Sybex Practice test 1 Flashcards
Which of the following confidentiality security models ensures that a subject with clearance level of Secret can write only to objects classified as Secret or Top Secret?
A. Biba
B. Clark Wilson
C. Brewer Nash
D. Bell-LaPadula
D. Bell-LaPadula
Explanation:
The goal of the confidentiality model Bell-LaPadula is to keep secret data secret and share secret data when it is allowed to be shared
Your organization needs a security model for integrity where the subject cannot send messages to object of higher integrity. Which of the following is unique to the BIba model and will accommodate that need?
A. Simple
B. Star
C. Invocation
D. Strong
C. Invocation
Explanation:
The BIba model is a state transition system for computer security. Data is grouped into ordered levels of integrity. The model was created so that subjects cannot corrupt the data. Invocation properties mean that a process from below cannot even request a higher access. It can only work with the same or lower levels.
You need to assign permissions so that users can access only the resources they need to complete specific tasks. Which security tenet did you use to meet the need?
A. Separation of duties
B. Need to know
C. Job rotation
D. Least privilege
D. Least privilege
Explanation:
Least privilege is assigning permissions so that users can access only those resources required to do their job.
Alice needs some help developing security policy documentation. She turns to you for help in developing a document that contains instructions or information on how to remain in compliance with regulators. What document do you need to develop?
A. Procedures
B. Standards
C. Policy
D. Guidelines
B. Standards
Explanation:
A standard is a kind of security policy that defines how to remain in compliance with best practices and industry standards. Procedures are the step by step instructions on how to implement those best practices. Guidelines are used to create the procedures. Policies are at the highest level and describe the mission and goals. Policies are usually non specific and goal oriented
Your external audit submitted the final report to the board of directors and upper management. Who is responsible for implementing the recommendations in this report?
A. End users
B. Internal auditors
C. Security administrators
D. Senior management
D. Senior management
Explanation:
Senior management is always responsible for security within an organization. They are responsible for following the recommendations of the auditor
You are a system analyst conducting a vulnerability assessment. Which of the following is not a requirement for you to know?
A. Access Controls
B. Understanding of the systems to be evaluated
C. Potential threats
D. Passwords
D. Passwords
Explanation:
A list of root passwords is not a requirement. A vulnerability assessment is the testing of systems and access controls for weaknesses
You are made aware of a threat that involves a hacking group holding large amounts of information about your company. What best describes the threat you face from this hacking group?
A. DoS
B. TCO
C. Latency
D. Data mining
D. Data mining
Explanation:
With the amount of information online today, data mining is a threat that involves taking large amounts of that information for aggregation. An attacker can use this technique to find patterns on how you conduct business and find critical times when systems are most vulnerable
You are evaluating the risk for your data center. You assigned threat, vulnerability and impact a score from 1 to 10. The data center scores are as follows: Threat:4, Vulnerability:2, Impact: 6. What is the risk?
A. 12
B. 16
C. 48
D. 35
C. 48
Explanation:
To quantitatively evaluate risk, you must assess threat, vulnerability and impact. The equation is Risk = Threat x Vulnerability. In our scenario, the answer is 4 x 2 x 6 = 48
Your customer facing website experiences some failures. The security engineer analyzed the situation and believes it is the web application firewall. Syslog shows that the WAF was down twice for a total of 3 hours in the past 72 hours. Which of the following is your mean time to repair?
A. 2.5 hours
B. 1.5 hours
C. 34.5 hours
D. 3 hours
B. 1.5 hours
Explanation:
The MTTR is calculated by using the total maintenance time as the numerator and the total number of repairs as the denominator. The 3 hours divided by the two times it went down gives you an MTTR of 1.5
Intrusions are usually detected in one of three basic ways. Which detection method can reassemble packets and look at higher layer activity?
A. Signature recognition
B. Heuristic detection
C. Anomaly detection
D. Protocol decoding
D. Protocol decoding
Explanation:
Protocol decoding IDP tools can reassemble packets and look at higher layer activity like protocols that operate at the application layer
In a social engineering campaign, you were provided with the birthday of your victims. You invent a scenario to engage the victim using this information. What is this type of social engineering called?
A. Pretexting
B. Phishing
C. Baiting
D. Diversion
A. Pretexting
Explanation:
Pretexting takes real knowledge of a victim and uses that to attempt to get even more information. This type of scenario will engage and increase the chance the victim will fall for the pretext
Your office managed received a voicemail from a vendor wanting to confirm a delivery time and address. The delivery time is correct, but the address is not. What possibly happened?
A. Baiting
B. Waterholing
C. Phishing
D. Diversion
D. Diversion
Explanation:
Diversion is a social engineering campaign that targets vendor delivery or transport companies. The objective of this type of trick is to make the delivery of goods to another location rather than the original
Your compliance auditor requires an inventory of all wireless devices. What is the best search engine to use?
A. Shodan
B. WiGLE
C. Wireshark
D. BurpSuite
B. WiGLE
Explanation:
WiGLE is a search engine that maps 802.11 wireless networks. This site is searchable and has vast amounts of statistics for network admins and compliance auditors. It is also freely available to attackers
A member of your dev team was fired for harassment. The company is concerned with the security of the project and proprietary code this developer had access to. What is the best way to ensure the integrity of this project?
