webqq Flashcards
Which of the following is NOT a factor related to Access Control? A. integrity B. authenticity C. confidentiality D. availability
Correct Answer: B
Authenticity is not a factor related to Access Control.
Access controls are security features that control how users and systems communicate and interact with other systems and resources.
Access controls give organization the ability to control, restrict, monitor, and protect resource availability, integrity and confidentiality.
Incorrect Answers:
A: Integrity is a factor related to Access Control.
C: Confidentiality is a factor related to Access Control.
D: Availability is a factor related to Access Control.
References:
https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Access_Control_Systems
Regarding codes of ethics covered within the ISC
CBK, within which of them is the phrase “Discourage unsafe practice” found?
A. Computer Ethics Institute commandments
B. (ISC) Code of Ethics
C. Internet Activities Board’s Ethics and the Internet (RFC1087)
D. CIAC Guidelines
Correct Answer: 2B
The (ISC)
Code of Ethics include the phrase Discourage unsafe practices, and preserve and strengthen the integrity of public infrastructures.
Incorrect Answers:
A: The phrase “Discourage unsafe practice” is not included in the Computer Ethics Institute commandments. It is included in the (ISC)
Code of Ethics.
C: The phrase “Discourage unsafe practice” is not included in RFC1087. It is included in the (ISC)
Code of Ethics.
D: The phrase “Discourage unsafe practice” is not included in CIAC Guidelines. It is included in the (ISC)
Code of Ethics.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 1064
Which of the following statements is not listed within the 4 canons of the (ISC)
Code of Ethics?
A. All information systems security professionals who are certified by (ISC) shall observe all contracts and agreements, express or implied.
B. All information systems security professionals who are certified by (ISC) shall render only those services for which they are fully competent and qualified.
C. All information systems security professionals who are certified by (ISC) shall promote and preserve public trust and confidence in information and systems.
D. All information systems security professionals who are certified by (ISC) shall social consequences of the programs
Correct Answer: D
The social consequences of the programs that are written are not included in the ISC Code of Ethics Canon.
Note: The ISC Code of Ethics Canon includes:
✑ Protect society, the common good, necessary public trust and confidence, and the infrastructure.
✑ Act honorably, honestly, justly, responsibly, and legally.
✑ Provide diligent and competent service to principals.
✑ Advance and protect the profession.
Incorrect Answers:
A: The ISC Code of Ethics Canon states that you should provide diligent and competent service to principals. This means that you should observe all contracts and agreements.
B: The ISC Code of Ethics Canon states that you should provide diligent and competent service to principals. This means that you should render only those services for which you are fully competent and qualified.
C: The ISC Code of Ethics Canon states that you should protect the necessary public trust and the infrastructure/systems.
References:
https://www.isc2.org/ethics/default.aspx?terms=code of ethics
Which of the following is needed for System Accountability?
A. Audit mechanisms.
B. Documented design as laid out in the Common Criteria.
C. Authorization.
D. Formal verification of system design.
Correct Answer: A
Accountability is the ability to identify users and to be able to track user actions. Through the use of audit logs and other tools the user actions are recorded and can be used at a later date to verify what actions were performed.
Incorrect Answers:
B: Common Criteria is an international standard to evaluate trust and would not be a factor in System Accountability.
C: Authorization is granting access to subjects, just because you have authorization does not hold the subject accountable for their actions.
D: Formal verification involves Validating and testing highly trusted systems. It does not, however, involve System Accountability.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 203, 248-250, 402.
The major objective of system configuration management is which of the following? A. System maintenance. B. System stability. C. System operations. D. System tracking.
Correct Answer: B
Configuration Management is defined as the identification, control, accounting, and documentation of all changes that take place to system hardware, software, firmware, supporting documentation, and test results throughout the lifespan of the system.
A system should have baselines set pertaining to the systems hardware, software, and firmware configuration. The configuration baseline will be tried and tested and known to be stable. Modifying the configuration settings of a system could lead to system instability.
System configuration management will help to ensure system stability by ensuring a consistent configuration across the systems.
Incorrect Answers:
A: System configuration management could aid system maintenance. However, this is not a major objective of system configuration management.
C: System configuration management will help to ensure system stability which will help in system operations. However, system operations are not a major objective of system configuration management.
D: System tracking is not an objective of system configuration management.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 4
The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior for Internet users? A. Writing computer viruses. B. Monitoring data traffic. C. Wasting computer resources. D. Concealing unauthorized accesses.
Correct Answer: C
IAB considers wasting resources (people, capacity, and computers) through purposeful actions unethical.
Note: The IAB considers the following acts unethical and unacceptable behavior:
✑ Purposely seeking to gain unauthorized access to Internet resources
✑ Disrupting the intended use of the Internet
✑ Wasting resources (people, capacity, and computers) through purposeful actions
✑ Destroying the integrity of computer-based information
✑ Compromising the privacy of others
✑ Negligence in the conduct of Internet-wide experiments
Incorrect Answers:
A: The IAB list of unethical behavior for Internet users does not include writing computer viruses.
B: IAB does not consider monitoring data traffic unethical.
D: The IAB list of unethical behavior for Internet users does not include concealing unauthorized accesses.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 1076
Which of the following is the best reason for the use of an automated risk analysis tool?
A. Much of the data gathered during the review cannot be reused for subsequent analysis.
B. Automated methodologies require minimal training and knowledge of risk analysis.
C. Most software tools have user interfaces that are easy to use and do not require any training.
D. Information gathering would be minimized and expedited due to the amount of information already built into the tool.
Correct Answer: D
Collecting all the necessary data that needs to be plugged into risk analysis equations and properly interpreting the results can be overwhelming if done manually.
Several automated risk analysis tools on the market can make this task much less painful and, hopefully, more accurate. The gathered data can be reused, greatly reducing the time required to perform subsequent analyses.
The objective of these tools is to reduce the manual effort of these tasks, perform calculations quickly, estimate future expected losses, and determine the effectiveness and benefits of the security countermeasures chosen.
Incorrect Answers:
A: The gathered data can be reused, greatly reducing the time required to perform subsequent analyses.
B: Training and knowledge of risk analysis is still required when using automated risk analysis tools.
C: Training is still required when using automated risk analysis tools even if the user interface is easy to use.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 86
Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?
A. Prevention of the modification of information by unauthorized users.
B. Prevention of the unauthorized or unintentional modification of information by authorized users.
C. Preservation of the internal and external consistency.
D. Prevention of the modification of information by authorized users.
Correct Answer: D
Prevention of the modification of information by authorized users is not one of the three goals of integrity addressed by the Clark-Wilson model.
Clark-Wilson addresses the following three goals of integrity in its model:
✑ Prevent unauthorized users from making modifications
✑ Prevent authorized users from making improper modifications (separation of duties)
✑ Maintain internal and external consistency (well-formed transaction)
The Clark-Wilson model enforces the three goals of integrity by using access triple (subject, software [TP], object), separation of duties, and auditing. This model enforces integrity by using well-formed transactions (through access triple) and separation of duties.
Incorrect Answers:
A: Prevention of the modification of information by unauthorized users is one of the three goals of integrity addressed by the Clark-Wilson model.
B: Prevention of the unauthorized or unintentional modification of information by authorized users is one of the three goals of integrity addressed by the Clark-
Wilson model.
C: Preservation of the internal and external consistency is one of the three goals of integrity addressed by the Clark-Wilson model.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 374
What is called an event or activity that has the potential to cause harm to the information systems or networks? A. Vulnerability B. Threat agent C. Weakness D. Threat
Correct Answer: D
A threat is any potential danger that is associated with the exploitation of a vulnerability. The threat is that someone, or something, will identify a specific vulnerability and use it against the company or individual. The entity that takes advantage of a vulnerability is referred to as a threat agent. A threat agent could be an intruder accessing the network through a port on the firewall, a process accessing data in a way that violates the security policy, a tornado wiping out a facility, or an employee making an unintentional mistake that could expose confidential information.
Incorrect Answers:
A: Vulnerability is what can be exploited by a threat agent. It is not an event or activity that has the potential to cause harm to the information systems or networks.
B: Threat agent is what can exploit a vulnerability. It is not an event or activity that has the potential to cause harm to the information systems or networks.
C: A weakness is another work for vulnerability. It is not an event or activity that has the potential to cause harm to the information systems or networks.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 26
What is called the probability that a threat to an information system will materialize? A. Threat B. Risk C. Vulnerability D. Hole
Correct Answer: B
A risk is the likelihood of a threat agent exploiting a vulnerability and the corresponding business impact. If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method. If users are not educated on processes and procedures, there is a higher likelihood that an employee will make an unintentional mistake that may destroy data. If an intrusion detection system (IDS) is not implemented on a network, there is a higher likelihood an attack will go unnoticed until it is too late. Risk ties the vulnerability, threat, and likelihood of exploitation to the resulting business impact.
Incorrect Answers:
A: A threat is any potential danger that is associated with the exploitation of a vulnerability.
C: A vulnerability is the absence or weakness of a safeguard that could be exploited.
D: A hole is not the probability that a threat to an information system will materialize.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 26
Which of the following would be best suited to oversee the development of an information security policy? A. System Administrators B. End User C. Security Officers D. Security administrators
Correct Answer: C
The chief security officer (CSO) is responsible for understanding the risks that the company faces and for mitigating these risks to an acceptable level. This role is responsible for understanding the organizations business drivers and for creating and maintaining a security program that facilitates these drivers, along with providing security, compliance with a long list of regulations and laws, and any customer expectations or contractual obligations.
Incorrect Answers:
A: System Administrators work in the IT department and manage the IT infrastructure from a technical perspective. They do not specialize in security and are therefore not best suited to oversee the development of an information security policy.
B: End users are the least qualified to oversee the development of an information security policy.
D: The security administrator is responsible for implementing and maintaining specific security network devices and software in the enterprise. Security administrators are not best suited to oversee the development of an information security policy.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 119-122
Which of the following is the MOST important aspect relating to employee termination?
A. The details of employee have been removed from active payroll files.
B. Company property provided to the employee has been returned.
C. User ID and passwords of the employee have been deleted.
D. The appropriate company staff is notified about the termination.
Correct Answer: D
Because terminations can happen for a variety of reasons, and terminated people have different reactions, companies should have a specific set of procedures to follow with every termination. For example:
The employee must leave the facility immediately under the supervision of a manager or security guard.
✑ The employee must surrender any identification badges or keys, complete an exit interview, and return company supplies.
✑ That users accounts and passwords should be disabled or changed immediately.
It seems harsh and cold when this actually takes place, but too many companies have been hurt by vengeful employees who have lashed out at the company when their positions were revoked for one reason or another. If an employee is disgruntled in any way, or the termination is unfriendly, that employees accounts should be disabled right away, and all passwords on all systems changed.
To ensure that the termination procedures are carried out properly, you need to ensure that the appropriate people (the people who will carry out the procedures) are notified about the termination.
Incorrect Answers:
A: Removing the details of the employee from active payroll files is not the MOST important aspect relating to employee termination.
B: Ensuring company property provided to the employee has been returned should be part of the termination procedure. However, this is not the MOST important aspect relating to employee termination; company security is more important.
C: The user ID and passwords of the employee should be disabled, not deleted. Furthermore, notifying the appropriate staff of the termination will ensure the accounts get disabled.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 129
Making sure that only those who are supposed to access the data can access is which of the following? A. confidentiality B. capability C. integrity D. availability
Correct Answer: A
Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. Some information is more sensitive than other information and requires a higher level of confidentiality. Control mechanisms need to be in place to dictate who can access data and what the subject can do with it once they have accessed it. These activities need to be controlled, audited, and monitored. Examples of information that could be considered confidential are health records, financial account information, criminal records, source code, trade secrets, and military tactical plans. Some security mechanisms that would provide confidentiality are encryption, logical and physical access controls, transmission protocols, database views, and controlled traffic flow.
Incorrect Answers:
B: Capability is the functions that a system or user is able to perform. With reference to a user, it is defined by the access a user is granted. However, making sure that only those who are supposed to access the data can access is best defined by the term confidentiality.
C: Integrity refers to ensuring that the information and systems are the accuracy and reliable and has not been modified by unauthorized entities.
D: Availability refers to ensuring that authorized users have reliable and timeous access to data and resources.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 23, 160, 229-230
Related to information security, availability is the opposite of which of the following? A. delegation B. distribution C. documentation D. destruction
Correct Answer: D
Availability ensures reliability and timely access to data and resources to authorized individuals. Network devices, computers, and applications should provide adequate functionality to perform in a predictable manner with an acceptable level of performance. They should be able to recover from disruptions in a secure and quick fashion so productivity is not negatively affected. Necessary protection mechanisms must be in place to protect against inside and outside threats that could affect the availability and productivity of all business-processing components.
The opposite of availability is destruction. The destruction of data makes it unavailable.
Incorrect Answers:
A: Delegation(委托) is not the opposite of availability.
B: Distribution is not the opposite of availability.
C: Documentation is not the opposite of availability.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 23
Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following? A. Confidentiality B. Integrity C. Availability D. capability
Correct Answer: A
Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. Some information is more sensitive than other information and requires a higher level of confidentiality.
Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted, and once it reaches its destination.
Incorrect Answers:
B: Integrity ensures that data is unaltered. This is not what is described in the question.
C: Availability ensures reliability and timely access to data and resources to authorized individuals. This is not what is described in the question.
D: Capability is not the prevention of the intentional or unintentional unauthorized disclosure of contents.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 23
Good security is built on which of the following concept?
A. The concept of a pass-through device that only allows certain traffic in and out.
B. The concept of defense in depth.
C. The concept of preventative controls.
D. The concept of defensive controls.
Correct Answer: B
Defense-in-depth is the coordinated use of multiple security controls in a layered approach. A multilayered defense system minimizes the probability of successful penetration and compromise because an attacker would have to get through several different types of protection mechanisms before she gained access to the critical assets.
Incorrect Answers:
A: Pass-through devices are not the central concept in building good security.
C: Preventative controls are not the central concept in building good security.
D: Defensive Controls is not the central concept in building good security.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 28
If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated:
A. Based on the value of item on the date of loss
B. Based on new, comparable, or identical item for old regardless of condition of lost item
C. Based on value of item one month before the loss
D. Based on the value listed on the Ebay auction web site
Correct Answer: B
The term replacement value refers to the amount that an entity would have to pay to replace an asset at the present time, according to its current worth. The replacement value coverage is designed so the policyholder will not have to spend more money to get a similar new item. For example: when a television is covered by a replacement cost value policy, the cost of a similar television which can be purchased today determines the compensation amount for that item.
Incorrect Answers:
A: The Replacement Cost Value is not the value of the item on the data of loss. The value on the date of loss is called Actual Cash value.
C: The Replacement Cost Value is not the value of the item one month ago. Replacement Cost Valuation is the cost to replace the damaged item.
D: Replacement Cost Valuation has no reference to any value on Ebay. Replacement Cost Valuation is the cost to replace the damaged item.
References:
https://en.wikipedia.org/wiki/Replacement_value
Which of the following is NOT part of user provisioning?
A. Creation and deactivation of user accounts
B. Business process implementation
C. Maintenance and deactivation of user objects and attributes
D. Delegating user administration
Correct Answer: B
User provisioning involves the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes. Business process implementation is not part of this.
Incorrect Answers:
A: User provisioning involves creating, maintaining, and deactivating accounts as necessary according to business requirements.
C: User provisioning involves the creation, maintenance, and deactivation of user objects and attributes as they exist in one or more systems, directories, or applications, in response to business processes.
D: Delegated user administration is a component of user provisioning software.
References:
, 6th Edition, McGraw-Hill, 2013, p. 179
Which of the following is NOT defined in the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087) as unacceptable and unethical activity?
A. uses a computer to steal
B. destroys the integrity of computer-based information
C. wastes resources such as people, capacity and computers through such actions
D. involves negligence in the conduct of Internet-wide experiments
Correct Answer: A
Stealing using a computer is not addressed in RFC 1087.
Note: The IAB, through RFC 1087, considers the following acts as unethical and unacceptable behavior:
✑ Purposely seeking to gain unauthorized access to Internet resources
✑ Disrupting the intended use of the Internet
✑ Wasting resources (people, capacity, and computers) through purposeful actions
✑ Destroying the integrity of computer-based information
✑ Compromising the privacy of others
✑ Conducting Internet-wide experiments in a negligent manner
Incorrect Answers:
B: Destroying the integrity of computer-based information is included in RFC 1087.
C: Wasting resources (people, capacity, and computers) through purposeful actions is included in RFC 1087.
D: Conducting Internet-wide experiments in a negligent manner is addressed in RFC 1087.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 1063
Keeping in mind that these are objectives that are provided for information only within the CBK as they only apply to the committee and not to the individuals.
Which of the following statements pertaining to the (ISC)
Code of Ethics is NOT true?
A. All information systems security professionals who are certified by (ISC) recognize that such a certification is a privilege that must be both earned and maintained.
B. All information systems security professionals who are certified by (ISC) shall provide diligent and competent service to principals.
C. All information systems security professionals who are certified by (ISC) shall forbid behavior such as associating or appearing to associate with criminals or criminal behavior.
D. All information systems security professionals who are certified by (ISC) shall promote the understanding and acceptance of prudent information security
Correct Answer: 2C
The ISC Code of Ethics does not explicitly state that an individual who are certified by (ISC) should not associate with criminals or with criminal behavior.
Incorrect Answers:
A: According to the (ISC)
Code Of Ethics all information security professionals who are certified by (ISC) recognize that such certification is a privilege that must be both earned and maintained.
B: The ICS code of Ethics states that you should provide competent service to your employers and clients, and should avoid any conflicts of interest.
D: The ICS code of Ethics states that you should support efforts to promote the understanding and acceptance of prudent information security measures throughout the public, private and academic sectors of our global information society.
References:
https://www.isc2.org/ethics/default.aspx?terms=code of ethics
Which one of these statements about the key elements of a good configuration process is NOT true?
A. Accommodate the reuse of proven standards and best practices
B. Ensure that all requirements remain clear, concise, and valid
C. Control modifications to system hardware in order to prevent resource changes
D. Ensure changes, standards, and requirements are communicated promptly and precisely
Correct Answer: C
Standards are developed to outline proper configuration management processes and approved baseline configuration settings. Systems can be tested against what is laid out in the standards, and systems can be monitored to detect if there are configurations that do not meet the requirements outlined in the standards.
A good configuration process will follow proven standards and best practices. Requirements must remain clear, concise, and valid. Changes, standards, and requirements must be communicated promptly and precisely.
The statement “Control modifications to system hardware in order to prevent resource changes” is not a key element of a good configuration process.
Modifications to system hardware should be controlled by a change control procedure.
Incorrect Answers:
A: Accommodating the reuse of proven standards and best practices is one of the key elements of a good configuration process.
B: Ensuring that all requirements remain clear, concise, and valid is one of the key elements of a good configuration process.
D: Ensuring changes, standards, and requirements are communicated promptly and precisely is one of the key elements of a good configuration process.
Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations?
A. The Computer Security Act of 1987.
B. The Federal Sentencing Guidelines of 1991.
C. The Economic Espionage Act of 1996.
D. The Computer Fraud and Abuse Act of 1986.
Correct Answer: B
Senior management could be responsible for monetary damages up to $10 million or twice the gain of the offender for nonperformance of due diligence in accordance with the U.S. Federal Sentencing Guidelines of 1991.
Incorrect Answers:
A: The Computer Security Law of 1987 is not addressing senior management responsibility. The purpose is to improve the security and privacy of sensitive information in federal computer systems and to establish a minimum acceptable security practices for such systems.
C: The Economic Espionage Act of 1996 does not address senior management responsibility. Deals with a wide range of issues, including not only industrial espionage, but the insanity defense, the Boys & Girls Clubs of America, requirements for presentence investigation reports, and the United States Sentencing
Commission reports regarding encryption or scrambling technology, and other technical and minor amendments.
D: Computer Fraud and Abuse Act of 1986 concerns acts where computers of the federal government or certain financial institutions are involved. It does not address senior management responsibility.
References:
, 5th Edition, Sybex, Indianapolis, 2011,
p. 548
Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following? A. Integrity B. Confidentiality C. Availability D. Identity
Correct Answer: A
Information must be accurate, complete, and protected from unauthorized modification. When a security mechanism provides integrity, it protects data, or a resource, from being altered in an unauthorized fashion. If any type of illegitimate modification does occur, the security mechanism must alert the user or administrator in some manner.
Hashing can be used in emails to guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered.
Incorrect Answers:
B: Confidentiality is the assurance that information is not disclosed to unauthorized individuals, programs, or processes. This is not what is described in the question.
C: Availability ensures reliability and timely access to data and resources to authorized individuals. This is not what is described in the question.
D: Identity would be the sender or recipient of the email message. It does not guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 23, 159
Which of the following is NOT a technical control?
A. Password and resource management
B. Identification and authentication methods
C. Monitoring for physical intrusion
D. Intrusion Detection Systems
Correct Answer: C
Technical controls, also called logical access control mechanisms, work in software to provide confidentiality, integrity, or availability protection. Some examples are passwords, identification and authentication methods, security devices, auditing, and the configuration of the network.
Physical controls are controls that pertain to controlling individual access into the facility and different departments, locking systems and removing unnecessary floppy or CD-ROM drives, protecting the perimeter of the facility, monitoring for intrusion, and checking environmental controls.
Monitoring for physical intrusion is an example of a physical control, not a technical control.
Incorrect Answers:
A: Password and resource management is an example of a technical control.
B: Identification and authentication methods are an example of a technical control.
D: Intrusion Detection Systems are an example of a technical control.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 28
Which of the following would NOT violate the Due Diligence concept?
A. Security policy being outdated
B. Data owners not laying out the foundation of data protection
C. Network administrator not taking mandatory two-week vacation as planned
D. Latest security patches for servers being installed as per the Patch Management process
Correct Answer: D
Due diligence is the act of gathering the necessary information so the best decision-making activities can take place. Before a company purchases another company, it should carry out due diligence activities so that the purchasing company does not have any “surprises” down the road. The purchasing company should investigate all relevant aspects of the past, present, and predictable future of the business of the target company. If this does not take place and the purchase of the new company hurts the original company financially or legally, the decision makers could be found liable (responsible) and negligent by the shareholders.
In information security, similar data gathering should take place so that there are no “surprises” down the road and the risks are fully understood before they are accepted.
Latest security patches for servers being installed as per the Patch Management process is a good security measure that should take place. This measure would not violate Due Diligence.
Incorrect Answers:
A: Security policy being outdated is a security risk that would violate due diligence.
B: Data owners not laying out the foundation of data protection is a security risk that would violate due diligence.
C: A network administrator not taking mandatory two-week vacation as planned protection is a security risk that would violate due diligence.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 1023
Ensuring least privilege does NOT require:
A. Identifying what the user’s job is.
B. Ensuring that the user alone does not have sufficient rights to subvert an important process.
C. Determining the minimum set of privileges required for a user to perform their duties.
D. Restricting the user to required privileges and nothing more.
Correct Answer: B
Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. If an individual has excessive permissions and rights, it could open the door to abuse of access and put the company at more risk than is necessary.
Ensuring least privilege requires the following:
✑ Identifying what the user’s job is (and therefore what he needs to do).
✑ Determining the minimum set of privileges required for a user to perform their duties.
✑ Restricting the user to required privileges and nothing more.
Ensuring that the user alone does not have sufficient rights to subvert an important process is not a requirement for least privilege. This is an example of separation of duties where it would take collusion between two or more people to subvert the process.
Incorrect Answers:
A: Ensuring least privilege does require identifying what the user’s job is to determine what he needs to do and what permissions he needs to do it.
C: Determining the minimum set of privileges required for a user to perform their duties is a requirement for ensuring least privilege.
D: Restricting the user to required privileges and nothing more is the definition of least privilege. This is obviously a requirement for ensuring least privilege.
References:
, 6th Edition, McGraw-Hill, 2013, p. 1236
Which of the following statements pertaining to quantitative risk analysis is NOT true?
A. Portion of it can be automated
B. It involves complex calculations
C. It requires a high volume of information
D. It requires little experience to apply
Correct Answer: D
A quantitative risk analysis is used to assign monetary and numeric values to all elements of the risk analysis process. Each element within the analysis (asset value, threat frequency, severity of vulnerability, impact damage, safeguard costs, safeguard effectiveness, uncertainty, and probability items) is quantified and entered into equations to determine total and residual risks. It is more of a scientific or mathematical approach to risk analysis compared to qualitative.
Quantitative risk analysis does require knowledge and experience to perform. Therefore, the statement “It requires little experience to apply” is false.
Incorrect Answers:
A: A portion of the quantitative risk analysis process can be automated by using quantitative risk analysis tools.
B: Quantitative risk analysis does involve complex calculations.
C: Quantitative risk analysis does require a high volume of information.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 86
Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures?
A. design, development, publication, coding, and testing
B. design, evaluation, approval, publication, and implementation
C. initiation, evaluation, development, approval, publication, implementation, and maintenance
D. feasibility, development, approval, implementation, and integration
Correct Answer: C
A project management style approach is used the development of documents such as security policy, standards and procedures.
In the initiation and evaluation stage, a written proposal is submitted to management stating the objectives of the particular document.
In the development phase, a team is assembled for the creation of the document.
In the approval phase, the document is presented to the appropriate body within the organization for approval.
In the publication phase, the document is published within the organization.
In the implementation phase, the various groups affected by the new document commence its implementation.
In the maintenance phase, the document is reviewed on the review date agreed in the development phase.
Incorrect Answers:
A: Design, coding and testing are not phases in the development of documents such as security policy, standards and procedures.
B: Design and implementation are not phases in the development of documents such as security policy, standards and procedures.
D: Feasibility and integration are not phases in the development of documents such as security policy, standards and procedures.
References:
Information Security Management Handbook, Fourth Edition, Volume 3 by Harold. F. Tipton. Page 380-382.
Risk analysis is MOST useful when applied during which phase of the system development process? A. Project initiation and Planning B. Functional Requirements definition C. System Design Specification D. Development and Implementation
Correct Answer: A
The Systems Development Life Cycle (SDLC), also called the Software Development Life Cycle or simply the System Life Cycle, is a system development model.
There are many variants of the SDLC, but most follow (or are based on) the National Institute of Standards and Technology (NIST) SDLC process.
NIST Special Publication 800-14 states: “Security, like other aspects of an IT system, is best managed if planned for throughout the IT system life cycle. There are many models for the IT system life cycle but most contain five basic phases: initiation, development/acquisition, implementation, operation, and disposal.”
Additional steps are often added, most critically the security plan, which is the first step of any SDLC.
The following overview is summarized from the NIST document, in which the first two steps relate to Risk analysis:
1. Prepare a Security PlanEnsure that security is considered during all phases of the IT system life cycle, and that security activities are accomplished during each of the phases.
2. InitiationThe need for a system is expressed and the purpose of the system is documented.
3. Conduct a Sensitivity AssessmentLook at the security sensitivity of the system and the information to be processed.
4. Development/Acquisition
5. Implementation
6. Operation/Maintenance
Incorrect Answers:
B: Risk analysis is not a critical part of the Functional Requirements definition.
C: Risk analysis is not a critical part of the System Design Specification.
D: Risk analysis is not a critical part of Development and Implementation.
References:
, 2nd Edition, Syngress, Waltham, 2012, pp. 182-183
Which of the following is from the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087)?
A. Access to and use of the Internet is a privilege and should be treated as such by all users of the systems.
B. Users should execute responsibilities in a manner consistent with the highest standards of their profession.
C. There must not be personal data record-keeping systems whose very existence is secret.
D. There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another
Correct Answer: A
RFC 1087 is called “Ethics and the Internet.” This RFC outlines the concepts pertaining to what the IAB considers unethical and unacceptable behavior.
Incorrect Answers:
B: RFC 1087 is not related to profession conduct. It concerns Ethics and the Internet.
C: RFC 1087 does not address personal data record keeping.
D: RFC 1087 does not concern consent of use of private data. It is related to Ethics and the Internet.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 1064
Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)?
A. Alternate site selection
B. Create data-gathering techniques
C. Identify the company’s critical business functions
D. Select individuals to interview for data gathering
Correct Answer: A
Alternate site selection is among the eight BIA steps.
Note: The eight BIA Steps are listed below:
1. Select individuals to interview for data gathering.
2. Create data-gathering techniques (surveys, questionnaires, qualitative and quantitative approaches).
3. Identify the companys critical business functions.
4. Identify the resources these functions depend upon.
5. Calculate how long these functions can survive without these resources.
6. Identify vulnerabilities and threats to these functions.
7. Calculate the risk for each different business function.
8. Document findings and report them to management.
Incorrect Answers:
B: Creating data-gathering techniques is the second out of the eight BIA steps.
C: To identify the companys critical business functions is the third out of the eight BIA steps.
D: Selecting individuals to interview for data gathering is the first out of the eight BIA steps.
References:
What can be described as a measure of the magnitude of loss or impact on the value of an asset? A. Probability B. Exposure factor C. Vulnerability D. Threat
Correct Answer: B
The Exposure Factor (EF) is a measure of the magnitude of loss or impact (usually as a percentage) on the value of an asset. It is used for calculating the Single
Loss Expectancy (SLE) which in turn is used to calculate the Annual Loss Expectancy (ALE).
The Single Loss Expectancy (SLE) is a dollar amount that is assigned to a single event that represents the companys potential loss amount if a specific threat were to take place. The equation is laid out as follows:
Asset Value Exposure Factor (EF) = SLE
The exposure factor (EF) represents the percentage of loss a realized threat could have on a certain asset. For example, if a data warehouse has the asset value of $150,000, it can be estimated that if a fire were to occur, 25 percent of the warehouse would be damaged, in which case the SLE would be $37,500:
Asset Value ($150,000) Exposure Factor (25%) = $37,500
Incorrect Answers:
A: Probability is the likelihood of something happening. This is not what is described in the question.
C: A vulnerability is the absence or weakness of a safeguard that could be exploited. This is not what is described in the question.
D: A threat is any potential danger that is associated with the exploitation of a vulnerability.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 87
The scope and focus of the Business continuity plan development depends most on: A. Directives of Senior Management B. Business Impact Analysis (BIA) C. Scope and Plan Initiation D. Skills of BCP committee
Correct Answer: B
A BIA is performed at the beginning of business continuity planning to identify the areas that would suffer the greatest financial or operational loss in the event of a disaster or disruption. It identifies the companys critical systems needed for survival and estimates the outage time that can be tolerated by the company as a result of a disaster or disruption.
Incorrect Answers:
A: The Business continuity plan depends on the BIA, not on directives from Senior Management.
C: The Business continuity plan depends on the BIA, not on Scope and Plan Initiation.
D: The Business continuity plan depends on the BIA, not on Skills of BCP committee.
References:
, 6th Edition, McGraw-Hill, 2013, p. 909
Which of the following best allows risk management results to be used knowledgeably? A. A vulnerability analysis B. A likelihood assessment C. An uncertainty analysis D. Threat identification
Correct Answer: C
Risk management often must rely on speculation, best guesses, incomplete data, and many unproven assumptions. The uncertainty analysis attempts to document this so that the risk management results can be used knowledgeably. There are two primary sources of uncertainty in the risk management process: (1) a lack of confidence or precision in the risk management model or methodology and (2) a lack of sufficient information to determine the exact value of the elements of the risk model, such as threat frequency, safeguard effectiveness, or consequences.
References:
http://csrc.nist.gov/publications/nistpubs/800-14/800-14.pdf, p. 21
Which of the following control pairings include: organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks? A. Preventive/Administrative Pairing B. Preventive/Technical Pairing C. Preventive/Physical Pairing D. Detective/Administrative Pairing
Correct Answer: A
Preventive administrative controls are management policies and procedures designed to protect against unwanted employee behavior. This includes separation of duties, business continuity and DR planning/testing, proper hiring practices, and proper processing of terminations. It also includes security policy, information classification, personnel procedures, and security-awareness training.
Incorrect Answers:
B: Technical controls, which are also known as logical controls, are software or hardware components, such as firewalls, IDS, encryption, identification and authentication mechanisms.
C: Physical controls are items put into place to protect facility, personnel, and resources. These include guards, locks, fencing, and lighting.
D: Detective/Administrative controls include monitoring and supervising, job rotation, and investigations.
References:
http://www.brighthub.com/computing/smb-security/articles/2388.aspx
, 6th Edition, McGraw-Hill, 2013, pp. 28-33
In an organization, an Information Technology security function should:
A. Be a function within the information systems function of an organization.
B. Report directly to a specialized business unit such as legal, corporate security or insurance.
C. Be led by a Chief Security Officer and report directly to the CEO.
D. Be independent but report to the Information Systems function.
Correct Answer: C
A Chief Security Officer (CSO) reports directly to the Chief Executive Officer (CEO). IT Security should be led by a CSO.
The chief security officer (CSO) is responsible for understanding the risks that the company faces and for mitigating these risks to an acceptable level. This role is responsible for understanding the organizations business drivers and for creating and maintaining a security program that facilitates these drivers, along with providing security, compliance with a long list of regulations and laws, and any customer expectations or contractual obligations.
Incorrect Answers:
A: The IT security function should not be a function within the information systems function of an organization.
B: The IT security function should not report directly to a specialized business unit such as legal, corporate security or insurance.
D: The IT security function should be independent but should not report to the Information Systems function.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 119
Qualitative loss resulting from the business interruption does NOT usually include:
A. Loss of revenue
B. Loss of competitive advantage or market share
C. Loss of public confidence and credibility
D. Loss of market leadership
Correct Answer: A
Loss of revenue is a quantitative loss, A Qualitative loss. The quantitative impact can be determined by evaluating financial losses such as lost revenue, assets or production units, and salary paid to an idled workforce.
Qualitative impact includes such factors as reputation, goodwill, value of the brand and lost opportunity, among others.
Incorrect Answers:
B: Loss of market share is qualitative loss.
C: Qualitative impact can lead eventually to financial losses over time, for example due to loss of customer confidence.
D: Loss of market leadership is qualitative loss.
References:
http://searchdisasterrecovery.techtarget.com/answer/Debating-quantitative-impact-vs-qualitative-impact
Which of the following would BEST classify as a management control? A. Review of security controls B. Personnel security C. Physical and environmental protection D. Documentation
Correct Answer: A
Management controls are largely procedural in nature and in general deal with the business processes used by an organization to manage the security of the information systems. The Management Control class includes five families of security controls: Risk Assessment, Security Planning, Acquisition of Information
Systems and Services, Review of Security Controls and Security Accreditation.
Incorrect Answers:
B: Personnel security is not one of the five defined families of security controls in the Management Control Class.
C: Physical and environmental protection is not one of the five defined families of security controls in the Management Control Class.
D: Documentation is not one of the five defined families of security controls in the Management Control Class.
References:
, 3rd Edition, Auerbach Publications, Boca Raton, 2008, p. 476
Valuable paper insurance coverage does cover damage to which of the following?
A. Inscribed, printed and Written documents
B. Manuscripts
C. Records
D. Money and Securities
Correct Answer: D
Valuable paper insurance coverage provides protection for inscribed, printed, and written documents and manuscripts and other printed business records.
However, it does Cover damage to paper money and printed security certificates.
Incorrect Answers:
A: Valuable paper insurance coverage provides protection for inscribed, printed, and written documents.
B: Valuable paper insurance coverage provides protection for manuscripts.
C: Valuable paper insurance coverage provides protection for printed business records.
References:
, 5th Edition, Sybex, Indianapolis, 2011,
p. 653
Which of the following statements pertaining to a security policy is NOT true?
A. Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets.
B. It specifies how hardware and software should be used throughout the organization.
C. It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective.
D. It must be flexible to the changing environment.
Correct Answer: B
The attributes of a security policy include the following:
✑ Its main purpose is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets.
✑ It needs to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective.
✑ It must be flexible to the changing environment.
A security policy does not specify how hardware and software should be used throughout the organization. This is the purpose of an Acceptable Use Policy.
Incorrect Answers:
A: The main purpose of a security policy is to inform the users, administrators and managers of their obligatory requirements for protecting technology and information assets.
C: A security policy does to have the acceptance and support of all levels of employees within the organization in order for it to be appropriate and effective.
D: A security policy must be flexible to the changing environment.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 102
If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on:
A. Value of item on the date of loss
B. Replacement with a new item for the old one regardless of condition of lost item
C. Value of item one month before the loss
D. Value of item on the date of loss plus 10 percent
Correct Answer: A
In the property and casualty insurance industry, Actual Cash Value (ACV) is a method of valuing insured property, or the value computed by that method. ACV is computed by subtracting depreciation from replacement cost on the date of the loss. The depreciation is usually calculated by establishing a useful life of the item determining what percentage of that life remains. This percentage multiplied by the replacement cost equals the ACV.
