Various

Question 1

A hidden software-access mechanism that will bypass normal security controls to grant access into the program

Answer 1

Trapdoor

Question 2

Work tasks and data processing that were lost by a disaster, disruption, or failure

Answer 2

Lost work in process (LWIP)

Question 3

A shared connection used in common by other devices

Answer 3

Bus

Question 4

Level of permission granted to individual user for reading data, writing data, or executing specific programs

Answer 4

Access rights

Question 5

Samples collected by the auditor to prove or disprove the audit findings

Answer 5

Audit evidence

Question 6

Older term for the building that houses the data center

Answer 6

Information processing facility (IPF)

Question 7

The initial loading of software to start a computer

Answer 7

Boot strapping, also known as initial program load (IPL)

Question 8

Matching the combined security of subject (user or program), object (data), and context of usage (need or purpose) to determine whether the request should be approved or denied

Answer 8

Attribute-based access control (ABAC)

Question 9

A unique serial number burned into the network interface card by the manufacturer. The address operates in the Data-Link layer (layer 2) of the OSI model.

Answer 9

Media Access Control (MAC) address

Question 10

Test run by software quality assurance to check the system security mechanisms by exploiting known vulnerabilities

Answer 10

Penetration testing

Question 11

What is it called when the auditor places restrictions on the nature, use, or content of their findings? The audit may have encountered problems in scope, time, thoroughness of tests, or content of available evidence.

Answer 11

Qualified opinion

Question 12

What is the list of objectives, tasks in sequence, skills matrix, written procedures, written test procedures, and forecast illustrating scope, time, and cost estimates?

Answer 12

Audit plan

Question 13

This is the most restrictive level of access that grants users the minimum amount of access to perform their jobs.

Answer 13

Least privilege

Question 14

Technique used by programmers in computer software to disable the functionality of the program based on a specific date

Answer 14

Time bomb

Question 15

What is the term used to describe the development of well-defined specifications while ensuring adherence to those specifications?

Answer 15

Quality. Quality starts during initial design with the gathering of specifications. Quality originates in the beginning, not by postinspection after the product (or service) is created.

Question 16

A type of audit to determine whether internal controls are present and functioning effectively

Answer 16

Compliance audit

Question 17

What is an attack that has not been seen before called?

Answer 17

Zero-day attack

Question 18

Which access control model allows the system owner to establish access privileges to the system?

Answer 18

Discretionary access control (DAC)

Question 19

What is the term for a continuous threat of breach through electronic attacks?

Answer 19

Persistent electronic threat

Question 20

What is the purpose of the chain of custody, and why is it so important when you are collecting evidence?

Answer 20

The chain of custody ensures control in the preservation of evidence. It ensures that extra care is taken not to alter or taint the sample.

Question 21

The protection of information held in secret for the benefit of authorized users

Answer 21

Confidentiality

Question 22

An attempt to overpower the system or attempt every possible combination until access is granted

Answer 22

Brute-force attack

Question 23

Information synonymous with public records or unprotected data that is accessible by anyone

Answer 23

Unclassified

Question 24

What is it called when you manage a series of individual projects to create an ongoing operation, also known as a functional support program?

Answer 24

Program management

Question 25

What is another name for a proxy server?

Answer 25

A circuit-level firewall

Question 26

What do you call a set of commands and macros developed into a custom template inside an integrated development environment (IDE) programming tool?

Answer 26

Pseudocode

Question 27

The process of determining risks affecting the actual steps necessary to produce the desired product or service, as in use by the organization

Answer 27

Business impact analysis (BIA)

Question 28

What is two-factor authentication?

Answer 28

Using two methods for authentication. One method is something you know; the other method is something you have, such as an ATM card, electronic token, or physical characteristics (fingerprint, iris scan).

Question 29

Name for specific mid-level controls over any technology shared across multiple departments. IT systems exist in almost all departments, and therefore IT-type controls must also exist in each department regardless of who is in charge.

Answer 29

Pervasive controls

Question 30

What type of plan addresses the continued operation of an organization after a disaster occurs?

