CISSP – Certified Information Systems Security Professional 1377 security questions with answers
Download file with the answers
CISSP – Certified Information Systems Security Professional 1377 security questions with answers
1 file(s) 533.58 KB
Not a member!
Create a FREE account here to get access and download this file with answers
1-a potential problem related to the physical installation of the Iris Scanner in regard so the usage of the iris pattern within a biometric system is: the optical unit must be positioned so that the sun does not shine into the aperture.
2-In Mandatory Access Control, sensitivity labels attached to object contain what information?
The item’s classification and category set
3-Which of the following is true about Kerberos? It depends on symmetric ciphers,
4-Which of the following is needed for System Accountability? Audit mechanisms.
5-What is Kerberos? a trusted third-party authentication protocol.
6-Kerberos depends upon what encryption method? Secret key cryptography.
7-A confidential number used as an authentication factor to verify a user’s identity is called a:PIN
8-Individual accountability does not include which of the following?policies & procedures
9-Which of the following exemplifies proper separation of duties? Operators are not permitted modify the system time.
10-An access control policy for a bank teller is an example of the implementation of which of the following?Role-based policy
11-Which one of the following authentication mechanisms creates a problem for mobile users?Mechanisms based on IP addresses
12-Organizations should consider which of the following first before allowing external access to their LANs via
the Internet?Plan for considering proper authentication options.
13-Kerberos can prevent which one of the following attacks? Playback (replay) attack.
14-In discretionary access environments, which of the following entities is authorized to grant information access to other people?
Data Owner
15-What is the main concern with single sign-on?Maximum unauthorized access would be possible if a password is disclosed.
16-Who developed one of the first mathematical models of a multilevel-security computer system?Bell and LaPadula.
17-Which of the following attacks could capture network user passwords?Sniffing
18-Which of the following would constitute the best example of a password to use for access to a system by a network administrator?
GyN19Za!
19-What physical characteristic does a retinal scan biometric device measure?The pattern of blood vessels at the back of the eye
20-The Computer Security Policy Model the Orange Book is based on is which of the following?Bell-LaPadula
21-The end result of implementing the principle of least privilege means which of the following?
Users would get access to only the info for which they have a need to know
22-Which of the following is the most reliable authentication method for remote access?Synchronous token
23-Which of the following is true of two-factor authentication?It relies on two independent proofs of identity
24-The primary service provided by Kerberos is which of the following? authentication
25-There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we
compare them side by side, Kerberos tickets correspond most closely to which of the following? public-key certificates
26-In which of the following security models is the subject’s clearance compared to the object’s classification
such that specific rules can be applied to control how the subject-to-object interactions take place? Bell-LaPadula model
27-Which of the following was developed to address some of the weaknesses in Kerberos and uses public
key cryptography for the distribution of secret keys and provides additional access control support? SESAME
28-Single Sign-on (SSO) is characterized by which of the following advantages?Convenience and centralized administration
29-What is the primary role of smartcards in a PKI?Tamper resistant, mobile storage and application of private keys of the users
30-What kind of certificate is used to validate a user identity?Public key certificate
31-The following is NOT a security characteristic we need to consider while choosing a biometric identification
systems cost
32-In biometric identification systems, at the beginning, it was soon apparent that truly positive identification
could only be based on physical attributes of a person. This raised the necessity of answering 2 questions
what part of body to be used and how to accomplish identification that is viable
33-In biometric identification systems, the parts of the body conveniently available for identification are: hands, face, and eyes
34-Controlling access to information systems and associated networks is necessary for the preservation of
their: Confidentiality, integrity, and availability.
35-To control access by a subject (an active entity such as individual or process) to an object (a passive entity
such as a file) involves setting up:Access Rules
36-Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control?
Non-Discretionary Access Control (NDAC)
37-The type of discretionary access control (DAC) that is based on an individual’s identity is also called:
Identity-based Access control
38-Which access control type has a central authority that determine to what objects the subjects have access
to and it is based on role or on the organizational security policy? Non-Discretionary Access Control
39-Which of the following control pairings include: organizational policies and procedures, pre- employment
background checks, strict hiring practices, employment agreements, employee termination procedures,
vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training,
behavior awareness, and sign-up procedures to obtain access to information systems and networks?
Preventive/Administrative Pairing
40-Technical controls such as encryption and access control can be built into the operating system, be
software applications, or can be supplemental hardware/software units. Such controls, also known as
logical controls, represent which pairing? Preventive/Technical Pairing
41-What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the
individuals requesting access to resources? Biometrics
42-What is called the access protection system that limits connections by calling back the number of a
previously authorized location? Callback systems
43-What are called user interfaces that limit the functions that can be selected by a user? Constrained user interfaces
44-Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated
with: Detective/administrative
45-The control measures that are intended to reveal the violations of security policy using software and
hardware are associated with: Detective/technical
46-The controls that usually require a human to evaluate the input from sensors or cameras to determine if a
real threat exists are associated with: Detective/physical
47-External consistency ensures that the data stored in the database is:consistent with the real world.
48-A central authority determines what subjects can have access to certain objects based on the
organizational security policy is called: Non-Discretionary Access Control
49-What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? Identification
50-Which one of the following factors is NOT one on which Authentication is based?
Type 4 Something you are, such as a system administrator or security administrator
51-A central authority determines what subjects can have access to certain objects based on the organizational security policy is called: Non-Discretionary Access Control
52-What is called the act of a user professing an identity to a system, usually in the form of a log-on ID? Identification
53-What is called the verification that the user’s claimed identity is valid and is usually implemented through a user password at log-on time? Authentication
54-Which one of the following factors is NOT one on which Authentication is based?