Incorrect Answers:
B: Using Actual Cash Valuation you would not receive a new item as a replacement for the old damaged item.
C: You would receive the calculated value of item on the exact date of the loss, not of the value one month before the loss.
D: You would receive the calculated value of item on the date of loss only. You would not receive an additional 10%.
References:
https://en.wikipedia.org/wiki/Actual_cash_value
The preliminary steps to security planning include all of the following EXCEPT which of the following? A. Establish objectives. B. List planning assumptions. C. Establish a security audit function. D. Determine alternate courses of action
A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A security policy can be an organizational policy, an issue-specific policy, or a system-specific policy. In an organizational security policy, management establishes how a security program will be set up, lays out the programs goals, assigns responsibilities, shows the strategic and tactical value of security, and outlines how enforcement should be carried out.
Security planning should include establishing objectives, listing assumptions and determining alternate courses of action.
Security planning does not include establishing a security audit function. Auditing security is performed to ensure that the security measures implemented as described in the security plan are effective.
Incorrect Answers:
A: Security planning should include establishing objectives.
B: Security planning should include listing assumptions.
D: Security planning should include determining alternate courses of action.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 102
One purpose of a security awareness program is to modify:
A. employee’s attitudes and behaviors towards enterprise’s security posture.
B. management’s approach towards enterprise’s security posture.
C. attitudes of employees with sensitive data.
D. corporate attitudes about safeguarding data.
Correct Answer: A
For an organization to achieve the desired results of its security program, it must communicate the what, how, and why of security to its employees. Security- awareness training should be comprehensive, tailored for specific groups, and organization-wide.
The goal is for each employee to understand the importance of security to the company as a whole and to each individual. Expected responsibilities and acceptable behaviors must be clarified, and noncompliance repercussions, which could range from a warning to dismissal, must be explained before being invoked. Security-awareness training is performed to modify employees behavior and attitude toward security. This can best be achieved through a formalized process of security-awareness training.
Incorrect Answers:
B: It is not the purpose of security awareness training to modify management’s approach towards enterprise’s security posture.
C: It is not the purpose of security awareness training to modify attitudes of employees with sensitive data only. It should apply to all employees.
D: It is not the purpose of security awareness training to modify corporate attitudes about safeguarding data.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 130
Which Security and Audit Framework has been adopted by some organizations working towards Sarbanes—Oxley Section 404 compliance?
A. Committee of Sponsoring Organizations of the Treadway Commission (COSO)
B. BIBA
C. National Institute of Standards and Technology Special Publication 800-66 (NIST SP 800-66)
D. CCTA Risk Analysis and Management Method (CRAMM)
Correct Answer: A
COSO is a model for corporate governance, and CobiT is a model for IT governance. COSO deals more at the strategic level, while CobiT focuses more at the operational level. You can think of CobiT as a way to meet many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. COSO was formed to provide sponsorship for the National Commission on Fraudulent Financial Reporting, an organization that studies deceptive financial reports and what elements lead to them.
There have been laws in place since the 1970s that basically state that it was illegal for a corporation to cook its books (manipulate its revenue and earnings reports), but it took the SarbanesOxley Act (SOX) of 2002 to really put teeth into those existing laws. SOX is a U.S. federal law that, among other things, could send executives to jail if it was discovered that their company was submitting fraudulent accounting findings to the Security Exchange Commission (SEC). SOX is based upon the COSO model, so for a corporation to be compliant with SOX, it has to follow the COSO model. Companies commonly implement ISO/IEC 27000 standards and CobiT to help construct and maintain their internal COSO structure.
Incorrect Answers:
B: BIBA is not required by organizations working towards SarbanesOxley Section 404 compliance.
C: National Institute of Standards and Technology Special Publication 800-66 (NIST SP 800-66) is not required by organizations working towards Sarbanes
Oxley Section 404 compliance.
D: CCTA Risk Analysis and Management Method (CRAMM) is not required by organizations working towards SarbanesOxley Section 404 compliance.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 59
The Widget Company decided to take their company public and while they were in the process of doing so had an external auditor come and look at their analysis from the technology manager. The technology manager did not get back to him for a few days and then the Chief Financial Officer gave the auditors a 2 page risk assessment that was signed by both the Chief Financial Officer and the Technology Manager. While reviewing it, the auditor noticed that only parts of their financial data were being backed up on site and nowhere else; the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available.
Who owns the risk with regards to the data that is being backed up and where it is stored?
A. Only the Chief Financial Officer
B. Only the most Senior Management such as the Chief Executive Officer
C. Both the Chief Financial Officer and Technology Manager
D. Only The Technology Manager
Correct Answer: A
The chief financial officer (CFO) is a member of the board. The board members are responsible for setting the organizations strategy and risk appetite (how much risk the company should take on).
In this question, the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available. The Chief Financial
Officer therefore owns the risk.
Incorrect Answers:
B: The most Senior Management such as the Chief Executive Officer does not own the risk. The Chief Financial Officer is responsible for company finances and accepted the risk. This means that the CFO owns the risk, not the CEO.
C: The Technology Manager signed the risk assessment but he did not accept the risk.
D: The Technology Manager signed the risk assessment but he did not accept the risk.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 98
The control measures that are intended to reveal the violations of security policy using software and hardware are associated with: A. preventive/physical. B. detective/technical. C. detective/physical. D. detective/administrative.
Correct Answer: B
The detective/technical controls helps to identify an incidents activities and potentially an intruder using software or hardware components, which include Audit logs and IDS.
Incorrect Answers:
A: Preventive/physical controls are meant to discourage a potential attacker using items put into place to protect facility, personnel, and resources. These items include locks, badge systems, security guards, biometric system, and mantrap doors.
C: The detective/physical controls helps to identify an incidents activities and potentially an intruder using items put into place to protect facility, personnel, and resources. These items include motion detectors and closed-circuit TVs.
D: The detective/administrative controls helps to identify an incidents activities and potentially an intruder using management-oriented controls, which include monitoring and supervising, job rotation, and investigations.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 28-34
In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated? A. Avoidance B. Acceptance C. Transference D. Mitigation
Correct Answer: A
If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance. For example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this technology. The company could decide not to allow any IM activity by their users because there is not a strong enough business need for its continued use. Discontinuing this service is an example of risk avoidance.
By avoiding the risk, we can eliminate involvement with the risk.
Incorrect Answers:
B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This does not eliminate involvement with the risk.
C: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company.
This does not eliminate involvement with the risk.
D: Risk mitigation is to implement a countermeasure to protect against the risk. This does not eliminate involvement with the risk.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98
Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized? A. Risk Mitigation B. Risk Acceptance C. Risk Avoidance D. Risk transfer
Correct Answer: C
If a company decides to terminate the activity that is introducing the risk, this is known as risk avoidance. For example, if a company allows employees to use instant messaging (IM), there are many risks surrounding this technology. The company could decide not to allow any IM activity by their users because there is not a strong enough business need for its continued use. Discontinuing this service is an example of risk avoidance.
By being proactive and removing the vulnerability causing the risk, we are avoiding the risk.
Incorrect Answers:
A: Risk mitigation is to implement a countermeasure to protect against the risk. Implementing controls is being proactive and would reduce a risk, however, only risk avoidance removes the risk or prevents the risk being realized in the first place.
B: Risk acceptance means the company understands the level of risk it is faced with, as well as the potential cost of damage, and decides to just live with it and not implement the countermeasure. This does not describe being proactive to remove the risk.
D: Risk transference is where you assign the risk to someone else; for example, by purchasing insurance. This would transfer the risk to the insurance company.
This does not describe being proactive to remove the risk.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 97-98
Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?
A. DSS is aimed at solving highly structured problems.
B. DSS emphasizes flexibility in the decision making approach of users.
C. DSS supports only structured decision-making tasks.
D. DSS combines the use of models with non-traditional data access and retrieval functions.
Correct Answer: B
A Decision Support System (DSS) is a computer-based information system that supports business or organizational decision-making activities. DSSs serve the management, operations, and planning levels of an organization (usually mid and higher management) and help people make decisions about problems that may be rapidly changing and not easily specified in advance - i.e. Unstructured and Semi-Structured decision problems.
DSS emphasizes flexibility and adaptability to accommodate changes in the environment and the decision making approach of the user.
DSS tends to be aimed at the less well structured, underspecified problem that upper level managers typically face.
DSS attempts to combine the use of models or analytic techniques with traditional data access and retrieval functions.
DSS attempts to combine the use of models or analytic techniques with traditional data access and retrieval functions.
Incorrect Answers:
A: DSS is aimed at solving unstructured and semi-structured decision problems, not highly structured problems.
C: DSS does not support only structured decision-making tasks; it supports unstructured and semi-structured decision-making tasks.
D: DSS attempts to combine the use of models or analytic techniques with traditional (not non-traditional) data access and retrieval functions.
References:
https://en.wikipedia.org/wiki/Decision_support_system
Which of the following is covered under Crime Insurance Policy Coverage?
A. Inscribed, printed and Written documents
B. Manuscripts
C. Accounts Receivable
D. Money and Securities
Correct Answer: D
Crime Insurance policy protects organizations from loss of money, securities, or inventory resulting from crime.
Incorrect Answers:
A: Crime Insurance Policy does not protect Inscribed, printed and written documents. You would need Valuable paper insurance for that.
B: Crime Insurance Policy does not protect manuscripts. You would need Valuable paper insurance for that.
C: Crime Insurance Policy does not protect business records such as Accounts Receivable. You would need Valuable paper insurance for that.
References:
http://www.insurecast.com/html/crime_insurance.asp
It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security? A. security administrator B. security analyst C. systems auditor D. systems programmer
Correct Answer: D
Reason: The security administrator, security analysis, and the system auditor need access to portions of the security systems to accomplish their jobs. The system programmer does not need access to the working (AKA: Production) security systems.
Programmers should not be allowed to have ongoing direct access to computers running production systems (systems used by the organization to operate its business). To maintain system integrity, any changes they make to production systems should be tracked by the organizations change management control system.
Because the security administrators job is to perform security functions, the performance of non-security tasks must be strictly limited. This separation of duties reduces the likelihood of loss that results from users abusing their authority by taking actions outside of their assigned functional responsibilities.
Incorrect Answers:
A: The security administrator needs to access the software on systems implementing security to perform his job function.
B: The security analyst needs to access the software on systems implementing security to perform his job function.
C: The systems auditor needs to access the software on systems implementing security to perform his job function.
Which of the following ensures that security is NOT breached when a system crash or other system failure occurs? A. Trusted recovery B. Hot swappable C. Redundancy D. Secure boot
Correct Answer: A
Trusted recovery ensures that security is not breached when a system crash or other system failure (sometimes called a “discontinuity”) occurs. It must ensure that the system is restarted without compromising its required protection scheme, and that it can recover and rollback without being compromised after the failure.
Trusted recovery is required only for B3 and A1 level systems. A system failure represents a serious security risk because the security controls may be bypassed when the system is not functioning normally.
For example, if a system crashes while sensitive data is being written to a disk (where it would normally be protected by controls), the data may be left unprotected in memory and may be accessible by unauthorized personnel.
Trusted recovery has two primary activities preparing for a system failure and recovering the system.
Incorrect Answers:
B: Hot swappable refers to computer components that can be swapped while the computer is running. This is not what is described in the question.
C: Redundancy refers to multiple instances of computer or network components to ensure that the system can remain online in the event of a component failure.
This is not what is described in the question.
D: Secure Boot refers to a security standard that ensures that a computer boots using only software that is trusted. This is not what is described in the question.
References:
, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.
Which of the following ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the system's life cycle? A. Life cycle assurance B. Operational assurance C. Covert timing assurance D. Covert storage assurance
Correct Answer: A
The Orange Book defines two types of assurance operational assurance and life cycle assurance.
Life cycle assurance ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the systems life cycle. Configuration management, which carefully monitors and protects all changes to a systems resources, is a type of life cycle assurance.
The life cycle assurance requirements specified in the Orange Book are as follows:
✑ Security testing
✑ Design specification and testing
✑ Configuration management
✑ Trusted distribution
Incorrect Answers:
B: Operational assurance focuses on the basic features and architecture of a system. An example of an operational assurance would be a feature that separates a security-sensitive code from a user code in a systems memory. Operational assurance is not what is described in the question.
C: Covert timing assurance is not one of the two defined types of assurance.
D: Covert storage assurance is not one of the two defined types of assurance.
References:
, 2nd Edition, Wiley Publishing, Indianapolis, 2004, pp.
305-306
In order to enable users to perform tasks and duties without having to go through extra steps, it is important that the security controls and mechanisms that are in place have a degree of? A. Complexity B. Non-transparency C. Transparency D. Simplicity
Correct Answer: C
The security controls and mechanisms that are in place must have a degree of transparency.
This enables the user to perform tasks and duties without having to go through extra steps because of the presence of the security controls. Transparency also does not let the user know too much about the controls, which helps prevent him from figuring out how to circumvent them. If the controls are too obvious, an attacker can figure out how to compromise them more easily.
Security (more specifically, the implementation of most security controls) has long been a sore point with users who are subject to security controls. Historically, security controls have been very intrusive to users, forcing them to interrupt their work flow and remember arcane codes or processes (like long passwords or access codes), and have generally been seen as an obstacle to getting work done. In recent years, much work has been done to remove that stigma of security controls as a detractor from the work process adding nothing but time and money. When developing access control, the system must be as transparent as possible to the end user. The users should be required to interact with the system as little as possible, and the process around using the control should be engineered so as to involve little effort on the part of the user.
For example, requiring a user to swipe an access card through a reader is an effective way to ensure a person is authorized to enter a room. However, implementing a technology (such as RFID) that will automatically scan the badge as the user approaches the door is more transparent to the user and will do less to impede the movement of personnel in a busy area.
In another example, asking a user to understand what applications and data sets will be required when requesting a system ID and then specifically requesting access to those resources may allow for a great deal of granularity when provisioning access, but it can hardly be seen as transparent. A more transparent process would be for the access provisioning system to have a role-based structure, where the user would simply specify the role he or she has in the organization and the system would know the specific resources that user needs to access based on that role. This requires less work and interaction on the part of the user and will lead to more accurate and secure access control decisions because access will be based on predefined need, not user preference.
When developing and implementing an access control system special care should be taken to ensure that the control is as transparent to the end user as possible and interrupts his work flow as little as possible.
Incorrect Answers:
A: The complexity of security controls is not what enables users to perform tasks and duties without having to go through extra steps. The controls can be complex or simple; as long as they have a degree of transparency, users will be able to perform tasks and duties without having to go through extra steps.
B: Non-transparent security controls do not enable users to perform tasks and duties without having to go through extra steps; this would be the opposite in that it would require the extra steps.
D: The simplicity of security controls is not what enables users to perform tasks and duties without having to go through extra steps. The controls can be complex or simple; as long as they have a degree of transparency, users will be able to perform tasks and duties without having to go through extra steps.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 1239-1240
Which of the following rules is LEAST likely to support the concept of least privilege?
A. The number of administrative accounts should be kept to a minimum.
B. Administrators should use regular accounts when performing routine operations like reading mail.
C. Permissions on tools that are likely to be used by hackers should be as restrictive as possible.
D. Only data to and from critical systems and applications should be allowed through the firewall.
Correct Answer: D
Only data to and from critical systems and applications should be allowed through the firewall is a detractor. Critical systems or applications do not necessarily need to have traffic go through a firewall. Even if they did, only the minimum required services should be allowed. Systems that are not deemed critical may also need to have traffic go through the firewall.
Least privilege is a basic tenet of computer security that means users should be given only those rights required to do their jobs or tasks. Least privilege is ensuring that you have the minimum privileges necessary to do a task. An admin NOT using his admin account to check email is a clear example of this.
Incorrect Answers:
A: The number of administrative accounts should be kept to a minimum: this is good practice and supports the concept of least privilege.
B: Administrators should use regular accounts when performing routine operations like reading mail: this is good practice and supports the concept of least privilege.
C: Permissions on tools that are likely to be used by hackers should be as restrictive as possible: this is good practice and supports the concept of least privilege.
A message can be encrypted and digitally signed, which provides:
A. Confidentiality, Authentication, Non-repudiation, and Integrity.
B. Confidentiality and Authentication
C. Confidentiality and Non-repudiation
D. Confidentiality and Integrity.
Correct Answer: A
Confidentiality ensures that a message can only be read by the intended recipient. Encrypting a message provides confidentiality.
A digital signature provides Authentication, Non-repudiation, and Integrity.
The purpose of digital signatures is to detect unauthorized modifications of data, and to authenticate the identity of the signatories and non-repudiation. These functions are accomplished by generating a block of data that is usually smaller than the size of the original data. This smaller block of data is bound to the original data and to the identity of the sender. This binding verifies the integrity of data and provides non-repudiation. To quote the National Institute Standards and
Technology (NIST) Digital Signature Standard (DSS): Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory.
Different steps and algorithms provide different types of security services:
✑ A message can be encrypted, which provides confidentiality.
✑ A message can be hashed, which provides integrity
✑ A message can be digitally signed, which provides authentication, nonrepudiation, and integrity.
✑ A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity
Incorrect Answers:
B: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Authentication.
C: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Non-repudiation.
D: A digital signature provides Authentication, Non-repudiation, and Integrity; not just Integrity.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 829-830
, John Wiley & Sons, New York, 2001, p. 151
In Mandatory Access Control, sensitivity labels attached to objects contain what information?
A. The item’s classification
B. The item’s classification and category set
C. The item’s category
D. The items’ need to know
Correct Answer: B
Mandatory Access Control begins with security labels assigned to all resource objects on the system. These security labels contain two pieces of information - a classification (top secret, confidential etc.) and a category (which is essentially an indication of the management level, department or project to which the object is available).
Similarly, each user account on the system also has classification and category properties from the same set of properties applied to the resource objects. When a user attempts to access a resource under Mandatory Access Control the operating system checks the user’s classification and categories and compares them to the properties of the object’s security label. If the user’s credentials match the MAC security label properties of the object access is allowed. It is important to note that both the classification and categories must match. A user with top secret classification, for example, cannot access a resource if they are not also a member of one of the required categories for that object.
Incorrect Answers:
A: In Mandatory Access Control, the sensitivity labels attached to objects contain a category set as well as the item’s classification.
C: In Mandatory Access Control, the sensitivity labels attached to objects contain the item’s classification as well as a category.
D: An items need to know is not something that is included in the sensitivity label. The categories portion of the label is used to enforce need-to-know rules.
References:
http://www.techotopia.com/index.php/Mandatory,_Discretionary,_Role_and_Rule_Based_Access_Control
What are the components of an object’s sensitivity label?
A. A Classification Set and a single Compartment.
B. A single classification and a single compartment.
C. A Classification Set and user credentials.
D. A single classification and a Compartment Set.
Correct Answer: D
An object’s sensitivity label contains one classification and multiple categories which represent compartments of information within a system.
When the MAC model is being used, every subject and object must have a sensitivity label, also called a security label. It contains a classification and different categories. The classification indicates the sensitivity level, and the categories enforce need-to-know rules.
The classifications follow a hierarchical structure, with one level being more trusted than another. However, the categories do not follow a hierarchical scheme, because they represent compartments of information within a system. The categories can correspond to departments (UN, Information Warfare, Treasury), projects (CRM, AirportSecurity, 2011Budget), or management levels. In a military environment, the classifications could be top secret, secret, confidential, and unclassified. Each classification is more trusted than the one below it. A commercial organization might use confidential, proprietary, corporate, and sensitive. The definition of the classification is up to the organization and should make sense for the environment in which it is used.
Incorrect Answers:
A: An object’s sensitivity label contains a single classification, not a classification set and multiple categories (compartments), not a single compartment.
B: An object’s sensitivity label contains multiple categories (compartments), not a single compartment.
C: An object’s sensitivity label contains a single classification, not a classification set. Furthermore, an object’s sensitivity label does not contain user credentials.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 223
What does it mean to say that sensitivity labels are “incomparable”?
A. The number of classifications in the two labels is different.
B. Neither label contains all the classifications of the other.
C. The number of categories in the two labels are different.
D. Neither label contains all the categories of the other.
Correct Answer: D
Sensitivity labels are “incomparable” with neither label contains all the categories of the other.
Comparability:
The label: “TOP SECRET [VENUS ALPHA]” is higher than either than either of the following labels: “SECRET [VENUS ALPHA]” or “TOP SECRET [VENUS]” or
“TOP SECRET [ALPHA]”
However, you cannot say that the label “TOP SECRET [VENUS]” is higher than the label: “TOP SECRET [ALPHA]” because the categories are different.
Because neither label contains all the categories of the other, the labels cannot be compared; they are said to be incomparable. In this case, you would be denied access.
Incorrect Answers:
A: A sensitivity label can only have one classification.
B: Sensitivity labels are “incomparable” with neither label contains all the categories, not the classifications of the other.
C: The number of categories in the two labels being different does not necessarily mean they are incomparable. They can still be comparable as long as the label with more categories contains all the categories of the other.
As per the Orange Book, what are two types of system assurance?
A. Operational Assurance and Architectural Assurance.
B. Design Assurance and Implementation Assurance.
C. Architectural Assurance and Implementation Assurance.
D. Operational Assurance and Life-Cycle Assurance.
Correct Answer: D
When products are evaluated for the level of trust and assurance they provide, many times operational assurance and life-cycle assurance are part of the evaluation process.
Operational assurance concentrates on the products architecture, embedded features, and functionality that enable a customer to continually obtain the necessary level of protection when using the product. Examples of operational assurances examined in the evaluation process are access control mechanisms, the separation of privileged and user program code, auditing and monitoring capabilities, covert channel analysis, and trusted recovery when the product experiences unexpected circumstances.
Life-cycle assurance pertains to how the product was developed and maintained. Each stage of the products life cycle has standards and expectations it must fulfill before it can be deemed a highly trusted product. Examples of life-cycle assurance standards are design specifications, clipping-level configurations, unit and integration testing, configuration management, and trusted distribution. Vendors looking to achieve one of the higher security ratings for their products will have each of these issues evaluated and tested.
Incorrect Answers:
A: Architectural Assurance is not one of the two types of system assurance defined in the Orange Book.
B: Design Assurance and Implementation Assurance are not the two types of system assurance defined in the Orange Book.
C: Architectural Assurance and Implementation Assurance are not the two types of system assurance defined in the Orange Book.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 1240
Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and useful patterns in data. This is an evolving field of study that includes a variety of automated analysis solutions such as Data Mining. Which of the following is not an approach used by KDD? A. Probabilistic B. Oriented C. Deviation D. Classification
Correct Answer: B
Oriented is not a KDD approach.
The following are three approaches used in KDD systems to uncover these patterns:
✑ Classification - Data are grouped together according to shared similarities.
✑ Probabilistic - Data interdependencies are identified and probabilities are applied to their relationships.
✑ Statistical - Identifies relationships between data elements and uses rule discovery.
Another fourth data mining technique is deviation detection: find the record(s) that is (are) the most different from the other records, i.e., find all outliers. These may be thrown away as noise or may be the “interesting” ones.
Incorrect Answers:
A: Probabilistic is a KDD approach where data interdependencies are identified and probabilities are applied to their relationships.
C: deviation detection is a KDD approach where the records that are the most different from the other records, i.e., find all outliers, are found.
D: Classification is a KDD approach which identifies relationships between data elements and uses rule discovery.
References:
, 2nd Edition, Syngress, Waltham, 2012, p. 1368
https://en.wikipedia.org/wiki/Data_mining
You have been tasked to develop an effective information classification program. Which one of the following steps should be performed FIRST?
A. Establish procedures for periodically reviewing the classification and ownership
B. Specify the security controls required for each classification level
C. Identify the data custodian who will be responsible for maintaining the security level of data
D. Specify the criteria that will determine how data is classified
Correct Answer: D
The following outlines the first three necessary steps for a proper classification program:
1. Define classification levels.
2. Specify the criteria that will determine how data are classified.
3. Identify data owners who will be responsible for classifying data
Steps 4-10 omitted.
Incorrect Answers:
A: Establishing procedures for periodically reviewing the classification and ownership is not one of the first steps in the classification program. It is one of the last steps (step 8 out of 10).
B: Specifying the security controls required for each classification level is not one of the first steps in the classification program. It is step 5 out of 10.
C: Identifying the responsible data custodian level is not one of the first steps in the classification program. It is step 4 out of 10.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 114
Which type of attack would a competitive intelligence attack best classify as? A. Business attack B. Intelligence attack C. Financial attack D. Grudge attack
Correct Answer: A
Competitive intelligence is the action of defining, gathering, analyzing, and distributing intelligence about a business including intelligence on products, customers, competitors, and any aspect of the environment needed to support executives and managers making strategic decisions for an organization. A competitive intelligence attack is therefore best classified as a business attack.
Incorrect Answers:
B: A competitive intelligence attack concerns intelligence about a business, not just intelligence in general.
C: A competitive intelligence attack concerns intelligence about a business as a whole, not just the financial dimension.
D: A competitive intelligence is not a grudge attack. It is an attack against a business.
References:
https://en.wikipedia.org/wiki/Competitive_intelligence
Which of the following is given the responsibility of the maintenance and protection of the data? A. Data owner B. Data custodian C. User D. Security administrator
Correct Answer: B
The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is usually filled by the IT or security department, and the duties include implementing and maintaining security controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data from backup media; retaining records of activity; and fulfilling the requirements specified in the companys security policy, standards, and guidelines that pertain to information security and data protection.
Incorrect Answers:
A: The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner is not is given the responsibility of the maintenance and protection of the data.
C: The user is any individual who routinely uses the data for work-related tasks. The user is not given the responsibility of the maintenance and protection of the data.
D: The security administrator is responsible for implementing and maintaining specific security network devices and software in the enterprise. The security administrator is not is given the responsibility of the maintenance and protection of the data.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 122
Which of the following embodies all the detailed actions that personnel are required to follow? A. Standards B. Guidelines C. Procedures D. Baselines
Correct Answer: C
Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. The steps can apply to users, IT staff, operations staff, security members, and others who may need to carry out specific tasks. Many organizations have written procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit activities, destroy material, report incidents, and much more.
Procedures are considered the lowest level in the documentation chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues.
Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment.
Incorrect Answers:
A: Standards are compulsory rules indicating how hardware and software should be implemented, used, and maintained. Standards provide a means to ensure that specific technologies, applications, parameters, and procedures are carried out in a uniform way across the organization. They do not contain all the detailed actions that personnel are required to follow.
B: Guidelines are recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply. They do not contain all the detailed actions that personnel are required to follow.
D: A Baseline is the minimum level of security necessary to support and enforce a security policy. It does not contain all the detailed actions that personnel are required to follow.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 106-107
Which of the following is NOT a responsibility of an information (data) owner?
A. Determine what level of classification the information requires.
B. Periodically review the classification assignments against business needs.
C. Delegate the responsibility of data protection to data custodians.
D. Running regular backups and periodically testing the validity of the backup data.
Correct Answer: D
The data owner defines the backup requirements. However, the data owner does not run the backups. This is performed by the data custodian.
The data owner is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises.
This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria.
The data custodian (information custodian) is responsible for maintaining and protecting the data. This role is usually filled by the IT or security department, and the duties include implementing and maintaining security controls; performing regular backups of the data; periodically validating the integrity of the data; restoring data from backup media; retaining records of activity; and fulfilling the requirements specified in the companys security policy, standards, and guidelines that pertain to information security and data protection.
Incorrect Answers:
A: Determining what level of classification the information requires is the responsibility of the data owner.
B: Periodically reviewing the classification assignments against business needs is the responsibility of the data owner.
C: Delegating the responsibility of data protection to data custodians is the responsibility of the data owner.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 121
The owner of a system should have the confidence that the system will behave according to its specifications. This is termed as: A. Integrity B. Accountability C. Assurance D. Availability
Correct Answer: C
In a trusted system, all protection mechanisms work together to process sensitive data for many types of uses, and will provide the necessary level of protection per classification level. Assurance looks at the same issues but in more depth and detail. Systems that provide higher levels of assurance have been tested extensively and have had their designs thoroughly inspected, their development stages reviewed, and their technical specifications and test plans evaluated.
In the Trusted Computer System Evaluation Criteria (TCSEC), commonly known as the Orange Book, the lower assurance level ratings look at a systems protection mechanisms and testing results to produce an assurance rating, but the higher assurance level ratings look more at the system design, specifications, development procedures, supporting documentation, and testing results. The protection mechanisms in the higher assurance level systems may not necessarily be much different from those in the lower assurance level systems, but the way they were designed and built is under much more scrutiny. With this extra scrutiny comes higher levels of assurance of the trust that can be put into a system.
Incorrect Answers:
A: Integrity ensures that data is unaltered. This is not what is described in the question.
B: Accountability is a security principle indicating that individuals must be identifiable and must be held responsible for their actions. This is not what is described in the question.
D: Availability ensures reliability and timely access to data and resources to authorized individuals.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 390-391
The US department of Health, Education and Welfare developed a list of fair information practices focused on privacy of individually, personal identifiable information. Which one of the following is incorrect?
A. There must be a way for a person to find out what information about them exists and how it is used.
B. There must be a personal data record-keeping system whose very existence shall be kept secret.
C. There must be a way for a person to prevent information about them, which was obtained for one purpose, from being used or made available for another purpose without their consent.
D. Any organization creating, maintaining, using, or disseminating records of personal identifiable information must ensure reliability of the data for their intended
Correct Answer: B
Fair Information Practice was first developed in the United States in the 1970s by the Department for Health, Education and Welfare (HEW). T Fair Information
Practice does not state that there the personal data record-keeping system must be secret.
Incorrect Answers:
A: HEW Fair Information Practices include that there should be mechanisms for individuals to review data about them, to ensure accuracy.
C: HEW Fair Information Practices include
✑ For all data collected there should be a stated purpose
✑ Information collected by an individual cannot be disclosed to other organizations or individuals unless specifically authorized by law or by consent of the individual
D: HEW Fair Information Practices include
✑ Records kept on an individual should be accurate and up to date
✑ Data should be deleted when it is no longer needed for the stated purpose
References:
https://en.wikipedia.org/wiki/Information_privacy_law
The typical computer fraudsters are usually persons with which of the following characteristics?
A. They have had previous contact with law enforcement
B. They conspire with others
C. They hold a position of trust
D. They deviate from the accepted norms of society
Correct Answer: C
It is easy for people who are placed in position of trust to commit fraud, as they are considered to be trustworthy.
Incorrect Answers:
A: A fraudster might very well have a clean legal record. This in conjunction with a position of trust make him/her hard to detect.
B: It is most typical that a fraudster conspires with other persons as the fraudster usually acts alone.
D: A fraudster can very well follow the accepted norms of society, and this makes him/her harder to detect.
References:
http://www.justice4you.org/fraud-fraudster.php
The US-EU Safe Harbor process has been created to address which of the following?
A. Integrity of data transferred between U.S. and European companies
B. Confidentiality of data transferred between U.S and European companies
C. Protection of personal data transferred between U.S and European companies
D. Confidentiality of data transferred between European and international companies
Correct Answer: C
US-EU Safe Harbor process relates to privacy, that is protection of personal data. The Safe Harbor is a construct that outlines how U.S.-based companies can comply with the EU privacy. The Safe Harbor Privacy Principles states that if a non-European organization wants to do business with a European entity, it will need to adhere to the Safe Harbor requirements if certain types of data will be passed back and forth during business processes
Incorrect Answers:
A: The US-EU Safe Harbor process does not relate to the integrity of the data. It concerns the privacy of the data.
B: The US-EU Safe Harbor process does not relate to the Confidentiality of the data. It concerns the privacy of the data.
D: The US-EU Safe Harbor process does not relate to the Confidentiality of the data. It concerns the privacy of the data.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 992
What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database? A. Level 1/Class 1 B. Level 2/Class 2 C. Level 3/Class 3 D. Level 4/Class 4
Correct Answer: B
Users can obtain certificates with various levels of assurance.
Level 1/Class 1 certificates verify electronic mail addresses. This is done through the use of a personal information number that a user would supply when asked to register. This level of certificate may also provide a name as well as an electronic mail address; however, it may or may not be a genuine name (i.e., it could be an alias). This proves that a human being will reply back if you send an email to that name or email address.
Class 2/Level 2 verify a users name, address, social security number, and other information against a credit bureau database.
Class 3/Level 3 certificates are available to companies. This level of certificate provides photo identification to accompany the other items of information provided by a level 2 certificate.
Incorrect Answers:
A: Level 1/Class 1 certificates verify electronic mail addresses. They do not verify a user’s name, address, social security number, and other information against a credit bureau database.
C: Level 3/Class 3 certificates provide photo identification to accompany the other items of information provided by a level 2 certificate. They do not verify a user’s name, address, social security number, and other information against a credit bureau database.
D: Level 4/Class 4 certificates do not verify a user’s name, address, social security number, and other information against a credit bureau database.
According to Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) there is a requirement to "protect stored cardholder data." Which of the following items cannot be stored by the merchant? A. Primary Account Number B. Cardholder Name C. Expiration Date D. The Card Validation Code (CVV2)
Correct Answer: D
Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) is to “protect stored cardholder data.” The public assumes merchants and financial institutions will protect data on payment cards to thwart theft and prevent unauthorized use.
Requirement 3 applies only if cardholder data is stored. Merchants who do not store any cardholder data automatically provide stronger protection by having eliminated a key target for data thieves.
For merchants who have a legitimate business reason to store cardholder data, it is important to understand what data elements PCI DSS allows them to store and what measures they must take to protect those data. To prevent unauthorized storage, only council certified PIN entry devices and payment applications may be used.
PCI DSS compliance is enforced by the major payment card brands who established the PCI DSS and the PCI Security Standards Council: American Express,
Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc.
PCI DSS Requirement 3 -
It details technical guidelines for protecting stored cardholder data. Merchants should develop a data retention and storage policy that strictly limits storage amount and retention time to that which is required for business, legal, and/or regulatory purposes.
Sensitive authentication data must never be stored after authorization even if this data is encrypted.
✑ Never store full contents of any track from the cards magnetic stripe or chip (referred to as full track, track, track 1, track 2, or magnetic stripe data). If required for business purposes, the cardholders name, PAN, expiration date, and service code may be stored as long as they are protected in accordance with PCI
DSS requirements.
✑ Never store the card-validation code (CVV) or value (three- or four-digit number printed on the front or back of a payment card used to validate card-not- present transactions).
✑ Never store the personal identification number (PIN) or PIN Block. Be sure to mask PAN whenever it is displayed. The first six and last four digits are the maximum number of digits that may be displayed. This requirement does not apply to those authorized with a specific need to see the full PAN, nor does it supersede stricter requirements in place for displays of cardholder data such as in a point-of-sale receipt.
Incorrect Answers:
A: The Primary Account Number can be stored by the merchant according to the PCI Data Storage Guidelines.
B: The Cardholder Name can be stored by the merchant according to the PCI Data Storage Guidelines.
C: The Expiration Date can be stored by the merchant according to the PCI Data Storage Guidelines.
References:
https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf
Which of the following is NOT a proper component of Media Viability Controls? A. Storage B. Writing C. Handling D. Marking
Correct Answer: B
Writing is not a component of media viability controls.
Media viability controls are implemented to preserve the proper working state of the media, particularly to facilitate the timely and accurate restoration of the system after a failure.
Many physical controls should be used to protect the viability of the data storage media. The goal is to protect the media from damage during handling and transportation, or during short-term or long-term storage. Proper marking and labeling of the media is required in the event of a system recovery process:
✑ Marking. All data storage media should be accurately marked or labeled. The labels can be used to identify media with special handling instructions, or to log serial numbers or bar codes for retrieval during a system recovery.
✑ Handling. Proper handling of the media is important. Some issues with the handling of media include cleanliness of the media and the protection from physical damage to the media during transportation to the archive sites.
✑ Storage. Storage of the media is very important for both security and environmental reasons. A proper heat- and humidity-free, clean storage environment should be provided for the media. Data media is sensitive to temperature, liquids, magnetism, smoke, and dust.
Incorrect Answers:
A: Storage is a media viability control used to protect the viability of data storage media.
C: Handling is a media viability control used to protect the viability of data storage media.
D: Marking is a media viability control used to protect the viability of data storage media.
References:
, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.