Answer 30

Business continuity plan (BCP)

Question 31

Special command used on the network to request a response from a specific machine on the same subnet

Answer 31

Ping

Question 32

What is the name of the administrative process for subdividing services to allocate for a user?

Answer 32

Provisioning

Question 33

This refers to the cost savings for doing it right the first time. Proper training and planning are examples of how this conserves money and time by avoiding the additional costs of failure.

Answer 33

Price of conformance (POC)

Question 34

Where in the network should public web servers be located?

Answer 34

The screened subnet (DMZ)

Question 35

When a computer program sends data as input to another database program operated by someone else, with or without their permission

Answer 35

SQL injection

Question 36

The process of driving through a neighborhood with technical tools to detect insecure wireless access points

Answer 36

War driving

Question 37

A type of audit used to evaluate the process method by measuring the inputs, sequence of activities, and output to determine whether the process method meets the published requirements (specifications)

Answer 37

Process audit

Question 38

The boundaries and limitations of the individual audit. Normally, this indicates particular systems or functions that will be reviewed during the audit.

Answer 38

Audit scope

Question 39

This attack targets an individual server, user, database, or network device.

Answer 39

Spear-phishing

Question 40

Software that is readily available via nonproprietary programming methods in its design. The recipient will receive the human-readable source code with the ability to make any internal changes they desire.

Answer 40

Open system

Question 41

What does the acronym IDS stand for?

Answer 41

Intrusion detection system (IDS)

Question 42

Eavesdropping and other covert techniques used to collect information

Answer 42

Passive attack

Question 43

What is cryptography?

Answer 43

The process of either hiding information from other people or authenticating valid users. It’s an area of high interest to governments, businesses, and individuals.

Question 44

What it’s called when an online vendor provides the use of commercial software through subscription

Answer 44

Software as a Service (SaaS)

Question 45

A planned method of testing and tracking minor software updates prior to implementing them into production. The cost of separate testing can be justified by using the price of failure (price of nonconformance).

Answer 45

Patch management

Question 46

Kerberos is an example of what?

Answer 46

Single sign-on (SSO)

Question 47

A public record of a unique design or function to which the author or inventor is granted exclusive rights for a limited period of time. The entire design and complete method of building a working copy must be fully disclosed to the public.

Answer 47

Patent

Question 48

What is the difference between a virus and a worm?

Answer 48

Typically, worms are malicious programs that operate independently exploiting authentication holes between systems. Viruses attach to programs or files and travel when the host file is transferred.

Question 49

What is the most important first step in understanding the auditee’s IT infrastructure?

Answer 49

A network diagram with complete documentation of the existing systems

Question 50

The first person to arrive on the scene during an emergency, regardless of training or experience. Even a four-year-old child calling 911 for help will direct the emergency response activities until relieved by a more qualified person.

Answer 50

Incident commander (IC)

Question 51

A process of ranking information based on its value or requirements for secrecy

Answer 51

Data classification

Question 52

The selection of projects based on the principles of “highest and best use” of available resources for generating the best return on investment (ROI). This is similar to trading stock investments or baseball cards to improve the overall value of the collection.

Answer 52

Portfolio management

Question 53

What type of control specifies policies and guidelines for hiring, promotion, termination, data backup, and audits?

Answer 53

Administrative control

Question 54

The process of manually verifying that records match

Answer 54

Manual reconciliation

Question 55

An individual with a significant amount of direct experience, or special training with direct experience, and the ability to deduce a correct conclusion when everyone else would form an incorrect conclusion

Answer 55

Expert

Question 56

A hardware or software device that is watching the communications traffic flowing across the network to other systems

Answer 56

Network-based device

Question 57

A newer security protocol used in wireless networks with automatic encryption-key generation and authentication

Answer 57

Extensible Authentication Protocol (EAP) in IEEE 802.11i Robust Security Networks

Question 58

The likelihood that an unfortunate event will occur and cause a loss to assets

Answer 58

Risk

Question 59

Information in the computer’s working memory (RAM) that will be lost when the power is shut off

Answer 59

Volatile data

Question 60

A message that is completely readable to a human

Answer 60

Clear text

Question 61

Discipline of following forthright and honest conduct without impropriety, deceit, or conflicting agenda

Answer 61

Ethics

Question 62

The timely disclosure of information relevant to the situation. In computer systems, this also refers to the time window in which data is available before being lost or overwritten during normal processing.