Type 4 Something you are, such as a system administrator or security administrator
55-The act of requiring two of the three factors to be used in the authentication process refers to:Two-Factor Authentication
56-Which type of password provides maximum security because a new password is required for each new
log-on? One-time or dynamic password
57-What is called a password that is the same for each log-on session? static password
58-What is called a sequence of characters that is usually longer than the allotted number for a password? passphrase
59-Which best describes a tool (i.e. keyfob, calculator, memory card or smart card) used to supply dynamic
passwords? Tokens
60-Which of the following would be true about Static password tokens?The owner identity is authenticated by the token
61-In Synchronous dynamic password tokens:The token generates a new non-unique password value at fixed time intervals (this password could be based on the time of day encrypted with a secret key).
62-In biometrics, “one-to-many” search against database of stored biometric images is done in:Identification
63-Which of the following is true of biometrics?
It is used for identification in physical controls and for authentication in logical controls
64-What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication
system? False Rejection Rate (FRR) or Type I Error
65-What is called the percentage of invalid subjects that are falsely accepted by a Biometric authentication
system? False Acceptance Rate (FAR) or Type II Error
66-What is called the percentage at which the False Rejection Rate equals the False Acceptance Rate?Crossover Error Rate (CER)
67-Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following? Acceptability of biometrics systems
68-Which of the following offers advantages such as the ability to use stronger passwords, easier password
administration, one set of credential, and faster resource access? Single Sign-On (SSO)
69-Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?
Once an individual obtains access to the system through the initial log-on, they have access to all
resources within the environment that the account has access to.
70-Which of the following is implemented through scripts or smart agents that replays the users multiple logins
against authentication servers to verify a user’s identity which permit access to system services?Single Sign-On
71-Which of the following is NOT true of the Kerberos protocol?
The initial authentication steps are done using public key algorithm.
72-The authenticator within Kerberos provides a requested service to the client after validating which of the
following? timestamp
73-Which of the following is addressed by Kerberos? Confidentiality and Integrity
74-Kerberos is vulnerable to replay in which of the following circumstances?
When a ticket is compromised within an allotted time window.
75-Like the Kerberos protocol, SESAME is also subject to which of the following? password guessing
76-RADIUS incorporates which of the following services?
Authentication server as well as support for Static and Dynamic passwords.
77-Which of the following protects a password from eavesdroppers and supports the encryption of
communication?Challenge Handshake Authentication Protocol (CHAP)
78-Which of the following represents the columns of the table in a relational database? attribute
79-A database view is the results of which of the following operations? Join, Project, and Select.
80-Which of the following is used to create and modify the structure of your tables and other objects in the
database? SQL Data Definition Language (DDL)
81-Which of the following is used to monitor network traffic or to monitor host audit logs in real time to
determine violations of system security policy that have taken place? Intrusion Detection System
82-Which of the following monitors network traffic in real time? network-based IDS
83-A host-based IDS is resident on which of the following? On each of the critical hosts
84-Which of the following usually provides reliable, real-time information without consuming network or host
resources? network-based IDS
85-The fact that a network-based IDS reviews packets payload and headers enable which of the following?
Detection of denial of service
86-Which of the following reviews system and event logs to detect attacks on the host and determine if the
attack was successful? host-based ID
87-What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?
It can be very invasive to the host operating system
88-Attributes that characterize an attack are stored for reference using which of the following Intrusion
Detection System (IDS)? signature-based IDS
89-Which of the following is an issue with signature-based intrusion detection systems?
Only previously identified attack signatures are detected.
90-Which of the following is an IDS that acquires data and defines a “normal” usage profile for the network or
host? Statistical Anomaly-Based ID
91-Which of the following is most relevant to determining the maximum effective cost of access control?
the value of information that is protected.
92-Which of the following is NOT a factor related to Access Control? authenticity
93-Which of the following is most appropriate to notify an external user that session monitoring is being
conducted? Logon Banners
94-Which of the following pairings uses technology to enforce access control policies?Preventive/Technica
95-In the course of responding to and handling an incident, you work on determining the root cause of the
incident. In which step are you in? Analysis and tracking
96-Access control is the collection of mechanisms that permits managers of a system to exercise a directing
or restraining influence over the behavior, use, and content of a system. It does not permit management to:
specify how to restrain hackers
97-Access Control techniques do not include which of the following choices? Relevant Access Controls
98-Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the
Strong Star property is not being used)?A subject is not allowed to read down.
99-When a biometric system is used, which error type deals with the possibility of GRANTING access to
impostors who should be REJECTED? Type II error
100-Which of the following is the FIRST step in protecting data’s confidentiality?Identify which information is sensitive
101-Which of the following best ensures accountability of users for the actions taken within a system or
domain? Authentication
102-Which of the following statements pertaining to biometrics is FALSE?User can be authenticated by what he knows
103-Which of the following biometric devices offers the LOWEST CER? Iris sca
104-Which of the following is the WEAKEST authentication mechanism? Passwords
105-Which of the following statements pertaining to access control is false?
If access is not explicitly denied, it should be implicitly allowed.
106-Which of the following is NOT part of the Kerberos authentication protocol? Public Key
107-Which access control model enables the OWNER of the resource to specify what subjects can access
specific resources based on their identity? Discretionary Access Control
108-Which of the following access control models is based on sensitivity labels? Mandatory access control
109-Which access control model is also called Non Discretionary Access Control (NDAC)?
Role-based access control
110-Which access model is most appropriate for companies with a high employee turnover?