Degaussing is used to clear data from all of the following media except: A. Floppy Disks B. Read-Only Media C. Video Tapes D. Magnetic Hard Disks
Correct Answer: B
Atoms and Data -
Shon Harris says: “A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero.
This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms.
Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux (magnetic alignment). “
Degaussing is achieved by passing the magnetic media through a powerful magnet field to rearrange the metallic particles, completely removing any resemblance of the previously recorded signal. Therefore, degaussing will work on any electronic based media such as floppy disks, or hard disks - all of these are examples of electronic storage. However, “read-only media” includes items such as paper printouts and CD-ROM which do not store data in an electronic form or is not magnetic storage. Passing them through a magnet field has no effect on them.
Not all clearing/ purging methods are applicable to all media for example, optical media is not susceptible to degaussing, and overwriting may not be effective against Flash devices. The degree to which information may be recoverable by a sufficiently motivated and capable adversary must not be underestimated or guessed at in ignorance. For the highest-value commercial data, and for all data regulated by government or military classification rules, read and follow the rules and standards.
Incorrect Answers:
A: Floppy Disks can be erased by degaussing.
C: Video Tapes can be erased by degaussing.
D: Magnetic Hard Disks can be erased by degaussing.
References:
http://www.degausser.co.uk/degauss/degabout.htm
http://www.degaussing.net/
http://www.cerberussystems.com/INFOSEC/stds/ncsctg25.htm
An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called: A. a magnetic field. B. a degausser. C. magnetic remanence. D. magnetic saturation.
Correct Answer: B
A device that performs degaussing generates a coercive magnetic force that reduces the magnetic flux density of the storage media to zero. This magnetic force is what properly erases data from media. Data are stored on magnetic media by the representation of the polarization of the atoms. Degaussing changes this polarization (magnetic alignment) by using a type of large magnet to bring it back to its original flux (magnetic alignment).
Incorrect Answers:
A: A magnetic field is not the electrical device described in the question.
C: Magnetic remanence is not the electrical device described in the question.
D: Magnetic saturation is not the electrical device described in the question.
References:
, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.
1282
Which of the following logical access exposures involvers changing data before, or as it is entered into the computer? A. Data diddling B. Salami techniques C. Trojan horses D. Viruses
Correct Answer: A
Data diddling refers to the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application. For instance, if a loan processor is entering information for a customers loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20.
This type of crime is extremely common and can be prevented by using appropriate access controls and proper segregation of duties. It will more likely be perpetrated by insiders, who have access to data before it is processed.
Incorrect Answers:
B: Salami techniques: A salami attack is the one in which an attacker commits several small crimes with the hope that the overall larger crime will go unnoticed.
This is not what is described in the question.
C: A Trojan Horse is a program that is disguised as another program. This is not what is described in the question.
D: A Virus is a small application or a string of code that infects applications. This is not what is described in the question.
References:
, 6th Edition, McGraw-Hill, 2013, p. 1059
When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?
A. Clearing completely erases the media whereas purging only removes file headers, allowing the recovery of files.
B. Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.
C. They both involve rewriting the media.
D. Clearing renders information unrecoverable against a laboratory attack and purging renders information unrecoverable to a keyboard attack.
Correct Answer: B
The removal of information from a storage medium is called sanitization. Different kinds of sanitization provide different levels of protection. A distinction can be made between clearing information (rendering it unrecoverable by a keyboard attack) and purging (rendering it unrecoverable against laboratory attack).
There are three general methods of purging media: overwriting, degaussing, and destruction.
There should be continuous assurance that sensitive information is protected and not allowed to be placed in a circumstance wherein a possible compromise can occur. There are two primary levels of threat that the protector of information must guard against: keyboard attack (information scavenging through system software capabilities) and laboratory attack (information scavenging through laboratory means). Procedures should be implemented to address these threats before the Automated Information System (AIS) is procured, and the procedures should be continued throughout the life cycle of the AIS.
Incorrect Answers:
A: It is not true that clearing completely erases the media or that purging only removes file headers, allowing the recovery of files.
C: Clearing does not involve rewriting the media.
D: It is not true that clearing renders information unrecoverable against a laboratory attack or purging renders information unrecoverable to a keyboard attack.
In Mandatory Access Control, sensitivity labels attached to object contain what information?
A. The item’s classification
B. The item’s classification and category set
C. The item’s category
D. The item’s need to know
Correct Answer: B
A sensitivity label is required for every subject and object when using the Mandatory Access Control (MAC) model. The sensitivity label is made up of a classification and different categories.
Incorrect Answers:
A: The item’s classification on its own is incorrect. It has to have a category as well.
C: The item’s category on its own is incorrect. It has to have a classification as well.
D: Need-to-know rules are applied by the categories section of the label.
References:
, 6th Edition, McGraw-Hill, 2013, p. 223
http://en.wikipedia.org/wiki/Mandatory_Access_Control
Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect?
A. Data collected by an organization can be used for any purpose and for as long as necessary, as long as it is never communicated outside of the organization by which it was collected.
B. Individuals have the right to correct errors contained in their personal data.
C. Transmission of personal information to locations where “equivalent” personal data protection cannot be assured is prohibited.
D. Records kept on an individual should be accurate and up to date.
Correct Answer: A
EUs Data Protection Data Integrity states that Data must be relevant and reliable for the purpose it was collected for.
Incorrect Answers:
B: EUs Data Protection Directive includes the access directive which states that individuals must be able to access information held about them, and correct or delete it if it is inaccurate.
C: EUs Data Protection Directive includes the Onward Transfer directive which states that transfers of data to third parties may only occur to other organizations that follow adequate data protection principles.
D: EUs Data Protection Directive includes the Data Integrity directive which states that Data must be relevant and reliable for the purpose it was collected for.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 1064-1065
Who should DECIDE how a company should approach security and what security measures should be implemented? A. Senior management B. Data owner C. Auditor D. The information security specialist
Correct Answer: A
Computers and the information processed on them usually have a direct relationship with a companys critical missions and objectives. Because of this level of importance, senior management should make protecting these items a high priority and provide the necessary support, funds, time, and resources to ensure that systems, networks, and information are protected in the most logical and cost-effective manner possible.
For a companys security plan to be successful, it must start at the top level and be useful and functional at every single level within the organization. Senior management needs to define the scope of security and identify and decide what must be protected and to what extent.
Incorrect Answers:
B: The data owner can grant access to the data. However, the data owner should not decide how a company should approach security and what security measures should be implemented.
C: Systems Auditors ensure the appropriate security controls are in place. However, they should not decide how a company should approach security and what security measures should be implemented.
D: The information security specialist may be the ones who implement the security measures. However, they should not decide how a company should approach security and what security measures should be implemented.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 101
Controlling access to information systems and associated networks is necessary for the preservation of their:
A. Authenticity, confidentiality and availability
B. Confidentiality, integrity, and availability.
C. Integrity and availability.
D. Authenticity, confidentiality, integrity and availability.
Correct Answer: B
Information security is made up of the following main attributes:
Availability - Prevention of loss of, or loss of access to, data and resources
✑ Integrity - Prevention of unauthorized modification of data and resources
✑ Confidentiality - Prevention of unauthorized disclosure of data and resources
Incorrect Answers:
A: Authenticity is an attribute that stems from the three main attributes.
C: Information security is made up of three main attributes, which includes confidentiality.
D: Authenticity is an attribute that stems from the three main attributes.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 298, 299
At which temperature does damage start occurring to magnetic media?
A. 100 degrees Fahrenheit or 37.7 degrees Celsius
B. 125 degrees Fahrenheit or 51.66 degrees Celsius
C. 150 degrees Fahrenheit or 65.5 degrees Celsius
D. 175 degrees Fahrenheit or 79.4 degrees Celsius
Correct Answer: A
Maintaining appropriate temperature and humidity is important in any facility, especially facilities with computer systems. Improper levels of either can cause damage to computers and electrical devices.
Lower temperatures can cause mechanisms to slow or stop, and higher temperatures can cause devices to use too much fan power and eventually shut down.
Damage can start to occur on magnetic media at 100 degrees Fahrenheit or 37’7 Celsius.
Incorrect Answers:
B: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 125 degrees Fahrenheit. Therefore, this answer is incorrect.
C: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 150 degrees Fahrenheit. Therefore, this answer is incorrect.
D: Damage can start to occur on magnetic media at 100 degrees Fahrenheit, not 175 degrees Fahrenheit. Damage can start to occur in computer systems and peripheral devices at 175 degrees Fahrenheit. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 466
In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place? A. Bell-LaPadula model B. Biba model C. Access Matrix model D. Take-Grant model
Correct Answer: A
A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels. The level at which information is classified determines the handling procedures that should be used. The Bell-
LaPadula model is a state machine model that enforces the confidentiality aspects of access control. A matrix and security levels are used to determine if subjects can access different objects. The subjects clearance is compared to the objects classification and then specific rules are applied to control how subject-to-object interactions can take place.
This model uses subjects, objects, access operations (read, write, and read/write), and security levels. Subjects and objects can reside at different security levels and will have relationships and rules dictating the acceptable activities between them.
Incorrect Answers:
B: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity. This is not what is described in the question.
C: An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects. This is not what is described in the question.
D: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 229
Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection? A. B B. A C. C D. D
Correct Answer: A
The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book.
TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:
A. Verified protection -
B. Mandatory protection -
C. Discretionary protection -
D. Minimal protection -
Classification A represents the highest level of assurance, and D represents the lowest level of assurance.
Level B: Mandatory Protection: Mandatory access control is enforced by the use of security labels. The architecture is based on the Bell-LaPadula security model, and evidence of reference monitor enforcement must be available.
Incorrect Answers:
B: Level A is defined as verified protection, not mandatory protection.
C: Level C is defined as discretionary protection, not mandatory protection.
D: Level D is defined as minimal security, not mandatory protection.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 392, 395
Which of the following establishes the minimal national standards for certifying and accrediting national security systems? A. NIACAP B. DIACAP C. HIPAA D. TCSEC
Correct Answer: A
National Information Assurance Certification and Accreditation Process (NIACAP), establishes the minimum national standards for certifying and accrediting national security systems. This process provides a standard set of activities, general tasks, and a management structure to certify and accredit systems that will maintain the Information Assurance (IA) and security posture of a system or site. This process focuses on an enterprise-wide view of the information system (IS) in relation to the organizations mission and the IS business case.
Incorrect Answers:
B: The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a United States Department of Defense (DoD) process that means to ensure that companies and organizations apply risk management to information systems (IS). This is not what is described in the question.
C: HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The primary goal of the law is to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs. This is not what is described in the question.
D: Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. This is not what is described in the question.
References:
http://infohost.nmt.edu/~sfs/Regs/nstissi_1000.pdf
Which of the following Orange Book ratings represents the highest level of trust? A. B1 B. B2 C. F6 D. C2
Correct Answer: B
The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book.
TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:
A. Verified protection -
B. Mandatory protection -
C. Discretionary protection -
D. Minimal security -
Classification A represents the highest level of assurance, and D represents the lowest level of assurance.
Each division can have one or more numbered classes with a corresponding set of requirements that must be met for a system to achieve that particular rating.
The classes with higher numbers offer a greater degree of trust and assurance. So B2 would offer more assurance than B1, and C2 would offer more assurance than C1.
Incorrect Answers:
A: B1 has a lower level of trust than B2.
C: F6 is not a valid rating.
D: Division C has a lower level of trust than division B.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393
What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions? A. A B. D C. E D. F
Correct Answer: B
The U.S. Department of Defense developed the Trusted Computer System Evaluation Criteria (TCSEC), which was used to evaluate operating systems, applications, and different products. These evaluation criteria are published in a book known as the Orange Book.
TCSEC provides a classification system that is divided into hierarchical divisions of assurance levels:
A. Verified protection -
B. Mandatory protection -
C. Discretionary protection -
D. Minimal security -
Classification A represents the highest level of assurance, and D represents the lowest level of assurance. Each division can have one or more numbered classes with a corresponding set of requirements that must be met for a system to achieve that particular rating.
There is only one class in Division D. It is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions.
Incorrect Answers:
A: Division A is the highest level.
C: The lowest division/level (reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions) is D, not E.
D: The lowest division/level (reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions) is D, not F.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 392-393
Which of the following computer crime is MORE often associated with INSIDERS? A. IP spoofing B. Password sniffing C. Data diddling D. Denial of service (DoS)
Correct Answer: C
Data diddling refers to the alteration of existing data. Many times, this modification happens before the data is entered into an application or as soon as it completes processing and is outputted from an application. For instance, if a loan processor is entering information for a customers loan of $100,000, but instead enters $150,000 and then moves the extra approved money somewhere else, this would be a case of data diddling. Another example is if a cashier enters an amount of $40 into the cash register, but really charges the customer $60 and keeps the extra $20.
This type of crime is extremely common and can be prevented by using appropriate access controls and proper segregation of duties. It will more likely be perpetrated by insiders, who have access to data before it is processed.
Incorrect Answers:
A: IP Spoofing attacks are more commonly performed by outsiders.
B: Password sniffing can be performed by insiders or outsiders. However, Data Diddling is MORE commonly performed by insiders.
D: Most Denial of service attacks occur over the internet and are performed by outsiders.
References:
, 6th Edition, McGraw-Hill, 2013, p. 1059
Which of the following groups represents the leading source of computer crime losses? A. Hackers B. Industrial saboteurs C. Foreign intelligence officers D. Employees
Correct Answer: D
Employees represent the leading source of computer crime losses. This can be through hardware theft, data theft, physical damage and interruptions to services.
Laptop theft is increasing at incredible rates each year. They have been stolen for years, but in the past they were stolen mainly to sell the hardware. Now laptops are also being stolen to gain sensitive data for identity theft crimes. Since employees use laptops as they travel, they may have extremely sensitive company or customer data on their systems that can easily fall into the wrong hands.
Incorrect Answers:
A: Losses caused by hackers can be high. However, this is rare in comparison to losses caused by employees.
B: Losses caused by industrial saboteurs can be high. However, this is very rare in comparison to losses caused by employees.
C: Foreign intelligence officers are not a cause of computer crime losses.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 457
Virus scanning and content inspection of S/MIME encrypted e-mail without doing any further processing is:
A. Not possible
B. Only possible with key recovery scheme of all user keys
C. It is possible only if X509 Version 3 certificates are used
D. It is possible only by “brute force” decryption
Correct Answer: A
E-mail encryption solutions such as S/MIME have been available for a long time. These encryption solutions have seen varying degrees of adoption in organizations of different types. However, such solutions present some challenges:
Inability to apply messaging policies: Organizations also face compliance requirements that require inspection of messaging content to make sure it adheres to messaging policies. However, messages encrypted with most client-based encryption solutions, including S/MIME, prevent content inspection on the server.
Without content inspection, an organization can’t validate that all messages sent or received by its users comply with messaging policies.
Decreased security: Antivirus software is unable to scan encrypted message content, further exposing an organization to risk from malicious content such as viruses and worms. Encrypted messages are generally considered to be trusted by most users, thereby increasing the likelihood of a virus spreading throughout your organization.
Incorrect Answers:
B: Virus scanning and content inspection of S/MIME encrypted e-mail is not possible even with a key recovery scheme of all user keys.
C: Virus scanning and content inspection of S/MIME encrypted e-mail is not possible even if X509 Version 3 certificates are used.
D: Using “brute force” decryption on S/MIME encrypted e-mail for the purpose of virus scanning and content inspection is not practical and unlikely to be successful.
References:
https://technet.microsoft.com/en-us/library/dd638122(v=exchg.150).aspx
Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? A. Steganography B. ADS - Alternate Data Streams C. Encryption D. NTFS ADS
Correct Answer: A
Steganography allows you to hide data in another media type, concealing the very existence of the data.
Incorrect Answers:
B, D: Alternate data stream (ADS) is a feature of Windows New Technology File System (NTFS) that includes metadata for locating a specific file by author or title.
C: Encryption is a method of transforming readable data into a form that appears to be random and unreadable.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 774
http://searchsecurity.techtarget.com/definition/alternate-data-stream
Question #65Topic 2 Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? A. Steganography B. Digital watermarking C. Digital enveloping D. Digital signature
Correct Answer: B
Digital watermarking is defined as “Computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data – text, graphics, images, video, or audio – and for detecting or extracting the marks later.”
A “digital watermark”, i.e., the set of embedded bits, is sometimes hidden, usually imperceptible, and always intended to be unobtrusive. Depending on the particular technique that is used, digital watermarking can assist in proving ownership, controlling duplication, tracing distribution, ensuring data integrity, and performing other functions to protect intellectual property rights.
Incorrect Answers:
A: Steganography is a method of hiding data in another media type so the very existence of the data is concealed. Digital Watermarking is considered to be a type of steganography. However, steganography is not what is described in the question.
C: A digital envelope is another term used to describe hybrid cryptography where a message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. This is not what is described in the question.
D: A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. This is not what is described in the question.
References:
http://tools.ietf.org/html/rfc4949
The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?
A. Test equipment is easily damaged.
B. Test equipment can be used to browse information passing on a network.
C. Test equipment is difficult to replace if lost or stolen.
D. Test equipment must always be available for the maintenance personnel.
Correct Answer: B
A Protocol Analyzer (also known as a packet sniffer) is a useful tool for testing or troubleshooting network communications.
A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. Capturing packets sent from a computer system is known as packet sniffing.
The ability to browse information passing on a network is a security risk which means access to a protocol analyzer should be carefully managed and therefore addressed by security policy.
Incorrect Answers:
A: Damage to test equipment is not a security risk so does not need to be addressed by security policy.
C: Test equipment is generally not difficult to replace if lost or stolen. Even if it was, that would not constitute a security risk so it would not need to be addressed by security policy.
D: The need for test equipment to always be available for the maintenance personnel would not constitute a security risk so it would not need to be addressed by security policy.
Which of the following is responsible for MOST of the security issues? A. Outside espionage B. Hackers C. Personnel D. Equipment failure
Correct Answer: C
Personnel represent the leading source of computer crime losses. This can be through hardware theft, data theft, physical damage and interruptions to services.
Laptop theft is increasing at incredible rates each year. They have been stolen for years, but in the past they were stolen mainly to sell the hardware. Now laptops are also being stolen to gain sensitive data for identity theft crimes. Since employees use laptops as they travel, they may have extremely sensitive company or customer data on their systems that can easily fall into the wrong hands.
Incorrect Answers:
A: Losses caused by industrial outside espionage can be high. However, this is very rare in comparison to losses caused by personnel.
B: Losses caused by hackers can be high. However, this is rare in comparison to losses caused by personnel.
D: Equipment failure can be a cause of security issues. However, security issues caused by personnel are more common.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 457
Passwords can be required to change monthly, quarterly, or at other intervals:
A. depending on the criticality of the information needing protection.
B. depending on the criticality of the information needing protection and the password’s frequency of use.
C. depending on the password’s frequency of use.
D. not depending on the criticality of the information needing protection but depending on the password’s frequency of use.
Correct Answer: B
A password that is the same for each log-on is called a static password. A password that changes with each log-on is termed a dynamic password. The changing of passwords can also fall between these two extremes. Passwords can be required to change monthly, quarterly, or at other intervals, depending on the criticality of the information needing protection and the passwords frequency of use. Obviously, the more times a password is used, the more chance there is of it being compromised.
Incorrect Answers:
A: This answer is not complete. Passwords can also be required to change depending on the password’s frequency of use.
C: This answer is not complete. Passwords can also be required to change depending on the criticality of the information needing protection.
D: Passwords CAN be required to change depending on the criticality of the information needing protection.
References:
, Wiley Publishing, Indianapolis, 2007, p. 57
Computer security should be first and foremost which of the following?
A. Cover all identified risks
B. Be cost-effective.
C. Be examined in both monetary and non-monetary terms.
D. Be proportionate to the value of IT systems.
Correct Answer: B
Each organization is different in its size, security posture, threat profile, and security budget. One organization may have one individual responsible for information risk management (IRM) or a team that works in a coordinated manner. The overall goal of the team is to ensure the company is protected in the most cost- effective manner.
Incorrect Answers:
A: Not all identified risks are mitigated. Some risks are accepted.
C: It is not true that computer security should be first and foremost examined in both monetary and non-monetary terms.
D: It is not true that computer security should be first and foremost proportionate to the value of IT systems. The value of IT systems does not necessarily mean that more or less security is required.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 87
Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? A. Business and functional managers B. IT Security practitioners C. System and information owners D. Chief information officer
Correct Answer: C
Both the system owner and the information owner (data owner) are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data.
The system owner is responsible for one or more systems, each of which may hold and process data owned by different data owners. A system owner is responsible for integrating security considerations into application and system purchasing decisions and development projects. The system owner is responsible for ensuring that adequate security is being provided by the necessary controls, password management, remote access controls, operating system configurations, and so on. This role must ensure the systems are properly assessed for vulnerabilities and must report any to the incident response team and data owner.
The data owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection and use of a specific subset of information. The data owner has due care responsibilities and thus will be held responsible for any negligent act that results in the corruption or disclosure of the data. The data owner decides upon the classification of the data she is responsible for and alters that classification if the business need arises. This person is also responsible for ensuring that the necessary security controls are in place, defining security requirements per classification and backup requirements, approving any disclosure activities, ensuring that proper access rights are being used, and defining user access criteria.
The data owner approves access requests or may choose to delegate this function to business unit managers.
Incorrect Answers:
A: Business and functional managers are not responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data.
B: IT Security practitioners implement the security controls. However, they are not ultimately responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data.
D: The Chief Information Officer (CIO) is responsible for the strategic use and management of information systems and technology within the organization. The
CIO is not responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 121
Which of the following BEST defines add-on security?
A. Physical security complementing logical security measures.
B. Protection mechanisms implemented as an integral part of an information system.
C. Layer security.
D. Protection mechanisms implemented after an information system has become operational.
Correct Answer: D
Add-on security is defined as “Security protection mechanisms that are hardware or software retrofitted to a system to increase that system’s protection level.”
Incorrect Answers:
A: Add-on security can be physical security (hardware) but it is often software as well.
B: An add-on is something added to an existing system; it is not an integral part of a system.
C: Add-on security can be a layer of security. However, layered security does not refer specifically to security add-ons.
Which of the following BEST defines add-on security?
A. Physical security complementing logical security measures.
B. Protection mechanisms implemented as an integral part of an information system.
C. Layer security.
D. Protection mechanisms implemented after an information system has become operational.
Correct Answer: D
Add-on security is defined as “Security protection mechanisms that are hardware or software retrofitted to a system to increase that system’s protection level.”
Incorrect Answers:
A: Add-on security can be physical security (hardware) but it is often software as well.
B: An add-on is something added to an existing system; it is not an integral part of a system.
C: Add-on security can be a layer of security. However, layered security does not refer specifically to security add-ons.
Which of the following is BEST practice to employ in order to reduce the risk of collusion? A. Least Privilege B. Job Rotation C. Separation of Duties D. Mandatory Vacations
Correct Answer: B
The objective of separation of duties is to ensure that one person acting alone cannot compromise the companys security in any way. High-risk activities should be broken up into different parts and distributed to different individuals or departments. That way, the company does not need to put a dangerously high level of trust in certain individuals. For fraud to take place, collusion would need to be committed, meaning more than one person would have to be involved in the fraudulent activity Job rotation in the workplace is a system where employees work at several jobs in a business, performing each job for a relatively short period of time.
Job rotation in the workplace is a system where employees work at several jobs in a business, performing each job for a relatively short period of time. By moving people willing to collude to commit fraud, we can reduce the risk of collusion.
Incorrect Answers:
A: Least privilege means an individual should have just enough permissions and rights to fulfill his role in the company and no more. It is not the best control for reducing collusion.
C: Separation of Duties prevents one person being able to commit fraud. With separation of duties, collusion between two or more people would be required to commit the fraud. However, separation of duties does not prevent the collusion.
D: Mandatory vacations are a way of detecting fraud. If a fraudulent activity stops while an employee is on vacation, it is easy to determine who was committing the fraud. Mandatory vacations do not prevent the collusion.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 1235-1236
What are the four domains that make up CobiT?
A. Plan and Organize, Maintain and Implement, Deliver and Support, and Monitor and Evaluate
B. Plan and Organize, Acquire and Implement, Support and Purchase, and Monitor and Evaluate
C. Acquire and Implement, Deliver and Support, Monitor, and Evaluate
D. Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate
Correct Answer: D
The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs. CobiT is broken down into four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and
Evaluate.
Incorrect Answers:
A: Maintain and Implement is not one of the four domains; it should be Acquire and Implement.
B: Support and Purchase is not one of the four domains; it should be Deliver and Support.
C: This answer is missing the first domain, Plan and Organize.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 55
CobiT was developed from the COSO framework. Which of the choices below best describe the COSO’s main objectives and purpose?
A. COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization
B. COSO main purpose is to define a sound risk management approach within financial companies.
C. COSO addresses corporate culture and policy development.
D. COSO is risk management system used for the protection of federal systems.
Correct Answer: A
COSO is a model for corporate governance, and CobiT is a model for IT governance. COSO deals more at the strategic level, while CobiT focuses more at the operational level. You can think of CobiT as a way to meet many of the COSO objectives, but only from the IT perspective. COSO deals with non-IT items also, as in company culture, financial accounting principles, board of director responsibility, and internal communication structures. COSO was formed to provide sponsorship for the National Commission on Fraudulent Financial Reporting, an organization that studies deceptive financial reports and what elements lead to them.
There have been laws in place since the 1970s that basically state that it was illegal for a corporation to cook its books (manipulate its revenue and earnings reports), but it took the SarbanesOxley Act (SOX) of 2002 to really put teeth into those existing laws. SOX is a U.S. federal law that, among other things, could send executives to jail if it was discovered that their company was submitting fraudulent accounting findings to the Security Exchange Commission (SEC). SOX is based upon the COSO model, so for a corporation to be compliant with SOX, it has to follow the COSO model. Companies commonly implement ISO/IEC 27000 standards and CobiT to help construct and maintain their internal COSO structure.
Incorrect Answers:
B: It is not the main purpose of COSO to define a sound risk management approach within financial companies.
C: It is not the main purpose of COSO to address corporate culture and policy development.
D: COSO is not a risk management system used for the protection of federal systems.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 59
Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks?
A. Monitoring and auditing for such activity
B. Require user authentication
C. Making sure only necessary phone numbers are made public
D. Using completely different numbers for voice and data accesses
Correct Answer: B
War dialing is a technique of using a modem to automatically scan a list of telephone numbers, usually dialing every number in a local area code to search for computers, Bulletin board systems and fax machines. Hackers use the resulting lists for various purposes: hobbyists for exploration, and crackers - malicious hackers who specialize in computer security - for guessing user accounts (by capturing voicemail greetings), or locating modems that might provide an entry-point into computer or other electronic systems. It may also be used by security personnel, for example, to detect unauthorized devices, such as modems or faxes, on a company’s telephone network.
To prevent possible intrusion or damage from wardialing attacks, you should configure the system to require authentication before a network connection can be established. This will ensure that an attacker cannot gain access to the network without knowing a username and password.
Incorrect Answers:
A: Monitoring wardialing attacks would not prevent an attacker gaining access to the network. It would just tell you that at attack has happened.
C: Making sure only necessary phone numbers are made public will not protect against intrusion. An attacker would still be able to gain access through one of the necessary phone numbers.
D: Using completely different numbers for voice and data accesses will not protect against intrusion. An attacker would still be able to gain access through one of the data access phone numbers.
References:
http://en.wikipedia.org/wiki/War_dialing
Which of the following access control models introduces user security clearance and data classification? A. Role-based access control B. Discretionary access control C. Non-discretionary access control D. Mandatory access control
Correct Answer: D
Mandatory access control (MAC) is an access policy that restricts access to objects based on the security clearance of a subject and the classification of an object.
Incorrect Answers:
A: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned.
B: Access in a DAC model is restricted based on the authorization granted to the users.
C: Non-discretionary access control is when the system administrator or a single management body within an organization centrally controls access to all resources for everybody on a network.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 220-228
http://www.answers.com/Q/What_is_Non_discretionary_access_control
An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n): A. active attack. B. outside attack. C. inside attack. D. passive attack.
Correct Answer: C
An attack by an authorized user is known as an inside attack.
An insider attack is a malicious attack perpetrated on a network or computer system by a person with authorized system access.
Insiders that perform attacks have a distinct advantage over external attackers because they have authorized system access and also may be familiar with network architecture and system policies/procedures. In addition, there may be less security against insider attacks because many organizations focus on protection from external attacks.
An insider attack is also known as an insider threat.
Incorrect Answers:
A: In an active attack, the attacker attempts to make changes to data on the target or data as it is transmitted to the target. An attack by an authorized user could be an active type of attack but it is not known as an active attack.
B: An attack by an authorized user is not known as an outside attack.
D: In a passive attack, the attacker attempts to learn information but does not affect resources. An attack by an authorized user could be passive in nature but it is not known as a passive attack.
References:
https://www.techopedia.com/definition/26217/insider-attack
MOST access violations are: A. Accidental B. Caused by internal hackers C. Caused by external hackers D. Related to Internet
Correct Answer: A
In security circles, people are often the weakest link. Either accidentally through mistakes or lack of training, or intentionally through fraud and malicious intent, personnel cause more serious and hard-to-detect security issues than hacker attacks, outside espionage, or equipment failure.
A common accidental access violation is a user discovering a feature of an application that they should not be accessing.
Incorrect Answers:
B: Most access violations are not caused by internal hackers.
C: Most access violations are not caused by external hackers.
D: Most access violations are not related to Internet.
References:
, 6th Edition, McGraw-Hill, 2013, p. 129
Which of the following tools is less likely to be used by a hacker? A. l0phtcrack B. Tripwire C. OphCrack D. John the Ripper
Correct Answer: B
Tripwire is a tool that detects when files have been altered by regularly recalculating hashes of them and storing the hashes in a secure location. The product triggers when changes to the files have been detected. By using cryptographic hashes, tripwire is often able to detect subtle changes. Contrast: The simplistic form of tripwire is to check file size and last modification time. l0phtcrack, OphCrack and John the Ripper are password cracking tools and are therefore more likely to be used by hackers than Tripwire.
Incorrect Answers:
A: l0phtcrack is used to test password strength and sometimes to recover lost Microsoft Windows passwords, by using dictionary, brute-force, hybrid attacks, and rainbow tables. It is more likely to be used by a hacker than Tripwire.
C: Ophcrack is a free Windows password cracker based on rainbow tables. It is more likely to be used by a hacker than Tripwire.
D: John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. It is more likely to be used by a hacker than Tripwire.
References:
http://linux.about.com/cs/linux101/g/tripwire.htm
What refers to legitimate users accessing networked services that would normally be restricted to them? A. Spoofing B. Piggybacking C. Eavesdropping D. Logon abuse
orrect Answer: D
Logon abuse refers to legitimate users accessing networked services that would normally be restricted to them. Unlike network intrusion, this type of abuse focuses primarily on those users who may be internal to the network, legitimate users of a different system, or users who have a lower security classification.
Incorrect Answers:
A: Spoofing refers to an attacker deliberately inducing a user (subject) or device (object) into taking an incorrect action by giving it incorrect information. This is not what is described in the question.
B: Piggy-backing refers to an attacker gaining unauthorized access to a system by using a legitimate users connection. A user leaves a session open or incorrectly logs off, enabling an attacker to resume the session. This is not what is described in the question.
C: Eavesdropping is the unauthorized interception of network traffic. This is not what is described in the question.
References:
, Wiley Publishing, Indianapolis, 2007, p. 173
This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What BEST describes this scenario? A. Excessive Rights B. Excessive Access C. Excessive Permissions D. Excessive Privileges
Correct Answer: D
Privilege is a term used to describe what a user can do on a computer or system. It covers rights, access and permissions. A user who has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill is said to have excessive privileges.
Incorrect Answers:
A: Rights are just one aspect of what a user can do with a computer or system. Access and permissions are other aspects. Privileges cover all three.
B: Access is just one aspect of what a user can do with a computer or system. Rights and permissions are other aspects. Privileges cover all three.
C: Permissions are just one aspect of what a user can do with a computer or system. Access and rights are other aspects. Privileges cover all three.
Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating? A. Security administrators B. Operators C. Data owners D. Data custodians
Correct Answer: A
Typical security administrator functions may include the following:
✑ Setting user clearances, initial passwords, and other security characteristics for new users
✑ Changing security profiles for existing users
✑ Setting or changing file sensitivity labels
✑ Setting the security characteristics of devices and communications channels
✑ Reviewing audit data
Incorrect Answers:
B: System operators provide day-to-day operations of computer systems. They do not perform the tasks listed in the question.
C: Data owners are primarily responsible for determining the datas sensitivity or classification levels. They can also be responsible for maintaining the informations accuracy and integrity. They do not perform the tasks listed in the question.
D: Data custodians are delegated the responsibility of protecting data by its owner. They do not perform the tasks listed in the question.
References:
, John Wiley & Sons, New York, 2001, p. 211
Which of the following should NOT be performed by an operator? A. Implementing the initial program load B. Monitoring execution of the system C. Data entry D. Controlling job flow
Correct Answer: C
Under the principle of separation of duties, an operator should not be performing data entry. This should be left to data entry personnel.
System operators represent a class of users typically found in data center environments where mainframe systems are used. They provide day-to-day operations of the mainframe environment, ensuring that scheduled jobs are running effectively and troubleshooting problems that may arise. They also act as the arms and legs of the mainframe environment, load and unloading tape and results of job print runs. Operators have elevated privileges, but less than those of system administrators. If misused, these privileges may be used to circumvent the systems security policy. As such, use of these privileges should be monitored through audit logs.
Incorrect Answers:
A: Implementing the initial program load is a function that should be performed by an operator.
B: Monitoring execution of the system is a function that should be performed by an operator.
D: Controlling job flow is a function that should be performed by an operator.
Which of the following should be performed by an operator? A. Changing profiles B. Approving changes C. Adding and removal of users D. Installing system software
Correct Answer: D
Of the listed tasks, installing system software is the only task that should normally be performed by an operator in a properly segregated environment.
Incorrect Answers:
A: Changing profiles should not be performed by an operator; this should be performed by a security administrator.
B: Approving changes should not be performed by an operator; this should be performed by a change control analyst or panel.
C: Adding and removal of users should not be performed by an operator; this should be performed by a security administrator.
Which of the following is NOT appropriate in addressing object reuse?
A. Degaussing magnetic tapes when they’re no longer needed.
B. Deleting files on disk before reusing the space.
C. Clearing memory blocks before they are allocated to a program or data.
D. Clearing buffered pages, documents, or screens from the local memory of a terminal or printer.
Correct Answer: B
Object reuse requirements, applying to systems rated TCSEC C2 and above, are used to protect files, memory, and other objects in a trusted system from being accidentally accessed by users who are not authorized to access them.
Deleting files on disk before reusing the space does not meet this requirement and is therefore not appropriate in addressing object reuse.
Deleting files on disk merely erases file headers in a directory structure. It does not clear data from the disk surface, thus making files still recoverable. All other options involve clearing used space, preventing any unauthorized access.
Incorrect Answers:
A: Degaussing magnetic tapes when they’re no longer needed protects files from unauthorized access by destroying the data on the tapes. This is a valid method of addressing object reuse.
C: Clearing memory blocks before they are allocated to a program or data removes any residual data from the memory thus preventing unauthorized access. This is a valid method of addressing object reuse.
D: Clearing buffered pages, documents, or screens from the local memory of a terminal or printer removes any residual data from the memory thus preventing unauthorized access. This is a valid method of addressing object reuse.
What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects?
A. Disclosure of residual data.
B. Unauthorized obtaining of a privileged execution state.
C. Data leakage through covert channels.
D. Denial of service through a deadly embrace.
Correct Answer: A
Allowing objects to be used sequentially by multiple users without a refresh of the objects can lead to disclosure of residual data. It is important that steps be taken to eliminate the chance for the disclosure of residual data.
Object reuse refers to the allocation or reallocation of system resources to a user or, more appropriately, to an application or process. Applications and services on a computer system may create or use objects in memory and in storage to perform programmatic functions. In some cases, it is necessary to share these resources between various system applications. However, some objects may be employed by an application to perform privileged tasks on behalf of an authorized user or upstream application. If object usage is not controlled or the data in those objects is not erased after use, they may become available to unauthorized users or processes.