Answer 62

Evidence timing

Question 63

An old diagnostic protocol that allows the sender to specify the communications path to be used in spite of the network router settings configured by the network administrator. Can circumvent firewalls and should be disabled on network devices.

Answer 63

Source routing

Question 64

This term describes the application of a procedure or method, hopefully in support of an organizational objective.

Answer 64

Tactical

Question 65

The process of physically marking insecure wireless access points to the Internet

Answer 65

War chalking

Question 66

Anything of value. May be tangible or intangible in the form of money, physical goods, products, resources, recipes, or procedures.

Answer 66

Asset

Question 67

Duplicate or redundant components operating in parallel

Answer 67

Mirrored

Question 68

A test to evaluate performance against a known workload or industry-accepted standard

Answer 68

Benchmarking

Question 69

These are software programs, interfaces, and utilities that operate invisibly between users to form a workflow connecting their data.

Answer 69

Middleware

Question 70

How can you justify the costs involved for quality?

Answer 70

By comparing cost savings to the added costs of failure (price of nonconformance)

Question 71

What is the certificate revocation list (CRL)?

Answer 71

A list of revoked and expired certificates issued by the certificate authority (CA)

Question 72

This occurs in biometrics when the system is calibrated to favor either speed or increased accuracy.

Answer 72

Crossover error rate (CER)

Question 73

System or resource being available for users whenever they care to use it

Answer 73

Uptime

Question 74

The individual charged with protecting data from a loss of availability, loss of integrity, or loss of confidentiality

Answer 74

Data custodian

Question 75

A special template of biometric data converted into a count of specific characteristics that are unique to each user

Answer 75

Minutiae

Question 76

This is designed using application of encryption and/or digital certificates to enforce licensing of electronic files (music, movies, e-books, and so forth).

Answer 76

Digital rights management (DRM)

Question 77

A database designed so that knowledge of the format and structure of data is not required. Very flexible and may be quite complex.

Answer 77

Object-oriented database (OODB)

Question 78

Scanning of hand geometry and fingerprint readers are examples of what type of authentication?

Answer 78

Biometric authentication

Question 79

This principle ensures that the user will not make a false denial of participating in a transaction.

Answer 79

Nonrepudiation

Question 80

An audit conducted by a person who is not related to the auditee. This audit represents a high value of assurance that can be used for external purposes, including regulatory licensing.

Answer 80

Independent audit

Question 81

Adjusting the sensitivity of a biometric system to use a 50/50 compromise of false acceptance and false rejection

Answer 81

Equal error rate (EER)

Question 82

A unique entry into a database record that is required for the record to be valid

Answer 82

Primary key

Question 83

Name of the entire process for ensuring proper safeguards and control with the goal of providing complete integrity

Answer 83

Records management

Question 84

A formal specification of rules for interfaces and procedures used in communication

Answer 84

Protocol

Question 85

A technique used by antivirus software to replace the original end-of-file (EOF) marker with a new EOF marker generated by the antivirus program. Anything attempting to attach itself to the new EOF marker indicates a virus attack.

Answer 85

Inoculation, or immunization

Question 86

This programming technique allows one program, such as a shopping cart, to drive another website. It’s used by 98 percent of e-commerce on the Internet.

Answer 86

Cross-site scripting (XSS)

Question 87

Unique data used as a randomizer in encryption algorithms. This cryptovariable must be kept secret from all other users in order to protect the confidentiality of encrypted files.

Answer 87

Private key

Question 88

An internal processing environment for running a program inside another program session. It partitions resources to create a secure environment to protect the rest of the computer system from harm.

Answer 88

Virtual machine

Question 89

A malicious file that usually attaches itself to other programs with the purpose of spreading infection through program execution or through transportation by using email

Answer 89

Virus

Question 90

New employees are being hired into positions that require a high degree of trust. What administrative control should be performed as part of a security policy?