Role-based access control
111-In a security context what are database views used for
To restrict user access to data in a database
112-What can be defined as a list of subjects along with their access rights that are authorized to access a
specific object?An access control list
113-What is the difference between Access Control Lists (ACLs) and Capability Tables?Access control lists are related/attached to an object whereas capability tables are related/attached to a subject.
114-What can be defined as a table of subjects and objects indicating what actions individual subjects can take
upon individual objects? An access control matrix
115-Which access control model is best suited in an environment where a high security level is required and
where it is desired that only the administrator grants access control? MAC
116-What is the primary goal of setting up a honey pot?To know when certain types of attacks are in progress and to learn about attack techniques so the network can be fortified.
117-Which of the following countermeasures would be the most appropriate to prevent possible intrusion or
damage from wardialing attack Require user authentication
118-Which access control model provides upper and lower bounds of access capabilities for a subject? Lattice-based access control
119-How are memory cards and smart cards different? Memory cards have no processing power
120Which of the following issues is not addressed by Kerberos? Availability
121-Why do buffer overflows happen? What is the main cause?Because of improper parameter checking within the application
122-What is the main focus of the Bell-LaPadula security model? Confidentiality
123-Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of
the strong star property? It allows “read up.”
124-Which security model introduces access to objects only through programs? The Clark-Wilson model
125An Intrusion Detection System (IDS) is what type of control? A detective control.
126-Smart cards are an example of which type of control?Technical control
127-What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of
an information system? Assurance procedures
128What security model is dependent on security labels?Mandatory access control
129-What security model implies a central authority that define rules and sometimes global rules, dictating what
subjects can have access to what objects?Non-discretionary access control
129-Which type of password token involves time synchronization?Synchronous dynamic password tokens
130-Which of the following statements pertaining to biometrics is false?
Biometrics are based on the Type 2 authentication mechanism
131-Which of the following statements pertaining to Kerberos is TRUE?Kerberos does not address availability
132-Database views are NOT used to:Implement referential integrity
133-What IDS approach relies on a database of known attacks?Signature-based intrusion detection
134-What refers to legitimate users accessing networked services that would normally be restricted to them?Logon abuse
135-Which of the following is not a two-factor authentication mechanism?Something you know and a password
136-Which of the following access control models introduces user security clearance and data classification?
Mandatory access control
137-Password management falls into which control category?Preventive
138-Which of the following access control models requires security clearance for subjects?Mandatory access control
139-Which of the following would describe a type of biometric error refers to as false rejection rate?Type I error
140-Which of the following access control models requires defining classification for objects?Mandatory access control
141-In the context of access control, locks, gates, guards are examples of which of the following?Physical controls
142-Which of the following statements pertaining to Kerberos is true?Kerberos is a credential-based authentication system.
143-Which of the following statements pertaining to using Kerberos without any extension is false?
Kerberos uses public key cryptography.
144-Which access control model would a lattice-based access control model be an example of?Mandatory access control.
145-Which of the following is an example of discretionary access control?Identity-based access control
146-Which of the following would be used to implement Mandatory Access Control (MAC)?Lattice-based access control
147-What does the Clark-Wilson security model focus on?Integrity
148-What does the simple security (ss) property mean in the Bell-LaPadula model?No read u
149-What does the * (star) property mean in the Bell-LaPadula model?No write down
150-What does the * (star) integrity axiom mean in the Biba model?No write up
151-What is the Biba security model concerned with? Integrity
152-Which security model uses division of operations into different parts and requires different users to perform
each part?Clark-Wilson model
153-Which type of control is concerned with avoiding occurrences of risks?Preventive controls
154-Which type of control is concerned with restoring controls?Corrective controls
155-Which of the following biometric parameters are better suited for authentication use over a long period of
time?Iris patter
156-Which of the following is required in order to provide accountability?Audit trails
157-Which of the following access control techniques best gives the security officers the ability to specify and
enforce enterprise-specific security policies in a way that maps naturally to an organization’s structure?
Role-based access control
158-Which access control model was proposed for enforcing access control in government and military
applications?Bell-LaPadula model
159-Which access control model achieves data integrity through well-formed transactions and separation of
duties?Clark-Wilson model
160-This is a common security issue that is extremely hard to control in large environments. It occurs when a
user has more computer rights, permissions, and access than what is required for the tasks the user needs
to fulfill. What best describes this scenario?Excessive Privileges
161-Which of the following are additional access control objectives?Reliability and utility
162-Controls are implemented to:mitigate risk and reduce the potential for loss
163-Logical or technical controls involve the restriction of access to systems and the protection of information.
Which of the following statements pertaining to these types of controls is correct?
Examples of these types of controls are encryption, smart cards, access lists, and transmission
164-Controls provide accountability for individuals who are accessing sensitive information. This accountability
is accomplished:through access control mechanisms that require identification and authentication and through the audit
function.
165-In non-discretionary access control using Role Based Access Control (RBAC), a central authority
determines what subjects can have access to certain objects based on the organizational security policy.
The access controls may be based on:The individual’s role in the organization
166-In an organization where there are frequent personnel changes, non-discretionary access control using
Role Based Access Control (RBAC) is useful because:
the access controls are based on the individual’s role or title within the organization.
167-Detective/Technical measures:include intrusion detection systems and automatically-generated violation reports from audit trail information.
168-Another type of access control is lattice-based access control. In this type of control a lattice model is
applied. How is this type of access control concept applied?
The pair of elements is the subject and object, and the subject has an upper bound equal or higher
169-Passwords can be required to change monthly, quarterly, or at other intervals:
depending on the criticality of the information needing protection and the password’s frequency of use.
170-When submitting a passphrase for authentication, the passphrase is converted into …
a virtual password by the system.