Disclosure of residual data and Unauthorized obtaining of a privileged execution state are both a problem with shared memory and resources. Not clearing the heap/stack can result in residual data and may also allow the user to step on somebody’s session if the security token/identify was maintained in that space. This is generally more malicious and intentional than accidental though. The MOST common issue would be Disclosure of residual data.
Incorrect Answers:
B: Unauthorized obtaining of a privileged execution state is not a problem with Object Reuse.
C: A covert channel is a communication path. Data leakage would not be a problem created by Object Reuse. In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. The term, originated in 1973 by Lampson is defined as “(channels) not intended for information transfer at all, such as the service program’s effect on system load.” to distinguish it from Legitimate channels that are subjected to access controls by COMPUSEC.
D: Denial of service through a deadly embrace is not a problem with Object Reuse.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 424
https://www.fas.org/irp/nsa/rainbow/tg018.htm
http://en.wikipedia.org/wiki/Covert_channel
Which of the following is biggest factor that makes Computer Crimes possible?
A. The fraudster obtaining advanced training & special knowledge.
B. Victim carelessness.
C. Collusion with others in information processing.
D. System design flaws.
Correct Answer: B
Human-unintentional threats represent the most common source of disasters. Examples of human unintentional threats are primarily those that involve inadvertent errors and omissions, in which the person, through lack of knowledge, laziness, or carelessness, serves as a source of disruption.
Incorrect Answers:
A: A more knowledgeable fraudster would increase the risk of Computer Crimes, but it is less of a factor compared to human carelessness.
C: Collusion makes computer crimes possible, but human carelessness is the main factor.
D: System design flaws makes computer crimes possible, but human carelessness is the main factor.
References:
, 2nd Edition, Syngress, Waltham, 2012, p. 347
Which of the following would MOST likely ensure that a system development project meets business objectives?
A. Development and tests are run by different individuals
B. User involvement in system specification and acceptance
C. Development of a project plan identifying all development activities
D. Strict deadlines and budgets
Correct Answer: B
Early in a system development project, there is a requirements gathering phase when everyone involved attempts to understand why the project is needed and what the scope of the project entails. During this phase, the team examines the softwares requirements and proposed functionality, brainstorming sessions take place, and obvious restrictions are reviewed.
As end users will be the people using the system, they are most likely to have the most valuable input into the system requirements definition. When the requirements are determined and the system is developed, user testing will ensure the system meets the requirements defined in the early project stages.
Incorrect Answers:
A: This question is asking for the answer that will MOST likely ensure that a system development project meets business objectives. Tests run by different individuals will provide a better test to ensure system meets the requirements. However, user involvement in system requirements and specification stage will make it more likely that the system is developed to meet the requirements.
C: Development of a project plan identifying all development activities will not ensure the system meets business objectives if the initial design of the system is not what is required.
D: Strict deadlines and budgets will ensure the project is completed on time and within budget. However, it will have no effect on whether the system meets business objectives.
In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained? A. Functional Requirements Phase B. Testing and evaluation control C. Acceptance Phase D. Postinstallation Phase
Correct Answer: B
Within the SDLC framework Security Accreditation is obtained during the Implementation Phase, more specifically during Testing and evaluation control.
Incorrect Answers:
A: Security Accreditation is not used during the Functional Requirements Phase. It is used later during the Implementation phase.
C: Security Accreditation is not used during the Acceptance Phase. It is used earlier during the Implementation phase.
D: Security Accreditation is not used during the Postinstallation Phase. It is used earlier during the Implementation phase.
References:
, 2nd Edition, Syngress, Waltham, 2012, p. 1088
Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate?
A. The project will be completed late.
B. The project will exceed the cost estimates.
C. The project will be incompatible with existing systems.
D. The project will fail to meet business and user needs.
Correct Answer: D
The systems development life cycle (SDLC), also referred to as the application development life-cycle, is a term used in systems engineering, information systems and software engineering to describe a process for planning, creating, testing, and deploying an information system. The systems development life-cycle concept applies to a range of hardware and software configurations, as a system can be composed of hardware only, software only, or a combination of both.
The most important stages of the systems development life cycle are the early requirement gathering and design phases. If the system requirements are not correctly determined, the system will not meet the needs of the business and users.
A: This question is asking for the MOST serious risk. A project completed late is inconvenient but a system that fails to meet business and user needs is a more serious risk.
B: This question is asking for the MOST serious risk. A project that exceeds cost estimates is a pain but a system that fails to meet business and user needs is a more serious risk.
C: This question is asking for the MOST serious risk. A project that is incompatible with existing systems is not good but new systems could be deployed.
However, a system that fails to meet business and user needs is no good to anyone.
References:
https://en.wikipedia.org/wiki/Systems_development_life_cycle
In which of the following phases of system development life cycle (SDLC) is contingency planning most important? A. Initiation B. Development/acquisition C. Implementation D. Operation/maintenance
Correct Answer: A
The system development life cycle (SDLC) is the process of developing an information system. The SDLC includes the Initiation, Development and Acquisition,
Implementation, Operation and Maintenance and Disposal phases.
The initiation phase includes determining the systems goals and feasibility. The systems feasibility includes its system requirements and how well they match with operational processes. The requirements of a contingency plan should be analyzed based on the systems requirements and design.
Incorrect Answers:
B: Contingency planning is most important in the initiation phase, not the Development/acquisition phase. It is important to create a contingency plan in the earliest possible stage of a project.
C: Contingency planning is most important in the initiation phase, not the Implementation phase. The contingency plan should be created before the system is implemented.
D: Contingency planning is most important in the initiation phase, not the operation/maintenance phase. It is important to create a contingency plan in the earliest possible stage of a project, not after the system has been deployed.
References:
, Cengage Learning, Andover, 2010, pp 4-11
Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? A. Development/acquisition B. Implementation C. Operation/Maintenance D. Initiation
Correct Answer: C
In the Operation/maintenance phase the system is used and cared for. Proper authentication of the users and processes must be developed in this phase.
Incorrect Answers:
A: In the Acquisition/development the new system is either created or purchased. The main concern of this phase is not the authentication of users and processes.
B: In the implementation phase the new system is installed into production environment. The main concern of this phase is not the authentication of users and processes.
D: In the Initiation phase the need for a new system is defined. Authentication of users and processes is not a major concern of this phase.
References:
, 2nd Edition, Syngress, Waltham, 2012, p. 1087
What can be defined as: It confirms that users’ needs have been met by the supplied solution? A. Accreditation B. Certification C. Assurance D. Acceptance
Correct Answer: D
Acceptance testing is used to ensure that the code meets customer requirements. If this testing is passed the user’s needs have been met.
Incorrect Answers:
A: The final stage is accreditation, which is managements, but not the users’, formal approval.
B: Certification involves testing the newly purchased product within the companys environment. Certification does not confirm that the users’ need have been met.
C: Assurance is a measurement of confidence in the level of protection that a specific security control delivers and the degree to which it enforces the security policy.
References:
, 2nd Edition, Syngress, Waltham, 2012, p. 1105
Which of the following fire extinguishing systems incorporating a detection system is currently the most recommended water system for a computer room? A. Wet pipe B. Dry pipe C. Deluge D. Preaction
Correct Answer: D
Preaction systems are similar to dry pipe systems in that the water is not held in the pipes, but is released when the pressurized air within the pipes is reduced.
Once this happens, the pipes are filled with water, but it is not released right away. A thermal-fusible link on the sprinkler head has to melt before the water is released. The purpose of combining these two techniques is to give people more time to respond to false alarms or to small fires that can be handled by other means. Putting out a small fire with a handheld extinguisher is better than losing a lot of electrical equipment to water damage. These systems are usually used only in data processing environments rather than the whole building, because of the higher cost of these types of systems.
Incorrect Answers:
A: Wet pipe systems always contain water in the pipes and are usually discharged by temperature controllevel sensors. This type is not the most recommended water system for a computer room because this system provides no time to respond to false alarms or to small fires that can be handled by other means.
Therefore, this answer is incorrect.
B: In dry pipe systems, the water is not actually held in the pipes. The water is contained in a “holding tank” until it is released. This type is not the most recommended water system for a computer room because this system provides no time to respond to false alarms or to small fires that can be handled by other means. Therefore, this answer is incorrect.
C: A deluge system has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period. Because the water being released is in such large volumes, these systems are usually not used in data processing environments. This type is not the most recommended water system for a computer room. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 474-475
A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:
A. Concern that the laser beam may cause eye damage.
B. The iris pattern changes as a person grows older.
C. There is a relatively high rate of false accepts.
D. The optical unit must be positioned so that the sun does not shine into the aperture.
Correct Answer: D
The optical unit of the iris pattern biometric system must be positioned so that the sun does not shine into the aperture.
Incorrect Answers:
A: Iris recognition systems do not use laser like beams.
B: With iris scans, the kind of errors that can occur during the authentication process is reduced because the iris remains constant through adulthood.
C: Extreme resistance to false matching is an advantage of iris recognition.
References:
, 6th Edition, McGraw-Hill, 2013, p. 191
https://en.wikipedia.org/wiki/Iris_recognition
Which of the following is not classified as “Security and Audit Frameworks and Methodologies”?
A. Bell LaPadula
B. Committee of Sponsoring Organizations of the Treadway Commission (COSO)
C. IT Infrastructure Library (ITIL)
D. Control Objectives for Information and related Technology (COBIT)
Correct Answer: A
The Bell-LaPadula model is a security model, not a Security and Audit Frameworks and Methodology. The Bell-LaPadula model is a subject-to-object model. An example would be how you (subject) could read a data element (object) from a specific database and write data into that database. The Bell-LaPadula model focuses on ensuring that subjects are properly authenticatedby having the necessary security clearance, need to know, and formal access approvalbefore accessing an object.
The Control Objectives for Information and related Technology (CobiT) is a framework and set of control objectives developed by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI). It defines goals for the controls that should be used to properly manage IT and to ensure that IT maps to business needs.
CobiT was derived from the COSO framework, developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission in 1985 to deal with fraudulent financial activities and reporting.
The Information Technology Infrastructure Library (ITIL) is the de facto standard of best practices for IT service management. ITIL is a customizable framework that is provided in a set of books or in an online format.
Incorrect Answers:
B: Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a Security and Audit Frameworks and Methodology.
C: IT Infrastructure Library (ITIL) is a Security and Audit Frameworks and Methodology.
D: Control Objectives for Information and related Technology (COBIT) is a Security and Audit Frameworks and Methodology.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 55-60, 369
At which of the basic phases of the System Development Life Cycle are security requirements formalized? A. Disposal B. System Design Specifications C. Development and Implementation D. Functional Requirements Definition
Correct Answer: D
Requirements, including security requirements, are formalized in the Functional Requirements Definition phase.
Incorrect Answers:
A: Disposal activities need to ensure that an orderly termination of the system takes place and that all necessary data are preserved. Security requirements are not formalized at the disposal phase.
B: Within the Systems Development Life Cycle (DSLC) model the design phase, also known as the System Design Specifications phase, transforms requirements, including the security requirements, into a complete System Design Document.
C: In the implementation phase the system is implemented into a product production environment. The security requirements have already been developed long before this phase.
References:
, 2nd Edition, Syngress, Waltham, 2012, p. 1095
When considering an IT System Development Life-cycle, security should be:
A. Mostly considered during the initiation phase.
B. Mostly considered during the development phase.
C. Treated as an integral part of the overall system design.
D. Added once the design is completed.
Correct Answer: C
Within the System Development Life-cycle (SDLC) model, security is critical in each phase of the life cycle.
Incorrect Answers:
A: Security is critical to each phase of the SDLC model, not only the initiation phase.
B: Security is critical to each phase of the SDLC model, not only the development phase.
D: Security is critical to each phase of the SDLC model, and is not added when the design is completed.
References:
, 2nd Edition, Syngress, Waltham, 2012, p. 1087
Risk reduction in a system development life-cycle should be applied: A. Mostly to the initiation phase. B. Mostly to the development phase. C. Mostly to the disposal phase. D. Equally to all phases.
Correct Answer: D
Risk reduction should be applied equally to the initiation phase, the development phase, and to the disposal phase.
Within the initiation phase a preliminary risk assessment should be carried out to develop an initial description of the confidentiality, integrity, and availability requirements of the system.
The development phase include formal risk assessment which identifies vulnerabilities and threats in the proposed system and the potential risk levels as they pertain to confidentiality, integrity, and availability. This builds upon the initial risk assessment carried out in the previous phase (the initiation phase). The results of this assessment help the team build the systems security plan.
Disposal activities need to ensure that an orderly termination of the system takes place and that all necessary data are preserved. The storage medium of the system may need to be degaussed, put through a zeroization process, or physically destroyed.
Incorrect Answers:
A: Risk reduction should be applied to all phases equally, not mostly to the initiation phase.
B: Risk reduction should be applied to all phases equally, not mostly to the development phase.
C: Risk reduction should be applied to all phases equally, not mostly to the disposal phase.
References:
, 2nd Edition, Syngress, Waltham, 2012, pp. 1091-1093
Who developed one of the first mathematical models of a multilevel-security computer system? A. Diffie and Hellman. B. Clark and Wilson. C. Bell and LaPadula. D. Gasser and Lipner.
Correct Answer: C
The Bell-LaPadula model was the first mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access, and outlined rules of access.
Incorrect Answers:
A: Diffie and Hellman developed the first asymmetric key agreement algorithm, not the first multilevel security policy computer system.
B: The question asks for the developers of the first mathematical models of a multilevel-security computer system. This was Bell and LaPadula, not Clark and
Wilson.
D: The question asks for the developers of the first mathematical models of a multilevel-security computer system. This was Bell and LaPadula, not Gasser and
Lipner.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 369, 812
What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? A. Central station alarm B. Proprietary alarm C. A remote station alarm D. An auxiliary station alarm
Correct Answer: D
The mechanism that automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters is known as an auxiliary station alarm.
Alarm systems may have auxiliary alarms that ring at the local fire or police stations. Most central station systems include this feature, which requires permission form the local authorities before implementation.
Incorrect Answers;
A: Central Station Systems are operated and monitored around the clock by private security firms. The central stations are signaled by detectors over leased lines.
Most central station systems include auxiliary alarms that ring at the local fire or police stations. However, the name of the alarm system that rings at the local fire or police stations is auxiliary alarm. Therefore, this answer is incorrect.
B: Proprietary Systems are similar to the central station systems, except that the monitoring system is owned and operated by the customer. Proprietary alarm is not name of the alarm that rings at the local fire or police stations. Therefore, this answer is incorrect.
C: A remote station alarm is not the alarm that rings at the local fire or police stations. Therefore, this answer is incorrect.
References:
, Wiley Publishing, Indianapolis, 2007, p. 474
What security model implies a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects? A. Flow Model B. Discretionary access control C. Mandatory access control D. Non-discretionary access control
Correct Answer: D
A central authority determines what subjects can have access to certain objects based on the organizational security policy. The access controls may be based on the individuals role in the organization (role-based) or the subjects responsibilities and duties (task-based). In an organization where there are frequent personnel changes, non-discretionary access control is useful because the access controls are based on the individuals role or title within the organization. These access controls do not need to be changed whenever a new person takes over that role. Another type of non-discretionary access control is lattice-based access control.
In this type of control, a lattice model is applied. In a lattice model, there are pairs of elements that have the least upper bound of values and greatest lower bound of values. To apply this concept to access control, the pair of elements is the subject and object, and the subject has the greatest lower bound and the least upper bound of access rights to an object.
Incorrect Answers:
A: A flow model does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects.
B: Discretionary access control does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects.
C: Mandatory access control does not use a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects.
References:
, Wiley Publishing, Indianapolis, 2007, p. 48
Which of the following is an example of discretionary access control? A. Identity-based access control B. Task-based access control C. Role-based access control D. Rule-based access control
Correct Answer: A
Identity-based access control is a type of DAC system that allows or prevents access based on the identity of the subject.
Incorrect Answers:
B: Task-based access control is a non-discretionary access control model, which is based on the tasks each subject must perform.
C: Role-based access control (RBAC) provides access to resources according to the role the user holds within the company or the tasks that the user has been assigned.
D: Rule-based access control makes use of explicit rules that specify what can and cannot happen between a subject and an object, not on their security labels.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 220-228
For maximum security design, what type of fence is most effective and cost-effective method (Foot is being used as measurement unit below)?
A. 3’ to 4’ high.
B. 6’ to 7’ high.
C. 8’ high and above with strands of barbed wire.
D. Double fencing
Correct Answer: C
Fences come in varying heights, and each height provides a different level of security:
✑ Fences three to four feet high only deter casual trespassers.
✑ Fences six to seven feet high are considered too high to climb easily.
✑ Fences eight feet high (possibly with strands of barbed or razor wire at the top) means you are serious about protecting your property. They often deter the more determined intruder.
The barbed wire on top of fences can be tilted in or out, which also provides extra protection. If the organization is a prison, it would have the barbed wire on top of the fencing pointed in, which makes it harder for prisoners to climb and escape. If the organization is a military base, the barbed wire would be tilted out, making it harder for someone to climb over the fence and gain access to the premises.
Critical areas should have fences at least eight feet high to provide the proper level of protection. The fencing should not sag in any areas and must be taut and securely connected to the posts. The fencing should not be easily circumvented by pulling up its posts. The posts should be buried sufficiently deep in the ground and should be secured with concrete to ensure the posts cannot be dug up or tied to vehicles and extracted. If the ground is soft or uneven, this might provide ways for intruders to slip or dig under the fence. In these situations, the fencing should actually extend into the dirt to thwart these types of attacks.
Incorrect Answers:
A: Fences three to four feet high only deter casual trespassers. They are not the most effective maximum security design. Therefore, this answer is incorrect.
B: Fences six to seven feet high are considered too high to climb easily. They are not the most effective maximum security design. Therefore, this answer is incorrect.
D: Double fencing is not the most cost effective maximum security design. Two fences would cost more than one good fence. Furthermore, this answer does not state how high the two fences are. Two 3 to 4 fences would not be very secure. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 486
The Orange Book is founded upon which security policy model? A. The Biba Model B. The Bell LaPadula Model C. Clark-Wilson Model D. TEMPEST
Correct Answer: B
The Bell-La Padula (BLP) model is a model of computer security that focuses on mandatory and discretionary access control. It was spelled out in an influential paper by David E Bell and Leonard J. La Padula.
The Bell-La Padula paper formed the basis of the “Orange Book” security classifications, the system that the US military used to evaluate computer security for decades.
Incorrect Answers:
A: The Orange Book is not founded upon the Biba model.
C: The Orange Book is not founded upon the Clark-Wilson model.
D: The Orange Book is not founded upon the TEMPEST model.
References:
https://sites.google.com/site/cacsolin/bell-lapadula
Which of the following is NOT a basic component of security architecture? A. Motherboard B. Central Processing Unit (CPU) C. Storage Devices D. Peripherals (input/output devices)
Correct Answer: A
The system architecture aspect of security architecture includes the following:
✑ CPU Central Processing Unit
✑ Storage devices includes both long and short-term storage, such as memory and disk
✑ Peripherals includes both input and output devices, such as keyboards and printer
The components and devices connect to the motherboard. However, the motherboard is not considered a basic component of security architecture.
Incorrect Answers:
B: The Central Processing Unit (CPU) is a basic component of security architecture.
C: Storage Devices are a basic component of security architecture.
D: Peripherals (input/output devices) are a basic component of security architecture.
Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles? A. B2 B. B1 C. A1 D. A2
Correct Answer: A
B2: Structured Protection: The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel. Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system.
The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise.
Incorrect Answers:
B: Separate operator and system administrator roles are not required at level B1.
C: Separate operator and system administrator roles are required at level A1. However, they are also required at the lower level of B2.
D: Separate operator and system administrator roles are required at level A2. However, they are also required at the lower level of B2.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 396
http://csrc.nist.gov/publications/secpubs/rainbow/std001.txt
In which of the following models are Subjects and Objects identified and the permissions applied to each subject/object combination are specified? Such a model can be used to quickly summarize what permissions a subject has for various system objects. A. Access Control Matrix model B. Take-Grant model C. Bell-LaPadula model D. Biba model
Correct Answer: A
An access control matrix is a table of subjects and objects indicating what actions individual subjects can take upon individual objects. Matrices are data structures that programmers implement as table lookups that will be used and enforced by the operating system. This type of access control is usually an attribute of DAC models. The access rights can be assigned directly to the subjects (capabilities) or to the objects (ACLs).
Incorrect Answers:
B: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question.
C: The BellLaPadula Model is a state machine model used for enforcing access control in government and military applications. This is not what is described in the question.
D: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.
This is not what is described in the question.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 229
Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires? A. traverse-mode noise B. common-mode noise C. crossover-mode noise D. transversal-mode noise
Correct Answer: B
Noise in power systems refers to the presence of electrical radiation in the system that is unintentional and interferes with the transmission of clean power.
There are several types of noise, the most common being Electromagnetic Interference (EMI ) and Radio Frequency Interference (RFI ).
EMI is noise that is caused by the generation of radiation due to the charge difference between the three electrical wires the hot, neutral, and ground wires.
Two common types of EMI generated by electrical systems are:
1. Common-mode noise. Noise from the radiation generated by the difference between the hot and ground wires.
2. Traverse-mode noise. Noise from the radiation generated by the difference between the hot and neutral wires.
Incorrect Answers:
A: Traverse-mode noise is noise from the radiation generated by the difference between the hot and neutral wires, not between the hot and ground wires.
Therefore, this answer is incorrect.
C: Crossover-mode noise is not one of the two defined types of EMI generated by electrical systems. Therefore, this answer is incorrect.
D: Transversal -mode noise is not one of the two defined types of EMI generated by electrical systems. Therefore, this answer is incorrect.
References:
, Wiley Publishing, Indianapolis, 2007, p. 458
The "vulnerability of a facility" to damage or attack may be assessed by all of the following EXCEPT: A. Inspection B. History of losses C. Security controls D. security budget
Correct Answer: D
There are many types of tests that can be performed to assess the vulnerability of a facility. These include inspection, history of losses and security controls.
Inspection covers many aspects of vulnerability testing ranging from checking the perimeter fencing to penetration testing of systems.
History of losses (losses from previous attacks or security breaches) is a good way of assessing the vulnerability of a facility. Examining how previous breaches occurred can help determine whether the facility is protected against another similar breach.
Testing the security controls in place to ensure they are sufficient is an obvious way of assessing the vulnerability of a facility. Security controls cover everything from the locks on the doors to intrusion detection systems.
One thing that cannot be used to assess the vulnerability of a facility is the security budget. The amount of money spent on security is irrelevant. A large security budget does not guarantee that a facility is secure and a small budget does not mean it is insecure.
Incorrect Answers:
A: Inspection of the security systems can be used to assess the vulnerability of a facility. Therefore, this answer is incorrect.
B: History of losses (losses from previous attacks or security breaches) can be used to assess the vulnerability of a facility. Therefore, this answer is incorrect.
C: Examining the security controls can be used to assess the vulnerability of a facility. Therefore, this answer is incorrect.
Which of the following is not an EPA-approved replacement for Halon? A. Bromine B. Inergen C. FM-200 D. FE-13
Correct Answer: A
At one time, Halon was considered the perfect fire suppression method in computer operations centers, due to the fact that it is not harmful to the equipment, mixes thoroughly with the air, and spreads extremely fast. The benefits of using Halons are that they do not leave liquid or solid residues when discharged.
Therefore, they are preferred for sensitive areas, such as computer rooms and data storage areas.
However, several issues arose with its deployment, such as that it cannot be breathed safely in concentrations greater than 10 percent, and when deployed on fires with temperatures greater than 900, it degrades into seriously toxic chemicals hydrogen fluoride, hydrogen bromide, and bromine.
Some common EPA-acceptable Halon replacements are
✑ FM-200 (HFC-227ea)
✑ CEA-410 or CEA-308
✑ NAF-S-III (HCFC Blend A)
✑ FE-13 (HFC-23)
✑ Argon (IG55) or Argonite (IG01)
✑ Inergen (IG541)
✑ Low pressure water mists
Incorrect Answers:
B: Inergen is an EPA-approved replacement for Halon. Therefore, this answer is incorrect.
C: FM-200 is an EPA-approved replacement for Halon. Therefore, this answer is incorrect.
D: FE-13 is an EPA-approved replacement for Halon. Therefore, this answer is incorrect.
References:
, Wiley Publishing, Indianapolis, 2007, p. 464-465
Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense? A. TCSEC B. ITSEC C. DIACAP D. NIACAP
Correct Answer: A
Trusted Computer System Evaluation Criteria (TCSEC) is a United States Government Department of Defense (DoD) standard that sets basic requirements for assessing the effectiveness of computer security controls built into a computer system. The TCSEC was used to evaluate, classify and select computer systems being considered for the processing, storage and retrieval of sensitive or classified information.
The TCSEC, frequently referred to as the Orange Book, is the centerpiece of the DoD Rainbow Series publications. Initially issued in 1983 by the National
Computer Security Center (NCSC), an arm of the National Security Agency, and then updated in 1985. TCSEC was replaced by the Common Criteria international standard originally published in 2005.
Incorrect Answers:
B: The Information Technology Security Evaluation Criteria (ITSEC) was the first attempt at establishing a single standard for evaluating security attributes of computer systems and products by many European countries. This is not what is described in the question.
C: The DoD Information Assurance Certification and Accreditation Process (DIACAP) is a United States Department of Defense (DoD) process that means to ensure that companies and organizations apply risk management to information systems (IS). This is not what is described in the question.
D: The National Information Assurance Certification and Accreditation Process (NIACAP) is the minimum-standard process for the certification and accreditation of computer and telecommunications systems that handle U.S. This is not what is described in the question.
References:
https://en.wikipedia.org/wiki/Trusted_Computer_System
The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address? A. integrity and confidentiality B. confidentiality and availability C. integrity and availability D. none of the above
Correct Answer: C
A difference between ITSEC and TCSEC is that TCSEC bundles functionality and assurance into one rating, whereas ITSEC evaluates these two attributes separately. The other differences are that ITSEC was developed to provide more flexibility than TCSEC, and ITSEC addresses integrity, availability, and confidentiality, whereas TCSEC addresses only confidentiality. ITSEC also addresses networked systems, whereas TCSEC deals with stand-alone systems.
Incorrect Answers:
A: Both ITSEC and TCSEC address confidentiality.
B: Both ITSEC and TCSEC address confidentiality.
D: One of the answers given is correct.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 401
hich of the following is NOT a type of motion detector? A. Photoelectric sensor B. Passive infrared sensors C. Microwave Sensor. D. Ultrasonic Sensor.
Correct Answer: A
A photoelectric sensor does not detect motion; it detects a break in a beam of light.
A photoelectric system, or photometric system, detects the change in a light beam. These systems work like photoelectric smoke detectors, which emit a beam that hits the receiver. If this beam of light is interrupted, an alarm sounds. The beams emitted by the photoelectric cell can be cross-sectional and can be invisible or visible beams. Cross-sectional means that one area can have several different light beams extending across it, which is usually carried out by using hidden mirrors to bounce the beam from one place to another until it hits the light receiver.
Incorrect Answers:
B: A passive infrared system (PIR) identifies the changes of heat waves in an area it is configured to monitor. If the particles temperature within the air rises, it could be an indication of the presence of an intruder, so an alarm is sounded. A PIR is a type of motion detector. Therefore, this answer is incorrect.
C: Wave-pattern motion detectors differ in the frequency of the waves they monitor. The different frequencies are microwave, ultrasonic, and low frequency. All of these devices generate a wave pattern that is sent over a sensitive area and reflected back to a receiver. If the pattern is returned undisturbed, the device does nothing. If the pattern returns altered because something in the room is moving, an alarm sounds. A Microwave Sensor is a type of motion detector. Therefore, this answer is incorrect.
D: An Ultrasonic Sensor is an example of a wave-pattern motion detector. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 495
What is the minimum static charge able to cause disk drive data loss? A. 550 volts B. 1000 volts C. 1500 volts D. 2000 volts
Correct Answer: C
Low humidity of less than 40 percent increases the static electricity damage potential. A static charge of 4000 volts is possible under normal humidity conditions on a hardwood or vinyl floor, and charges up to 20,000 volts or more are possible under conditions of very low humidity with non-staticfree carpeting. Although you cannot control the weather, you certainly can control your relative humidity level in the computer room through your HVAC systems.
The list below lists the damage various static electricity charges can do to computer hardware:
✑ 40 volts: Sensitive circuits and transistors
✑ 1,000 volts: Scramble monitor display
✑ 1,500 volts: Disk drive data loss
✑ 2,000 volts: System shutdown
✑ 4,000 volts: Printer Jam
✑ 17,000 volts: Permanent chip damage
Incorrect Answers:
A: 550 volts is not enough to cause disk drive data loss. Therefore, this answer is incorrect.
B: 1000 volts is not enough to cause disk drive data loss. Therefore, this answer is incorrect.
D: Only 1500 volts is enough to cause disk drive data loss, not 2000 volts. Therefore, this answer is incorrect.
References:
, Wiley Publishing, Indianapolis, 2007, p. 460
Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)?
A. The National Computer Security Center (NCSC)
B. The National Institute of Standards and Technology (NIST)
C. The National Security Agency (NSA)
D. The American National Standards Institute (ANSI)
Correct Answer: B
Federal Information Processing Standards (FIPS) is a standard for adoption and use by United States Federal departments and agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology (NIST), a part of the U.S.
Department of Commerce. FIPS describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. The standards cover a specific topic in information technology (IT) and strive to achieve a common level of quality or interoperability.
Incorrect Answers:
A: The National Computer Security Center (NCSC) does not produce or publish the Federal Information Processing Standards (FIPS).
C: The National Security Agency (NSA) does not produce or publish the Federal Information Processing Standards (FIPS).
D: The American National Standards Institute (ANSI) does not produce or publish the Federal Information Processing Standards (FIPS).
References”
http://whatis.techtarget.com/definition/Federal-Information-Processing-Standards-FIPS
Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire? A. Halon B. CO2 C. water D. soda acid
Correct Answer: A
Halon is a gas that was widely used in the past to suppress fires because it interferes with the chemical combustion of the elements within a fire. It mixes quickly with the air and does not cause harm to computer systems and other data processing devices. It was used mainly in data centers and server rooms.
It was discovered that halon has chemicals (chlorofluorocarbons) that deplete the ozone and that concentrations greater than 10 percent are dangerous to people.
Halon used on extremely hot fires degrades into toxic chemicals, which is even more dangerous to humans.
Halon has not been manufactured since January 1, 1992, by international agreement. The Montreal Protocol banned halon in 1987, and countries were given until
1992 to comply with these directives. The most effective replacement for halon is FM-200, which is similar to halon but does not damage the ozone.
Incorrect Answers:
B: CO2 suppresses fire by starving it of oxygen, not by disrupting a chemical reaction. Therefore, this answer is incorrect.
C: Water suppresses fire by lowering the temperature of the fuel to below its ignition point or by dispersing the fuel, not by disrupting a chemical reaction.
Therefore, this answer is incorrect.
D: Soda acid fire extinguishers are CO2-based fire extinguishers. The soda and the acid react to produce CO2. CO2 suppresses fire by starving it of oxygen, not by disrupting a chemical reaction. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 473
Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? A. The Bell-LaPadula model B. The information flow model C. The noninterference model D. The Clark-Wilson model
Correct Answer: C
Multilevel security properties can be expressed in many ways, one being noninterference. This concept is implemented to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. This type of model does not concern itself with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it cannot change the state for the entity at the lower level.
If a lower-level entity was aware of a certain activity that took place by an entity at a higher level and the state of the system changed for this lower-level entity, the entity might be able to deduce too much information about the activities of the higher state, which in turn is a way of leaking information. Users at a lower security level should not be aware of the commands executed by users at a higher level and should not be affected by those commands in any way.
Incorrect Answers:
A: The BellLaPadula model is a state machine model used for enforcing access control in government and military applications. This is not what is described in the question.
B: The information flow model forms the basis of other models such as BellLaPadula or Biba. This is not what is described in the question.
D: The Clark-Wilson model prevents unauthorized users from making modifications, prevents authorized users from making improper modifications, and maintains internal and external consistency through auditing. This is not what is described in the question.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 380
Which of the following security models does NOT concern itself with the flow of data? A. The information flow model B. The Biba model C. The Bell-LaPadula model D. The noninterference model
Correct Answer: D
Multilevel security properties can be expressed in many ways, one being noninterference. This concept is implemented to ensure any actions that take place at a higher security level do not affect, or interfere with, actions that take place at a lower level. This type of model does not concern itself with the flow of data, but rather with what a subject knows about the state of the system. So if an entity at a higher security level performs an action, it cannot change the state for the entity at the lower level.
If a lower-level entity was aware of a certain activity that took place by an entity at a higher level and the state of the system changed for this lower-level entity, the entity might be able to deduce too much information about the activities of the higher state, which in turn is a way of leaking information. Users at a lower security level should not be aware of the commands executed by users at a higher level and should not be affected by those commands in any way.
Incorrect Answers:
A: The information flow model does concern itself with the flow of data.
B: The Biba model does concern itself with the flow of data.
C: The Bell-LaPadula model does concern itself with the flow of data.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 380
Which of the following is the preferred way to suppress an electrical fire in an information center? A. CO2 B. CO2, soda acid, or Halon C. water or soda acid D. ABC Rated Dry Chemical
Correct Answer: A
Class C fire extinguishers are used for fires involving electrical equipment.
Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders as these extinguishing agents are non-conductive.
Of the answers given, CO2 is the preferred way to suppress an electrical fire in an information center.
Incorrect Answers:
B: Soda acid is corrosive. For this reason, it is not suitable for use in an information center. Therefore, this answer is incorrect.
C: Soda acid is corrosive. For this reason, it is not suitable for use in an information center. Water is conductive which makes it unsuitable for electrical fires.
Therefore, this answer is incorrect.
D: ABC Rated Dry Chemical is corrosive. For this reason, it is not suitable for use in an information center. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 472
https://en.wikipedia.org/wiki/ABC_dry_chemical
Which Orange book security rating introduces security labels? A. C2 B. B1 C. B2 D. B3
Correct Answer: B
B1: Labeled Security: Each data object must contain a classification label and each subject must have a clearance label. When a subject attempts to access an object, the system must compare the subjects and objects security labels to ensure the requested actions are acceptable. Data leaving the system must also contain an accurate security label. The security policy is based on an informal statement, and the design specifications are reviewed and verified.
This security rating is intended for environments that require systems to handle classified data.
Incorrect Answers:
A: Security labels are not required at level C2.
C: Security labels are required at level B2; however, they were introduced at level B1.
D: Security labels are required at level B3; however, they were introduced at level B1.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 395
Which Orange book security rating is the FIRST to be concerned with covert channels? A. A1 B. B3 C. B2 D. B1
Correct Answer: C
In the Orange Book, covert channels in operating systems are not addressed until security level B2 and above because these are the systems that would be holding data sensitive enough for others to go through all the necessary trouble to access data in this fashion.
B2: Structured Protection: The security policy is clearly defined and documented, and the system design and implementation are subjected to more thorough review and testing procedures. This class requires more stringent authentication mechanisms and well-defined interfaces among layers. Subjects and devices require labels, and the system must not allow covert channels. A trusted path for logon and authentication processes must be in place, which means the subject communicates directly with the application or operating system, and no trapdoors exist. There is no way to circumvent or compromise this communication channel.
Operator and administration functions are separated within the system to provide more trusted and protected operational functionality. Distinct address spaces must be provided to isolate processes, and a covert channel analysis is conducted. This class adds assurance by adding requirements to the design of the system.
The type of environment that would require B2 systems is one that processes sensitive data that require a higher degree of security. This type of environment would require systems that are relatively resistant to penetration and compromise.
Incorrect Answers:
A: Level B2, not A1 is the FIRST to be concerned with covert channels.
B: Level B2, not B3 is the FIRST to be concerned with covert channels.
D: Level B2, not B1 is the FIRST to be concerned with covert channels.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 395-396
According to the Orange Book, which security level is the first to require a system to protect against covert timing channels? A. A1 B. B3 C. B2 D. B1
Correct Answer: B
The TCSEC defines two kinds of covert channels:
✑ Storage channels - Communicate by modifying a “storage location”
✑ Timing channels - Perform operations that affect the “real response time observed” by the receiver
The TCSEC, also known as the Orange Book, requires analysis of covert storage channels to be classified as a B2 system and analysis of covert timing channels is a requirement for class B3.
Incorrect Answers:
A: Level A1 requires a system to protect against covert timing channels. However, the lower level B3 also requires it.
C: Level B2 does not require a system to protect against covert timing channels.
