. Data diddling
B
113
27 - What type of water sprinkler system is best used in an environment that contains a lot of expensive computer and electronic equipment? A. Deluge B. Dry pipe C. Preaction D. Wet Pipe
C
114
28 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence? A. CCTV B. PPTP C. TDR D. DSA
C
115
29 - Which OSI reference model layers match to each function? ``` A. Transport B. Data-link C. Application D. Session E. Presentation F. Network ``` - Specifies how data is routed from hosts on one network to hosts on another network - Responsible for error-free packet transfers between network nodes - Establishes, maintains, and terminates connections between devices and applications - Segments data in the appropriate size and format - Interacts directly with end users to provide network services - Ensures that data represented by one system can be interpreted by another system
[F]- Specifies how data is routed from hosts on one network to hosts on another network [B]- Responsible for error-free packet transfers between network nodes [D]- Establishes, maintains, and terminates connections between devices and applications [A]- Segments data in the appropriate size and format [C]- Interacts directly with end users to provide network services [E]- Ensures that data represented by one system can be interpreted by another system
116
30 - What is the Biba model most concerned with? A. Integrity B. Verification C. Confidentiality D. Repudiation
A
117
31 - What type of threat involves retransmitting packets to perform undesirable effects? A. Impersonation B. Dumpster diving C. Data remanence D. Replay
D
118
32 - A temporary site has been set up for various users that will be working on a project in a remote location. The users will be dialing-in to a RAS server within the central office to gain access to the corporate network as required. Management is worried that unauthorized users at unauthorized locations will be able to dial-in to the RAS server and gain access to the corporate network. What should you implement for increased security? A. Callback B. A firewall C. Encryption D. VPN
A
119
33 - Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method? A. Something you know B. Something you have C. Something you use D. Something you are
B
120
34 - Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded? A. Destroying B. Degaussing C. Cleaning D. Overwriting
C
121
35 - In regards to data within an organization, what is the Clark-Wilson model most concerned with? A. Confidentiality B. Authentication C. Integrity D. Availability
C
122
36 - What is an example of a detective control? A. Firewall B. Fences C. Job rotation D. Lighting
C
123
37 - Which stage descriptions match to each lifecycle? A. Ideas are brainstormed for the system and security measures are considered. B. Errors are identified and traced once the system is in production. C. How the system will be created to fulfill the functional objectives is determined. D. All the planning, designs, and system requirements are physically created. E. Weaknesses are resolved by implementing new improvements. - Systems Development Life Cycle - System Life Cycle
[A, C, D] -Systems Development Life Cycle | [B, E] - System Life Cycle
124
38 - What is an example of a deterrent control? A. Audit logs B. Security policies C. Fences D. Smart cards
C
125
39 - It is important to conduct a risk assessment as part of the planning process to determine what threatens the organization. Risk assessment also determines ways in which available resources should be used to guard against the identified threats. What is the probability of a threat? A. The likelihood that it will occur B. The need to insure against it C. The severity of the damage it could inflict D. The cost of implementing a plan to curb its effects
A
126
40 - A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her? A. You should tell her to implement auditing. B. You should tell her to implement an accountability server. C. You should tell her to implement logs. D. You should tell her to only hire honest people.
A
127
41 - What is the most secure method of storing private keys in a PKI implementation for a commercial bank? A. Key repository B. Key escrow service C. Simple offline storage system D. M-of-N process
B
128
42 - Which statement is not true in relation to the term "back door"? A. There are various tools on the market that allow you to easily create and execute back door attacks. B. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes. C. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in. D. A back door attack allows an attacker to masquerade themselves as someone else.
D
129
43 - Which access control model makes use of ACLs? A. Discretionary access control B. Role-based access control C. Nondiscretionary access control D. Mandatory access control
A
130
44 - What is an organization exercising when senior management understands the security risk faced by the company and it investigates possible weaknesses and vulnerabilities? A. Due diligence B. Due care C. Demonstrative evidence D. Incident recognition
A
131
45 - What type of backup will contain any files that have changed since the last full backup? A. Full B. Incremental C. Differential D. Complete
C
132
46 - Which statement best describes what occurs during a Chosen Plaintext attack? A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all the messages with that key. B. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key. C. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient. D. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender.
C
133
47 - What is the first level in the Orange Book that requires users to be individually identified and accountable for their actions? A. C1 B. B2 C. C2 D. B1
C
134
48 - You need to provide security for your client's connections to your web server. You need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this? A. HTTP B. HTTPS C. S-HTTP D. SET
B
135
49 - A biometric system that weighs people entering a facility to ensure that only one person is being granted access is typically used in what type of security prevention method? A. Fail-safe B. Mantrap C. Fail-secure D. Piggybacking
B
136
50 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion? A. Intrusion detection B. Access control C. Separation of duties D. Rotation of duties
D
137
51 - Which protocol relies on a "web of trust" for its key management approach instead of a hierarchy of certificate authorities? A. Deffie-Hellman B. RSA C. PGP D. SSL
C
138
52 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack? A. Quantitative risk analysis B. Forensic engineering C. Software forensics D. Business impact analysis
C
139
53 - The terms threat, vulnerability, exposure, countermeasure, and risk are sometimes intermingled and used interchangeably in conversation or writings about security management. Which of the following options contains the statement that accurately describes the relationship between these terms? A. Option C B. Option B C. Option A D. Option D
A
140
54 - You are the network administrator for a large company in North America. Many of the employees work from remote locations. You need to set up a secure, private connection between the remote users and their head office so that they can access resources. What would be the best solution? A. Use the Point-to-Point Tunneling Protocol B. Use a Virtual Private Network C. Use the Point-to-Point Protocol D. Use the Layer 2 Tunneling Protocol
B
141
55 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them? A. Fiber-optic B. Shielded Twisted Pair C. Unshielded Twisted Pair D. Coaxial
C
142
56 - Which access control model is based on a security label system? A. Discretionary access control B. Mandatory access control C. Nondiscretionary access control D. Role-based access control
B
143
57 - You are the network administrator for a branch office. You need to secure the network traffic as it enters and leaves your office. Your plan is to implement a hardware based firewall. The firewall should be able to inspect the data's source and destination address. This will allow you to implement access control lists to control access to specific applications and services. What type of firewall should you implement to meet the branch office security requirements? A. Stateful Inspection B. Packet Filtering C. Application Level D. Circuit Level
B
144
58 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs? A. System cold start B. Warm reboot C. Emergency system restart D. System reboot
B
145
59 - Which security model has the ability to address the interference attack? A. Noninterference model B. Graham-Denning model C. Biba model D. Lattice model
A
146
60 - What type of cipher moves bits, characters, and blocks around to hide the original plaintext message? A. Transposition cipher B. Scramble cipher C. Substitution cipher D. Replacement cipher.
A
147
61 - Which attack takes advantage of weaknesses in the design of the TCP protocol? A. SYN flood B. Teardrop C. Fraggle D. Smurf
A
148
62 - When does a buffer overflow occur? A. When an application sends too much information to another application cuasing a blue screen B. When too much data is entered into the buffer C. When the operating system runs out of RAM and causes a reboot D. When an application runs out of memory and crashes the system
B
149
63 - What is not true of a qualitative risk analysis? A. It is scenario-based. B. Assets are defined as tangible physical objects. C. Its results are easier to understand than that of a quantitative risk analysis. D. Threats are given an exposure rating.
B
150
64 - Which RAID levels match each characteristic? ``` A. Level 10 B. Level 5 C. Level 3 D. Level 0 E. Level 1 ``` - Parity - No parity
- [C, B] Parity | - [D, E, A] No parity
151
65 - The company's database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significant amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in? A. Normal B. Nonessential C. Critical D. Urgent
D
152
66 - What law protects software programs from illegal distribution? A. Trade secret B. Trademark C. Patent D. Copyright
D
153
67 - Which term represents a collection of technologies that gathers and stores access control information and specified system activity for later study? A. SIEM B. FMEA C. ITIL D. MTBF
A
154
68 - The act of monitoring, auditing, and logging provides which measure within an organization? A. Integrity B. Accountability C. Availability D. Confidentiality
B
155
69 - What is the best method of preventing a buffer overflow? A. Limit the amount of data that can be entered into memory B. Limit the amount of data that is accepted by an application C. Increase the amount of virtual memory available to the operating system D. Add RAM to the computer
A
156
70 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence? A. Evidence must be returned to its owner once presented in court B. Modifying computer-generated evidence is impossible C. Evidence must not be admissible D. Evidence must be legally permissible
D
157
71 - Why are most companies unaware that they have ever been attacked? A. Attackers usually spoof their IP addresses. B. There are only a few laws that specifically address computer crimes. C. Attackers usually erase any logs that record their activities. D. Most attacks are performed by individuals located inside the target network.
C
158
72 - Once the risk analysis has been completed, the organization must decide how to handle the risk. What four options are available for handling risk? A. Reject, transfer, reduce, and accept B. Reject, transfer, recover, and accept C. Transmit, accept, refer, and reject D. Accept, refer reject, and transmit
A
159
73- What type of intrusion detection system (IDS) is used to detect any sound that can be made by someone trying to force their way into a facility? A. Acoustical detection system B. Electro-mechanical system C. Photometric system D. Proximity detector
A
160
74 - What type of mobile code control serves as a protected area for a program to execute? A. Access matrix B. Kernel C. Covert channel D. Sandbox
D
161
75 - Management has approached you about the current Redundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level supports multiple drive failures. What should you tell them? A. RAID 0 B. RAID 1 C. RAID 10 D. RAID 5
C
162
76 - What is the Bell-La Padula model most concerned with? A. Repudiation B. Integrity C. Verification D. Confidentiality
D
163
77 - Administrative, technical, and physical controls should be used by security administrators to meet an organization's security requirements. What is an example of a preventive physical control? A. Biometric system B. Router C. Data backup D. Closed-circuit TV
A
164
78 - Which algorithms match to each type? ``` A. Knapsack B. Blowfish C. DES D. RSA E. ECC F. AES ``` - Asymmetric - Symmetric
[D, E, A] - Asymmetric | [F, C, B] - Symmetric
165
79 - The reporting structure for the information security officer (ISO) will vary from organization to organization. The ISO should report as high up in the organization as possible, as this reinforces the importance of information security to the organization. When deciding which organizational role the ISO needs to report to, it is important to acknowledge that there is a potential conflict of interest. A conflict of interest could arise from having the ISO report to which organizational role? A. Risk management department B. Chief executive officer C. Chief security officer D. Internal audit department
D
166
80 - Which type of virus takes advantage of system precedence? A. Polymorphic virus B. Macro virus C. Multipartite virus D. Companion virus
D
167
81 - A junior network technician has approached you and asked for your opinion on what would be the most secure cable to implement within the organization. What should you tell them? A. Coaxial B. Unshielded Twisted Pair (UTP) C. Fiber-optic D. Shielded Twisted Pair (STP)
C
168
82 - The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs? A. Inference B. Commit C. Rollback D. Savepoint
D
169
83 - What type of technology makes use of a sandbox as a security mechanism? A. Malware B. ActiveX C. DBMS D. Java
D
170
84 - Which is NOT an integrity goal that is addressed by the Clark Wilson model? A. All users must be identified and authenticated. B. Unauthorized users should be prevented from making changes. C. Authorized users should be prevented from making unauthorized changes. D. Internal and external consistency should be maintained at all times.
A
171
85 - What is not considered when determining a recovery strategy as part of a business continuity plan? A. User recovery B. Data recovery C. Technical recovery D. Certificate recovery
D
172
86 - What best describes an information protection environment? A. Audits, logs, policies, and procedures used to track user activities throughout the organization B. An environment for hardware security that encompasses all dedicated hardware in an organization C. An environment for operations security that encompasses all computing resources in an organization D. An environment for software security that encompasses all software used in an organization
C
173
87 - At which stage of the SLC does the development team observe how the system operates to make sure it is functioning as expected? A. Operations and maintenance support B. Recording and documenting C. Producing and installing D. Revisions and system replacement
A
174
88 - What type of power fluctuation occurs due to a loss of power? A. Fault B. Spike C. Brownout D. Sag
A
175
89 - What type of alarm system triggers an alarm at your organization's security command center when it detects an intruder? A. Proprietary B. Local C. Central station D. Auxiliary station
A
176
90 - Which piece of equipment is not recommended for use by incident response teams? A. Digital camera B. Plastic containers C. Spiral notebook D. Ball-point pen
C
177
91 - What needs to be done by the organization to help ensure that the insurance company is responsible for coverage in the event of a disaster? A. The organization must practice due care B. The organization must practice due diligence C. The organization must purchase a Business Interruption Insurance policy D. Nothing, the insurance company is always responsible
A
178
92 - What classification of gate is designed to secure an industrial yard that only authorized individuals are permitted entry? A. Class II B. Class IV C. Class I D. Class III
D
179
93 - What is the first level in the Orange Book that requires verified protection? A. A1 B. B1 C. B2 D. C1
A
180
94 - Which examples match with the types of controls? ``` A. Classifying data B. Clipping levels C. Hiring procedures D. Supervisory activities E. Monitoring keystrokes F. Access control lists ``` - Technical - Administrative
[E, F, B] - Technical | [C, A, D] - Administrative
181
95 - Which type of detective software intelligently analyzes unknown code? A. Change detection software B. Heuristic scanner C. Signature scanner D. Activity monitor
B
182
96 - Which statement specifies a characteristic of quantum cryptography? A. It is used to encrypt and store the encrypted data. B. It uses physics as its fundamental mechanism. C. It is used to transfer encrypted data between two hosts. D. It uses special encryption algorithms to encrypt information.
B
183
97 - Which backup strategy copies only the files that have changed since the last backup without altering their archive bits? A. Differential backup B. Full backup C. Copy backup D. Incremental backup
A
184
98 - Which rule is also classified as the "no read down" rule? A. Simple integrity axiom B. Simple security rule C. Star integrity axiom D. Star property rule
A
185
99 - Which statement best describes maintenance hooks? A. They are cycles of downtime for software access controls. B. They are backdoors into software that only the developer knows about. C. They are periods of time in which the software security is lax. D. They are Trojan horses placed in the software by hackers.
B
186
100 - What type of fire suppression system would be the worst choice to use in an environment that contains a lot of expensive computer and electronic equipment? A. FM 200 B. Preaction C. Deluge D. Dry pipe
C
187
101 - For applications to Interact with various types of databases, a type of interface is needed. What type of database interface language is used for structuring data so that it can be shared between applications and web technologies? A. ADO B. OLE DB C. ODBC D. XML
D
188
102 - Which type of cryptographic algorithm uses public and private keys? A. AES B. RSA C. DES D. 3DES
B
189
103 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you to determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher? A. Transposition B. Substitution C. Null D. Running key
A
190
104 - Which type of access control involves the installation of a lock on a server room door? A. Directive B. Compensating C. Preventive D. Deterrent
C
191
105 - Which statement best defines a clipping level? A. A baseline that defines a threshold that must be met before a violation is recorded for further review B. The implementation of assurance levels and the management of security features C. A threshold that defines a baseline that must be met before a violation is recorded for further review D. The act of discovering a problem before it becomes a major issue and causes damage
A
192
106 - Which task is not part of the initial steps an attacker would perform when attacking a network? A. Start building a network topology B. Determining which computers are physically active. C. Determining which operating systems are installed on the active computers D. Determining which ports are open by performing port scans
D
193
107 - Your current network uses the Open Shortest Path First (OSPF) dynamic routing protocol to update routes to different destinations on the network. It has been brought to your attention that a rouge router is updating routes on the internal network. This is creating false routes to destinations internally and externally which imposes a security issue. What should you do to prevent the rogue router from updating your internal routing information? A. Implement a different type of dynamic routing protocol. B. Implement update authentication between the internal routers. C. Unplug the rogue router. D. Contact the local authorities.
B
194
108 - Which type of media access technology is primarily used in Ethernet networks? A. Token Passing B. Polling C. CSMA D. Ethernet
C
195
109 - A stateful firewall uses what type of access control? A. Content-dependent access control B. Context-dependent access control C. Rule-based access control D. Access control matrix
B
196
110 - Which type of operations security control deals with the behavior expected of employees when accessing information resources within the organization? A. Corrective controls B. Directive controls C. Preventive controls D. Detective controls
B
197
111 - With Biometrics systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied? A. FRR B. FAR C. CER D. EMP
B
198
112 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization,. For what is the information security officer primarily responsible? A. Ensuring the security program complies with regulations B. Evaluating risk management practices in the organization C. Identifying emerging security risks D. Facilitating information security within the organization
D
199
113 - Carrie has a secret message that she wants only Todd to read. A hybrid approach is used for this transaction. Which statements regarding hybrid cryptography are true and which statements are false? A. Todd decrypts the encrypted symmetric key with his private key and decrypts Carrie's message with the symmetric key B. Carrie encrypts the message with her private key and her private key with Todd's public key C. Todd decrypts Carrie's encrypted private key with his public key and decrypts Carrie's message with Carrie's private key D. Carrie encrypts the message with a symmetric key and the symmetric key with Todd's public key
[B, C]-False | [D, A]-True
200
114 - Which type of cipher is typically used in an application where encryption is not needed, but the system itself requires encryption? A. Transposition cipher B. Running key cipher C. Substitution cipher D. Null cipher
D
201
115 - (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics, Identify one of the mandatory cannons in the CISSP Code of Ethics. A. Discharge professional responsibilities with diligence and honesty B. Provide diligent and competent service to principals C. Thou shalt not use a computer to steal D. I will not misuse any information or privileges I am afforded as part of my responsibilities
B
202
116 - What type of database integrity exists if all foreign keys point to existing primary keys? A. Referential B. Entity C. Semantic D. Structural
A
203
117 - The risk management framework defines six major areas of risk management. The operational risk management area is broken down further into which specific areas of risk? A. People, credit, market B. Financial, strategic, technology C. Process, market, events D. People, process, events
D
204
118 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure? A. RAID 0 B. RAID 5 C. RAID 3 D. RAID 1
B
205
119 - Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis? A. Does not take into consideration cost/benefit analysis B. Requires calculations C. Uses a lot of educated guesses D. Opinions are provided by process experts E. Presents yearly losses - Qualitative risk analysis - Quantitative risk analysis
[C, D, A]- Qualitative risk analysis | [B, E]- Quantitative risk analysis
206
120 - Which Common Criteria Evaluation Assurance Level (EAL) involves semiformal design and testing of systems? A. EAL 7 B. EAL 5 C. EAL 3 D. EAL 1
B
207
121 - Which access control concept involves isolating groups of people and information so that information is not passed between the groups? A. Least privilege B. Compartmentalization C. Need to know D. Security domain
B
208
122 - Which attack involves sending malformed packets to a system in order to cause it to crash or end processing? A. SYN flood attack B. Smurf attack C. Denial of Service (DoS) attack D. Fraggle attack
C
209
123 - Which examples match security frameworks and risk assessment methodologies? ``` A. CRAMM B. OCTAVE C. COBIT D. FRAP E. ITIL F. COSO ``` - Security Frameworks - Risk Assessment Methodologies
[C, F, E]- Security Frameworks | [A, D, B]- Risk Assessment Methodologies
210
124 - After determining the risks that could affect business functions, what would be the least effective type of measure that could be implemented to help reduce the impact as much as possible? A. Reactive B. Cost-effective C. Preventative D. Proactive
A
211
125 - Which is TRUE in relation to a one-way hash function? A. It takes a variable-length string and produces a fixed-length value. B. It takes a variable -length string and produces a variable-length value. C. It takes a fixed-length string and produces a fixed-length value. D. It takes a fixed-length string and produces and variable-length value.
