SU Practice exam bank Flashcards by Josh Selkirk

(Random Partial Bank) 1 - An updated security system is being considered for implementation to your company’s building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs?

A. Electronic combination lock
B. Combination lock
C. Magnetic stripe card
D. Proximity card

How well did you know this?

Not at all

Perfectly

2 - What Common Criteria assurance level is the first to require that the product is formally verified, designed, and tested?

A. EAL6
B. EAL5
C. EAL7
D. EAL4

How well did you know this?

Not at all

Perfectly

3 – Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method?

A. Something you know
B. Something you use
C. Something you are
D. Something you have

How well did you know this?

Not at all

Perfectly

4 – Which cipher is most susceptible to frequency analysis attacks?

A. Polyalphabetic Substitution Cipher
B. Caesar Cipher
C. Running Key Cipher
D. Transposition Cipher

How well did you know this?

Not at all

Perfectly

5 – Before the recovery strategies from the Disaster Recovery Plan (DRP) are put into action, an event is triggered that starts the event management process.

How well did you know this?

Not at all

Perfectly

6 – What does the term “trusted computing base” best address?

A. The level of communication a system provides
B. The level of security a system provides
C. The level of application portability a system provides
D. The level of trust a system provides

How well did you know this?

Not at all

Perfectly

7- What can you use to determine whether an information security program is on track and on budget?

A. Operational metrics
B. Strategic metrics
C. Management metrics
D. Technical metrics

How well did you know this?

Not at all

Perfectly

8 – There are various threats that directly affect your operations environment. It is important that your environment is protected against these threats. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad?

A. Destruction and theft
B. Interruption and disclosure
C. Corruption and modification
D. Disclosure and corruption

How well did you know this?

Not at all

Perfectly

9 – What would be the least effective method to prevent an intruder from gaining access to a facility?

A. Guard dogs
B. CCTV
C. Smartcards
D. A fence

How well did you know this?

Not at all

Perfectly

10 – Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network?

A. Disable all modems that are not required for incoming calls.
B. Change the phone numbers for the modems within the RAS server
C. Decrease the number of rings that will occur before the RAS server answers an incoming call.
D. Increase the number of rings that will occur before the RAS server answers an incoming call.

How well did you know this?

Not at all

Perfectly

11 – Which of the following is an example of a brute force attack?

A. A program that covers up the login screen and captures the values once they are inputted by the user
B. A program that sniffs the network and captures packets
C. A program that uses a pre-defined list of values and compares it to captured values
D. A Program that uses ever possible input combination to try to determine the correct value

How well did you know this?

Not at all

Perfectly

12 – Which access control model makes use of ACLs?

A. Mandatory access control
B. Discretionary access control
C. Nondiscretionary access control
D. Role-based access control

How well did you know this?

Not at all

Perfectly

13 – Which statement best describes a properly implemented incident handling program?

A. Incident handling should be part of the disaster recovery plan
B. Incident handling should be part of the business continuity plan
C. Incident handling should be approached in a reactive manner.
D. Incident reporting should be decentralized

How well did you know this?

Not at all

Perfectly

15 – A BCP team determines the scope of the plan, creates a timeline, and prepares a policy statement that all department managers will sign. What other important step for initiating the project must the team perform?

A. Consider the legal regulations that apply to the industry in particular.
B. Conduct a business impact analysis (BIA).
C. Obtain senior management support for the project.
D. List the assets that the company has and their replacement values.

How well did you know this?

Not at all

Perfectly

16 – During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase?

A. Human resources
B. Data and voice equipment
C. Computer and network equipment
D. Environmental issues

How well did you know this?

Not at all

Perfectly

17 – You need to implement a method of verifying that only authorized individuals are able to gain access to a restricted section of your facility. You need to implement an automated system that ensures every person is individually identified and authorized before they are permitted to enter. What authentication methods would best suit your needs?

A. Mantrap
B. An annuciator capable system
C. Security guards
D. Smart lock

How well did you know this?

Not at all

Perfectly

18 – What best describes an information protection environment?

A. An environment for software security that encompasses all software used in an organization
B. An environment for operations security that encompasses all computing resources in an organization
C. Audits, logs, policies, and procedures used to track user activities throughout the organization
D. An environment for hardware security that encompasses all dedicated hardware in an organization

How well did you know this?

Not at all

Perfectly

19 – What law protects company logos from illegal duplication?

A. Copyright
B. Patent
C. Trademark
D. Trade Secret

How well did you know this?

Not at all

Perfectly

20 – Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded?

A. Overwriting
B. Degausing
C. Destroying
D. Clearing

How well did you know this?

Not at all

Perfectly

21 – (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics. Identify one of the mandatory canons in the CISSP Code of Ethics.

A. Thou shalt not use a computer to steal.
B. Provide diligent and competent service to principals
C. I will not misuse any information or privileges I am afforded as part of my responsibilities
D. Discharge professional responsibilities with diligence and honesty.

How well did you know this?

Not at all

Perfectly

22 – The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router?

A. Layer 3
B. Layer 1
C. Layer 2
D. Layer 7

How well did you know this?

Not at all

Perfectly

23 – Which methodological framework categorizes IT processes and activities into four domains for governance?

A. COSO
B. ITIL
C. ISO 27000
D. COBIT version 4.1

How well did you know this?

Not at all

Perfectly

24 – Which attack involves sending malformed packets to a system in order to cause it to crash or end processing?

A. SYN flood attack
B. Smurf attack
C. Denial of Service (DoS) attack
D. Fraggle attack

How well did you know this?

Not at all

Perfectly

25 – Which type of lock provides the least amount of security?

A. Electronic combination lock
B. Smart lock
C. Warded lock
D. Tumbler lock

How well did you know this?

Not at all

Perfectly

26 – IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode? A. Only the header information is protected. B. Only the header and trailer information are protected. C. The payload as well as the header and trailer information is protected. D. Only the payload of the message is protected.

27 – What is an example of a deterrent control? A. Smart cards B. Security policies C. Fences D. Audit logs

28 – The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs? A. Rollback B. Inference C. Savepoint D. Commit

29 – Management has approached you and would like you to explain how they can possibly prevent collusion within the organization. What should you tell them? A. Force employees to take mandatory vacations. B. Implement separation of duties. C. Implement the rule of least privilege. D. Implement job rotation.

30 – What is the first level in the Orange Book that requires users to be individually identified and accountable for their actions? A. C2 B. B2 C. C1 D. B1

31 – Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis? A. Uses a lot of educated guesses B. Does not take into consideration cost/benefit analysis C. Requires calculations D. Presents yearly losses E. Opinions are provided by process experts

Quantitative Risk Analysis: C, D | Qualitative risk analysis: A, E, and B

32 – Which statement best describes the Business Continuity Planning (BCP) recovery strategies? A. They are predefined activities that will be used when a disaster strikes. B. They are measures put into place to help reduce the likelihood of a disaster. C. They are predefined activities that will be used to prevent a disaster from occurring. D. They are measures put into place to help detect when a disaster strikes.

33 – Which is not a term that is used to identify the type of response an operating system will take when a failure occurs? A. Emergency system restart B. System reboot C. System cold start D. Warm reboot

34 – What is considered the appropriate height for a fence to deter a determined intruder? A. Three to four feet high B. Six to seven feet high C. Eight feet high D. One to two feet high

35 – A one-time pad is one of the most powerful substitution ciphers. What must be true order to maintain the integrity of the algorithm for the one-time pad? A. Physical protection against disclosure for the one-time pad should be considered. B. The one-time pad should be used no more than three times. C. At a minimum, the key must be as long as the message that it will be encrypting. D. The encryption key that is used for the one-time pad must be manually created.

36 – What is one of the best ways to keep a Business Continuity Plan (BCP) up to date? A. Maintain a record of any revisions made to the BCP plan. B. Integrate the BCP plan into the change management process C. Review the BCP plan at least once a year D. Include maintenance responsibilities in job descriptions.

37 – What are the advantages and disadvantages of a warm site? A. No certainty that the site will be up and running within hours after being fully configured B. Partially configured C. Less expensive to maintain than a hot site D. Testing of the site is done on an annual basisE. Good choice for organizations requiring proprietary hardwareF. Includes computers and servers

Advantages: E, CDisadvantages: B, A

38 – What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986? A. To gain authorized access to personal medical information B. To use classified data for the benefit of a foreign nation C. To disclose personal medical information D. To gain unauthorized access to government computers

39 – Which method is most secure when updating routing information? A. Static updates B. Link-state updates C. Dynamic updates D. Distance-vector updates

40 – An attacker deleting specific incriminating information out of an audit log is referred to as what? A. Spoofing B. Sniffing C. Scrubbing D. Purging

41 – What is the first level in the Orange Bok that requires labeled security? A. B2 B. C1 C. C2 D. B1

42 – What would be the least effective method used to secure a fax transmission? A. Require users to encrypt their own transmissions B. Implement a fax encryptor C. Use a fax server on the network D. Enable logging and auditing of fax transmissions

43 – Which is NOT a type of programming language? A. High-Level B. Assembly C. Machine D. Interpreter

44 – Which option is not classified as a presentation layer standard? A. JPEG B. MPEG C. TIFF D. HTTP

45 – You need to send several classified documents to one of your company’s clients. You want to implement a method of detecting any illegal copying of these classified documents. Which method could you use? A. Steganography B. Running key cipher C. Watermarking D. Code words

46 – What is the term that describes an understanding with another company to use their facilities in the event of a disaster?A. Mobile hot siteB. Reciprocal agreementC. Redundant siteD. Alternate off-site facility

47 – Which access control concept is used when operational secrecy is a major concern? A. Compartmentalization B. Security domain C. Need to know D. Least privilege

48 – Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators? A. There are only a few laws that specifically address computer crimes B. Most attacks are performed by individuals located outside of the network C. Most companies do not use firewalls D. Many attackers spoof their IP addresses and erase logs to cover their tracks.

49 – You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as? A. Affirmation B. Certification C. Hallmark D. Accreditation

50 – Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why? A. For use in future employee training sessions B. In order to share information between corporate sites C. In order to reflect the constant change in the corporate landscape D. To keep track of constant changes in software and hardware

51 – The application layer of the TCP/IP model maps to which layers of the OSI model? A. Presentation, Session, Transport B. Application, Session, Transport C. Transport, Network, Data Link D. Application, Presentation, Session

52 – What might a security architect use as a starting point for their design? A. Bell-LaPadula model B. Reference architecture C. Access control matrix D. Distributed data model

53 – The risk management framework defines six major areas of risk management. The operational risk management area is broken down further into which specific areas of risk? A. Financial, strategic, technology B. People process, events C. People, credit, market D. Process, market, events

54 – You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mail where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BWEST meet these needs? A. Landscaping B. Fences C. Bollards D. Gates

55 – What is the main factor for strengthening the functions of cryptographic systems? A. Increase in classified information B. Increase in computational power C. Increase in the number of cryptographic algorithms D. Increase in the number of hackers

56 – Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation? A. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information. B. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information. C. A user has the permissions to access information, and does not have the required permissions to access subsets of the same information. D. A user has the permissions to access information, and also has the required permissions to access subsets of the same information.

57 – Which cryptographic attack involves learning the cryptographic key by comparing false results from an error state with known good information? A. Fault analysis B. Linear cryptanalysis C. Related key attack D. Probing attack

58 – There are many different types of computer crimes, each of which can be committed differently. An employee who makes small, periodic changes to the company’s financial records in an effort to go unnoticed is committing what type of crime? A. Salami attack B. Data diddling C. Denial of Service (DoS) D. Emanations capturing

59 – Management has approached you about the current Rdundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level supports multiple drive failures. What should you tell them? A. RIAD 10 B. RAID 5 C. RAID 1 D. RAID 0

60 – Which type of attack involves deceiving a trusting person into sharing confidential information? A. Passive B. Active C. Spoofing D. Social engineering

61 – What Common Criteria assurance level is the first to require that the product is methodically tested and checked? A. EAL 5 B. EAL 4 C. EAL 3 D. EAL 2

62 – What is NOT true regarding the services that MPLS provides? A. Traffic engineering is provided B. Encryption is provided C. Packet labeling is provided D. QoS is provided

63 – Which method does not provide integrity for a message? A. Hashing a message B. Encrypting a message C. Encrypting and digitally signing a message D. Digitally signing a message

64 - Which option is NOT TRUE in regards to key management? A. The lifetime of a key should be dictated by the amount of usage. B. Key lengths should be long enough to provide the level of protection that is required. C. Keys should be maintained in a secure location when their lifetime expires. D. Keys should be stored and transmitted in a secure manner.

65 – Disk mirroring is an electronic backup method that reduces the risk of data loss due to component failure. What is also true of disk mirroring? A. It increases disk overhead. B. It offers a higher level of protection than disk duplexing. C. The controller is not a single point of failure. D. It transfers exact copies of data files to a remote location.

66 – What is not a type of attribute that can be used to make authentication decisions in a biometric system? A. Skin scan B. Keyboard dynamics C. Facial scan D. Hand geometry

67 – Which access control threats match each description? A. Dictionary Attacks B. Brute force attacks C. Spoofing - Involves a fake user logon screen being presented to a user for them to input their username and password - Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - Involves trying different input combinations in an attempt to find a correct password

- [C] Involves a fake user logon screen being presented to a user for them to input their username and password - [A] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - [B] Involves trying different input combinations in an attempt to find a correct password

68 – A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her? A. You should tell her to only hire honest people. B. You should tell her to implement logs. C. You should tell her to implement auditing. D. You should tell her to implement an accountability server.

69 – Which of the following is NOT one of the principles identified by the Directive on Data Protection? A. Notice B. Data confidentiality C. Choice D. Data integrity

70 – What type of iris lens would typically be used in an area that has fixed lighting? A. Annuciator B. Charged-coupled C. Manual D. Automatic

71 – You are attempting to determine the types of preventative measures to put in place to protect your company’s facility. What is not a preventative measure you might implement? A. Purchase generators B. Implement a hot site C. Create redundant power lines D. Increase inventory

72 – What is not true with respect to the relationships between threat, vulnerability, exposure, countermeasure and risk? A. A threat agent takes advantage of a vulnerability B. A vulnerability can expose a system to possible damage. C. A countermeasure can mitigate a vulnerability. D. The probability of a fire causing damage is a risk.

74 – What type of alarm system triggers an alarm at your organization’s security command center when it detects an intruder? A. Local B. Proprietary C. Central station D. Auxiliary station

76 – Which type of attack is considered a passive attack? A. Replay attack B. Chosen-Plaintext attack C. Ciphertext-Only attack D. Sniffing attack

77 – What attributes are used when evaluating a system’s protection mechanisms under the Information Technology Security Evaluation Criteria (ITSEC)? A. Integrity and Authentication B. Assurance and Integrity C. Functionality and Assurance D. Confidentiality and Functionality

78 – What is the second stage of the SDLC? A. Defining system requirements B. Project initiation and planning C. Defining functional objectives D. Developing and implementing

79 – What is the correct order of sensitivity levels for military data classification? A. Top secret, Secret, Private, Sensitive, Unclassified B. Top secret, Secret, Confidential, Sensitive but unclassified, Unclassified C. Top secret, Confidential, Secret, Sensitive but unclassified, Unclassified D. Top secret, Sensitive, Sensitive but unclassified, Private, Unclassified

80 – Which identity management system characteristics match with the identity management system? A. Provides packet delivery with UDP B. Uses PPP connections C. Supports the Apple Talk protocol D. Combines services for authentication and authorizationE. Provides packet delivery with TCPF. Encrypts packets between the server and the client-TACAS+-RADIUS

TACAS+: C, F, and E | RADIUS: A, B, and D

81 – Which user requirement is true for compartmented security mode but not for multilevel security mode? A. A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system. B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system. C. All users must have a valid need to know some of the information on the system. D. There must be formal access approval for all information that the user will access on the system.

82 – Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination? A. Session B. Physical C. Data link D. Network

83 – Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer; however, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization? A. Chief security officer B. Chief financial officer C. Chief information officer D. Chief executive officer

84 – Which information concealment methods match to each description? A. Code words B. Watermarking C. Stenography D. Cryptography - Uses additional information within a file for detecting the theft of information - Uses sophisticated mathematical techniques to hide information - Uses a specific medium to hide information within - Uses letters to represent an idea or sentiment

- [B] Uses additional information within a file for detecting the theft of information - [D] Uses sophisticated mathematical techniques to hide information - [C] Uses a specific medium to hide information within - [A] Uses letters to represent an idea or sen

85 – A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic Interference (EMI). What should you tell them? A. Unshielded Twisted Pair B. Fiber-optic C. Shielded Twisted Pair D. Coaxial

86 – Which mode of the Data Ecryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)? A. Cipher Feedback B. Electric Code Book C. Counter D. Cipher Block Chaining

87 – Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement? A. Protect resources that are required for data processing. B. Ensure that resource security is maintained during a failure. C. Ensure that vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced. D. Provide a balance between the implemented security controls and the user’s productivity.

88 – It is important to conduct a risk assessment as part of the planning process to determine what threatens the organization. Risk assessment also determines ways in which available resources should be used to guard against the identified threats. What is the probability of a threat? A. The need to insure against it B. The severity of the damage it could inflict C. The likelihood that it will occur D. The cost of implementing a plant o curb its effects

93 – You need to deploy a video surveillance solution in the front lobby of your organization’s building. It is important that the security guards are able to monitor the full lobby, but you want to limit the number of cameras needed to facilitate this. What capability will allow you to meet your goals? A. PTZ capable system B. CCD capable system C. Automatic iris capable system D. A photometric system

(Bank 1) 1 – Which of the following is an example of a dictionary attack? A. A program that sniffs the network and captures packets B. A program that covers up the login screen and captures the values once they are inputted by the user. C. A program that uses every possible input combination to try to determine what the correct value would beD. A program that uses a pre-defined list of values and compares it to captured values

2 – What is the main factor for strengthening the functions of cryptographic systems? A. Increase in the number of hackers B. Increase in classified information C. Increase in the number of cryptographic algorithms D. Increase in computational power

3 – A computer crime has been reported and an investigation by the company’s incident response team has confirmed that an actual crime has been committed. The initial evidence indicates that the crime appears to have been committed by an employee within the company. What department should be notified? A. Software Development B. Human Resources C. Finance D. Marketing

4 – What Common Criteria assurance level is the first to require that the product is methodically tested and checked? A. EAL4 B. EAL5 C. EAL3 D. EAL2

5 - What is the benefit of using clustering in your enterprise data management scheme? A. Creates a single point of failure B. Scalability and redundancy C. Requires less memory to operate D. Amount of data storage is increased

6 - You have been tasked with implementing an intrusion detection system that learns as it performs its day-to-day tasks and uses this knowledge to detect any changes that could mean an intrusion is occurring. Which one should you implement? A. Statistical anomaly-based intrusion detection B. Signature-based intrusion detection C. Network-based intrusion detection system D. Host-based intrusion detection system

7 - Which is the final step that you should include in any backup plan? A. Determine what type of backup media you will require. B. Test the backup plan. C. Determine where you should store the backup media and how long you should store it there. D. Determine what data you will need to back up.

8 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this? A. Piggybacking B. Modemsurfing C. Wardriving D. Wardialing

9 - Which of the following is NOT true in regards to content-dependent access control? A. Content-dependent filtering can be used with email programs and web browsers. B. It uses rules to define what can and cannot occur between an object and a user. C. It is often used within databases. D. Access to objects is determined by the actual content of the object.

