Term Test 3

Question 1

Which of the following best describes an implicit deny principle?
A. All actions that are not expressly denied are allowed.
B. All actions that are not expressly allowed are denied.
C. All actions must be expressly denied.
D. None of the above

Answer 1

B. All actions that are not expressly allowed are denied

Question 2

What is the intent of least privilege?
A. Enforce the most restrictive rights required by users to run system processes.
B. Enforce the least restrictive rights required by users to run system processes.
C. Enforce the most restrictive rights required by users to complete assigned tasks.
D. Enforce the least restrictive rights required by users to complete assigned tasks.

Answer 2

C. Enforce the most restrictive rights required by users to complete assigned tasks

Question 3

Which of the following models is also known as an identity-based access control model?
A. Discretionary access control
B. Role-based access control
C. Rule-based access control
D. Mandatory access control

Answer 3

A. discretionary access control

Question 4

A central authority determines which files a user can access. Which of the following best describes this?
A. An access control list (ACL) 
B. An access control matrix
C. Discretionary access control model 
D. Nondiscretionary access control model

Answer 4

D. Nondiscretionary access control model

Question 5

A central authority determines which files a user can access based on the organization’s hierarchy. Which of the following best describes this?
A. Discretionary access control model
B. An access control list (ACL)
C. Rule-based access control model
D. Role-based access control model

Answer 5

D. Role-based access control model

Question 6

Which of the following best describes a rule-based access control model?
A. It uses local rules applied to users individually.
B. It uses global rules applied to users individually.
C. It uses local rules applied to all users equally.
D. It uses global rules applied to all users equally.

Answer 6

D. It uses global rules applied to all users equally

Question 7

What type of access control model is used on a firewall?
A. Mandatory access control model
B. Discretionary access control model
C. Rule-based access control model
D. Role-based access control model

Answer 7

C. Rule-based access control model

Question 8

Which of the following best describes a characteristic of the mandatory access control model?
A. Employs explicit-deny philosophy
B. Permissive
C. Rule-based
D. Prohibitive

Answer 8

D. Prohibitive

Question 9

Which of the following can help mitigate the success of an online brute-force attack?
A. Rainbow table
B. Account lockout
C. Salting passwords
D. Encryption of password

Answer 9

B. Account lockout

Question 10

What type of attack uses email and attempts to trick high-level executives?
A. Phishing 
B. Spear phishing
C. Whaling 
D. Vishing

Answer 10

C. Whaling

Question 11

Which one of the following tools is used primarily to perform network discovery scans?
A. Nmap 
B. Nessus
C. Metasploit 
D. lsof

Answer 11

A. Nmap

Question 12

Which one of the following is not normally included in a security assessment?
A. Vulnerability scan
B. Risk assessment
C. Mitigation of vulnerabilities
D. Threat assessment

Answer 12

C. Mitigation of vulnerabilities

Question 13

Who is the intended audience for a security assessment report?
A. Management
B. Security auditor
C. Security professional
D. Customers

Answer 13

A. Management

Question 14

Which one of the following tests provides the most accurate and detailed information about the security state of a server?
A. Unauthenticated scan 
B. Port scan
C. Half-open scan 
D. Authenticated scan

Answer 14

D. Authenticated scan

Question 15

Badin Industries runs a web application that processes e-commerce orders and handles credit card transactions. As such, it is subject to the Payment Card Industry Data Security Standard (PCI DSS). The company recently performed a web vulnerability scan of the application and it had no
unsatisfactory findings. How often must Badin rescan the application?
A. Only if the application changes
B. At least monthly
C. At least annually
D. There is no rescanning requirement.

Answer 15

C. At least annually

Question 16

Grace is performing a penetration test against a client’s network and would like to use a tool to assist in automatically executing common exploits. Which one of the following security tools will best meet her needs?
A. nmap 
B. Metasploit
C. Nessus
D. Snort

Answer 16

B. Metasploit

Question 17

Paul would like to test his application against slightly modified versions of previously used input. What type of test does Paul intend to perform?
A. Code review 
B. Application vulnerability review
C. Mutation fuzzing
D. Generational fuzzing

Answer 17

C. Mutation fuzzing

Question 18

Users of a banking application may try to withdraw funds that don’t exist from their account. Developers are aware of this threat and implemented code to protect against it. What type of software testing would most likely catch this type of vulnerability if the developers have not already remediated it?
A. Misuse case testing 
B. SQL injection testing
C. Fuzzing 
D. Code review

Answer 18

A. Misuse case testing

Question 19

What type of interface testing would identify flaws in a program’s command-line interface?
A. Application programming interface testing
B. User interface testing
C. Physical interface testing
D. Security interface testing