A
212
126 - Which viable weekly backup strategy will take the least amount of time to complete? A. Perform a full backup every Monday and a differential backup on the remaining days of the week. B. Perform a differential backup every Monday and an incremental backup on the remaining days of the week C. Perform a full backup every Monday and an incremental backup on the remaining days of the week. D. Perform a full backup every day.
C
213
127 - Which attack occurs when an attacker sends packets that are too small? A. Smurf B. Fraggle C. Teardrop D.SYN flood
C
214
128 - What type of interference can be caused by the fluorescent lights that are commonly found in office buildings? A. Electrostatic discharge B. Intermodulation C. Radio frequency interference D. Electromagnetic Interference
C
215
129 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the user currently resides? A. Simple integrity axiom B. Star integrity axiom C. Simple security rule D. Star property rule
D
216
130 - Which system security modes match to each description? A. Multilevel Security Mode B. Dedicated Security Mode C. Compartmented Security Mode D. System High-Security Mode - All users lack formal need to know, but possess the necessary clearance. - All users possess a formal need to know and clearance for all the data in the system. - All users possess system high-security clearance, but may lack formal approval or need to know. - Various classification levels are required to be processed at the same time.
- [D] All users lack formal need to know, but possess the necessary clearance. - [B] All users possess a formal need to know and clearance for all the data in the system. - [C] All users possess system high-security clearance, but may lack formal approval or need to know. - [A] Various classification levels are required to be processed at the same time.
217
131 - Which algorithms match to each type? ``` A. MD5 B. AES C. SHA-1 D. HAVAL E. IDEA F. RSA ``` - Hashing algorithm - Encryption algorithm
- [D, A, C] Hashing algorithm | - [B, E, F] Encryption algorithm
218
132 - What should be the first step completed in the project initiation phase? A. Define plan goals B. Appoint a leader C. Appoint a BCP team D. Obtain management support
D
219
133 - Which type of law acts on civil violations against an organization or individual? A. Regulatory B. Criminal C. Tort D. Administrative
C
220
134 - An updated security system is being considered for implementation to your company's building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs? A. Magnetic stripe card B. Proximity card C. Electronic combination lock D. Combination lock
B
221
135 - What should you configure to ensure that received fax documents are kept confidential and secure? A. Configure a fax server to print the faxes to the nearest printer and include a cover page that separates the printed faxes by user name B. Configure the fax device to only accept faxes when a user is present to receive it. C. Configure a fax server to route the received faxes to the fax device that is nearest to the recipient. D.Configure a fax server to route the received faxes to the appropriate user's electronic mailbox
D
222
136 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment? A. Brownout B. Blackout C. Fault D. Sag
C
223
137 - What is not an example of a physical control? A. Subnets B. Building location C. External lights D. Data backups
A
224
138 - When developing a business continuity plan, what recovery strategy would address transportation and accommodation requirements for employees in the event of a disaster? A. User recovery B. Business recovery C. Data recovery D. Technical recovery
A
225
139 - Which user requirement is true for compartmented security mode but not for multilevel security mode? A. There must be formal access approval for all information that the user will access on the system. B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system. C.A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system. D. All users must have a valid need to know some of the information on the system.
C
226
140 - What security mode is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it? A. Multilevel Security Mode B. Dedicated Security Mode C. System High-Security Mode D. Compartmented Security Mode
C
227
141 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is the process referring to? A. Accreditation B. Certification C. Affirmation D. Verification
A
228
142 - Most alternate off-site facilities are provided by third party companies that charge a subscription fee for usage. What is the term for an alternate off-side facility that is owned by the company? A. Redundant site B. Warm site C. Hot site D. Cold site
A
229
143 - Which of the standard listed identifies the format for public key certificates? A. X21 B. X500 C. X509 D. X400
C
230
144 - What often happens unexpectedly because of the development of a company's contingency plan? A. Support from senior management is realized B. RTOs are discovered C. Improved business operations D. Hot sites are found to be expensive to maintain
C
231
145 - Which algorithm requires that the sender and receiver use two instances of the same key? A. RSA B. Diffie-Hellman C. Knapsack D. 3DES
D
232
146 - What part of the product evaluation process deals with product development and maintenance? A. Life-cycle assurance B. Clipping levels C. Operational assurance D. Change control
A
233
147 - While away on business you are forced to leave a company laptop unattended in your hotel room for several hours. What would be the best method of securing the sensitive data stored on its laptop from theft? A. Maintain backups of the sensitive data in a secure location B. Have the laptop engraved with an ID number C. Use encryption software to encrypt the sensitive data D. Secure the laptop to a hotel desk using a locking cable
C
234
148 - IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode? A. Only the header and trailer information are protected. B. The payload as well as the header and trailer information is protected. C. Only the payload of the message is protected. D. Only the header information is protected.
B
235
149 - According to the event management process, which action should be taken immediately after an event occurs? A. Report to the assessment team B. Assess the event C. Report to the communications center D. Implement a recovery strategy and and plans
C
236
150 - When developing the business continuity plan (BCP), what is not the responsibility of management? A. Making the necessary resources available B. Creating the policy statement and setting goals C. Determining any legal and regulatory requirements D. The outcome of the BCP development process
C
237
151 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients? A. Relational data model B. Distributed data model C. Hierarchical data model D. Rational data model
B
238
152 - Your security department has been gathering information to present to management about the security mechanisms that are implemented within the organization and an evaluation of their overall effectiveness. What is this process referred to as? A. Affirmation B. Accreditation C. Certification D. Hallmark
C
239
153 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as? A. Hallmark B. Affirmation C. Certification D. Accreditation
C
240
154 - Which statements match each organization's code of ethics? A. Compromising the privacy of others B. Act honorably, honestly, justly, responsibly, and legally C. Provide diligent and competent services to principals D. Seeking to gain unauthorized access to internet resources E. Destroying the integrity of computer-based information F. Advance and protect the security profession - ISC2 - IAB
- [B, C, F] ISC2 | - [E, D, A] IAB
241
155 - Which IDS technologies match each characteristics? A. Anomaly-based B. Signature-based - Has the ability to identify new attacks - Is synonymous with heuristic-based - Is able to identify several activities and compare them to known patterns simultaneously - Does not have the ability to identify new attacks
- [A] Has the ability to identify new attacks - [A] Is synonymous with heuristic-based - [B] Is able to identify several activities and compare them to known patterns simultaneously - [B] Does not have the ability to identify new attacks
242
156 - which component is used to create digital signatures? A. DSA B. PPTP C. SKIP D. IPSec
A
243
157 - Why should an organization implement auditing for its Business Continuity Plan (BCP)? A. To identify possible business interruptions B. To reveal weaknesses in a system C. To detect unauthorized activity D. To keep it up to date
D
244
158 - Which information concealment methods match to each description? A. Watermarking B. Cryptography C. Code words D. Stenography - Uses letters to represent an idea or sentiment - Uses sophisticated mathematical techniques to hid information - Uses a specific medium to hid information within - Uses additional information within a file for detecting the theft of information
- [C] Uses letters to represent an idea or sentiment - [B] Uses sophisticated mathematical techniques to hid information - [D] Uses a specific medium to hid information within - [A] Uses additional information within a file for detecting the theft of information
245
159 - What ensures the accountability and integrity of evidence once it is collected? A. Chain of evidence B. Tangibility C. Due care D. Due diligence
A
246
160 - What is true regarding the relationship between laws and ethics? A. Ethics and laws are synonymous. B. Most laws are derived from ethics. C. Ethics are always derived from laws. D. An action that is legal is also ethical.
B
247
161 - An organization that partners with other corporations has multiple communication channels. What should be taken into consideration by all employees regarding these channels? A. Single sign-on B. Intrusion detection C. Privacy compliance D. Monitoring technologies
C
248
162 - Which component is used by operators to monitor controllers in a SCADA system? A. HMI B. RTU C. PLC D. TCP
A
249
163 - Which aspect of IAM involves creating, modifying, and deleting user accounts? A. Authorization B. Entitlement C. Identify management D. Provisioning
D
250
164 - Fire suppression systems use different methods to combat fires. What substance is non-toxic, does not deplete the ozone, and is safe to use around electrical equipment? A. Halon B. Deluge C. FM 200 D. Carbon dioxide (CO2)
C
251
165 - Which type of lock provides the least amount of security? A. Warded lock B. Smart lock C. Tumbler lock D. Electronic combination lock
A
252
166 - Which access control threats match each description? A. Brute force attacks B. Spoofing C. Dictionary attacks - Involves trying different input combinations in an attempt to find a correct password - Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - Involves a fake user logon screen being presented to a user for them to input their username and password
- [A] Involves trying different input combinations in an attempt to find a correct password - [C] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - [B] Involves a fake user logon screen being presented to a user for them to input their username and password
253
167 - The international information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory cannon in the CISSP Code of Ethics? A. Protect society, the commonwealth, and the infrastructure. B. Act honorably, honestly, justly, responsibly, and legally. C. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty. D. Provide diligent and competent service to principals.
C
254
168 - Which standard is recommended by the Implementing the 9/11 Commission Recommendations Act of 2007? A. NFPA 1600 B. TCSEC C. ISO/IEC/27002 D. Common Criteria
A
255
169 - Which characteristics match to each type of offsite facility? A. Configured with some equipment B. Are usually ready within a few hours after equipment arrive C. Can be operational very quickly D. Fully configured spaces with all the technical equipment and resources an organization requires E. No technical equipment or resources, except for air conditioning, power, and telecommunications F. May take several hours or longer to get set up - Hot sites - Warm sites - Cold sites
- [D, C] Hot sites - [A, B] Warm sites - [E, F] Cold sites
256
170 - A security practitioner is designing access control monitoring. The design includes a non-filtering router, a firewall, and a company network. In particular, the company wants to correctly place an IPS so that the number of alerts is significantly reduced. ``` Internet [ ]- / \-[ ] Firewall Router |-[ ] |-[ ] Company Net Company Net ```
The point between the firewall and the company network.
257
171 - What would be the least effective method used to secure a fax transmission? A. Enable logging and auditing of fax transmissions B. Use a fax server on the network C. Implement a fax encryptor D. Require users to encrypt their own transmissions
D
258
172 - Which method involves the hiding of data within another form of media so that the existence of the original data is concealed? A. Tasseography B. Cryptography C. Stenography D. Steganography
D
259
173 - You have received a change request from your client on a project you are currently developing for them. What is the correct order of steps you should take to ensure that you follow the change control process? A. Make a formal request, Analyze the request, Record the request, Submit the request for approval, Develop the change, Report the results to management B. Analyze the request, Record the request, Make a formal request, Submit the request for approval, Develop the change, Report the results to management C. Make a formal request, Submit the request for approval, Develop the change, Analyze the request, Record the request, Report the results to management D. Submit the request for approval, Make a formal request, Analyze the request, Record the request, Develop the change, Report the results to management
A
260
174 - Which rule will protect data at an integrity level from being corrupted by data at a lower integrity level? A. Strong star property rule B. Star property rule C. Simple integrity axiom D. Simple security rule
C
261
175 - An NDA addresses which security principal? A. Availability B. Integrity C. Authenticity D. Confidentiality
D
262
176 - Your company is implementing wireless technologies to provide users with the mobility they require to perform their day to day activities. Management has approached you and is questioning the security of the wireless technologies in relation to wardriving. You need to assure them that the network will be secured against wardriving. Which security measure will not provide protection against wardriving? A. Enable the broadcasting of SSIDs on the access points that will be implemented within the network. B. Change the SSID that will be used to identify the access point on the network. C. Physically place the access points within the middle of the buildings. D. Use 128-bit WEP as the encryption standard on the wireless network
A
263
177 - What method for database security involves having multiple instances of rows with the same primary key, each displaying a different set of data depending on the user's security level? A. Polyinstantiation B. Aggregation C. Views D. Inference
A
264
178 - What is considered a felony under the US Computer Fraud and Abuse Act of 1986? A. To gain unauthorized access to government systems B. To disclose personal medical information C. To use classified data for the benefit of a foreign nation D. To exchange passwords for unauthorized access to systems
C
265
179 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out? A. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings B. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings C. Reconnaissance, Enumeration, Execution, Vulnerability Analysis, Document Findings D. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution
B
266
180 - What is the most common method used to locate unsecured wireless networks? A. Wardialing B. Piggybacking C. Wardriving D. Salami
C
267
181 - In a secure network, personnel play a key role in the maintenance and promotion of security procedures. Allotting different roles and responsibilities to different personnel provides increased security. It is important that each participant's role is clearly defined and understood by the participants and by their peers. Which role is responsible for ensuring that the company complies with software license agreements? A. Process owner B. Product-line manager C. Data analyst D. Solution provider
B
268
182 - The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise data integrity? A. Denial-of-Service (DoS) attack B. Dumpster diving C. Social engineering D. Virus
D
269
183 - Security policies can be categorized as regulatory, advisory or informative. What is true of an advisory policy? A. An advisory policy is designed for educational purposes. B. An advisory policy cannot be enforced. C. An advisory policy is specific to the company's industry. D. An advisory policy may describe the consequences of not abiding by the rules and procedures.
D
270
184 - The terms threat, vulnerability, exposure, countermeasure and risk are sometimes intermingled and used interchangeably in conversation or writings about security management. Which of the following options contain the statement that accurately describes the relationship between these terms? A. Option C B. Option A C. Option B D. Option D
C
271
185 - What is a security professional considered when they use hacking tools to test their own network for vulnerabilities? A. Script kiddie B. White hat C. Red hat D. Black hat
B
272
186 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs? A. Accidental disclosure of confidential, private information B. Susceptibility to DoS attacks C. Their being used to identify wireless hotspots that attackers can use to initiate attacks D. Their being used to facilitate the spread of malicious code
A
273
187 - What has a primary focus on ensuring the business functions that are critical to the organization's survival are available in the event of a business interruption? A. Resource dependency analysis B. Business impact analysis C. NYSE Rule 446 D. Corporate contingency planning
D
274
188 - Which identity management system characteristics match with the identity management system? A. Combines services for authentication and authorization B. Provides packet delivery with TCP C. Supports the AppleTalk protocol D. Usess PPP connections E. Encrypts packets between the server and the client F. Provides packet delivery with UDP - RADIUS - TACACS+
- [F, D, A] RADIUS | - [C, E, B] TACACS+
275
189 - An attacker deleting specific incriminating information out of an audit log is referred to as what? A. Sniffing B. Scrubbing C. Spoofing D. Purging
B
276
190 - What type of attack involves the capturing of packets as they pass from a source to a destination over a network link? A. Spamming attack B. Teardrop attack C. Ping of death attack D. Sniffer attack
D
277
191 - When might an organization require an export license? A. To implement cloud computing B. To employ a key escrow service C. To permit trans-border data flows D. To establish a distributed data model
C
278
192 - Which database model allows for the storage of a wide spectrum of different types of data, including images, audio, and documents? A. Object-oriented database model B. Hierarchical database model C. Distributed database model D. Relational database model
A
279
193 - What can be done to enforce employee accountability? A. Ensuring employees arrive on time for work B. Employee's maintaining corporate documentation C. Including employee IDs in the audit logs D. Employee's providing a password or passphrase
C
280
194 - Which option is not classified as a presentation layer standard? A. TIFF B. MPEG C. JPEG D. HTTP
D
281
195 - Vulnerability scanning is a common method used by intruders to determine the weaknesses within a system. What is the first line of defense against vulnerability scanning? A. Close all open ports that are not required for daily activities. B. Apply the most current patches to the system. C. Perform a periodic vulnerability scan on the network. D. Have defined change control procedures within the organization.
A
282
196 - There are many different types of computer crimes, each of which can be committed differently. An employee who eavesdrops on the electronic signals emitted by a computer is committing what type of attack? A. TEMPEST B. Emanations capturing C. Data diddling C. Salami attack
B
283
197 - Which term best describes an access control concept that is responsible for the mediation of access controls to objects by subjects? A. Secure state B. Security kernel C. Security perimeter D. Reference monitor
D
284
198 - Which of the following is NOT one of the principles identified by the Directive on Data Protection? A. Notice B. Choice C. Data integrity D. Data confidentiality
D
285
199 - What is the BEST way to secure all data at rest on a portable computer without degrading system performance? A. Software-based FDE B. Hardware-based FDE C. Cloud computing D. SSL
B
286
200 - What is not a necessary step for developing a data classification program? A. Assign responsibility for data classification to the data custodian. B. Assign a data custodian. C. Define procedures for declassifying data. D. Define the classification levels.
A
287
201 - What is NOT true regarding the services that MPLS provides? A. Packet labeling is provided B. Encryption is provided C. QoS is provided D. Traffic engineering is provided
B
288
202 - Which layer of the OSI model maps to the Host-to-Host layer of the TCP/IP model? A. Data link B. Physical C. Transport D. Network
C
289
203 - What is not a basic principle used to help protect against threats to data integrity? A. Rotation of duties B. Need-to-know C. Separation of duties D. Repudiation
D
290
204 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance? A. Keyboard monitoring B. Audit logs C. Closed Circuit Television (CCTV) D. Fencing
C
291
205 - Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination? A. Network B. Session C. Physical D. Data link
A
292
206 - Which stages match to each lifecycle? ``` A. Operations and maintenance support B. Revisions and system replacement C. Testing and evaluating D. Recording and documenting E. Defining functional objectives ``` - Systems Development Life Cycle - System Life Cycle
- [E, D, C] Systems Development Life Cycle | - [B, A] System Life Cycle
293
207 - Mantraps are an example of what type of security control? A. Detective controls B. Corrective controls C. Recovery controls D. Preventive controls
D
294
208 - What type of attack prevents a system from responding to legitimate traffic from authorized clients? A. An IP spoofing attack B. A password cracking attack C. A denial of service attack D. A Trojan horse attack
C
295
209 - The planning phase should involve creating a timeline for developing the BCP. It is important to prioritize certain areas and to specify when plans for those areas will be completed. For a medium-sized company with an experienced planner and the full support of management, when should a BIA be completed? A. Six to nine months B. Nine to 12 months C. Within the first month D. Within six months
D
296
210 - Which phase of the Business Continuity Plan (BCP) involves the first widespread interaction between business areas and security managers? A. Plan Design and Development B. Project Management and initiation C. Recovery Strategies D. Business Impact Analysis (BIA)
D
297
211 - Which standard is most commonly used by IPsec for key management? A. IKE B. OAKLEY C. SKIP D. ISAKMP
A
298
212 - A computer crime is suspected and reported to senior management. What should the incident response team consider during the preliminary investigation? A. Which company officials should be informed viea e-mail B. Whether the suspect should be contacted C. Whether the police should be contacted D. Who will communicate with the media.