10 - Which method is most secure when updating routing information? A. Distance-vector updates B. Static updates C. Link-state updates D. Dynamic updates

11 - Ten professional practice areas make up the basis of NFPA 1600. Which practice area involves determining the threats that apply to an organization and limiting their potential impact? A. Project initiation and management B. Risk evaluation and control C. Maintaining and exercising BCPs D. Awareness and training programs

``` 12 - Which type of security device is set into a door's edge? A. Biometric reader B. Card reader C. Mortise lock D. Rim lock ```

13 - Companies that have been attacked often choose not to release this information to the media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account? A. Kevin Mitnick B. Chaos Computer Club C. Legion of Doom D. Cult of the Dead Cow

14 - Biometric devices are among the most accurate and secure methods of authentication available. However, some users find them obtrusive and are therefore reluctant to use them. What biometric recognition system is the most widely accepted and implemented? A. Iris patterns B. Facial features C. Retinal patterns D. Fingerprints

15 - Which term defines a group of networks that work together for the sole purpose of propagating code that performs undesirable functions? A. Malnets B. Botnets C. Extranets D. Malvertisements

16 - What ITSEC rating is concerned with a high level of integrity during communications? A. F6 B. F8 C. F7 D. F9

17 - Which regulation for financial institutions emphasizes resuming and maintaining business operations after a disaster? A. FFIEC B. NYSE Rule 446 C. Electronic Funds Transfer Act D. NASD Rule 3510

18 - Electronic devices emit electrical and eloctromagnetic signals through the airwaves. This is referred to as what? A. White noise B. Emanation C. EMI D. Tempest

19 - What can you use to determine whether an information security program is on track and on budget? A. Management metrics B. Technical metrics C. Strategic metrics D. Operational metrics

20 - What methodology focuses mainly on risk management related to information systems? A. NIST SP 800-39 B. NIST SP 800-30 C. ORION D. CRAMM

21 - What is NOT one of the three critical requirements for operations controls? A. Resource protection B. Privileged-entry control C. Software control D. Hardware control

22 - What law protects company logos from illegal duplication? A. Patent B. Copyright C. Trademark D. Trade secret

23 - Which technology provides availability, load balancing, redundancy, and failover? A. Clustering B. RADIUS C. RAID D.Redundant Servers

24 - Which is NOT a type of programming language? A. Assembly B. High-Level C. Machine D. Interpreter

25 - Which type of attack exploits the communications session between two communicating devices so that the session can be hijacked? A. Ping of Death Attack B. DNS Poisoning C. Sniffer Attack D. TCP Sequence Number Attack

26 - What is the most common security issue for most companies? A. DoS attacks B. Excessive privileges C. IP spoofing attacks D. Data diddling

27 - What type of water sprinkler system is best used in an environment that contains a lot of expensive computer and electronic equipment? A. Deluge B. Dry pipe C. Preaction D. Wet Pipe

28 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence? A. CCTV B. PPTP C. TDR D. DSA

29 - Which OSI reference model layers match to each function? ``` A. Transport B. Data-link C. Application D. Session E. Presentation F. Network ``` - Specifies how data is routed from hosts on one network to hosts on another network - Responsible for error-free packet transfers between network nodes - Establishes, maintains, and terminates connections between devices and applications - Segments data in the appropriate size and format - Interacts directly with end users to provide network services - Ensures that data represented by one system can be interpreted by another system

[F]- Specifies how data is routed from hosts on one network to hosts on another network [B]- Responsible for error-free packet transfers between network nodes [D]- Establishes, maintains, and terminates connections between devices and applications [A]- Segments data in the appropriate size and format [C]- Interacts directly with end users to provide network services [E]- Ensures that data represented by one system can be interpreted by another system

30 - What is the Biba model most concerned with? A. Integrity B. Verification C. Confidentiality D. Repudiation

31 - What type of threat involves retransmitting packets to perform undesirable effects? A. Impersonation B. Dumpster diving C. Data remanence D. Replay

32 - A temporary site has been set up for various users that will be working on a project in a remote location. The users will be dialing-in to a RAS server within the central office to gain access to the corporate network as required. Management is worried that unauthorized users at unauthorized locations will be able to dial-in to the RAS server and gain access to the corporate network. What should you implement for increased security? A. Callback B. A firewall C. Encryption D. VPN

33 - Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method? A. Something you know B. Something you have C. Something you use D. Something you are

34 - Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded? A. Destroying B. Degaussing C. Cleaning D. Overwriting

35 - In regards to data within an organization, what is the Clark-Wilson model most concerned with? A. Confidentiality B. Authentication C. Integrity D. Availability

36 - What is an example of a detective control? A. Firewall B. Fences C. Job rotation D. Lighting

37 - Which stage descriptions match to each lifecycle? A. Ideas are brainstormed for the system and security measures are considered. B. Errors are identified and traced once the system is in production. C. How the system will be created to fulfill the functional objectives is determined. D. All the planning, designs, and system requirements are physically created. E. Weaknesses are resolved by implementing new improvements. - Systems Development Life Cycle - System Life Cycle

[A, C, D] -Systems Development Life Cycle | [B, E] - System Life Cycle

38 - What is an example of a deterrent control? A. Audit logs B. Security policies C. Fences D. Smart cards

39 - It is important to conduct a risk assessment as part of the planning process to determine what threatens the organization. Risk assessment also determines ways in which available resources should be used to guard against the identified threats. What is the probability of a threat? A. The likelihood that it will occur B. The need to insure against it C. The severity of the damage it could inflict D. The cost of implementing a plan to curb its effects

40 - A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her? A. You should tell her to implement auditing. B. You should tell her to implement an accountability server. C. You should tell her to implement logs. D. You should tell her to only hire honest people.

41 - What is the most secure method of storing private keys in a PKI implementation for a commercial bank? A. Key repository B. Key escrow service C. Simple offline storage system D. M-of-N process

42 - Which statement is not true in relation to the term "back door"? A. There are various tools on the market that allow you to easily create and execute back door attacks. B. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes. C. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in. D. A back door attack allows an attacker to masquerade themselves as someone else.

43 - Which access control model makes use of ACLs? A. Discretionary access control B. Role-based access control C. Nondiscretionary access control D. Mandatory access control

44 - What is an organization exercising when senior management understands the security risk faced by the company and it investigates possible weaknesses and vulnerabilities? A. Due diligence B. Due care C. Demonstrative evidence D. Incident recognition

45 - What type of backup will contain any files that have changed since the last full backup? A. Full B. Incremental C. Differential D. Complete

46 - Which statement best describes what occurs during a Chosen Plaintext attack? A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all the messages with that key. B. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key. C. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient. D. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender.

47 - What is the first level in the Orange Book that requires users to be individually identified and accountable for their actions? A. C1 B. B2 C. C2 D. B1

48 - You need to provide security for your client's connections to your web server. You need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this? A. HTTP B. HTTPS C. S-HTTP D. SET

49 - A biometric system that weighs people entering a facility to ensure that only one person is being granted access is typically used in what type of security prevention method? A. Fail-safe B. Mantrap C. Fail-secure D. Piggybacking

50 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion? A. Intrusion detection B. Access control C. Separation of duties D. Rotation of duties

51 - Which protocol relies on a "web of trust" for its key management approach instead of a hierarchy of certificate authorities? A. Deffie-Hellman B. RSA C. PGP D. SSL

52 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack? A. Quantitative risk analysis B. Forensic engineering C. Software forensics D. Business impact analysis

53 - The terms threat, vulnerability, exposure, countermeasure, and risk are sometimes intermingled and used interchangeably in conversation or writings about security management. Which of the following options contains the statement that accurately describes the relationship between these terms? A. Option C B. Option B C. Option A D. Option D

54 - You are the network administrator for a large company in North America. Many of the employees work from remote locations. You need to set up a secure, private connection between the remote users and their head office so that they can access resources. What would be the best solution? A. Use the Point-to-Point Tunneling Protocol B. Use a Virtual Private Network C. Use the Point-to-Point Protocol D. Use the Layer 2 Tunneling Protocol

55 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them? A. Fiber-optic B. Shielded Twisted Pair C. Unshielded Twisted Pair D. Coaxial

56 - Which access control model is based on a security label system? A. Discretionary access control B. Mandatory access control C. Nondiscretionary access control D. Role-based access control

57 - You are the network administrator for a branch office. You need to secure the network traffic as it enters and leaves your office. Your plan is to implement a hardware based firewall. The firewall should be able to inspect the data's source and destination address. This will allow you to implement access control lists to control access to specific applications and services. What type of firewall should you implement to meet the branch office security requirements? A. Stateful Inspection B. Packet Filtering C. Application Level D. Circuit Level

58 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs? A. System cold start B. Warm reboot C. Emergency system restart D. System reboot

59 - Which security model has the ability to address the interference attack? A. Noninterference model B. Graham-Denning model C. Biba model D. Lattice model

60 - What type of cipher moves bits, characters, and blocks around to hide the original plaintext message? A. Transposition cipher B. Scramble cipher C. Substitution cipher D. Replacement cipher.

61 - Which attack takes advantage of weaknesses in the design of the TCP protocol? A. SYN flood B. Teardrop C. Fraggle D. Smurf

62 - When does a buffer overflow occur? A. When an application sends too much information to another application cuasing a blue screen B. When too much data is entered into the buffer C. When the operating system runs out of RAM and causes a reboot D. When an application runs out of memory and crashes the system

63 - What is not true of a qualitative risk analysis? A. It is scenario-based. B. Assets are defined as tangible physical objects. C. Its results are easier to understand than that of a quantitative risk analysis. D. Threats are given an exposure rating.

64 - Which RAID levels match each characteristic? ``` A. Level 10 B. Level 5 C. Level 3 D. Level 0 E. Level 1 ``` - Parity - No parity

- [C, B] Parity | - [D, E, A] No parity

65 - The company's database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significant amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in? A. Normal B. Nonessential C. Critical D. Urgent

66 - What law protects software programs from illegal distribution? A. Trade secret B. Trademark C. Patent D. Copyright

67 - Which term represents a collection of technologies that gathers and stores access control information and specified system activity for later study? A. SIEM B. FMEA C. ITIL D. MTBF

68 - The act of monitoring, auditing, and logging provides which measure within an organization? A. Integrity B. Accountability C. Availability D. Confidentiality

69 - What is the best method of preventing a buffer overflow? A. Limit the amount of data that can be entered into memory B. Limit the amount of data that is accepted by an application C. Increase the amount of virtual memory available to the operating system D. Add RAM to the computer

70 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence? A. Evidence must be returned to its owner once presented in court B. Modifying computer-generated evidence is impossible C. Evidence must not be admissible D. Evidence must be legally permissible

71 - Why are most companies unaware that they have ever been attacked? A. Attackers usually spoof their IP addresses. B. There are only a few laws that specifically address computer crimes. C. Attackers usually erase any logs that record their activities. D. Most attacks are performed by individuals located inside the target network.

72 - Once the risk analysis has been completed, the organization must decide how to handle the risk. What four options are available for handling risk? A. Reject, transfer, reduce, and accept B. Reject, transfer, recover, and accept C. Transmit, accept, refer, and reject D. Accept, refer reject, and transmit

73- What type of intrusion detection system (IDS) is used to detect any sound that can be made by someone trying to force their way into a facility? A. Acoustical detection system B. Electro-mechanical system C. Photometric system D. Proximity detector

74 - What type of mobile code control serves as a protected area for a program to execute? A. Access matrix B. Kernel C. Covert channel D. Sandbox

75 - Management has approached you about the current Redundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level supports multiple drive failures. What should you tell them? A. RAID 0 B. RAID 1 C. RAID 10 D. RAID 5

76 - What is the Bell-La Padula model most concerned with? A. Repudiation B. Integrity C. Verification D. Confidentiality

77 - Administrative, technical, and physical controls should be used by security administrators to meet an organization's security requirements. What is an example of a preventive physical control? A. Biometric system B. Router C. Data backup D. Closed-circuit TV

78 - Which algorithms match to each type? ``` A. Knapsack B. Blowfish C. DES D. RSA E. ECC F. AES ``` - Asymmetric - Symmetric

[D, E, A] - Asymmetric | [F, C, B] - Symmetric

79 - The reporting structure for the information security officer (ISO) will vary from organization to organization. The ISO should report as high up in the organization as possible, as this reinforces the importance of information security to the organization. When deciding which organizational role the ISO needs to report to, it is important to acknowledge that there is a potential conflict of interest. A conflict of interest could arise from having the ISO report to which organizational role? A. Risk management department B. Chief executive officer C. Chief security officer D. Internal audit department

80 - Which type of virus takes advantage of system precedence? A. Polymorphic virus B. Macro virus C. Multipartite virus D. Companion virus

81 - A junior network technician has approached you and asked for your opinion on what would be the most secure cable to implement within the organization. What should you tell them? A. Coaxial B. Unshielded Twisted Pair (UTP) C. Fiber-optic D. Shielded Twisted Pair (STP)

82 - The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs? A. Inference B. Commit C. Rollback D. Savepoint

83 - What type of technology makes use of a sandbox as a security mechanism? A. Malware B. ActiveX C. DBMS D. Java

84 - Which is NOT an integrity goal that is addressed by the Clark Wilson model? A. All users must be identified and authenticated. B. Unauthorized users should be prevented from making changes. C. Authorized users should be prevented from making unauthorized changes. D. Internal and external consistency should be maintained at all times.

85 - What is not considered when determining a recovery strategy as part of a business continuity plan? A. User recovery B. Data recovery C. Technical recovery D. Certificate recovery

86 - What best describes an information protection environment? A. Audits, logs, policies, and procedures used to track user activities throughout the organization B. An environment for hardware security that encompasses all dedicated hardware in an organization C. An environment for operations security that encompasses all computing resources in an organization D. An environment for software security that encompasses all software used in an organization

87 - At which stage of the SLC does the development team observe how the system operates to make sure it is functioning as expected? A. Operations and maintenance support B. Recording and documenting C. Producing and installing D. Revisions and system replacement

88 - What type of power fluctuation occurs due to a loss of power? A. Fault B. Spike C. Brownout D. Sag

89 - What type of alarm system triggers an alarm at your organization's security command center when it detects an intruder? A. Proprietary B. Local C. Central station D. Auxiliary station

90 - Which piece of equipment is not recommended for use by incident response teams? A. Digital camera B. Plastic containers C. Spiral notebook D. Ball-point pen

91 - What needs to be done by the organization to help ensure that the insurance company is responsible for coverage in the event of a disaster? A. The organization must practice due care B. The organization must practice due diligence C. The organization must purchase a Business Interruption Insurance policy D. Nothing, the insurance company is always responsible

92 - What classification of gate is designed to secure an industrial yard that only authorized individuals are permitted entry? A. Class II B. Class IV C. Class I D. Class III

93 - What is the first level in the Orange Book that requires verified protection? A. A1 B. B1 C. B2 D. C1

94 - Which examples match with the types of controls? ``` A. Classifying data B. Clipping levels C. Hiring procedures D. Supervisory activities E. Monitoring keystrokes F. Access control lists ``` - Technical - Administrative

[E, F, B] - Technical | [C, A, D] - Administrative

95 - Which type of detective software intelligently analyzes unknown code? A. Change detection software B. Heuristic scanner C. Signature scanner D. Activity monitor

96 - Which statement specifies a characteristic of quantum cryptography? A. It is used to encrypt and store the encrypted data. B. It uses physics as its fundamental mechanism. C. It is used to transfer encrypted data between two hosts. D. It uses special encryption algorithms to encrypt information.

97 - Which backup strategy copies only the files that have changed since the last backup without altering their archive bits? A. Differential backup B. Full backup C. Copy backup D. Incremental backup

98 - Which rule is also classified as the "no read down" rule? A. Simple integrity axiom B. Simple security rule C. Star integrity axiom D. Star property rule

99 - Which statement best describes maintenance hooks? A. They are cycles of downtime for software access controls. B. They are backdoors into software that only the developer knows about. C. They are periods of time in which the software security is lax. D. They are Trojan horses placed in the software by hackers.

100 - What type of fire suppression system would be the worst choice to use in an environment that contains a lot of expensive computer and electronic equipment? A. FM 200 B. Preaction C. Deluge D. Dry pipe

101 - For applications to Interact with various types of databases, a type of interface is needed. What type of database interface language is used for structuring data so that it can be shared between applications and web technologies? A. ADO B. OLE DB C. ODBC D. XML

102 - Which type of cryptographic algorithm uses public and private keys? A. AES B. RSA C. DES D. 3DES

103 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you to determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher? A. Transposition B. Substitution C. Null D. Running key

104 - Which type of access control involves the installation of a lock on a server room door? A. Directive B. Compensating C. Preventive D. Deterrent

105 - Which statement best defines a clipping level? A. A baseline that defines a threshold that must be met before a violation is recorded for further review B. The implementation of assurance levels and the management of security features C. A threshold that defines a baseline that must be met before a violation is recorded for further review D. The act of discovering a problem before it becomes a major issue and causes damage

106 - Which task is not part of the initial steps an attacker would perform when attacking a network? A. Start building a network topology B. Determining which computers are physically active. C. Determining which operating systems are installed on the active computers D. Determining which ports are open by performing port scans

107 - Your current network uses the Open Shortest Path First (OSPF) dynamic routing protocol to update routes to different destinations on the network. It has been brought to your attention that a rouge router is updating routes on the internal network. This is creating false routes to destinations internally and externally which imposes a security issue. What should you do to prevent the rogue router from updating your internal routing information? A. Implement a different type of dynamic routing protocol. B. Implement update authentication between the internal routers. C. Unplug the rogue router. D. Contact the local authorities.

108 - Which type of media access technology is primarily used in Ethernet networks? A. Token Passing B. Polling C. CSMA D. Ethernet

109 - A stateful firewall uses what type of access control? A. Content-dependent access control B. Context-dependent access control C. Rule-based access control D. Access control matrix

110 - Which type of operations security control deals with the behavior expected of employees when accessing information resources within the organization? A. Corrective controls B. Directive controls C. Preventive controls D. Detective controls

111 - With Biometrics systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied? A. FRR B. FAR C. CER D. EMP

112 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization,. For what is the information security officer primarily responsible? A. Ensuring the security program complies with regulations B. Evaluating risk management practices in the organization C. Identifying emerging security risks D. Facilitating information security within the organization

113 - Carrie has a secret message that she wants only Todd to read. A hybrid approach is used for this transaction. Which statements regarding hybrid cryptography are true and which statements are false? A. Todd decrypts the encrypted symmetric key with his private key and decrypts Carrie's message with the symmetric key B. Carrie encrypts the message with her private key and her private key with Todd's public key C. Todd decrypts Carrie's encrypted private key with his public key and decrypts Carrie's message with Carrie's private key D. Carrie encrypts the message with a symmetric key and the symmetric key with Todd's public key

[B, C]-False | [D, A]-True

114 - Which type of cipher is typically used in an application where encryption is not needed, but the system itself requires encryption? A. Transposition cipher B. Running key cipher C. Substitution cipher D. Null cipher

115 - (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics, Identify one of the mandatory cannons in the CISSP Code of Ethics. A. Discharge professional responsibilities with diligence and honesty B. Provide diligent and competent service to principals C. Thou shalt not use a computer to steal D. I will not misuse any information or privileges I am afforded as part of my responsibilities

116 - What type of database integrity exists if all foreign keys point to existing primary keys? A. Referential B. Entity C. Semantic D. Structural

117 - The risk management framework defines six major areas of risk management. The operational risk management area is broken down further into which specific areas of risk? A. People, credit, market B. Financial, strategic, technology C. Process, market, events D. People, process, events

118 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure? A. RAID 0 B. RAID 5 C. RAID 3 D. RAID 1

119 - Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis? A. Does not take into consideration cost/benefit analysis B. Requires calculations C. Uses a lot of educated guesses D. Opinions are provided by process experts E. Presents yearly losses - Qualitative risk analysis - Quantitative risk analysis

[C, D, A]- Qualitative risk analysis | [B, E]- Quantitative risk analysis

120 - Which Common Criteria Evaluation Assurance Level (EAL) involves semiformal design and testing of systems? A. EAL 7 B. EAL 5 C. EAL 3 D. EAL 1

121 - Which access control concept involves isolating groups of people and information so that information is not passed between the groups? A. Least privilege B. Compartmentalization C. Need to know D. Security domain

122 - Which attack involves sending malformed packets to a system in order to cause it to crash or end processing? A. SYN flood attack B. Smurf attack C. Denial of Service (DoS) attack D. Fraggle attack

123 - Which examples match security frameworks and risk assessment methodologies? ``` A. CRAMM B. OCTAVE C. COBIT D. FRAP E. ITIL F. COSO ``` - Security Frameworks - Risk Assessment Methodologies

[C, F, E]- Security Frameworks | [A, D, B]- Risk Assessment Methodologies

124 - After determining the risks that could affect business functions, what would be the least effective type of measure that could be implemented to help reduce the impact as much as possible? A. Reactive B. Cost-effective C. Preventative D. Proactive

125 - Which is TRUE in relation to a one-way hash function? A. It takes a variable-length string and produces a fixed-length value. B. It takes a variable -length string and produces a variable-length value. C. It takes a fixed-length string and produces a fixed-length value. D. It takes a fixed-length string and produces and variable-length value.

126 - Which viable weekly backup strategy will take the least amount of time to complete? A. Perform a full backup every Monday and a differential backup on the remaining days of the week. B. Perform a differential backup every Monday and an incremental backup on the remaining days of the week C. Perform a full backup every Monday and an incremental backup on the remaining days of the week. D. Perform a full backup every day.

127 - Which attack occurs when an attacker sends packets that are too small? A. Smurf B. Fraggle C. Teardrop D.SYN flood

128 - What type of interference can be caused by the fluorescent lights that are commonly found in office buildings? A. Electrostatic discharge B. Intermodulation C. Radio frequency interference D. Electromagnetic Interference

129 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the user currently resides? A. Simple integrity axiom B. Star integrity axiom C. Simple security rule D. Star property rule

130 - Which system security modes match to each description? A. Multilevel Security Mode B. Dedicated Security Mode C. Compartmented Security Mode D. System High-Security Mode - All users lack formal need to know, but possess the necessary clearance. - All users possess a formal need to know and clearance for all the data in the system. - All users possess system high-security clearance, but may lack formal approval or need to know. - Various classification levels are required to be processed at the same time.

- [D] All users lack formal need to know, but possess the necessary clearance. - [B] All users possess a formal need to know and clearance for all the data in the system. - [C] All users possess system high-security clearance, but may lack formal approval or need to know. - [A] Various classification levels are required to be processed at the same time.

131 - Which algorithms match to each type? ``` A. MD5 B. AES C. SHA-1 D. HAVAL E. IDEA F. RSA ``` - Hashing algorithm - Encryption algorithm

- [D, A, C] Hashing algorithm | - [B, E, F] Encryption algorithm

132 - What should be the first step completed in the project initiation phase? A. Define plan goals B. Appoint a leader C. Appoint a BCP team D. Obtain management support

133 - Which type of law acts on civil violations against an organization or individual? A. Regulatory B. Criminal C. Tort D. Administrative

134 - An updated security system is being considered for implementation to your company's building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs? A. Magnetic stripe card B. Proximity card C. Electronic combination lock D. Combination lock

135 - What should you configure to ensure that received fax documents are kept confidential and secure? A. Configure a fax server to print the faxes to the nearest printer and include a cover page that separates the printed faxes by user name B. Configure the fax device to only accept faxes when a user is present to receive it. C. Configure a fax server to route the received faxes to the fax device that is nearest to the recipient. D.Configure a fax server to route the received faxes to the appropriate user's electronic mailbox

136 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment? A. Brownout B. Blackout C. Fault D. Sag

137 - What is not an example of a physical control? A. Subnets B. Building location C. External lights D. Data backups

138 - When developing a business continuity plan, what recovery strategy would address transportation and accommodation requirements for employees in the event of a disaster? A. User recovery B. Business recovery C. Data recovery D. Technical recovery

139 - Which user requirement is true for compartmented security mode but not for multilevel security mode? A. There must be formal access approval for all information that the user will access on the system. B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system. C.A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system. D. All users must have a valid need to know some of the information on the system.

140 - What security mode is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it? A. Multilevel Security Mode B. Dedicated Security Mode C. System High-Security Mode D. Compartmented Security Mode

141 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is the process referring to? A. Accreditation B. Certification C. Affirmation D. Verification

142 - Most alternate off-site facilities are provided by third party companies that charge a subscription fee for usage. What is the term for an alternate off-side facility that is owned by the company? A. Redundant site B. Warm site C. Hot site D. Cold site

143 - Which of the standard listed identifies the format for public key certificates? A. X21 B. X500 C. X509 D. X400

144 - What often happens unexpectedly because of the development of a company's contingency plan? A. Support from senior management is realized B. RTOs are discovered C. Improved business operations D. Hot sites are found to be expensive to maintain

145 - Which algorithm requires that the sender and receiver use two instances of the same key? A. RSA B. Diffie-Hellman C. Knapsack D. 3DES

146 - What part of the product evaluation process deals with product development and maintenance? A. Life-cycle assurance B. Clipping levels C. Operational assurance D. Change control

147 - While away on business you are forced to leave a company laptop unattended in your hotel room for several hours. What would be the best method of securing the sensitive data stored on its laptop from theft? A. Maintain backups of the sensitive data in a secure location B. Have the laptop engraved with an ID number C. Use encryption software to encrypt the sensitive data D. Secure the laptop to a hotel desk using a locking cable

148 - IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode? A. Only the header and trailer information are protected. B. The payload as well as the header and trailer information is protected. C. Only the payload of the message is protected. D. Only the header information is protected.

149 - According to the event management process, which action should be taken immediately after an event occurs? A. Report to the assessment team B. Assess the event C. Report to the communications center D. Implement a recovery strategy and and plans

150 - When developing the business continuity plan (BCP), what is not the responsibility of management? A. Making the necessary resources available B. Creating the policy statement and setting goals C. Determining any legal and regulatory requirements D. The outcome of the BCP development process

151 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients? A. Relational data model B. Distributed data model C. Hierarchical data model D. Rational data model

152 - Your security department has been gathering information to present to management about the security mechanisms that are implemented within the organization and an evaluation of their overall effectiveness. What is this process referred to as? A. Affirmation B. Accreditation C. Certification D. Hallmark

153 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as? A. Hallmark B. Affirmation C. Certification D. Accreditation

154 - Which statements match each organization's code of ethics? A. Compromising the privacy of others B. Act honorably, honestly, justly, responsibly, and legally C. Provide diligent and competent services to principals D. Seeking to gain unauthorized access to internet resources E. Destroying the integrity of computer-based information F. Advance and protect the security profession - ISC2 - IAB

- [B, C, F] ISC2 | - [E, D, A] IAB

155 - Which IDS technologies match each characteristics? A. Anomaly-based B. Signature-based - Has the ability to identify new attacks - Is synonymous with heuristic-based - Is able to identify several activities and compare them to known patterns simultaneously - Does not have the ability to identify new attacks

- [A] Has the ability to identify new attacks - [A] Is synonymous with heuristic-based - [B] Is able to identify several activities and compare them to known patterns simultaneously - [B] Does not have the ability to identify new attacks

156 - which component is used to create digital signatures? A. DSA B. PPTP C. SKIP D. IPSec

157 - Why should an organization implement auditing for its Business Continuity Plan (BCP)? A. To identify possible business interruptions B. To reveal weaknesses in a system C. To detect unauthorized activity D. To keep it up to date

158 - Which information concealment methods match to each description? A. Watermarking B. Cryptography C. Code words D. Stenography - Uses letters to represent an idea or sentiment - Uses sophisticated mathematical techniques to hid information - Uses a specific medium to hid information within - Uses additional information within a file for detecting the theft of information

- [C] Uses letters to represent an idea or sentiment - [B] Uses sophisticated mathematical techniques to hid information - [D] Uses a specific medium to hid information within - [A] Uses additional information within a file for detecting the theft of information

159 - What ensures the accountability and integrity of evidence once it is collected? A. Chain of evidence B. Tangibility C. Due care D. Due diligence

160 - What is true regarding the relationship between laws and ethics? A. Ethics and laws are synonymous. B. Most laws are derived from ethics. C. Ethics are always derived from laws. D. An action that is legal is also ethical.

161 - An organization that partners with other corporations has multiple communication channels. What should be taken into consideration by all employees regarding these channels? A. Single sign-on B. Intrusion detection C. Privacy compliance D. Monitoring technologies

162 - Which component is used by operators to monitor controllers in a SCADA system? A. HMI B. RTU C. PLC D. TCP

163 - Which aspect of IAM involves creating, modifying, and deleting user accounts? A. Authorization B. Entitlement C. Identify management D. Provisioning

164 - Fire suppression systems use different methods to combat fires. What substance is non-toxic, does not deplete the ozone, and is safe to use around electrical equipment? A. Halon B. Deluge C. FM 200 D. Carbon dioxide (CO2)

165 - Which type of lock provides the least amount of security? A. Warded lock B. Smart lock C. Tumbler lock D. Electronic combination lock

166 - Which access control threats match each description? A. Brute force attacks B. Spoofing C. Dictionary attacks - Involves trying different input combinations in an attempt to find a correct password - Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - Involves a fake user logon screen being presented to a user for them to input their username and password

- [A] Involves trying different input combinations in an attempt to find a correct password - [C] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - [B] Involves a fake user logon screen being presented to a user for them to input their username and password

167 - The international information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory cannon in the CISSP Code of Ethics? A. Protect society, the commonwealth, and the infrastructure. B. Act honorably, honestly, justly, responsibly, and legally. C. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty. D. Provide diligent and competent service to principals.

168 - Which standard is recommended by the Implementing the 9/11 Commission Recommendations Act of 2007? A. NFPA 1600 B. TCSEC C. ISO/IEC/27002 D. Common Criteria

169 - Which characteristics match to each type of offsite facility? A. Configured with some equipment B. Are usually ready within a few hours after equipment arrive C. Can be operational very quickly D. Fully configured spaces with all the technical equipment and resources an organization requires E. No technical equipment or resources, except for air conditioning, power, and telecommunications F. May take several hours or longer to get set up - Hot sites - Warm sites - Cold sites

- [D, C] Hot sites - [A, B] Warm sites - [E, F] Cold sites

170 - A security practitioner is designing access control monitoring. The design includes a non-filtering router, a firewall, and a company network. In particular, the company wants to correctly place an IPS so that the number of alerts is significantly reduced. ``` Internet [ ]- / \-[ ] Firewall Router |-[ ] |-[ ] Company Net Company Net ```

The point between the firewall and the company network.

171 - What would be the least effective method used to secure a fax transmission? A. Enable logging and auditing of fax transmissions B. Use a fax server on the network C. Implement a fax encryptor D. Require users to encrypt their own transmissions

172 - Which method involves the hiding of data within another form of media so that the existence of the original data is concealed? A. Tasseography B. Cryptography C. Stenography D. Steganography

173 - You have received a change request from your client on a project you are currently developing for them. What is the correct order of steps you should take to ensure that you follow the change control process? A. Make a formal request, Analyze the request, Record the request, Submit the request for approval, Develop the change, Report the results to management B. Analyze the request, Record the request, Make a formal request, Submit the request for approval, Develop the change, Report the results to management C. Make a formal request, Submit the request for approval, Develop the change, Analyze the request, Record the request, Report the results to management D. Submit the request for approval, Make a formal request, Analyze the request, Record the request, Develop the change, Report the results to management

174 - Which rule will protect data at an integrity level from being corrupted by data at a lower integrity level? A. Strong star property rule B. Star property rule C. Simple integrity axiom D. Simple security rule

175 - An NDA addresses which security principal? A. Availability B. Integrity C. Authenticity D. Confidentiality

176 - Your company is implementing wireless technologies to provide users with the mobility they require to perform their day to day activities. Management has approached you and is questioning the security of the wireless technologies in relation to wardriving. You need to assure them that the network will be secured against wardriving. Which security measure will not provide protection against wardriving? A. Enable the broadcasting of SSIDs on the access points that will be implemented within the network. B. Change the SSID that will be used to identify the access point on the network. C. Physically place the access points within the middle of the buildings. D. Use 128-bit WEP as the encryption standard on the wireless network

177 - What method for database security involves having multiple instances of rows with the same primary key, each displaying a different set of data depending on the user's security level? A. Polyinstantiation B. Aggregation C. Views D. Inference

178 - What is considered a felony under the US Computer Fraud and Abuse Act of 1986? A. To gain unauthorized access to government systems B. To disclose personal medical information C. To use classified data for the benefit of a foreign nation D. To exchange passwords for unauthorized access to systems

179 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out? A. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings B. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings C. Reconnaissance, Enumeration, Execution, Vulnerability Analysis, Document Findings D. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution

180 - What is the most common method used to locate unsecured wireless networks? A. Wardialing B. Piggybacking C. Wardriving D. Salami

181 - In a secure network, personnel play a key role in the maintenance and promotion of security procedures. Allotting different roles and responsibilities to different personnel provides increased security. It is important that each participant's role is clearly defined and understood by the participants and by their peers. Which role is responsible for ensuring that the company complies with software license agreements? A. Process owner B. Product-line manager C. Data analyst D. Solution provider

182 - The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise data integrity? A. Denial-of-Service (DoS) attack B. Dumpster diving C. Social engineering D. Virus