Answer 90

Background checks and possibly fidelity bonding

Question 91

Used in business continuity and disaster recovery planning to identify potential violations that must be avoided or that require special handling to minimize penalties

Answer 91

Legal deadline (LD)

Question 92

Low voltage for an extended period of time

Answer 92

Brownout

Question 93

A new generation of software or a design change resulting in a new version. Releases tend to occur in 12- to 24-month intervals.

Answer 93

Major software release

Question 94

The culmination of software, hardware, procedures, and data files that will permit timely recovery from a failure or disaster

Answer 94

Backup and restore capability

Question 95

Term for application software hosted by remote vendors across the Internet to subscribers, where details of security are not actually known to be verifiable fact

Answer 95

Cloud computing

Question 96

An advanced software development tool used for writing programs. It provides built-in functions for capturing the software design, commands, and macros for creating program code and debug testing.

Answer 96

Integrated development environment (IDE)

Question 97

Evidence that can be reassembled in chronological order to retrace a transaction or series of transactions

Answer 97

Audit trail

Question 98

A physical distance between two doorways that is designed to trap an unauthorized individual between the closed doors. Fully caged turnstiles can provide a similar means to capture potential intruders.

Answer 98

Mantrap

Question 99

When data is properly ranked somewhere within a protection scheme

Answer 99

Classified

Question 100

A review of the system after it is placed in operation to determine whether it fulfilled its original objectives. New objectives may be identified that require the system to be modified to attain compliance with the new requirements.

Answer 100

Postimplementation review

Question 101

The longest period of downtime that an organization can survive from a specific outage involving a system, process, or resource

Answer 101

Maximum acceptable outage (MAO)

Question 102

List four items that are vital to recovering from a disaster.

Answer 102

Offsite data backup, copy of vital records, an alternative work location (hot site, warm site, or cold site), and the disaster recovery plan

Question 103

When a hacker is running a remote-controlled network composed of computers owned by unsuspecting users

Answer 103

Bot-net (aka roBOT-NETwork)

Question 104

A small corrective update issued by the software developer to fix problems found in a major version previously released

Answer 104

Patch, also known as a minor software update

Question 105

A family classification of computer software designed to intentionally cause malicious damage

Answer 105

Malicious software, also known as malware

Question 106

An overlay setting used to parse the IP address into two distinct portions that represent the unique network address and the unique host address. Without this setting, the computer will be confused and unable to communicate on the network.

Answer 106

Netmask

Question 107

What is the special acquisition device used to create unique minutia data representing an individual user?

Answer 107

Biometric template sensor

Question 108

A mandatory set of steps used as a cookbook recipe for a desired result. Provides the day-to-day low-level execution necessary to support a standard.

Answer 108

Procedure

Question 109

What is the name for programmed rules inside the database used to evaluate data by sorting for possible correlations?

Answer 109

Heuristics

Question 110

Used to designate a prorated dollar amount or weight of effectiveness to an entire subject population

Answer 110

Variable sampling

Question 111

This compares the user’s minutia data against their reference sample stored in the encrypted database.

Answer 111

Biometric template matcher

Question 112

Automated software discovery of all the active hosts on a network

Answer 112

Host enumeration

Question 113

A project management technique used to determine the critical path and to forecast the time and resources necessary to complete a project

Answer 113

Program Evaluation Review Technique (PERT)

Question 114

Lack of awareness or absence of knowledge. The fastest way to be convicted for violating a law or other obligation.

Answer 114

Ignorance

Question 115

What is the difference between IPsec transport mode and tunnel mode?

Answer 115

Tunnel mode hides the internal network’s IP address information and payload by using encryption. Transport hides only the data portion of the IP packet by using the encapsulated security payload (ESP) with encryption.

Question 116

A combination of using in-house work and of outsourcing selected processes

Answer 116

Hybrid sourcing

Question 117

Unbiased honesty by a person dealing with other people or in the records of transactions

Answer 117

Integrity

Question 118

An individual pretends to be a person of authority and pulls rank to intimidate a user into giving up their username and password for network access. What type of attack is this representative of?