C
299
213 - Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network? A. Decrease the number of rings that will occur before the RAS server answers an incoming call. B. Change the phone numbers for the modems within the RAS server. C. Disable all modems that are not required for incoming calls. D. Increase the number of rings that will occur before the RAS server answers an incoming call.
D
300
214 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs? A. Gates B. Landscaping C. Fences D. Bollards
C
301
215 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company's president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora's Fourth Amendment rights? A. If Debora is acting as a police agent, management's Fourth Amendment rights would not be violated. B. If management is acting as private citizens, Debora's Fourth Amendment rights would be violated. C. If management is acting as a police agent, Debora's Fourth Amendment rights would not be violated. D. If management is acting as private citizens, Debora's Fourth Amendment rights would not be violated.
D
302
216 - What is not a valid type of test for a Business Continuity Plan (BCP)? A. Partial interruption B. Parallel C. Checklist D. Simulation
A
303
217 - Which feature defines the protocols needed to register public key information? A. SHA-1 B. X-KISS C. HAVAL D. X-KRSS
D
304
218 - The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise availability? A. Denial-of-Service attack B. Social engineering C. Human error D. Dumpster diving
A
305
219 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occurring if one of the steps fails? A. Isolation B. Consistency C. Durability D. Atomicity
D
306
220 - Which algorithms match to each type? ``` A. Diffie-Hellman B. IDEA C. DSA D. RC6 E. El Gamal F. 3DES ``` - Asymmetric - Symmetric
- [A, C, E] Asymmetric | - [B, D, F] Symmetric
307
221 - What is the first step that should be performed for a penetration test? A. Vulnerability analysis B. Reconnaissance C. Enumeration D. Exploitation
B
308
222 - Which type of light is ideal for indoor lighting but not for outdoor lighting? A. Mercury vapor B. Fluorescent C. Quartz lamps D. Sodium Vapor
B
309
223 - What can users inherit from group memberships or roles that they have within an organization? A. Covert channels B. Inference C. Entitlements D. Emanation
C
310
224 - Which type of lock allows for a certain amount of individual accountability? A. Cipher lock B. Smart lock C. Electronic combination lock D. Combination lock
B
311
225 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router? A. Layer 3 B. Layer 2 C. Layer 7 D. Layer 1
A
312
226 - Several ethical bases have been identified to help with IT decision making. Which statement provides the basis for the golden rule? A. Assume that all property and information belongs to someone. B. Incur least harm or cost. C. If an action is not repeatable at all times, it is not right at any time. D. Treat others as you wish to be treated.
D
313
227 - Which layers of the OSI model map to the Network Access layer of the TCP/IP model? A. Network and Physical B. Transport and Network C. Network and Data Link D. Data Link and Physical
D
314
228 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources? A. Business impact analysis B. Plan maintenance C. Policy statement and team creation D. Develop recovery strategies
A
315
229 - Several measures can be taken to help protect against electric power issues. What is not a recommended method of protecting devices? A. Use shielded cables. B. Do not run cables close to fluorescent lights. C. Plug all devices into surge protectors. D. Plug power bars into other power bars to help provide additional protection.
D
316
230 - Which security standard consists of five principles and seven enablers? A. COBIT version 5 B. ISO/IEC 15408 C. ISO/IEC 27001; 2005 D. ITSEC
A
317
231 - Security management is supported by the three core information security principles. They are confidentiality, availability, and integrity. Which controls are used for availability and integrity? ``` A. Physical access controls B. Database encryption C. Hashing D. Clustering E. Warm sites ``` - Availability - Integrity
- [D, E] Availability | - [A, C] Integrity
318
232 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators? A. Most attacks are performed by individuals located outside of the network B. Most companies do not use firewalls C. Many attackers spoof their IP addresses and erase logs to cover their tracks D. There are only a few laws that specifically address computer crimes
C
319
233 - The first step in performing a risk assessment is to identify vulnerabilities. Which of the following is considered a security vulnerability? A. The absence of a security guard B. A disgruntled employee C. An access control system not functioning properly D. A piece of code written to create a DoS attack
A
320
234 - Which intellectual property laws match each example? A. Trade Secret B. Trademark C. Patent D. Copyright - Double tapping a screen for enlarging documents on a tablet - A recipe for chicken batter at a popular restaurant chain - A logo of a large restaurant chain - Printed sheet music for a popular song
- [C] Double tapping a screen for enlarging documents on a tablet - [A] A recipe for chicken batter at a popular restaurant chain - [B] A logo of a large restaurant chain - [D] Printed sheet music for a popular song
321
235 - What is the highest level of information classification used by the majority of organizations? A. Confidential B. Internal use only C. Secret D. Restricted
D
322
236 - Which access cards match to each description? A. Magnetic stripe card B. Proximity card C. Smart card - Contains a microchip and can store a large amount of data - Contains a microchip and opens a magnetic lock - Made of PVC material and is easily damaged
- [C] Contains a microchip and can store a large amount of data - [B] Contains a microchip and opens a magnetic lock - [A] Made of PVC material and is easily damaged
323
237 - What is NOT a valid method of protecting against static electricity? A. Manage humidity levels. B. Ensure equipment and electrical outlets are grounded. C. Install carpets on server room floors. D. Use an ESD Wrist strap.
C
324
238 - As part of the security steering committee for a high-tech security firm, you suggest that two high level employees are required to have information that, when put together, provides access to a plaintext key. Upon which concept is the suggestion based? A. Dual control B. Split knowledge C. Social engineering D. Rotation of duties
B
325
239 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement? A. Protect resources that are required for data processing. B. Ensure that resource security is maintained during a failure. C. Ensure that vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced. D. Provide a balance between the implemented security controls and the user's productivity.
B
326
240 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with? A. Accreditation B. Hallmark C. Affirmation D. Certification
A
327
241 - Which is not a characteristic of business impact analysis? A. Determining the maximum tolerable downtime (MTD) B. Identifying critical systems C. Determining a recovery strategy D. Developing it early in business continuity planning
C
328
242 - During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase? A. Human resources B. Data and voice equipment C. Environmental issues D. Computer and network equipment
A
329
243 - What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986? A. To use classified data for the benefit of a foreign nation B. To disclose personal medical information C. To gain unauthorized access to government computers D. To gain authorized access to personal medical information
C
330
244 - What would be the least effective method to prevent an intruder from gaining access to a facility? A. Smartcards B. A fence C. Guard dogs D. CCTV
D
331
245 - What type of interference can be caused by a disturbance in the circuit from the difference in the hot, neutral, and ground wires and the magnetic field they generate? A. Electromagnetic interference B. Intermodulation C. Electrostatic discharge D. Radio frequency interference
A
332
246 - What is the first level in the Orange Book that requires labeled security? A. C2 B. B1 C. C1 D. B2
B
333
247 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls? A. Provide users with the level of access they require to complete their assigned tasks. B. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel. C. Provide all users with administrative-like access control capabilities. D. Provide specific users with administrative-like access control capabilities.
D
334
248 - What does the term "trusted computing base" best address? A. The level of application portability a system provides B. The level of trust a system provides C. The level of security a system provides D. The level of communication a system provides
B
335
249 - How does DCOM provide security for software applications? A. It uses garbage collection to leave classified data in unallocated memory locations B. It creates authentication levels that protect the authenticity, integrity, and confidentiality of data C. It creates sandboxes, which are security boundaries within which untrusted applets are executed D. It uses digital signatures, which are verified using the Authenticode technology
B
336
250 - Which of the following are qualitative risk analysis techniques and quantitative risk analysis techniques? ``` A. Delphi B. Checklists C. Sensitivity analysis D. Focus groups E. Monte Carlo ``` - Qualitative risk analysis - Quantitative risk analysis
- [B, A, D] Qualitative risk analysis | - [E, C] Quantitative risk analysis
337
1 - Which statement best describes the purpose of a public key infrastructure certificate? A. It is used to perform certification registration duties. B. It is used to maintain and issue certificates. C. It is used to associate a public key with various identification information so that an owner can be uniquely identified. D. It is used to provide a secure means of communication between a wide range of geographically dispersed individuals.
C
338
2 - Which type of security threat would be used by an attacker to delete a resource on a specific date or time? A. SYN flood attack B. Logic bomb C. DoS attack D. Companion virus
B
339
3 - Which device can help protect against water damage? A. Acoustical detection system B. Surge suppressor C. Closed-loop recirculating system D. Water detector
D
340
4 - There are different types of eavesdropping methods. Which method involves tampering with a transmission medium in order to create a covert signaling channel? A. Passive Eavesdropping B. Covert Channel Eavesdropping C. Channel Eavesdropping D. Active Eavesdropping
D
341
5 - During a project, what process determines if a software product provides its intended services? A. Verification B. Software escrow C. Validation D. Change control
C
342
6 - Which Redundant Array of Independent Disks (RAID) level writes data to two different drives at the exact same time so that both drives contain the exact same data? A. RAID 3 B. RAID 0 C. RAID 5 D. RAID 1
D
343
7 - Which statement accurately describes key distribution and maintenance? A. Key backups should be highly secured and not readily accessible. B. The process should be manual. C. Keys should be stored in plaintext for easy recovery in case of disaster. D. The process should be automated.
D
344
8 - What attributes are used when evaluating a system's protection mechanisms under the information Technology Security Evaluation Criteria (ITSEC)? A. Assurance and integrity B. Integrity and Authentication C. Functionality and Assurance D. Confidentiality and Functionality
C
345
9 - You are attempting to determine the types of preventative measures to put in place to protect your company's facility. What is not a preventative measure you might implement? A. Increase inventory B. Implement a hot site C. Purchase generators D. Create redundant power lines
B
346
10 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence? A. CCTV B. TDR C. DSA D. PPTP
B
347
11 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence? A. Modifying computer-generated evidence is impossible B. Evidence must be returned to its owner once presented in court C. Evidence must be legally permissible D. Evidence must not be admissible
C
348
12 - Which type of lock provides the least amount of security? A. Electronic combination lock B. Warded lock C. Tumbler lock D. Smart lock
B
349
13 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance? A. Fencing B. Keyboard monitoring C. Closed Circuit Television (CCTV) D. Audit logs
C
350
14 - Which term represenets a collection of technologies that gathers and stores access control information and specified system activity for later study? A. MTBF B. SIEM C. ITIL D.FMEA
B
351
15 - What has a primary focus on ensuring the business functions that are critical to the organization's survival are available in the event of a business interruption? A. NYSE Rule 446 B. Resource dependency analysis C. Corporate contingency planning D. Business impact analysis
C
352
16 - Which statement best defines a clipping level? A. The implementation of assurance levels and the management of security features. B. The act of discovering a problem before it becomes a major issue and causes damage C. A threshold that defines a baseline that must be met before a violation is recorded and further review D. A baseline that defines a threshold that must be met before a violation is recorded for further review
D
353
17 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is a typical threat to confidentiality? A. Shoulder surfing B. Separation of duties C. Encryption D. Denial-of-Service (DoS) attack
A
354
18 - What ITSEC rating is concerned with a high level of integrity during communications? A. F7 B. F6 C. F9 D. F8
D
355
19 - You need to select a server room fire suppressant that is considered environmentally safe and less damaging to hardware. What should you choose? A. Carbon Dioxide B. FM200 C. Halon 1301
B
356
20 - What is considered a felony under the US Computer Fraud and Abuse At of 1986? A. To gain unauthorized access to government systems B. To disclose personal medical information C. To use classified data fro the benefit of a foreign nation D. To exchange passwords for unauthorized access to systems.
C
357
21 - What classification of gate is designed to secure an industrial yard that only authorized individuals are permitted entry? A. Class I B. Class III C. Class IV D. Class II
B
358
22 - Management plans to implement a security policy that enforces the proper use of company e-mail, address monitoring, and privacy issues. What type of security policy is best suited for this purpose? A. Advisory B. Informative C. Issue-specific D. System-specific
C
359
23 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this? A. Wardialing B. Piggybacking C. Wardriving D. Modemsurfing
A
360
24 - What is the most common method used to locate unsecured wireless networks? A. Wardriving B. Salami C. Wardialing D. Piggybacking
A
361
25 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occurring if one of the steps fails? A. Consistency B. Durability C. Isolation D. Atomicity
D
362
26 - What method of securing an object-oriented DBMS only provides discretionary access controls? A. SORION B. ORION C. Views D. SODA
B
363
27 - What is not a basic principle used to help protect against threats to data integrity? A. Need-to-know B. Repudiation C. Separation of duties D. Rotation of duties
B
364
28 - Which constraint should be the primary concern when creating procedures for background checks on new hires? A. Organizational policies B. Privacy laws C. Senior management's sign-off D. Employee acceptance
B
365
29 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure? A. RAID 1 B. RAID 3 C. RAID 0 D. RAID 5
D
366
30 - What is true regarding the relationship between laws and ethics? A. Ethics and laws are synonymous. B. Most laws are derived from ethics. C. Ethics are always derived from laws. D. An action that is legal is also ethical.
B
367
31 - Which is TRUE in relation to a one-way hash function? A. It takes a fixed-length string and produces a fixed-length value. B. It takes a variable-length string and produces a fixed-length value. C. It takes a fixed-length string and produces and variable-length value. D. It takes a variable-length string and produces a variable-length value.
B
368
32 - Which option is NOT TRUE in regards to key management? A. Key lengths should be long enough to provide the level of protection that is required. B. Keys should be maintained in a secure location when their lifetime expires. C. Keys should be stored and transmitted in a secure manner. D. The lifetime of a key should be dictated by the amount of usage.
B
369
33 - Which type of law is based on the traditions of the region? A. Common B. Customary C. Mixed D. Religious
B
370
34 - What best describes an information protection environment? A. An environment for operations security that encompasses all computing resources in an organization B. An environment for software security that encompasses all software used in an organization C. Audits, logs, policies, and procedures used to track user activities throughout the organization D. An environment for hardware security that encompasses all dedicated hardware in an organization
A
371
35 - Which type of security document should management use to mandate that all employees wear photo ID badges, and that they be visible at all times? A. Procedure B. Guideline C. Baseline D. Informative security policy
C
372
36 - Which statement best identifies what vulnerability tools are used for and who they are used by? A. They are used by network administrators to fix security vulnerabilities that are present within a network. B. They are used by hackers to determine what security vulnerabilities are present within a network. C. They are used by network administrators to determine what security vulnerabilities are present within a network. D. They are used by hackers and network administrators to determine what security vulnerabilities are present within a network.
D
373
37 - There are different types of offsite solutions for facility recovery. What is the most common type of subscription-based backup facility? A. Warm B. Cold C. Hot D. Redundant
A
374
38 - What security mode is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it? A. Multilevel Security Mode B. System High-Security Mode C. Compartmented Security Mode D. Dedicated Security Mode
B
375
39 - Which rule will protect data at an integrity level from being corrupted by data at a lower integrity level? A. Star property rule B. Strong star property rule C. Simple security rule D. Simple integrity axiom
D
376
40 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as? A. Certification B. Hallmark C. Accreditation D. Affirmation
A
377
41 - What is NOT true regarding the services that MPLS provides? A. QoS is provided B. Encryption is provided C. Traffic engineering is provided D. Packet labeling is provided
B
378
42 - Several measures can be taken to help protect against electric power issues. What is NOT a recommended method of protecting devices? A. Do not run cables close to fluorescent lights. B. Plug all devices into surge protectors. C. Plug power bars into other power bars to help provide additional protection. D. Use shielded cables.
C
379
43 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the use currently resides? A. Simple security rule B. Simple integrity axiom C. Star integrity axiom D. Star property rule
D
380
44 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources? A. Plan maintenance B. Business impact analysis C. Develop recovery strategies D. Policy statement and team creation
B
381
45 - Which type of security device is set into a door's edge? A. Rim lock B. Biometric reader C. Card reader D. Mortise lock
D
382
46 - What process involves data from multiple databases or data sources being combined into a large database for the purpose of running queries for data analysis and retrieval? A. Data mining B. Data warehousing C. Data sifting D. Data digging
B
383
47 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is this process referring to? A. Accreditation B. Certification C. Affirmation D. Verification
A
384
48 - Which security principle ensures that information is not disclosed to unauthorized individuals? A. Confidentiality B. Integrity C. Availability D. Authorization
A
385
49 - What is the best method of preventing a buffer overflow? A. Increase the amount of virtual memory available to the operating system B. Add RAM to the computer C. Limit the amount of data that is accepted by an application D. Limit the amount of data that can be entered into memory
D
386
50 - What type of alarm system triggers an alarm at your organization's security command center when it detects an intruder? A. Auxiliary station B. Proprietary C. Central station D. Local
B
387
51 - What is not a valid type of test for a Business Continuity Plan (BCP)? A. Parallel B. Partial interruption C. Simulation D. Checklist
B
388
52 - Which of the following is an example of a technical control? A. Background checks B. Mantraps C.Encryption D. Policies and procedures
C
389
53 - Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer. However, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization? A. Chief financial officer B. Chief security officer C. Chief information officer D. Chief executive officer
C
390
54 - Which type of law acts on civil violations against an organization or individual? A. Criminal B. Regulatory C. Tort D. Administrative
C
391
55 - Which access control model is also referred to as nondiscretionary access control? A. Role-based access control B. Discretionary access control C. Mandatory access control D. Rule-based access control
A
392
56 - Which Capability Maturity Model integration maturity levels match to each description? ``` A. Managed B. Repeatable C. Initial D. Defined E. Optimizing ``` - The company uses an ad hoc development process for its products and software. - The company has formal procedures for outlining process and has a method that can help with process improvement. - The company's plans are integrated with a budget used for continually improving processes - The company has formal processes to collect and study data and defined metrics for their program used for process improvement - The company does not use a formal process model, but they can replicate the processes needed.
[C] - The company uses an ad hoc development process for its products and software. [D] - The company has formal procedures for outlining process and has a method that can help with process improvement. [E] - The company's plans are integrated with a budget used for continually improving processes [A] - The company has formal processes to collect and study data and defined metrics for their program used for process improvement [B] - The company does not use a formal process model, but they can replicate the processes needed.