Answer 19

B. User interface testing

Question 20

During what type of penetration test does the tester always have access to system configuration information?
A. Black box penetration test 
B. White box penetration test
C. Gray box penetration test 
D. Red box penetration test

Answer 20

B. White box penetration test

Question 21

An organization ensures that users are granted access to only the data they need to perform specific work tasks. What principle are they following?
A. Principle of least permission
B. Separation of duties
C. Need to know
D. Role-based access control

Answer 21

C. Need to know

Question 22

An administrator is granting permissions to a database. What is the default level of access the administrator should grant to new users?
A. Read 
B. Modify
C. Full access 
D. No access

Answer 22

D. No access

Question 23

What is a primary benefit of job rotation and separation of duties policies?
A. Preventing collusion 
B. Preventing fraud
C. Encouraging collusion 
D. Correcting incidents

Answer 23

B. Preventing fraud

Question 24

Which of the following is one of the primary reasons an organization enforces a mandatory vacation policy?
A. To rotate job responsibilities
B. To detect fraud
C. To increase employee productivity
D. To reduce employee stress levels

Answer 24

B. To detect fraud

Question 25

Which of the following identifies vendor responsibilities and can include monetary penalties if the vendor doesn’t meet the stated responsibilities?
A. Service level agreement (SLA)
B. Memorandum of understanding (MOU)
C. Interconnection security agreement (ISA)
D. Software as a Service (SaaS)

Answer 25

A. Service level agreement (SLA)

Question 26

An organization is planning the layout of a new building that will house a datacenter. Where is the most appropriate place to locate the datacenter?
A. In the center of the building
B. Closest to the outside wall where power enters the building
C. Closest to the outside wall where heating, ventilation, and air conditioning systems are located
D. At the back of the building

Answer 26

A. In the center of the building

Question 27

Backup tapes have reached the end of their life cycle and need to be disposed of. Which of the following is the most appropriate disposal method?
A. Throw them away. Because they are at the end of their life cycle, it is not possible to read data from them.
B. Purge the tapes of all data before disposing of them.
C. Erase data off the tapes before disposing of them.
D. Store the tapes in a storage facility.

Answer 27

B. Purge the tapes of all data before disposing of them

Question 28

Which of the following can be an effective method of configuration management using a baseline?
A. Implementing change management
B. Using images
C. Implementing vulnerability management
D. Implementing patch management

Answer 28

B. Using images

Question 29

While troubleshooting a network problem, a technician realized it could be resolved by opening a port on a firewall. The technician opened the port and verified the system was now working. However, an attacker accessed this port and launched a successful attack. What could have
prevented this problem?
A. Patch management processes
B. Vulnerability management processes
C. Configuration management processes
D. Change management processes

Answer 29

D. Change management processes

Question 30

What would an administrator use to check systems for known issues that attackers may use to exploit the systems?
A. Versioning tracker 
B. Vulnerability scanner
C. Security audit 
D. Security review

Answer 30

B. Vulnerability scanner

Question 31

Which of the following is the best response after detecting and verifying an incident?
A. Contain it. 
B. Report it.
C. Remediate it. 
D. Gather evidence.

Answer 31

A. Contain it

Question 32

Which of the following are denial-of-service attacks? (Choose three.)
A. Teardrop 
B. Smurf
C. Ping of death 
D. Spoofing

Answer 32

A. Teardrop
B. Smurf
C. Ping of death

Question 33

A web server hosted on the Internet was recently attacked, exploiting a vulnerability in the operating system. The operating system vendor assisted in the incident investigation and verified the vulnerability was not previously known. What type of attack was this?
A. Botnet
B. Zero-day exploit
C. Denial-of-service
D. Distributed denial-of-service

Answer 33

B. Zero-day exploit

Question 34

Of the following choices, which is the most common method of distributing malware?
A. Drive-by downloads 
B. USB flash drives
C. Ransomware 
D. Unapproved software

Answer 34

A.Drive-by downloads

Question 35

Of the following choices, what indicates the primary purpose of an intrusion detection system (IDS)?
A. Detect abnormal activity
B. Diagnose system failures
C. Rate system performance
D. Test a system for vulnerabilities

Answer 35

A. Detect abnormal activity

Question 36

Which of the following is true for a host-based intrusion detection system (HIDS)?
A. It monitors an entire network.
B. It monitors a single system.
C. It’s invisible to attackers and authorized users.
D. It cannot detect malicious code.