D: Level B1 does not require a system to protect against covert timing channels.
References:
https://en.wikipedia.org/wiki/Covert_channel
What does the Clark-Wilson security model focus on? A. Confidentiality B. Integrity C. Accountability D. Availability
Correct Answer: B
The Bell-LaPadula model deals only with confidentiality, while the Biba and Clark-Wilson models deal only with integrity.
The Clark-Wilson model addresses all three integrity goals: prevent unauthorized users from making modifications, prevent authorized users from making improper modifications, and maintain internal and external consistency.
Incorrect Answers:
A: The Clark-Wilson security model does not focus on confidentiality; it focuses on integrity.
C: The Clark-Wilson security model does not focus on accountability; it focuses on integrity.
D: The Clark-Wilson security model does not focus on availability; it focuses on integrity.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 414, 416
Which security model uses division of operations into different parts and requires different users to perform each part? A. Bell-LaPadula model B. Biba model C. Clark-Wilson model D. Non-interference model
Correct Answer: C
The Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This is known as Separation of
Duties.
The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application. If a customer needs to withdraw over $10,000, the application may require a supervisor to log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures.
Incorrect Answers:
A: The Bell-LaPadula model does not use division of operations into different parts and require different users to perform each part.
B: The Biba model does not use division of operations into different parts and require different users to perform each part.
D: The Non-interference model does not use division of operations into different parts and require different users to perform each part.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 376
What is the name of the FIRST mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? A. Clark and Wilson Model B. Harrison-Ruzzo-Ullman Model C. Rivest and Shamir Model D. Bell-LaPadula Model
Correct Answer: D
In the 1970s, the U.S. military used time-sharing mainframe systems and was concerned about the security of these systems and leakage of classified information. The Bell-LaPadula model was developed to address these concerns. It was the first mathematical model of a multilevel security policy used to define the concept of a secure state machine and modes of access, and outlined rules of access. Its development was funded by the U.S. government to provide a framework for computer systems that would be used to store and process sensitive information. The models main goal was to prevent secret information from being accessed in an unauthorized manner.
A system that employs the Bell-LaPadula model is called a multilevel security system because users with different clearances use the system, and the system processes data at different classification levels.
Incorrect Answers:
A: The Clark-Wilson Model is an integrity model. This is not what is described in the question.
B: The HRU security model (Harrison, Ruzzo, Ullman model) is an operating system level computer security model which deals with the integrity of access rights in the system. This is not what is described in the question.
C: Rivest and Shamir is not a model. They created RSA cryptography. This is not what is described in the question.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 369
Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure? A. The Take-Grant model B. The Biba integrity model C. The Clark Wilson integrity model D. The Bell-LaPadula integrity model
Correct Answer: C
When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data
(CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (Transformation Procedures) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her companys database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what Kathy can and cannot do to the information in the database.
Incorrect Answers:
A: The take-grant protection model is used to establish or disprove the safety of a given computer system that follows specific rules. This is not what is described in the question.
B: The Biba Model is a formal state transition system of computer security policy that describes a set of access control rules designed to ensure data integrity.
However, it does not define a constrained data item and a transformation procedure.
C: The Bell-LaPadula model does not deal with integrity.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 374
The BIGGEST difference between System High Security Mode and Dedicated Security Mode is: A. The clearance required B. Object classification C. Subjects cannot access all objects D. Need-to-know
Correct Answer: D
A system is operating in a dedicated security mode if all users have a clearance for, and a formal need-to-know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements (NDAs) pertaining to this information.
The system can handle a single classification level of information.
A system is operating in system high-security mode when all users have a security clearance to access the information but not necessarily a need-to-know for all the information processed on the system. So, unlike in the dedicated security mode, in which all users have a need-to-know pertaining to all data on the system, in system high-security mode, all users have a need-to-know pertaining to some of the data. This mode also requires all users to have the highest level of clearance required by any and all data on the system. However, even though a user has the necessary security clearance to access an object, the user may still be restricted if he does not have a need-to-know pertaining to that specific object.
Incorrect Answers:
A: The clearance required is not the difference between the two. All users have clearance in both systems. However, in high-security mode, access is further restricted by need-to-know.
B: Object classification is not the difference between the two. The classification of objects can be the same or it can be different; however, high-security mode is further restricted by need-to-know.
C: Subjects cannot access all objects is not the difference between the two. All subjects CAN access all objects providing they have the need-to-know.
References:
, 4th Edition, McGraw-Hill, New York, 2007, p. 387
For competitive reasons, the customers of a large shipping company called the “Integrated International Secure Shipping Containers Corporation” (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other’s cargos.
An unscrupulous fruit shipper, the “Association of Private Fruit Exporters, Limited” (APFEL) wants to learn whether or not a competitor, the “Fruit Is Good
Corporation” (FIGCO), is shipping pineapples on the ship “S.S. Cruise Pacific” (S.S. CP). APFEL can’t simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so
APFEL can’t be sure whether or not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading FIGCO’s cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?
A. *-Property and Polymorphism
B. Strong *-Property and Polyinstantiation
C. Simple Security Property and Polymorphism
D. Simple Security Property and Polyinstantiation
Correct Answer: D
The simple security rule states that a subject at a given security level cannot read data that reside at a higher security level. Simple Security Property is the name of the access control model property that prevented APFEL from reading FIGCO’s cargo information.
The secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples is Polyinstantiation. Polyinstantiation enabled the false record to be created.
Polyinstantiation enables a table that contains multiple tuples with the same primary keys, with each instance distinguished by a security level. When this information is inserted into a database, lower-level subjects must be restricted from it. Instead of just restricting access, another set of data is created to fool the lower-level subjects into thinking the information actually means something else.
Incorrect Answers:
A: The *-property rule (star property rule) states that a subject in a given security level cannot write information to a lower security level. This is not the access control model property that prevented APFEL from reading FIGCO’s cargo information.
Polymorphism takes place when different objects respond to the same command, input, or message in different ways. This is not the secure database technique used in this question.
B: The strong star property rule, states that a subject that has read and write capabilities can only perform those functions at the same security level; nothing higher and nothing lower. So, for a subject to be able to read and write to an object, the clearance and classification must be equal. This is not the access control model property that prevented APFEL from reading FIGCO’s cargo information.
C: Polymorphism takes place when different objects respond to the same command, input, or message in different ways. This is not the secure database technique used in this question.
References:
, 4th Edition, McGraw-Hill, New York, 2007, pp. 370, 1186
Which security model uses an access control triple and also requires separation of duty? A. DAC B. Lattice C. Clark-Wilson D. Bell-LaPadula
Correct Answer: C
The Clark-Wilson model enforces the three goals of integrity by using access triple (subject, software [TP], object), separation of duties, and auditing. This model enforces integrity by using well-formed transactions (through access triple) and separation of duties.
When an application uses the Clark-Wilson model, it separates data into one subset that needs to be highly protected, which is referred to as a constrained data item (CDI), and another subset that does not require a high level of protection, which is called an unconstrained data item (UDI). Users cannot modify critical data
(CDI) directly. Instead, the subject (user) must be authenticated to a piece of software, and the software procedures (TPs) will carry out the operations on behalf of the user. For example, when Kathy needs to update information held within her companys database, she will not be allowed to do so without a piece of software controlling these activities. First, Kathy must authenticate to a program, which is acting as a front end for the database, and then the program will control what
Kathy can and cannot do to the information in the database.
This is referred to as access triple: subject (user), program (TP), and object (CDI). A user cannot modify CDI without using a TP.
The Clark-Wilson security model uses division of operations into different parts and requires different users to perform each part. This is known as Separation of
Duties.
The Clark-Wilson model outlines how to incorporate separation of duties into the architecture of an application. If a customer needs to withdraw over $10,000, the application may require a supervisor to log in and authenticate this transaction. This is a countermeasure against potential fraudulent activities. The model provides the rules that the developers must follow to properly implement and enforce separation of duties through software procedures.
Incorrect Answers:
A: DAC (Discretionary Access Control) is not a security model that uses an access control triple and requires separation of duty.
B: Lattice-based access control model A mathematical model that allows a system to easily represent the different security levels and control access attempts based on those levels. It is not a security model that uses an access control triple and requires separation of duty.
D: The BellLaPadula Model is a state machine model used for enforcing access control in government and military applications. It is not a security model that uses an access control triple and requires separation of duty.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 370-377
You have been approached by one of your clients. They are interested in doing some security re-engineering. The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications. Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional, which model would you recommend to the client?
A. Information Flow Model combined with Bell LaPadula
B. Bell LaPadula
C. Biba
D. Information Flow Model
Correct Answer: A
The Bell-LaPadula model focuses on preventing information from flowing from a high security level to a low security level. Information Flow Model deals with covert channels.
Subjects can access files. Processes can access memory segments. When data are moved from the hard drives swap space into memory, information flows.
Data are moved into and out of registers on a CPU. Data are moved into different cache memory storage devices. Data are written to the hard drive, thumb drive,
CD-ROM drive, and so on. Properly controlling all of these ways of how information flows can be a very complex task. This is why the information flow model existsto help architects and developers make sure their software does not allow information to flow in a way that can put the system or data in danger. One way that the information flow model provides this type of protection is by ensuring that covert channels do not exist in the code.
Incorrect Answers:
B: The Bell LaPadula model on its own is not sufficient because it does not deal with the identification of covert channels.
C: The Biba model is an integrity model. It will not prevent information from flowing from a high security level to a low security level or identify covert channels.
D: The Information Flow model on its own is not sufficient because it will not prevent information from flowing from a high security level to a low security level.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 377-378
Which of the following security models introduced the idea of mutual exclusivity which generates dynamically changing permissions? A. Biba B. Brewer & Nash C. Graham-Denning D. Clark-Wilson
Correct Answer: B
The Brewer and Nash model, also called the Chinese Wall model, was created to provide access controls that can change dynamically depending upon a users previous actions. The main goal of the model is to protect against conflicts of interest by users access attempts.
Under the Brewer and Nash model, company sensitive information is categorized into mutually disjointed conflict-of-interest categories. If you have access to one set of data, you cannot access the other sets of data.
Incorrect Answers:
A: The Biba model deals with integrity. It does not use dynamically changing permissions.
C: The Graham-Denning model shows how subjects and objects should be securely created and deleted. It also addresses how to assign specific access rights. It does not use dynamically changing permissions.
D: The Clark-Wilson model deals with integrity. It does not use dynamically changing permissions.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 383
Which is the last line of defense in a physical security sense? A. people B. interior barriers C. exterior barriers D. perimeter barriers
Correct Answer: A
In terms of physical security, people are the last line of defense for your companys assets. If an intruder gets past the perimeter barriers, then the external barriers and finally the internal barriers, there are no more physical defenses remaining other than people in the facility.
Incorrect Answers:
B: Interior barriers are behind external barriers and perimeter barriers in terms of physical security. However, internal barriers are not the last line of defense; people are. Therefore, this answer is incorrect.
C: Exterior barriers are between perimeter barriers and internal barriers in terms of physical security. Therefore, they are not the last line of defense so this answer is incorrect.
D: Perimeter barriers are the first line of defense; not the last line of defense. Therefore, this answer is incorrect.
What is an error called that causes a system to be vulnerable because of the environment in which it is installed? A. Configuration error B. Environmental error C. Access validation error D. Exceptional condition handling error
Correct Answer: B
Environmental errors include utility failure, service outage, natural disasters, or neighboring hazards. Any issue with the environment in which a system is installed is known as an environmental error.
Maintaining appropriate temperature and humidity is important in any facility, especially facilities with computer systems. Improper levels of either can cause damage to computers and electrical devices. High humidity can cause corrosion, and low humidity can cause excessive static electricity. This static electricity can short out devices, cause the loss of information, or provide amusing entertainment for unsuspecting employees. Lower temperatures can cause mechanisms to slow or stop, and higher temperatures can cause devices to use too much fan power and eventually shut down.
Incorrect Answers:
A: A configuration error is a problem caused by the configuration of the settings in a system, not the environment in which the system is installed.
C: An access validation error is a problem caused a user not having the correct permissions or access rights to the system. An access validation error is not caused by the environment in which the system is installed.
D: An exceptional condition handling error is a problem caused by the software code of the system, not the environment in which the system is installed.
References:
, 6th Edition, McGraw-Hill, 2013, p. 466
Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support? A. SESAME B. RADIUS C. KryptoKnight D. TACACS+
Correct Answer: A
Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support.
Incorrect Answers:
B: RADIUS is a network protocol that allows for client/server authentication and authorization, and audits remote users. It was not developed to address some of the weaknesses in Kerberos.
C: KryptoKnight provides authentication and key distribution services to applications and communicating entities in a network environment. It was not developed to address some of the weaknesses in Kerberos.
D: TACACS+ is a network protocol that allows for client/server authentication and authorization. It was not developed to address some of the weaknesses in
Kerberos.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 214, 234-236
http://www.eurecom.fr/~nsteam/Papers/kryptoknight.pdf
Which of the following is the most costly countermeasure to reducing physical security risks? A. Procedural Controls B. Hardware Devices C. Electronic Systems D. Security Guards
Correct Answer: D
One drawback of security guards is that the cost of maintaining a guard function either internally or through an external service is expensive.
With common physical security risk countermeasures such as door entry control systems or perimeter fencing, there is typically a one-off cost when the countermeasure is implemented. With security guards, you have the ongoing cost of paying the salary of the security guard.
Incorrect Answers:
A: Procedural controls consist of approved written policies, procedures, standards and guidelines. The cost of implement procedural controls is not more costly than the ongoing costs associated with security guards. Therefore, this answer is incorrect.
B: Hardware Devices typically have a one-off cost when they are implemented and they may have a small cost for maintenance. However, this cost not more costly than the ongoing costs associated with security guards. Therefore, this answer is incorrect.
C: Electronic Systems typically have a one-off cost when they are implemented and they may have a small cost for maintenance. However, this cost not more than the ongoing costs associated with security guards. Therefore, this answer is incorrect.
References:
, Wiley Publishing, Indianapolis, 2007, p. 535
What algorithm was DES derived from? A. Twofish. B. Skipjack. C. Brooks-Aldeman. D. Lucifer.
Correct Answer: D
Lucifer was adopted and modified by the U.S. National Security Agency (NSA) to establish the U.S. Data Encryption Standard (DES) in 1976.
Incorrect Answers:
A: Twofish is a symmetric block cipher, which was a candidate for being the basis of the Advanced Encryption Standard (AES).
B: Skipjack is an algorithm that was used by Clipper Chip, which was used in the Escrowed Encryption Standard (EES).
C: Brooks-Aldeman is not a valid algorithm.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 764, 809
Question #87
What is a characteristic of using the Electronic Code Book mode of DES encryption?
A. A given block of plaintext and a given key will always produce the same ciphertext.
B. Repetitive encryption obscures any repeated patterns that may have been present in the plaintext.
C. Individual characters are encoded by combining output from earlier encryption routines with plaintext.
D. The previous DES output is used as input.
Correct Answer: A
With Electronic Code Book (ECB) Mode, a 64-bit data block is entered into the algorithm with a key, and a block of ciphertext is produced. The same block of ciphertext will always result from a given block of plaintext and a given key.
Incorrect Answers:
B: This option refers to Cipher Block Chaining (CBC).
C: This option is not a characteristic of using the Electronic Code Book mode of DES encryption, as ECB allows for ciphertext to be produced from a given block of plaintext and a given key.
D: This option refers to Cipher Block Chaining (CBC).
References:
, 6th Edition, McGraw-Hill, 2013, pp. 800-807
Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient’s “public” key in order to get confidentiality of the data being sent. The recipients use their own “private” key to decrypt the information. The “Infrastructure” of this methodology ensures that:
A. The sender and recipient have reached a mutual agreement on the encryption key exchange that they will use.
B. The channels through which the information flows are secure.
C. The recipient’s identity can be positively verified by the sender.
D. The sender of the message is the only other person with access to the recipient’s private key.
Correct Answer: B
When information is encrypted using a public key, it can only be decrypted by using the associated private key. As the recipient is the only person with the private key, the recipient is the only person who can decrypt the message. This provides a form of authentication in that the recipient’s identity can be positively verified by the sender. If the receiver replies to the message, the sender knows that the intended recipient received the message.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 784-785
Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms? A. Rivest, Shamir, Adleman (RSA) B. El Gamal C. Elliptic Curve Cryptography (ECC) D. Advanced Encryption Standard (AES)
Correct Answer: C
Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An elliptic curve cryptosystem (ECC) provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECCs efficiency. ECC is more efficient than RSA and any other asymmetric algorithm.
Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality, requiring a smaller percentage of the resources compared to RSA and other algorithms, so it is used in these types of devices.
In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what
RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device.
Incorrect Answers:
A: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than RSA.
B: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than El Gamal.
D: Elliptic Curve Cryptography (ECC) has a higher strength per bit of key length than AES.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 818-819
Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
A. The use of good key generators.
B. The use of session keys.
C. Nothing can defend you against a brute force crypto key attack.
D. Algorithms that are immune to brute force key attacks.
Correct Answer: B
A session key is a single-use symmetric key that is used to encrypt messages between two users during a communication session.
If Tanya has a symmetric key she uses to always encrypt messages between Lance and herself, then this symmetric key would not be regenerated or changed.
They would use the same key every time they communicated using encryption. However, using the same key repeatedly increases the chances of the key being captured and the secure communication being compromised. If, on the other hand, a new symmetric key were generated each time Lance and Tanya wanted to communicate, it would be used only during their one dialogue and then destroyed. If they wanted to communicate an hour later, a new session key would be created and shared.
A session key provides more protection than static symmetric keys because it is valid for only one session between two computers. If an attacker were able to capture the session key, she would have a very small window of time to use it to try to decrypt messages being passed back and forth.
Incorrect Answers:
A: A strong encryption key offers no protection against brute force attacks. If the same key is always used, once an attacker obtains the key, he would be able to decrypt the data.
C: It is not true that nothing can defend you against a brute force crypto key attack. Using a different key every time is a good defense.
D: There are no algorithms that are immune to brute force key attacks. This is why it is a good idea to use a different key every time.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 798-799
he Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
A. 64 bits of data input results in 56 bits of encrypted output
B. 128 bit key with 8 bits used for parity
C. 64 bit blocks with a 64 bit total key length
D. 56 bits of data input results in 56 bits of encrypted output
Correct Answer: C
DES is a symmetric block encryption algorithm. When 64-bit blocks of plaintext go in, 64-bit blocks of ciphertext come out. It is also a symmetric algorithm, meaning the same key is used for encryption and decryption. It uses a 64-bit key: 56 bits make up the true key, and 8 bits are used for parity.
When the DES algorithm is applied to data, it divides the message into blocks and operates on them one at a time. The blocks are put through 16 rounds of transposition and substitution functions. The order and type of transposition and substitution functions depend on the value of the key used with the algorithm. The result is 64-bit blocks of ciphertext
Incorrect Answers:
A: When 64-bit blocks of plaintext go in, 64-bit blocks of encrypted data come out.
B: DES uses a 64-bit key (not 128-bit): 56 bits make up the true key, and 8 bits are used for parity.
D: DES uses 64-bit blocks, not 56-bit.
References:
, 6th Edition, McGraw-Hill, 2013, p. 801
PGP uses which of the following to encrypt data? A. An asymmetric encryption algorithm B. A symmetric encryption algorithm C. A symmetric key distribution system D. An X.509 digital certificate
Correct Answer: B
Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program.
PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use
IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions.
PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP uses its own type of digital certificates rather than what is used in PKI, but they both have similar purposes.
Incorrect Answers:
A: PGP uses a symmetric encryption algorithm, not an asymmetric encryption algorithm to encrypt data.
C: PGP does not use a symmetric key distribution system to encrypt data.
D: An X.509 digital certificate is used in asymmetric cryptography. PGP does not use asymmetric cryptography.
References:
, 6th Edition, McGraw-Hill, 2013, p. 850
The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is NOT one of these areas? A. Threats B. Countermeasures C. Vulnerabilities D. Risks
Correct Answer: D
“Risks” is not one of the three areas that the Physical Security domain focuses on.
The Physical Security domain addresses the threats, vulnerabilities, and countermeasures that can be utilized to physically protect an enterprises resources and sensitive information. These resources include personnel, the facility in which they work, and the data, equipment, support systems, and media with which they work. Physical security often refers to the measures taken to protect systems, buildings, and their related supporting infrastructure against threats that are associated with the physical environment.
Incorrect Answers:
A: Threats is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect.
B: Countermeasures is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect.
C: Vulnerabilities is one of the three areas that the Physical Security domain focuses on. Therefore, this answer is incorrect.
References:
, Wiley Publishing, Indianapolis, 2007, p. 451
Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on? A. Caesar B. The Jefferson disks C. Enigma D. SIGABA
Correct Answer: A
Julius Caesar (10044 B.C.) developed a simple method of shifting letters of the alphabet. He simply shifted the alphabet by three positions.
Today, this technique seems too simplistic to be effective, but in the time of Julius Caesar, not very many people could read in the first place, so it provided a high level of protection. The Caesar cipher is an example of a monoalphabetic cipher. Once more people could read and reverse-engineer this type of encryption process, the cryptographers of that day increased the complexity by creating polyalphabetic ciphers.
In the 16th century in France, Blaise de Vigenere developed a polyalphabetic substitution cipher for Henry III. This was based on the Caesar cipher, but it increased the difficulty of the encryption and decryption process
Incorrect Answers:
B: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not the Jefferson disks.
C: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not Enigma.
D: The Vigenere polyalphabetic cipher is based on the Caesar cipher, not SIGABA.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 761-762
What is the length of an MD5 message digest?
A. 128 bits
B. 160 bits
C. 256 bits
D. varies depending upon the message size.
Correct Answer: A
MD5 is a message digest algorithm that was developed by Ronald Rivest in 1991. MD5 takes a message of an arbitrary length and generates a 128-bit message digest. In MD5, the message is processed in 512-bit blocks in four distinct rounds.
Incorrect Answers:
B: MD5 generates a 128-bit message digest, not 160-bit.
C: MD5 generates a 128-bit message digest, not 256-bit.
D: MD5 generates a 128-bit message digest regardless of the message size.
, John Wiley & Sons, New York, 2001, p. 153
In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? A. Pre Initialization Phase B. Phase 1 C. Phase 2 D. No peer authentication is performed
Correct Answer: B
When two computers (peers) use IPsec to communicate, they create two kinds of security associations. In the first, called main mode or phase one, the peers mutually authenticate themselves to each other, thus establishing trust between the computers. In the second, called quick mode or phase two, the peers will negotiate the particulars of the security association, including how they will digitally sign and encrypt traffic between them.
Incorrect Answers:
A: The phase in which peer authentication is performed is not known as the Pre Initialization Phase.
C: Peer authentication is performed in phase 1, not phase 2.
D: It is not true that no peer authentication is performed.
References:
https://technet.microsoft.com/en-us/library/cc512617.aspx
What is NOT an authentication method within IKE and IPsec? A. CHAP B. Pre shared key C. certificate based authentication D. Public key authentication
Correct Answer: A
CHAP (Challenge Handshake Authentication Protocol) is not used within IKE and IPSec.
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security association (SA) in the IPsec protocol suite. IKE builds upon the Oakley protocol and ISAKMP. IKE uses X.509 certificates for authentication - either pre-shared or distributed using DNS and a DiffieHellman key exchange - to set up a shared session secret from which cryptographic keys are derived.
IKE phase one’s purpose is to establish a secure authenticated communication channel by using the DiffieHellman key exchange algorithm to generate a shared secret key to encrypt further IKE communications. This negotiation results in one single bi-directional ISAKMP Security Association (SA). The authentication can be performed using either pre-shared key (shared secret), signatures, or public key encryption.
Incorrect Answers:
B: Pre-shared key is an authentication method that can be used within IKE and IPsec.
C: Certificate-based authentication is an authentication method that can be used within IKE and IPsec.
D: Public key authentication is an authentication method that can be used within IKE and IPsec.
References:
https://en.wikipedia.org/wiki/Internet_Key_Exchange
What is NOT true with pre shared key authentication within IKE / IPsec protocol?
A. Pre shared key authentication is normally based on simple passwords
B. Needs a Public Key Infrastructure (PKI) to work
C. IKE is used to setup Security Associations
D. IKE builds upon the Oakley protocol and the ISAKMP protocol.
Correct Answer: B
A pre-shared key is simply a string of characters known to both parties. When configuring a VPN using IPSec with pre-shared keys for authentication, the pre- shared key is entered into the configuration of the VPN device at each end of the VPN. it can use pre-shared keys. When using pre-shared keys, you do not need a PKI.
Incorrect Answers:
A: It is true that pre-shared key authentication is normally based on simple passwords.
C: It is true that IKE is used to setup Security Associations.
D: It is true that IKE builds upon the Oakley protocol and the ISAKMP protocol.
References:
https://en.wikipedia.org/wiki/Internet_Key_Exchange
In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term? A. Subordinate CA B. Top Level CA C. Big CA D. Master CA
Correct Answer: B
Public key infrastructure (PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. In other words, a PKI establishes a level of trust within an environment. PKI is an ISO authentication framework that uses public key cryptography and the X.509 standard.
Each person who wants to participate in a PKI requires a digital certificate, which is a credential that contains the public key for that individual along with other identifying information. The certificate is created and signed (digital signature) by a trusted third party, which is a certificate authority (CA).
The certificate authority (CA) is the entity that issues the certificates. CAs are often organized into hierarchies with the root CA at the top of the hierarchy and intermediate or subordinate CAs below the root. As the root CA is top of the tree, it is often referred to as the Top-Level CA.
Incorrect Answers:
A: A Subordinate CA is below the root or top-level CA.
C: A Root CA is not known as a Big CA.
D: A Root CA is not known as a Master CA.
References:
, 6th Edition, McGraw-Hill, 2013, p. 833
What is the primary role of cross certification?
A. Creating trust between different PKIs
B. Build an overall PKI hierarchy
C. set up direct trust to a second root CA
D. Prevent the nullification of user certificates by CA certificate revocation
Correct Answer: A
More and more organizations are setting up their own internal PKIs. When these independent PKIs need to interconnect to allow for secure communication to take place (either between departments or between different companies), there must be a way for the two root CAs to trust each other. The two CAs do not have a CA above them they can both trust, so they must carry out cross certification. A cross certification is the process undertaken by CAs to establish a trust relationship in which they rely upon each others digital certificates and public keys as if they had issued them themselves. When this is set up, a CA for one company can validate digital certificates from the other company and vice versa.
Incorrect Answers:
B: Building an overall PKI hierarchy is not the primary purpose of cross certification. Cross certification is used to create a trust between different PKIs or PKI hierarchies.
C: Cross certification does not set up a direct trust to a second root CA; it creates trusts between two PKIs (this includes all CAs in each hierarchy).
D: Preventing the nullification of user certificates by CA certificate revocation is not the purpose of cross certification. Certificate revocation should nullify user certificates or at least render them untrusted.
References:
, 6th Edition, McGraw-Hill, 2013, p. 835
What kind of encryption is realized in the S/MIME-standard?
A. Asymmetric encryption scheme
B. Password based encryption scheme
C. Public key based, hybrid encryption scheme
D. Elliptic curve based encryption
Correct Answer: C
Secure MIME (S/MIME) is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions. S/MIME extends the MIME standard by allowing for the encryption of e-mail and attachments. The encryption and hashing algorithms can be specified by the user of the mail package, instead of having it dictated to them. S/MIME follows the Public Key Cryptography Standards (PKCS). S/MIME provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use of X.509 public key certificates, and nonrepudiation through cryptographically signed message digests.
A user that sends a message with confidential information can keep the contents private while it travels to its destination by using message encryption. For message encryption, a symmetric algorithm (DES, 3DES, or in older implementations RC2) is used to encrypt the message data. The key used for this process is a one-time bulk key generated at the email client. The recipient of the encrypted message needs the same symmetric key to decrypt the data, so the key needs to be communicated to the recipient in a secure manner. To accomplish that, an asymmetric key algorithm (RSA or Diffie-Hellman) is used to encrypt and securely exchange the symmetric key. The key used for this part of the message encryption process is the recipients public key. When the recipient receives the encrypted message, he will use his private key to decrypt the symmetric key, which in turn is used to decrypt the message data.
As you can see, this type of message encryption uses a hybrid system, which means it uses both symmetric and asymmetric algorithms. The reason for not using the public key system to encrypt the data directly is that it requires a lot of CPU resources; symmetric encryption is much faster than asymmetric encryption. Only the content of a message is encrypted; the header of the message is not encrypted so mail gateways can read addressing information and forward the message accordingly.
Incorrect Answers:
A: The S/MIME-standard does not use asymmetric encryption to encrypt the message; for message encryption, a symmetric algorithm is used. Asymmetric encryption is used to encrypt the symmetric key.
B: The S/MIME-standard does not use a password based encryption scheme.
D: The S/MIME-standard does not use Elliptic curve based encryption.
References:
, 6th Edition, McGraw-Hill, 2013, p. 850
http://www.techexams.net/technotes/securityplus/emailsecurity.shtml
What is the main problem of the renewal of a root CA certificate?
A. It requires key recovery of all end user keys
B. It requires the authentic distribution of the new root CA certificate to all PKI participants
C. It requires the collection of the old root CA certificates from all the users
D. It requires issuance of the new root CA certificate
Correct Answer: B
Every entity (user, computer, application, network device) that has a certificate from a PKI trusts other entities with certificates issued by the same PKI because they all trust the root Certificate Authority (CA). This trust is ensured because every entity has a copy of the root CAs public certificate.
If you want to change or renew the root CA certificate, to maintain the trust, the new certificate must be distributed to every entity that has a certificate from the
PKI.
Incorrect Answers:
A: Renewing a root CA certificate does not require key recovery of all end user keys.
C: Renewing a root CA certificate does not require the collection of the old root CA certificates from all the users; the root certificates will just be invalid because they will be out-of-date.
D: Issuance of the new root CA certificate is not a problem; it is not a difficult procedure. The distribution of the certificate to all PKI participants is more of a challenge.
Critical areas should be lighted: A. Eight feet high and two feet out. B. Eight feet high and four feet out. C. Ten feet high and four feet out. D. Ten feet high and six feet out.
Correct Answer: A
Critical areas should be lighted eight feet high and two feet out.
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, which is a unit that represents the illumination power of an individual light.
Incorrect Answers:
A: Critical areas should be lighted eight feet high and two feet out, not eight feet high and four feet out. Therefore, this answer is incorrect.
B: Critical areas should be lighted eight feet high and two feet out, not ten feet high and four feet out. Therefore, this answer is incorrect.
D: Critical areas should be lighted eight feet high and two feet out, not ten feet high and six feet out. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 1365
What attribute is included in a X.509-certificate?
A. Distinguished name of the subject
B. Telephone number of the department
C. secret key of the issuing CA
D. the key pair of the certificate holder
Correct Answer: A
An X.509 certificate contains information about the identity to which a certificate is issued and the identity that issued it. Standard information in an X.509 certificate includes:
✑ Version which X.509 version applies to the certificate (which indicates what data the certificate must include)
Serial number the identity creating the certificate must assign it a serial number that distinguishes it from other certificates
✑ Algorithm information the algorithm used by the issuer to sign the certificate
✑ Issuer distinguished name the name of the entity issuing the certificate
✑ Validity period of the certificate start/end date and time
✑ Subject distinguished name the name of the identity the certificate is issued to
✑ Subject public key information the public key associated with the identity
✑ Extensions (optional)
Incorrect Answers:
B: The telephone number of the department is not included in an X509 certificate.
C: The secret key of the issuing CA is not included in an X509 certificate. The secret key is the private key which is never distributed.
D: The key pair of the certificate holder is not included in an X509 certificate. A key pair includes a private key which is kept private.
References:
http://searchsecurity.techtarget.com/definition/X509-certificate
Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA? A. PKCS #17799 B. PKCS-RSA C. PKCS#1 D. PKCS#11
Correct Answer: C
In cryptography, PKCS #1 is the first of a family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography. It defines the mathematical properties of public and private keys, primitive operations for encryption and signatures, secure cryptographic schemes, and related ASN.1 syntax representations.
Incorrect Answers:
A: PKCS #17799 is not a valid Public Key Cryptography Standard (PKCS) addressing RSA.
B: PKCS-RSA is not a valid Public Key Cryptography Standard (PKCS) addressing RSA.
D: PKCS#11 is not a valid Public Key Cryptography Standard (PKCS) addressing RSA.
References:
https://en.wikipedia.org/wiki/PKCS_1
The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis? A. Critical-channel analysis B. Covert channel analysis C. Critical-path analysis D. Critical-conduit analysis
Correct Answer: C
The value of items to be protected can be determined by a critical-path analysis. The critical-path analysis lists all pieces of an environment and how they interact.
Incorrect Answers:
A: Critical-channel analysis is not the correct term for the analysis described in the question. Therefore, this answer is incorrect.
B: A covert channel is a way for an entity to receive information in an unauthorized manner. Covert channel analysis is used to determine where covert channels exist. This is not the analysis described in the question. Therefore, this answer is incorrect.
D: Critical-conduit analysis is not the correct term for the analysis described in the question. Therefore, this answer is incorrect.
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors
Correct Answer: B
A capacitance detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted. These devices are usually used to protect specific objects (artwork, cabinets, or a safe) versus protecting a whole room or area.
An electrostatic IDS creates an electrostatic magnetic field, which is just an electric field associated with static electric charges. All objects have a static electric charge. They are all made up of many subatomic particles, and when everything is stable and static, these particles constitute one holistic electric charge. This means there is a balance between the electric capacitance and inductance. Now, if an intruder enters the area, his subatomic particles will mess up this balance in the electrostatic field, causing a capacitance change, and an alarm will sound.
Incorrect Answers:
A: Wave pattern motion detectors are used overall room security monitoring. Therefore, this answer is incorrect.
C: Field-powered devices are not intrusion detection devices. Field-powered device refers to a type of system-sensing proximity card. Therefore, this answer is incorrect.
D: Audio detectors are used overall room security monitoring. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 496
, 6th Edition, McGraw-Hill, New York, 2013, p. 850
Question #133
Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? A. Wave pattern motion detectors B. Capacitance detectors C. Field-powered devices D. Audio detectors
Correct Answer: B
A capacitance detector, emits a measurable magnetic field. The detector monitors this magnetic field, and an alarm sounds if the field is disrupted. These devices are usually used to protect specific objects (artwork, cabinets, or a safe) versus protecting a whole room or area.
An electrostatic IDS creates an electrostatic magnetic field, which is just an electric field associated with static electric charges. All objects have a static electric charge. They are all made up of many subatomic particles, and when everything is stable and static, these particles constitute one holistic electric charge. This means there is a balance between the electric capacitance and inductance. Now, if an intruder enters the area, his subatomic particles will mess up this balance in the electrostatic field, causing a capacitance change, and an alarm will sound.
Incorrect Answers:
A: Wave pattern motion detectors are used overall room security monitoring. Therefore, this answer is incorrect.
C: Field-powered devices are not intrusion detection devices. Field-powered device refers to a type of system-sensing proximity card. Therefore, this answer is incorrect.
D: Audio detectors are used overall room security monitoring. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 496
, 6th Edition, McGraw-Hill, New York, 2013, p. 850
Which of the following Kerberos components holds all users' and services' cryptographic keys? A. The Key Distribution Service B. The Authentication Service C. The Key Distribution Center D. The Key Granting Service
Correct Answer: C
The Key Distribution Center (KDC) is the most important component within a Kerberos environment as it holds all users and services secret keys.
Incorrect Answers:
A: Key Distribution Service is not a valid Kerberos term.
B: The authentication service is a part of the KDC that authenticates a principal. It does not hold all users’ and services’ cryptographic keys
D: Key Granting Service is not a valid Kerberos term.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 209-213
There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? A. public keys B. private keys C. public-key certificates D. private-key certificates
Correct Answer: C
Public Key describes a system that uses certificates or the underlying public key cryptography on which the system is based.
In the traditional public key model, clients are issued credentials or “certificates” by a Certificate Authority (CA). The CA is a trusted third party. Public key certificates contain the user’s name, the expiration date of the certificate etc. The most common certificate format is X.509. Public key credentials in the form of certificates and public-private key pairs can provide a strong distributed authentication system.
The Kerberos and public key trust models are very similar. A Kerberos ticket is analogous to a public key certificate (a Kerberos ticket is supplied to provide access to resources). However, Kerberos tickets usually have lifetimes measured in days or hours rather than months or years.