183 - Security policies can be categorized as regulatory, advisory or informative. What is true of an advisory policy? A. An advisory policy is designed for educational purposes. B. An advisory policy cannot be enforced. C. An advisory policy is specific to the company's industry. D. An advisory policy may describe the consequences of not abiding by the rules and procedures.

184 - The terms threat, vulnerability, exposure, countermeasure and risk are sometimes intermingled and used interchangeably in conversation or writings about security management. Which of the following options contain the statement that accurately describes the relationship between these terms? A. Option C B. Option A C. Option B D. Option D

185 - What is a security professional considered when they use hacking tools to test their own network for vulnerabilities? A. Script kiddie B. White hat C. Red hat D. Black hat

186 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs? A. Accidental disclosure of confidential, private information B. Susceptibility to DoS attacks C. Their being used to identify wireless hotspots that attackers can use to initiate attacks D. Their being used to facilitate the spread of malicious code

187 - What has a primary focus on ensuring the business functions that are critical to the organization's survival are available in the event of a business interruption? A. Resource dependency analysis B. Business impact analysis C. NYSE Rule 446 D. Corporate contingency planning

188 - Which identity management system characteristics match with the identity management system? A. Combines services for authentication and authorization B. Provides packet delivery with TCP C. Supports the AppleTalk protocol D. Usess PPP connections E. Encrypts packets between the server and the client F. Provides packet delivery with UDP - RADIUS - TACACS+

- [F, D, A] RADIUS | - [C, E, B] TACACS+

189 - An attacker deleting specific incriminating information out of an audit log is referred to as what? A. Sniffing B. Scrubbing C. Spoofing D. Purging

190 - What type of attack involves the capturing of packets as they pass from a source to a destination over a network link? A. Spamming attack B. Teardrop attack C. Ping of death attack D. Sniffer attack

191 - When might an organization require an export license? A. To implement cloud computing B. To employ a key escrow service C. To permit trans-border data flows D. To establish a distributed data model

192 - Which database model allows for the storage of a wide spectrum of different types of data, including images, audio, and documents? A. Object-oriented database model B. Hierarchical database model C. Distributed database model D. Relational database model

193 - What can be done to enforce employee accountability? A. Ensuring employees arrive on time for work B. Employee's maintaining corporate documentation C. Including employee IDs in the audit logs D. Employee's providing a password or passphrase

194 - Which option is not classified as a presentation layer standard? A. TIFF B. MPEG C. JPEG D. HTTP

195 - Vulnerability scanning is a common method used by intruders to determine the weaknesses within a system. What is the first line of defense against vulnerability scanning? A. Close all open ports that are not required for daily activities. B. Apply the most current patches to the system. C. Perform a periodic vulnerability scan on the network. D. Have defined change control procedures within the organization.

196 - There are many different types of computer crimes, each of which can be committed differently. An employee who eavesdrops on the electronic signals emitted by a computer is committing what type of attack? A. TEMPEST B. Emanations capturing C. Data diddling C. Salami attack

197 - Which term best describes an access control concept that is responsible for the mediation of access controls to objects by subjects? A. Secure state B. Security kernel C. Security perimeter D. Reference monitor

198 - Which of the following is NOT one of the principles identified by the Directive on Data Protection? A. Notice B. Choice C. Data integrity D. Data confidentiality

199 - What is the BEST way to secure all data at rest on a portable computer without degrading system performance? A. Software-based FDE B. Hardware-based FDE C. Cloud computing D. SSL

200 - What is not a necessary step for developing a data classification program? A. Assign responsibility for data classification to the data custodian. B. Assign a data custodian. C. Define procedures for declassifying data. D. Define the classification levels.

201 - What is NOT true regarding the services that MPLS provides? A. Packet labeling is provided B. Encryption is provided C. QoS is provided D. Traffic engineering is provided

202 - Which layer of the OSI model maps to the Host-to-Host layer of the TCP/IP model? A. Data link B. Physical C. Transport D. Network

203 - What is not a basic principle used to help protect against threats to data integrity? A. Rotation of duties B. Need-to-know C. Separation of duties D. Repudiation

204 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance? A. Keyboard monitoring B. Audit logs C. Closed Circuit Television (CCTV) D. Fencing

205 - Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination? A. Network B. Session C. Physical D. Data link

206 - Which stages match to each lifecycle? ``` A. Operations and maintenance support B. Revisions and system replacement C. Testing and evaluating D. Recording and documenting E. Defining functional objectives ``` - Systems Development Life Cycle - System Life Cycle

- [E, D, C] Systems Development Life Cycle | - [B, A] System Life Cycle

207 - Mantraps are an example of what type of security control? A. Detective controls B. Corrective controls C. Recovery controls D. Preventive controls

208 - What type of attack prevents a system from responding to legitimate traffic from authorized clients? A. An IP spoofing attack B. A password cracking attack C. A denial of service attack D. A Trojan horse attack

209 - The planning phase should involve creating a timeline for developing the BCP. It is important to prioritize certain areas and to specify when plans for those areas will be completed. For a medium-sized company with an experienced planner and the full support of management, when should a BIA be completed? A. Six to nine months B. Nine to 12 months C. Within the first month D. Within six months

210 - Which phase of the Business Continuity Plan (BCP) involves the first widespread interaction between business areas and security managers? A. Plan Design and Development B. Project Management and initiation C. Recovery Strategies D. Business Impact Analysis (BIA)

211 - Which standard is most commonly used by IPsec for key management? A. IKE B. OAKLEY C. SKIP D. ISAKMP

212 - A computer crime is suspected and reported to senior management. What should the incident response team consider during the preliminary investigation? A. Which company officials should be informed viea e-mail B. Whether the suspect should be contacted C. Whether the police should be contacted D. Who will communicate with the media.

213 - Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network? A. Decrease the number of rings that will occur before the RAS server answers an incoming call. B. Change the phone numbers for the modems within the RAS server. C. Disable all modems that are not required for incoming calls. D. Increase the number of rings that will occur before the RAS server answers an incoming call.

214 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs? A. Gates B. Landscaping C. Fences D. Bollards

215 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company's president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora's Fourth Amendment rights? A. If Debora is acting as a police agent, management's Fourth Amendment rights would not be violated. B. If management is acting as private citizens, Debora's Fourth Amendment rights would be violated. C. If management is acting as a police agent, Debora's Fourth Amendment rights would not be violated. D. If management is acting as private citizens, Debora's Fourth Amendment rights would not be violated.

216 - What is not a valid type of test for a Business Continuity Plan (BCP)? A. Partial interruption B. Parallel C. Checklist D. Simulation

217 - Which feature defines the protocols needed to register public key information? A. SHA-1 B. X-KISS C. HAVAL D. X-KRSS

218 - The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise availability? A. Denial-of-Service attack B. Social engineering C. Human error D. Dumpster diving

219 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occurring if one of the steps fails? A. Isolation B. Consistency C. Durability D. Atomicity

220 - Which algorithms match to each type? ``` A. Diffie-Hellman B. IDEA C. DSA D. RC6 E. El Gamal F. 3DES ``` - Asymmetric - Symmetric

- [A, C, E] Asymmetric | - [B, D, F] Symmetric

221 - What is the first step that should be performed for a penetration test? A. Vulnerability analysis B. Reconnaissance C. Enumeration D. Exploitation

222 - Which type of light is ideal for indoor lighting but not for outdoor lighting? A. Mercury vapor B. Fluorescent C. Quartz lamps D. Sodium Vapor

223 - What can users inherit from group memberships or roles that they have within an organization? A. Covert channels B. Inference C. Entitlements D. Emanation

224 - Which type of lock allows for a certain amount of individual accountability? A. Cipher lock B. Smart lock C. Electronic combination lock D. Combination lock

225 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router? A. Layer 3 B. Layer 2 C. Layer 7 D. Layer 1

226 - Several ethical bases have been identified to help with IT decision making. Which statement provides the basis for the golden rule? A. Assume that all property and information belongs to someone. B. Incur least harm or cost. C. If an action is not repeatable at all times, it is not right at any time. D. Treat others as you wish to be treated.

227 - Which layers of the OSI model map to the Network Access layer of the TCP/IP model? A. Network and Physical B. Transport and Network C. Network and Data Link D. Data Link and Physical

228 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources? A. Business impact analysis B. Plan maintenance C. Policy statement and team creation D. Develop recovery strategies

229 - Several measures can be taken to help protect against electric power issues. What is not a recommended method of protecting devices? A. Use shielded cables. B. Do not run cables close to fluorescent lights. C. Plug all devices into surge protectors. D. Plug power bars into other power bars to help provide additional protection.

230 - Which security standard consists of five principles and seven enablers? A. COBIT version 5 B. ISO/IEC 15408 C. ISO/IEC 27001; 2005 D. ITSEC

231 - Security management is supported by the three core information security principles. They are confidentiality, availability, and integrity. Which controls are used for availability and integrity? ``` A. Physical access controls B. Database encryption C. Hashing D. Clustering E. Warm sites ``` - Availability - Integrity

- [D, E] Availability | - [A, C] Integrity

232 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators? A. Most attacks are performed by individuals located outside of the network B. Most companies do not use firewalls C. Many attackers spoof their IP addresses and erase logs to cover their tracks D. There are only a few laws that specifically address computer crimes

233 - The first step in performing a risk assessment is to identify vulnerabilities. Which of the following is considered a security vulnerability? A. The absence of a security guard B. A disgruntled employee C. An access control system not functioning properly D. A piece of code written to create a DoS attack

234 - Which intellectual property laws match each example? A. Trade Secret B. Trademark C. Patent D. Copyright - Double tapping a screen for enlarging documents on a tablet - A recipe for chicken batter at a popular restaurant chain - A logo of a large restaurant chain - Printed sheet music for a popular song

- [C] Double tapping a screen for enlarging documents on a tablet - [A] A recipe for chicken batter at a popular restaurant chain - [B] A logo of a large restaurant chain - [D] Printed sheet music for a popular song

235 - What is the highest level of information classification used by the majority of organizations? A. Confidential B. Internal use only C. Secret D. Restricted

236 - Which access cards match to each description? A. Magnetic stripe card B. Proximity card C. Smart card - Contains a microchip and can store a large amount of data - Contains a microchip and opens a magnetic lock - Made of PVC material and is easily damaged

- [C] Contains a microchip and can store a large amount of data - [B] Contains a microchip and opens a magnetic lock - [A] Made of PVC material and is easily damaged

237 - What is NOT a valid method of protecting against static electricity? A. Manage humidity levels. B. Ensure equipment and electrical outlets are grounded. C. Install carpets on server room floors. D. Use an ESD Wrist strap.

238 - As part of the security steering committee for a high-tech security firm, you suggest that two high level employees are required to have information that, when put together, provides access to a plaintext key. Upon which concept is the suggestion based? A. Dual control B. Split knowledge C. Social engineering D. Rotation of duties

239 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement? A. Protect resources that are required for data processing. B. Ensure that resource security is maintained during a failure. C. Ensure that vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced. D. Provide a balance between the implemented security controls and the user's productivity.

240 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with? A. Accreditation B. Hallmark C. Affirmation D. Certification

241 - Which is not a characteristic of business impact analysis? A. Determining the maximum tolerable downtime (MTD) B. Identifying critical systems C. Determining a recovery strategy D. Developing it early in business continuity planning

242 - During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase? A. Human resources B. Data and voice equipment C. Environmental issues D. Computer and network equipment

243 - What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986? A. To use classified data for the benefit of a foreign nation B. To disclose personal medical information C. To gain unauthorized access to government computers D. To gain authorized access to personal medical information

244 - What would be the least effective method to prevent an intruder from gaining access to a facility? A. Smartcards B. A fence C. Guard dogs D. CCTV

245 - What type of interference can be caused by a disturbance in the circuit from the difference in the hot, neutral, and ground wires and the magnetic field they generate? A. Electromagnetic interference B. Intermodulation C. Electrostatic discharge D. Radio frequency interference

246 - What is the first level in the Orange Book that requires labeled security? A. C2 B. B1 C. C1 D. B2

247 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls? A. Provide users with the level of access they require to complete their assigned tasks. B. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel. C. Provide all users with administrative-like access control capabilities. D. Provide specific users with administrative-like access control capabilities.

248 - What does the term "trusted computing base" best address? A. The level of application portability a system provides B. The level of trust a system provides C. The level of security a system provides D. The level of communication a system provides

249 - How does DCOM provide security for software applications? A. It uses garbage collection to leave classified data in unallocated memory locations B. It creates authentication levels that protect the authenticity, integrity, and confidentiality of data C. It creates sandboxes, which are security boundaries within which untrusted applets are executed D. It uses digital signatures, which are verified using the Authenticode technology

250 - Which of the following are qualitative risk analysis techniques and quantitative risk analysis techniques? ``` A. Delphi B. Checklists C. Sensitivity analysis D. Focus groups E. Monte Carlo ``` - Qualitative risk analysis - Quantitative risk analysis

- [B, A, D] Qualitative risk analysis | - [E, C] Quantitative risk analysis

1 - Which statement best describes the purpose of a public key infrastructure certificate? A. It is used to perform certification registration duties. B. It is used to maintain and issue certificates. C. It is used to associate a public key with various identification information so that an owner can be uniquely identified. D. It is used to provide a secure means of communication between a wide range of geographically dispersed individuals.

2 - Which type of security threat would be used by an attacker to delete a resource on a specific date or time? A. SYN flood attack B. Logic bomb C. DoS attack D. Companion virus

3 - Which device can help protect against water damage? A. Acoustical detection system B. Surge suppressor C. Closed-loop recirculating system D. Water detector

4 - There are different types of eavesdropping methods. Which method involves tampering with a transmission medium in order to create a covert signaling channel? A. Passive Eavesdropping B. Covert Channel Eavesdropping C. Channel Eavesdropping D. Active Eavesdropping

5 - During a project, what process determines if a software product provides its intended services? A. Verification B. Software escrow C. Validation D. Change control

6 - Which Redundant Array of Independent Disks (RAID) level writes data to two different drives at the exact same time so that both drives contain the exact same data? A. RAID 3 B. RAID 0 C. RAID 5 D. RAID 1

7 - Which statement accurately describes key distribution and maintenance? A. Key backups should be highly secured and not readily accessible. B. The process should be manual. C. Keys should be stored in plaintext for easy recovery in case of disaster. D. The process should be automated.

8 - What attributes are used when evaluating a system's protection mechanisms under the information Technology Security Evaluation Criteria (ITSEC)? A. Assurance and integrity B. Integrity and Authentication C. Functionality and Assurance D. Confidentiality and Functionality

9 - You are attempting to determine the types of preventative measures to put in place to protect your company's facility. What is not a preventative measure you might implement? A. Increase inventory B. Implement a hot site C. Purchase generators D. Create redundant power lines

10 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence? A. CCTV B. TDR C. DSA D. PPTP

11 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence? A. Modifying computer-generated evidence is impossible B. Evidence must be returned to its owner once presented in court C. Evidence must be legally permissible D. Evidence must not be admissible

12 - Which type of lock provides the least amount of security? A. Electronic combination lock B. Warded lock C. Tumbler lock D. Smart lock

13 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance? A. Fencing B. Keyboard monitoring C. Closed Circuit Television (CCTV) D. Audit logs

14 - Which term represenets a collection of technologies that gathers and stores access control information and specified system activity for later study? A. MTBF B. SIEM C. ITIL D.FMEA

15 - What has a primary focus on ensuring the business functions that are critical to the organization's survival are available in the event of a business interruption? A. NYSE Rule 446 B. Resource dependency analysis C. Corporate contingency planning D. Business impact analysis

16 - Which statement best defines a clipping level? A. The implementation of assurance levels and the management of security features. B. The act of discovering a problem before it becomes a major issue and causes damage C. A threshold that defines a baseline that must be met before a violation is recorded and further review D. A baseline that defines a threshold that must be met before a violation is recorded for further review

17 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is a typical threat to confidentiality? A. Shoulder surfing B. Separation of duties C. Encryption D. Denial-of-Service (DoS) attack

18 - What ITSEC rating is concerned with a high level of integrity during communications? A. F7 B. F6 C. F9 D. F8

19 - You need to select a server room fire suppressant that is considered environmentally safe and less damaging to hardware. What should you choose? A. Carbon Dioxide B. FM200 C. Halon 1301

20 - What is considered a felony under the US Computer Fraud and Abuse At of 1986? A. To gain unauthorized access to government systems B. To disclose personal medical information C. To use classified data fro the benefit of a foreign nation D. To exchange passwords for unauthorized access to systems.

21 - What classification of gate is designed to secure an industrial yard that only authorized individuals are permitted entry? A. Class I B. Class III C. Class IV D. Class II

22 - Management plans to implement a security policy that enforces the proper use of company e-mail, address monitoring, and privacy issues. What type of security policy is best suited for this purpose? A. Advisory B. Informative C. Issue-specific D. System-specific

23 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this? A. Wardialing B. Piggybacking C. Wardriving D. Modemsurfing

24 - What is the most common method used to locate unsecured wireless networks? A. Wardriving B. Salami C. Wardialing D. Piggybacking

25 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occurring if one of the steps fails? A. Consistency B. Durability C. Isolation D. Atomicity

26 - What method of securing an object-oriented DBMS only provides discretionary access controls? A. SORION B. ORION C. Views D. SODA

27 - What is not a basic principle used to help protect against threats to data integrity? A. Need-to-know B. Repudiation C. Separation of duties D. Rotation of duties

28 - Which constraint should be the primary concern when creating procedures for background checks on new hires? A. Organizational policies B. Privacy laws C. Senior management's sign-off D. Employee acceptance

29 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure? A. RAID 1 B. RAID 3 C. RAID 0 D. RAID 5

30 - What is true regarding the relationship between laws and ethics? A. Ethics and laws are synonymous. B. Most laws are derived from ethics. C. Ethics are always derived from laws. D. An action that is legal is also ethical.

31 - Which is TRUE in relation to a one-way hash function? A. It takes a fixed-length string and produces a fixed-length value. B. It takes a variable-length string and produces a fixed-length value. C. It takes a fixed-length string and produces and variable-length value. D. It takes a variable-length string and produces a variable-length value.

32 - Which option is NOT TRUE in regards to key management? A. Key lengths should be long enough to provide the level of protection that is required. B. Keys should be maintained in a secure location when their lifetime expires. C. Keys should be stored and transmitted in a secure manner. D. The lifetime of a key should be dictated by the amount of usage.

33 - Which type of law is based on the traditions of the region? A. Common B. Customary C. Mixed D. Religious

34 - What best describes an information protection environment? A. An environment for operations security that encompasses all computing resources in an organization B. An environment for software security that encompasses all software used in an organization C. Audits, logs, policies, and procedures used to track user activities throughout the organization D. An environment for hardware security that encompasses all dedicated hardware in an organization

35 - Which type of security document should management use to mandate that all employees wear photo ID badges, and that they be visible at all times? A. Procedure B. Guideline C. Baseline D. Informative security policy

36 - Which statement best identifies what vulnerability tools are used for and who they are used by? A. They are used by network administrators to fix security vulnerabilities that are present within a network. B. They are used by hackers to determine what security vulnerabilities are present within a network. C. They are used by network administrators to determine what security vulnerabilities are present within a network. D. They are used by hackers and network administrators to determine what security vulnerabilities are present within a network.

37 - There are different types of offsite solutions for facility recovery. What is the most common type of subscription-based backup facility? A. Warm B. Cold C. Hot D. Redundant

38 - What security mode is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it? A. Multilevel Security Mode B. System High-Security Mode C. Compartmented Security Mode D. Dedicated Security Mode

39 - Which rule will protect data at an integrity level from being corrupted by data at a lower integrity level? A. Star property rule B. Strong star property rule C. Simple security rule D. Simple integrity axiom

40 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as? A. Certification B. Hallmark C. Accreditation D. Affirmation

41 - What is NOT true regarding the services that MPLS provides? A. QoS is provided B. Encryption is provided C. Traffic engineering is provided D. Packet labeling is provided

42 - Several measures can be taken to help protect against electric power issues. What is NOT a recommended method of protecting devices? A. Do not run cables close to fluorescent lights. B. Plug all devices into surge protectors. C. Plug power bars into other power bars to help provide additional protection. D. Use shielded cables.

43 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the use currently resides? A. Simple security rule B. Simple integrity axiom C. Star integrity axiom D. Star property rule

44 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources? A. Plan maintenance B. Business impact analysis C. Develop recovery strategies D. Policy statement and team creation

45 - Which type of security device is set into a door's edge? A. Rim lock B. Biometric reader C. Card reader D. Mortise lock

46 - What process involves data from multiple databases or data sources being combined into a large database for the purpose of running queries for data analysis and retrieval? A. Data mining B. Data warehousing C. Data sifting D. Data digging

47 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is this process referring to? A. Accreditation B. Certification C. Affirmation D. Verification

48 - Which security principle ensures that information is not disclosed to unauthorized individuals? A. Confidentiality B. Integrity C. Availability D. Authorization

49 - What is the best method of preventing a buffer overflow? A. Increase the amount of virtual memory available to the operating system B. Add RAM to the computer C. Limit the amount of data that is accepted by an application D. Limit the amount of data that can be entered into memory

50 - What type of alarm system triggers an alarm at your organization's security command center when it detects an intruder? A. Auxiliary station B. Proprietary C. Central station D. Local

51 - What is not a valid type of test for a Business Continuity Plan (BCP)? A. Parallel B. Partial interruption C. Simulation D. Checklist

52 - Which of the following is an example of a technical control? A. Background checks B. Mantraps C.Encryption D. Policies and procedures

53 - Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer. However, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization? A. Chief financial officer B. Chief security officer C. Chief information officer D. Chief executive officer

54 - Which type of law acts on civil violations against an organization or individual? A. Criminal B. Regulatory C. Tort D. Administrative

55 - Which access control model is also referred to as nondiscretionary access control? A. Role-based access control B. Discretionary access control C. Mandatory access control D. Rule-based access control

56 - Which Capability Maturity Model integration maturity levels match to each description? ``` A. Managed B. Repeatable C. Initial D. Defined E. Optimizing ``` - The company uses an ad hoc development process for its products and software. - The company has formal procedures for outlining process and has a method that can help with process improvement. - The company's plans are integrated with a budget used for continually improving processes - The company has formal processes to collect and study data and defined metrics for their program used for process improvement - The company does not use a formal process model, but they can replicate the processes needed.

[C] - The company uses an ad hoc development process for its products and software. [D] - The company has formal procedures for outlining process and has a method that can help with process improvement. [E] - The company's plans are integrated with a budget used for continually improving processes [A] - The company has formal processes to collect and study data and defined metrics for their program used for process improvement [B] - The company does not use a formal process model, but they can replicate the processes needed.

57 - Various resources are available to aid in the development of an information security strategy. Which resource sets the allowable boundaries that are used to determine if policy requirements have been met? A. Procedure B. Policy C. Standard D. Guideline

58 - Which IDS technologies match each characteristic? A. Signature-based B. Anomaly-based - Is able to identify several activities and compare them to known patterns simultaneously - Is synonymous with heuristic-based - Does not have the ability to identify new attacks - Has the ability to identify new attacks

- [A] Is able to identify several activities and compare them to known patterns simultaneously - [B] Is synonymous with heuristic-based - [A] Does not have the ability to identify new attacks - [B] Has the ability to identify new attacks

59 - What is NOT one of the three critical requirements for operations controls? A. Hardware control B. Resource protection C. Software control D. Privileged-entry control

60 - An NDA addresses which security principal? A. Authenticity B. Integrity C. Availability D. Confidentiality

61 - At which stage of the SLC does the development team observe how the system operates to make sure it is functioning as expected? A. Recording and documenting B. Revisions and system replacement C. Producing and installing D. Operations and maintenance support

62 - What law protects software programs from illegal distribution? A. Patent B. Copyright C. Trademark D. Trade secret

63 - You have received a change request from your client on a project you are currently developing for them. What is the correct order of steps you should take to ensure that you follow the change control process? A. Make a formal request, Submit the request for approval, Develop the change, Analyze the request, Record the request, Report the results to management B. Make a formal request, Analyze the request, Record the request, Submit the request for approval, Develop the change, Report the results to management C. Submit the request for approval, Make a formal request, Analyze the request, Record the request, Develop the change, Report the results to management D. Analyze the request, Record the request, Make a formal request, Submit the request for approval, Develop the change, Report the results to management

64 - Companies tha thave been attacked often choose not to release this information to the media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account? A. Kevin Mitnick B. Cult of Dead Cow C. Chaos Computer Club D. Legion of Doom

65 - What ensures the accountability and integrity of evidence once it is collected? A. Tangibility B. Chain of evidence C. Due care D. Due diligence

66 - What type of test involves selected members from each department coming together to review and discuss each section of the Business Continuity Plan (BCP)? A. Simulation test B. Checklist test C. Parallel test D. Structured Walk-Through test

67 - Which identity management system characteristics match with the identity management system? A. Supports the Apple Talk protocol B. Provides packet delivery with TCP C. Encrypts packets between the server and the client D. Combines services for authentication and authorization E. Provides packet delivery with UDP F. Uses PPP connections - TACACS+ - RADIUS

- [A, C, B] TACACS+ | - [E, F, D] RADIUS

68 - What type of database integrity exists if all foreign keys point to existing primary keys? A. Semantic B. Entity C. Structural D. Referential

69 - Which component is used to create digital signatures? A. IPsec B. DSA C. SKIP D. PPTP

70 - There are various methodologies available for assessing an organization's security risks. Which risk assessment methodology would be best to use to prescreen systems and applications to determine whether further risk analysis is warranted? A. FRAP B. CRAMM C. NIST SP 800-66 D. FMEA

71 - Your organization is performing business continuity and disaster recovery planning, and you are the lead planner for this project. The overall scope of the effort required for planning has ben determined and you have begun to look at the resource requirements to complete the development of the plan. Which statement is not true concerning the resource requirements that are required to develop the project plan? A. Outside consultants may be hired to assist with the initial planning stages. B. Software tools may be used to help with the collection of information for planning. C. People used on the planning team should not be the same individuals that perform the recovery. D. The planning team needs to be represented by individuals from business operations and technology areas.

72 - Which rule is also classified as the "no read down" rule? A. Star integrity axiom B. Simple security rule C. Star property rule D. Simple integrity axiom

73 - Which layer of the SABSA model operates across all the other layers? A. Logical B. Physical C. Contextual D. Operational

74 - The International Information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory canon in the CISSP Code of Ethics? A. Protect society, the commonwealth, and the infrastructure. B. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty. C. Provide diligent and competent service to principals. D. Act honorably, honestly, justly, responsibly, and legally.

75 - What type of technology makes use of a sandbox as a security mechanism? A. ActiveX B. Malware C. Java D. DBMS

76 - Which organization provides the standards for reinforced filing cabinets? A. Office of Government Commerce B. U.S. Government C. Underwriters Laboratory D. Pearson VUE

77 - What type of water sprinkler system is best used in an environment that contains a lot of expensive computer and electronic equipment? A. Deluge B. Dry pipe C. Wet pipe D. Preaction

78 - What type of mobile code control serves as a protected area for a program to execute? A. Kernel B. Access matrix C. Covert channel D. Sandbox

79 - You need to purchase video surveillance equipment for your organization. Your boss has requested that you implement an automated system that is able to trigger alarms when it detects noise or movement. What type of camera system should you deploy? A. A CCD capable system B. An annunciator capable system C. An automatic iris capable system D. A PTZ capable system

80 - Which database models match each description? A. Network B. Object-oriented C. Hierarchical D. Relational - The data stored in this model is based on two-dimensional tables consisting of tuples and attributes. - The data stored in this model is linked in a way that each record or child has only one owner or parent. - The data stored in this model is linked in a way that establishes a multiple child-parent relationship. - The data stored in this model is in the form of objects using programming features.

- [B] The data stored in this model is based on two-dimensional tables consisting of tuples and attributes. - [C] The data stored in this model is linked in a way that each record or child has only one owner or parent. - [A] The data stored in this model is linked in a way that establishes a multiple child-parent relationship. - [D] The data stored in this model is in the form of objects using programming features.

81 - The company's database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significant amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in? A. Urgent B. Normal C. Critical D. Nonessential

82 - In terms of a biometric system, what is referred to as a Type II error? A. False rejection rate B. Equal error rate C. False acceptance rate D. Crossover error rate

83 - Mantraps are an example of what type of security control? A. Corrective controls B. Detective controls C. Preventive controls D. Recovery controls

84 - To which type of attack is a PBX system vulnerable? A. Sniffing attack B. Privilege escalation attack C. Phreak attack D. DNS spoofing attack

85 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. What is NOT a concern for the resource protection critical requirement? A. Ensure that resource security is maintained during a failure. B. Protect resources that are required for data processing. C. Provide a balance between the implemented security controls and the user's productivity. D. Ensure the vulnerabilities directed at the availability, integrity, and confidentiality of resources is reduced.

86 - The Application layer of the TCP/IP model maps to which layers of the OSI model? A. Application, Session, Transport B. Presentation, Session, Transport C. Application, Presentation, Session D. Transport, Network, Data Link

87 - When might an organization require an export license? A. To implement cloud computing B. To permit trans-border data flows C. To employ a key escrow service D. To establish a distributed data model

88 - There are various types of evidence that can be used in a court of law. What type of evidence cannot be used on its own, but may be admissible to prove other, more substantial evidence? A. Opinion evidence B .Circumstantial evidence C. Hearsay evidence D. Corroborative evidence

89 - What is the BEST way to secure all data at rest on a portable computer without degrading system performance? A. Hardware-based FDE B. Software-based FDE C. SSL D. Cloud computing

90 - What is the first level in the Orange Book that requires verified protection? A. B2 B. C1 C. B1 D. A1

91 - Which technology provides availability, load balancing, redundancy, and failover? A. RADIUS B. Redundant Servers C. RAID D. Clustering

92 - A security practitioner is designing a network diagram that includes two routers and a firewall. A demilitarized zone (DMZ) is required for controlling a DMZ access from untrusted and trusted sites. ``` [Internet] | (Router) | [*Link*]-- [Firewall] | [*Link*] | (Router) | [*Link*] | [host - server] [host - host ] ```

The link off to the side from the firewall

93 - You need to provide security for your client's connections to your web server. you need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this? A. SET B. HTTPS C. HTTP D. S-HTTP

94 - Which cipher is most susceptible to frequency analysis attacks? A. Caesar Cipher B. Transposition Cipher C. Polyalphabetic Substitution Cipher D. Running Key Cipher

95 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router? A. Layer 2 B. Layer 1 C. Layer 7 D. Layer 3

96 - What is an example of a preventive control? A. Motion detectors B. Routers C. Audit logs D. IDS

97 - What type of attack involves interference that overpowers the sending and receiving of data signal on a communications link? A. Covert Wireless Channel B. Eavesdropping C. Denial of Service jamming D. Man-in-the-Middle attacks

98 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients? A. Relational data model B. Distributed data model C. Rational data model D. Hierarchical data model

99 - Which type of light is ideal for indoor lighting but not for outdoor lighting? A. Quartz lamps B. Fluorescent C. Sodium vapor D. Mercury vapor

100 - A disaster recovery plan should ensure that salaries will be paid to employees while the organization's normal business operations are suspended. What type of insurance policy provides coverage for this? A. Cyberinsurance B. Business interruption insurance C. Accounts receivable insurance D. Liability insurance

101 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out? A. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution B. Reconnaissance, Enumeration, Execution, Vulnerability Analysis, Document Findings C. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings D. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings

102 - When developing the business continuity plan (BCP), what is not the responsibility of management? A. The outcome of the BCP development process B. Creating the policy statement and setting goals C. Determining any legal and regulatory requirements D. Making the necessary resources available

103 - What is the Bell-LaPadula model most concerned with? A. Integrity B. Confidentiality C. Repudiation D. Verification

104 - What needs to be done by the organization to help ensure that the insurance company is responsible for coverage in the event of a disaster? A. Nothing, the insurance company is always responsible B. The organization must practice due diligence C. The organization must purchase a Business Interruption Insurance policy D. The organization must practice due care

105 - Which encryption method characteristics match to each encryption method? ``` A. Can be used for key distribution B. Number of keys can be determined by n(n-1)/2 C. Uses two instances of the same key D. Provides authentication E. Provides confidentiality only F. Uses a public key and a private key ``` - Symmetric - Asymmetric

- [B, E, C] Symmetric | - [A, D, F] Asymmetric

106 - Which access control concept involves using a common set of process and controls for an area to segregate its resources and services from other entities on the network? A. Least privilege B. Need to know C. Compartmentalization D. Security domain

107 - What type of intrusion detection system (IDS) uses strips of foil, or preassure pads, near an entry point that sounds an alarm when the contact is broken? A. Acoustical detection system B. Photometric system C. Electro-mechanical system D. Proximity detector

108 - The Clark-Wilson model may be used to implement system integrity in a security policy. What best describes the Clark-Wilson integrity model? A. Rights are specified using a table consisting of ACLs and capability lists. B. Transformational procedures define the relationship between subject and object. C. When compared to their assigned security levels, users cannot read data at lower levels or write data at higher levels. D. Subjects are granted write access to objects with the same or higher security level as their own.

109 - What part of the product evaluation process deals with product development and maintenance? A. Life-cycle assurance B. Change control C. Operational assurance D. Clipping levels

110 - Which mode of the Data Encryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)? A. Counter B. Cipher Feedback C. Cipher Block Chaining D. Electric Code Book

111 - What method for database security involves having multiple instances of rows with the same primary key, each displaying a different set of data depending on the user's security level? A. Aggregation B. Views C. Polyinstantiation D. Inference

112 - Which of the following is NOT one of the principles identified by the Directive on Data Protection? A. Data confidentiality B. Choice C. Notice D. Data integrity