171-In the context of Biometric authentication, what is a quick way to compare the accuracy of devices. In
general, the device that have the lowest value would be the most accurate. Which of the following would
be used to compare accuracy of devices?the CER is used.
172-The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or
authenticated by a biometric system. Acceptable throughput rates are in the range
of:10 subjects per minute.
173-Which of the following biometric devices has the lowest user acceptance level? Retina Sca
174-Which of the following would be an example of the best password? T1me4g0lF
175-Which of the following tools is less likely to be used by a hacker? Tripwire
176-What is an error called that causes a system to be vulnerable because of the environment in which it is installed?
Environmental error
177-A network-based vulnerability assessment is a type of test also referred to as:An active vulnerability assessment.
178-Why would anomaly detection IDSs often generate a large number of false positives?
Because normal patterns of user and system behavior can vary wildly
179-Ensuring least privilege does not require:
Ensuring that the user alone does not have sufficient rights to subvert an important process.
180-Which of the following is NOT a form of detective technical control?Access control softwar
181-Which of the following does not apply to system-generated passwords?
Passwords are more vulnerable to brute force and dictionary attacks.
182-Which of the following is not a preventive login control?Last login message
183-What is the most critical characteristic of a biometric identifying system? Accuracy
184-What is considered the most important type of error to avoid for a biometric access control system?Type II Error
185-How can an individual/person best be identified or authenticated to prevent local masquerading attacks?Biometrics
186-Which authentication technique best protects against hijacking?Continuous authentication
187-Which of the following is not a security goal for remote access? Automated login for remote users
188-Which of the following is most concerned with personnel security? Operational controls
189-Which of the following questions is less likely to help in assessing identification and authentication
controls? Is there a process for reporting incidents?
190-How would nonrepudiation be best classified as? A preventive control
191-What are cognitive passwords?Fact or opinion-based information used to verify an individual’s identity.
192-Which of the following Kerberos components holds all users’ and services’ cryptographic keys?The Key Distribution Center
193-Most access violations are:Accidental
194-Which of the following biometrics devices has the highest Crossover Error Rate (CER)? Voice pattern
195-Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)? Administration
196-Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access
Control System TACACS for communication between clients and servers? UDP
197-Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector
Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.
198-In the Bell-LaPadula model, the Star-property is also called:The confinement property
199-An attack initiated by an entity that is authorized to access system resources but uses them in a way not
approved by those who granted the authorization is known as a(n): inside attack.
200-Which of the following can be defined as a framework that supports multiple, optional authentication
mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences?
Extensible Authentication Protocol
201-What is the name of the first mathematical model of a multi-level security policy used to define the concept
of a secure state, the modes of access, and rules for granting access? Bell-LaPadula Model
202-What is the PRIMARY use of a password? Authenticate the user
203-The three classic ways of authenticating yourself to the computer security software are:
something you know, something you have, and something: you are.
204-An access system that grants users only those rights necessary for them to perform their work is operating
on which security principle? Least Privilege
205-Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used
for Authentication. When one of these item listed above in conjunction with a second factor to validate
authentication, it provides robust authentication of the individual by practicing which of the following?
Two-factor authentication
206-What would you call a network security control deployed in line to detects, alerts, and takes action when a
possible intrusion is detected. Intrusion Prevention System (IPS)
207-What is a security policy?High level statements on management’s expectations that must be met in regards to security
208-Legacy single sign on (SSO) is:A mechanism where users can authenticate themselves once, and then a central repository of their credentials is used to launch various legacy applications.
209-Identity Management solutions include such technologies as Directories services, Single Sign-On and Web
Access management. There are many reasons for management to choose an identity management
solution. It must be able to scale to support high volumes of data and peak transaction rates.
210-Which of the following describes the sequence of steps required for a Kerberos session to be established
Principal P1 authenticates to the Key Distribution Center(KDC), Principal P1 receives a Ticket Granting
Ticket (TGT), and Principal P1 requests a service ticket from the Ticket Granting Service (TGS) in
order to access the application server P2
211-Which type of security control is also known as “Logical” control? Technical
212-Which of the following term best describes a weakness that could potentially be exploited? Vulnerability
213-Which of the following best describes an exploit?
A chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order
to cause unintended or unanticipated behavior to occur on computer software
214-A smart Card that has two chips with the Capability of utilizing both Contact and Contactless formats is
called: Hybrid Cards
215-An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to the
true ceiling and installs a white noise generator. What attack is the employee trying to protect against?Emanation Attacks
216-The best technique to authenticate to a system is to:
Ensure the person is authenticated by something he knows and something he has.
217-Business Impact Analysis (BIA) is about Supporting the mission of the organization
218-You wish to make use of “port knocking” technologies. How can you BEST explain this?Port knocking is where the client will attempt to connect to a predefined set of ports to identify him as an authorized client.
219-Tim is a network administrator of Acme inc. He is responsible for configuring the network devices. John the
new security manager reviews the configuration of the Firewall configured by Tim and identifies an issue.
This specific firewall is configured in failover mode with another firewall. A sniffer on a PC connected to the
same switch as the firewalls can decipher the credentials, used by Tim while configuring the firewalls.
Which of the following should be used by Tim to ensure a that no one can eavesdrop on the
communication? SSH
220-Tim’s day to day responsibilities include monitoring health of devices on the network. He uses a Network
Monitoring System supporting SNMP to monitor the devices for any anomalies or high traffic passing
through the interfaces. Which of the protocols would be BEST to use if some of the requirements are to
prevent easy disclosure of the SNMP strings and authentication of the source of the packets?SNMP V3
221-You have been approached by one of your clients . They are interested in doing some security reengineering
. The client is looking at various information security models. It is a highly secure environment
where data at high classifications cannot be leaked to subjects at lower classifications . Of primary concern
to them, is the identification of potential covert channel. As an Information Security Professional , which
model would you recommend to the client?Information Flow Model combined with Bell Lapadula
222-Which of the following is a reasonable response from the Intrusion Detection System (IDS) when it detects
Internet Protocol (IP) packets where the IP source address and port is the same as the destination IP
address and port? Record selected information about the packets and drop the packets
223-What is the BEST definition of SQL injection. SQL injection is an input validation problem.