393
57 - Various resources are available to aid in the development of an information security strategy. Which resource sets the allowable boundaries that are used to determine if policy requirements have been met? A. Procedure B. Policy C. Standard D. Guideline
C
394
58 - Which IDS technologies match each characteristic? A. Signature-based B. Anomaly-based - Is able to identify several activities and compare them to known patterns simultaneously - Is synonymous with heuristic-based - Does not have the ability to identify new attacks - Has the ability to identify new attacks
- [A] Is able to identify several activities and compare them to known patterns simultaneously - [B] Is synonymous with heuristic-based - [A] Does not have the ability to identify new attacks - [B] Has the ability to identify new attacks
395
59 - What is NOT one of the three critical requirements for operations controls? A. Hardware control B. Resource protection C. Software control D. Privileged-entry control
C
396
60 - An NDA addresses which security principal? A. Authenticity B. Integrity C. Availability D. Confidentiality
D
397
61 - At which stage of the SLC does the development team observe how the system operates to make sure it is functioning as expected? A. Recording and documenting B. Revisions and system replacement C. Producing and installing D. Operations and maintenance support
D
398
62 - What law protects software programs from illegal distribution? A. Patent B. Copyright C. Trademark D. Trade secret
B
399
63 - You have received a change request from your client on a project you are currently developing for them. What is the correct order of steps you should take to ensure that you follow the change control process? A. Make a formal request, Submit the request for approval, Develop the change, Analyze the request, Record the request, Report the results to management B. Make a formal request, Analyze the request, Record the request, Submit the request for approval, Develop the change, Report the results to management C. Submit the request for approval, Make a formal request, Analyze the request, Record the request, Develop the change, Report the results to management D. Analyze the request, Record the request, Make a formal request, Submit the request for approval, Develop the change, Report the results to management
B
400
64 - Companies tha thave been attacked often choose not to release this information to the media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account? A. Kevin Mitnick B. Cult of Dead Cow C. Chaos Computer Club D. Legion of Doom
C
401
65 - What ensures the accountability and integrity of evidence once it is collected? A. Tangibility B. Chain of evidence C. Due care D. Due diligence
B
402
66 - What type of test involves selected members from each department coming together to review and discuss each section of the Business Continuity Plan (BCP)? A. Simulation test B. Checklist test C. Parallel test D. Structured Walk-Through test
D
403
67 - Which identity management system characteristics match with the identity management system? A. Supports the Apple Talk protocol B. Provides packet delivery with TCP C. Encrypts packets between the server and the client D. Combines services for authentication and authorization E. Provides packet delivery with UDP F. Uses PPP connections - TACACS+ - RADIUS
- [A, C, B] TACACS+ | - [E, F, D] RADIUS
404
68 - What type of database integrity exists if all foreign keys point to existing primary keys? A. Semantic B. Entity C. Structural D. Referential
D
405
69 - Which component is used to create digital signatures? A. IPsec B. DSA C. SKIP D. PPTP
B
406
70 - There are various methodologies available for assessing an organization's security risks. Which risk assessment methodology would be best to use to prescreen systems and applications to determine whether further risk analysis is warranted? A. FRAP B. CRAMM C. NIST SP 800-66 D. FMEA
A
407
71 - Your organization is performing business continuity and disaster recovery planning, and you are the lead planner for this project. The overall scope of the effort required for planning has ben determined and you have begun to look at the resource requirements to complete the development of the plan. Which statement is not true concerning the resource requirements that are required to develop the project plan? A. Outside consultants may be hired to assist with the initial planning stages. B. Software tools may be used to help with the collection of information for planning. C. People used on the planning team should not be the same individuals that perform the recovery. D. The planning team needs to be represented by individuals from business operations and technology areas.
C
408
72 - Which rule is also classified as the "no read down" rule? A. Star integrity axiom B. Simple security rule C. Star property rule D. Simple integrity axiom
D
409
73 - Which layer of the SABSA model operates across all the other layers? A. Logical B. Physical C. Contextual D. Operational
D
410
74 - The International Information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory canon in the CISSP Code of Ethics? A. Protect society, the commonwealth, and the infrastructure. B. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty. C. Provide diligent and competent service to principals. D. Act honorably, honestly, justly, responsibly, and legally.
B
411
75 - What type of technology makes use of a sandbox as a security mechanism? A. ActiveX B. Malware C. Java D. DBMS
C
412
76 - Which organization provides the standards for reinforced filing cabinets? A. Office of Government Commerce B. U.S. Government C. Underwriters Laboratory D. Pearson VUE
B
413
77 - What type of water sprinkler system is best used in an environment that contains a lot of expensive computer and electronic equipment? A. Deluge B. Dry pipe C. Wet pipe D. Preaction
D
414
78 - What type of mobile code control serves as a protected area for a program to execute? A. Kernel B. Access matrix C. Covert channel D. Sandbox
D
415
79 - You need to purchase video surveillance equipment for your organization. Your boss has requested that you implement an automated system that is able to trigger alarms when it detects noise or movement. What type of camera system should you deploy? A. A CCD capable system B. An annunciator capable system C. An automatic iris capable system D. A PTZ capable system
B
416
80 - Which database models match each description? A. Network B. Object-oriented C. Hierarchical D. Relational - The data stored in this model is based on two-dimensional tables consisting of tuples and attributes. - The data stored in this model is linked in a way that each record or child has only one owner or parent. - The data stored in this model is linked in a way that establishes a multiple child-parent relationship. - The data stored in this model is in the form of objects using programming features.
- [B] The data stored in this model is based on two-dimensional tables consisting of tuples and attributes. - [C] The data stored in this model is linked in a way that each record or child has only one owner or parent. - [A] The data stored in this model is linked in a way that establishes a multiple child-parent relationship. - [D] The data stored in this model is in the form of objects using programming features.
417
81 - The company's database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significant amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in? A. Urgent B. Normal C. Critical D. Nonessential
A
418
82 - In terms of a biometric system, what is referred to as a Type II error? A. False rejection rate B. Equal error rate C. False acceptance rate D. Crossover error rate
C
419
83 - Mantraps are an example of what type of security control? A. Corrective controls B. Detective controls C. Preventive controls D. Recovery controls
C
420
84 - To which type of attack is a PBX system vulnerable? A. Sniffing attack B. Privilege escalation attack C. Phreak attack D. DNS spoofing attack
C
421
85 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. What is NOT a concern for the resource protection critical requirement? A. Ensure that resource security is maintained during a failure. B. Protect resources that are required for data processing. C. Provide a balance between the implemented security controls and the user's productivity. D. Ensure the vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced.
A
422
86 - The Application layer of the TCP/IP model maps to which layers of the OSI model? A. Application, Session, Transport B. Presentation, Session, Transport C. Application, Presentation, Session D. Transport, Network, Data Link
C
423
87 - When might an organization require an export license? A. To implement cloud computing B. To permit trans-border data flows C. To employ a key escrow service D. To establish a distributed data model
B
424
88 - There are various types of evidence that can be used in a court of law. What type of evidence cannot be used on its own, but may be admissible to prove other, more substantial evidence? A. Opinion evidence B .Circumstantial evidence C. Hearsay evidence D. Corroborative evidence
D
425
89 - What is the BEST way to secure all data at rest on a portable computer without degrading system performance? A. Hardware-based FDE B. Software-based FDE C. SSL D. Cloud computing
A
426
90 - What is the first level in the Orange Book that requires verified protection? A. B2 B. C1 C. B1 D. A1
D
427
91 - Which technology provides availability, load balancing, redundancy, and failover? A. RADIUS B. Redundant Servers C. RAID D. Clustering
D
428
92 - A security practitioner is designing a network diagram that includes two routers and a firewall. A demilitarized zone (DMZ) is required for controlling a DMZ access from untrusted and trusted sites. ``` [Internet] | (Router) | [*Link*]-- [Firewall] | [*Link*] | (Router) | [*Link*] | [host - server] [host - host ] ```
The link off to the side from the firewall
429
93 - You need to provide security for your client's connections to your web server. you need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this? A. SET B. HTTPS C. HTTP D. S-HTTP
B
430
94 - Which cipher is most susceptible to frequency analysis attacks? A. Caesar Cipher B. Transposition Cipher C. Polyalphabetic Substitution Cipher D. Running Key Cipher
A
431
95 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router? A. Layer 2 B. Layer 1 C. Layer 7 D. Layer 3
D
432
96 - What is an example of a preventive control? A. Motion detectors B. Routers C. Audit logs D. IDS
B
433
97 - What type of attack involves interference that overpowers the sending and receiving of data signal on a communications link? A. Covert Wireless Channel B. Eavesdropping C. Denial of Service jamming D. Man-in-the-Middle attacks
C
434
98 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients? A. Relational data model B. Distributed data model C. Rational data model D. Hierarchical data model
B
435
99 - Which type of light is ideal for indoor lighting but not for outdoor lighting? A. Quartz lamps B. Fluorescent C. Sodium vapor D. Mercury vapor
B
436
100 - A disaster recovery plan should ensure that salaries will be paid to employees while the organization's normal business operations are suspended. What type of insurance policy provides coverage for this? A. Cyberinsurance B. Business interruption insurance C. Accounts receivable insurance D. Liability insurance
B
437
101 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out? A. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution B. Reconnaissance, Enumeration, Execution, Vulnerability Analysis, Document Findings C. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings D. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings
D
438
102 - When developing the business continuity plan (BCP), what is not the responsibility of management? A. The outcome of the BCP development process B. Creating the policy statement and setting goals C. Determining any legal and regulatory requirements D. Making the necessary resources available
C
439
103 - What is the Bell-LaPadula model most concerned with? A. Integrity B. Confidentiality C. Repudiation D. Verification
B
440
104 - What needs to be done by the organization to help ensure that the insurance company is responsible for coverage in the event of a disaster? A. Nothing, the insurance company is always responsible B. The organization must practice due diligence C. The organization must purchase a Business Interruption Insurance policy D. The organization must practice due care
D
441
105 - Which encryption method characteristics match to each encryption method? ``` A. Can be used for key distribution B. Number of keys can be determined by n(n-1)/2 C. Uses two instances of the same key D. Provides authentication E. Provides confidentiality only F. Uses a public key and a private key ``` - Symmetric - Asymmetric
- [B, E, C] Symmetric | - [A, D, F] Asymmetric
442
106 - Which access control concept involves using a common set of process and controls for an area to segregate its resources and services from other entities on the network? A. Least privilege B. Need to know C. Compartmentalization D. Security domain
D
443
107 - What type of intrusion detection system (IDS) uses strips of foil, or preassure pads, near an entry point that sounds an alarm when the contact is broken? A. Acoustical detection system B. Photometric system C. Electro-mechanical system D. Proximity detector
C
444
108 - The Clark-Wilson model may be used to implement system integrity in a security policy. What best describes the Clark-Wilson integrity model? A. Rights are specified using a table consisting of ACLs and capability lists. B. Transformational procedures define the relationship between subject and object. C. When compared to their assigned security levels, users cannot read data at lower levels or write data at higher levels. D. Subjects are granted write access to objects with the same or higher security level as their own.
B
445
109 - What part of the product evaluation process deals with product development and maintenance? A. Life-cycle assurance B. Change control C. Operational assurance D. Clipping levels
A
446
110 - Which mode of the Data Encryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)? A. Counter B. Cipher Feedback C. Cipher Block Chaining D. Electric Code Book
A
447
111 - What method for database security involves having multiple instances of rows with the same primary key, each displaying a different set of data depending on the user's security level? A. Aggregation B. Views C. Polyinstantiation D. Inference
C
448
112 - Which of the following is NOT one of the principles identified by the Directive on Data Protection? A. Data confidentiality B. Choice C. Notice D. Data integrity
A
449
``` 113 - Which type of attack does not involve the use of the encryption key or encryption algorithm to gain access to secret information? A. Chosen ciphertext B. Brute force C. Chosen plaintext D. Social engineering ```
D
450
114 - What should be the last step in the project initiation phase? A. Appoint a leader B. Appoint a BCP team C. Create a project plan D. Present a project plan to management
D
451
115 - Which standard includes resources to help organizations maintain the safe treatment of cardholder information for payment card services? A. NFPA 1600 B. XML C. PCI-DSS D. PGP
C
452
116 - What type of interference can be caused by a disturbance in the circuit from the difference in the hot, neutral, and ground wires and the magnetic field they generate? A. Intermodulation B. Radio frequency interference C. Electromagnetic interference D. Electrostatic discharge
C
453
117 - Which type of attack exploits the communications session between two communicating devices so that the session can be hijacked? A. DNS poisoning B. Sniffer Attack C. TCP Sequence Number Attack D. Ping of Death Attack
C
454
118 - Which attack takes advantage of weaknesses in the design of the TCP protocol? A. Fraggle B. Smurf C. Teardrop D. SYN flood
D
455
119 - What is not a phase involve din preparing a Business Continuity Plan (BCP)? A. Recovery Strategies B. Classify Resources C. Project Management and Initiation D. Testing, Maintenance, Awareness, and Training
B
456
120 - What should be the first step completed in the project initiation phase? A. Define plan goals B. Appoint a BCP team C. Appoint a leader D. Obtain management support
D
457
121 - What is one of the best ways to prevent piggybacking from occurring at the access points into a facility? A. Programmable locks B. Swipe cards C. Proximity cards D. Security gurards
D
458
122 - Which task is not part of the initial steps an attacker would perform when attacking a network? A. Determining which ports are open by performing port scans B. Start building a network topology C. Determining which operating systems are installed on the active computers D. Determining which computers are physically active
A
459
123 - What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986? A. To gain unauthorized access to government computers B. To gain authorized access to personal medical information C. To disclose personal medical information D. To use classified data for the benefit of a foreign nation
A
460
124 - Tem professional practice areas make up the basis of NFPA 1600. Which practice area involve determining the threats that apply to an organization and limiting their potential impact? A. Project initiation and management B. Risk evaluation and control C. Awareness and training programs D. Maintaining and exercising BCPs
B
461
125 - A junior network technician has approached you and asked for your opinion on what would be the most secure cable to implement within the organization. What should you tell them? A. Fiber-optic B. Unshielded Twisted Pair (UTP) C. Shielded Twisted Pair (STP) D. Coaxial
A
462
126 - When does a buffer overflow occur? A. When the operating system runs out of RAM and causes a reboot B. When an application runs out of memory and crashes the system C. When too much data is entered into the buffer D. When an application sends too much information to another application causing a blue screen
C
463
127 - An organization that partners with other corporations has multiple communication channels. What should be taken into consideration by all employees regarding these channels? A. Single sign-on B. Privacy compliance C. Monitoring technologies D. Intrusion detection
B
464
128 - Why are most companies unaware that they have ever been attacked? A. Most attacks are performed by individuals located inside the target network. B. There are only a few laws that specifically address computer crimes. C. Attackers usually spoof their IP addresses. D. Attackers usually erase any logs that record their activities.
D
465
129 - Which is not a characteristic of business impact analysis? A. Determining a recovery strategy B. Determining the maximum tolerable downtime (MTD) C. Identifying critical systems D. Developing it early in business continuity planning
A
466
130 - Which viable weekly backup strategy will take the least amount of time to complete? A. Perform a differential backup every Monday and an incremental backup on the remaining days of the week. B. Perform a full backup every Monday and a differential backup on the remaining days of the week. C. Perform a full backup every day. D. Perform a full backup every Monday and an incremental backup on the remaining days of the week.
D
467
131 - What is not an example of a physical control? A. Subnets B. External lights C. Data backups D. Building location
A
468
132 - What type of backup will contain any files that have changed since the last full backup? A. Full B. Complete C. Differential D. Incremental
C
469
133 - A security practitioner is designing access control monitoring. The design includes a non-filtering router, a firewall, and a company network. in particular, the company wants to correctly place an IPS so that the number of alerts is significantly reduced. ``` [Internet] [Point] \/ \/ [Point] [Firewall] (Router) | | - [Point] -[Point] | | [Company Net][Company Net] ```
The point between the firewall and the company network
470
134 - Which wireless technology matches to each description? A. Cellular B. Infrared C. IEEE 802.11 D. Bluetooth - Requires a network-aware device or dongle and an active account - Switches between any of the 79 frequencies available in the 2.45 GHz range - Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz - Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another
- [A] Requires a network-aware device or dongle and an active account - [D] Switches between any of the 79 frequencies available in the 2.45 GHz range - [C] Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz - [B] Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another
471
135 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them? A. Coaxial B. Fiber-optic C. Shielded Twisted Pair D. Unshielded Twisted Pair
D
472
136 - In a secure network, personnel play a key role in the maintenance and promotion of security procedures. Allotting different roles and responsibilities to different personnel provides increased security. It is important that each participant's role is clearly defined and understood by the participants and by their peers. Which role is responsible for ensuring that the company complies with software license agreements? A. Data analyst B. Solution provider C. Product-line manager D. Process owner
C
473
137 - Administrative, technical, and physical controls should be used by security administrators to meet the organization's security requirements. What is an example of a technical control? A. Router B. Closed -circuit TV (CCTV) C. Data backup D. Biometric system
A
474
138 - What law protects company logos from illegal duplication? A. Patent B. Copyright C. Trademark D. Trade secret
C
475
139 - Which aspect of IAM involves creating, modifying, and deleting user accounts? A. Identity management B. Authorization C. Entitlement D. Provisioning
D
476
140 - A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her? A. You should tell her to implement logs. B. You should tell her to implement auditing. C. You should tell her to only hire honest people. D. You should tell her to implement an accountability server.
B
477
141 - With Biometric systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied? A. EMP B. FAR C. FRR D. CER
B
478
142 - What is a security professional considered when they use hacking tools to test their own network for vulnerabilities? A. Script kiddie B. Black hat C. Red Hat D. White hat
D
479
143 - To help maintain operational resilience, your organization has implemented redundant fans and power supplies in key systems. In addition, they are looking to move away from concatenated disks by implementing proper RAID levels. On a system that is used for general storage, the requirement is that it can survive the failure of any one disk. Which RAID level will best meet this requirement? A. RAID 0 B. RAID 4 C. RAID 3 D. RAID 5
D
480
144 - There are various threats that directly affect your operations environment it is important that your environment is protected against these threats. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad? A. Corruption and modification B. Disclosure and corruption C. Destruction and theft D. Interruption and disclosure
A
481
145 - Which piece of equipment is not recommended for use by incident response teams? A. Plastic containers B. Ball-point pen C. Spiral notebook D. Digital camera
C
482
146 - Which of these algorithms is NOT a symmetric algorithm? A. DES B. RSA C. AES D. 3DES
B
483
147 - Which statement best describes a properly implemented incident handling program? A. Incident handling should be approached in a reactive manner B. Incident reporting should be decentralized C. Incident handling should be part of the business continuity plan D. Incident handling should be part of the disaster recovery plan
D
484
148 - You have been tasked with implementing an intrusion detection system that learns as it performs its day-to-day tasks and uses this knowledge to detect any changes that could mean an intrusion is occurring. Which one should you implement? A. Network-based intrusion detection system B. Signature-based intrusion detection C. Statistical anomaly-based intrusion detection D. Host-based intrusion detection system
C
485
149 - Which method does not provide integrity for a message? A. Hashing a message B. Encrypting a message C. Encrypting and digitally signing a message D. Digitally signing a message
B
486
150 - Electronic devices emit electrical and electromagnetic signals through the airwaves. This is referred to as what? A. Emanation B. EMI C. White noise D. Tempest
A
487
151 - Which of these security models ensure that you cannot write to an object that resides at a security level lower than the one you possess? A. Latice model B. Biba model C. Bell-LaPadula model D. Clark-Wilson model
C
488
152 - What can be done to enforce employee accountability? A. Ensuring employees arrive on time for work B. Employee's providing a password or passphrase C. Employee's maintaining corporate documentation D. Including employee IDs in the audit logs
D
489
153 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company's president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora's Fourth Amendment rights? A. If Debora is acting as a police agent, management's Fourth Amendment rights would not be violated. B. If management is acting as a police agent, Debora's Fourth Amendment rights would not be violated. C. If management is acting as a private citizens, Debora's Fourth Amendment rights would be violated. D. If management is acting as private citizens, Debora's Fourth Amendment rights would not be violated.