Answer 36

B. It monitors a single system

Question 37

Which of the following is a fake network designed to tempt intruders with unpatched and unprotected security vulnerabilities and false data?
A. IDS 
B. Honeynet 
C. Padded cell 
D. Pseudo flaw

Answer 37

B. Honeynet

Question 38

Of the following choices, what is the best form of anti-malware protection?
A. Multiple solutions on each system
B. A single solution throughout the organization
C. Anti-malware protection at several locations
D. One-hundred-percent content filtering at all border gateways

Answer 38

C. Anti-malware protection at several locations

Question 39

When using penetration testing to verify the strength of your security policy, which of the following is NOT recommended?
A. Mimicking attacks previously perpetrated against your system
B. Performing attacks without management knowledge
C. Using manual and automated attack tools
D. Reconfiguring the system to resolve any discovered vulnerabilities

Answer 39

B. Performing attacks without management knowledge

Question 40

What is used to keep subjects accountable for their actions while they are authenticated to a system?
A. Authentication 
B. Monitoring
C. Account lockout 
D. User entitlement reviews

Answer 40

B. Monitoring

Question 41

What type of a security control is an audit trail?
A. Administrative 
B. Detective
C. Corrective 
D. Physical

Answer 41

B. Detective

Question 42

Which of the following options is a methodical examination or review of an environment to ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, or outright
crimes?
A. Penetration testing 
B. Auditing
C. Risk analysis 
D. Entrapment

Answer 42

B. Auditing

Question 43

What can be used to reduce the amount of logged or audited data using non-statistical methods?
A. Clipping levels 
B. Sampling
C. Log analysis 
D. Alarm triggers

Answer 43

A. Clipping levels

Question 44

Which of the following focuses more on the patterns and trends of data than on the actual content?
A. Keystroke monitoring 
B. Traffic analysis
C. Event logging 
D. Security auditing

Answer 44

B. Traffic analysis

Question 45

What would detect when a user has more privileges than necessary?
A. Account management 
B. User entitlement audit
C. Logging 
D. Reporting

Answer 45

B. User entitlement audit

Question 46

A table includes multiple objects and subjects and it identifies the specific access each subject has to different objects. What is this table?
A. Access control list 
B. Access control matrix
C. Federation 
D. Creeping privilege

Answer 46

B. Access control matrix

Question 47

Which of the following statements is true related to the role-based access control (role-BAC) model?
A. A role-BAC model allows users membership in multiple groups.
B. A role-BAC model allows users membership in a single group.
C. A role-BAC model is non-hierarchical.
D. A role-BAC model uses labels.

Answer 47

A. A role-BAC model allows users membership in multiple groups.

Question 48

Which of the following is not a valid access control model?
A. Discretionary access control model
B. Nondiscretionary access control model
C. Mandatory access control model
D. Lettuce-based access control model

Answer 48

D. Lettuce-based access control model

Question 49

What would an organization do to identify weaknesses?
A. Asset valuation 
B. Threat modeling
C. Vulnerability analysis 
D. Access review

Answer 49

C. Vulnerability analysis

Question 50

Which of the following is the best choice for a role within an organization using a role-based access control model?
A. Web server 
B. Application
C. Database 
D. Programmer

Answer 50

D. Programmer

Question 51

Which one of the following factors should not be taken into consideration when planning a security testing schedule for a particular system?
A. Sensitivity of the information stored on the system
B. Difficulty of performing the test
C. Desire to experiment with new testing tools
D. Desirability of the system to attackers

Answer 51

C. Desire to experiment with new testing tools

Question 52

Matthew would like to test systems on his network for SQL injection vulnerabilities. Which one of the following tools would be best suited to this task?
A. Port scanner
B. Network vulnerability scanner
C. Network discovery scanner
D. Web vulnerability scanner

Answer 52

D. Web vulnerability scanner

Question 53

Which one of the following is the final step of the Fagin inspection process?
A. Inspection 
B. Rework
C. Follow-up 
D. None of the above

Answer 53

C. Follow-up

Question 54

What information security management task ensures that the organization’s data protection requirements are met effectively?
A. Account management 
B. Backup verification
C. Log review 
D. Key performance indicators

Answer 54

B. Backup verification

Question 55

Why is separation of duties important for security purposes?
A. It ensures that multiple people can do the same job.
B. It prevents an organization from losing important information when they lose important people.
C. It prevents any single security person from being able to make major security changes without involving other individuals.
D. It helps employees concentrate their talents where they will be most useful.

Answer 55

C. It prevents any single security person from being able to make major security changes without involving other individuals

Question 56

A financial organization commonly has employees switch duty responsibilities every six months. What security principle are they employing?
A. Job rotation
B. Separation of duties
C. Mandatory vacations
D. Least privilege

Answer 56

A. Job rotation

Question 57

What should be done with equipment that is at the end of its life cycle and that is being donated to a charity?
A. Remove all CDs and DVDs.
B. Remove all software licenses.
C. Sanitize it.
D. Install the original software.