224-You are a security consultant who is required to perform penetration testing on a client’s network. During
penetration testing, you are required to use a compromised system to attack other systems on the network
to avoid network restrictions like firewalls. Which method would you use in this scenario: Pivoting method
225-Which answer best describes a computer software attack that takes advantage of a previously unpublished
vulnerability? Zero-Day Attack
226-Data which is properly secured and can be described with terms like genuine or not corrupted from the
original refers to data that has a high level of what? Authenticity
227-Which of the following is most appropriate to notify an internal user that session monitoring is being
conducted? Written agreement
228-A Differential backup process will:Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1
229-When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason? Human error
230-Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards
that describe technologies at that layer? LCL and MAC; IEEE 8022 and 8023
231-Which of the following is NOT part of user provisioning? Business process implementation
232-Which of the following answers best describes the type of penetration testing where the analyst has full
knowledge of the network on which he is going to perform his test? White-Box Penetration Testing
233-Which access control method allows the data owner (the person who created the file) to control access to
the information they own? DAC – Discretionary Access Control
234-Suppose you are a domain administrator and are choosing an employee to carry out backups. Which
access control method do you think would be best for this scenario? RBAC – Role-Based Access Control
235-Of the seven types of Access Control Categories, which is described as such?
Designed to specify rules of acceptable behavior in the organization. Example: Policy stating that
employees may not spend time on social media websites Directive Access Control
236-Which of the following is NOT a disadvantage of Single Sign On (SSO)?SSO improves an administrator’s ability to manage user’s account and authorization to all associated system
237-You are a manager for a large international bank and periodically move employees between positions in
your department. What is this process called? Job Rotation
238-Which of the following control is intended to discourage a potential attacker? Deterrent
239-Which of the following security control is intended to avoid an incident from occurring? Preventive
240-Which of the following control helps to identify an incident’s activities and potentially an intruder? Detective
241-Which of the following is NOT an example of preventive control? Duplicate checking of a calculations
242-Which of the following is NOT an example of corrective control? System Monitoring
243-Which of the following is NOT an example of a detective control? Backup data restore
244-During an IS audit, auditor has observed that authentication and authorization steps are split into two
functions and there is a possibility to force the authorization step to be completed before the authentication
step. Which of the following technique an attacker could user to force authorization step before
authentication? Race Condition
245-Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)? Race Condition
246-Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by
users? Retina scan
247-During an IS audit, one of your auditor has observed that some of the critical servers in your organization
can be accessed ONLY by using shared/common user name and password. What should be the auditor’s
PRIMARY concern be with this approach? Accountability
248-Which of the following testing method examines the functionality of an application without peering into its
internal structure or knowing the details of it’s internals? Black-box testing
249-Which of the following testing method examines internal structure or working of an application? White-box testing
222222222222222222222222222222222222222222222222222222
250-Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the
context or state of the request? TCP
251-When referring to the data structures of a packet, the term Protocol Data Unit (PDU) is used, what is the
proper term to refer to a single unit of TCP data at the transport layer? TCP segment.
252-How do you distinguish between a bridge and a router?The bridge connects multiple networks at the data link layer, while router connects multiple networks at the network layer.
253-ICMP and IGMP belong to which layer of the OSI model? Network Layer.
254-What is a limitation of TCP Wrappers? It cannot control access to running UDP services.
255-The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained
within the IP datagram? ICMP.
256-The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained
within the IP datagram?IGMP.
257-What is the proper term to refer to a single unit of IP data? IP datagram.
258-A packet containing a long string of NOP’s followed by a command is usually indicative of what?A buffer overflow attack
259-In the days before CIDR (Classless Internet Domain Routing),networks were commonly organized by classes.Which of the following would have been true of a Class C network?The first two bits of the IP address would be set to one, and the third bit set to zero
260-Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid
address to use on the Internet)? 192.168.42.5
261-In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by
classes. Which of the following would have been true of a Class A network?The first bit of the IP address would be set to zero.
262-Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid
address to use on the Internet)? 10.0.42.5
263-Which one of the following authentication mechanisms creates a problem for mobile users?Mechanisms based on IP addresses
264-Which of the following media is MOST resistant to tapping? fiber optic.
265-Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic? a firewall
266-Which one of the following is usually not a benefit resulting from the use of firewalls? prevents the spread of viruses.
267-Which of the following DoD Model layer provides non-repudiation services? application layer.
268-What is the 802.11 standard related to? Wireless network communications
269-Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program
located in another computer in a network. Within which OSI/ISO layer is RPC implemented? Session layer
270-Frame relay and X.25 networks are part of which of the following?v Packet-switched services
271-Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided?Data Link
272-In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided?Transport
273-Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP)? TCP is connection-oriented, UDP is not
274-The standard server port number for HTTP is which of the following? 80
275-Looking at the choices below, which ones would be the most suitable protocols/tools for securing e-mail? PGP and S/MIME
276-Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI
model? IPsec and L2TP
277-What is the role of IKE within the IPsec protocol? peer authentication and key exchange
278-What is NOT an authentication method within IKE and IPSec? CHAP
279What is NOT true with pre shared key authentication withinIKE/IPsec protocol?Needs a Public Key Infrastructure(PKI)to work
280-In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session
between a client and a server?Server authentication (mandatory) and client authentication (optional)
281-What kind of encryption is realized in the S/MIME-standard? Public key based, hybrid encryption scheme
282-Which of the following is true of network security? A firewall is a necessity in today’s connected world.
