Weaknesses 3-22

Question 1

What type of security mechanism is used in ActiveX?

Answer 1

Digital Signature?

Question 2

What type of attack redirects victim from legitimate websites to fake websites using DNS poisoning?

Answer 2

Pharming

Question 3

Which security model incorporates “no write up” and “no read down” rules?

Answer 3

Biba

Question 4

The Biba model is focused on protecting Confidentiality or Integrity?

Answer 4

Integrity

Question 5

Downstream liabilities are the result of what?

Answer 5

Shared networks with external entities

Question 6

ITSEC criteria uses what two letters for ratings?

Answer 6

E-F

Question 7

Orange book uses what letter range for ratings?

Answer 7

A-D

Question 8

TRUE/FALSE - Budget expenses by individuals are considered personal data

Answer 8

FALSE

Question 9

Phase Alternative Line is a standard that provides requirements for monitors used with what?

Answer 9

CCTVs

Question 10

TRUE/FALSE - Fire extinguishers should be inspected yearly

Answer 10

FALSE

Question 11

How many address bits does IPv6 have?

Answer 11

128

Question 12

When are computer files no longer considered hearsay evidence?

Answer 12

When the computer output is done during regular business hours

Question 13

Halon fire extinguishers are restricted and need to be replaced with what?

Answer 13

FM-200

Question 14

The purpose of plenum cabling is to protect what?

Answer 14

Human safety

Question 15

How do plenum cables protect human safety

Answer 15

By releasing nontoxic chemicals when burned

Question 16

Trued system design in components is essential for what CIA purpose?

Answer 16

Integrity

Question 17

Multi-threading means a computer can do what?

Answer 17

Run and process multiple requests at one time

Question 18

What is a common omission and mistake companies make with their security policies?

Answer 18

Penalties for noncompliance

Question 19

Fire extinguishers should be within how many feet of electrical equipment?

Answer 19

50

Question 20

A systematic approach to determine how different threats could be successful is what?

Answer 20

Threat modeling

Question 21

VLAN hopping by means of modifying frame-tag values is possible with what type of rogue device?

Answer 21

A switch

Question 22

What is the first step in disaster recover and contingency planning?

Answer 22

Perform a business impact analysis

Question 23

TRUE/FALSE - It is the responsibility of the business continuity committee to ensure budgets are on track

Answer 23

FALSE

Question 24

A KRI is a metric that indications when what?

Answer 24

A risk exceeds a threshhold

Question 25

What type of architecture provides web-based distributed computing technology in distinct units?

Answer 25

Service-Oriented Architecture (SOA)

Question 26

Allowing one object to have two security classifications requires what?

Answer 26

Polyinstantiation

Question 27

EJC provides interfaces and methods to allow different applications to communicate across what kind of environment?

Answer 27

Networked

Question 28

False Rejection Rate is a Type I or Type II error?

Answer 28

Type 1

Question 29

A Type II error is also known as what?

Answer 29

False Acceptance Rate

Question 30

Use and misuse cases are commonly depicted using what language?

Answer 30

Unified Modeling Language (UML)

Question 31

What is the different between a fraggle attack and smurf attack?

Answer 31

Fraggle attack uses UDP instead of ICMP

Question 32

BGP protocol lives within what TCP/IP model layer?

Answer 32

Internet

Question 33

What type of policies are usually directives devised by management to protect individual systems?

Answer 33

System-specific

Question 34

185 meters is the limit of what kind of cable?

Answer 34

10Base2 or Thin Net

Question 35

The exchange point between systems and users is called what?

Answer 35

User interface

Question 36

The process of producing for a court all electronically stored information relevant to legal cases is called what?

Answer 36

e-Discovery

Question 37

What type of token device is driven by time or events?

Answer 37

Synchronous token device

Question 38

TRUE/FALSE - Synchronous token devices are challenge-based

Answer 38

True

Question 39

In terms of Stratum’s, what level is the most authoritative?

Answer 39

Stratum 0

Question 40

The Red book addresses what?

Answer 40

Network components and products

Question 41

The qualitative identification of susceptibility that can increase the business or productivity impact of threat events is also referred to as what?

Answer 41

Vulnerability assessment

Question 42

COBIT is commonly used to meet the objectives of what framework?

Answer 42

COSO

Question 43

Government agencies commonly use what encryption device based on IPSec?

Answer 43

High Assurance Internet Protocol Encrypter (HAIPE)

Question 44

Remote Journaling is an automatic function that does what?

Answer 44

Sends transaction logs of backed up files to offsite location

Question 45

The security kernel consists of what?

Answer 45

Software, hardware, and firmware

Question 46

Continuity of Operations (COOP) focuses on what?

Answer 46

Restoring an organizations essential functions at an alternate site and performing those functions for up to 30 days

Question 47

In an ISDN connection, which wire sends data and which receives?

Answer 47

B channels send data, D channels send control information

Question 48

TRUE/FALSE - As long as employees are notified, a company can implement keyboard monitoring without consent?