D
490
154 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls? A. Provide all users with administrative-like access control capabilities. B. Provide users with the level of access they require to complete their assigned tasks. C. Provide specific users with administrative-like access control capabilities. D. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel.
C
491
155 - The integrity of data within a database can be protected by different types of operations. Which is NOT an operation that will protect the integrity of data within a database? A. Savepoint B. Commit C. Inference D. Rollback
C
492
156 - Which access control concept is used when operational secrecy is a major concern? A. Security domain B. Need to know C. Compartmentalization D. Least privilege
B
493
157 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher? A. Running key B. Transposition C. Substitution D. Null
B
494
158 - Knowledge discovery in databases (KDD) is a process where patterns within a database are identified using various approaches and techniques. Which is NOT one of the approaches used in the KDD system to determine patterns? A. Statistical B. Heuristic C. Probabilistic D. Classification
B
495
159 - What is the best strategy for outsourcing? A. Omitting business continuity and disaster recovery considerations from the outsourcing strategy B. Including appropriate terms and conditions in the SLA C. Excluding service improvement expectations from the outsourcing contract D. Developing an outsourcing strategy independent of auditing considerations related to outsourcing
B
496
160 - Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings? A. Reverse ARP B. Revers ARP table poising C. ARP table poisoning D. Poisoning ARP cache
C
497
161 - Your current network uses the Open Shortest Path First (OSPF) dynamic routing protocol to update routes to different destinations on the network. It has been brought to your attention that a rougue router is updating routes on the internal network. This is creating false routes to destinations internally and externally which imposes a security issue. What should you do to prevent the rogue router from updating your internal routing information? A. Contact the local authorities. B. Unplug the rogue router. C. Implement update authentication between the internal routers. D. Implement a different type of dynamic routing protocol
C
498
162 - Fire suppression systems use different methods to combat fires. What substance is non=-toxic, does not deplete the ozone, and is safe to use around electrical equipment? A. Carbon dioxide (CO2) B. FM 200 C. Deluge D. Halon
B
499
163 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment? A. Fault B. Brownout C. Sag D. Blackout
A
500
164 - Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation? A. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information. B. A user has the permissions to access information, and also has the required permissions to access subsets of the same information. C. A user has the permissions to access information, and does not have the required permissions to access subsets of the same information. D. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information.
A
501
165 - Several methods have been developed to be used as the basis for assessing an organization's security posture. Which information security risk assessment methodology is made up of a suite of tools and focuses on the principle of self-direction? A. OCTAVE B. PUSH C. SOMAP D. VAR
A
502
166 - Which type of attack involves deceiving a trusting person into sharing confidential information? A. Active B. Social engineering C. Passive D. Spoofing
B
503
167 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with? A. Affirmation B. Hallmark C. Certification D. Accreditation
D
504
168 - Which security models match each characteristic? A. Lipner B. Biba C. Bell-LaPadula D. Clark-Wilson - Confidentiality - Integrity - Confidentiality and Integrity
- [C] Confidentiality - [B, D] Integrity - [A] Confidentiality and Integrity
505
169 - Which statement is not true in relation to the term "back door"? A. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in. B. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes. C. A back door attack allows an attacker to masquerade themselves as someone else. D. There are various tools on the market that allow you to easily create and execute back door attacks.
C
506
170 - Which security model has the ability to address the inference attack? A. Graham-Denning model B. Noninterference model C. Lattice model D. Biba model
B
507
171 - What often happens unexpectedly because of the development of a company's contingency plan? A. RTOs are discovered B. Hot sites are found to be expensive to maintain C. Support from senior management is realized D. Improved business operations
D
508
172 - Which access control model makes use of ACLs? A. Mandatory access control B. Nondiscretionary access control C. Role-based access control D. Discretionary access control
D
509
173 - During the system development process, logging should be enabled to ensure that the development life cycle is tracked. What should you track in the logs? A. Completion codes B. Edits C. Operating instructions D. Who accessed the resource, what resource was accessed, and when the resource was accessed
D
510
174 - Which statement is TRUE in relation to work factor? A. Work factor is an estimate of the effort and resources that are required to penetrate a cryptosystem. B. Work factor is the total value of the overall cryptographic strength. C. Work factor is an estimate of the overall cryptographic strength. D. Work factor is the total amount of effort and resources that are required to penetrate a cryptosystem.
A
511
175 - What Common Criteria assurance level is the first to require that the product is formally verified, designed, and tested? A. EAL 5 B. EAL 4 C. EAL 7 D. EAL 6
C
512
176 - The planning phase should involve creating a timeline for developing the BCP. It is important to prioritize certain areas and to specify when plans for those areas will be completed. For a medium-sized company with an experienced planner and the full support of management, when should a BIA be completed? A. Within six months B. Nine to 12 months C. Six to nine months D. Within the first month
A
513
177 - For applications to interact with various types of databases, a type of interface is needed. What type of database interface language is used for structuring data so that it can be shared between applications and web technologies? A. OLE DB B. ADO C. XML D. ODBC
C
514
178 - Which features match to each key technology? A. Can be re-pinned by using a master key B. Contains a built-in microprocessor C. Allows for 10 to 15 lock changes D. Identifies the individual key holder - Instakey - Intellikey
- [A, C] Instakey | - [B, D] Intellikey
515
179 - An organization has hired contractors for a project requiring a confidentiality agreement. Issues with one of the contractors require that they be terminated. When should the contractor be terminated? A. Upon completion of the project B. After the completion of a termination interview C. After a two-week notice period D. immediately
D
516
180 - Which item is typically used for the implementation of a key control system for securing access to areas containing sensitive equipment? A. Biometric reader B. Patented cylinders C. One time keypad D. Public Key Infrastructure
B
517
181 - What would be the maximum tolerable downtime (MTD) of a business function categorized as urgent? A. 24 hours B. Up to 4 hours C. 30 days D. 7 days
A
518
182 - What are the strengths and weaknesses of asymmetric cryptography? A. Provides authenticity B. Uses more computational power than the other cryptography method C. Does not scale well in terms of key management D. Uses less computational power than the other cryptography method E. Better key distribution than the other cryptography method F. Provides confidentiality only - Weakness - Strength
- [B] Weakness | - [A, E] Strength
519
183 - Which access cards match to each description? A. Proximity card B. Magnetic stripe card C. Smart card - Contains a microchip and can store a large amount of data - Made of PVC material and is easily damaged - Contains a microchip and opens a magnetic lock
- [C] Contains a microchip and can store a large amount of data - [B] Made of PVC material and is easily damaged - [A] Contains a microchip and opens a magnetic lock
520
184 - Which attack occurs when an attacker sends packets that are too small? A. Fraggle B. SYN flood C. Smurf D. Teardrop
D
521
185 - There are many different types of computer crimes, each of which can be committed differently. An employee who eavesdrops on the electronic signals emitted by a computer is committing what type of attack? A. Emanations capturing B. TEMPEST C. Salami attack D. Data diddling
A
522
186 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs? A. Accidental disclosure of confidential, private information B. Susceptibility to DoS attacks C. Their being used to facilitate the spread of malicious code D. Their being used to identify wireless hotspots that attackers can use to initiate attacks
A
523
187 - You are currently in the process of implementing Network Address Translation (NAT) within your organization. Which IP address range would be best suited for your internal client needs? A. 169.54.0.0 to 169.254.255.255 B. 172.168.0.0 to 172.168.255.255 C. 172.16.0.0 to 172.31.255.255 D. 192.169.0.0 to 192.169.255.255
C
524
188 - Which type of media access technology is primarily used in Ethernet networks? A. Polling B. CSMA C. Token Passing D. Ethernet
B
525
189 - Which NIST 800-34 standard steps that can be applied to business continuity planning match each description? A. Develop recovery strategies. B. Conduct the BIA. C. Develop the contingency plan. D. Maintain the plan. - Identify threats and calculate risks. - Implement procedures to keep the BCP updated on a frequent basis. - Select methods to ensure systems are efficiently brought back online. - Provide procedures for the organization to remain operational while functions and systems are offline.
- [B] Identify threats and calculate risks. - [D] Implement procedures to keep the BCP updated on a frequent basis. - [A] Select methods to ensure systems are efficiently brought back online. - [C] Provide procedures for the organization to remain operational while functions and systems are offline.
526
190 - The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs? A. Commit B. Savepoint C. Rollback D. Inference
B
527
191 - Which access control model is based on a security label system? A. Nondiscretionary access control B. Mandatory access control C. Role-based access control D. Discretionary access control
B
528
192 - In which mode is a system operating if all users have a formal need to know as well as a clearance for all data in the system? A. Multilevel Security Mode B. Compartmented Security Mode C. System High-Security Mode D. Dedicated Security Mode
D
529
193 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators? A. Many attackers spoof their IP addresses and erase logs to cover their tracks B. Most attacks are performed by individuals located outside of the network C. There are only a few laws that specifically address computer crimes D. Most companies do not use firewalls
A
530
194 - You want to guard against social engineering attacks, including fraudulent e-mails and fraudulent telephone calls. What would be the best choice to ensure security? A. Access control B. Employee training C. IDS D. Separation of duties
B
531
195 - Which security roles match each security responsibility description? ``` A. Information Systems Professional B. Guard C. Systems Administrator D. Secretary E. Information Systems Auditor ``` - Responsible for the setup and maintenance of an organization's network - Designs security controls - Checks to ensure people are following the organization's security policies - Responsible to sign for packages that enter or leave the main office in a small organization - Protecting the safety of an organization's employees
- [C] Responsible for the setup and maintenance of an organization's network - [A] Designs security controls - [E] Checks to ensure people are following the organization's security policies - [D] Responsible to sign for packages that enter or leave the main office in a small organization - [B] Protecting the safety of an organization's employees
532
196 - Which technique involves an attacker probing a host for responses without being able to sniff sequence and acknowledgement messages? A. Emanation B. Brute force attack C. Blind spoofing D. Scrubbing
C
533
197 - Carrie has a secret message that she wants only Todd to read. A hybrid approach is used for this transaction. Which statements regarding hybrid cryptography are true and which statements are false? A. Carrie encrypts the message with a symmetric key and the symmetric key with Todd's public key B. Todd decrypts the encrypted symmetric key with his private key and decrypts Carrie's message with the symmetric key C. Carrie encrypts the message with her private key and her private key with Todd's public key D. Todd decrypts Carrie's encrypted private key with his public key and decrypts Carrie's message with Carrie's private key - True - False
- [A, B] True | - [C, D] False
534
198 - What type of attack prevents a system from responding to legitimate traffic from authorized clients? A. A Trojan horse attack B. A password cracking attack C. An IP spoofing attack D. A denial of service attack
D
535
199 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs? A. Warm reboot B. System reboot C. System cold start D. Emergency system restart
A
536
200 - Which statement best describes what occurs during a Ciphertext-Only attack? A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key. B. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient. C. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender. D. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key.
A
537
201 - Which statements match each organization's code of ethics? A. Seeking to gain unauthorized access to internet resources B. Destroying the integrity of computer-based information C. Provide diligent and competent services to principals D. Compromising the privacy of others E. Act honorably, honestly, justly, responsibly, and legally F. Advance and protect the security profession - IAB - ISC2
- [B, A, D] IAB | - [E, C, F] ISC2
538
202 - What would be the least effective method to prevent an intruder from gaining access to a facility? A. A fence B. Smartcards C. Guard dogs D. CCTV
D
539
203 - You have been tasked with ensuring that users can only access the information that they absolutely need within a database. What is the best method you should use to accomplish this? A. Implement view-based access controls B. Implement discretionary access controls C. Implement mandatory access controls D. Implement an access matrix
A
540
204 - The act of monitoring, auditing, and logging provides which measure within an organization? A. Confidentiality B. Accountability C. Integrity D. Availability
B
541
205 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is not a typical threat to confidentiality? A. Virus B. Masquerader C. Trojan horse D. Insufficient access control
A
542
206 - What is NOT an example of a detective physical control? A. Security guards B. Smoke and fire detectors C. Library control systems D. Alarms and sensors
C
543
207 - What requires publicly listed organizations to produce annual internal financial reports? A. Sarbanes-Oxley B. Title IX of the Implementing the 9/11 Commission Recommendations Act of 2007 C. BS 25999 D. TCSEC
A
544
208 - Which mechanism functions as a security boundary in which an untrusted Java applet is executed? A. Sandbox B. "Nobody" permissions C. Clipping level D. Digital code signatures
A
545
209 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization. For what is the information security officer primarily responsible? A. Evaluating risk management practices in the organization B. Ensuring the security program complies with regulations C. Facilitating information security within the organization D. Identifying emerging security risks
C
546
210 - Which standard should you implement if you need to provide encryption and digital signatures for electronic mail? A. MIMES B. S-HTTP C. S/MIME D. HTTPS
C
547
211 - Which centralized access control technology is typically used by ISPs and only requires simplistic username/password authentication to gain access? A. RADIUS B. Diameter C. Mobile IP D. TACACS+
A
548
212 - Which security model uses features of the Bell-LaPadula and Biba security models? A. Harrison-Ruzzo-Ullman B. Graham-Denning C. Lipner D. Clark-Wilson
C
549
213 - You work for a high tech development firm that specializes in the development of custom applications for mobile devices. The company is currently working on an application that will be used on smart cards with limited processing power. Which encryption algorithm would not be suitable for this application? A. Blowfish B. AES C. RC5 D. DES
A
550
214 - Intrusion detection systems are used to determine if attacks are occurring on a network. There are several different types of intrusion detection systems available on the market. You have been tasked with implementing an intrusion detection system that uses predefined knowledge to determine if an attack is occurring. Which one should you implement? A. Host-based intrusion detection system B. Signature-based intrusion detection C. Network-based intrusion detection system D. Statistical anomaly-based intrusion detection
B
551
215 - What is an example of a deterrent control? A. Smart cards B. Audit logs C. Fences D. Security policies
C
552
216 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion? A. Separation of duties B. Rotation of duties C. Intrusion detection D. Access control
B
553
217 - Which security principle can have the greatest effect on user productivity? A. Integrity B. Authorization C. Availability D. Confidentiality
C
554
218 - Which access control threats match each description? A. Dictionary attacks B. Brute force attacks C. Spoofing - Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - Involves a fake user logon screen being presented to a user for them to input their username and password - Involves trying different input combinations in an attempt to find a correct password
- [A] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - [C] Involves a fake user logon screen being presented to a user for them to input their username and password - [B] Involves trying different input combinations in an attempt to find a correct password
555
219 - What Common Criteria assurance level is the first to require that the product is methodically tested and checked? A. EAL4 B. EAL3 C. EAL2 D. EAL5
B
556
220 - Which layers of the OSI model map to the Network Access layer of the TCP/IP model? A. Transport and Network B. Network and Data Link C. Network and Physical D. Data Link and Physical
D
557
221 - Which remote connection protocols match to each description? ``` A. PPP B. IPsec C. PPTP D. L2TP E. SSL VPN F. VPN ``` - Supports remote access and site-to site topologies - Encrypts data using GRE or MPPE - Communicates over UDP port 1701 - Encrypts packets at the network layer - Requires digital certificates and a PKI - - Encapsulates data, but does not encrypt it
- [F] Supports remote access and site-to site topologies - [C] Encrypts data using GRE or MPPE - [D] Communicates over UDP port 1701 - [B] Encrypts packets at the network layer - [E] Requires digital certificates and a PKI - [A] Encapsulates data, but does not encrypt it
558
222 - What can users inherit from group memberships or roles that they have within an organization? A. Entitlements B. Covert channels C. Emanation D. inference
A
559
223 - Which user requirement is true for compartmented security mode but not for multilevel security mode? A. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system. B. A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system. C. There must be formal access approval for all information that the user will access on the system. D. All users must have a valid need to know some of the information on the system.
B
560
224 - Which statement is not true of an incident handling program? A. It should be part of the disaster recovery plan. B. It should be part of the security awareness program. C. It should be proactive. D. It should be independent of outside agencies.
D
561
225 - you are the network administrator for a large company in North America. Many of the employees work from remote locations. You need to set up a secure, private connection between the remote users and their head office so that they can access resources. What would be the best solution? A. Use the Point-to-Point Protocol B. Use the Layer 2 Tunneling Protocol C. Use the Point-to-Point Tunneling Protocol D. Use a Virtual Private Network
D
562
226 - What are the advantages and disadvantages of a warm site? A. Good choice for organizations requiring proprietary hardware B. Includes computers and servers C. Partially configured D. Testing of the site is done on an annual basis E. Less expensive to maintain than a hot site F. No certainty that the site will be up and running within hours after being fully configured - Disadvantages - Advantages
- [C, F] Disadvantages | - [A, E] Advantages
563
227 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack? A. Business impact analysis B. Forensic engineering C. Software forensics D. Quantitative risk analysis
C
564
228 - What network device can you implement between end systems on a network to reduce the possibility of sniffing and monitoring attacks by potential intruders? A. Switches B. Routers C. Firewalls D. Gateways
A
565
229 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs? A. Gates B. Bollards C. Fences D. Landscaping
C
566
230 - What statement is not true in regard to maintenance hooks? A. A tool used by developers to patch systems after they go into production B. A security risk if not removed before the software goes into production C. A method used to bypass access controls to alter software code during the development process D. A backdoor into software created by the developer
A
567
231 - What is not true of a qualitative risk analysis? A. It is scenario-based. B. Threats are given an exposure rating. C. Assets are defined as tangible physical objects. D. Its results are easier to understand than that of a quantitative risk analysis
C
568
232 - Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded? A. Degaussing B. Overwriting C. Clearing D. Destroying
C
569
233 - Which algorithm's security comes from the difficulty of factoring large prime numbers? A. RSA B. 3DES C. DES D. AES
A
570
234 - Which standardized algorithm can produce a message digest value in the range of 128 to 256 bits? A. HAVAL B. SHA-3 C. MD5 D. MD4
A
571
235 - Which is the final step that you should include in any backup plan? A. Test the backup plan. B. Determine what type of backup media you will require. C. Determine what data you will need to back up. D. Determine where you should store the backup media and how long you should store it there.