283-Which of the following best describes signature-based detection?Compare system activity, looking for events or sets of events that match a predefined pattern of events that describe a known attack.
284-Which layer deals with Media Access Control (MAC) addresses? Data link layer
285-What is a decrease in amplitude as a signal propagates along a transmission medium best known as? Attenuation
286-Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer
7 of the ISO/OSI Model? Gateway
287-In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols? Transport layer
288-Which of the following transmission media would NOT be affected by cross talk or interference? Fiber optic cables
289-What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast
packet so it seems to have originated at the victim’s system, in order to flood it with REPLY packets? Smurf attack
290-Why are coaxial cables called “coaxial”?
it includes one physical channel that carries the signal surrounded (after a layer of insulation) by
another concentric physical channel, both running along the same axis
291-The International Organization for Standardization / Open Systems Interconnection (ISO/OSI) Layer 7
does NOT include which of the following? TCP (Transmission Control Protocol )
292-The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT
have which of the following characteristics?
Used to gain information from network devices such as count of packets received and routing tables
293-The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of
the following? Presentation Layer
294-In telephony different types of connections are being used. The connection from the phone company’s
branch office to local customers is referred to as which of the following choices? local loop
295-Communications and network security relates to transmission of which of the following? voice, data and multimedia
296-One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec)
Data is delivered in the exact order in which it is sent
297-One of these statements about the key elements of a good configuration process is NOT true
Control modifications to system hardware in order to prevent resource changes
298-One of the following statements about the differences between PPTP and L2TP is NOT true
L2TP works well with all firewalls and network devices that perform NAT.
299-You have been tasked to develop an effective information classification program. Which one of the
following steps should be performed first? Specify the criteria that will determine how data is classified
300-In the course of responding to and handling an incident, you work on determining the root cause of the
incident. In which step are you in? Analysis and tracking
301-Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion
detection?
Stateful matching scans for attack signatures by analyzing individual packets instead of traffic streams
302-Which of the following is NOT a characteristic of a host-based intrusion detection system?
A HIDS does not consume large amounts of system resources
303-Which of the following is NOT a correct notation for an IPv6 address? 2001:DB8::8:800::417A
304-Another example of Computer Incident Response Team (CIRT) activities is:
Management of the network logs, including collection, retention, review, and analysis of data
305-An area of the Telecommunications and Network Security domain that directly affects the Information
Systems Security tenet of Availability can be defined as: Netware availability
306-Which of the following is the correct set of assurance requirements for EAL 5? Semiformally designed and tested
307-Which of the following defines when RAID separates the data into multiple units and stores it on multiple
disks? striping
308-What is the process that RAID Level 0 uses as it creates one large disk by using several disks? striping
309-RAID Level 1 mirrors the data from one disk or set of disks using which of the following techniques?
duplicating the data onto another disk or set of disks.
310-Which of the following stripes the data and the parity information at the block level across all the drives in
the set? RAID Level 5
311-A group of independent servers, which are managed as a single system, that provides higher availability,
easier manageability, and greater scalability is: server cluster.
312-If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some
performance degradation. This implementation is sometimes called a: server farm
313-Which of the following backup methods is primarily run when time and tape space permits, and is used for
the system archive or baselined tape sets?full backup method.
314-Which backup method is used if backup time is critical and tape space is at an extreme premium?Incremental backup method.
315-Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a
much longer effective usable length? Fiber Optic cable
316-Which of the following methods of providing telecommunications continuity involves the use of an
alternative media? Alternative routing
317-Which SERVICE usually runs on port 25? Simple Mail Transfer Protocol (SMTP)
318-Which port does the Post Office Protocol Version 3 (POP3) make use of? 110
319-Which of the following are WELL KNOWN PORTS assigned by the IANA? Ports 0 to 1023
320-What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable? 100 meters
321-Secure Sockets Layer (SSL) is very heavily used for protecting which of the following? Web transactions.
322-Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS
Record Protocol and the:: Transport Layer Security (TLS) Handshake Protocol
323-Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the
bulk of the data being sent over the session and it uses asymmetric or public key cryptography for: Peer Authentication
324-Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? message integrity.
325-Packet Filtering Firewalls can also enable access for: only authorized application port or service numbers.
326-A packet filtering firewall looks at the data packet to get information about the source and destination
addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source and destination port
for the: desired service
327-A Packet Filtering Firewall system is considered a: first generation firewall.
328-Proxies works by transferring a copy of each accepted data packet from one network to another, thereby
masking the: data’s origin.
329-An application layer firewall is also called a: Proxy
330-Application Layer Firewalls operate at the: OSI protocol Layer seven, the Application Layer.
331-One drawback of Application Level Firewall is that it reduces network performance due to the fact that it
must analyze every packet and: decide what to do with each packet.
332-A circuit level proxy is ___________________ when compared to an application level proxy. lower in processing overhead.
333-In a stateful inspection firewall,data packets are captured by an inspection engine that is operating at the:
Network or Transport Layer.
334-When an outgoing request is made on a port number greater than 1023, this type of firewall creates an
ACL to allow the incoming reply on that port to pass: Dynamic packet filtering
335-A demilitarized zone is: the network segment between the Internet and a private network
336-A DMZ is located: right behind your first Internet facing firewall
337-The DMZ does not normally contain: encryption server
338-Good security is built on which of the following concept? The Concept of defense in depth
339-A DMZ is also known as a screened subnet
340-The Telecommunications Security Domain of information security is also concerned with the prevention
and detection of the misuse or abuse of systems,which poses a threat to the tenets of:
Confidentiality, Integrity, and Availability (C.I.A.).
