SU Practice exam bank Flashcards
(Random Partial Bank) 1 - An updated security system is being considered for implementation to your company’s building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs?
A. Electronic combination lock
B. Combination lock
C. Magnetic stripe card
D. Proximity card
D
2 - What Common Criteria assurance level is the first to require that the product is formally verified, designed, and tested?
A. EAL6
B. EAL5
C. EAL7
D. EAL4
C
3 – Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method?
A. Something you know
B. Something you use
C. Something you are
D. Something you have
D
4 – Which cipher is most susceptible to frequency analysis attacks?
A. Polyalphabetic Substitution Cipher
B. Caesar Cipher
C. Running Key Cipher
D. Transposition Cipher
B
5 – Before the recovery strategies from the Disaster Recovery Plan (DRP) are put into action, an event is triggered that starts the event management process.
4
6 – What does the term “trusted computing base” best address?
A. The level of communication a system provides
B. The level of security a system provides
C. The level of application portability a system provides
D. The level of trust a system provides
D
7- What can you use to determine whether an information security program is on track and on budget?
A. Operational metrics
B. Strategic metrics
C. Management metrics
D. Technical metrics
B
8 – There are various threats that directly affect your operations environment. It is important that your environment is protected against these threats. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad?
A. Destruction and theft
B. Interruption and disclosure
C. Corruption and modification
D. Disclosure and corruption
C
9 – What would be the least effective method to prevent an intruder from gaining access to a facility?
A. Guard dogs
B. CCTV
C. Smartcards
D. A fence
B
10 – Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network?
A. Disable all modems that are not required for incoming calls.
B. Change the phone numbers for the modems within the RAS server
C. Decrease the number of rings that will occur before the RAS server answers an incoming call.
D. Increase the number of rings that will occur before the RAS server answers an incoming call.
D
11 – Which of the following is an example of a brute force attack?
A. A program that covers up the login screen and captures the values once they are inputted by the user
B. A program that sniffs the network and captures packets
C. A program that uses a pre-defined list of values and compares it to captured values
D. A Program that uses ever possible input combination to try to determine the correct value
D
12 – Which access control model makes use of ACLs?
A. Mandatory access control
B. Discretionary access control
C. Nondiscretionary access control
D. Role-based access control
B
13 – Which statement best describes a properly implemented incident handling program?
A. Incident handling should be part of the disaster recovery plan
B. Incident handling should be part of the business continuity plan
C. Incident handling should be approached in a reactive manner.
D. Incident reporting should be decentralized
A
15 – A BCP team determines the scope of the plan, creates a timeline, and prepares a policy statement that all department managers will sign. What other important step for initiating the project must the team perform?
A. Consider the legal regulations that apply to the industry in particular.
B. Conduct a business impact analysis (BIA).
C. Obtain senior management support for the project.
D. List the assets that the company has and their replacement values.
C
16 – During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase?
A. Human resources
B. Data and voice equipment
C. Computer and network equipment
D. Environmental issues
A
17 – You need to implement a method of verifying that only authorized individuals are able to gain access to a restricted section of your facility. You need to implement an automated system that ensures every person is individually identified and authorized before they are permitted to enter. What authentication methods would best suit your needs?
A. Mantrap
B. An annuciator capable system
C. Security guards
D. Smart lock
A
18 – What best describes an information protection environment?
A. An environment for software security that encompasses all software used in an organization
B. An environment for operations security that encompasses all computing resources in an organization
C. Audits, logs, policies, and procedures used to track user activities throughout the organization
D. An environment for hardware security that encompasses all dedicated hardware in an organization
B
19 – What law protects company logos from illegal duplication?
A. Copyright
B. Patent
C. Trademark
D. Trade Secret
C
20 – Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded?
A. Overwriting
B. Degausing
C. Destroying
D. Clearing
D
21 – (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics. Identify one of the mandatory canons in the CISSP Code of Ethics.
A. Thou shalt not use a computer to steal.
B. Provide diligent and competent service to principals
C. I will not misuse any information or privileges I am afforded as part of my responsibilities
D. Discharge professional responsibilities with diligence and honesty.
B
22 – The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router?
A. Layer 3
B. Layer 1
C. Layer 2
D. Layer 7
A
23 – Which methodological framework categorizes IT processes and activities into four domains for governance?
A. COSO
B. ITIL
C. ISO 27000
D. COBIT version 4.1
D
24 – Which attack involves sending malformed packets to a system in order to cause it to crash or end processing?
A. SYN flood attack
B. Smurf attack
C. Denial of Service (DoS) attack
D. Fraggle attack
C
25 – Which type of lock provides the least amount of security?
A. Electronic combination lock
B. Smart lock
C. Warded lock
D. Tumbler lock
C