A
572
236 - Which is NOT an integrity goal that is addressed by the Clark-Wilson model? A. Authorized users should be prevented from making unauthorized changes. B. All users must be identified and authenticated. C. Internal and external consistency should be maintained at all times. D. Unauthorized users should be prevented from making changes.
B
573
237 - What type of threat to access control consists of a method to bypass the normal user authentication process in a software product? A. Data remanence B. Trapdoor C. Buffer overflow D. Overt channel
B
574
238 - An important tool used in risk management is risk analysis. Which statement about risk analysis is not true? A. Automated tools are required for quantitative risk analysis. B. Threats are given an exposure rating in a qualitative risk analysis. C. The Delphi technique can be used in a qualitative risk analysis. D. A risk analysis must be directed by senior management.
A
575
239 - Intellectual property can be protected by what types of laws? A. Patents, trademarks, and certification B. Trade secrets, patents, and trademarks C. Trademarks, Trade secrets, and accreditation D. Copyright, accreditation, and trade secrets
B
576
240 - Which recovery strategy involves different organizations supporting each others operations in the event of an outage or emergency? A. Dual data center B. Reciprocal agreements C. Multiple processing locations D. Outsourcing
B
577
241 - Disk mirroring is an electronic backup method that reduces the risk of data loss due to component failure. What is also true of disk mirroring? A. It offers a higher level of protection than disk duplexing. B. It increases disk overhead. C. It transfers exact copies of data files to a remote location. D. The controller is not a single point of failure.
B
578
242 - Which RAID levels match each characteristic? ``` A. Level 0 B. Level 5 C. Level 10 D. Level 3 E. Level 1 ``` - Parity - No Parity
- [D, B] Parity | - [A, E, C] No Parity
579
243 - The penetration testing process does NOT include which of these elements? A. Gathering information B. Identifying resources C. Performing simulated attacks D. Repairing network vulnerabilities
D
580
244 - Most alternate off-site facilities are provided by third party companies that charge a subscription fee for usage. What is the term for an alternate off-site facility that is owned by the company? A. Cold site B. Warm site C. Redundant site D. Hot site
C
581
245 - Which type of cipher is typically used in an application where encryption is not needed, but the system itself requires encryption? A. Transposition cipher B. Substitution cipher C. Running key cipher D. Null cipher
D
582
246 - A quantitative risk analysis begins by determining the asset values and outlining the possible threats being posed to the organization. The three primary steps in a quantitative risk analysis are determining the possible extent of losses by estimating the value of vulnerable assets, identifying and evaluating what the possible threats are, and determining the annualized loss expectancy (ALE). How is the ALE calculated? A. SLE x ARO B. Asset value ($) x EF C. SLE / EF D. Asset value ($) + ARO x EF
A
583
247 - Which information concealment methods match to each description? A. Watermarking B. Cryptography C. Stenography D. Code words - Uses a specific medium to hide information within - Uses letters to represent an idea or sentiment - Uses sophisticated mathematical techniques to hide information - Uses additional information within a file for detecting the theft of information
- [C] Uses a specific medium to hide information within - [D] Uses letters to represent an idea or sentiment - [B] Uses sophisticated mathematical techniques to hide information - [A] Uses additional information within a file for detecting the theft of information
584
248 - Which asymmetric algorithm was the first to address the shortfalls of key distribution that occurred with symmetric algorithms? A. Diffie-Hellman B. Knapsack C. RSA D. El Gamal
A
585
249 - An updated security system is being considered for implementation to your company's building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs? A. Proximity card B. Electronic combination lock C. Combination lock D. Magnetic stripe card
A
586
250 - Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why? A. In order to reflect the constant change in the corporate landscape B. For use in future employee training sessions C. To keep track of constant changes in software and hardware D. In order to share information between corporate sites
C
587
1 - What type of system access control is awareness training classed as? A. Administrative B. Physical C. Technical D. Logical
A
588
2 - What is not a characteristic of a signature-based intrusion detection system? A. Needs constant updating B. Identifies new types of attacks C. Can be host-based D. Uses patter matching
B
589
3 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out? A. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution B. Reconnaissance, Enumeration, Execution, Vulnerability, Analysis, Document Findings C. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings D. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings
C
590
4 - Which access control concept involves using a common set of processes and controls for an area to segregate its resources and services from other entities on the network? A. Need to know B. Compartmentalization C. Security domain D. Least privilege
C
591
5 - Two systems are set up to communicate and transfer information between each other using a channel that violates the systems security policy. What does this define? A. Covert channel B. Hidden channel C. Illegal channel D. Overt channel
A
592
6 - What is not a valid type of test for a Business Continuity Plan (BCP)? A. Simulation B. Checklist C. Parallel D. Partial interruption
D
593
7 - What are the strengths and weaknesses of symmetric cryptography? A. It does not provide authenticity. B. It has built in key distribution. C. Large key sizes make it impractical to break the encryption. D. It uses more computational power than the other cryptography method. E. It uses less computational power than the other cryptography method. - Weakness - Strength
- [A] Weakness | - [C, E] Strength
594
8 - Who is ultimately responsible for the organization's recovery following a disaster? A. Executive emergency management team B. Emergency response team C. Primary site restoration team D. Emergency management team
A
595
9 - Knowledge discovery in databases (KDD) is a process where patterns within a database are identified using various approaches and techniques. Which is NOT one of the approaches used in the KDD system to determine patterns? A. Classification B. Statistical C. Probabilistic D. Heuristic
D
596
10 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as? A. Accreditation B. Hallmark C. Affirmation D. Certification
D
597
11 - Which security model uses features of the Bell-LaPadula and Biba security models? A. Graham-Denning B. Clark-Wilson C. Harrison-Ruzzo-Ullman D. Lipner
D
598
12 - Which statement best describes what occurs during a Ciphertext-Only attack? A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key. B. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient. C. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key. D. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that if it is the legitimate information from the original sender.
A
599
13 - What is the most common method used to locate unsecured wireless networks? A. Wardriving B. Piggybacking C. Wardialing D. Salami
A
600
14 - Which system security modes match to each description? A. System High-Security Mode B. Compartmented Security Mode C. Dedicated Security Mode D. Multilevel Security Mode - All users possess a formal need to know and clearance for all the data in the system. - All users possess system high-security clearance, but may lack formal approval or need to know. - All users lack formal need to know, but possess the necessary clearance. - Various classification levels are required to be processed at the same time.
- [C] All users possess a formal need to know and clearance for all the data in the system. - [B] All users possess system high-security clearance, but may lack formal approval or need to know. - [A] All users lack formal need to know, but possess the necessary clearance. - [D] Various classification levels are required to be processed at the same time.
601
15 - which redundant Array of Independent Disks (RAID) level writes data to two different drives at the exact same time so that both drives contain the exact same data? A. RAID 3 B. RAID 1 C. RAID 0 D. RAID 5
B
602
16 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization. For what is the information security officer primarily responsible? A. Facilitating information security within the organization B. Ensuring the security program complies with regulations C. Identifying emerging security risks D. Evaluating risk management practices in the organization
A
603
17 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is this process referring to? A. Certification B. Accreditation C. Verification D. Affirmation
B
604
18 - Which is are Not true in relation to asymmetric cryptography? A. It provides confidentiality but not authenticity or non-repudiation. B. It has better scalability than symmetric systems. C. It works much more slowly than symmetric keys. D. It has better key distribution than symmetric systems
A
605
19 - What is the second stage of the SDLC? A. Defining functional objectives B. Project initiation and planning C. Developing and implementing D. Defining system requirements
A
606
20 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack? A. Forensic engineering B. Business impact analysis C. Quantitative risk analysis D. Software forensics
D
607
21 - Which constraint should be the primary concern when creating procedures for background checks on new hires? A. Privacy laws B. Employee acceptance C. Organizational policies D. Senior management's sign off
A
608
22 - What law protects company logos from illegal duplication? A. Copyright B. Trade secret C. Trademark D. Patent
C
609
23 - What type of mobile code control serves as a protected area for a program to execute? A. Access matrix B. Covert channel C. Sandbox D. Kernel
C
610
24 - What type of power fluctuation occurs due to a loss of power? A. Sag B. Spike C. Fault D. Brownout
C
611
25 - Which organization provides the standards for reinforced filing cabinets? A. Pearson VUE B. Office of Government Commerce C. U.S. Government D. Underwriters Laboratory
C
612
26 - What type of alarm system triggers an alarm at your organization's security command center when it detects an intruder? A. Local B. Proprietary C. Central station D. Auxiliary station
B
613
27 - Which term represents a collection of technologies that gather sand stores access control information and specified system activity for later study? A. MTBF B. SIEM C. ITIL D. FMEA
B
614
28 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment? A. Blackout B. Brownout C. Fault D. Sag
C
615
29 - The Application layer of the TCP/IP model maps to which layers of the OSI model? A. Application, Session, Transport B. Transport, Network, Data Link C. Presentation, Session, Transport D. Application, Presentation, Session
D
616
30 - Which type of cipher replaces bits, characters, or blocks with different bits, characters, or blocks? A. Replacement cipher B. Substitution cipher C. Permutation cipher D. Transposition cipher
B
617
31 - Testing and evaluating systems is a very important part of systems development. Which is NOT part of the testing and evaluation phase? A. Management is required to review the results of the testing. B. Testing should use copies of the production data. C. Program librarian should keep test data for later use. D. Test data should only include data from acceptable ranges.
D
618
32 - Management has approached you and would like you to explain how they can possibly prevent collusion within the organization. What should you tell them? A. Implement the rule of least privilege. B. Implement separation of duties. C. Implement job rotation D. Force emplo9yees to take mandatory vacations.
C
619
33 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is not a typical threat to confidentiality? A. Virus B. Insufficient access control C. Trojan horse D. Masquerader
A
620
34 - Which vulnerabilities match to each description of situations where the attack has been made on an application? ``` A. Broken authentication and session management B. Failure to restrict URL access C. Injection D. Insecure cryptographic storage E. Cross-site scripting ``` - Encryption keys for a database use a weak password. - An attacker gains access to a web page by entering the target URL in the browser address field. - A malicious user gains access to the password file used to verify users. - A valid request to a SQL server is intercepted by an attacker and modified to intentionally corrupt the database. - A web site sends JavaScript instructions to the browser accessing the site, requesting access to the user's hard disk.
- [D] Encryption keys for a database use a weak password. - [B] An attacker gains access to a web page by entering the target URL in the browser address field. - [A] A malicious user gains access to the password file used to verify users. - [C] A valid request to a SQL server is intercepted by an attacker and modified to intentionally corrupt the database. - [E] A web site sends JavaScript instructions to the browser accessing the site, requesting access to the user's hard disk.
621
35 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure? A. RAID 5 B. RAID 1 C. RAID 3 D. RAID 0
A
622
36 -Which RAID levels match each characteristic? ``` A. Level 5 B. Level 10 C. Level 0 D. Level 3 E. Level 1 ``` - Parity - No parity
- [D, A] Parity | - [C, E, B] No parity
623
37 - Which form of malware has the ability to reproduce itself and is classified as self-contained? A. Logic bomb B. Trojan horse C. Worm D. Virus
C
624
38 - Which tunneling protocols match with the characteristic? ``` A. IPsec B. PPTP C. L2F D. L2TP E. SSL ``` - Tunnels PPP traffic - Works above the Data Link layer
- [C, D, B] Tunnels PPP traffic | - [A, E] Works above the Data Link layer
625
39 - What is the Bell-LaPadula model most concerned with? A. Integrity B. Confidentiality C. Verification D. Repudiation
B
626
40 - Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation? A. A user has the permissions to access information, and dose not have the required permissions to access subsets of the same information. B. A user has the permissions to access information, and also has the required permissions to access subsets of the same information. C. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information. D. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information.
D
627
41 - The act of monitoring, auditing, and logging provides which measure within an organization? A. Confidentiality B. Accountability C. Availability D. Integrity
B
628
42 - Which wireless technology matches to each description? A. IEEE 802.11 B. Bluetooth C. Cellular D. Infrared - Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another - Requires a network-aware device or dongle and an active account - Switches between any of the 79 frequencies available in the 2.45 GHz range - Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz
- [D] Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another - [C] Requires a network-aware device or dongle and an active account - [B] Switches between any of the 79 frequencies available in the 2.45 GHz range - [A] Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz
629
43 - An important tool used in risk management is risk analysis. Which statement about risk analysis is not true? A. Automated tools are required for quantitative risk analysis. B. Threats are given an exposure rating in a qualitative risk analysis C. A risk analysis must be directed by senior management D. The Delphi technique can be used in a qualitative risk analysis.
A
630
44 - There are various types of evidence that can be used in a court of law. What type of evidence is considered incidental? A. Hearsay B. Circumstantial C. Real D. Opinion
B
631
45 - With Biometric systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied? A. EMP B. CER C. FAR D. FRR
C
632
46 - Which statement best describes what occurs during a Chosen Plaintext attack? A. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender. B. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key. C. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key. D. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient.
D
633
47 - An NDA addresses which security principal? A. Authenticity B. Availability C. Integrity D. Confidentiality
D
634
48 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence? A. Evidence must be returned to its owner once presented in court B. Evidence must not be admissible C. Evidence must be legally permissible D. Modifying computer-generated evidence is impossible.
C
635
49 - Which algorithm requires that the sender and receiver use two instances of the same key? A. RSA B. 3DES C. Knapsack D. Diffie-Hellman
B
636
50 - What is the benefit of using clustering in your enterprise data management scheme? A. Creates a single point of failure B. Amount of data storage is increased C. Scalability and redundancy D. Requires less memory to operate
C
637
51 - When might an organization require an export license? A. To employ a key escrow service B. To permit trans-border data flows C. To implement cloud computing D. To establish a distributed data model
B
638
52 - What is an example of a detective control? A. Fences B. Firewall C. Lighting D. Job rotation
D
639
53 - Which access control threats match each description? A. Dictionary attacks B. Brute force attacks C. Spoofing - Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - Involves trying different input combinations in an attempt to find a correct password - Involves a fake user logon screen being presented to a user for them to input their username and password
- [A]Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - [B]Involves trying different input combinations in an attempt to find a correct password - [C]Involves a fake user logon screen being presented to a user for them to input their username and password
640
54 - Which type of access control involves the installation of a lock on a server room door? A. Compensating B. Preventive C. Directive D. Deterrent
B
641
55 - Which PKI elements match each description? ``` A. Digital certificate B. Certificate authority C. Certificate respository D. Certificate management system E. Registration authority ``` - The software that takes care of all certificates - The entity that issues and verifies digital certificates - An electronic record that identifies the public key - A verifier for the certificate authority - A storage location for certificates
- [D] The software that takes care of all certificates - [B] The entity that issues and verifies digital certificates - [A] An electronic record that identifies the public key - [E] A verifier for the certificate authority - [C] A storage location for certificates
642
56 - What is NOT true regarding the services that MPLS provides? A. Packet labeleing is provided B. QoS is provided C. Encryption is provided D. Traffic engineering is provided
C
643
57 - Which database models match each description? A. Object-oriented B. Relational C. Network D. Hierarchical - The data stored in this model is in the form of objects using programming features. - The data stored in this model is linked in a way that each record or child has only one owner or parent - The data stored in this model is based on two-dimensional tables consisting of tuples and attributes. - The data stored in this model is linked in a way that establishes a multiple child-parent relationship
- [B]The data stored in this model is in the form of objects using programming features. - [D]The data stored in this model is linked in a way that each record or child has only one owner or parent - [A]The data stored in this model is based on two-dimensional tables consisting of tuples and attributes. - [C]The data stored in this model is linked in a way that establishes a multiple child-parent relationship
644
58 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence? A. PPTP B. CCTV C. DSA D. TDR
D
645
59 - Which method is most secure when updating routing information? A. Distance-vector updates B. Static updates C. Dynamic updates D. Link-state updates
B
646
60 - What would be considered an advantage of using a hot site? A. Can use any hardware B. Available for longer timeframes C. Can be ready quickly D. Has low cost
C
647
61 - What should be the first step completed in the project initiation phase? A. Appoint a BCP team B. Obtain management support C. Define plan goals D. Appoint a leader
B
648
62 - Which security roles match each security responsibility description? ``` A. Systems Administrator B. Guard C. Secretary D. Information Systems Auditor E. Information Systems Professional ``` - Designs security controls - Responsible to sign for packages that enter or leave the main office in a small organization - Checks to ensure people are following the organization's security policies - Responsible for the setup and maintenance of an organization's network - Protecting the safety of an organization's employees
- [E]Designs security controls - [C]Responsible to sign for packages that enter or leave the main office in a small organization - [D]Checks to ensure people are following the organization's security policies - [A]Responsible for the setup and maintenance of an organization's network - [B]Protecting the safety of an organization's employees
649
63 - Which statment is not true of an incident handling program? A. It should be part of the security awareness program. B. It should be independent of outside agencies. C. It should be part of the disaster recovery plan D. It should be proactive.
B
650
64 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement? A. Ensure that vulnerabilities directed at the availability, integrity , and confidentiality of resources is reduced. B. Protect resources that are required for data processing. C. Provide a balance between the implemented security controls and the user's productivity. D. Ensure that resource security is maintained during a failure.
D
651
66 - An organization that partners with other corporations has multiple communication channels. What shouldbe taken into consideration by all employees regarding these channels? A. Monitoring technologies B. Privacy compliance C. Single sign-on D. Intrusion detection
B
652
67 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router? A. Layer 3 B. Layer 7 C. Layer 2 D. Layer 1
A
653
68 - In which area would a symmetric key system be less desirable than an asymmetric key system? A. Confidentiality B. Mathematic comlexity C. Key management D. Speed
C
654
69 - Which user requirement is true for compartmented security mode but not for multilevel security mode? A> A clearance level that is equaql to or higher than the highest resource level of clearance is requirred for information on the system. B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system. C. There must be formal access approval for all information that the user will access on the system. D. All users must have a valid need to know some of the information on the system.
A
655
70 - A one-time pad is one of the most powerful substitution ciphers. What must be true order to maintain the integrity of the algorithm for the one-time pad? A. The one-time pad should be used no more than three times. B. The encryption key that is used for the one-time pad must be manually created. C. Physical protection against disclosure for the one-time pad should be considered. D. At a minimum, the key must be as long as the message that it will be encrypting.
D
656
71 - Why are most companies unaware that they have ever been attacked? A. There are only a few laws that specifically address computer crimes. B. Attackers usually erase any logs that record their activities. C. Most attacks are performed by individuals located inside the target network. D. Attackers usually spoof their IP addresses.