Incorrect Answers:
A: Kerberos tickets do not actually contain public keys. They use symmetric cryptography which uses one shared key instead of asymmetric cryptography which uses public-private key pairs.
B: Kerberos tickets do not contain private keys. They use symmetric cryptography which uses one shared key instead of asymmetric cryptography which uses public-private key pairs.
D: Private-key certificates are always kept by the authentication provider; they are never distributed to subjects that require access to resources. The public key is given to the subject to provide access to a resource in a similar way to a Kerberos ticket.
References:
, 5th Edition, Auerbach Publications, Boca Raton, 2006, p. 1438
Which of the following is TRUE about digital certificate?
A. It is the same as digital signature proving Integrity and Authenticity of the data
B. Electronic credential proving that the person the certificate was issued to is who they claim to be.
C. You can only get digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user.
D. Can’t contain geography data such as country for example.
Correct Answer: B
Each person who wants to participate in a PKI requires a digital certificate, which is a credential that contains the public key for that individual along with other identifying information. The certificate is created and signed (digital signature) by a trusted third party, which is a certificate authority (CA). When the CA signs the certificate, it binds the individuals identity to the public key, and the CA takes liability for the authenticity of that individual. It is this trusted third party (the CA) that allows people who have never met to authenticate to each other and to communicate in a secure method. If Kevin has never met Dave but would like to communicate securely with him, and they both trust the same CA, then Kevin could retrieve Daves digital certificate and start the process.
Incorrect Answers:
A: A digital certificate is not the same as a digital signature proving Integrity and Authenticity of the data. A digital certificate binds a key to an identity.
C: It is not true that you can only get a digital certificate from Verisign, RSA if you wish to prove the key belong to a specific user; you can get a digital certificate from any CA. The CA needs to be trusted however for the certificate to be effective. The CA can be one of many public CAs or it can be part of a private PKI.
D: A digital certificate can contain geography data such as country for example.
References:
, 6th Edition, McGraw-Hill, 2013, p. 834
FIPS-140 is a standard for the security of which of the following?
A. Cryptographic service providers
B. Smartcards
C. Hardware and software cryptographic modules
D. Hardware security modules
Correct Answer: C
The National Institute of Standards and Technology (NIST) issues the 140 Publication Series to coordinate the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the United States federal government. FIPS 140 does not purport to provide sufficient conditions to guarantee that a module conforming to its requirements is secure, still less that a system built using such modules is secure. The requirements cover not only the cryptographic modules themselves but also their documentation and (at the highest security level) some aspects of the comments contained in the source code.
Incorrect Answers:
A: FIPS-140 is not a standard for cryptographic service providers.
B: FIPS-140 is not a standard for smartcards.
D: FIPS-140 is not a standard for hardware security modules.
References:
https://en.wikipedia.org/wiki/FIPS_140
Which of the following can best define the “revocation request grace period”?
A. The period of time allotted within which the user must make a revocation request upon a revocation reason
B. Minimum response time for performing a revocation by the CA
C. Maximum response time for performing a revocation by the CA
D. Time period between the arrival of a revocation request and the publication of the revocation information
Correct Answer: C
Occasionally, a certificate authority needs to revoke a certificate. This might occur for one of the following reasons:
✑ The certificate was compromised.
✑ The certificate was erroneously issued.
✑ The details of the certificate changed.
✑ The security association changed.
The revocation request grace period is the maximum response time within which a CA will perform any requested revocation. This is defined in the certificate practice statement (CPS). The CPS states the practices a CA employs when issuing or managing certificates.
Incorrect Answers:
A: The revocation request grace period is not the period of time allotted within which the user must make a revocation request upon a revocation reason.
B: The revocation request grace period is the maximum response time, not the minimum response time within which a CA will perform any requested revocation.
D: The revocation request grace period is not the period of time between the arrival of a revocation request and the publication of the revocation information.
Publication of a certificate revocation list does not always happen as soon as a certificate has been revoked.
Which is NOT a suitable method for distributing certificate revocation information?
A. CA revocation mailing list
B. Delta CRL
C. OCSP (online certificate status protocol)
D. Distribution point CRL
Correct Answer: A
A CA revocation mailing list is NOT a suitable method for distributing certificate revocation information.
There are several mechanisms to represent revocation information; RFC 2459 defines one such method. This method involves each CA periodically issuing a signed data structure called a certificate revocation list (CRL). A CRL is a time stamped list identifying revoked certificates, which is signed by a CA and made freely available in a public repository.
There are several types of CRLs: full CRLs (also known as base CRLs), delta CRLs, and CRL Distribution Points (CDPs). Full CRLs contain the status of all certificates. Delta CRLs contain only the status of all certificates that have changed status between the issuance the last Base CRL.
CRL Distribution Point (CDP) is a certificate extension that indicates where the certificate revocation list for a CA can be retrieved. This extension can contain multiple HTTP, FTP, File or LDAP URLs for the retrieval of the CRL.
Online Certificate Status Protocol (OCSP) is a protocol that allows real-time validation of a certificate’s status by having the CryptoAPI make a call to an OCSP responder and the OCSP responder providing an immediate validation of the revocation status for the presented certificate. Typically, the OCSP responder uses
CRLs for retrieving certificate status information.
Incorrect Answers:
B: A Delta CRL is a suitable method for distributing certificate revocation information.
C: OCSP (online certificate status protocol) is a suitable method for distributing certificate revocation information.
D: Distribution point CRL is a suitable method for distributing certificate revocation information.
References:
https://technet.microsoft.com/en-us/library/cc700843.aspx
Which encryption algorithm is BEST suited for communication with handheld wireless devices? A. ECC (Elliptic Curve Cryptosystem) B. RSA C. SHA D. RC4
Correct Answer: A
Elliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An elliptic curve cryptosystem (ECC) provides much of the same functionality RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECCs efficiency. ECC is more efficient than RSA and any other asymmetric algorithm.
Some devices have limited processing capacity, storage, power supply, and bandwidth, such as wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality, requiring a smaller percentage of the resources compared to RSA and other algorithms, so it is used in these types of devices.
In most cases, the longer the key, the more protection that is provided, but ECC can provide the same level of protection with a key size that is shorter than what
RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device.
Incorrect Answers:
B: RSA is less efficient than ECC which makes RSA less suited for communication with handheld wireless devices.
C: SHA is a hashing algorithm; it is not an encryption algorithm suited for communication with handheld wireless devices.
D: RC4 is a symmetric algorithm whereas ECC is asymmetric which makes ECC more suited for communication with handheld wireless devices.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 818-819
Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? A. Message non-repudiation. B. Message confidentiality. C. Message interleave checking. D. Message integrity.
Correct Answer: D
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both of which are frequently referred to as ‘SSL’, are cryptographic protocols designed to provide communications security over a computer network.
The connection is reliable because each message transmitted includes a message integrity check using a message authentication code to prevent undetected loss or alteration of the data during transmission.
A message authentication code (MAC) is a short piece of information used to authenticate a messagein other words, to provide integrity and authenticity assurances on the message. Integrity assurances detect accidental and intentional message changes, while authenticity assurances affirm the message’s origin.
A MAC algorithm, sometimes called a keyed (cryptographic) hash function (however, cryptographic hash function is only one of the possible ways to generate
MACs), accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). The MAC value protects both a message’s data integrity as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.
Incorrect Answers:
A: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message non-repudiation.
B: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message confidentiality; it uses symmetric cryptography for that.
C: Secure Sockets Layer (SSL) does not use a Message Authentication Code (MAC) for message interleave checking.
References:
https://en.wikipedia.org/wiki/Transport_Layer_Security
https://en.wikipedia.org/wiki/Message_authentication_code
Which of the following services is NOT provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signature D. Authentication
Correct Answer: A
Digital signatures do not provide encryption.
The purpose of digital signatures is to detect unauthorized modifications of data, and to authenticate the identity of the signatories and non-repudiation. These functions are accomplished by generating a block of data that is usually smaller than the size of the original data. This smaller block of data is bound to the original data and to the identity of the sender. This binding verifies the integrity of data and provides non-repudiation. To quote the National Institute Standards and
Technology (NIST) Digital Signature Standard (DSS): Digital signatures are used to detect unauthorized modifications to data and to authenticate the identity of the signatory. In addition, the recipient of signed data can use a digital signature in proving to a third party that the signature was in fact generated by the signatory.
Incorrect Answers:
B: Digital signatures do provide integrity.
C: The digital signature standard (DSS) as its name suggests is all about digital signatures.
D: Digital signatures do provide authentication.
References:
, John Wiley & Sons, New York, 2001, p. 151
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? A. Key collision B. Key clustering C. Hashing D. Ciphertext collision
Correct Answer: B
In cryptography, key clustering is said to occur when two different keys generate the same ciphertext from the same plaintext, using the same cipher algorithm. A good cipher algorithm, using different keys on the same plaintext, should generate a different ciphertext, irrespective of the key length.
Incorrect Answers:
A: Key collision is not the correct term to describe an instance of two different keys generating the same ciphertext from the same plaintext.
C: Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. This is not what is described in the question.
D: Ciphertext collision is not the correct term to describe an instance of two different keys generating the same ciphertext from the same plaintext.
References:
https://en.wikipedia.org/wiki/Key_clustering
Which of the following is TRUE about link encryption?
A. Each entity has a common key with the destination node.
B. Encrypted messages are only decrypted by the final node.
C. This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
D. Only secure nodes are used in this type of transmission.
Correct Answer: C
With Link Encryption each entity has keys in common with its two neighboring nodes in the transmission chain. Thus, a node receives the encrypted message from its predecessor (the neighboring node), decrypts it, and then re-encrypts it with another key that is common to the successor node. Then, the encrypted message is sent on to the successor node where the process is repeated until the final destination is reached. Obviously, this mode does not provide protection if the nodes along the transmission path can be compromised.
Incorrect Answers:
A: It is not true that each entity has a common key with the destination node. Each entity has keys in common with only its two neighboring nodes.
B: It is not true that encrypted messages are only decrypted by the final node. Every node in the chain (except the original sending node) decrypts the message.
D: It is not true that only secure nodes are used in this type of transmission. The data is encrypted for security; the nodes themselves can be insecure.
References:
, John Wiley & Sons, New York, 2001, p. 126
What type of key would you find within a browser's list of trusted root CAs? A. Private key B. Symmetric key C. Recovery key D. Public key
Correct Answer: D
In cryptography, a public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key.
The certificate includes information about the key, information about its owner’s identity, and the digital signature of an entity that has verified the certificate’s contents are correct. If the signature is valid, and the person examining the certificate trusts the signer, then they know they can use that key to communicate with its owner.
In a typical public-key infrastructure (PKI) scheme, the signer is a certificate authority (CA), usually a company which charges customers to issue certificates for them.
If you trust the Root CA, youll trust all certificates issued by the CA. All web browsers come with an extensive built-in list of trusted root certificates, many of which are controlled by organizations that may be unfamiliar to the user. The built-in list of trusted root certificates is a collection of Public Key certificates from the CAs.
Incorrect Answers:
A: The private key is always retained by the owner (in this case, a CA); it is never distributed.
B: You would not find a symmetric key within a browser’s list of trusted root CAs.
C: You would not find a recovery key within a browser’s list of trusted root CAs.
References:
https://en.wikipedia.org/wiki/Public_key_certificate
Which of the following modes of DES is MOST likely used for Database Encryption? A. Electronic Code Book (ECB) B. Cipher Block Chaining (CBC) C. Cipher Feedback (CFB) D. Output Feedback (OFB)
Correct Answer: A
Electronic Code Book (ECB) works with blocks of data independently. As a result, data within a file does not have to be encrypted in a specific order. This is extremely accommodating when making use of encryption in databases.
Incorrect Answers:
B: Cipher Block Chaining (CBC) is mostly used for encrypting message data.
C: Cipher Feedback (CFB) is mostly used for encrypting message data.
D: Output Feedback (OFB) is used for encrypting digitized video or voice signals.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 800-807
Which of the following is NOT an example of an asymmetric key algorithm? A. Elliptic curve cryptosystem (ECC) B. Diffie-Hellman C. Advanced Encryption Standard (AES) D. Merkle-Hellman Knapsack
Correct Answer: C
Advanced Encryption Standard (AES) is a block symmetric cipher that makes use of 128-bit block sizes and various key lengths.
Incorrect Answers:
A, B, & D: Elliptic curve cryptosystem (ECC), Diffie-Hellman, and Merkle-Hellman Knapsack are asymmetric key algorithms.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 811, 815
What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. A. Trusted Platform Module (TPM) B. Trusted BIOS Module (TBM) C. Central Processing Unit (CPU) D. Arithmetic Logical Unit (ALU)
Correct Answer: A
The Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers. TPM is dedicated to executing security functions that include the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
Incorrect Answers:
B: Trusted BIOS Module is not a valid term.
C: A central processing unit (CPU) is the electronic circuitry within a computer that carries out the instructions of a computer program by executing the basic arithmetic, logical, control and input/output (I/O) operations detailed by the instructions.
D: An arithmetic logic unit (ALU) refers to a digital electronic circuit that executes arithmetic and bitwise logical operations on integer binary numbers.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 843
https://en.wikipedia.org/wiki/Central_processing_unit
https://en.wikipedia.org/wiki/Arithmetic_logic_unit
Which of the following is NOT a property of the Rijndael block cipher algorithm?
A. The key sizes must be a multiple of 32 bits
B. Maximum block size is 256 bits
C. Maximum key size is 512 bits
D. The key size does not have to match the block size
Correct Answer: C
The maximum key size is 256 bits, not 512 bits.
Rijndael is a block symmetric cipher that was chosen to fulfill the Advanced Encryption Standard. It uses a 128-bit block size and various key lengths (128, 192,
256).
The Rijndael specification is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.
Incorrect Answers:
A: It is true that the key sizes must be a multiple of 32 bits.
B: It is true that the maximum block size is 256 bits.
D: It is true that the key size does not have to match the block size.
References:
http://searchsecurity.techtarget.com/definition/Rijndael
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
, John Wiley & Sons, New York, 2001, p. 145
Which of the following is not a property of the Rijndael block cipher algorithm?
A. It employs a round transformation that is comprised of three layers of distinct and invertible transformations.
B. It is suited for high speed chips with no area restrictions.
C. It operates on 64-bit plaintext blocks and uses a 128 bit key.
D. It could be used on a smart card.
Correct Answer: C
This option is incorrect because the block sizes supported by Rijndael are 128, 192, and 256 bits.
Incorrect Answers:
A: Rijndael is a substitution linear transformation cipher that uses triple discreet invertible uniform transformations.
B, D: The Advanced Encryption Standard (AES), also known as Rijndael, performs well on a wide variety of hardware. Hardware ranges from 8-bit smart cards to high-performance computers.
References:
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
http://searchsecurity.techtarget.com/definition/Rijndael
An X.509 public key certificate with the key usage attribute "non-repudiation" can be used for which of the following? A. encrypting messages B. signing messages C. verifying signed messages D. decrypting encrypted messages
Correct Answer: C
Support for two pairs of public-private keys is a fundamental requirement for some PKIs. One key pair is for data encryption and the other key pair is for digitally signing documents.
When digitally signing a message for non-repudiation, the private key is used. The public key (with the key usage attribute “non-repudiation”) associated with the private key is used to verify the signed messages.
Incorrect Answers:
A: An X.509 public key certificate with the key usage attribute “non-repudiation” cannot be used for encrypting messages.
B: When digitally signing a message for non-repudiation, the private key is used, not the public key.
D: An X.509 public key certificate with the key usage attribute “non-repudiation” cannot be used for decrypting messages.
References:
https://docs.oracle.com/cd/E13215_01/wlibc/docs81/admin/certificates.html
Question #182Topic 3
Which of the following would best describe certificate path validation?
A. Verification of the validity of all certificates of the certificate chain to the root certificate
B. Verification of the integrity of the associated root certificate
C. Verification of the integrity of the concerned private key
D. Verification of the revocation status of the concerned certificate
Correct Answer: A
The certification path validation algorithm is the algorithm which verifies that a given certificate path is valid under a given public key infrastructure (PKI). A path starts with the Subject certificate and proceeds through a number of intermediate certificates up to a trusted root certificate, typically issued by a trusted
Certification Authority (CA).
Path validation is necessary for a relying party to make an informed trust decision when presented with any certificate that is not already explicitly trusted. For example, in a hierarchical PKI, a certificate chain starting with a web server certificate might lead to a small CA, then to an intermediate CA, then to a large CA whose trust anchor is present in the relying party’s web browser.
Incorrect Answers:
B: Certificate path validation is not verification of the integrity of the associated root certificate.
C: Certificate path validation is not verification of the integrity of the concerned private key.
D: Certificate path validation is not verification of the revocation status of the concerned certificate; this is a Certificate Revocation Check.
References:
https://en.wikipedia.org/wiki/Certification_path_validation_algorithm
What is the name for a substitution cipher that shifts the alphabet by 13 places? A. Caesar cipher B. Polyalphabetic cipher C. ROT13 cipher D. Transposition cipher
Correct Answer: C
ROT13 was an encryption method that is similar to Caesar cipher, but instead of shifting 3 spaces in the alphabet it shifted 13 spaces.
Incorrect Answers:
A: Caesar cipher shifts three spaces.
B: A polyalphabetic cipher makes use of more than one alphabet.
D: Transposition cyphers moves the original values around.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 762, 774, 778
What size is an MD5 message digest (hash)? A. 128 bits B. 160 bits C. 256 bits D. 128 bytes
Correct Answer: A MD5 generates a 128-bit hash. Incorrect Options: B: SHA generates a 160-bit hash value. C: SHA-256 generates a 256-bit value. D: MD5 generates a 128-bit, not a 128 byte, hash. Reference: , 6th Edition, McGraw-Hill, 2013, pp. 826, 827
Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender?
A. Message Authentication Code - MAC
B. PAM - Pluggable Authentication Module
C. NAM - Negative Acknowledgement Message
D. Digital Signature Certificate
Correct Answer: A
Message Authentication Code (MAC) is a keyed cryptographic hash function that is used for data integrity and data origin authentication.
Incorrect Answers:
B: A pluggable authentication module (PAM) is used to integrate multiple low-level authentication schemes into a high-level application programming interface
(API).
C: A Negative Acknowledgement Message is a protocol message that is sent in many communications protocols to negatively acknowledge or reject a previously received message, or to show some kind of error.
D: Digital Signature Certificate is an invalid term. Digital signatures and digital certificates are two different security measures.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 832
https://en.wikipedia.org/wiki/Pluggable_authentication_module https://en.wikipedia.org/wiki/NAK_(protocol_message) http://searchsecurity.techtarget.com/answer/The-difference-between-a-digital-signature-and-digital-certificate
Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer? A. TPM - Trusted Platform Module B. TPM - Trusted Procedure Module C. Smart Card D. Enigma Machine
Correct Answer: A
The Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers. TPM is dedicated to executing security functions that include the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
Incorrect Answers:
B: Trusted Procedure Module is not a valid term.
C: A smart card is not located on the motherboard of a computer.
D: The Enigma machines were a series of electro-mechanical rotor cipher machines developed and used to protect commercial, diplomatic and military communication.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 200, 201, 843
https://en.wikipedia.org/wiki/Enigma_machine
Which of the following statements pertaining to stream ciphers is TRUE?
A. A stream cipher is a type of asymmetric encryption algorithm.
B. A stream cipher generates what is called a keystream.
C. A stream cipher is slower than a block cipher.
D. A stream cipher is not appropriate for hardware-based encryption.
Correct Answer: B
A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Since encryption of each digit is dependent on the current state of the cipher, so it is also known as state cipher. In practice, a digit is typically a bit and the combining operation an exclusive-or
(XOR).
The pseudorandom keystream is typically generated serially from a random seed value using digital shift registers. The seed value serves as the cryptographic key for decrypting the ciphertext stream.
Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to serious security problems if used incorrectly; in particular, the same starting state (seed) must never be used twice.
Incorrect Answers:
A: A stream cipher is not a type of asymmetric encryption algorithm; it is a symmetric key cipher.
C: A stream cipher is not slower than a block cipher; it is faster.
D: Stream ciphers require a lot of randomness and encrypt individual bits at a time. This requires more processing power than block ciphers require, which is why stream ciphers are better suited to be implemented at the hardware level.
References:
https://en.wikipedia.org/wiki/Stream_cipher
Which of the following statements pertaining to block ciphers is NOT true?
A. It operates on fixed-size blocks of plaintext.
B. It is more suitable for software than hardware implementations.
C. Plain text is encrypted with a public key and decrypted with a private key.
D. Some Block ciphers can operate internally as a stream.
Correct Answer: C
It is not true that plain text is encrypted with a public key and decrypted with a private key with a block cipher. Block ciphers use symmetric keys.
In cryptography, a block cipher is a deterministic algorithm operating on fixed-length groups of bits, called blocks, with an unvarying transformation that is specified by a symmetric key. Block ciphers are important elementary components in the design of many cryptographic protocols, and are widely used to implement encryption of bulk data.
Stream ciphers represent a different approach to symmetric encryption from block ciphers. Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction is not always clear-cut: in some modes of operation, a block cipher primitive is used in such a way that it acts effectively as a stream cipher.
Incorrect Answers:
A: It is true that a block cipher operates on fixed-size blocks of plaintext.
B: Stream ciphers require a lot of randomness and encrypt individual bits at a time. This requires more processing power than block ciphers require, which is why stream ciphers are better suited to be implemented at the hardware level. Because block ciphers do not require as much processing power, they can be easily implemented at the software level.
D: It is true that some Block ciphers can operate internally as a stream.
References:
https://en.wikipedia.org/wiki/Block_cipher
https://en.wikipedia.org/wiki/Stream_cipher
Cryptography does NOT help in: A. detecting fraudulent insertion. B. detecting fraudulent deletion. C. detecting fraudulent modification. D. detecting fraudulent disclosure.
Correct Answer: B
Cryptography can prevent unauthorized users from being able to read or modify the data. However, it cannot prevent someone deleting the encrypted data.
Modern cryptography concerns itself with the following four objectives:
1. Confidentiality (the information cannot be understood by anyone for whom it was unintended)
2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected)
3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information)
4. Authentication (the sender and receiver can confirm each others identity and the origin/destination of the information.
Incorrect Answers:
A: Integrity means that the information cannot be altered in storage or transit. This also means that the data is protected against fraudulent insertion.
C: Integrity means that the information cannot be altered in storage or transit. This also means that the data is protected against fraudulent modification.
D: Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure.
References:
http://searchsoftwarequality.techtarget.com/definition/cryptography
, 6th Edition, McGraw-Hill, 2013, p. 24
What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)?
A. The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.
B. The OCSP (Online Certificate Status Protocol) is a proprietary certificate mechanism developed by Microsoft and a Certificate Revocation List (CRL) is an open standard.
C. The OCSP (Online Certificate Status Protocol) is used only by Active Directory and a Certificate Revocation List (CRL) is used by Certificate Authorities
D. The OCSP (Online Certificate Status Protocol) is a way to check the attributes of a certificate and a Certificate Revocation List (CRL) is used by Certificate
Correct Answer: A
The CA is responsible for creating and handing out certificates, maintaining them, and revoking them if necessary. Revocation is handled by the CA, and the revoked certificate information is stored on a certificate revocation list (CRL). This is a list of every certificate that has been revoked. This list is maintained and updated periodically.
Online Certificate Status Protocol (OCSP) is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the users browser must either check a central CRL to find out if the certification has been revoked or the CA has to continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process.
Incorrect Answers:
B: The OCSP (Online Certificate Status Protocol) is not a proprietary certificate mechanism developed by Microsoft; it is an open standard.
C: The OCSP (Online Certificate Status Protocol) is not used only by Active Directory.
D: The OCSP (Online Certificate Status Protocol) is not a way to check the attributes of a certificate; it is a way to check the revocation status of a certificate.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 836-837
Which of the following is BEST at defeating frequency analysis? A. Substitution cipher B. Polyalphabetic cipher C. Transposition cipher D. Ceasar cipher
Correct Answer: B
A polyalphabetic cipher makes use of more than one alphabet to conquer frequency analysis.
Incorrect Answers:
A, C: Substitution and transposition ciphers are susceptible to attacks that perform frequency analysis.
D: The Ceasar Cipher is a type of substitution cipher.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 780, 781, 871
A code, as is pertains to cryptography: A. is a generic term for encryption. B. is specific to substitution ciphers. C. deals with linguistic units. D. is specific to transposition ciphers.
Correct Answer: C
Historically, a code refers to a cryptosystem that deals with linguistic units: words, phrases, sentences, and so forth. For example, the word “OCELOT” might be the ciphertext for the entire phrase “TURN LEFT 90 DEGREES,” the word “LOLLIPOP” might be the ciphertext for “TURN RIGHT 90 DEGREES”.
Codes are only useful for specialized circumstances where the message to transmit has an already defined equivalent ciphertext word.
Incorrect Answers:
A: A code is not a generic term for encryption.
B: A code is not specific to substitution ciphers.
D: A code is not a specific to transposition ciphers.
References:
https://www.cs.duke.edu/courses/fall02/cps182s/readings/APPLYC1.pdf
Which of the following is NOT a known type of Message Authentication Code (MAC)?
A. Keyed-hash message authentication code (HMAC)
B. DES-CBC
C. Signature-based MAC (SMAC)
D. Universal Hashing Based MAC (UMAC)
Correct Answer: C
Signature-based MAC (SMAC) is not a known type of Message Authentication Code (MAC).
Message authentication code is a cryptographic function that uses a hashing algorithm and symmetric key for data integrity and system origin functions.
A keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key.
A cipher block chaining message authentication code (CBC-MAC) is a technique for constructing a message authentication code from a block cipher. The message is encrypted with some block cipher algorithm in CBC mode to create a chain of blocks such that each block depends on the proper encryption of the previous block.
A message authentication code based on universal hashing, or UMAC, is a type of message authentication code (MAC) calculated choosing a hash function from a class of hash functions according to some secret (random) process and applying it to the message.
Incorrect Answers:
A: Keyed-hash message authentication code (HMAC) is a known type of Message Authentication Code (MAC).
B: DES-CBC is a known type of Message Authentication Code (MAC).
D: Universal Hashing Based MAC (UMAC) is a known type of Message Authentication Code (MAC).
References:
https://en.wikipedia.org/wiki/UMAC
https://en.wikipedia.org/wiki/Hash-based_message_authentication_code https://en.wikipedia.org/wiki/CBC-MAC
What is the maximum key size for the RC5 algorithm? A. 128 bits B. 256 bits C. 1024 bits D. 2040 bits1
Correct Answer: D
RC5 is a block cipher that has a variety of parameters it can use for block size, key size, and the number of rounds used. It was created by Ron Rivest and analyzed by RSA Data Security, Inc. The block sizes used in this algorithm are 32, 64, or 128 bits, and the key size goes up to 2,048 bits. The number of rounds used for encryption and decryption is also variable. The number of rounds can go up to 255.
Incorrect Answers:
A: The maximum key size for the RC5 algorithm is 2048 bits, not 128 bits.
B: The maximum key size for the RC5 algorithm is 2048 bits, not 256 bits.
C: The maximum key size for the RC5 algorithm is 2048 bits, not 1024 bits.
References:
, 6th Edition, McGraw-Hill, 2013, p. 810
Which of the following algorithms is a stream cipher? A. RC2 B. RC4 C. RC5 D. RC6
Correct Answer: B
RC4 is one of the most commonly implemented stream ciphers.
Incorrect Answers:
A, C, & D: RC2, RC5and RC6 are block ciphers.
References:
, 6th Edition, McGraw-Hill, 2013, p. 810
https://en.wikipedia.org/wiki/RC2
In an SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? A. Both client and server B. The client's browser C. The web server D. The merchant's Certificate Server
Correct Answer: A
This is a tricky question. The client generates the “pre-master” secret. See step 4 of the process below. However, the master secret that will be used as a seed to generate the symmetric keys is generated (from the pre-master secret) by both the client and server. See step 6 below.
The steps involved in the SSL handshake are as follows (note that the following steps assume the use of the cipher suites listed in Cipher Suites with RSA Key
Exchange: Triple DES, RC4, RC2, DES):
1. The client sends the server the client’s SSL version number, cipher settings, session-specific data, and other information that the server needs to communicate with the client using SSL.
2. The server sends the client the server’s SSL version number, cipher settings, session-specific data, and other information that the client needs to communicate with the server over SSL. The server also sends its own certificate, and if the client is requesting a server resource that requires client authentication, the server requests the client’s certificate.
3. The client uses the information sent by the server to authenticate the server (see Server Authentication for details). If the server cannot be authenticated, the user is warned of the problem and informed that an encrypted and authenticated connection cannot be established. If the server can be successfully authenticated, the client proceeds to step 4.
4. Using all data generated in the handshake thus far, the client (with the cooperation of the server, depending on the cipher being used) creates the pre-master secret for the session, encrypts it with the server’s public key (obtained from the server’s certificate, sent in step 2), and then sends the encrypted pre-master secret to the server.
5. If the server has requested client authentication (an optional step in the handshake), the client also signs another piece of data that is unique to this handshake and known by both the client and server. In this case, the client sends both the signed data and the client’s own certificate to the server along with the encrypted pre-master secret.
6. If the server has requested client authentication, the server attempts to authenticate the client (see Client Authentication for details). If the client cannot be authenticated, the session ends. If the client can be successfully authenticated, the server uses its private key to decrypt the pre-master secret, and then performs a series of steps (which the client also performs, starting from the same pre-master secret) to generate the master secret.
7. Both the client and the server use the master secret to generate the session keys, which are symmetric keys used to encrypt and decrypt information exchanged during the SSL session and to verify its integrity (that is, to detect any changes in the data between the time it was sent and the time it is received over the SSL connection).
8. The client sends a message to the server informing it that future messages from the client will be encrypted with the session key. It then sends a separate
(encrypted) message indicating that the client portion of the handshake is finished.
9. The server sends a message to the client informing it that future messages from the server will be encrypted with the session key. It then sends a separate
(encrypted) message indicating that the server portion of the handshake is finished.
10. The SSL handshake is now complete and the session begins. The client and the server use the session keys to encrypt and decrypt the data they send to each other and to validate its integrity.
11. This is the normal operation condition of the secure channel. At any time, due to internal or external stimulus (either automation or user intervention), either side may renegotiate the connection, in which case, the process repeats itself.
Incorrect Answers:
B: The client generates the “pre-master” secret, not the “master secret”. The master secret that will be used as a seed to generate the symmetric keys is generated (from the pre-master secret) by both the client and server.
C: The master certificate is not generated by the web server alone; the client also generates the master secret.
D: The merchant’s Certificate Server does not generate the master secret.
References:
https://support.microsoft.com/en-us/kb/257591
Which of the following was NOT designed to be a proprietary encryption algorithm? A. RC2 B. RC4 C. Blowfish D. Skipjack
Correct Answer: C
Blowfish is a block cipher that works on 64-bit blocks of data. The key length can be anywhere from 32 bits up to 448 bits, and the data blocks go through 16 rounds of cryptographic functions. It was intended as a replacement to the aging DES. While many of the other algorithms have been proprietary and thus encumbered by patents or kept as government secrets, this wasn’t the case with Blowfish. Bruce Schneier, the creator of Blowfish, has stated, “Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone.”
Incorrect Answers:
A: RC2 was designed to be a proprietary encryption algorithm.
B: RC4 was designed to be a proprietary encryption algorithm.
D: Skipjack was designed to be a proprietary encryption algorithm.
References:
, 6th Edition, McGraw-Hill, 2013, p. 810
What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits
Correct Answer: D
The Clipper Chip made use of the Skipjack algorithm, which is a symmetric cipher that uses an 80-bit key.
Incorrect Answers:
A: RC4 is able to use key sizes ranging from 40 bits to 256 bits.
B: DES makes use of a 64-bit key, of which 56 bits make up the true key, and 8 bits are used for parity.
C: DES makes use of a 64-bit key, of which 56 bits make up the true key, and 8 bits are used for parity.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 800-802,
Which of the following is NOT an encryption algorithm? A. Skipjack B. SHA-1 C. Twofish D. DEA
Correct Answer: B
SHA-1 is a hashing algorithm.
Incorrect Answers:
A: Skipjack is an algorithm used for encryption.
C: Twofish is a symmetric block cipher that is used for encryption.
D: DEA is the algorithm that fulfills DES, which provides encryption.
References:
, 6th Edition, McGraw-Hill, 2013, p. 800, 831
https://en.wikipedia.org/wiki/Skipjack_(cipher)
Which of the following would BEST describe a Concealment cipher?
A. Permutation is used, meaning that letters are scrambled.
B. Every X number of words within a text, is a part of the real message.
C. Replaces bits, characters, or blocks of characters with different bits, characters or blocks.
D. Hiding data in another message so that the very existence of the data is concealed.
Correct Answer: B
The concealment cipher is a symmetric key, transposition cipher where the words or characters of the plaintext message are embedded in a page of words or characters at a consistent interval.
Incorrect Answers:
A: Transposition cyphers moves the original values around.
C: The substitution cipher substitutes bits, characters, or blocks of characters with different bits, characters, or blocks.
D: Steganography is a technique used to hide data in another media type so that the presence of the data is masked.
Reference:
, OReilly Media, 2013, California, p. 156
, 6th Edition, McGraw-Hill, 2013, pp. 774, 777
While using IPsec, the ESP and AH protocols both provide integrity services. However, when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and its Integrity Check Value (ICV) the MOST?
A. Key session exchange
B. Packet Header Source or Destination address
C. VPN cryptographic key size
D. Cryptographic algorithm used
Correct Answer: B
AH provides authentication and integrity, and ESP can provide those two functions and confidentiality. Why even bother with AH then? In most cases, the reason has to do with whether the environment is using network address translation (NAT). IPSec will generate an integrity check value (ICV), which is really the same thing as a MAC value, over a portion of the packet. Remember that the sender and receiver generate their own integrity values. In IPSec, it is called an ICV value.
The receiver compares her ICV value with the one sent by the sender. If the values match, the receiver can be assured the packet has not been modified during transmission. If the values are different, the packet has been altered and the receiver discards the packet.
The AH protocol calculates this ICV over the data payload, transport, and network headers. If the packet then goes through a NAT device, the NAT device changes the IP address of the packet. That is its job. This means a portion of the data (network header) that was included to calculate the ICV value has now changed, and the receiver will generate an ICV value that is different from the one sent with the packet, which means the packet will be discarded automatically.
The ESP protocol follows similar steps, except it does not include the network header portion when calculating its ICV value. When the NAT device changes the IP address, it will not affect the receivers ICV value because it does not include the network header when calculating the ICV.
Incorrect Answers:
A: The key session exchange does not affect the use of AH and its Integrity Check Value.
C: The VPN cryptographic key size does not affect the use of AH and its Integrity Check Value.
D: The crypotographic algorithm used does not affect the use of AH and its Integrity Check Value.
, 6th Edition, McGraw-Hill, 2013, pp. 862-863
Which of the following protocols offers native encryption?
A. IPSEC, SSH, PPTP, SSL, MPLS, L2F, and L2TP
B. IPSEC, SSH, SSL, TFTP
C. IPSEC, SSH, SSL, TLS
D. IPSEC, SSH, PPTP, SSL, MPLS, and L2TP
Correct Answer: C
IPSec (Internet Protocol Security) is a standard that provides encryption, access control, non-repudiation, and authentication of messages over an IP network.
SSH (Secure Shell) is a set of protocols that are primarily used for remote access over a network by establishing an encrypted tunnel between an SSH client and an SSH server.
SSL (Secure Sockets Layer) is an encryption technology that is used to provide secure transactions such as the exchange of credit card numbers. SSL is a socket layer security protocol and is a two-layered protocol that contains the SSL Record Protocol and the SSL Handshake Protocol. Similar to SSH, SSL uses symmetric encryption for private connections and asymmetric or public key cryptography for peer authentication.
Incorrect Answers:
A: MPLS (Multiprotocol Label Switching) is a WAN technology that does not provide encryption. L2F (Layer 2 Forwarding Protocol) is a tunneling protocol that does not provide encryption by itself. L2TP (Layer 2 Tunneling Protocol) is also a tunneling protocol that does not provide encryption by itself.
B: TFTP (Trivial File Transfer Protocol) is used for transferring files. TFTP does not provide encryption.
D: MPLS (Multiprotocol Label Switching) is a WAN technology that does not provide encryption. L2TP (Layer 2 Tunneling Protocol) is a tunneling protocol that does not provide encryption by itself.