341-Network-based Intrusion Detection systems:
Commonly reside on a discrete network segment and monitor the traffic on that network segment.
342-Which of the following are additional terms used to describe knowledge-based IDS and behavior-based
IDS? signature-based IDS and statistical anomaly-based IDS, respectively.
343-Knowledge-based Intrusion Detection Systems (IDS) are more common than: Behavior-based IDS
344-Which RAID Level often implements a one-for-one disk to disk ratio? RAID Level 1
345-The older coaxial cable has been widely replaced with twisted pair, which is extremely easy to work with,
inexpensive, and also resistant to multiple hosts failure at once, especially when used in one of the
following topology: Star Configuration.
346-Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient
when properly implemented? Token Ring.
347-Frame relay uses a public switched network to provide:Wide Area Network (WAN) connectivity.
348-Which of the following items is NOT primarily used to ensure integrity?
Redundant Array of Inexpensive Disks (RAID) system
349-Which of the following is most affected by denial-of-service (DOS) attacks? Availability
350-Which conceptual approach to intrusion detection system is the most common?Knowledge-based intrusion detection
351-Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and
their applicability to any given situation should be carefully considered. There are two basic IDS analysis
methods that exists. Which of the basic method is more prone to false positive? Anomaly Detection
352-What is the primary purpose of using redundant array of inexpensive disks (RAID) level zero?To improve system performance.
353-Which RAID implementation stripes data and parity at block level across all the drives?A. RAID RAID level 5
354-Which RAID level concept is considered more expensive and is applied to servers to create what is
commonly known as server fault tolerance? RAID level 1
355-Which backup method only copies files that have been recently added or changed and also leaves the
archive bit unchanged? Differential backup method
356-Which backup method does not reset the archive bit on files that are backed up? Differential backup method
357-Which of the following is a drawback of fiber optic cables? The expertise needed to install it.
358-What refers to legitimate users accessing networked services that would normally be restricted to them? Logon abuse
359-What is called an attack in which an attacker floods a system with connection requests but does not
respond when the target system replies to those requests? SYN attack
360-Which type of attack involves hijacking a session between a host and a target by predicting the target’s
choice of an initial TCP sequence number?TCP sequence number attack
361-Which OSI/ISO layer defines how to address the physical devices on the network? Data Link layer
362-Which layer defines how packets are routed between end systems? Network layer
363-At which of the OSI/ISO model layer is IP implemented? Network layer
364-Which ISO/OSI layer establishes the communications link between individual devices over a physical link
or channel? Data link layer
365-Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of Data link layer
366-Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces? Physical layer
367-How many layers are defined within the US Department of Defense (DoD) TCP/IP Model? 4
368-Which layer of the TCP/IP protocol model defines the IP datagram and handles the routing of data across
networks? Internet laye
369-Which layer of the TCP/IP protocol model would best correspond to the OSI/ISO model’s network layer? Internet layer
370-Which layer of the DoD TCP/IP model controls the communication flow between hosts? Host-to-host transport layer
371-How many bits compose an IPv6 address? 128 bits
372-What protocol is used on the Local Area Network (LAN) to obtain an IP address from it’s known MAC
address? Reverse address resolution protocol (RARP)
373-Which of the following security-focused protocols has confidentiality services operating at a layer different
from the others? Secure HTTP (S-HTTP)
374-Which of the following is the most secure firewall implementation? Screened-subnet firewalls
375-Which of the following is NOT a VPN communications protocol standard?
Challenge Handshake Authentication Protocol (CHAP)
376-What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at? Data link layer
377-Which of the following statements pertaining to VPN protocol standards is false? L2TP operates at the network layer.
378-Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec
packet? Tunnel mode
379-Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps)
according to the EIA/TIA-568-B standards? Category 5e UTP
380-In which LAN transmission method is a source packet copied and sent to specific multiple destinations but
not ALL of the destinations on the network? Multicast
381-Which of the following can prevent hijacking of a web session? SSL
382-What is defined as the rules for communicating between computers on a Local Area Network (LAN)?
LAN Media Access methods
383-Which of the following is a LAN transmission method? Broadcast
384-In what LAN topology do all the transmissions of the network travel the full length of cable and are received
by all other stations? Bus topology
385-Which of the following IEEE standards defines the token ring media access method? 802.5
386-Which of the following LAN devices only operates at the physical layer of the OSI/ISO model? Hub
387-Which of the following technologies has been developed to support TCP/IP networking over low-speed
serial interfaces? SLIP
388-Which xDSL flavour, appropriate for home or small offices, delivers more bandwidth downstream than
upstream and over longer distance? ADSL
389-Which of the following services is provided by S-RPC? Authentication
390-What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility? DS-1
391-Which of the following is the biggest concern with firewall security?Complex configuration rules leading to misconfiguration
392-Which of the following is the simplest type of firewall? Packet filtering firewall
393-Which of the following devices enables more than one signal to be sent out simultaneously over one
physical circuit? Multiplexer
394-Which of the following is NOT an advantage that TACACS+ has over TACACS? Event logging
395-Which of the following remote access authentication systems is the most robust? TACACS+
396-Which of the following is true about link encryption?This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
397-Which of the following protects Kerberos against replay attacks? Time stamps
398-Which of the following offers security to wireless communications? WTLS
399-Which of the following offers confidentiality to an e-mail message? The sender encrypting it with the receiver’s public key.