B
657
72 - Which backup strategy copies only the files that have changed since the last backup without altering their archive bits? A. Copy backup B. Full backup C. Incremental backup D. Differential backup
D
658
73 - What is the most common security issue for most companies? A. Data diddling B. IP spoofing attacks C. DoS attacks D. Excessive privileges
D
659
74 - Which rule is also classified as the "no read down" rule? A. Simple integrity axiom B. Star property rule C. Star integrity axiom D. Simple security rule
A
660
75 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators? A. Most attacks are performed by individuals located outside of the network B. There are only a few laws that specifically address computer crimes C. Many attackers spoof their IP addresses and erase logs to cover their tracks D. Most companies do not use firewalls
C
661
76 - Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method? A. Something you know B. Something you are C. Something you have D. Something you use
C
662
77 - What technique utilizes anonymous opinions by members of the risk analysis team? A. Safeguard B. Quantitative C. Delphi D. Classification
C
663
78 - Which regulation for financial institutions emphasizes resuming and maintaining business operations after a disaster? A. NYSE Rule 446 B. FFIEC C. NASD Rule 3510 D. Electronic Funds Transfer Act
B
664
79 - Which option identifies the encryption protocol used by the 802.11i standard for wireless local area networks? A. CCMP B. AES C. RSN D. Rijndael
A
665
80 - Ensuring that data within your organization is available at all times is a major operations concern. There are various techniques that you can employ within an organization to maintain the availability of data. Implementing backups is an example of such a technique. Which technique should you employ if you wish to maintain the availability, confidentiality, and integrity of data within your organization? A. Encrypt all sensitive data within the organization B. Implenet redudndant njetwork connections and equipment. C. Implement fault tolerance within the organziation D. Implement a secure storage solution within the organization
.D
666
81 - Which task is not part of the initial steps an attacker would perform when attacking a network? A. Determining which computers are physically active B. Determining which ports are open by performing port scans C. Start building a network topology D. Determining which operating systems are installedon the active computers.
B
667
82 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them? A. Fiber-optic B. Unshielded Twisted Pair C. Shielded Twisted Pair D. Coaxial
B
668
83 - Which security models match each characteristic? A. Lipner B. Biba C. Clark-Wilson D. Bell-LaPadula - Confidentiality and integrity - Integrity - Confidentiality
- [A]Confidentiality and integrity - [B, C]Integrity - [D]Confidentiality
669
84 - According to the event management process, which action shouldbe taken immediately after an event occurs? A. Report to the assessment team B. Report to the communications center C. Assess the event D. Implement a recovery strategy and plans
B
670
85 - Which type of detective software intelligently analyzes unknown code? A. Heuristic scanner B. Activity monitor C. Change detection software D. Signature scanner
A
671
86 - What part of the product evaluation process details with product development and maintenance? A. Clipping levels B.Operational assurance C. Change control D. Life-cycleassurance
D
672
87 - Which examples match security frameworks and risk assessment methodologies? ``` A. CRAMM B. OCTAVE C. COBIT D. COSO E. FRAP F. ITIL ``` - Risk Assessment Methodologies - Security Frameworks
- [A,E,B]Risk Assessment Methodologies | - [C, D, F]Security Frameworks
673
88 - IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode? A. Only the header and trailer information are protected. B. The payload as well as the header and trailer information C. Only the payload of the message is protected. D. Only the header information is protected.
B
674
89 - What type of virus infects the boot sector and executable files? A. Polymorphic B. Self-garbing C. Multipart D. Meme
C
675
90 - Which cryptographic attack is highly specializaed and targets environmental variables? A. Side channel attack B. Man-in-the-middle attack C. Related key attack D. Chosen plaintext attack
A
676
91 - There are different types of offsite solutions for facility recovery. What is the most common type of subscription-based backup facility? A. Warm B. Cold C. Rdundant D. Hot
A
677
92 - Which recovery strategy involves different organizations supporting each other's operations in the event of an outage or emergency? A. Reciprocal agreements B. Multiple processing locations C. Outsourcing D. Dual data center
A
678
93 - Which type of lock provides the least amount of security? A. Tumbler lock B. Smart lock C. Electronic combination lock D. Warded lock
D
679
94 - There are various threats that directly affect your operations environment. It is important that youre environment is protected against these threas. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad? A. Corruption and modification B. Disclosure and corruption C. Interruption and disclosure D. Destruction and theft
A
680
95 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls? A. Provide users with the level of access they require to complete their assigned tasks. B. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel. C. Provide specific users with administrative-like access control capabilities. D. Provide all users with administrative-like access control capabilities.
C
681
96 - Which statement best describes a properly implemented incident handling program? A. Incident reporting should be decentralized B. Incident handling should be part of the disaster recovery plan C. Incident handling should be approached in a reactive manner D. Incident handling should be part of the business continuity plan.
B
682
97 - What statement is not true in regard to maintenance hooks? A. A backdoor into software created by the developer. B. A method used to bypass access controls to alter software code during the development process. C. A tool used by developers to patch systems after they go into production D. A security risk if not removed before the software goes into production
C
683
98 - What type of threat involves retransmitting packets to perform undesirable effects? A. Impersonation B. Replay C. Dumpster diving D. Data remanence
B
684
99 - What ITSEC rating is concerned with a high level of integrity during communications? A. F8 B. F7 C. F9 D. F6
A
685
100 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this? A. Wardialing B. Piggybacking C. Wardriving D. Modemsurfing
A
686
101 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients? A. Relational data model B. Distributed data model C. Rational data model D. Hierarchical data model
B
687
102 - When contracting a third-party provider to provide penetration testing for your organization, what is the MOST important piece of information that needs to be communicated to the contracted third party? A. Documation to sign over legal liability and responsibility of the penetration test B. Documentation providing contact information for each department head within the organization. C. Documentation showing the layout of the organization's network D. Documentation on how the penetration test will be performed
D
688
103 - Which form of malware activates when a certain time, string or code, date, or event happens? A. Worm B. Trojan horse C. Virus D. Logic bomb
D
689
104 - Vulnerability scanning is a common method used by intruders to determine theweaknesses withing a system. What is the first line of defense against vulnerability scanning? A. Have defined change control procedures within the organization. B. Apply the most current patches to the system. C. Close all open ports that are not required for daily activities. D. Perform a periodic vulnerability scan on the network.
C
690
105 - Which identity management system characteristics match with the identify management system? A. Combines services for authentication and authorization B. Encrypts packets betweenthe server and the client C. Uses PPP connections D. Provides packet delivery with UDP E. Provides packet delivery with TCP F. Supports the ApplTalk protocol - TACACS+ - RADIUS
- [F, B, E] TACACS+ | - [D, C, A] RADIUS
691
106 - There are various methodologies available for assessing an organization's security risks. Which risk assessment methodology would be best to use to prescreen systems and applications to determine wether further risk analysis is warranted? A. NIST SP 800-66 B. FRAP C. CRAMM D. FMEA
B
692
107 - What might be an important legal matter for a company to consider before selling or discarding older, unused equipment? A. Drive wiping is illegal B. Selling a computer system without an operating system may be illegal C. Erasing all data from a hard disk is illegal D. Reinstalling an operating system withproper licensing may be illegal
B
693
108 - Which algorithm's security comes fromthe difficulty of factoring large prime numbers? A. 3DES B. DES C. RSA D. AES
C
694
109 - Which mode of the Data Ecryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)? A. Cipher Feedback B. Electric Code Book C. Counter D. Cipher Block Chaining
C
695
110 - (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics, Identify one of the mandatory canons in the CISSP Code of Ethics. A. Provide diligent and competent service to principals B. Discharge professional responsibilities with diligence and honesty C. I will not misuse any information or privileges I am afforded as part of my responsibilities D. Thou shalt not use a computer to steal
A
696
111 - The first step in performing a risk assessment is to identify vulnerabilities. Which of the following is considered a security vulnerability? A. An access control system not functioning properly B. A disgruntled employee C. The absence of a security guard D. A piece of code written to creat a DoS attack
C
697
112 - What methodology focuses mainly on risk management related to information systesm? A. ORION B. NIST SP 800-39 C. CRAMM D. NIST SP 800-30
D
698
113 - Which type of cryptographic algorithm uses public and private keys? A. RSA B. 3DES C. DES D. AES
A
699
114 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources? A. Develop recovery strategies B. Business impact analysis C. Policy statement and team creation D. Plan maintenance
B
700
115 - Which security models match to each description? ``` A. Bell-LaPadula B.Harrison-Ruzzo-Ullman C. Clark-Wilson D. Biba E. State machine F. Lipner ``` - It stops subjects from gaining specific privileges by limiting the commands they can execute. - It prevents corrupted data from flowing to a higher integrity level. - Subjects must execute a transformation procedure to modify constrained data items. - System startups, command executions, and shutdowns are secured. - Lattice-based security levels determine whether a subject can access an object. - It combines aspects of the Bell-LaPadula and Biba models.
- [B]It stops subjects from gaining specific privileges by limiting the commands they can execute. - [D]It prevents corrupted data from flowing to a higher integrity level. - [C]Subjects must execute a transformation procedure to modify constrained data items. - [E]System startups, command executions, and shutdowns are secured. - [A]Lattice-based security levels determine whether a subject can access an object. - [F]It combines aspects of the Bell-LaPadula and Biba models.
701
116 - What type of technology makes use of a sandbox as a security mechanism? A. Java B. Malware C. DBMS D. ActiveX
A
702
117 - Which attack involves sending malformed packets to a system in order to cause it to crash or end processing? A. SYN flood attack B. Denial of Service (DoS) attack C. Fraggle attack D. Smurf attack
B
703
118 - What should be the last step in the project initiation phase? A. Appoint a BCP team B. Create a project plan C. Appoint a leader D. Present a project plan to management
D
704
119 - Your organization is performing business continuity and disaster recovery planning, and you are the lead planner for this project. The overall scope of the effort required for planning has been determined and you have begun to look at the resource requirements to complete the development of the plan. Which statement is not true concerning the resource requirements that are required to develop the project plan? A. Software tools may be used to help with the collection of information for planning. B. The planning team needs to be represented by individuals from business operations and technology areas. C. People used on the planning team should not be the same individuals that perform the recovery. D. Outside consultants may be hired to assist with the initial planning stages.
C
705
120 - Which technology provides availability, load balancing, redundancy, and failover? A. Clustering B. Redundant Servers C. RAID D. RADIUS
A
706
121 - Which database model allows for the storage of a wide spectrum of different types of data, including images, audio, and documents? A. Hierarchical database model B. Relational database model C. Object-oriented database model D. Distributed database model
C
707
122 - What is not a type of attribute that can be used to make authentication decisions in a biometric system? A. Keyboard dynamics B. Hand geometry C. Facial scan D. Skin scan
D
708
123 - Which activity can help identify the systems or network infrastructure points that are most likely to be attacked? A. Asset valuation B. Compartmentalization C. Substantive testing D. Aggregation
A
709
124 - Companies that have been attacked often choose not to release this information tot he media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account? A. Cult of the Dead Cow B.Chaos Computer Club C. Legion of Doom D. Kevin Mitnick
B
710
125 - What is the correct order of sensitivity level sofr data classification in commercial business? A. Public Private, Sensitive and Confidential B. Sensitive, Confidential, Private and Public C. Public, Sensitive, Private and Confidential D. Private, Confidential, Sensitive and Public
C
711
126 - What type of service hides internal IP addresses from external users and will replace IP addresses as necessary so that internal users can access public resources? A. PAT B. NIS C. DHCP D. NAT
D
712
127 - Administrative, technical, and physical controls should be used by security administrators to meet the organization's security requirements. What is an example of a technical control? A. Closed-circuit TV (CCTV) B. Router C. Data backup D. Biometric system
B
713
128 - What requires publicly listed organizations to produce annual internal financial reports? A. Sarbanes-oxley B. BS 25999 C. Title IX of the implementing the 9/11 Commision Recommendations Act of 2007 D. TCSEC
A
714
129 - What attributes are used when evaluating a system's protection mechanisms under the information Technology Security Evaluation Criteria (ITSEC)? A. Integrity and Authentication B. Confidentiality and Functionality C. Assurance and Integrity D. Functionality and Assurance
D
715
130 - Where is the ACS activity monitored and recorded for historical purposes? A. State machine model B. CCTV C. UPS system D. Access Control Head End
D
716
131 - After determining the risks that could affect business functions, what would be the least effecteive type of measure that could be implemented to help reduce the impact as much as possible? A. Proactive B. Preventative C. Cost-effective D. Reactive
D
717
132 - There are many different types of computer crimes, each of which can be committed differently. An employee who makes small, periodic changes to the company's financial records in an effort to go unnoticed is committing what type of crime? A. Salami attack B. Emanations capturing C. Data diddling D. Denial of Service (DoS)
A
718
133 - Which type of law acts on civil violations against an organization or individual? A. Administrative B. Criminal C. Regulatory D. Tort
D
719
134 - Which information concealment methods match to each dscription? A. Stenography B. Code words C. Watermarking D. Cryptography - Uses sophisticated mathematical techniques to hide information - Uses additional information within a file for detecting the theft of information - Uses a specific medium to hide information within - Uses letters to represent an idea or sentiment
- [D]Uses sophisticated mathematical techniques to hide information - [C]Uses additional information within a file for detecting the theft of information - [A]Uses a specific medium to hide information within - [B]Uses letters to represent an idea or sentiment
720
135 - What is NOT one of the three critical requirements for operations controls? A. Software control B. Resource protection C. Privileged-entry control D. Hardware control
A
721
136 - What type of intrusion detection system (IDS) is used to detect any sound that can be made by someone trying to force their way into a facility? A. Accoustical detection system B. Proximity detector C. Photometric system D. Electro-mechanical system
A
722
137 - Which standard was developed to outline countermeasures for emanation by electronic devices? A. EMSEC B. EMI C. EMP D. TEMPEST
D
723
138 - An updated security system is being considered for implementation to your company's building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs? A. Magnetic stripe card B. Electronic combination lock C. Proximity card D. Combination lock
C
724
139 - Which security principle ensures that information is protected from being modified by unauthorized individauls? A. Integrity B. Confidentiality C. Availability D. Authorization
A
725
140 - Intellectual property can be protected by what types of laws? A. Trademarks, Trade secrets, and accreditation B. Patents, trademarks, and certification C. Copyright, accreditation, and trade secrets D. Trade secrets, patents, and tradmarks
D
726
141 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occuring if one of the steps fails? A. Durability B. Isolation C. Atomicity D. Consistency
C
727
142 - What network device can you implement between end systems on a network to reduce the possibility of sniffing and monitoring attacks by potential intruders? A. Switches B. Routers C. Gateways D. Firewalls
A
728
143 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the user currently resides? A. Star integrity axiom B. Simple security rule C. star property rule D Simple integrity axiom
C
729
144 - Which security model has the ability to address the inference attack? A. Graham-Denning model B. Biba model C. Noninterference model D. Lattice model
C
730
145 - What type of intrusion detection system (IDS) uses strips of foil or pressure pads, near an entry point that sounds an alarm when the contact is broken? A. Proximity detector B. Electro-mechanical system C. Acoustical detection system D. Photometric system
B
731
146 - Which software development models match each description? A. Spiral B. SWaterfall C. Prototyping - With this model, a rough system is developed quickly and then tested and evaluated to check where improvements need to be ade. A new system is then made with the changes in place and the testing repeated. - This model consists of a set of phases that run in sequence where each phase has to be completed before it is possible to move on to the next phase. - In this model, each phase contains four in-built steps: planning, implementing, checking, and acting.
- [C]With this model, a rough system is developed quickly and then tested and evaluated to check where improvements need to be made. A new system is then made with the changes in place and the testing repeated. - [B]This model consists of a set of phases that run in sequence where each phase has to be completed before it is possible to move on to the next phase. - [A]In this model, each phase contains four in-built steps: planning, implementing, checking, and acting.
732
147 - Which technique involves an attacker probing a host for responses without being able to sniff sequence and acknowledgement messages? A. Scrubbing B. Brute force attack C. Blind spoofing D. Emanation
C
733
148 - What is the most important consideration when planning the building of a new company facility? A. Crime rate in the area B. Saftey of personnel C. Proximity to airport D. Materials used in construction
B
734
149 - Which NIST 800-34 standard steps that can be applied to business continuity planning match each description? A. Develop recovery strategies. B.Develop the contingency plan C. Conduct the BIA D. Maintain the plan - Implement procedures to keep the BCP updated on a frequent basis. - Identify threats and calculate risks - Provide procedures for the organization to remain operational while functions and stystems are offline - Select methods to ensure systems are efficiently brought back online
-[D]Implement procedures to keep the BCP updated on a frequent basis. -[C]Identify threats and calculate risks -[B]Provide procedures for the organization to remain operational while functions and systems are offline [A]-Select methods to ensure systems are efficiently brought back online
735
150 - In which mode is a system operating if all users have a formal need to know as well as a clearance for all data in the system? A. System High-Security Mode B. Multilevel Security Mode C. Compartmented Security Mode D. Dedicated Security Mode
D
736
151 - Which access control concept involves isolating groups of people and information so that information is not passed between the groups? A. Compartmentalization B. Need to know C. Least privilege D. Security domain
A
737
152 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs? A. Warm reboot B. Emergency system restart C. System reboot D. System cold start
A
738
153 - What would be the maximum tolerable downtime (MTD) of a business function catergorized as urgent? A. 24 hours B. 7 days C. Up to 4 hours D. 30 days
A
739
154 - What is one of the bets ways to prevent piggybacking from occuring at the access points into a facility? A. Security guards B. Swipe cards C. Programmable locks D. Proximity cards
A
740
155 - Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination? A. Session B. Data link C. Network D. Physical
C
741
156 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs? A. Their being used to identify wireless hotspots that attackers can use to initiate attacks B. Susceptibility to DoS attacks C. Accidental disclosure of confidential, private information D. Their being used to facilitate the spread of malicious code
C
742
157 - What would be the least effective method to prevent an intruder from gaining access to a facility? A. Smartcards B. CCTV C. A fence D. Guard dogs
B
743
158 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with? A. Accreditation B. Affirmation C. Certification D. Hallmark
A
744
159 - Which Common Criteria Evaluation Assurance Level (EAL) involves semiformal design and testing of systems? A. EAL 7 B. EAL 1 C. EAL 3 D. EAL 5
D
745
160 - What is the best method to use as a means of ensuring that users adhere to the organization's security policies? A. Create security procedures that identify the steps required to achieve thepolicy requirements B. Identify penalties associated with noncompliance C. Create security standards that support the policies D. Conduct security awareness training and education
D
746
161 - When does a buffer overflow occur? A. When an application sends too much information to another application causing a blue screen B. When an application runs out of memory and crashes the system C. When too much data is entered into the buffer D. When the operating system runs out of RAM and causes a reboot
C
747
162 - Which features match to each key technology A. Can be re-pinned by using a master key B. Identifies the individual key holder C. Allows for 10 to 15 lock changes D. Contains a built-in microprocessor - Instakey - Intellikey
- [A, C] Instakey | - [D, B] Intellikey
748
163 - What is the best strategy for outsourcing? A. Developing an outsourcing strategy independent of auditing considerations related to outsourcing B. Including appropriate terms and conditions in the SLA C. Excluding service improvement expectations from the outsourcing contract D. Omitting business continuity and disaster recovery considerations from the outsourcing strategy
B
749
164 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs? A. Fences B. Gates C. Bollards D. Landscaping
A
750
165 - There are different types of eavesdropping methods. Which method involves tampering with a transmission medium in order to create a covert signalling channel? A. Covert Channel Eavesdropping B. Passive Eavesdropping C. Channel Eavesdropping D. Active Eavesdropping
D
751
166 - You want to guard against social engineering attacks, including fraudulent e-mails and fradulent telephone calls. What would be the best choice to ensure security? A. Employee training B. IDS C. Separation of duties D. Access control
A
752
167 - What is the highest level of information classification used by the majority of organizations? A. Confidential B. Internal use only C. Restricted D. Secret
C
753
168 - What is the MOST important consideration when collecting and preserving evidence for legal action after a server has been compromised? A. Maintaining proper chain of custody B. Obtaining a bit-by-bit copy of the server's hard disk C. Disconnecting the server's power supply D. Disconnecting the server's network cable
A
754
169 - While away on business you are forced to leave a company laptop unattended in your hotel room for several hours. What would be the best method of securing the sensitive data stored on this laptop from theft? A. Maintain backups of the sensitive data in a secure location B. Secure the laptop to a hotel desk using a locking cable C. Use encryption software to encrypt the sensitive data D. Have the laptop engraved with an ID number
C
755
170 - What is not true with respect to the relationships between threat, vulnerability, exposure, countermeasure and risk? A. The probability of a fire causing damage is a risk. B. A vulnerability can expose a system to possible damage. C. A threat agent takes advantage of a vulnerability. D. A countermeasure can mitigate a vulnerability.