References:
, John Wiley & Sons, New York, 2001, p. 86
What is the key size of the International Data Encryption Algorithm (IDEA)? A. 64 bits B. 128 bits C. 160 bits D. 192 bits
Correct Answer: B
International Data Encryption Algorithm (IDEA) is a block cipher that operates on 64-bit blocks of data, which is divided into 16 smaller blocks, with eight rounds of mathematical functions performed on each to produce a key that is 128 bits long.
Incorrect Answers:
A: The block of data that the International Data Encryption Algorithm (IDEA) operates on is 64 bit in size.
C: SHA produces a 160-bit hash value.
D: Tiger produces a hash size of 192 bits.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 809, 810,
Which of the following statements pertaining to key management is NOT true?
A. The more a key is used, the shorter its lifetime should be.
B. When not using the full keyspace, the key should be extremely random.
C. Keys should be backed up or escrowed in case of emergencies.
D. A key’s lifetime should correspond with the sensitivity of the data it is protecting.
Correct Answer: B
The rules for keys and key management advise that the keys must be extremely random. It also states that the algorithm must make use of the full spectrum of the keyspace.
Incorrect Answers:
A, C, D: These options are included in the rules for keys and key management.
References:
, 6th Edition, McGraw-Hill, 2013, p. 842
Which of the following statements pertaining to link encryption is FALSE?
A. It encrypts all the data along a specific communication path.
B. It provides protection against packet sniffers and eavesdroppers.
C. Information stays encrypted from one end of its journey to the other.
D. User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
Correct Answer: C
Link encryption encrypts all the data along a specific communication path, as in a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data that are part of the packets are also encrypted. The only traffic not encrypted in this technology is the data link control messaging information, which includes instructions and parameters that the different link devices use to synchronize communication methods.
Link encryption provides protection against packet sniffers and eavesdroppers.
Link encryption, which is sometimes called online encryption, is usually provided by service providers and is incorporated into network protocols. All of the information is encrypted, and the packets must be decrypted at each hop so the router, or other intermediate device, knows where to send the packet next. The router must decrypt the header portion of the packet, read the routing and address information within the header, and then re-encrypt it and send it on its way.
Incorrect Answers:
A: It is true that link encryption encrypts all the data along a specific communication path.
B: It is true that link encryption provides protection against packet sniffers and eavesdroppers.
C: It is true that user information, header, trailers, addresses and routing data that are part of the packets are encrypted.
References:
, 6th Edition, McGraw-Hill, 2013, p. 845-846
Which key agreement scheme uses implicit signatures? A. MQV B. DH C. ECC D. RSA
Correct Answer: A
MQV (Menezes-Qu-Vanstone) is an authentication key agreement cryptography function very similar to Diffie-Hellman. The users public keys are exchanged to create session keys. It provides protection from an attacker figuring out the session key because she would need to have both users private keys.
The MQV elliptic curve key agreement method is used to establish a shared secret between parties who already possess trusted copies of each others static public keys. Both parties still generate dynamic public and private keys and then exchange public keys. However, upon receipt of the other partys public key, each party calculates a quantity called an implicit signature using its own private key and the other partys public key. The shared secret is then generated from the implicit signature. The term implicit signature is used to indicate that the shared secrets do not agree if the other partys public key is not employed, thus giving implicit verification that the public secret is generated by the public party. An attempt at interception will fail as the shared secrets will not be the same shared secrets because the adversarys private key is not linked to the trusted public key.
Incorrect Answers:
B: DH (Diffie-Hellman) does not use implicit signatures.
C: ECC (Elliptic Curve Cryptosystem) does not use implicit signatures.
D: RSA does not use implicit signatures.
References:
, 6th Edition, McGraw-Hill, 2013, p. 815
Which of the following does NOT concern itself with key management?
A. Internet Security Association Key Management Protocol (ISAKMP)
B. Diffie-Hellman (DH)
C. Cryptology (CRYPTO)
D. Key Exchange Algorithm (KEA)
Correct Answer: C
Cryptology involves hiding data to make it unreadable by unauthorized parties. Keys are used to provide the encryption used in cryptology. However, cryptology itself is not concerned with the management of the keys used by the encryption algorithms.
Modern cryptography concerns itself with the following four objectives:
1. Confidentiality (the information cannot be understood by anyone for whom it was unintended)
2. Integrity (the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected)
3. Non-repudiation (the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information)
4. Authentication (the sender and receiver can confirm each others identity and the origin/destination of the information.
Incorrect Answers:
A: Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange.
B: The Diffie-Hellman protocol is a key agreement protocol.
D: Key Exchange Algorithm as its name suggests is used for the exchange of keys.
References:
http://searchsoftwarequality.techtarget.com/definition/cryptography
Which of the following statements pertaining to message digests is NOT true?
A. The original file cannot be created from the message digest.
B. Two different files should not have the same message digest.
C. The message digest should be calculated using at least 128 bytes of the file.
D. Message digests are usually of fixed size.
Correct Answer: C
A message digest should be calculated using all of the original files data regardless of whether the original data is more or less than 128 bytes.
The output of a hash function is called a message digest. The message digest is uniquely derived from the input file and, if the hash algorithm is strong, the message digest has the following characteristics:
1. The hash function is considered one-way because the original file cannot be created from the message digest.
2. Two files should not have the same message digest.
3. Given a file and its corresponding message digest, it should not be feasible to find another file with the same message digest.
4. The message digest should be calculated using all of the original files data.
Incorrect Answers:
A: It is true that the original file cannot be created from the message digest.
B: It is true that two different files should not have the same message digest.
D: It is true that message digests are usually of fixed size.
References:
, John Wiley & Sons, New York, 2001, p. 151-
Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? A. Timestamping B. Repository C. Certificate revocation D. Internet Key Exchange (IKE)
Correct Answer: D
Internet Key Exchange (IKE) is not included in a Public Key Infrastructure (PKI). IKE is a key management protocol used in IPSec.
A PKI may be made up of the following entities and functions:
✑ Certification authority
✑ Registration authority
✑ Certificate repository
✑ Certificate revocation system
✑ Key backup and recovery system
✑ Automatic key update
✑ Management of key histories
✑ Timestamping
✑ Client-side software
Incorrect Answers:
A: Timestamping is included in a Public Key Infrastructure (PKI).
B: Repository (certificate repository) is included in a Public Key Infrastructure (PKI).
C: Certificate revocation is included in a Public Key Infrastructure (PKI).
References:
, 6th Edition, McGraw-Hill, 2013, p. 839
Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundancy Check (CRC) D. Secure Hash Standard (SHS)
Correct Answer: B
In order to protect against fraud in electronic fund transfers, the Message Authentication Code (MAC), ANSI X9.9, was developed. The MAC is a check value, which is derived from the contents of the message itself, that is sensitive to the bit changes in a message. It is similar to a Cyclic Redundancy Check (CRC). A
MAC is appended to the message before it is transmitted. At the receiving end, a MAC is generated from the received message and is compared to the MAC of an original message. A match indicates that the message was received without any modification occurring while en route.
Incorrect Answers:
A: A consortium including MasterCard and Visa developed SET in 1997 as a means of preventing fraud from occurring during electronic payments. SET provides confidentiality for purchases by encrypting the payment information. Thus, the seller cannot read this information. This is not what is described in the question.
C: Cyclic redundancy checking is a method of checking for errors in data that has been transmitted on a communications link. A sending device applies a 16- or
32-bit polynomial to a block of data that is to be transmitted and appends the resulting cyclic redundancy code (CRC) to the block. This is not what is described in the question.
D: The Secure Hash Standard (SHS) is a set of cryptographically secure hash algorithms specified by the National Institute of Standards and Technology (NIST).
This is not what is described in the question.
References:
, John Wiley & Sons, New York, 2001, p. 160
https://en.wikipedia.org/wiki/Secure_Hash_Standard
Which of the following statements pertaining to Secure Sockets Layer (SSL) is FALSE?
A. The SSL protocol was developed by Netscape to secure Internet client-server transactions.
B. The SSL protocol’s primary use is to authenticate the client to the server using public key cryptography and digital certificates.
C. Web pages using the SSL protocol start with HTTPS
D. SSL can be used with applications such as Telnet, FTP and email protocols.
Correct Answer: B
The SSL protocol was developed by Netscape in 1994 to secure Internet client-server transactions. The SSL protocol authenticates the server to the client using public key cryptography and digital certificates. In addition, this protocol also provides for optional client to server authentication. It supports the use of RSA public key algorithms, IDEA, DES and 3DES private key algorithms, and the MD5 hash function. Web pages using the SSL protocol start with HTTPs. SSL 3.0 and its successor, the Transaction Layer Security (TLS) 1.0 protocol are de-facto standards, but they do not provide the end-to-end capabilities of SET. TLS implements confidentiality, authentication, and integrity above the Transport Layer, and it resides between the application and TCP layer. Thus, TLS, as with SSL, can be used with applications such as Telnet, FTP, HTTP, and email protocols. Both SSL and TLS use certificates for public key verification that are based on the X.509 standard.
Incorrect Answers:
A: It is true that the SSL protocol was developed by Netscape to secure Internet client-server transactions.
C: It is true that Web pages using the SSL protocol start with HTTPS.
D: It is true that SSL can be used with applications such as Telnet, FTP and email protocols.
References:
, John Wiley & Sons, New York, 2001, p. 160
What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?
A. Internet Key Exchange (IKE)
B. Secure Key Exchange Mechanism
C. Oakley
D. Internet Security Association and Key Management Protocol
Correct Answer: A
Internet Key Exchange (IKE) is the protocol employed to establish a security association (SA) in the IPsec protocol suite.
Incorrect Answers:
B: Secure Key Exchange Mechanism allows different key distribution methods to be applied.
C: OAKLEY is a key-agreement protocol that enables authenticated parties to exchange keying material via an insecure link by making use of the DiffieHellman key exchange algorithm.
D: Internet Security Association and Key Management Protocol is a protocol defined for instituting Security Associations (SA) and cryptographic keys in an Internet environment.
References:
https://en.wikipedia.org/wiki/Internet_Key_Exchange
, OReilly Media, 2013, California, p. 226
https://en.wikipedia.org/wiki/Oakley_protocol
https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol
Which of the following binds a subject name to a public key value? A. A public-key certificate B. A public key infrastructure C. A secret key infrastructure D. A private key certificate
Correct Answer: B
A typical PKI consists of hardware, software, policies and standards to manage the creation, administration, distribution and revocation of keys and digital certificates. Digital certificates are at the heart of PKI as they affirm the identity of the certificate subject and bind that identity to the public key contained in the certificate.
Incorrect Answers:
A: A public-key certificate contains a public key. However, it is the PKI (in particular the certificate authority) that verifies the subjects identity and binds the subject name to the public key value.
C: A secret key infrastructure is not a valid answer. A secret key can refer to a private key or more commonly to a shared key used in symmetric encryption.
D: A private key (and its corresponding public key) is usually generated by a user or application. The public key is then validated and signed by a CA. A private key does not bind a subject name to a public key value.
References:
http://searchsecurity.techtarget.com/definition/PKI
What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate? A. A public-key certificate B. An attribute certificate C. A digital certificate D. A descriptive certificate
Correct Answer: B
The US American National Standards Institute (ANSI) X9 committee developed the concept of attribute certificate as a data structure that binds some attributes values with the identification information about its holder.
According to RFC 2828 [24], an attribute certificate is “a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate.
One of the advantages of attribute certificate is that it can be used for various other purposes. It may contain group membership, role clearance, or any other form of authorization.
Incorrect Answers:
A: An attribute certificate can be used to supplement a public-key certificate by storing additional information or attributes. However, an attribute certificate, not a public-key certificate is what is described in the question.
C: A digital certificate is another name for a public key certificate. It is an electronic document used to prove ownership of a public key. This is not what is described in the question.
D: A descriptive certificate is not a defined certificate type.
What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? A. Certificate revocation list B. Certificate revocation tree C. Authority revocation list D. Untrusted certificate list
Correct Answer: C
An Authority Revocation List (ARL) is a list of serial numbers for public key certificates issued to certificate authorities that have been revoked, and therefore should not be relied upon.
Incorrect Answers:
A: A certificate revocation list (CRL) is a list of serial numbers for certificates that have been revoked, and should therefore, no longer trust entities presenting them.
B: A certificate revocation tree is a mechanism for distributing notices of certificate revocations, but is not supported in X.509.
D: A list of untrusted certificates is known as an untrusted CTL. It does not contain revoked certificates, but untrusted ones.
References:
https://en.wikipedia.org/wiki/Revocation_list
http://zvon.org/comp/r/ref-Security_Glossary.html#Terms~certificate_revocation_tree https://technet.microsoft.com/en-us/library/dn265983.aspx
Who vouches for the binding between the data items in a digital certificate? A. Registration authority B. Certification authority C. Issuing authority D. Vouching authority
Correct Answer: B
A certification authority issues digital certificates that include a public key and the identity of the owner. The matching private key is not publicly available, but kept secret by the end user who created the key pair. The certificate is also a confirmation or validation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate. A certification authoritys duty in such schemes is to verify an applicant’s credentials, so that users and relying parties are able to trust the information in the CA’s certificates.
Incorrect Answers:
A: A registration authority (RA) confirms user requests for a digital certificate and informs the certificate authority (CA) to distribute it.
C: An issuing authority does not vouch for the binding between the data items in a digital certificate.
D: A vouching authority does not vouch for the binding between the data items in a digital certificate.
References:
https://en.wikipedia.org/wiki/Certificate_authority
http://searchsecurity.techtarget.com/definition/registration-authority
Which of the following would best define a digital envelope?
A. A message that is encrypted and signed with a digital certificate.
B. A message that is signed with a secret key and encrypted with the sender’s private key.
C. A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.
D. A message that is encrypted with the recipient’s public key and signed with the sender’s private key.
Correct Answer: C
Hybrid cryptography is the combined use of symmetric and asymmetric algorithms where the symmetric key encrypts data and an asymmetric key encrypts the symmetric key.
A digital envelope is another term used to describe hybrid cryptography.
When a message is encrypted with a symmetric key (secret key) and the symmetric key is encrypted with an asymmetric key, it is collectively known as a digital envelope.
Incorrect Answers:
A: A message that is encrypted and signed with a digital certificate is not the correct definition of a digital envelope. The message would have to be encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key to be a digital envelope. This answer does not specify what type of encryption is used.
B: A message that is signed with a secret key and encrypted with the sender’s private key is not the correct definition of a digital envelope. A private key is an asymmetric key. In a digital envelope, the message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key.
D: A message that is encrypted with the recipient’s public key and signed with the sender’s private key is not the correct definition of a digital envelope. A public key is an asymmetric key. In a digital envelope, the message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key.
References:
, 6th Edition, McGraw-Hill, 2013, p. 811
What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity? A. A digital envelope B. A cryptographic hash C. A Message Authentication Code D. A digital signature
Correct Answer: D
A digital signature is a hash value that is encrypted with the senders private key. The hashing function guarantees the integrity of the message, while the signing of the hash value offers authentication and nonrepudiation.
Incorrect Answers:
A: When a message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key, it is collectively known as a digital envelope.
B: A cryptographic hash can be used in digital signatures, but signatures are not part of the hash function.
C: Message authentication code (MAC) is a keyed cryptographic hash function that is used for data integrity and data origin authentication. It does not, however, require a signature.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 811, 829, 832
https://en.wikipedia.org/wiki/Cryptographic_hash_function
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?
A. Illuminated at nine feet high with at least three foot-candles
B. Illuminated at eight feet high with at least three foot-candles
C. Illuminated at eight feet high with at least two foot-candles
D. Illuminated at nine feet high with at least two foot-candles
orrect Answer: C
A foot-candle (fc) is an illuminance measurement equal to one lumen per square foot.
The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, which is a unit that represents the illumination power of an individual light.
Incorrect Answers:
A: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not nine feet high with at least three foot-candles. Therefore, this answer is incorrect.
B: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not eight feet high with at least three foot-candles. Therefore, this answer is incorrect.
D: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated eight feet high and use two foot-candles, not nine feet high with at least two foot-candles. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 1365
Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?
A. OAKLEY
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP)
D. IPsec Key exchange (IKE)
Correct Answer: B
ISAKMP defines actions and packet formats to establish, negotiate, modify and delete Security Associations. It is distinct from key exchange protocols with the intention of cleanly separating the details of security association management and key management from the details of key exchange.
Incorrect Answers:
A: The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection by making use of the DiffieHellman key exchange algorithm.
C: Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys.
D: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP.
References:
https://en.wikipedia.org/wiki/Internet_Security_Association_and_Key_Management_Protocol https://en.wikipedia.org/wiki/Oakley_protocol https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol
, 6th Edition, McGraw-Hill, 2013, p. 863
Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
A. Diffie-Hellman Key Exchange Protocol
B. Internet Security Association and Key Management Protocol (ISAKMP)
C. Simple Key-management for Internet Protocols (SKIP)
D. OAKLEY
Correct Answer: D
The Oakley Key Determination Protocol is a key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection by making use of the DiffieHellman key exchange algorithm. It formed the basis for the more widely used Internet key exchange protocol.
Incorrect Answers:
A: The Diffie-Hellman algorithm proposed for IPsec is the Diffie-Hellman Key Exchange Protocol.
B: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP. It has not superseded ISAKMP.
C: SKIP is a distribution protocol, not a key establishment protocol.
References:
, 6th Edition, McGraw-Hill, 2013, p. 863
https://en.wikipedia.org/wiki/Oakley_protocol
https://en.wikipedia.org/wiki/DiffieHellman_key_exchange
https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol
Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?
A. Internet Key exchange (IKE)
B. Security Association Authentication Protocol (SAAP)
C. Simple Key-management for Internet Protocols (SKIP)
D. Key Exchange Algorithm (KEA)
Correct Answer: A
With IPsec, Key management can be dealt with manually or automatically via a key management protocol. The genuine standard for IPSec is to make use of
Internet Key Exchange (IKE), which is a permutation of the ISAKMP and OAKLEY protocols.
Incorrect Answers:
B: Security Association Authentication Protocol(SAAP) is not a valid term.
C: Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys.
D: Key Exchange Algorithm includes Diffie-Hellman and RSA, but is not based on OAKLEY.
References:
, 6th Edition, McGraw-Hill, 2013, p. 863
https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol https://technet.microsoft.com/en-us/library/cc962035.aspx
Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys? This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?
A. Internet Security Association and Key Management Protocol (ISAKMP)
B. Simple Key-management for Internet Protocols (SKIP)
C. Diffie-Hellman Key Distribution Protocol
D. IPsec Key exchange (IKE)
Correct Answer: B
Simple Key-management for Internet Protocols (SKIP) was a protocol developed by the IETF Security Working Group for the sharing of encryption keys. It is a hybrid Key distribution protocol.
Incorrect Answers:
A: Internet Security Association and Key Management Protocol (ISAKMP) provides a framework for security association creation and key exchange.
C: DiffieHellman key exchange (DH) is a specific method of securely exchanging cryptographic keys via a public channel
D: Internet Key Exchange (IKE) provides authenticated keying material for use with ISAKMP.
References:
, 6th Edition, McGraw-Hill, 2013, p. 863
https://en.wikipedia.org/wiki/Simple_Key-Management_for_Internet_Protocol https://en.wikipedia.org/wiki/DiffieHellman_key_exchange
Which of the following can best be defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties can perform the decryption operation to retrieve the stored key? A. Key escrow B. Fair cryptography C. Key encapsulation D. Zero-knowledge recovery
Correct Answer: C
According to RFC 4949, key encapsulation is a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties called “recovery agents” can perform the decryption operation to retrieve the stored key. Key encapsulation typically permits direct retrieval of a secret key used to provide data confidentiality.
Incorrect Answers:
A: A key recovery technique for storing knowledge of a cryptographic key or parts thereof in the custody of one or more third parties called “escrow agents”, so that the key can be recovered and used in specified circumstances. This is not what is described in the question.
B: Fair cryptography is not a valid answer.
D: Zero-knowledge recovery is not a valid answer.
References:
http://tools.ietf.org/html/rfc4949
Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext- ciphertext pairs? A. A known-plaintext attack B. A known-algorithm attack C. A chosen-ciphertext attack D. A chosen-plaintext attack
Correct Answer: A
In this question, the attacker is trying to obtain the key from several “some plaintext-ciphertext pairs”. When the attacker has a copy of the plaintext corresponding to the ciphertext, this is known as a known-plaintext attack.
Cryptanalysis is the act of obtaining the plaintext or key from the ciphertext. Cryptanalysis is used to obtain valuable information and to pass on altered or fake messages in order to deceive the original intended recipient. This attempt at “cracking” the cipher is also known as an attack.
The following are example of some common attacks:
✑ Known Plaintext. The attacker has a copy of the plaintext corresponding to the ciphertext
✑ Chosen Ciphertext. Portions of the ciphertext are selected for trial decryption while having access to the corresponding decrypted plaintext
✑ Chosen Plaintext. Chosen plaintext is encrypted and the output ciphertext is obtained
✑ Ciphertext Only. Only the ciphertext is available
Incorrect Answers:
B: A known-algorithm attack is not a defined type of attack.
C: With a Chosen-Ciphertext attack, the attacker has a copy of the plaintext corresponding to the ciphertext. This is not what is described in the question.
D: With a chosen-plaintext attack, chosen plaintext is encrypted and the output ciphertext is obtained. This is not what is described in the question.
References:
, John Wiley & Sons, New York, 2001, p. 154
The Data Encryption Algorithm performs how many rounds of substitution and permutation? A. 4 B. 16 C. 54 D. 64
Correct Answer: B
International Data Encryption Algorithm (IDEA) is a block cipher and operates on 64-bit blocks of data, which is divided into 16 smaller blocks, and each has eight rounds of mathematical functions performed on it.
Incorrect Answers:
A: This is the size of one of the smaller blocks.
C: This is not a valid block size for block ciphers.
D: This is incorrect as it is the initial size of the block.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 809, 810
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_," RSA is quite feasible for computer use. A. computing in Galois fields B. computing in Gladden fields C. computing in Gallipoli fields D. computing in Galbraith fields
Correct Answer: A
The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as computing in Galois fields, RSA is quite feasible for computer use.
A Galois field is a finite field.
Incorrect Answers:
B: A finite field is not called a Gladden field. Gladden fields are not used in RSA.
C: A finite field is not called a Gallipoli field. Gallipoli fields are not used in RSA.
D: A finite field is not called a Galbraith field. Galbraith fields are not used in RSA.
Which of the following concerning the Rijndael block cipher algorithm is NOT true?
A. The design of Rijndael was strongly influenced by the design of the block cipher Square.
B. A total of 25 combinations of key length and block length are possible
C. Both block size and key length can be extended to multiples of 64 bits.
D. The cipher has a variable block length and key length.
Correct Answer: C
It is false that both block size and key length can be extended to multiples of 64 bits; they can be extended in multiples of 32 bits.
Rijndael is a block symmetric cipher that was chosen to fulfill the Advanced Encryption Standard. It uses a 128-bit block size and various key lengths (128, 192,
256).
The Rijndael specification is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.
Incorrect Answers:
A: It is true that the design of Rijndael was strongly influenced by the design of the block cipher Square.
B: It is true that a total of 25 combinations of key length and block length are possible.
D: It is true that the cipher has a variable block length and key length.
References:
http://searchsecurity.techtarget.com/definition/Rijndael
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
, John Wiley & Sons, New York, 2001, p. 145
This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I? A. Chosen-Ciphertext attack B. Ciphertext-only attack C. Plaintext Only Attack D. Adaptive-Chosen-Plaintext attack
Correct Answer: A
A chosen-ciphertext attack is one in which a cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. This type of attack is generally most applicable to public-key cryptosystems.
Incorrect Answers:
B: A Ciphertext-Only attack is one which the cryptanalyst obtains a sample of ciphertext without the plaintext associated with it. This data is relatively easy to obtain in many scenarios, but a successful ciphertext-only attack is generally difficult and requires a very large ciphertext sample. This attack is not generally most applicable to public-key cryptosystems.
C: Plaintext Only Attack it not a defined attack type.
D: An Adaptive-Chosen-Plaintext attack is a special case of chosen-plaintext attack in which the cryptanalyst is able to choose plaintext samples dynamically and alter his or her choices based on the results of previous encryptions. This attack is not generally most applicable to public-key cryptosystems.
Which of the following type of lock uses a numeric keypad or dial to gain entry? A. Bolting door locks B. Cipher lock C. Electronic door lock D. Biometric door lock
Correct Answer: B
Cipher locks, also known as programmable locks, are keyless and use keypads to control access into an area or facility. The lock requires a specific combination to be entered into the keypad and possibly a swipe card. They cost more than traditional locks, but their combinations can be changed, specific combination sequence values can be locked out, and personnel who are in trouble or under duress can enter a specific code that will open the door and initiate a remote alarm at the same time. Thus, compared to traditional locks, cipher locks can provide a much higher level of security and control over who can access a facility.
Incorrect Answers:
A: A bolting door lock is not the name for the type of lock that uses a numeric keypad or dial to gain entry. Therefore, this answer is incorrect.
C: Locks that use a numeric keypad or dial to gain entry are often electronic locks. However, they can also be mechanical (non-electronic) locks. Therefore, this answer is incorrect.
D: Biometric door locks do not use a numeric keypad or dial to gain entry; they use biometric scanners such as fingerprint or retina scanners. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 480
In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve? A. Relief valve B. Emergency valve C. Release valve D. Clapper valve
Correct Answer: D
In a dry pipe system, there is no water standing in the pipe it is being held back by a clapper valve. In the event of a fire, the valve opens, the air is blown out of the pipe, and the water flows.
Incorrect Answers:
A: The valve used in a dry pipe system is called a clapper valve, not a relief valve. Therefore, this answer is incorrect.
B: The valve used in a dry pipe system is called a clapper valve, not an emergency valve. Therefore, this answer is incorrect.
C: The valve used in a dry pipe system is called a clapper valve, not a release valve. Therefore, this answer is incorrect.
References:
, Wiley Publishing, Indianapolis, 2007, p. 463
The most prevalent cause of computer center fires is which of the following? A. AC equipment B. Electrical distribution systems C. Heating systems D. Natural causes
Correct Answer: B
The most prevalent cause of computer center fires is electrical distribution systems.
Most computer circuits use only two to five volts of direct current, which usually cannot start a fire. If a fire does happen in a computer room, it will most likely be an electrical fire caused by overheating of wire insulation or by overheating components that ignite surrounding plastics. Prolonged smoke usually occurs before combustion.
Incorrect Answers:
A: AC equipment is not the most prevalent cause of computer center fires. Therefore, this answer is incorrect.
C: Heating systems are not the most prevalent cause of computer center fires. Computer centers use cooling systems, not heating systems. Therefore, this answer is incorrect.
D: Natural causes are not the most prevalent cause of computer center fires. Computer centers are typically protected against natural causes. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 469
Which of the following statements pertaining to fire suppression systems is TRUE?
A. Halon is today the most common choice as far as agents are concerned because it is highly effective in the way that it interferes with the chemical reaction of the elements within a fire.
B. Gas masks provide an effective protection against use of CO2 systems. They are recommended for the protection of the employees within data centers.
C. CO2 systems are NOT effective because they suppress the oxygen supply required to sustain the fire.
D. Water Based extinguishers are NOT an effective fire suppression method for class C (electrical) fires.
Correct Answer: D
Class C fires are electrical fires which that may occur in electrical equipment or wiring. Class C fire extinguishers use gas, CO2 or dry powders. These extinguishing agents are non-conductive.
Class A fire extinguishers use water or foam. Water or foam used on an electrical fire would conduct the electricity and make the fire worse. Therefore, it is TRUE that water-based extinguishers are NOT an effective fire suppression method for class C (electrical) fires.
Incorrect Answers:
A: Halon is NOT the most common choice as far as agents are concerned. Halon is now known to be dangerous and no longer produced. Therefore, this answer is incorrect.
B: Gas masks DO NOT provide an effective protection against use of CO2 systems. CO2 systems work by removing the oxygen from the air. Therefore, this answer is incorrect.
C: CO2 systems ARE effective because they suppress the oxygen supply required to sustain the fire. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 472
How should a doorway of a manned facility with automatic locks be configured?
A. It should be configured to be fail-secure.
B. It should be configured to be fail-safe.
C. It should have a door delay cipher lock.
D. It should not allow piggybacking.
Correct Answer: B
Doorways with automatic locks can be configured to be fail-safe or fail-secure. A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. Fail-safe deals directly with protecting people. If people work in an area and there is a fire or the power is lost, it is not a good idea to lock them in. A fail-secure configuration means that the doors default to being locked if there are any problems with the power. If people do not need to use specific doors for escape during an emergency, then these doors can most likely default to fail-secure settings.
Incorrect Answers:
A: The doorway should be configured to be fail-safe, not fail-secure. A fail-secure configuration could lock people in the building if a power disruption occurs that affects the automated locking system. Therefore, this answer is incorrect.
C: A door delay cipher lock will sound an alarm if the door is held open for too long. This is not a requirement for a doorway of a manned facility. Therefore, this answer is incorrect.
D: Piggybacking is when an individual gains unauthorized access by using someone elses legitimate credentials or access rights. Usually an individual just follows another person closely through a door without providing any credentials. It is not a requirement for a doorway of a manned facility to not allow piggybacking. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 451
Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader? A. A passive system sensing device B. A transponder C. A card swipe D. A magnetic card
Correct Answer: B
System sensing access control readers, also called transponders, recognize the presence of an approaching object within a specific area. This type of system does not require the user to swipe the card through the reader. The reader sends out interrogating signals and obtains the access code from the card without the user having to do anything.
Incorrect Answers:
A: A passive system sensing device contains no battery or power on the card, but senses the electromagnetic field transmitted by the reader and transmits at different frequencies using the power field of the reader. This device does not send an access code. Therefore, this answer is incorrect.
C: A swipe card requires the action from the user; the user has to swipe the card. Therefore, this answer is incorrect.
D: A magnetic card requires the action from the user; the user has to swipe the card. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 484
, Wiley Publishing, Indianapolis, 2007, p. 471
According to ISC -
, what should be the fire rating for the internal walls of an information processing facility?
A. All walls must have a one-hour minimum fire rating.
B. All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have a two-hour minimum fire rating.
C. All walls must have a two-hour minimum fire rating.
D. All walls must have a two-hour minimum fire rating, except for walls to adjacent rooms where records such as paper and media are stored, which should have
Correct Answer: B
The internal walls of your processing facility must be a floor to ceiling slab with a one-hour minimum fire rating. Any adjacent walls where records such as paper, media, etc. must have a two-hour minimum fire rating.
There are different regulations that exist for external walls from state to state.
Incorrect Answers:
A: Walls to adjacent rooms where records such as paper and media are stored should have a two-hour minimum fire rating, not a one-hour fire rating. Therefore, this answer is incorrect.
C: It is not necessary for all walls to have a two-hour minimum fire rating. Therefore, this answer is incorrect.
D: It is not necessary for the internal walls to have a two-hour fire rating and it is not necessary for walls to adjacent rooms where records such as paper and media are stored should have a three-hour minimum fire rating. Therefore, this answer is incorrect.
Which of the following statements pertaining to air conditioning for an information processing facility is TRUE?
A. The AC units must be controllable from outside the area.
B. The AC units must keep negative pressure in the room so that smoke and other gases are forced out of the room.
C. The AC units must be on the same power source as the equipment in the room to allow for easier shutdown.
D. The AC units must be dedicated to the information processing facility.
Correct Answer: D
The AC units used in an information processing facility must be dedicated and controllable from within the area. They must be on an independent power source from the rest of the room and have a dedicated Emergency Power Off switch. It is positive, not negative pressure that forces smoke and other gases out of the room.
Incorrect Answers:
A: The AC units must be controllable from inside the area, not outside the area. Therefore, this answer is incorrect.
B: The AC units must keep positive pressure in the room, not negative pressure so that smoke and other gases are forced out of the room. Therefore, this answer is incorrect.
C: The AC units must be on a different power source as the equipment in the room to allow for easier shutdown. Therefore, this answer is incorrec
Which of the following statements pertaining to secure information processing facilities is NOT true?
A. Walls should have an acceptable fire rating.
B. Windows should be protected with bars.
C. Doors must resist forcible entry.
D. Location and type of fire suppression systems should be known.
Correct Answer: B
The following statements pertaining to secure information processing facilities are correct:
✑ Walls should have an acceptable fire rating.
✑ Doors must resist forcible entry.
✑ Location and type of fire suppression systems should be known.
✑ Flooring in server rooms and wiring closets should be raised to help mitigate flooding damage.
✑ Separate AC units must be dedicated to the information processing facilities.
✑ Backup and alternate power sources should exist.
The statement “windows should be protected with bars” is tricky. You could argue that they windows should be protected with bars. However, in a ‘secure’ information processing facility, there should be no windows.
Incorrect Answers:
A: It is true that walls should have an acceptable fire rating. Therefore, this answer is incorrect.
C: It is true that doors must resist forcible entry. Therefore, this answer is incorrect.
D: It is true that the location and type of fire suppression systems should be known. Therefore, this answer is incorrect.
What is a common problem when using vibration detection devices for perimeter control?
A. They are vulnerable to non-adversarial disturbances.
B. They can be defeated by electronic means.
C. Signal amplitude is affected by weather conditions.
D. They must be buried below the frost line.
Correct Answer: A
A common problem when using vibration detection devices for perimeter control is false alarms. For example, someone could lean on the fence and trigger an alarm.
Perimeter Intrusion Detection and Assessment System (PIDAS) is a type of fencing that has sensors located on the wire mesh and at the base of the fence. It is used to detect if someone attempts to cut or climb the fence. It has a passive cable vibration sensor that sets off an alarm if an intrusion is detected. PIDAS is very sensitive and can cause many false alarms.
Incorrect Answers:
B: Vibration detection devices for perimeter control are not commonly defeated by electronic means. Therefore, this answer is incorrect.
C: Signal amplitude being affected by weather conditions is not common problem when using vibration detection devices for perimeter control. Therefore, this answer is incorrect.
D: It is not true that vibration detection devices for perimeter control must be buried below the frost line. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 487
To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room?
A. Order an immediate refill with Halon 1201 from the manufacturer.
B. Contact a Halon recycling bank to make arrangements for a refill.
C. Order a Non-Hydrochlorofluorocarbon compound from the manufacturer.
D. Order an immediate refill with Halon 1301 from the manufacturer.
Correct Answer: C
Halon is a gas that was widely used in the past to suppress fires because it interferes with the chemical combustion of the elements within a fire. It mixes quickly with the air and does not cause harm to computer systems and other data processing devices. It was used mainly in data centers and server rooms. It was discovered that halon has chemicals (chlorofluorocarbons) that deplete the ozone and that concentrations greater than 10 percent are dangerous to people. Halon used on extremely hot fires degrades into toxic chemicals, which is even more dangerous to humans.
Halon has not been manufactured since January 1, 1992, by international agreement. The Montreal Protocol banned halon in 1987, and countries were given until
1992 to comply with these directives. The most effective replacement for halon is FM-200, which is similar to halon but does not damage the ozone.
By law, companies that have halon extinguishers do not have to replace them, but the extinguishers cannot be refilled. So, companies that have halon extinguishers do not have to replace them right away, but when the extinguishers lifetime runs out, FM-200 extinguishers or other EPA-approved chemicals should be used.
Incorrect Answers:
A: You cannot refill a fire extinguisher with Halon 1201. Therefore, this answer is incorrect.
B: You cannot refill a fire extinguisher with Halon. Therefore, this answer is incorrect.
D: You cannot refill a fire extinguisher with Halon 1301. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 473
Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is BEST described as:
A. ownership.
B. protecting specific areas with different measures.
C. localized emissions.
D. compromise of the perimeter.
Correct Answer: A
Crime Prevention Through Environmental Design (“CPTED”) is the design, maintenance, and use of the built environment in order to enhance quality of life and to reduce both the incidence and fear of crime.
Territoriality means providing clear designation between public, private, and semi-private areas and makes it easier for people to understand, and participate in, an area’s intended use. Territoriality communicates a sense of active “ownership” of an area that can discourage the perception that illegal acts may be committed in the area without notice or consequences. The use of see-through screening, low fencing, gates, signage, different pavement textures, or other landscaping elements that visually show the transition between areas intended for different uses are examples of the principle of territoriality.
Incorrect Answers:
B: Protecting specific areas with different measures is not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect.