Answer 48

TRUE

Question 49

What port does Network Time Protocol (NTP) use?

Answer 49

UDP 123

Question 50

A university might use what type of network architecture to connect different buildings?

Answer 50

MAN

Question 51

Where does the SPX protocol reside in the TCP/IP model?

Answer 51

Host-to-host

Question 52

In software development, the more a module can do on it’s on is better and is referred to as higher what?

Answer 52

Cohesion

Question 53

Modules should aim for what level of cohesiveness and coupling?

Answer 53

Highly cohesive, low coupling

Question 54

Interference can be prevented with what technique in a database?

Answer 54

Polyinstantiation

Question 55

Polymorphism is the act of what?

Answer 55

Two objects responding differently to the same command

Question 56

Unit testing occurs in what software development phase?

Answer 56

Development

Question 57

Air Gapping is commonly used to protect what?

Answer 57

Code repositories

Question 58

What type of virutal firewall monitors individual traffic links?

Answer 58

Bridge-mode

Question 59

In SNMP a community string is similar to what protection mechanism?

Answer 59

Password generator

Question 60

What range is the list of well known ports?

Answer 60

0-123

Question 61

What is a physical layer standard for fiber-optic lines?

Answer 61

SONET

Question 62

Modern bridges are more advanced and can work at what two OSI model layers?

Answer 62

Data link and Network

Question 63

IBM Mainframes used what polling protocol?

Answer 63

Synchronous Data Link Control (SDLC)

Question 64

IPng is another term for what new IP protocol?

Answer 64

IPv6

Question 65

TRUE/FALSE - IPv6 requires NAT

Answer 65

FALSE

Question 66

What 802.11 standard provides QoS?

Answer 66

802.11e

Question 67

High Level Data Link Control (HDLC) is based upon SDLC and improves it how?

Answer 67

Full duplex and higher throughput

Question 68

What two OSI layers correspond to the Network Access layer in the TCP/IP model?

Answer 68

Data Link and Physical

Question 69

The OSI Transport directly maps to which TCP/IP layer?

Answer 69

Host-to-host

Question 70

TCP and UDP work at what layer in the OSI / TCIP/IP models?

Answer 70

Transport or Host-to-Host

Question 71

TRUE/FALSE - Protocols at the Network Layer do not ensure the delivery of packets

Answer 71

TRUE

Question 72

ICMP, RIP, OSFP, BGP, and IGMP all live at what layer of the OSI and TCP/IP model?

Answer 72

Network and Internet

Question 73

The 802.X standards live at what OSI layer?

Answer 73

Data Link

Question 74

Carrier Sense Multiple Action / Collision Detection (CSMA/CD) determines what?

Answer 74

When the best time to send and transmit data is

Question 75

CMSA/CA differs from CSMA/CD how?

Answer 75

Computers will signal intent to send data

Question 76

What temperature does most electronic equipment suffer major damage?

Answer 76

175 F

Question 77

What type of IDS can detect new attacks not previously identified?

Answer 77

Behavior based

Question 78

TRUE/FALSE - Compliance testing occurs during disaster recovery and BCP testing plans

Answer 78

FALSE

Question 79

A formal meeting of senior organizational leaders to determine whether management systems are performing effectively is known as what?

Answer 79

Management Review

Question 80

What type of data mining identifies relationships between data elements and uses rule discovery?

Answer 80

Statistical

Question 81

What is the first step in preventing data loss / leakage?

Answer 81

Perform data inventory

Question 82

How often should disaster recovery and BCP plans be tested?

Answer 82

At least annually, or as changes occur

Question 83

What is a common illumination metric used for lighting?

Answer 83

Two foot candles

Question 84

What kind of loss can a company experience after a disgruntled worker deletes files or information regarding customer accounts?

Answer 84

Delayed loss

Question 85

MD2 produces a hash of what size?

Answer 85

128-bit

Question 86

What security technology uses and measures magnetic fields for variations?

Answer 86

Proximity

Question 87

When a computer cannot carry out its task either intentional or accidentally it is referred to as what?

Answer 87

Compromise

Question 88

Priveleged Attribute Certificates (PACs) are used in what environment?

Answer 88

SESAME

Question 89

A security mechanism used to take a copy of an object and repopulate it with different data, used often for multiple classifications is referred to as what?

Answer 89

Polyinstiantiation

Question 90

A race condition exists when what happens in a program?

Answer 90

The program goes into a vulnerable state before ensuring the vulnerable conditions are mitigated

Question 91

What is derived from a passphrase?

Answer 91

Virtual password

Question 92

Identifying feasible adverse effects on our assets is also referred to as what?

Answer 92

Threat modeling

Question 93

In regards to virtual machines and firewalls, a hypervisor allows for monitoring of what?

Answer 93

All activities on a host machine

Question 94

TRUE/FALSE - AES is symmetric

Answer 94

TRUE

Question 95

What term is commonly interchanged with hacker, but more specifically refers to a person?

Answer 95

Cracker