``` 113 - Which type of attack does not involve the use of the encryption key or encryption algorithm to gain access to secret information? A. Chosen ciphertext B. Brute force C. Chosen plaintext D. Social engineering ```

114 - What should be the last step in the project initiation phase? A. Appoint a leader B. Appoint a BCP team C. Create a project plan D. Present a project plan to management

115 - Which standard includes resources to help organizations maintain the safe treatment of cardholder information for payment card services? A. NFPA 1600 B. XML C. PCI-DSS D. PGP

116 - What type of interference can be caused by a disturbance in the circuit from the difference in the hot, neutral, and ground wires and the magnetic field they generate? A. Intermodulation B. Radio frequency interference C. Electromagnetic interference D. Electrostatic discharge

117 - Which type of attack exploits the communications session between two communicating devices so that the session can be hijacked? A. DNS poisoning B. Sniffer Attack C. TCP Sequence Number Attack D. Ping of Death Attack

118 - Which attack takes advantage of weaknesses in the design of the TCP protocol? A. Fraggle B. Smurf C. Teardrop D. SYN flood

119 - What is not a phase involve din preparing a Business Continuity Plan (BCP)? A. Recovery Strategies B. Classify Resources C. Project Management and Initiation D. Testing, Maintenance, Awareness, and Training

120 - What should be the first step completed in the project initiation phase? A. Define plan goals B. Appoint a BCP team C. Appoint a leader D. Obtain management support

121 - What is one of the best ways to prevent piggybacking from occurring at the access points into a facility? A. Programmable locks B. Swipe cards C. Proximity cards D. Security gurards

122 - Which task is not part of the initial steps an attacker would perform when attacking a network? A. Determining which ports are open by performing port scans B. Start building a network topology C. Determining which operating systems are installed on the active computers D. Determining which computers are physically active

123 - What is considered a misdemeanor under the Computer Fraud and Abuse Act of 1986? A. To gain unauthorized access to government computers B. To gain authorized access to personal medical information C. To disclose personal medical information D. To use classified data for the benefit of a foreign nation

124 - Tem professional practice areas make up the basis of NFPA 1600. Which practice area involve determining the threats that apply to an organization and limiting their potential impact? A. Project initiation and management B. Risk evaluation and control C. Awareness and training programs D. Maintaining and exercising BCPs

125 - A junior network technician has approached you and asked for your opinion on what would be the most secure cable to implement within the organization. What should you tell them? A. Fiber-optic B. Unshielded Twisted Pair (UTP) C. Shielded Twisted Pair (STP) D. Coaxial

126 - When does a buffer overflow occur? A. When the operating system runs out of RAM and causes a reboot B. When an application runs out of memory and crashes the system C. When too much data is entered into the buffer D. When an application sends too much information to another application causing a blue screen

127 - An organization that partners with other corporations has multiple communication channels. What should be taken into consideration by all employees regarding these channels? A. Single sign-on B. Privacy compliance C. Monitoring technologies D. Intrusion detection

128 - Why are most companies unaware that they have ever been attacked? A. Most attacks are performed by individuals located inside the target network. B. There are only a few laws that specifically address computer crimes. C. Attackers usually spoof their IP addresses. D. Attackers usually erase any logs that record their activities.