Answer 57

C. Sanitize it

Question 58

Which of the following steps would not be included in a change management process?
A. Immediately implement the change if it will improve performance.
B. Request the change.
C. Create a rollback plan for the change.
D. Document the change.

Answer 58

A. Immediately implement the change if it will improve performance

Question 59

Which of the following is not a part of a patch management process?
A. Evaluate patches. 
B. Test patches.
C. Deploy all patches.
D. Audit patches.

Answer 59

C. Deploy all patches

Question 60

Which of the following would security personnel do during the remediation stage of an incident response?
A. Contain the incident 
B. Collect evidence
C. Rebuild system 
D. Root cause analysis

Answer 60

D. Root cause analysis

Question 61

How does a SYN flood attack work?
A. Exploits a packet processing glitch in Windows systems
B. Uses an amplification network to flood a victim with packets
C. Disrupts the three-way handshake used by TCP
D. Sends oversized ping packets to a victim

Answer 61

C. Disrupts the three-way handshake used by TCP

Question 62

Alan is developing the access control system for a new accounting system and implements a control
that mandates that no individual may have both the permission to create a new vendor and issue a
check. What security principle is most directly related to his actions?
A. Defense in depth
B. Separation of duties
C. Need to know
D. Least privilege

Answer 62

D. Least privilege

Question 63

Betsy is a security operations analyst at a major company and wishes to conduct a network vulnerability scan to identify security deficiencies in their environment. Which one of the following tools would best help her achieve this objective?
A. Zenmap 
B. Nmap
C. Nessus 
D. lsof

Answer 63

C. Nessus

Question 64

Tom is assessing the aftermath of a denial of service attack and discovers that his system received a large number of ICMP Echo Reply packets. What type of attack likely occurred?
A. Fraggle 
B. Smurf
C. SYN Flood 
D. Ping flood

Answer 64

B. Smurf

Question 65

Mary is analyzing system logs after a security incident and notices many cases where remote systems initiated three-way TCP handshakes that were never completed. What type of attack likely occurred?
A. Cross-site scripting 
B. SQL injection
C. DNS poisoning 
D. SYN Flood

Answer 65

D. SYN Flood

Question 66

What is the first step of the incident response process?
A. Detection 
B. Reporting
C. Recovery 
D. Response

Answer 66

A. Detection

Question 67

Harold set aside a portion of his organization’s IP address space that is not used by any legitimate system and instead used to identify malicious activity. What type of control has Harold built?
A. Honeypot 
B. Pseudoflaw
C. Darknet 
D. Honeynet

Answer 67

C. Darknet

Question 68

Matt is performing a penetration test on behalf of a client. Before the engagement began, the client provided him with detailed information about the target system. What type of penetration test is Matt performing?
A. Blue box 
B. Black box
C. White box 
D. Grey box

Answer 68

C. White box

Question 69

Which one of the following transitions is not acceptable during a code review using the Fagan inspection process?
A. Inspection->Rework 
B. Rework->Preparation
C. Overview->Preparation 
D. Rework->Inspection

Answer 69

B. Rework -> Preparation

Question 70

Mark would like to run a basic port scan against his systems using a free tool that is designed specifically for that purpose. What tool should he use?
A. Nmap 
B. Qualys
C. Ping 
D. Nessus

Answer 70

A. Nmap

Question 71

What type of access control system uses predefined rules and does not have the concept of a resource owner?
A. RBAC 
B. NTFS
C. DAC 
D. MAC

Answer 71

A. RBAC

Question 72

What type of social engineering attack specifically targets the passwords of senior executives?
A. Spear phishing 
B. Whaling
C. Vishing 
D. Phishing

Answer 72

B. Whaling

Question 73

In what type of attack against databases does an individual combine multiple pieces of information classified at a low level to reveal information classified at a higher level?
A. Aggregation 
B. Cross-site scripting
C. Inference 
D. SQL Injection

Answer 73

A. Aggregation

Question 74

You are removing used magnetic hard drives from a facility and are worried about data remanence issues. What tool can you use to resolve this issue most effectively?
A. Degausser 
B. Disk partitioner
C. Disk formatter 
D. Single-pass wiper

Answer 74

A. Degausser

Question 75

You are working with your personnel department on a legal arrangement to protect information shared with a vendor. What type of agreement would be most effective?
A. NDA
B. Indemnification
C. Non-compete
D. SLA

Answer 75

A. NDA

Question 76

The MilTech defense contracting company would like to add an administrative security control that protects against insider attacks. Which one of the following controls best meets those criteria?
A. Penetration tests 
B. Vulnerability scans
C. Data loss prevention system
D. Background checks

Answer 76

D. Data loss prevention system