D
756
171 - What is the main factor for strengthening the functions of cryptographic systems? A. Increase in the number of cryptographic algorithms B. Increase in classified information C. Increase in computational power D. Increase in the number of hackers
C
757
172 - Which security standard consists of five principles and seven enablers? A. COBIT version 5 B. ISO/IEC 27001:2005 C. ITSEC D. ISO/IEC 15408
A
758
173 - Which is NOT an integrity goal that is addressed by the Clark-Wilson model? A. Authorized users should be prevented from making unauthorized changes. B. Unauthorized users should be prevented from making changes. C. Internal and external consistency should be maintained at all times D. All users must be identified and authenticated.
D
759
174 - What law protects software programs from illegal distribution? A. Trademark B. Trade secret C. Patent D. Copyright
D
760
175 - A company crime has been reported and an investigation by the company's incident response team has confirmed that an actual crime has been commited. The initial evidence indicates that the crime appears to have been committed by an employee within the company. What department should be notified? A. Marketing B. Human Resources C. Finance D. Software Development
B
761
176 - You need to select a server room fire suppressant that is considered environmentally safe and less damaging to hardware. What should you choose? A. Carbon Dioxide B. FM200 C. Halon 1301
B
762
177 - What best describes an information protection environment? A. Audits, logs, policies, and procedures used to track user activities throughout the organization B. An environment for operations security that encompasses all computing resources in an organization C. An environment for software security that encompasses all software used in an organization D. An environment for hardware security that encompasses all dedicated hardware in an organization
B
763
178 - What are the strengths and weaknesses of asymmetric cryptography? A. Uses more computational power than the other cryptography method B. Provides confidentialtiy only C. Provides authenticity D. Better key distribution than the other cryptography method E. Uses less computational power than the other cryptography method F. Does not scale well in terms of key management - Strength - Weakness
- [C, D]Strength | - [A]Weakness
764
179 - What is the term that describes the estimated time a device should last before it stops working? A. Mean time between failure B. Mean time to fix C. Mean time before replacement D. Mean time to repari
A
765
180 - Which rules will protect data at an integrity level from being corrupted by data at a lower integrity level? A. Star property rule B. Simple security rule C. Strong start property rule D. SImple integrity axiom
D
766
181 - Intrusion detection systems are used to determine if attacks are occuring on a network. There are several different types of intrusion detection systems available on the market. You have been tasked with implementing an intrusion detection system that uses predefined knowledge to determine if an attack is occuring. Which one should you implement? A. Host-based intrusion detection system B. Network-based intrusion detection system C. Statistical anomaly-based intrusion detection D. Signature-based intrusion detection
D
767
182 - You need provide security for your client's connections to your web server. You need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this? A. HTTP B. HTTPS C. S-HTTP D. SET
B
768
183 - What is the first step that should be performed for a penetration test? A. Exploitation B. Vulnerability analysis C. Enumeration D. Reconnaissance
D
769
184 - Which type of virus takes advantage of system precedence? A. Macro virus B. Multipartite virus C. Polymorphic virus D. Companion virus
D
770
185 - Which attack takes advantage of weaknesses in the design of the TCP protocol? A. SYN flood B. Fraggle C. Smurf D. Teardrop
A
771
186 - Whcih security principle can have the greatest effect on user productivity? A. Confidentiality B. Authorization C. Integrity D. Availability
D
772
187 - Which standard is recommended by the implementing the 9/11 Commission Recommendations Act of 2007? A. TCSEC B. NFPA 1600 C. ISO/IEC 27002 D. Common Criteria
B
773
188 - Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network? A. Decrease the number of rings that will occur before the RAS server answers an incoming call. B. Change the phone numbers for the modems wthin the RAS server. C. Increase the number of rings that will occur before the RAS server answers an incoming call. D. Disable all modems that are not required for incoming calls.
C
774
189 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company's president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora's Fourth Amendment rights? A. If management is acting as private citizens, Debora's Fourth Amendment rights owould not be violated. B. If management is acting as private citizens, Debora's Fourth Amendment rights would be violated. C. If management is acting as a police agent, Debora's Fourth Amendment rights would not be violated. D. If Debora is acting as a police agent, management's Fourth Amendment rights would not be violated.
A
775
190 - Which is the final step that you should include in any backup plan? A. Test the backup plan. B. Determine what type of backup media you will require. C. Determine where you should store the backup media and how long you should store it there. D. Determine what data you will need to back up.
A
776
191 - Which is not a characteristic of business impact analysis? A. Determining a recover strategy B. Identifying critical systems C. Developing it early in business continuity planning D. Determining the maximum tolerable downtime (MTD)
A
777
192 - What type of threat to access control consists of a mtehod to bypass the normal user authentication process in a software product? A. Data remanence B. Buffer overflow C. Trapdoor D. Overt channel
C
778
193 - Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings? A. ARP table poisoning B. Reverse ARP C. Poisoning ARP cache D. Reverse ARP table poisoning
A
779
194 - Which of the following is an example of a brute force attack? A. A program that covers up the login screen and captures the values once they are innputted by the user. B. A program that uses a pre-defined list of values and compares it to captured values C. A program that sniffs the network and captures packets D. A program that uses every possible input combination to try to determine the correct value
D
780
195 - During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase? A. Data and voice equipment B. Environmental issues C. Computer and network equipment D. Human resources
D
781
196 - The companny's database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significatnt amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in? A. Urgent B. Critical C. Normal D. Nonessential
A
782
197 - What is not a characteristic of decentralized access control administration? A. Changes in access control happen faster. B. Uniform access controls across an organization. C. Access control is implemented closer to the actual resource. D. Possible overlap in access controls
B
783
198 -The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise availability? A. DDenial-of-Service attack B Human error C. Dumpster diving D. Social engineering
A
784
199 - What should you configure to ensure that received fax documents are kept confidential and secure? A. Configure a fax server to route the received faxes to the fax device that is nearest to the recipient. B. Configure the fax device to aonly accept faxes when a user is present to receive it. C. Configure a fax server to route the received faxes to the appropriate user's electronic mailbox. D. Configure a fax server to print the faxes to the nearest printer and include a cover page that separates the printed faxes by user name.
C
785
200 - A computer crime is suspected and reported to senior management. What should the incedent response team consider during the preliminary investigation? A. Which company officials should be informed via e-mail B. Who will communicate with the media C. Whether the police should be contacted D. Whether the suspect should be contacted
C
786
201 - Which standardized algorithm can produce a message digest value in the range of 128 to 256 bits? A. MD5 B. HAVAL C. MD4 D. SHA-3
B
787
202 - During the system development process, logging should be enabled to ensure that the development life cycle is tracked. What should you track in the logs? A. Completion codes B. Who accessed the resource, what resource was accessed, and when the resource was accessed C. Edits D. Operating instructions
B
788
203 - Several measures can be taken to help protect against electric power issues. What is NOT a recommended method of protecting devices? A. Do not run cables close to fluorescent lights. B. Plug all devices into surge protectors. C. Use shielded cables. D. Plug power bars into other power bars to help provide additional protection.
D
789
204 - A BCP team determines the scope of the plan, creates a timeline, and prepares a policy statement that all department managers will sign. What other important step for initiating the project must the team perform? A. List the assets that the company has and their replacement values. B. Obtain senior management support for the project. C. Consider the legal regulations that apply to the industry in particular. D. Conduct a business impact analysis (BIA).
B
790
205 - Biometric devices are among the most accurate and secure methods of authentication available. However, some users find them obtrusive and are therefore reluctant to use them. What biometric recognition system is the most widely accepted and implemented? A. Fingerprints B. Facial features C. Iris patterns D. Retinal patterns
A
791
206 - What is NOT an example of a detective physical control? A. Smoke and fire detectors B. Alarms and sensors C. Security guards D. Library control systems
D
792
207 - Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis? A. Uses a lot of educated guesses B. Presents yearly losses C. Opinions are provided by process experts D. Does not take into consideration cost/benefit analysis E. Requires calculations - Qualitative risk analysis - Quantitative risk analysis
- [A, C, and D]Qualitative risk analysis | - [E, and B]Quantitative risk analysis
793
208 - Management has approached you about the current Redundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level support multiple drive failures. What should you tell them? A. RAID 1 B. RAID 10 C. RAID 0 D. RAID 5
B
794
209 - What type of attack involves interference that overpowers the sending and receiving of a data signal on a communications link? A. Man-in-the-Middle attacks B. Covert Wireless Channel C. Eavesdropping D. Denial of Service Jamming
D
795
210 - The integrity of data within a database can be protected by different types of operations. Which is NOT an operation that will protect the integrity of data within a database? A. Rollback B. Commit C. Inference D. Savepoint
C
796
211 - Which model allows changes to occur dynamically for access controls based on previous actions that a user performed? A. Graham-Denning model B. Brewer and Nash model C. Chinese Firewall model D. Lattice model
B
797
212 - Information security responsibilities are inherent to the role within the organization. Which organizational role is best suited to identifying and prioritizing. Security efforts, and recommending security policies to put into place within the organization? A. Data owner B. Executive management C. Steering committee D. Information security officer
C
798
213 - You are the network administrator for a branch office. You need to secure the network traffic as it enters and leaves your office. Your plan is to implement a hardware based firewall. The firewall should be able to inspect the data's source and destination address. This will allow you to implement access control lists to control access to specific applications and services. What type of firewall should you implement to meet the branch office security requirements? A. Stateful inspection B. Application Level C. Packet Filtering D. Circuit Level
C
799
214 - Which protocol relies on a "web of trust" for its key management approach instead of a hierarchy of certificate authorities? A. PGP B. Deffie-Hellman C. SSL D. RSA
A
800
215 - How does DCOM provide security for software applications? A. It creates authentication levels that protect the authenticity, integrity, and confidentiality of data B. It uses digital signatures, which are verified using the Authenticode technology C. It uses garbage collection to leave classified data in unallocated memory locations D. It creates sandboxes, which are security boundaries within which untrusted applets are executed
A
801
216 - A public key infrastructure provides many different types of security services. Which is NOT a security service that a public key infrastructure will provide? A. Access Control B. Nonrepudiation C. Certificate Authority D. Authentication
C
802
217 - Which type of attack does not involve the use of the encryption key or encryption algorithm to gain access to secret information? A. Social engineering B. Chosen ciphertext C. Brute force D. Chosen plaintext
A
803
218 - Which viable weekly backup strategy will take the least amount of time to complete? A. Perform a full backup every Monday and an incremental backup on the remaining days of the week. B. Perform a differential backup every Monday and an incremental backup on the remaining days of the week. C. Perform a full backup every Monday and a differential backup on the remaining days of the week. D. Perform a full backup every day.
A
804
219 - Which option is not classified as a presentation layer standard? A. MPEG B. HTTP C. TIFF D. JPEG
B
805
220 - Which type of security threat would be used by an attacker to delete a resource on a specific date or time? A. SYN flood attack B. Companion virus C. Logic bomb D. DoS attack
C
806
221 - What security model is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it? A. System High-Security Mode B. Dedicated Security Mode C. Multilevel Security Mode D. Compartmented Security Mode
A
807
222 - What is not an example of a physical control? A. External lights B. Subnets C. Building location D. Data backups
B
808
223 - Which type of security device is set into a door's edge? A. Biometric reader B. Mortise lock C. Rim lock D Card reader
B
809
224 - Concerning patch management, how should a set of recently released security updates be managed for your organization's production servers? A. Install only the updates for fixing problems that your firewall is unable to prevent B. Install them after ensuring that they work with the current network setup C. Install them immediately to ensure that no problems will occur D. Configure automatic updates to download the security updates
B
810
225 - RADIUS and TACACS+ are both examples of centralized access control technologies. Which of these options is NOT true in regards to TACACS+ and RADIUS? A. TACACS+ uses the Transmission Control Protocol (TCP) as its transport protocol. B. TACACS+ separates authentication, authorization, and accounting (AAA) functionalities. C. TACACS+ encrypts the user's password only. D. TACACS+ allows for more granular control.
C
811
226 - What type of backup will contain any files that have changed since the last full backup? A. Full B. Differential C. Complete D. Incremental
B
812
227 - Which statement is not true in relation to the term "back door"? A. There are various tools on the market that allow you to easily create and execute back door attacks. B. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in. C. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes. D. A back door attack allows an attacker to masquerade themselves as someone else.
D
813
228 - Which type of light is ideal for indoor lighting but not for outdoor lighting? A. Fluorescent B. Sodium vapor C. Mercury vapor D. Quartz lamps
A
814
229 - Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why? A. In order to share information between corporate sites B. For use in future employee training sessions C. To keep track of constant changes in software and hardware D. In order to reflect the constant change in the corporate landscape
C
815
230 - An attacker deleting specific incriminating information out of an audit log is referred to as what? A. Sniffing B. Scrubbing C. Purging D. Spoofing
B
816
231 - A computer crime has been reported and an investigation by the company's incident response team has confirmed that an actual crime has been committed. Who should be informed next? A. Network administrator B. Police C. Senior management D. Human resources department
C
817
232 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance? A. Fencing B. Keyboard monitoring C. Closed Circuit Television (CCTV) D. Audit logs
C
818
233 - Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer. However, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization? A. Chief security officer B. Chief financial officer C. Chief information officer D. Chief executive officer
C
819
234 - Which OSI reference model layers match to each function? ``` A. Network B. Presentation C. Session D. Transport E. Application F. Data-link ``` - []Responsible for error-free packet transfers between network nodes - []Establishes, maintains, and terminates connections between devices and applications - []Segments data in the appropriate size and format - []Ensures that data represented by one system can be interpreted by another system - []Specifies how data is routed from hosts on one network to hosts on another network - []Interacts directly with end users to provide network services
- [F]Responsible for error-free packet transfers between network nodes - [C]Establishes, maintains, and terminates connections between devices and applications - [D]Segments data in the appropriate size and format - [B]Ensures that data represented by one system can be interpreted by another system - [A]Specifies how data is routed from hosts on one network to hosts on another network - [E]Interacts directly with end users to provide network services
820
235 - What are the advantages and disadvantages of a warm site? A. Less expensive to maintain than a hot site B. Includes computers and servers C. No certainty that the site will be up and running within hours after being fully configured D. Testing of the site is done on an annual basis E. Good choice for organizations requiring proprietary hardware F. Partially configured - Advantages - Disadvantages
- [E, A]Advantages | - [F, C]Disadvantages
821
236 - In terms of a biometric system, what is referred to as a Type II error? A. False acceptance rate B. Crossover error rate C. Equal error rate D. False rejection rate
A
822
237 - A security practitioner is designing a network diagram that includes two routers and a firewall. A demilitarized zone (DMZ) is required for controlling DMZ access from untrusted and trusted sites.
The link off to the side from the firewall
823
238 - Which standard concentrates on how security controls are implemented, rather than which controls are implemented? A. ISO/IEC 27002 B. TCSEC C. ISO-IEC 27001:2005 D. Common Criteria
A
824
239 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher? A. Substitution B. Running key C. Transposition D. Null
C
825
240 - What is not a necessary step for developing a data classification program? A. Define procedures for declassifying data. B. Assign a data custodian. C. Assign responsibility for data classification to the data custodian. D. Define the classification levels.
C
826
241 - Which access cards match to each description? A. Proximity card B. Smart card C. Magnetic stripe card - Contains a microchip and opens a magnetic lock - Contains a microchip and can store a large amount of data - Made of PVC material and is easily damaged
- [A]Contains a microchip and opens a magnetic lock - [B]Contains a microchip and can store a large amount of data - [C]Made of PVC material and is easily damaged
827
242 - What often happens unexpectedly because of the development of a company s contingency plan? A. Hot sites are found to be expensive to maintain B. Improved business operations C. Support from senior management is realized D. RTOs are discovered
B
828
243 - Evidence must meet which criterion to be admissible in a court of law? A. Corroborative and conclusive B. Indisputable and intangible C. Relevant and reliable D. Insufficient and intangible
C
829
244 - What is the Biba model most concerned with? A. Verification B. Confidentiality C. Repudiation D. Integrity
D
830
245 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion? A. Separation of duties B. Access control C. Rotation of duties D. Intrusion detection
C
831
246 - Which algorithm is not a hashing algorithm? A. HAVAL B. RC4 C. SHA D. MD5
B
832
247 - Which access control model is based on a security label system? A. Discretionary access control B. Mandatory access control C. Nondiscretionary access control D. Role-based access control
B
833
248 - Your company is implementing wireless technologies to provide users with the mobility they require to perform their day to day activities. Management has approached you and is questioning the security of the wireless technologies in relation to wardriving. You need to assure them that the network will be secured against wardriving. Which security measure will not provide protection against wardriving? A. Enable the broadcasting of SSIDs on the access points that will be implemented within the network. B. Use 128-bit WEP as the encryption standard on the wireless network. C. Physically place the access points within the middle of the buildings. D. Change the SSID that will be used to identify the access point on the network
A
834
249 - The process of transferring transaction logs or journals to an offsite facility is known as what? A. Disk-shadowing B. Disk duplexing C. Remote journaling D. Electronic vaulting
C
835
250 - The international Information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory canon in the CISSP Code of Ethics? A. Act honorably, honestly, justly, responsibly , and legally. B. Protect society, the commonwealth, and the infrastructure. C. Provide diligent and competent service to principals. D. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty.
D