129 - Which is not a characteristic of business impact analysis? A. Determining a recovery strategy B. Determining the maximum tolerable downtime (MTD) C. Identifying critical systems D. Developing it early in business continuity planning

130 - Which viable weekly backup strategy will take the least amount of time to complete? A. Perform a differential backup every Monday and an incremental backup on the remaining days of the week. B. Perform a full backup every Monday and a differential backup on the remaining days of the week. C. Perform a full backup every day. D. Perform a full backup every Monday and an incremental backup on the remaining days of the week.

131 - What is not an example of a physical control? A. Subnets B. External lights C. Data backups D. Building location

132 - What type of backup will contain any files that have changed since the last full backup? A. Full B. Complete C. Differential D. Incremental

133 - A security practitioner is designing access control monitoring. The design includes a non-filtering router, a firewall, and a company network. in particular, the company wants to correctly place an IPS so that the number of alerts is significantly reduced. ``` [Internet] [Point] \/ \/ [Point] [Firewall] (Router) | | - [Point] -[Point] | | [Company Net][Company Net] ```

The point between the firewall and the company network

134 - Which wireless technology matches to each description? A. Cellular B. Infrared C. IEEE 802.11 D. Bluetooth - Requires a network-aware device or dongle and an active account - Switches between any of the 79 frequencies available in the 2.45 GHz range - Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz - Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another

- [A] Requires a network-aware device or dongle and an active account - [D] Switches between any of the 79 frequencies available in the 2.45 GHz range - [C] Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz - [B] Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another

135 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them? A. Coaxial B. Fiber-optic C. Shielded Twisted Pair D. Unshielded Twisted Pair

136 - In a secure network, personnel play a key role in the maintenance and promotion of security procedures. Allotting different roles and responsibilities to different personnel provides increased security. It is important that each participant's role is clearly defined and understood by the participants and by their peers. Which role is responsible for ensuring that the company complies with software license agreements? A. Data analyst B. Solution provider C. Product-line manager D. Process owner

137 - Administrative, technical, and physical controls should be used by security administrators to meet the organization's security requirements. What is an example of a technical control? A. Router B. Closed -circuit TV (CCTV) C. Data backup D. Biometric system

138 - What law protects company logos from illegal duplication? A. Patent B. Copyright C. Trademark D. Trade secret

139 - Which aspect of IAM involves creating, modifying, and deleting user accounts? A. Identity management B. Authorization C. Entitlement D. Provisioning

140 - A junior technician has approached you to ask what she should do to ensure users are accountable for their actions. What should you tell her? A. You should tell her to implement logs. B. You should tell her to implement auditing. C. You should tell her to only hire honest people. D. You should tell her to implement an accountability server.

141 - With Biometric systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied? A. EMP B. FAR C. FRR D. CER

142 - What is a security professional considered when they use hacking tools to test their own network for vulnerabilities? A. Script kiddie B. Black hat C. Red Hat D. White hat

143 - To help maintain operational resilience, your organization has implemented redundant fans and power supplies in key systems. In addition, they are looking to move away from concatenated disks by implementing proper RAID levels. On a system that is used for general storage, the requirement is that it can survive the failure of any one disk. Which RAID level will best meet this requirement? A. RAID 0 B. RAID 4 C. RAID 3 D. RAID 5

144 - There are various threats that directly affect your operations environment it is important that your environment is protected against these threats. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad? A. Corruption and modification B. Disclosure and corruption C. Destruction and theft D. Interruption and disclosure

145 - Which piece of equipment is not recommended for use by incident response teams? A. Plastic containers B. Ball-point pen C. Spiral notebook D. Digital camera

146 - Which of these algorithms is NOT a symmetric algorithm? A. DES B. RSA C. AES D. 3DES

147 - Which statement best describes a properly implemented incident handling program? A. Incident handling should be approached in a reactive manner B. Incident reporting should be decentralized C. Incident handling should be part of the business continuity plan D. Incident handling should be part of the disaster recovery plan

148 - You have been tasked with implementing an intrusion detection system that learns as it performs its day-to-day tasks and uses this knowledge to detect any changes that could mean an intrusion is occurring. Which one should you implement? A. Network-based intrusion detection system B. Signature-based intrusion detection C. Statistical anomaly-based intrusion detection D. Host-based intrusion detection system

149 - Which method does not provide integrity for a message? A. Hashing a message B. Encrypting a message C. Encrypting and digitally signing a message D. Digitally signing a message

150 - Electronic devices emit electrical and electromagnetic signals through the airwaves. This is referred to as what? A. Emanation B. EMI C. White noise D. Tempest

151 - Which of these security models ensure that you cannot write to an object that resides at a security level lower than the one you possess? A. Latice model B. Biba model C. Bell-LaPadula model D. Clark-Wilson model

152 - What can be done to enforce employee accountability? A. Ensuring employees arrive on time for work B. Employee's providing a password or passphrase C. Employee's maintaining corporate documentation D. Including employee IDs in the audit logs

153 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company's president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora's Fourth Amendment rights? A. If Debora is acting as a police agent, management's Fourth Amendment rights would not be violated. B. If management is acting as a police agent, Debora's Fourth Amendment rights would not be violated. C. If management is acting as a private citizens, Debora's Fourth Amendment rights would be violated. D. If management is acting as private citizens, Debora's Fourth Amendment rights would not be violated.

154 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls? A. Provide all users with administrative-like access control capabilities. B. Provide users with the level of access they require to complete their assigned tasks. C. Provide specific users with administrative-like access control capabilities. D. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel.

155 - The integrity of data within a database can be protected by different types of operations. Which is NOT an operation that will protect the integrity of data within a database? A. Savepoint B. Commit C. Inference D. Rollback

156 - Which access control concept is used when operational secrecy is a major concern? A. Security domain B. Need to know C. Compartmentalization D. Least privilege

157 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher? A. Running key B. Transposition C. Substitution D. Null

158 - Knowledge discovery in databases (KDD) is a process where patterns within a database are identified using various approaches and techniques. Which is NOT one of the approaches used in the KDD system to determine patterns? A. Statistical B. Heuristic C. Probabilistic D. Classification

159 - What is the best strategy for outsourcing? A. Omitting business continuity and disaster recovery considerations from the outsourcing strategy B. Including appropriate terms and conditions in the SLA C. Excluding service improvement expectations from the outsourcing contract D. Developing an outsourcing strategy independent of auditing considerations related to outsourcing

160 - Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings? A. Reverse ARP B. Revers ARP table poising C. ARP table poisoning D. Poisoning ARP cache

161 - Your current network uses the Open Shortest Path First (OSPF) dynamic routing protocol to update routes to different destinations on the network. It has been brought to your attention that a rougue router is updating routes on the internal network. This is creating false routes to destinations internally and externally which imposes a security issue. What should you do to prevent the rogue router from updating your internal routing information? A. Contact the local authorities. B. Unplug the rogue router. C. Implement update authentication between the internal routers. D. Implement a different type of dynamic routing protocol

162 - Fire suppression systems use different methods to combat fires. What substance is non=-toxic, does not deplete the ozone, and is safe to use around electrical equipment? A. Carbon dioxide (CO2) B. FM 200 C. Deluge D. Halon

163 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment? A. Fault B. Brownout C. Sag D. Blackout

164 - Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation? A. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information. B. A user has the permissions to access information, and also has the required permissions to access subsets of the same information. C. A user has the permissions to access information, and does not have the required permissions to access subsets of the same information. D. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information.

165 - Several methods have been developed to be used as the basis for assessing an organization's security posture. Which information security risk assessment methodology is made up of a suite of tools and focuses on the principle of self-direction? A. OCTAVE B. PUSH C. SOMAP D. VAR

166 - Which type of attack involves deceiving a trusting person into sharing confidential information? A. Active B. Social engineering C. Passive D. Spoofing

167 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with? A. Affirmation B. Hallmark C. Certification D. Accreditation

168 - Which security models match each characteristic? A. Lipner B. Biba C. Bell-LaPadula D. Clark-Wilson - Confidentiality - Integrity - Confidentiality and Integrity

- [C] Confidentiality - [B, D] Integrity - [A] Confidentiality and Integrity

169 - Which statement is not true in relation to the term "back door"? A. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in. B. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes. C. A back door attack allows an attacker to masquerade themselves as someone else. D. There are various tools on the market that allow you to easily create and execute back door attacks.

170 - Which security model has the ability to address the inference attack? A. Graham-Denning model B. Noninterference model C. Lattice model D. Biba model

171 - What often happens unexpectedly because of the development of a company's contingency plan? A. RTOs are discovered B. Hot sites are found to be expensive to maintain C. Support from senior management is realized D. Improved business operations

172 - Which access control model makes use of ACLs? A. Mandatory access control B. Nondiscretionary access control C. Role-based access control D. Discretionary access control

173 - During the system development process, logging should be enabled to ensure that the development life cycle is tracked. What should you track in the logs? A. Completion codes B. Edits C. Operating instructions D. Who accessed the resource, what resource was accessed, and when the resource was accessed

174 - Which statement is TRUE in relation to work factor? A. Work factor is an estimate of the effort and resources that are required to penetrate a cryptosystem. B. Work factor is the total value of the overall cryptographic strength. C. Work factor is an estimate of the overall cryptographic strength. D. Work factor is the total amount of effort and resources that are required to penetrate a cryptosystem.

175 - What Common Criteria assurance level is the first to require that the product is formally verified, designed, and tested? A. EAL 5 B. EAL 4 C. EAL 7 D. EAL 6

176 - The planning phase should involve creating a timeline for developing the BCP. It is important to prioritize certain areas and to specify when plans for those areas will be completed. For a medium-sized company with an experienced planner and the full support of management, when should a BIA be completed? A. Within six months B. Nine to 12 months C. Six to nine months D. Within the first month

177 - For applications to interact with various types of databases, a type of interface is needed. What type of database interface language is used for structuring data so that it can be shared between applications and web technologies? A. OLE DB B. ADO C. XML D. ODBC

178 - Which features match to each key technology? A. Can be re-pinned by using a master key B. Contains a built-in microprocessor C. Allows for 10 to 15 lock changes D. Identifies the individual key holder - Instakey - Intellikey

- [A, C] Instakey | - [B, D] Intellikey

179 - An organization has hired contractors for a project requiring a confidentiality agreement. Issues with one of the contractors require that they be terminated. When should the contractor be terminated? A. Upon completion of the project B. After the completion of a termination interview C. After a two-week notice period D. immediately

180 - Which item is typically used for the implementation of a key control system for securing access to areas containing sensitive equipment? A. Biometric reader B. Patented cylinders C. One time keypad D. Public Key Infrastructure

181 - What would be the maximum tolerable downtime (MTD) of a business function categorized as urgent? A. 24 hours B. Up to 4 hours C. 30 days D. 7 days

182 - What are the strengths and weaknesses of asymmetric cryptography? A. Provides authenticity B. Uses more computational power than the other cryptography method C. Does not scale well in terms of key management D. Uses less computational power than the other cryptography method E. Better key distribution than the other cryptography method F. Provides confidentiality only - Weakness - Strength

- [B] Weakness | - [A, E] Strength

183 - Which access cards match to each description? A. Proximity card B. Magnetic stripe card C. Smart card - Contains a microchip and can store a large amount of data - Made of PVC material and is easily damaged - Contains a microchip and opens a magnetic lock

- [C] Contains a microchip and can store a large amount of data - [B] Made of PVC material and is easily damaged - [A] Contains a microchip and opens a magnetic lock

184 - Which attack occurs when an attacker sends packets that are too small? A. Fraggle B. SYN flood C. Smurf D. Teardrop

185 - There are many different types of computer crimes, each of which can be committed differently. An employee who eavesdrops on the electronic signals emitted by a computer is committing what type of attack? A. Emanations capturing B. TEMPEST C. Salami attack D. Data diddling

186 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs? A. Accidental disclosure of confidential, private information B. Susceptibility to DoS attacks C. Their being used to facilitate the spread of malicious code D. Their being used to identify wireless hotspots that attackers can use to initiate attacks

187 - You are currently in the process of implementing Network Address Translation (NAT) within your organization. Which IP address range would be best suited for your internal client needs? A. 169.54.0.0 to 169.254.255.255 B. 172.168.0.0 to 172.168.255.255 C. 172.16.0.0 to 172.31.255.255 D. 192.169.0.0 to 192.169.255.255

188 - Which type of media access technology is primarily used in Ethernet networks? A. Polling B. CSMA C. Token Passing D. Ethernet

189 - Which NIST 800-34 standard steps that can be applied to business continuity planning match each description? A. Develop recovery strategies. B. Conduct the BIA. C. Develop the contingency plan. D. Maintain the plan. - Identify threats and calculate risks. - Implement procedures to keep the BCP updated on a frequent basis. - Select methods to ensure systems are efficiently brought back online. - Provide procedures for the organization to remain operational while functions and systems are offline.

- [B] Identify threats and calculate risks. - [D] Implement procedures to keep the BCP updated on a frequent basis. - [A] Select methods to ensure systems are efficiently brought back online. - [C] Provide procedures for the organization to remain operational while functions and systems are offline.

190 - The integrity of data within a database can be protected by different types of operations. Which type of operation can be used when a complete database failure occurs? A. Commit B. Savepoint C. Rollback D. Inference

191 - Which access control model is based on a security label system? A. Nondiscretionary access control B. Mandatory access control C. Role-based access control D. Discretionary access control

192 - In which mode is a system operating if all users have a formal need to know as well as a clearance for all data in the system? A. Multilevel Security Mode B. Compartmented Security Mode C. System High-Security Mode D. Dedicated Security Mode

193 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators? A. Many attackers spoof their IP addresses and erase logs to cover their tracks B. Most attacks are performed by individuals located outside of the network C. There are only a few laws that specifically address computer crimes D. Most companies do not use firewalls

194 - You want to guard against social engineering attacks, including fraudulent e-mails and fraudulent telephone calls. What would be the best choice to ensure security? A. Access control B. Employee training C. IDS D. Separation of duties

195 - Which security roles match each security responsibility description? ``` A. Information Systems Professional B. Guard C. Systems Administrator D. Secretary E. Information Systems Auditor ``` - Responsible for the setup and maintenance of an organization's network - Designs security controls - Checks to ensure people are following the organization's security policies - Responsible to sign for packages that enter or leave the main office in a small organization - Protecting the safety of an organization's employees

- [C] Responsible for the setup and maintenance of an organization's network - [A] Designs security controls - [E] Checks to ensure people are following the organization's security policies - [D] Responsible to sign for packages that enter or leave the main office in a small organization - [B] Protecting the safety of an organization's employees

196 - Which technique involves an attacker probing a host for responses without being able to sniff sequence and acknowledgement messages? A. Emanation B. Brute force attack C. Blind spoofing D. Scrubbing

197 - Carrie has a secret message that she wants only Todd to read. A hybrid approach is used for this transaction. Which statements regarding hybrid cryptography are true and which statements are false? A. Carrie encrypts the message with a symmetric key and the symmetric key with Todd's public key B. Todd decrypts the encrypted symmetric key with his private key and decrypts Carrie's message with the symmetric key C. Carrie encrypts the message with her private key and her private key with Todd's public key D. Todd decrypts Carrie's encrypted private key with his public key and decrypts Carrie's message with Carrie's private key - True - False

- [A, B] True | - [C, D] False

198 - What type of attack prevents a system from responding to legitimate traffic from authorized clients? A. A Trojan horse attack B. A password cracking attack C. An IP spoofing attack D. A denial of service attack

199 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs? A. Warm reboot B. System reboot C. System cold start D. Emergency system restart

200 - Which statement best describes what occurs during a Ciphertext-Only attack? A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key. B. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient. C. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender. D. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key.

201 - Which statements match each organization's code of ethics? A. Seeking to gain unauthorized access to internet resources B. Destroying the integrity of computer-based information C. Provide diligent and competent services to principals D. Compromising the privacy of others E. Act honorably, honestly, justly, responsibly, and legally F. Advance and protect the security profession - IAB - ISC2

- [B, A, D] IAB | - [E, C, F] ISC2

202 - What would be the least effective method to prevent an intruder from gaining access to a facility? A. A fence B. Smartcards C. Guard dogs D. CCTV

203 - You have been tasked with ensuring that users can only access the information that they absolutely need within a database. What is the best method you should use to accomplish this? A. Implement view-based access controls B. Implement discretionary access controls C. Implement mandatory access controls D. Implement an access matrix

204 - The act of monitoring, auditing, and logging provides which measure within an organization? A. Confidentiality B. Accountability C. Integrity D. Availability

205 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is not a typical threat to confidentiality? A. Virus B. Masquerader C. Trojan horse D. Insufficient access control

206 - What is NOT an example of a detective physical control? A. Security guards B. Smoke and fire detectors C. Library control systems D. Alarms and sensors

207 - What requires publicly listed organizations to produce annual internal financial reports? A. Sarbanes-Oxley B. Title IX of the Implementing the 9/11 Commission Recommendations Act of 2007 C. BS 25999 D. TCSEC

208 - Which mechanism functions as a security boundary in which an untrusted Java applet is executed? A. Sandbox B. "Nobody" permissions C. Clipping level D. Digital code signatures

209 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization. For what is the information security officer primarily responsible? A. Evaluating risk management practices in the organization B. Ensuring the security program complies with regulations C. Facilitating information security within the organization D. Identifying emerging security risks

210 - Which standard should you implement if you need to provide encryption and digital signatures for electronic mail? A. MIMES B. S-HTTP C. S/MIME D. HTTPS

211 - Which centralized access control technology is typically used by ISPs and only requires simplistic username/password authentication to gain access? A. RADIUS B. Diameter C. Mobile IP D. TACACS+

212 - Which security model uses features of the Bell-LaPadula and Biba security models? A. Harrison-Ruzzo-Ullman B. Graham-Denning C. Lipner D. Clark-Wilson

213 - You work for a high tech development firm that specializes in the development of custom applications for mobile devices. The company is currently working on an application that will be used on smart cards with limited processing power. Which encryption algorithm would not be suitable for this application? A. Blowfish B. AES C. RC5 D. DES

214 - Intrusion detection systems are used to determine if attacks are occurring on a network. There are several different types of intrusion detection systems available on the market. You have been tasked with implementing an intrusion detection system that uses predefined knowledge to determine if an attack is occurring. Which one should you implement? A. Host-based intrusion detection system B. Signature-based intrusion detection C. Network-based intrusion detection system D. Statistical anomaly-based intrusion detection

215 - What is an example of a deterrent control? A. Smart cards B. Audit logs C. Fences D. Security policies

216 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion? A. Separation of duties B. Rotation of duties C. Intrusion detection D. Access control

217 - Which security principle can have the greatest effect on user productivity? A. Integrity B. Authorization C. Availability D. Confidentiality

218 - Which access control threats match each description? A. Dictionary attacks B. Brute force attacks C. Spoofing - Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - Involves a fake user logon screen being presented to a user for them to input their username and password - Involves trying different input combinations in an attempt to find a correct password

- [A] Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - [C] Involves a fake user logon screen being presented to a user for them to input their username and password - [B] Involves trying different input combinations in an attempt to find a correct password

219 - What Common Criteria assurance level is the first to require that the product is methodically tested and checked? A. EAL4 B. EAL3 C. EAL2 D. EAL5

220 - Which layers of the OSI model map to the Network Access layer of the TCP/IP model? A. Transport and Network B. Network and Data Link C. Network and Physical D. Data Link and Physical

221 - Which remote connection protocols match to each description? ``` A. PPP B. IPsec C. PPTP D. L2TP E. SSL VPN F. VPN ``` - Supports remote access and site-to site topologies - Encrypts data using GRE or MPPE - Communicates over UDP port 1701 - Encrypts packets at the network layer - Requires digital certificates and a PKI - - Encapsulates data, but does not encrypt it

- [F] Supports remote access and site-to site topologies - [C] Encrypts data using GRE or MPPE - [D] Communicates over UDP port 1701 - [B] Encrypts packets at the network layer - [E] Requires digital certificates and a PKI - [A] Encapsulates data, but does not encrypt it

222 - What can users inherit from group memberships or roles that they have within an organization? A. Entitlements B. Covert channels C. Emanation D. inference

223 - Which user requirement is true for compartmented security mode but not for multilevel security mode? A. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system. B. A clearance level that is equal to or higher than the highest resource level of clearance is required for information on the system. C. There must be formal access approval for all information that the user will access on the system. D. All users must have a valid need to know some of the information on the system.