C: Localized emissions are not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect.
D: Compromise of the perimeter is not a description of the CPTED concept of territoriality. Therefore, this answer is incorrect.
References:
https://www.portlandoregon.gov/oni/article/320548
In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which of the following configuration? A. Fail Soft B. Fail Open C. Fail Safe D. Fail Secure
Correct Answer: D
Doorways with automatic locks can be configured to be fail-safe or fail-secure. A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. Fail-safe deals directly with protecting people. If people work in an area and there is a fire or the power is lost, it is not a good idea to lock them in.
A fail-secure configuration means that the doors default to being locked if there are any problems with the power. If people do not need to use specific doors for escape during an emergency, then these doors can most likely default to fail-secure settings.
Incorrect Answers:
A: Doorways with automatic locks can be configured to be fail-safe or fail-secure. “Fail-soft” is not a valid term when talking about doorways with automatic locks.
Therefore, this answer is incorrect.
B: A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked. “Fail-open” is essentially the same as fail-safe although fail-safe is the more commonly used terminology. In a fail-safe or fail-open system, the doors do not remain locked.
Therefore, this answer is incorrect.
C: A fail-safe setting means that if a power disruption occurs that affects the automated locking system, the doors default to being unlocked; the doors do not remain locked. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 451
The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts? A. Static electricity B. Corrosion C. Energy-plating D. Element-plating
Correct Answer: B
High humidity means extra water in the air. This extra water can cause corrosion to computer parts.
It is important to maintain the proper temperature and humidity levels within data centers, which is why an HVAC system should be implemented specifically for this room. Too high a temperature can cause components to overheat and turn off; too low a temperature can cause the components to work more slowly. If the humidity is high, then corrosion of the computer parts can take place; if humidity is low, then static electricity can be introduced. Because of this, the data center must have its own temperature and humidity controls, which are separate from the rest of the building.
Incorrect Answers:
A: Static electricity is caused by low humidity, not high humidity. Therefore, this answer is incorrect.
C: Energy-plating is not caused by high humidity. Therefore, this answer is incorrect.
D: Element-plating is not caused by high humidity. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 456
Which of the following provides coordinated procedures for minimizing loss of life, injury, and property damage in response to a physical threat? A. Business continuity plan B. Incident response plan C. Disaster recovery plan D. Occupant emergency plan
Correct Answer: D
The occupant emergency plan (OEP) provides the “response procedures for occupants of a facility in the event of a situation posing a potential threat to the health and safety of personnel, the environment, or property. Such events would include a fire, hurricane, criminal attack, or a medical emergency.”
Incorrect Answers:
A: A business continuity plan provides procedures for sustaining essential business operations while recovering from a significant disruption, while occupant emergency plan provides coordinated procedures for minimizing loss of life or injury and protecting properly damage in response to a physical threat.
B: Incident response plan focuses on malware, hackers, intrusions, attacks, and other security issues. It outlines procedures for incident response.
C: A Disaster recovery plan provides detailed procedures to facilitate recovery of capabilities at an alternate site, while occupant emergency plan provides coordinated procedures for minimizing loss of life or injury and protecting properly damage in response to a physical threat.
References:
, 2nd Edition, Syngress, Waltham, 2012, pp. 369-370
What can be defined as a momentary low voltage? A. spike B. blackout C. sag D. fault
Correct Answer: C
Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people.
The following explains the different types of voltage fluctuations possible with electric power:
Power excess:
✑ Spike Momentary high voltage
✑ Surge Prolonged high voltage
Power loss:
✑ Fault Momentary power outage
✑ Blackout Prolonged, complete loss of electric power
Power degradation:
✑ Sag/dip Momentary low-voltage condition, from one cycle to a few seconds
✑ Brownout Prolonged power supply that is below normal voltage
✑ In-rush current Initial surge of current required to start a load
Incorrect Answers:
A: A spike is a momentary high voltage, not a momentary low voltage. Therefore, this answer is incorrect.
B: A blackout is a prolonged complete loss of power, not a momentary low voltage. Therefore, this answer is incorrect.
D: A fault is a momentary power outage, not a momentary low voltage. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 462-463
A prolonged complete loss of electric power is a: A. brownout B. blackout C. surge D. fault
Correct Answer: B
A blackout is when the voltage drops to zero. This can be caused by lightning, a car taking out a power line, storms, or failure to pay the power bill. It can last for seconds or days. This is when a backup power source is required for business continuity.
Incorrect Answers:
A: A brownout is a prolonged low voltage, not a prolonged complete loss of power. Therefore, this answer is incorrect.
C: A surge is a prolonged high voltage, not a prolonged power outage. Therefore, this answer is incorrect.
D: A fault is a momentary power outage, not a prolonged power outage. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 462-463
A prolonged electrical power supply that is below normal voltage is a: A. brownout B. blackout C. surge D. fault
Correct Answer: A
When power companies are experiencing high demand, they frequently reduce the voltage in an electrical grid, which is referred to as a brownout. Constant voltage transformers can be used to regulate this fluctuation of power. They can use different ranges of voltage and only release the expected 120 volts of alternating current to devices.
Interference interrupts the flow of an electrical current, and fluctuations can actually deliver a different level of voltage than what was expected. Each fluctuation can be damaging to devices and people.
The following explains the different types of voltage fluctuations possible with electric power:
Power excess:
✑ Spike Momentary high voltage
✑ Surge Prolonged high voltage
Power loss:
✑ Fault Momentary power outage
✑ Blackout Prolonged, complete loss of electric power
Power degradation:
✑ Sag/dip Momentary low-voltage condition, from one cycle to a few seconds
✑ Brownout Prolonged power supply that is below normal voltage
✑ In-rush current Initial surge of current required to start a load
Incorrect Answers:
B: A blackout is a prolonged complete loss of power, not a prolonged low voltage. Therefore, this answer is incorrect.
C: A surge is a prolonged high voltage, not a prolonged low voltage. Therefore, this answer is incorrect.
D: A fault is a momentary power outage, not a prolonged low voltage. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, pp. 462-463
Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. This area is referred to as the: A. smoke boundary area. B. fire detection area. C. plenum area. D. intergen area.
Correct Answer: C
Wiring and cables are strung through plenum areas, such as the space above dropped ceilings, the space in wall cavities, and the space under raised floors.
Plenum areas should have fire detectors. Also, only plenum-rated cabling should be used in plenum areas, which is cabling that is made out of material that does not let off hazardous gases if it burns.
Incorrect Answers:
A: A smoke boundary area is not the area described in the question. Therefore, this answer is incorrect.
B: A fire detection area is not the area described in the question. Therefore, this answer is incorrect.
D: An Intergen area is not the area described in the question. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 473
To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it?
A. Rate-of-rise temperature sensor installed on the side wall
B. Variable heat sensor installed above the suspended ceiling
C. Fixed-temperature sensor installed in the air vent
D. Rate-of-rise temperature sensor installed below the raised floors
Correct Answer: D
Heat-activated detectors provide the earliest warning possible of a fire outbreak. They should be placed below the raised floors as this is where the cabling most likely to cause an electrical fire is.
Heat-activated detectors can be configured to sound an alarm either when a predefined temperature (fixed temperature) is reached or when the temperature increases over a period of time (rate-of-rise). Rate-of-rise temperature sensors usually provide a quicker warning than fixed-temperature sensors because they are more sensitive, but they can also cause more false alarms. The sensors can either be spaced uniformly throughout a facility, or implemented in a line type of installation, which is operated by a heat-sensitive cable.
It is not enough to have these fire and smoke detectors installed in a facility; they must be installed in the right places. Detectors should be installed both on and above suspended ceilings and raised floors, because companies run many types of wires in both places that could start an electrical fire. No one would know about the fire until it broke through the floor or dropped ceiling if detectors were not placed in these areas.
Incorrect Answers:
A: A side wall is not the best location for the sensor. If cabling under a raised floor starts a fire, it will be some time before the wall mounted heat sensor is triggered. Therefore, this answer is incorrect.
B: A variable heat sensor is not the best type of sensor to provide the earliest warning possible of a fire outbreak. Therefore, this answer is incorrect.
C: Fixed-temperature sensors are triggered when a defined temperature is reached. This is not the best type of sensor to provide the earliest warning possible of a fire outbreak. The air vent is also not the best location for the sensor. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 470
Which of the following controls related to physical security is NOT an administrative control? A. Personnel controls B. Alarms C. Training D. Emergency response and procedures
Correct Answer: B
Alarms are an example of a physical control type, not an administrative control.
Controls are put into place to reduce the risk an organization faces, and they come in three main flavors: administrative, technical, and physical. Administrative controls are commonly referred to as “soft controls” because they are more management-oriented. Examples of administrative controls are security documentation, risk management, personnel security, and training. Technical controls (also called logical controls) are software or hardware components, as in firewalls, IDS, encryption, identification and authentication mechanisms. And physical controls are items put into place to protect facility, personnel, and resources.
Examples of physical controls are security guards, locks, fencing, and lighting.
Incorrect Answers:
A: Personnel controls are an example of an administrative control. Therefore, this answer is incorrect.
C: Training is an example of an administrative control. Therefore, this answer is incorrect.
D: Emergency response and procedures are an example of an administrative control. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 28
Which of the following floors would be MOST appropriate to locate information processing facilities in a 6-stories building? A. Basement B. Ground floor C. Third floor D. Sixth floor
Correct Answer: C
Because data centers usually hold expensive equipment and the companys critical data, their protection should be thoroughly thought out before implementation.
Data centers should not be located on the top floors because it would be more difficult for an emergency crew to access it in a timely fashion in case of a fire. By the same token, data centers should not be located in basements where flooding can affect the systems. And if a facility is in a hilly area, the data center should be located well above ground level. Data centers should be located at the core of a building so if there is some type of attack on the building, the exterior walls and structures will absorb the hit and hopefully the data center will not be damaged.
Incorrect Answers:
A: The information processing facilities should not be in the basement because of the risk of flooding. Therefore, this answer is incorrect.
B: The information processing facilities should not be on the ground floor because of the risk of flooding. Therefore, this answer is incorrect.
D: The information processing facilities should not be on the top floor because it would be more difficult for an emergency crew to access it in a timely fashion in case of a fire. Therefore, this answer is incorrect.
References:
, 6th Edition, McGraw-Hill, 2013, p. 454
Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request? A. ICMP B. TCP C. UDP D. IP
Correct Answer: B
The TCP protocol is stateful. In a TCP connection, the sender sends a SYN packet, the receiver sends a SYN/ACK, and then the sender acknowledges that packet with an ACK packet. A stateful firewall understands these different steps and will not allow packets to go through that do not follow this sequence. So, if a stateful firewall receives a SYN/ACK and there was not a previous SYN packet that correlates with this connection, the firewall understands this is not right and disregards the packet. This is what stateful meanssomething that understands the necessary steps of a dialog session. And this is an example of context- dependent access control, where the firewall understands the context of what is going on and includes that as part of its access decision.
Incorrect Answers:
A: The ICMP protocol is stateless, not stateful.
C: The UDP protocol is stateless, not stateful.
D: The IP protocol is stateless, not stateful.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 232
How do you distinguish between a bridge and a router?
A. A bridge simply connects multiple networks, a router examines each packet to determine which network to forward it to.
B. “Bridge” and “router” are synonyms for equipment used to join two networks.
C. The bridge is a specific type of router used to connect a LAN to the global Internet.
D. The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.
Correct Answer: D
Bridges and routers both connect networks. While bridges works only up to the data link layer, routers work at the network layer.
Incorrect Answers:
A: Both bridges and routers connect multiple networks. A router examines each packet to determine which network to forward it, but bridges can also examine packets by using filters to determine if the data should be forwarded or not.
B: Bridge and router are not synonyms as they work at different network layers.
C: A bridge is not one type of router. A bridge cannot connect a LAN to the Internet as it only working at the data link layer, and you need to work at the network layer to connect a LAN to the Internet.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 615
ICMP and IGMP belong to which layer of the OSI model? A. Datagram Layer. B. Network Layer. C. Transport Layer. D. Data Link Layer.
Correct Answer: B
ICMP and IGMP work at the network layer of the OSI model.
Incorrect Answers:
A: There is no Datagram Layer in the OSI model.
C: ICMP and IGMP do not belong to the Transport layer of the OSI model. TCP and UDP are examples of protocols working at the transport layer.
D: ICMP and IGMP do not belong to the Transport layer of the OSI model. ARP, OSOF, and MAC are examples of protocols workings at the data link layer.
References:
https://en.wikipedia.org/wiki/Network_layer
What is a limitation of TCP Wrappers?
A. It cannot control access to running UDP services.
B. It stops packets before they reach the application layer, thus confusing some proxy servers.
C. The hosts.* access control system requires a complicated directory tree.
D. They are too expensive.
Correct Answer: A
TCP Wrappers allows you to restrict access to TCP services, but not to UDP services.
A TCP wrapper is an application that can serve as a basic firewall by restricting access to ports and resources based on user IDs or system IDs. Using TCP wrappers is a form of port based access control.
Incorrect Answers:
B: The problem with TCP wrappers is not that confuse proxy servers. The problem is that they do not filter UDP traffic.
C: The hosts.* access control system does not require a complicated directory tree. In the simplest configuration, daemon connection policies are set to either permit or block, depending on the options in file /etc/hosts.allow. The default configuration in FreeBSD is to allow all connections to the daemons started with inetd.
D: In a UNIX/Linux system the TCP wrappers are included in the distribution and come at no cost.
References:
, 5th Edition, Sybex, Indianapolis, 2011,
p. 118
The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram? A. TCP. B. ICMP. C. UDP. D. IGMP.
Correct Answer: B
The IP header protocol field value for ICMP is 1.
Incorrect Answers:
A: The IP header protocol field value for TCP is 6, not 1.
C: IP header protocol field value for UDP is 17, not 1.
D: The IP header protocol field value for IGMP is 2, not 1.
References:
, 5th Edition, Sybex, Indianapolis, 2011,
p. 122
What is the proper term to refer to a single unit of IP data? A. IP segment. B. IP datagram. C. IP frame. D. IP fragment.
Correct Answer: B
The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. The Internet
Protocol is responsible for addressing hosts and for routing datagrams (packets) from a source host to a destination host across one or more IP networks.
Incorrect Answers:
A: There is nothing called IP segment within the OSI model. The TCP protocol uses segments, while the IP protocol uses datagrams.
C: The network layer (layer 2) of the OSI model handles data link frames, but there are no IP frames in the OSI model. IP datagrams are the network layer (layer
3).
D: There is nothing called IP fragment within the OSI model.
References:
https://en.wikipedia.org/wiki/Internet_Protocol
Tim’s day to day responsibilities include monitoring health of devices on the network. He uses a Network Monitoring System supporting SNMP to monitor the devices for any anomalies or high traffic passing through the interfaces.
Which of the protocols would be BEST to use if some of the requirements are to prevent easy disclosure of the SNMP strings and authentication of the source of the packets?
A. UDP
B. SNMP V1
C. SNMP V3
D. SNMP V2
Correct Answer: C
Simple Network Management Protocol (SNMP) was released to the networking world in 1988 to help with the growing demand of managing network IP devices.
Companies use many types of products that use SNMP to view the status of their network, traffic flows, and the hosts within the network.
SNMP uses agents and managers. Agents collect and maintain device-oriented data, which are held in management information bases. Managers poll the agents using community string values for authentication purposes.
SNMP versions 1 and 2 send their community string values in cleartext, but with SNMP version 3, cryptographic functionality has been added, which provides encryption, message integrity, and authentication security. So any sniffers that are installed on the network cannot sniff SNMP traffic.
Incorrect Answers:
A: UDP is not a protocol used to monitor network devices.
B: SNMP versions 1 and 2 send their community string values in cleartext. This does not prevent easy disclosure of the SNMP strings and authentication of the source of the packets.
D: SNMP versions 1 and 2 send their community string values in cleartext. This does not prevent easy disclosure of the SNMP strings and authentication of the source of the packets.
References:
, 6th Edition, McGraw-Hill, 2013, p. 587
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a
Class C network?
A. The first bit of the IP address would be set to zero.
B. The first bit of the IP address would be set to one and the second bit set to zero.
C. The first two bits of the IP address would be set to one, and the third bit set to zero.
D. The first three bits of the IP address would be set to one.
Correct Answer: C
Class C was defined with the 3 high-order bits set to 1, 1, and 0, and designating the next 21 bits to number the networks. This translates to the IP address range of a class C network of 192.0.0.0 to 223.255.255.255.
Incorrect Answers:
A: Class C was defined with three fixed bits, not just one single bit.
B: Class C was defined with three fixed bits, not just two bits.
D: Class C was defined with the first bits set to 1, 1, and 0. Not to 1, 1, and 1.
References:
https://en.wikipedia.org/wiki/Classful_network
In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a
Class A network?
A. The first bit of the IP address would be set to zero.
B. The first bit of the IP address would be set to one and the second bit set to zero.
C. The first two bits of the IP address would be set to one, and the third bit set to zero.
D. The first three bits of the IP address would be set to one.
Correct Answer: A
Class A contains all addresses in which the most significant bit is zero. The address range of Class A is 0.0.0.0 - 127.255.255.255.
Incorrect Answers:
B: Class A contains only one single fixed bit, not two.
C: Class A contains only one single fixed bit, not three.
D: Class A contains only one single fixed bit, not three.
References:
https://en.wikipedia.org/wiki/Classful_network
Which of the following DoD Model layer provides non-repudiation services? A. Network layer. B. Application layer. C. Transport layer. D. Data link layer.
Correct Answer: B
Non-repudiation is provided by applications such as PGP (Pretty Good Privacy). It is implemented in software and therefore run in the application layer.
Non-repudiation means that parties involved in a communication cannot deny having participated. It is a technique that assures genuine communication that cannot subsequently be refuted.
Implementing security at the application layer simplifies the provision of services such as non-repudiation by giving complete access to the data the user wants to protect.
Incorrect Answers:
A: Non-repudiation is implemented at application layer, not at the network layer.
C: Non-repudiation is implemented at application layer, not at the transport layer.
D: Non-repudiation is implemented at application layer, not at the data-link layer.
References:
, 2nd Edition, Syngress, Waltham, 2012, p. 249
Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network. Within which OSI/ISO layer is RPC implemented? A. Session layer B. Transport layer C. Data link layer D. Network layer
Correct Answer: A
Session-layer services are commonly used in application environments that make use of remote procedure calls (RPCs).
Incorrect Answers:
B: RPC is implemented at the session layer, not at the transport layer.
C: RPC is implemented at the session layer, not at the data link layer.
D: RPC is implemented at the session layer, not at the network layer.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 524
Frame relay and X.25 networks are part of which of the following? A. Circuit-switched services B. Cell-switched services C. Packet-switched services D. Dedicated digital services
Correct Answer: C
Some examples of packet-switching technologies are the Internet, X.25, and frame relay.
Incorrect Answers:
A: X.25, and frame relay are packet switching services, not circuit-switching services.
B: X.25, and frame relay are packet switching services, not cell-switching services.
D: X.25, and frame relay are packet switching services, not dedicated digital services.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 674
Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided? A. Data Link B. Transport C. Presentation D. Application
Correct Answer: A
PPP (Point-to-Point Protocol) is a data link protocol used to establish a direct connection between two nodes. PPP has replaced the older SLIP and CSLIP protocols.
Incorrect Answers:
B: SLIP, CSLIP, and PPP all work at the data link layer, not at the transport layer.
C: SLIP, CSLIP, and PPP all work at the data link layer, not at the presentation layer.
D: SLIP, CSLIP, and PPP all work at the data link layer, not at the application layer.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 683
Which conceptual approach to intrusion detection system is the MOST common?
A. Behavior-based intrusion detection
B. Knowledge-based intrusion detection
C. Statistical anomaly-based intrusion detection
D. Host-based intrusion detection
Correct Answer: B
An IDS can detect malicious behavior using two common methods. One way is to use knowledge-based detection which is more frequently used. The second detection type is behavior-based detection.
Incorrect Answers:
A: behavior-based detection is less common compared to knowledge-based detection.
C: A Statistical anomaly-based IDS is a behavioral-based system.
D: Host-based intrusion detection is not a conceptual iDS approach. The two conventional approaches are knowledge-based detection and behavior-based detection.
References:
p. 56
In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the BEST choice below. A. Network Address Translation B. Network Address Hijacking C. Network Address Supernetting D. Network Address Sniffing
Correct Answer: B
Network address hijacking allows an attacker to reroute data traffic from a network device to a personal computer.
Also referred to as session hijacking, network address hijacking enables an attacker to capture and analyze the data addressed to a target system. This allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization.
Session hijacking involves assuming control of an existing connection after the user has successfully created an authenticated session. Session hijacking is the act of unauthorized insertion of packets into a data stream. It is normally based on sequence number attacks, where sequence numbers are either guessed or intercepted.
Incorrect Answers:
A: Network address translation (NAT) is a methodology of modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device for the purpose of remapping one IP address space into another. This is not what is described in the question.
C: Network Address Supernetting is forming an Internet Protocol (IP) network from the combination of two or more networks (or subnets) with a common
Classless Inter-Domain Routing (CIDR) prefix. The new routing prefix for the combined network aggregates the prefixes of the constituent networks. This is not what is described in the question.
D: Network Address Sniffing: This is another bogus choice that sounds good but does not even exist. However, sniffing is a common attack to capture cleartext passwords and information unencrypted over the network. Sniffing is accomplished using a sniffer also called a Protocol Analyzer. A network sniffer monitors data flowing over computer network links. It can be a self-contained software program or a hardware device with the appropriate software or firmware programming.
Also sometimes called “network probes” or “snoops,” sniffers examine network traffic, making a copy of the data but without redirecting or altering it.
References:
http://compnetworking.about.com/od/networksecurityprivacy/g/bldef_sniffer.htm http://wiki.answers.com/Q/What_is_network_address_hijacking
, 2nd Edition, Wiley Publishing, Indianapolis, 2004, p.
The Loki attack exploits a covert channel using which network protocol? A. TCP B. PPP C. ICMP D. SMTP
Correct Answer: C The ICMP protocol was developed to send status messages, not to hold or transmit user data. But someone figured out how to insert some data inside of an ICMP packet, which can be used to communicate to an already compromised system. Loki is actually a client/server program used by hackers to set up back doors on systems. The attacker targets a computer and installs the server portion of the Loki software. This server portion "listens" on a port, which is the back door an attacker can use to access the system. To gain access and open a remote shell to this computer, an attacker sends commands inside of ICMP packets. This is usually successful, because most routers and firewalls are configured to allow ICMP traffic to come and go out of the network, based on the assumption that this is safe because ICMP was developed to not hold any data or a payload. Incorrect Answers: A: A Loki attack uses ICMP, not TCP. B: A Loki attack uses ICMP, not PPP. D: A Loki attack uses ICMP, not SMTP. References: , 6th Edition, McGraw-Hill, 2013, p. 585
Which of the following is NOT a correct notation for an IPv6 address? A. 2001:0db8:0:0:0:0:1428:57ab B. ABCD:EF01:2345:6789: C. ABCD:EF01:2345:6789::1 D. 2001:DB8::8:800::417A
Correct Answer: D
The 128 bits of an IPv6 address are represented in 8 groups of 16 bits each. Each group is written as 4 hexadecimal digits and the groups are separated by colons (:).Consecutive sections of zeroes are replaced with a double colon (::).The double colon may only be used once in an address, as multiple use would render the address indeterminate. The address 2001:DB8::8:800::417A uses double colon twice, which is illegal.
Incorrect Answers:
A: 2001:0db8:0:0:0:0:1428:57ab is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers.
B: ABCD:EF01:2345:6789:1 is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers.
C: ABCD:EF01:2345:6789::1 is a well-formed IPv6 address with 8 groups of 16-bit hexadecimal numbers, and only one double colon.
References:
https://en.wikipedia.org/wiki/IPv6
Which device acting as a translator is used to connect two networks or applications from Layer 4 up to Layer 7 of the ISO/OSI Model? A. Bridge B. Repeater C. Router D. Gateway
Correct Answer: D
A gateway works at OSI Application layer, where it connects different types of networks; performs protocol and format translations.
Incorrect Answers:
A: A bridge works at the data link layer, not the application layer.
B: A repeater works at the physical layer, not the application layer.
C: A router works at the transport layer, not the application layer.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 623
What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets? A. SYN Flood attack B. Smurf attack C. Ping of Death attack D. Denial of Service (DoS) attack
Correct Answer: B
In a Smurf attack the attacker sends an ICMP ECHO REQUEST packet with a spoofed source address to a victims network broadcast address. This means that each system on the victims subnet receives an ICMP ECHO REQUEST packet. Each system then replies to that request with an ICMP ECHO REPLY packet to the spoof address provided in the packetswhich is the victims address.
Incorrect Answers:
A: A Syn flood attack does not involve spoofing and ICMP ECHO broadcasts. A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
C: A ping of death is a type of attack on a computer system that involves sending a malformed or otherwise malicious ping to a computer. It could cause a buffer overflow, but it does not involve ICMP ECHO broadcast packets
D: A DoS attack does not use spoofing or ICMP ECHO broadcasts. In a DoS attack the attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 587
This OSI layer has a service that negotiates transfer syntax and translates data to and from the transfer syntax for users, which may represent data using different syntaxes. At which of the following layers would you find such service? A. Session B. Transport C. Presentation D. Application
Correct Answer: C
The presentation layer is not concerned with the meaning of data, but with the syntax and format of the data. It works as a translator, translating the format an application is using to a standard format used for passing messages over a network.
Incorrect Answers:
A: The session layer provides the mechanism for opening, closing and managing a session between end-user application processes, i.e., a semi-permanent dialogue. Communication sessions consist of requests and responses that occur between applications.
B: The transport layer provide host-to-host communication services for applications. It provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing.
D: The application layer as the user interface responsible for displaying received information to the user.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 522
The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?
A. Standard model for network communications
B. Used to gain information from network devices such as count of packets received and routing tables
C. Enables dissimilar networks to communicate
D. Defines 7 protocol layers (a.k.a. protocol stack)
Correct Answer: B
The OSI/ISO Layers are not designed for monitoring network devices.
Incorrect Answers:
A: The OSI model is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to their underlying internal structure and technology.
C: The goal of the OSI model goal is the interoperability of diverse communication systems with standard protocols.
D: The original version of the OSI model defined seven protocol layers, defining a protocol stack.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 518
In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices? A. new loop B. local loop C. loopback D. indigenous loop
Correct Answer: B
In telephony, the local loop is the physical link or circuit that connects from the demarcation point of the customer premises to the edge of the common carrier or telecommunications service provider’s network.
Incorrect Answers:
A: New loop is not a type of connection.
C: A loopback interface is a serial communications transceiver can use loopback for testing its functionality.
D: Indigenous loop is not a type of connection.
References:
https://en.wikipedia.org/wiki/Local_loop
Communications and network security relates to transmission of which of the following? A. voice B. voice and multimedia C. data and multimedia D. voice, data and multimedia
Correct Answer: D
Security applies to all types of transmitted data whether it is voice, data or multimedia.
Incorrect Answers:
A: Not only voice transfer must be secure. Data and multimedia transmission must be secure as well.
B: Not only voice and multimedia transfers must be secure. Data transmission must be secure as well.
C: Not only data and multimedia transfers must be secure. Voice transmission must be secure as well.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 515
One of the following assertions is NOT a characteristic of Internet Protocol Security (IPSec)
A. Data cannot be read by unauthorized parties
B. The identity of all IPsec endpoints are confirmed by other endpoints
C. Data is delivered in the exact order in which it is sent
D. The number of packets being exchanged can be counted.
Correct Answer: C
IPSec uses the IP protocol to deliver packets. IP treats every packet independently, and the packets can arrive out of order.
Incorrect Answers:
A: The Internet Protocol Security (IPSec) protocol suite provides a method of setting up a secure channel for protected data exchange between two devices.
IPSec data cannot be read by unauthorized parties.
B: IPSec, through the use of IKE (Internet Key Exchange), ensures the identity of each endpoint is confirmed by the other endpoints.
D: An ESP packet, used by IPSec to transfer data, includes a Sequence Number which counts the packets that have been transmitted.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 860
One of the following statements about the differences between PPTP and L2TP is NOT true
A. PPTP can run only on top of IP networks.
B. PPTP is an encryption protocol and L2TP is not.
C. L2TP works well with all firewalls and network devices that perform NAT.
D. L2TP supports AAA servers
Correct Answer: C
L2TP is not compatible with NAT.
Incorrect Answers:
A: PPTP was designed to provide a way to tunnel PPP connections through an IP network.
B: PPTP uses PPP data packets that encrypted using Microsoft Point to Point Encryption (MPPE), while L2TP on the other hand does not provide any encryption or confidentiality by itself.
D: Radius AAA servers can be configured to use L2TP tunnels.
References:
, 6th Edition, McGraw-Hill, New York, 2013, pp. 702-703
An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as: A. Netware availability B. Network availability C. Network acceptability D. Network accountability
Correct Answer: B
Network availability can be defined as an area of the of the Telecommunications and Network Security domain that directly affects the Information Systems
Security tenet of Availability.
Incorrect Answers:
A: Netware is a protocol family from the Novell Corporation, and not an area within the Network Security domain.
C: Network acceptability is not an area in the Telecommunications and Network Security domain.
D: Network accountability is not an area in the Telecommunications and Network Security domain.
What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable? A. 80 meters B. 100 meters C. 185 meters D. 500 meters
Correct Answer: B
The maximum length of a Category 5 10Base-T cable is 100 meters.
Incorrect Answers:
A: The maximum length is 100 meters, not 80 meters.
C: The maximum length is 100 meters, not 185 meters.
D: The maximum length is 100 meters, not 500 meters.
References:
https://en.wikipedia.org/wiki/Ethernet_over_twisted_pair
Secure Sockets Layer (SSL) is very heavily used for protecting which of the following? A. Web transactions. B. EDI transactions. C. Telnet transactions. D. Electronic Payment transactions.
Correct Answer: A
The Secure Sockets Layer (SSL) protects mainly web-based traffic.
Incorrect Answers:
B: The Secure Sockets Layer (SSL) does not protect EDI transactions. It protects Web transactions.
C: The Secure Sockets Layer (SSL) protects Web transactions, not Telnet transactions.
D: The Secure Sockets Layer (SSL) protects Web transactions, not Electronic Payment transactions.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 708
Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the:
A. Transport Layer Security (TLS) Internet Protocol.
B. Transport Layer Security (TLS) Data Protocol.
C. Transport Layer Security (TLS) Link Protocol.
D. Transport Layer Security (TLS) Handshake Protocol.
Correct Answer: D
The TLS protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol.
Incorrect Answers:
A: TLS Internet Protocol is not part of the Transport Layer Security (TLS) protocol.
B: TLS Data Protocol is not part of the Transport Layer Security (TLS) protocol.
C: TLS Link Protocol is not part of the Transport Layer Security (TLS) protocol.
References:
https://en.wikipedia.org/wiki/Transport_Layer_Security
Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for: A. Peer Authentication B. Peer Identification C. Server Authentication D. Name Resolution
Correct Answer: A
Peer authentication is an integral part of the SSL protocol. Peer authentication relies on the availability of trust anchors and authentication keys.
Incorrect Answers:
B: Peer authentication, not peer identification, is part of the SSL protocol.
C: SSL uses Peer authentication, not Server Authentication, for encrypting data that is sent over a session.
D: SSL uses Peer authentication, not Name Resolution, for encrypting data that is sent over a session.
Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length? A. Fiber Optic cable B. Coaxial cable C. Twisted Pair cable D. Axial cable
Correct Answer: A
Because fiber-optic cable passes electrically non-conducting photons through a glass medium, it is immune to electromagnetic interference.
Incorrect Answers:
B: As an electromagnetic field carries the signal in the Coaxial cable, the signal can be affected by external inference.
C: As an electromagnetic field carries the signal in the Twisted Pair cable, the signal can be affected by external inference.
D: An axial cable is a coaxial cable with only one conductor instead of two conductors. Compared to a coaxial cable the axial cable is more vulnerable to electromagnetic interference.
References:
, 5th Edition, Sybex, Indianapolis, 2011,
p. 100
Which of the following methods of providing telecommunications continuity involves the use of an alternative media? A. Alternative routing B. Diverse routing C. Long haul network diversity D. Last mile circuit protection
Correct Answer: A
Alternative routing provides two different cables from the local exchange to your site, so you can protect against cable failure as your service will be maintained on the alternative route.
Incorrect Answers:
B: With diverse routing, you can protect not only against cable failure but also against local exchange failure as there are two separate routes from two exchanges to your site.
C: Lang-haul refers to circuits that span large distances, not between your site and the local exchange, such as interstate or international.
D: Last mile circuit protection does not provide an extra connection.
References:
https://en.wikipedia.org/wiki/Routing_in_the_PSTN
Which port does the Post Office Protocol Version 3 (POP3) make use of? A. 110 B. 109 C. 139 D. 119
Correct Answer: A POP3 uses port 110. Incorrect Answers: B: Port 109 is used by POP2. C: Port 139 is used by the NetBIOS Session Service. D: Port 119 is used by NNTP. References: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Behavioral-based systems are also known as? A. Profile-based systems B. Pattern matching systems C. Misuse detective systems D. Rule-based IDS
Correct Answer: A
Behavioral-based IDSs are also known as profile-based systems.
Incorrect Answers:
B: A pattern matching IDS does not work in the same way as a Behavioral-based IDS.
C: There is no Intrusion Detection System type called Misuse detective systems.
D: A Rule-based IDS does not work in the same way as a Behavioral-based IDS.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 260
Which OSI/ISO layer defines how to address the physical devices on the network? A. Session layer B. Data Link layer C. Application layer D. Transport layer
Correct Answer: B
The data link layer is responsible for proper communication within the network components and for changing the data into the necessary format (electrical voltage) for the physical layer.
Incorrect Answers:
A: The session layer protocols set up connections between applications; maintain dialog control; and negotiate, establish, maintain, and tear down the communication channel.
C: The protocols at the application layer handle file transfer, virtual terminals, network management, and fulfilling networking requests of applications.
D: The protocols at the transport layer handle end-to-end transmission and segmentation of a data stream.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 528
Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel? A. Transport layer B. Network layer C. Data link layer D. Physical layer
Correct Answer: C
The data link layer is responsible for proper communication within the network devices and for changing the data into the necessary format (electrical voltage) for the physical link or channel.
Incorrect Answers:
A: The protocols at the transport layer handle end-to-end transmission and segmentation of a data stream.
B: The responsibilities of the network layer protocols include internetworking service, addressing, and routing.
D: The physical layer include network interface cards and drivers that convert bits into electrical signals and control the physical aspects of data transmission
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 531
Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces? A. Transport layer B. Network layer C. Data link layer D. Physical layer
Correct Answer: D
X.25, V.35, X21 and HSSI all work at the physical layer in the OSI model.
X.25 is an older WAN protocol that defines how devices and networks establish and maintain connections.
V.35 is the interface standard used by most routers and DSUs that connect to T-1 carriers.
X21 is a physical and electrical interface.
High-Speed Serial Interface (HSSI) is a short-distance communications interface.
Incorrect Answers:
A: X.25, V.35, X21 and HSSI all work at the physical layer, not the transport layer.
B: X.25, V.35, X21 and HSSI all work at the physical layer, not the network layer.
C: X.25, V.35, X21 and HSSI all work at the physical layer, not the data link layer.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 679
How many layers are defined within the US Department of Defense (DoD) TCP/IP Model? A. 7 B. 5 C. 4 D. 3
Correct Answer: C
The TCP/IP model includes the following four layers: application, host-to-host, Internet, and Network access.
Incorrect Answers:
A: The OSI have seven layers, while the TCP/IP model only has four layers.
B: The TCP/IP model has four layers, not five.
D: The TCP/IP model has four layers, not three.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 518
Which layer of the DoD TCP/IP model controls the communication flow between hosts? A. Internet layer B. Host-to-host transport layer C. Application layer D. Network access layer
Correct Answer: B
The Host-to-host transport layer provides end-to-end data transport services and establishes the logical connection between two communicating hosts.
Incorrect Answers:
A: The internet layer has the responsibility of sending packets across potentially multiple networks. This process is called routing.
C: The application layer includes the protocols used by most applications for providing user services or exchanging application data over the network connections established by the lower level protocols.
D: The link layer (network access layer) is used to move packets between the Internet layer interfaces of two different hosts on the same link.
References:
, 6th Edition, McGraw-Hill, New York, 2013, p. 525