A. Peer review
B. Red box test
C. Gray box test
D. Black box test
D. Black box test
Explanation:
In this type of situation, the best protection is to hire an expert external red team to do a black box test of the program/product/code. A peer review may not discover items, and if collusion was in play, this would not work
As a security architect, you are responsible for making all systems come together and work properly and securely. Your tester is logged into the system as a user, testing the internal mechanisms of the application. This enables an exhaustive test very similar to what an attacker might accomplish. What type of test is this?
A. A gray box
B. A black box
C. A red box
D. A clear box
A. A gray box
Explanation:
A grey box test is an intermediary level test. Because testers have knowledge of the system, they give input to the systems, check if the result is what was expected and then check what the result is. This test combines the white box and black box tests
You are part of a small startup non profit that has grown to a development stage where a security policy is necessary. Which of these do you not include in your security policy?
A. Purpose
B. Scope
C. Compliance
D. Procedures
D. Procedures
Explanation:
A security policy is a high level document. A set of procedures is the opposite. Procedures are specific and precise. For example, while working for the military, the security policy would use port security. Procedures were how we enforced that security policy with sticky MAC
You consider yourself to be a white hat hacker with expertise in social engineering. Are you a good candidate for a read team black box engagement?
A. No, the skill set is exactly thew same
B . Yes the skill set is not the same
C. No, the skill set needed is completely opposite
D. Yes, the skill set is similar.
D. Yes, the skill set is similar.
Explanation
You assisted your networking organization in upgrading the speed and capabilities of your wireless local area network (WLAN). Currently, everyone utilizes equipment base on 802.11g using central access points. Which of the following would enhance the speed?
A. 802.11a
B. 802./11b
C. 802.11n
D. Wi MAX
C. 802.11n
Explanation:
802.11n would provide the best speed for devices compatible with 802.11g with throughput up to 600Mbps. Devices using the 802.11n standard transmit in both the 2.4GHz and 5.0 GHz frequency ranges. WiMAX is based on IEEE 802.16
You are an IT manager, and the software list your employees must use has grown to the point that it is mandated that you implemented federated identity SSO. It needs to be an extensible markup language used to exchange provisioning requests for account creation. Which of the following is best for this task?
A. SAML
B. cURL
C. SOAP
D. SPML
D. SPML
Explanation:
SPML is a standard used for federated identity and promotes the automation of user account management operations. It presents LDAP in an XML format. SAML is XML and is used for exchanging authentication/authorization and its also typically used in browsers SSO
New zero day attacks are released on a regular timeline against many different technology stacks. Which of the following would be best for you, as a security manager, to implement to manage the risk from these attacker?
A. List all inventory, applications and updated network diagrams
B. Establish some type of emergency response hierarchy
C. Back up all router, firewall, server and end user configurations
D. Hold mandatory monthly risk assessment meetings
A. List all inventory, applications and updated network diagrams
Explanation:
CIS top 20 controls is a prioritized set of best practices developed by leading security experts. The most important of these is knowing what hardware you have and what software resides on it and where it is located
In an enterprise environment, which common security services would include firewalls and enterprise grade border routers?
A. Access control
B. Cryptography and encryption
C. Boundary control
D. Authentication and automation
C. Boundary control
Explanation:
Boundary control includes security services typically provided by devices focused on protecting a systems entry point. A firewall can be set to protect a networks border from threats originating from the Internet. You can also use routers and proxies for boundary control
Your company hires a third party to provide cloud based processing that will have several different types of virtual hosts configured for different purposes, like multiple Linux Apache web server farms for different divisions. Which of the following best describes this server?
A. SaaS
B. PaaS
C. IaaS
D. AasS
You must decide what to do to formulate an efficient and effective security policy that includes the network. What type of assessment should you do?
A. Risk Assessment
B. Penetration Test
C. Compliance Audit
D. Black Box Testing
A. Risk Assessment
Explanation:
After a thorough risk and needs assessment, make sure that the network security policy is part of the official company manual. In addition, ensure that all employees have security awareness training and a copy of the security policy
You have decided that an IPSec VPN is not a good fit for your organization. Employees need access only to specific applications, not the entire network. What VPN option would work best in this situation?
A. SSH
B. SSL
C. IKE
D. RDP
B. SSL
Explanation:
SSL VPNs grant granular access to a corporate network. A remote user can access only those applications that are important to their work. An example is access to a mailbox on an Exchange Server instance or a specific subset of URLs on the intranet
You have completed the SDLC’s accreditation process for a system your organization is going to deploy globally. Management has approved the system. What phase in SDLC comes next?
A. Documentation
B. Acceptance
C. Accreditation
D. Implementation
D. Implementation
Explanation:
In the implementation phase, the system is transferred from a development and testing environment to a production environment.
To enter a facility, a guest must sign in and present a picture ID. A security guard will check both for accuracy and if both match, the guest is allowed to enter the building as long as they are escorted by a sponsor. What has the security guard performed?
A. Identity proofing
B. Identity authentication
C. Identity accounting
D. Identity confidentiality
A. Identity proofing
Explanation:
Identity proofing is the process of verifying someone’s identity based on information provided by a trusted authority. A driver’s license is a form of identification provided by a trusted authority, in this case, the government.