224 - Which statement is not true of an incident handling program? A. It should be part of the disaster recovery plan. B. It should be part of the security awareness program. C. It should be proactive. D. It should be independent of outside agencies.

225 - you are the network administrator for a large company in North America. Many of the employees work from remote locations. You need to set up a secure, private connection between the remote users and their head office so that they can access resources. What would be the best solution? A. Use the Point-to-Point Protocol B. Use the Layer 2 Tunneling Protocol C. Use the Point-to-Point Tunneling Protocol D. Use a Virtual Private Network

226 - What are the advantages and disadvantages of a warm site? A. Good choice for organizations requiring proprietary hardware B. Includes computers and servers C. Partially configured D. Testing of the site is done on an annual basis E. Less expensive to maintain than a hot site F. No certainty that the site will be up and running within hours after being fully configured - Disadvantages - Advantages

- [C, F] Disadvantages | - [A, E] Advantages

227 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack? A. Business impact analysis B. Forensic engineering C. Software forensics D. Quantitative risk analysis

228 - What network device can you implement between end systems on a network to reduce the possibility of sniffing and monitoring attacks by potential intruders? A. Switches B. Routers C. Firewalls D. Gateways

229 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs? A. Gates B. Bollards C. Fences D. Landscaping

230 - What statement is not true in regard to maintenance hooks? A. A tool used by developers to patch systems after they go into production B. A security risk if not removed before the software goes into production C. A method used to bypass access controls to alter software code during the development process D. A backdoor into software created by the developer

231 - What is not true of a qualitative risk analysis? A. It is scenario-based. B. Threats are given an exposure rating. C. Assets are defined as tangible physical objects. D. Its results are easier to understand than that of a quantitative risk analysis

232 - Data remanence refers to the residual physical representation of data that has been removed from storage media. What is not a common method used to remove data from media before it is discarded? A. Degaussing B. Overwriting C. Clearing D. Destroying

233 - Which algorithm's security comes from the difficulty of factoring large prime numbers? A. RSA B. 3DES C. DES D. AES

234 - Which standardized algorithm can produce a message digest value in the range of 128 to 256 bits? A. HAVAL B. SHA-3 C. MD5 D. MD4

235 - Which is the final step that you should include in any backup plan? A. Test the backup plan. B. Determine what type of backup media you will require. C. Determine what data you will need to back up. D. Determine where you should store the backup media and how long you should store it there.

236 - Which is NOT an integrity goal that is addressed by the Clark-Wilson model? A. Authorized users should be prevented from making unauthorized changes. B. All users must be identified and authenticated. C. Internal and external consistency should be maintained at all times. D. Unauthorized users should be prevented from making changes.

237 - What type of threat to access control consists of a method to bypass the normal user authentication process in a software product? A. Data remanence B. Trapdoor C. Buffer overflow D. Overt channel

238 - An important tool used in risk management is risk analysis. Which statement about risk analysis is not true? A. Automated tools are required for quantitative risk analysis. B. Threats are given an exposure rating in a qualitative risk analysis. C. The Delphi technique can be used in a qualitative risk analysis. D. A risk analysis must be directed by senior management.

239 - Intellectual property can be protected by what types of laws? A. Patents, trademarks, and certification B. Trade secrets, patents, and trademarks C. Trademarks, Trade secrets, and accreditation D. Copyright, accreditation, and trade secrets

240 - Which recovery strategy involves different organizations supporting each others operations in the event of an outage or emergency? A. Dual data center B. Reciprocal agreements C. Multiple processing locations D. Outsourcing

241 - Disk mirroring is an electronic backup method that reduces the risk of data loss due to component failure. What is also true of disk mirroring? A. It offers a higher level of protection than disk duplexing. B. It increases disk overhead. C. It transfers exact copies of data files to a remote location. D. The controller is not a single point of failure.

242 - Which RAID levels match each characteristic? ``` A. Level 0 B. Level 5 C. Level 10 D. Level 3 E. Level 1 ``` - Parity - No Parity

- [D, B] Parity | - [A, E, C] No Parity

243 - The penetration testing process does NOT include which of these elements? A. Gathering information B. Identifying resources C. Performing simulated attacks D. Repairing network vulnerabilities

244 - Most alternate off-site facilities are provided by third party companies that charge a subscription fee for usage. What is the term for an alternate off-site facility that is owned by the company? A. Cold site B. Warm site C. Redundant site D. Hot site

245 - Which type of cipher is typically used in an application where encryption is not needed, but the system itself requires encryption? A. Transposition cipher B. Substitution cipher C. Running key cipher D. Null cipher

246 - A quantitative risk analysis begins by determining the asset values and outlining the possible threats being posed to the organization. The three primary steps in a quantitative risk analysis are determining the possible extent of losses by estimating the value of vulnerable assets, identifying and evaluating what the possible threats are, and determining the annualized loss expectancy (ALE). How is the ALE calculated? A. SLE x ARO B. Asset value ($) x EF C. SLE / EF D. Asset value ($) + ARO x EF

247 - Which information concealment methods match to each description? A. Watermarking B. Cryptography C. Stenography D. Code words - Uses a specific medium to hide information within - Uses letters to represent an idea or sentiment - Uses sophisticated mathematical techniques to hide information - Uses additional information within a file for detecting the theft of information

- [C] Uses a specific medium to hide information within - [D] Uses letters to represent an idea or sentiment - [B] Uses sophisticated mathematical techniques to hide information - [A] Uses additional information within a file for detecting the theft of information

248 - Which asymmetric algorithm was the first to address the shortfalls of key distribution that occurred with symmetric algorithms? A. Diffie-Hellman B. Knapsack C. RSA D. El Gamal

249 - An updated security system is being considered for implementation to your company's building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs? A. Proximity card B. Electronic combination lock C. Combination lock D. Magnetic stripe card

250 - Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why? A. In order to reflect the constant change in the corporate landscape B. For use in future employee training sessions C. To keep track of constant changes in software and hardware D. In order to share information between corporate sites

1 - What type of system access control is awareness training classed as? A. Administrative B. Physical C. Technical D. Logical

2 - What is not a characteristic of a signature-based intrusion detection system? A. Needs constant updating B. Identifies new types of attacks C. Can be host-based D. Uses patter matching

3 - Penetration testing is made up of a five-step process. What is the correct order of steps in which penetration testing should be carried out? A. Reconnaissance, Enumeration, Vulnerability Analysis, Document Findings, Execution B. Reconnaissance, Enumeration, Execution, Vulnerability, Analysis, Document Findings C. Reconnaissance, Enumeration, Vulnerability Analysis, Execution, Document Findings D. Reconnaissance, Vulnerability Analysis, Enumeration, Execution, Document Findings

4 - Which access control concept involves using a common set of processes and controls for an area to segregate its resources and services from other entities on the network? A. Need to know B. Compartmentalization C. Security domain D. Least privilege

5 - Two systems are set up to communicate and transfer information between each other using a channel that violates the systems security policy. What does this define? A. Covert channel B. Hidden channel C. Illegal channel D. Overt channel

6 - What is not a valid type of test for a Business Continuity Plan (BCP)? A. Simulation B. Checklist C. Parallel D. Partial interruption

7 - What are the strengths and weaknesses of symmetric cryptography? A. It does not provide authenticity. B. It has built in key distribution. C. Large key sizes make it impractical to break the encryption. D. It uses more computational power than the other cryptography method. E. It uses less computational power than the other cryptography method. - Weakness - Strength

- [A] Weakness | - [C, E] Strength

8 - Who is ultimately responsible for the organization's recovery following a disaster? A. Executive emergency management team B. Emergency response team C. Primary site restoration team D. Emergency management team

9 - Knowledge discovery in databases (KDD) is a process where patterns within a database are identified using various approaches and techniques. Which is NOT one of the approaches used in the KDD system to determine patterns? A. Classification B. Statistical C. Probabilistic D. Heuristic

10 - You are currently doing a comprehensive technical evaluation on the security components within your organization. What is this referred to as? A. Accreditation B. Hallmark C. Affirmation D. Certification

11 - Which security model uses features of the Bell-LaPadula and Biba security models? A. Graham-Denning B. Clark-Wilson C. Harrison-Ruzzo-Ullman D. Lipner

12 - Which statement best describes what occurs during a Ciphertext-Only attack? A. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key. B. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient. C. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key. D. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that if it is the legitimate information from the original sender.

13 - What is the most common method used to locate unsecured wireless networks? A. Wardriving B. Piggybacking C. Wardialing D. Salami

14 - Which system security modes match to each description? A. System High-Security Mode B. Compartmented Security Mode C. Dedicated Security Mode D. Multilevel Security Mode - All users possess a formal need to know and clearance for all the data in the system. - All users possess system high-security clearance, but may lack formal approval or need to know. - All users lack formal need to know, but possess the necessary clearance. - Various classification levels are required to be processed at the same time.

- [C] All users possess a formal need to know and clearance for all the data in the system. - [B] All users possess system high-security clearance, but may lack formal approval or need to know. - [A] All users lack formal need to know, but possess the necessary clearance. - [D] Various classification levels are required to be processed at the same time.

15 - which redundant Array of Independent Disks (RAID) level writes data to two different drives at the exact same time so that both drives contain the exact same data? A. RAID 3 B. RAID 1 C. RAID 0 D. RAID 5

16 - Each of the management levels has a set of information security responsibilities inherent to their role within the organization. For what is the information security officer primarily responsible? A. Facilitating information security within the organization B. Ensuring the security program complies with regulations C. Identifying emerging security risks D. Evaluating risk management practices in the organization

17 - You are currently meeting with management to have them formally approve the products, systems, and components within your organization. What is this process referring to? A. Certification B. Accreditation C. Verification D. Affirmation

18 - Which is are Not true in relation to asymmetric cryptography? A. It provides confidentiality but not authenticity or non-repudiation. B. It has better scalability than symmetric systems. C. It works much more slowly than symmetric keys. D. It has better key distribution than symmetric systems

19 - What is the second stage of the SDLC? A. Defining functional objectives B. Project initiation and planning C. Developing and implementing D. Defining system requirements

20 - What type of analysis can information security professionals use proactively in-house, and in reaction to an attack? A. Forensic engineering B. Business impact analysis C. Quantitative risk analysis D. Software forensics

21 - Which constraint should be the primary concern when creating procedures for background checks on new hires? A. Privacy laws B. Employee acceptance C. Organizational policies D. Senior management's sign off

22 - What law protects company logos from illegal duplication? A. Copyright B. Trade secret C. Trademark D. Patent

23 - What type of mobile code control serves as a protected area for a program to execute? A. Access matrix B. Covert channel C. Sandbox D. Kernel

24 - What type of power fluctuation occurs due to a loss of power? A. Sag B. Spike C. Fault D. Brownout

25 - Which organization provides the standards for reinforced filing cabinets? A. Pearson VUE B. Office of Government Commerce C. U.S. Government D. Underwriters Laboratory

26 - What type of alarm system triggers an alarm at your organization's security command center when it detects an intruder? A. Local B. Proprietary C. Central station D. Auxiliary station

27 - Which term represents a collection of technologies that gather sand stores access control information and specified system activity for later study? A. MTBF B. SIEM C. ITIL D. FMEA

28 - What type of power fluctuation are you experiencing if there is a complete loss of power for only a moment? A. Blackout B. Brownout C. Fault D. Sag

29 - The Application layer of the TCP/IP model maps to which layers of the OSI model? A. Application, Session, Transport B. Transport, Network, Data Link C. Presentation, Session, Transport D. Application, Presentation, Session

30 - Which type of cipher replaces bits, characters, or blocks with different bits, characters, or blocks? A. Replacement cipher B. Substitution cipher C. Permutation cipher D. Transposition cipher

31 - Testing and evaluating systems is a very important part of systems development. Which is NOT part of the testing and evaluation phase? A. Management is required to review the results of the testing. B. Testing should use copies of the production data. C. Program librarian should keep test data for later use. D. Test data should only include data from acceptable ranges.

32 - Management has approached you and would like you to explain how they can possibly prevent collusion within the organization. What should you tell them? A. Implement the rule of least privilege. B. Implement separation of duties. C. Implement job rotation D. Force emplo9yees to take mandatory vacations.

33 - Confidentiality ensures that the required level of secrecy is maintained by preventing unauthorized individuals from accessing and disclosing company information. What is not a typical threat to confidentiality? A. Virus B. Insufficient access control C. Trojan horse D. Masquerader

34 - Which vulnerabilities match to each description of situations where the attack has been made on an application? ``` A. Broken authentication and session management B. Failure to restrict URL access C. Injection D. Insecure cryptographic storage E. Cross-site scripting ``` - Encryption keys for a database use a weak password. - An attacker gains access to a web page by entering the target URL in the browser address field. - A malicious user gains access to the password file used to verify users. - A valid request to a SQL server is intercepted by an attacker and modified to intentionally corrupt the database. - A web site sends JavaScript instructions to the browser accessing the site, requesting access to the user's hard disk.

- [D] Encryption keys for a database use a weak password. - [B] An attacker gains access to a web page by entering the target URL in the browser address field. - [A] A malicious user gains access to the password file used to verify users. - [C] A valid request to a SQL server is intercepted by an attacker and modified to intentionally corrupt the database. - [E] A web site sends JavaScript instructions to the browser accessing the site, requesting access to the user's hard disk.

35 - What RAID level stripes both data and parity across all drives, ensuring that there is no single point of failure? A. RAID 5 B. RAID 1 C. RAID 3 D. RAID 0

36 -Which RAID levels match each characteristic? ``` A. Level 5 B. Level 10 C. Level 0 D. Level 3 E. Level 1 ``` - Parity - No parity

- [D, A] Parity | - [C, E, B] No parity

37 - Which form of malware has the ability to reproduce itself and is classified as self-contained? A. Logic bomb B. Trojan horse C. Worm D. Virus

38 - Which tunneling protocols match with the characteristic? ``` A. IPsec B. PPTP C. L2F D. L2TP E. SSL ``` - Tunnels PPP traffic - Works above the Data Link layer

- [C, D, B] Tunnels PPP traffic | - [A, E] Works above the Data Link layer

39 - What is the Bell-LaPadula model most concerned with? A. Integrity B. Confidentiality C. Verification D. Repudiation

40 - Aggregation and inference are classified as database security issues. Which statement is true in regards to aggregation? A. A user has the permissions to access information, and dose not have the required permissions to access subsets of the same information. B. A user has the permissions to access information, and also has the required permissions to access subsets of the same information. C. A user lacks the permissions to access information, and does not have the required permissions to access subsets of the same information. D. A user lacks the permissions to access information, but has the required permissions to access subsets of the same information.

41 - The act of monitoring, auditing, and logging provides which measure within an organization? A. Confidentiality B. Accountability C. Availability D. Integrity

42 - Which wireless technology matches to each description? A. IEEE 802.11 B. Bluetooth C. Cellular D. Infrared - Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another - Requires a network-aware device or dongle and an active account - Switches between any of the 79 frequencies available in the 2.45 GHz range - Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz

- [D] Requires that devices have direct line of sight and are within 3 feet (1 meter) of one another - [C] Requires a network-aware device or dongle and an active account - [B] Switches between any of the 79 frequencies available in the 2.45 GHz range - [A] Sends and receives on one of two radio bands: 2.4 GHz or 5.8 GHz

43 - An important tool used in risk management is risk analysis. Which statement about risk analysis is not true? A. Automated tools are required for quantitative risk analysis. B. Threats are given an exposure rating in a qualitative risk analysis C. A risk analysis must be directed by senior management D. The Delphi technique can be used in a qualitative risk analysis.

44 - There are various types of evidence that can be used in a court of law. What type of evidence is considered incidental? A. Hearsay B. Circumstantial C. Real D. Opinion

45 - With Biometric systems, what is the term used to describe when the system incorrectly grants the user access when they should have been denied? A. EMP B. CER C. FAR D. FRR

46 - Which statement best describes what occurs during a Chosen Plaintext attack? A. An attacker captures data passing from a sender to a receiver, and resubmits the data to the legitimate receiver hoping they are fooled into thinking that it is the legitimate information from the original sender. B. An attacker obtains the ciphertext of several messages encrypted using the same encryption algorithm, attempts to determine the key used for the encryption process, and then decrypts all of the messages with that key. C. An attacker obtains the plaintext and ciphertext of one or more messages, attempts to determine the key used for the encryption process, and then attempts to decrypt all other messages with that key. D. An attacker creates a plaintext message and sends it to a recipient hoping they will encrypt it and send it to another recipient. The attacker then sniffs out the encrypted message, captures it, and then figures out the key used to encrypt the original plaintext message. The attacker will then use the key to decrypt all messages captured from the original recipient.

47 - An NDA addresses which security principal? A. Authenticity B. Availability C. Integrity D. Confidentiality

48 - The evidence of a computer crime must be gathered carefully and preserved in order to protect its integrity. The data collected during an investigation must be detailed in the chain of evidence or chain of custody. Which statement is true of the chain of evidence? A. Evidence must be returned to its owner once presented in court B. Evidence must not be admissible C. Evidence must be legally permissible D. Modifying computer-generated evidence is impossible.

49 - Which algorithm requires that the sender and receiver use two instances of the same key? A. RSA B. 3DES C. Knapsack D. Diffie-Hellman

50 - What is the benefit of using clustering in your enterprise data management scheme? A. Creates a single point of failure B. Amount of data storage is increased C. Scalability and redundancy D. Requires less memory to operate

51 - When might an organization require an export license? A. To employ a key escrow service B. To permit trans-border data flows C. To implement cloud computing D. To establish a distributed data model

52 - What is an example of a detective control? A. Fences B. Firewall C. Lighting D. Job rotation

53 - Which access control threats match each description? A. Dictionary attacks B. Brute force attacks C. Spoofing - Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - Involves trying different input combinations in an attempt to find a correct password - Involves a fake user logon screen being presented to a user for them to input their username and password

- [A]Involves using a list of ordinary words as possible passwords from a file in an attempt to find a valid password - [B]Involves trying different input combinations in an attempt to find a correct password - [C]Involves a fake user logon screen being presented to a user for them to input their username and password

54 - Which type of access control involves the installation of a lock on a server room door? A. Compensating B. Preventive C. Directive D. Deterrent

55 - Which PKI elements match each description? ``` A. Digital certificate B. Certificate authority C. Certificate respository D. Certificate management system E. Registration authority ``` - The software that takes care of all certificates - The entity that issues and verifies digital certificates - An electronic record that identifies the public key - A verifier for the certificate authority - A storage location for certificates

- [D] The software that takes care of all certificates - [B] The entity that issues and verifies digital certificates - [A] An electronic record that identifies the public key - [E] A verifier for the certificate authority - [C] A storage location for certificates

56 - What is NOT true regarding the services that MPLS provides? A. Packet labeleing is provided B. QoS is provided C. Encryption is provided D. Traffic engineering is provided

57 - Which database models match each description? A. Object-oriented B. Relational C. Network D. Hierarchical - The data stored in this model is in the form of objects using programming features. - The data stored in this model is linked in a way that each record or child has only one owner or parent - The data stored in this model is based on two-dimensional tables consisting of tuples and attributes. - The data stored in this model is linked in a way that establishes a multiple child-parent relationship

- [B]The data stored in this model is in the form of objects using programming features. - [D]The data stored in this model is linked in a way that each record or child has only one owner or parent - [A]The data stored in this model is based on two-dimensional tables consisting of tuples and attributes. - [C]The data stored in this model is linked in a way that establishes a multiple child-parent relationship

58 - Which item used in conjunction with a fence emits radio frequency signals to detect an intruder pushing a fence? A. PPTP B. CCTV C. DSA D. TDR

59 - Which method is most secure when updating routing information? A. Distance-vector updates B. Static updates C. Dynamic updates D. Link-state updates

60 - What would be considered an advantage of using a hot site? A. Can use any hardware B. Available for longer timeframes C. Can be ready quickly D. Has low cost

61 - What should be the first step completed in the project initiation phase? A. Appoint a BCP team B. Obtain management support C. Define plan goals D. Appoint a leader

62 - Which security roles match each security responsibility description? ``` A. Systems Administrator B. Guard C. Secretary D. Information Systems Auditor E. Information Systems Professional ``` - Designs security controls - Responsible to sign for packages that enter or leave the main office in a small organization - Checks to ensure people are following the organization's security policies - Responsible for the setup and maintenance of an organization's network - Protecting the safety of an organization's employees

- [E]Designs security controls - [C]Responsible to sign for packages that enter or leave the main office in a small organization - [D]Checks to ensure people are following the organization's security policies - [A]Responsible for the setup and maintenance of an organization's network - [B]Protecting the safety of an organization's employees

63 - Which statment is not true of an incident handling program? A. It should be part of the security awareness program. B. It should be independent of outside agencies. C. It should be part of the disaster recovery plan D. It should be proactive.