Answer 118

Social engineering

Question 119

Eliminating the opportunity for a person to reject or renounce their participation

Answer 119

Nonrepudiation

Question 120

A high-level statement by management specifying an objective with mandatory compliance for all persons of lower authority

Answer 120

Policy

Question 121

Persistent data retained on the hard disk and other storage media after system shutdown

Answer 121

Nonvolatile data

Question 122

A database of information derived from the knowledge of individuals who perform the related tasks. Used in decision support systems.

Answer 122

Knowledge base

Question 123

An administrative grouping of program objects with similar attributes or related behavior. Similar to the classification of insects by their shared attributes.

Answer 123

Object class

Question 124

A method of access control based on job role and required tasks

Answer 124

Nondiscretionary access control

Question 125

A small downloaded program using ActiveX, Java, XML, or a similar programming language

Answer 125

Applet

Question 126

A committee that consists of business executives for the purpose of conveying current business priorities and objectives to IT management. The committee provides governance for major projects and the IT budget.

Answer 126

IT steering committee

Question 127

A decision based on current conditions, which, when met, dictate starting the disaster recovery or business continuity plans. Any delay or failure to do so would indicate negligence.

Answer 127

Activation

Question 128

The inherent potential for harm in the business or industry itself, as the organization attempts to fulfill its objectives

Answer 128

Business risk

Question 129

A large-scale, traditional, multiuser, multiprocessor system designed with excellent internal controls

Answer 129

Mainframe computer

Question 130

A specification of physical characteristics, electrical signals, formats, and procedures used to communicate between systems

Answer 130

Interface

Question 131

Refers to the auditor not being related to the audit subject. The desire is for the auditor to be objective and free of conflict because they are not related to the audit subject.

Answer 131

Auditor independence

Question 132

A symmetric-key (preshared key) encryption protocol originally designed to promote wireless security. Because of poor design, the radio beacon advertises the entire encryption key to any listening device.

Answer 132

Wired Equivalent Privacy (WEP)

Question 133

Public-key cryptography is also known as what?

Answer 133

Asymmetric cryptography

Question 134

An overt attack against the system or system data files

Answer 134

Active attack

Question 135

A declaration or activity designed to instill confidence. Also known as a promise with evidence.

Answer 135

Assurance

Question 136

Which type of network firewall is usually the simplest to configure but has the worst logging capabilities?

Answer 136

A packet-filtering network firewall (generation 1)

Question 137

A device used in forensic investigations to prevent any changes to the original data on the hard disk or media during bitstream imaging

Answer 137

Write blocker

Question 138

Is it possible to implement nonrepudiation with symmetric/secret keys?

Answer 138

No. The same key is used at both ends without a way to tell who executed the transaction.

Question 139

A temporary and uniquely generated encryption key used for a short period of time

Answer 139

Temporal key

Question 140

Which access control model grants a user a predetermined level of access based on the role the user holds in the organization?

Answer 140

Role-based access control (RBAC) model

Question 141

An effective speed metric for processing a complete set of specific transactions

Answer 141

Throughput

Question 142

What is another term for a screened subnet?

Answer 142

Demilitarized zone (DMZ)

Question 143

Firewalls should always be configured to prevent the downloading of this type of program

Answer 143

ActiveX

Question 144

A malicious, self-replicating computer program that spreads itself through the system as infected computer programs are executed

Answer 144

Virus

Question 145

Special handling for information crossing a political border. Risks include legality of the information, differences in legal requirements, and extra protection necessary to prevent unauthorized disclosure.

Answer 145

Transborder data communication

Question 146

Any disruptive event, especially those that may cause harm

Answer 146

Incident

Question 147

A system development technique used to create initial versions of software functionality. Focused on proving a method or gaining early user acceptance, usually without any internal controls.

Answer 147

Prototype

Question 148

The person(s) performing the audit by gathering evidence, testing, and reporting the findings. This person should not be related to the subject of the audit, to prevent bias.

Answer 148

Auditor

Question 149

What is it called when information contained in two or more data tables is valid across the links inside the database?

Answer 149

Referential integrity