64 - Resource protection is one of the three critical requirements for operations controls. Its goal is to protect resources within the organization from loss or compromise. Which is NOT a concern for the resource protection critical requirement? A. Ensure that vulnerabilities directed at the availability, integrity , and confidentiality of resources is reduced. B. Protect resources that are required for data processing. C. Provide a balance between the implemented security controls and the user's productivity. D. Ensure that resource security is maintained during a failure.

66 - An organization that partners with other corporations has multiple communication channels. What shouldbe taken into consideration by all employees regarding these channels? A. Monitoring technologies B. Privacy compliance C. Single sign-on D. Intrusion detection

67 - The OSI model is divided into seven different layers. At which of the seven layers are you most likely to find a router? A. Layer 3 B. Layer 7 C. Layer 2 D. Layer 1

68 - In which area would a symmetric key system be less desirable than an asymmetric key system? A. Confidentiality B. Mathematic comlexity C. Key management D. Speed

69 - Which user requirement is true for compartmented security mode but not for multilevel security mode? A> A clearance level that is equaql to or higher than the highest resource level of clearance is requirred for information on the system. B. There must be a signed Non-Disclosure Agreement (NDA) for all information that the user will access on the system. C. There must be formal access approval for all information that the user will access on the system. D. All users must have a valid need to know some of the information on the system.

70 - A one-time pad is one of the most powerful substitution ciphers. What must be true order to maintain the integrity of the algorithm for the one-time pad? A. The one-time pad should be used no more than three times. B. The encryption key that is used for the one-time pad must be manually created. C. Physical protection against disclosure for the one-time pad should be considered. D. At a minimum, the key must be as long as the message that it will be encrypting.

71 - Why are most companies unaware that they have ever been attacked? A. There are only a few laws that specifically address computer crimes. B. Attackers usually erase any logs that record their activities. C. Most attacks are performed by individuals located inside the target network. D. Attackers usually spoof their IP addresses.

72 - Which backup strategy copies only the files that have changed since the last backup without altering their archive bits? A. Copy backup B. Full backup C. Incremental backup D. Differential backup

73 - What is the most common security issue for most companies? A. Data diddling B. IP spoofing attacks C. DoS attacks D. Excessive privileges

74 - Which rule is also classified as the "no read down" rule? A. Simple integrity axiom B. Star property rule C. Star integrity axiom D. Simple security rule

75 - Many attackers are never caught and successfully prosecuted. What can make identifying attackers a difficult challenge for investigators? A. Most attacks are performed by individuals located outside of the network B. There are only a few laws that specifically address computer crimes C. Many attackers spoof their IP addresses and erase logs to cover their tracks D. Most companies do not use firewalls

76 - Using an access card to access specific rooms within a building is an example of which factor of the three-factor authentication method? A. Something you know B. Something you are C. Something you have D. Something you use

77 - What technique utilizes anonymous opinions by members of the risk analysis team? A. Safeguard B. Quantitative C. Delphi D. Classification

78 - Which regulation for financial institutions emphasizes resuming and maintaining business operations after a disaster? A. NYSE Rule 446 B. FFIEC C. NASD Rule 3510 D. Electronic Funds Transfer Act

79 - Which option identifies the encryption protocol used by the 802.11i standard for wireless local area networks? A. CCMP B. AES C. RSN D. Rijndael

80 - Ensuring that data within your organization is available at all times is a major operations concern. There are various techniques that you can employ within an organization to maintain the availability of data. Implementing backups is an example of such a technique. Which technique should you employ if you wish to maintain the availability, confidentiality, and integrity of data within your organization? A. Encrypt all sensitive data within the organization B. Implenet redudndant njetwork connections and equipment. C. Implement fault tolerance within the organziation D. Implement a secure storage solution within the organization

81 - Which task is not part of the initial steps an attacker would perform when attacking a network? A. Determining which computers are physically active B. Determining which ports are open by performing port scans C. Start building a network topology D. Determining which operating systems are installedon the active computers.

82 - A junior network technician has approached you and asked for your opinion on what type of cable would be the least resistant to electromagnetic interference (EMI). What should you tell them? A. Fiber-optic B. Unshielded Twisted Pair C. Shielded Twisted Pair D. Coaxial

83 - Which security models match each characteristic? A. Lipner B. Biba C. Clark-Wilson D. Bell-LaPadula - Confidentiality and integrity - Integrity - Confidentiality

- [A]Confidentiality and integrity - [B, C]Integrity - [D]Confidentiality

84 - According to the event management process, which action shouldbe taken immediately after an event occurs? A. Report to the assessment team B. Report to the communications center C. Assess the event D. Implement a recovery strategy and plans

85 - Which type of detective software intelligently analyzes unknown code? A. Heuristic scanner B. Activity monitor C. Change detection software D. Signature scanner

86 - What part of the product evaluation process details with product development and maintenance? A. Clipping levels B.Operational assurance C. Change control D. Life-cycleassurance

87 - Which examples match security frameworks and risk assessment methodologies? ``` A. CRAMM B. OCTAVE C. COBIT D. COSO E. FRAP F. ITIL ``` - Risk Assessment Methodologies - Security Frameworks

- [A,E,B]Risk Assessment Methodologies | - [C, D, F]Security Frameworks

88 - IPSec is able to work in two different modes, Tunnel mode and Transport mode. Which is true in regards to protection with Tunnel mode? A. Only the header and trailer information are protected. B. The payload as well as the header and trailer information C. Only the payload of the message is protected. D. Only the header information is protected.

89 - What type of virus infects the boot sector and executable files? A. Polymorphic B. Self-garbing C. Multipart D. Meme

90 - Which cryptographic attack is highly specializaed and targets environmental variables? A. Side channel attack B. Man-in-the-middle attack C. Related key attack D. Chosen plaintext attack

91 - There are different types of offsite solutions for facility recovery. What is the most common type of subscription-based backup facility? A. Warm B. Cold C. Rdundant D. Hot

92 - Which recovery strategy involves different organizations supporting each other's operations in the event of an outage or emergency? A. Reciprocal agreements B. Multiple processing locations C. Outsourcing D. Dual data center

93 - Which type of lock provides the least amount of security? A. Tumbler lock B. Smart lock C. Electronic combination lock D. Warded lock

94 - There are various threats that directly affect your operations environment. It is important that youre environment is protected against these threas. You should be aware that these threats all map to the information security triad. Which threats will be directly related to the integrity component of the information security triad? A. Corruption and modification B. Disclosure and corruption C. Interruption and disclosure D. Destruction and theft

95 - There are three critical requirements for operations controls. Which statement correctly identifies the critical requirement referred to as privileged-entity controls? A. Provide users with the level of access they require to complete their assigned tasks. B. Provide compliance with legislative and industry guidelines to protect sensitive information and personnel. C. Provide specific users with administrative-like access control capabilities. D. Provide all users with administrative-like access control capabilities.

96 - Which statement best describes a properly implemented incident handling program? A. Incident reporting should be decentralized B. Incident handling should be part of the disaster recovery plan C. Incident handling should be approached in a reactive manner D. Incident handling should be part of the business continuity plan.

97 - What statement is not true in regard to maintenance hooks? A. A backdoor into software created by the developer. B. A method used to bypass access controls to alter software code during the development process. C. A tool used by developers to patch systems after they go into production D. A security risk if not removed before the software goes into production

98 - What type of threat involves retransmitting packets to perform undesirable effects? A. Impersonation B. Replay C. Dumpster diving D. Data remanence

99 - What ITSEC rating is concerned with a high level of integrity during communications? A. F8 B. F7 C. F9 D. F6

100 - The network administrator for your company has asked you to provide a report on the number of modems attached to the network that are unaccounted for. What should you do to accomplish this? A. Wardialing B. Piggybacking C. Wardriving D. Modemsurfing

101 - Which database model stores data in more than one database while maintaining a logical connection between databases for the clients? A. Relational data model B. Distributed data model C. Rational data model D. Hierarchical data model

102 - When contracting a third-party provider to provide penetration testing for your organization, what is the MOST important piece of information that needs to be communicated to the contracted third party? A. Documation to sign over legal liability and responsibility of the penetration test B. Documentation providing contact information for each department head within the organization. C. Documentation showing the layout of the organization's network D. Documentation on how the penetration test will be performed

103 - Which form of malware activates when a certain time, string or code, date, or event happens? A. Worm B. Trojan horse C. Virus D. Logic bomb

104 - Vulnerability scanning is a common method used by intruders to determine theweaknesses withing a system. What is the first line of defense against vulnerability scanning? A. Have defined change control procedures within the organization. B. Apply the most current patches to the system. C. Close all open ports that are not required for daily activities. D. Perform a periodic vulnerability scan on the network.

105 - Which identity management system characteristics match with the identify management system? A. Combines services for authentication and authorization B. Encrypts packets betweenthe server and the client C. Uses PPP connections D. Provides packet delivery with UDP E. Provides packet delivery with TCP F. Supports the ApplTalk protocol - TACACS+ - RADIUS

- [F, B, E] TACACS+ | - [D, C, A] RADIUS

106 - There are various methodologies available for assessing an organization's security risks. Which risk assessment methodology would be best to use to prescreen systems and applications to determine wether further risk analysis is warranted? A. NIST SP 800-66 B. FRAP C. CRAMM D. FMEA

107 - What might be an important legal matter for a company to consider before selling or discarding older, unused equipment? A. Drive wiping is illegal B. Selling a computer system without an operating system may be illegal C. Erasing all data from a hard disk is illegal D. Reinstalling an operating system withproper licensing may be illegal

108 - Which algorithm's security comes fromthe difficulty of factoring large prime numbers? A. 3DES B. DES C. RSA D. AES

109 - Which mode of the Data Ecryption Standard (DES) is similar to the Output Feedback (OFB) mode but uses a 64-bit random data block as the first initialization vector (IV)? A. Cipher Feedback B. Electric Code Book C. Counter D. Cipher Block Chaining

110 - (ISC)2 requires CISSPs to commit to fully supporting the Code of Ethics, Identify one of the mandatory canons in the CISSP Code of Ethics. A. Provide diligent and competent service to principals B. Discharge professional responsibilities with diligence and honesty C. I will not misuse any information or privileges I am afforded as part of my responsibilities D. Thou shalt not use a computer to steal

111 - The first step in performing a risk assessment is to identify vulnerabilities. Which of the following is considered a security vulnerability? A. An access control system not functioning properly B. A disgruntled employee C. The absence of a security guard D. A piece of code written to creat a DoS attack

112 - What methodology focuses mainly on risk management related to information systesm? A. ORION B. NIST SP 800-39 C. CRAMM D. NIST SP 800-30

113 - Which type of cryptographic algorithm uses public and private keys? A. RSA B. 3DES C. DES D. AES

114 - What step in creating a business continuity plan involves calculating the maximum tolerable downtime (MTD) for resources? A. Develop recovery strategies B. Business impact analysis C. Policy statement and team creation D. Plan maintenance

115 - Which security models match to each description? ``` A. Bell-LaPadula B.Harrison-Ruzzo-Ullman C. Clark-Wilson D. Biba E. State machine F. Lipner ``` - It stops subjects from gaining specific privileges by limiting the commands they can execute. - It prevents corrupted data from flowing to a higher integrity level. - Subjects must execute a transformation procedure to modify constrained data items. - System startups, command executions, and shutdowns are secured. - Lattice-based security levels determine whether a subject can access an object. - It combines aspects of the Bell-LaPadula and Biba models.

- [B]It stops subjects from gaining specific privileges by limiting the commands they can execute. - [D]It prevents corrupted data from flowing to a higher integrity level. - [C]Subjects must execute a transformation procedure to modify constrained data items. - [E]System startups, command executions, and shutdowns are secured. - [A]Lattice-based security levels determine whether a subject can access an object. - [F]It combines aspects of the Bell-LaPadula and Biba models.

116 - What type of technology makes use of a sandbox as a security mechanism? A. Java B. Malware C. DBMS D. ActiveX

117 - Which attack involves sending malformed packets to a system in order to cause it to crash or end processing? A. SYN flood attack B. Denial of Service (DoS) attack C. Fraggle attack D. Smurf attack

118 - What should be the last step in the project initiation phase? A. Appoint a BCP team B. Create a project plan C. Appoint a leader D. Present a project plan to management

119 - Your organization is performing business continuity and disaster recovery planning, and you are the lead planner for this project. The overall scope of the effort required for planning has been determined and you have begun to look at the resource requirements to complete the development of the plan. Which statement is not true concerning the resource requirements that are required to develop the project plan? A. Software tools may be used to help with the collection of information for planning. B. The planning team needs to be represented by individuals from business operations and technology areas. C. People used on the planning team should not be the same individuals that perform the recovery. D. Outside consultants may be hired to assist with the initial planning stages.

120 - Which technology provides availability, load balancing, redundancy, and failover? A. Clustering B. Redundant Servers C. RAID D. RADIUS

121 - Which database model allows for the storage of a wide spectrum of different types of data, including images, audio, and documents? A. Hierarchical database model B. Relational database model C. Object-oriented database model D. Distributed database model

122 - What is not a type of attribute that can be used to make authentication decisions in a biometric system? A. Keyboard dynamics B. Hand geometry C. Facial scan D. Skin scan

123 - Which activity can help identify the systems or network infrastructure points that are most likely to be attacked? A. Asset valuation B. Compartmentalization C. Substantive testing D. Aggregation

124 - Companies that have been attacked often choose not to release this information tot he media. However, there are several well-known computer crimes that have been widely publicized. What hacker or group of hackers demonstrated how a web-based Trojan horse could be used to extract money from a bank account? A. Cult of the Dead Cow B.Chaos Computer Club C. Legion of Doom D. Kevin Mitnick

125 - What is the correct order of sensitivity level sofr data classification in commercial business? A. Public Private, Sensitive and Confidential B. Sensitive, Confidential, Private and Public C. Public, Sensitive, Private and Confidential D. Private, Confidential, Sensitive and Public

126 - What type of service hides internal IP addresses from external users and will replace IP addresses as necessary so that internal users can access public resources? A. PAT B. NIS C. DHCP D. NAT

127 - Administrative, technical, and physical controls should be used by security administrators to meet the organization's security requirements. What is an example of a technical control? A. Closed-circuit TV (CCTV) B. Router C. Data backup D. Biometric system

128 - What requires publicly listed organizations to produce annual internal financial reports? A. Sarbanes-oxley B. BS 25999 C. Title IX of the implementing the 9/11 Commision Recommendations Act of 2007 D. TCSEC

129 - What attributes are used when evaluating a system's protection mechanisms under the information Technology Security Evaluation Criteria (ITSEC)? A. Integrity and Authentication B. Confidentiality and Functionality C. Assurance and Integrity D. Functionality and Assurance

130 - Where is the ACS activity monitored and recorded for historical purposes? A. State machine model B. CCTV C. UPS system D. Access Control Head End

131 - After determining the risks that could affect business functions, what would be the least effecteive type of measure that could be implemented to help reduce the impact as much as possible? A. Proactive B. Preventative C. Cost-effective D. Reactive

132 - There are many different types of computer crimes, each of which can be committed differently. An employee who makes small, periodic changes to the company's financial records in an effort to go unnoticed is committing what type of crime? A. Salami attack B. Emanations capturing C. Data diddling D. Denial of Service (DoS)

133 - Which type of law acts on civil violations against an organization or individual? A. Administrative B. Criminal C. Regulatory D. Tort

134 - Which information concealment methods match to each dscription? A. Stenography B. Code words C. Watermarking D. Cryptography - Uses sophisticated mathematical techniques to hide information - Uses additional information within a file for detecting the theft of information - Uses a specific medium to hide information within - Uses letters to represent an idea or sentiment

- [D]Uses sophisticated mathematical techniques to hide information - [C]Uses additional information within a file for detecting the theft of information - [A]Uses a specific medium to hide information within - [B]Uses letters to represent an idea or sentiment

135 - What is NOT one of the three critical requirements for operations controls? A. Software control B. Resource protection C. Privileged-entry control D. Hardware control

136 - What type of intrusion detection system (IDS) is used to detect any sound that can be made by someone trying to force their way into a facility? A. Accoustical detection system B. Proximity detector C. Photometric system D. Electro-mechanical system

137 - Which standard was developed to outline countermeasures for emanation by electronic devices? A. EMSEC B. EMI C. EMP D. TEMPEST

138 - An updated security system is being considered for implementation to your company's building. The system will allow employees access to the work area and various locked rooms while preventing others from entering. The system needs to be configured in such a way that doors will automatically unlock when employees are half a foot away. Which security feature would best meet these needs? A. Magnetic stripe card B. Electronic combination lock C. Proximity card D. Combination lock

139 - Which security principle ensures that information is protected from being modified by unauthorized individauls? A. Integrity B. Confidentiality C. Availability D. Authorization

140 - Intellectual property can be protected by what types of laws? A. Trademarks, Trade secrets, and accreditation B. Patents, trademarks, and certification C. Copyright, accreditation, and trade secrets D. Trade secrets, patents, and tradmarks

141 - To ensure that threats to integrity are kept to a minimum, database software should implement the ACID test. What characteristic of the ACID test will stop all steps in a transaction from occuring if one of the steps fails? A. Durability B. Isolation C. Atomicity D. Consistency

142 - What network device can you implement between end systems on a network to reduce the possibility of sniffing and monitoring attacks by potential intruders? A. Switches B. Routers C. Gateways D. Firewalls

143 - Which rule states that a subject at a particular security level is unable to write information to a security level that is lower than the one in which the user currently resides? A. Star integrity axiom B. Simple security rule C. star property rule D Simple integrity axiom

144 - Which security model has the ability to address the inference attack? A. Graham-Denning model B. Biba model C. Noninterference model D. Lattice model

145 - What type of intrusion detection system (IDS) uses strips of foil or pressure pads, near an entry point that sounds an alarm when the contact is broken? A. Proximity detector B. Electro-mechanical system C. Acoustical detection system D. Photometric system

146 - Which software development models match each description? A. Spiral B. SWaterfall C. Prototyping - With this model, a rough system is developed quickly and then tested and evaluated to check where improvements need to be ade. A new system is then made with the changes in place and the testing repeated. - This model consists of a set of phases that run in sequence where each phase has to be completed before it is possible to move on to the next phase. - In this model, each phase contains four in-built steps: planning, implementing, checking, and acting.

- [C]With this model, a rough system is developed quickly and then tested and evaluated to check where improvements need to be made. A new system is then made with the changes in place and the testing repeated. - [B]This model consists of a set of phases that run in sequence where each phase has to be completed before it is possible to move on to the next phase. - [A]In this model, each phase contains four in-built steps: planning, implementing, checking, and acting.

147 - Which technique involves an attacker probing a host for responses without being able to sniff sequence and acknowledgement messages? A. Scrubbing B. Brute force attack C. Blind spoofing D. Emanation

148 - What is the most important consideration when planning the building of a new company facility? A. Crime rate in the area B. Saftey of personnel C. Proximity to airport D. Materials used in construction

149 - Which NIST 800-34 standard steps that can be applied to business continuity planning match each description? A. Develop recovery strategies. B.Develop the contingency plan C. Conduct the BIA D. Maintain the plan - Implement procedures to keep the BCP updated on a frequent basis. - Identify threats and calculate risks - Provide procedures for the organization to remain operational while functions and stystems are offline - Select methods to ensure systems are efficiently brought back online

-[D]Implement procedures to keep the BCP updated on a frequent basis. -[C]Identify threats and calculate risks -[B]Provide procedures for the organization to remain operational while functions and systems are offline [A]-Select methods to ensure systems are efficiently brought back online

150 - In which mode is a system operating if all users have a formal need to know as well as a clearance for all data in the system? A. System High-Security Mode B. Multilevel Security Mode C. Compartmented Security Mode D. Dedicated Security Mode

151 - Which access control concept involves isolating groups of people and information so that information is not passed between the groups? A. Compartmentalization B. Need to know C. Least privilege D. Security domain

152 - Which is not a term that is used to identify the type of response an operating system will take when a failure occurs? A. Warm reboot B. Emergency system restart C. System reboot D. System cold start

153 - What would be the maximum tolerable downtime (MTD) of a business function catergorized as urgent? A. 24 hours B. 7 days C. Up to 4 hours D. 30 days

154 - What is one of the bets ways to prevent piggybacking from occuring at the access points into a facility? A. Security guards B. Swipe cards C. Programmable locks D. Proximity cards

155 - Which OSI layer is responsible for the addressing and routing of packets so that they can reach their destination? A. Session B. Data link C. Network D. Physical

156 - What is the most significant risk associated with instant messaging, social networking technologies, message boards, and blogs? A. Their being used to identify wireless hotspots that attackers can use to initiate attacks B. Susceptibility to DoS attacks C. Accidental disclosure of confidential, private information D. Their being used to facilitate the spread of malicious code

157 - What would be the least effective method to prevent an intruder from gaining access to a facility? A. Smartcards B. CCTV C. A fence D. Guard dogs

158 - Your security department has presented management with an overview of the security mechanisms that have been implemented and an evaluation of their overall effectiveness. What is the process referred to as when management formally accepts the information you have presented them with? A. Accreditation B. Affirmation C. Certification D. Hallmark

159 - Which Common Criteria Evaluation Assurance Level (EAL) involves semiformal design and testing of systems? A. EAL 7 B. EAL 1 C. EAL 3 D. EAL 5

160 - What is the best method to use as a means of ensuring that users adhere to the organization's security policies? A. Create security procedures that identify the steps required to achieve thepolicy requirements B. Identify penalties associated with noncompliance C. Create security standards that support the policies D. Conduct security awareness training and education

161 - When does a buffer overflow occur? A. When an application sends too much information to another application causing a blue screen B. When an application runs out of memory and crashes the system C. When too much data is entered into the buffer D. When the operating system runs out of RAM and causes a reboot

162 - Which features match to each key technology A. Can be re-pinned by using a master key B. Identifies the individual key holder C. Allows for 10 to 15 lock changes D. Contains a built-in microprocessor - Instakey - Intellikey

- [A, C] Instakey | - [D, B] Intellikey

163 - What is the best strategy for outsourcing? A. Developing an outsourcing strategy independent of auditing considerations related to outsourcing B. Including appropriate terms and conditions in the SLA C. Excluding service improvement expectations from the outsourcing contract D. Omitting business continuity and disaster recovery considerations from the outsourcing strategy

164 - You work for a high tech firm that is half a kilometer away from a high school. Students have to pass by your building to get to the mall where they often eat lunch. You want to secure the building to physically prevent high school students from walking on the property and to be notified if students bypass the barrier. Part of the solution is to use a coaxial strain-sensitive cable. Which other mechanism should be implemented to BEST meet these needs? A. Fences B. Gates C. Bollards D. Landscaping

165 - There are different types of eavesdropping methods. Which method involves tampering with a transmission medium in order to create a covert signalling channel? A. Covert Channel Eavesdropping B. Passive Eavesdropping C. Channel Eavesdropping D. Active Eavesdropping

166 - You want to guard against social engineering attacks, including fraudulent e-mails and fradulent telephone calls. What would be the best choice to ensure security? A. Employee training B. IDS C. Separation of duties D. Access control

167 - What is the highest level of information classification used by the majority of organizations? A. Confidential B. Internal use only C. Restricted D. Secret

168 - What is the MOST important consideration when collecting and preserving evidence for legal action after a server has been compromised? A. Maintaining proper chain of custody B. Obtaining a bit-by-bit copy of the server's hard disk C. Disconnecting the server's power supply D. Disconnecting the server's network cable

169 - While away on business you are forced to leave a company laptop unattended in your hotel room for several hours. What would be the best method of securing the sensitive data stored on this laptop from theft? A. Maintain backups of the sensitive data in a secure location B. Secure the laptop to a hotel desk using a locking cable C. Use encryption software to encrypt the sensitive data D. Have the laptop engraved with an ID number

170 - What is not true with respect to the relationships between threat, vulnerability, exposure, countermeasure and risk? A. The probability of a fire causing damage is a risk. B. A vulnerability can expose a system to possible damage. C. A threat agent takes advantage of a vulnerability. D. A countermeasure can mitigate a vulnerability.

171 - What is the main factor for strengthening the functions of cryptographic systems? A. Increase in the number of cryptographic algorithms B. Increase in classified information C. Increase in computational power D. Increase in the number of hackers

172 - Which security standard consists of five principles and seven enablers? A. COBIT version 5 B. ISO/IEC 27001:2005 C. ITSEC D. ISO/IEC 15408

173 - Which is NOT an integrity goal that is addressed by the Clark-Wilson model? A. Authorized users should be prevented from making unauthorized changes. B. Unauthorized users should be prevented from making changes. C. Internal and external consistency should be maintained at all times D. All users must be identified and authenticated.

174 - What law protects software programs from illegal distribution? A. Trademark B. Trade secret C. Patent D. Copyright

175 - A company crime has been reported and an investigation by the company's incident response team has confirmed that an actual crime has been commited. The initial evidence indicates that the crime appears to have been committed by an employee within the company. What department should be notified? A. Marketing B. Human Resources C. Finance D. Software Development

176 - You need to select a server room fire suppressant that is considered environmentally safe and less damaging to hardware. What should you choose? A. Carbon Dioxide B. FM200 C. Halon 1301

177 - What best describes an information protection environment? A. Audits, logs, policies, and procedures used to track user activities throughout the organization B. An environment for operations security that encompasses all computing resources in an organization C. An environment for software security that encompasses all software used in an organization D. An environment for hardware security that encompasses all dedicated hardware in an organization

178 - What are the strengths and weaknesses of asymmetric cryptography? A. Uses more computational power than the other cryptography method B. Provides confidentialtiy only C. Provides authenticity D. Better key distribution than the other cryptography method E. Uses less computational power than the other cryptography method F. Does not scale well in terms of key management - Strength - Weakness

- [C, D]Strength | - [A]Weakness

179 - What is the term that describes the estimated time a device should last before it stops working? A. Mean time between failure B. Mean time to fix C. Mean time before replacement D. Mean time to repari

180 - Which rules will protect data at an integrity level from being corrupted by data at a lower integrity level? A. Star property rule B. Simple security rule C. Strong start property rule D. SImple integrity axiom

181 - Intrusion detection systems are used to determine if attacks are occuring on a network. There are several different types of intrusion detection systems available on the market. You have been tasked with implementing an intrusion detection system that uses predefined knowledge to determine if an attack is occuring. Which one should you implement? A. Host-based intrusion detection system B. Network-based intrusion detection system C. Statistical anomaly-based intrusion detection D. Signature-based intrusion detection

182 - You need provide security for your client's connections to your web server. You need to make sure that the entire communications channel between the two computers is protected. Which technology should you implement to accomplish this? A. HTTP B. HTTPS C. S-HTTP D. SET

183 - What is the first step that should be performed for a penetration test? A. Exploitation B. Vulnerability analysis C. Enumeration D. Reconnaissance

184 - Which type of virus takes advantage of system precedence? A. Macro virus B. Multipartite virus C. Polymorphic virus D. Companion virus

185 - Which attack takes advantage of weaknesses in the design of the TCP protocol? A. SYN flood B. Fraggle C. Smurf D. Teardrop

186 - Whcih security principle can have the greatest effect on user productivity? A. Confidentiality B. Authorization C. Integrity D. Availability

187 - Which standard is recommended by the implementing the 9/11 Commission Recommendations Act of 2007? A. TCSEC B. NFPA 1600 C. ISO/IEC 27002 D. Common Criteria

188 - Your Remote Access Server (RAS) modems are currently configured to answer incoming connections after two rings. After reviewing your current RAS logs, you have noticed multiple attempts to gain access to your network through your modems by unauthorized external users. It appears that the users are using a method of wardialing to locate your modems. What should you do to lower the success rate of wardialing attempts on your network? A. Decrease the number of rings that will occur before the RAS server answers an incoming call. B. Change the phone numbers for the modems wthin the RAS server. C. Increase the number of rings that will occur before the RAS server answers an incoming call. D. Disable all modems that are not required for incoming calls.

189 - Debora, an American citizen who works for a large accounting firm in Los Angeles, receives a memo from the company's president regarding internal computer crime investigations. The letter informs all employees that management may remove files from their workstations at any time, without notice. How would such actions apply to Debora's Fourth Amendment rights? A. If management is acting as private citizens, Debora's Fourth Amendment rights owould not be violated. B. If management is acting as private citizens, Debora's Fourth Amendment rights would be violated. C. If management is acting as a police agent, Debora's Fourth Amendment rights would not be violated. D. If Debora is acting as a police agent, management's Fourth Amendment rights would not be violated.

190 - Which is the final step that you should include in any backup plan? A. Test the backup plan. B. Determine what type of backup media you will require. C. Determine where you should store the backup media and how long you should store it there. D. Determine what data you will need to back up.

191 - Which is not a characteristic of business impact analysis? A. Determining a recover strategy B. Identifying critical systems C. Developing it early in business continuity planning D. Determining the maximum tolerable downtime (MTD)

192 - What type of threat to access control consists of a mtehod to bypass the normal user authentication process in a software product? A. Data remanence B. Buffer overflow C. Trapdoor D. Overt channel

193 - Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings? A. ARP table poisoning B. Reverse ARP C. Poisoning ARP cache D. Reverse ARP table poisoning

194 - Which of the following is an example of a brute force attack? A. A program that covers up the login screen and captures the values once they are innputted by the user. B. A program that uses a pre-defined list of values and compares it to captured values C. A program that sniffs the network and captures packets D. A program that uses every possible input combination to try to determine the correct value

195 - During the recovery strategy planning phase, there are various items that you will have to review and create a recovery strategy for. Which resource is commonly overlooked during the recovery strategies planning phase? A. Data and voice equipment B. Environmental issues C. Computer and network equipment D. Human resources

196 - The companny's database server contains multiple tables with customer orders. A possible disaster could take the server offline and the company would start to lose significatnt amounts of money after about 24 hours. What category of maximum tolerable downtime (MTD) should the server be placed in? A. Urgent B. Critical C. Normal D. Nonessential

197 - What is not a characteristic of decentralized access control administration? A. Changes in access control happen faster. B. Uniform access controls across an organization. C. Access control is implemented closer to the actual resource. D. Possible overlap in access controls

198 -The AIC triad is made up of three main principals of information security: availability, integrity and confidentiality. Which threat can compromise availability? A. DDenial-of-Service attack B Human error C. Dumpster diving D. Social engineering

199 - What should you configure to ensure that received fax documents are kept confidential and secure? A. Configure a fax server to route the received faxes to the fax device that is nearest to the recipient. B. Configure the fax device to aonly accept faxes when a user is present to receive it. C. Configure a fax server to route the received faxes to the appropriate user's electronic mailbox. D. Configure a fax server to print the faxes to the nearest printer and include a cover page that separates the printed faxes by user name.

200 - A computer crime is suspected and reported to senior management. What should the incedent response team consider during the preliminary investigation? A. Which company officials should be informed via e-mail B. Who will communicate with the media C. Whether the police should be contacted D. Whether the suspect should be contacted

201 - Which standardized algorithm can produce a message digest value in the range of 128 to 256 bits? A. MD5 B. HAVAL C. MD4 D. SHA-3

202 - During the system development process, logging should be enabled to ensure that the development life cycle is tracked. What should you track in the logs? A. Completion codes B. Who accessed the resource, what resource was accessed, and when the resource was accessed C. Edits D. Operating instructions

203 - Several measures can be taken to help protect against electric power issues. What is NOT a recommended method of protecting devices? A. Do not run cables close to fluorescent lights. B. Plug all devices into surge protectors. C. Use shielded cables. D. Plug power bars into other power bars to help provide additional protection.

204 - A BCP team determines the scope of the plan, creates a timeline, and prepares a policy statement that all department managers will sign. What other important step for initiating the project must the team perform? A. List the assets that the company has and their replacement values. B. Obtain senior management support for the project. C. Consider the legal regulations that apply to the industry in particular. D. Conduct a business impact analysis (BIA).

205 - Biometric devices are among the most accurate and secure methods of authentication available. However, some users find them obtrusive and are therefore reluctant to use them. What biometric recognition system is the most widely accepted and implemented? A. Fingerprints B. Facial features C. Iris patterns D. Retinal patterns

206 - What is NOT an example of a detective physical control? A. Smoke and fire detectors B. Alarms and sensors C. Security guards D. Library control systems

207 - Which of the following are characteristics of quantitative risk analysis and qualitative risk analysis? A. Uses a lot of educated guesses B. Presents yearly losses C. Opinions are provided by process experts D. Does not take into consideration cost/benefit analysis E. Requires calculations - Qualitative risk analysis - Quantitative risk analysis

- [A, C, and D]Qualitative risk analysis | - [E, and B]Quantitative risk analysis

208 - Management has approached you about the current Redundant Array of Independent Disks (RAID) configuration implemented within the organization. They would like to know which type of RAID level support multiple drive failures. What should you tell them? A. RAID 1 B. RAID 10 C. RAID 0 D. RAID 5

209 - What type of attack involves interference that overpowers the sending and receiving of a data signal on a communications link? A. Man-in-the-Middle attacks B. Covert Wireless Channel C. Eavesdropping D. Denial of Service Jamming

210 - The integrity of data within a database can be protected by different types of operations. Which is NOT an operation that will protect the integrity of data within a database? A. Rollback B. Commit C. Inference D. Savepoint

211 - Which model allows changes to occur dynamically for access controls based on previous actions that a user performed? A. Graham-Denning model B. Brewer and Nash model C. Chinese Firewall model D. Lattice model

212 - Information security responsibilities are inherent to the role within the organization. Which organizational role is best suited to identifying and prioritizing. Security efforts, and recommending security policies to put into place within the organization? A. Data owner B. Executive management C. Steering committee D. Information security officer

213 - You are the network administrator for a branch office. You need to secure the network traffic as it enters and leaves your office. Your plan is to implement a hardware based firewall. The firewall should be able to inspect the data's source and destination address. This will allow you to implement access control lists to control access to specific applications and services. What type of firewall should you implement to meet the branch office security requirements? A. Stateful inspection B. Application Level C. Packet Filtering D. Circuit Level

214 - Which protocol relies on a "web of trust" for its key management approach instead of a hierarchy of certificate authorities? A. PGP B. Deffie-Hellman C. SSL D. RSA

215 - How does DCOM provide security for software applications? A. It creates authentication levels that protect the authenticity, integrity, and confidentiality of data B. It uses digital signatures, which are verified using the Authenticode technology C. It uses garbage collection to leave classified data in unallocated memory locations D. It creates sandboxes, which are security boundaries within which untrusted applets are executed

216 - A public key infrastructure provides many different types of security services. Which is NOT a security service that a public key infrastructure will provide? A. Access Control B. Nonrepudiation C. Certificate Authority D. Authentication

217 - Which type of attack does not involve the use of the encryption key or encryption algorithm to gain access to secret information? A. Social engineering B. Chosen ciphertext C. Brute force D. Chosen plaintext

218 - Which viable weekly backup strategy will take the least amount of time to complete? A. Perform a full backup every Monday and an incremental backup on the remaining days of the week. B. Perform a differential backup every Monday and an incremental backup on the remaining days of the week. C. Perform a full backup every Monday and a differential backup on the remaining days of the week. D. Perform a full backup every day.

219 - Which option is not classified as a presentation layer standard? A. MPEG B. HTTP C. TIFF D. JPEG

220 - Which type of security threat would be used by an attacker to delete a resource on a specific date or time? A. SYN flood attack B. Companion virus C. Logic bomb D. DoS attack

221 - What security model is a system operating in if all users have the formal clearance and approval required to access all data in the system but they only formally need to know some of it? A. System High-Security Mode B. Dedicated Security Mode C. Multilevel Security Mode D. Compartmented Security Mode

222 - What is not an example of a physical control? A. External lights B. Subnets C. Building location D. Data backups

223 - Which type of security device is set into a door's edge? A. Biometric reader B. Mortise lock C. Rim lock D Card reader

224 - Concerning patch management, how should a set of recently released security updates be managed for your organization's production servers? A. Install only the updates for fixing problems that your firewall is unable to prevent B. Install them after ensuring that they work with the current network setup C. Install them immediately to ensure that no problems will occur D. Configure automatic updates to download the security updates

225 - RADIUS and TACACS+ are both examples of centralized access control technologies. Which of these options is NOT true in regards to TACACS+ and RADIUS? A. TACACS+ uses the Transmission Control Protocol (TCP) as its transport protocol. B. TACACS+ separates authentication, authorization, and accounting (AAA) functionalities. C. TACACS+ encrypts the user's password only. D. TACACS+ allows for more granular control.

226 - What type of backup will contain any files that have changed since the last full backup? A. Full B. Differential C. Complete D. Incremental

227 - Which statement is not true in relation to the term "back door"? A. There are various tools on the market that allow you to easily create and execute back door attacks. B. It is the placement of a program or utility within a network that provides unauthorized access to the network that it is installed in. C. It is an intentional opening within an application that allows developers to bypass security features for troubleshooting purposes. D. A back door attack allows an attacker to masquerade themselves as someone else.

228 - Which type of light is ideal for indoor lighting but not for outdoor lighting? A. Fluorescent B. Sodium vapor C. Mercury vapor D. Quartz lamps

229 - Change control documentation needs to be maintained and updated on a regular basis. What reason accurately describes why? A. In order to share information between corporate sites B. For use in future employee training sessions C. To keep track of constant changes in software and hardware D. In order to reflect the constant change in the corporate landscape

230 - An attacker deleting specific incriminating information out of an audit log is referred to as what? A. Sniffing B. Scrubbing C. Purging D. Spoofing

231 - A computer crime has been reported and an investigation by the company's incident response team has confirmed that an actual crime has been committed. Who should be informed next? A. Network administrator B. Police C. Senior management D. Human resources department

232 - The investigation team can use surveillance techniques to obtain evidence of computer crime. What is an example of physical surveillance? A. Fencing B. Keyboard monitoring C. Closed Circuit Television (CCTV) D. Audit logs

233 - Most large organizations today have acknowledged the need for a C-level security officer, typically classed as the chief information security officer. However, there are still issues in identifying the most appropriate reporting structure for the chief information security officer within the organization. The greatest potential for a conflict of interest is inherent to a chief information security officer reporting to which role within an organization? A. Chief security officer B. Chief financial officer C. Chief information officer D. Chief executive officer

234 - Which OSI reference model layers match to each function? ``` A. Network B. Presentation C. Session D. Transport E. Application F. Data-link ``` - []Responsible for error-free packet transfers between network nodes - []Establishes, maintains, and terminates connections between devices and applications - []Segments data in the appropriate size and format - []Ensures that data represented by one system can be interpreted by another system - []Specifies how data is routed from hosts on one network to hosts on another network - []Interacts directly with end users to provide network services

- [F]Responsible for error-free packet transfers between network nodes - [C]Establishes, maintains, and terminates connections between devices and applications - [D]Segments data in the appropriate size and format - [B]Ensures that data represented by one system can be interpreted by another system - [A]Specifies how data is routed from hosts on one network to hosts on another network - [E]Interacts directly with end users to provide network services

235 - What are the advantages and disadvantages of a warm site? A. Less expensive to maintain than a hot site B. Includes computers and servers C. No certainty that the site will be up and running within hours after being fully configured D. Testing of the site is done on an annual basis E. Good choice for organizations requiring proprietary hardware F. Partially configured - Advantages - Disadvantages

- [E, A]Advantages | - [F, C]Disadvantages

236 - In terms of a biometric system, what is referred to as a Type II error? A. False acceptance rate B. Crossover error rate C. Equal error rate D. False rejection rate

237 - A security practitioner is designing a network diagram that includes two routers and a firewall. A demilitarized zone (DMZ) is required for controlling DMZ access from untrusted and trusted sites.

The link off to the side from the firewall

238 - Which standard concentrates on how security controls are implemented, rather than which controls are implemented? A. ISO/IEC 27002 B. TCSEC C. ISO-IEC 27001:2005 D. Common Criteria

239 - You have just been hired as a junior security analyst at a security consulting firm. Your manager gives you a list of ciphers and asks you determine their type. Rail fence, rectangular substitution, monoalphabetic, and polyalphabetic are all examples of which type of cipher? A. Substitution B. Running key C. Transposition D. Null

240 - What is not a necessary step for developing a data classification program? A. Define procedures for declassifying data. B. Assign a data custodian. C. Assign responsibility for data classification to the data custodian. D. Define the classification levels.

241 - Which access cards match to each description? A. Proximity card B. Smart card C. Magnetic stripe card - Contains a microchip and opens a magnetic lock - Contains a microchip and can store a large amount of data - Made of PVC material and is easily damaged

- [A]Contains a microchip and opens a magnetic lock - [B]Contains a microchip and can store a large amount of data - [C]Made of PVC material and is easily damaged

242 - What often happens unexpectedly because of the development of a company s contingency plan? A. Hot sites are found to be expensive to maintain B. Improved business operations C. Support from senior management is realized D. RTOs are discovered

243 - Evidence must meet which criterion to be admissible in a court of law? A. Corroborative and conclusive B. Indisputable and intangible C. Relevant and reliable D. Insufficient and intangible

244 - What is the Biba model most concerned with? A. Verification B. Confidentiality C. Repudiation D. Integrity

245 - Two or more employees assisting each other to commit a fraudulent or destructive act is called collusion. Which security practice will help prevent collusion? A. Separation of duties B. Access control C. Rotation of duties D. Intrusion detection

246 - Which algorithm is not a hashing algorithm? A. HAVAL B. RC4 C. SHA D. MD5

247 - Which access control model is based on a security label system? A. Discretionary access control B. Mandatory access control C. Nondiscretionary access control D. Role-based access control

248 - Your company is implementing wireless technologies to provide users with the mobility they require to perform their day to day activities. Management has approached you and is questioning the security of the wireless technologies in relation to wardriving. You need to assure them that the network will be secured against wardriving. Which security measure will not provide protection against wardriving? A. Enable the broadcasting of SSIDs on the access points that will be implemented within the network. B. Use 128-bit WEP as the encryption standard on the wireless network. C. Physically place the access points within the middle of the buildings. D. Change the SSID that will be used to identify the access point on the network

249 - The process of transferring transaction logs or journals to an offsite facility is known as what? A. Disk-shadowing B. Disk duplexing C. Remote journaling D. Electronic vaulting

250 - The international Information Systems Security Certification Consortium requires CISSPs to commit to fully supporting the Code of Ethics. What is not a mandatory canon in the CISSP Code of Ethics? A. Act honorably, honestly, justly, responsibly , and legally. B. Protect society, the commonwealth, and the infrastructure. C. Provide diligent and competent service to principals. D. Discharge professional responsibilities with diligence and honesty. Discharge professional responsibilities with diligence and honesty.