400-Which of the following is a Wide Area Network that was originally funded by the Department of Defense,
which uses TCP/IP for data interchange? the Internet.
401-An intranet is an Internet-like logical network that uses: a firm’s internal, physical network infrastructure.
402-An intranet provides more security and control than which of the following: public posting on the Internet.
403-Which of the following Common Data Network Services is used to share data files and subdirectories on file servers?
File services.
404-Which of the following Common Data Network Services is used to send and receive email internally or
externally through an email gateway device? Mail services.
405-Communications devices must operate: at the same speed to communicate
406-The basic language of modems and dial-up remote access systems is: Asynchronous Communication.
407-Which of the following Common Data Network Services is used to print documents to a shared printer or a
print queue/spooler? Print services.
408-Domain Name Service is a distributed database system that is used to map: Domain Name to IP addresses.
409-The communications products and services, which ensure that the various components of a network (such
as devices, protocols, and access methods) work together refers to: Network Architecture.
410-Unshielded Twisted Pair cabling is a: four-pair wire medium that is used in a variety of networks
411-In the UTP category rating, the tighter the wind: the higher the rating and its resistance against interference and crosstalk.
412-What works as an E-mail message transfer agent? SMTP
413-Which of the following statements pertaining to packet switching is incorrect?
All packets from a message travel through the same route.
414-All hosts on an IP network have a logical ID called a(n): IP address.
415-Address Resolution Protocol (ARP) interrogates the network by sending out a? broadcast.
416-When a station communicates on the network for the first time, which of the following protocol would
search for and find the Internet Protocol (IP) address that matches with a known Ethernet address?
Reverse Address Resolution Protocol (RARP).
417-Which protocol’s primary function is to facilitate file and directory transfer between two machines?
File Transfer Protocol (FTP).
418-What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?
Due to the inherent security risks
419-Which protocol is used to send email? Simple Mail Transfer Protocol (SMTP).
420-Which of the following best describes the Secure Electronic Transaction (SET) protocol?
Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures
421-Which of the following protocols is designed to send individual messages securely? Secure HTTP (S-HTTP).
Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model? Application Layer.
422-Which of the following statements pertaining to IPSec is incorrect?IPSec provides confidentiality and integrity to information transferred over IP networks through transport layer encryption and authentication.
423-Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?
They are appropriate for medium-risk environment.
424-In order to ensure the privacy and integrity of the data, connections between firewalls over public networks
should use: An encrypted Virtual Private Network
425-Which of the following protocols does not operate at the data link layer (layer 2)?
A. PPP ICMP
426-Which of the following protocols operates at the session layer (layer 5)? RPC
427-Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)? Internet layer
428-Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error
notification, orderly delivery of frames, and optional flow control? Data link
429-The Logical Link Control sub-layer is a part of which of the following? The ISO/OSI Data Link layer
430-Which of the following services relies on UDP? DNS
431-Which of the following is not a common weakness of packet filtering firewalls?
Vulnerability to denial-of-service and related attacks.
432-Which Network Address Translation (NAT) is the most convenient and secure solution?Port Address Translation
433-What is the primary difference between FTP and TFTP? Authentication
434-Which of the following cable types is limited in length to 185 meters? RG58
435-In a SSL session between a client and a server, who is responsible for generating the master secret that
will be used as a seed to generate the symmetric keys that will be used during the session? The client’s browser
436-Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?
PPTP is derived from L2TP.
437-During the initial stage of configuration of your firewall, which of the following rules appearing in an Internet
firewall policy is inappropriate? The firewall should be tested online first to validate proper configuration.
438-SMTP can best be described as: a host-to-host email protocol.
439-Which of the following is not a security goal for remote access? Automated login for remote users
440-What attack involves the perpetrator sending spoofed packet(s) wich contains the same destination and
source IP address as the remote host, the same port for the source and destination, having the SYN flag,
and targeting any open ports that are open on the remote host? Land attack
441-Which of the following statements pertaining to IPSec is incorrect?A security association has to be defined between two IPSec systems in order for bi-directional communication to be established.
442-Which of the following statements pertaining to packet filtering is incorrect? It keeps track of the state of a connection.
443-Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit? Statistical multiplexing
444-If an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its
information system from the Internet:
It should be network-based and installed in the DMZ, between the external router and the firewall.
445-Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio
transmissions? Because infrared requires direct line-of-sight paths.
446-Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of
IPSec. Authentication Headers (AH) provides the following service except: Confidentiality
447-In IPSec, if the communication is to be gateway-to-gateway or host-to-gateway: Tunnel mode of operation is required
448-Which of the following is NOT true about IPSec Tunnel mode? Works at the Transport layer of the OSI model
449-Which of the following statements is NOT true of IPSec Transport mode?
It is required for gateways providing access to internal systems
450-Which of the following statements pertaining to firewalls is incorrect?
Firewalls protect a network at all layers of the OSI models.
451-Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address? Port address translation
452-At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?
Transport layer
453-Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?
Installing the Remote Access Server outside the firewall and forcing legitimate users to authenticate to the firewall.
454-Which of the following was designed to support multiple network types over the same serial link? PPP
455-What is an IP routing table? A list of station and network addresses with corresponding gateway IP address.
456-Which of the following should be allowed through a firewall to easy communication and usage by users? DNS
457-Which of the following was developed as a simple mechanism for allowing simple network terminals to load
their operating system from a server over the LAN? BootP
458-What is the greatest danger from DHCP?
An intruder on the network impersonating a DHCP server and thereby misconfiguring the DHCP clients.
459-Which of the following allows two computers to coordinate in executing software? RPC
460-Which of the following should NOT normally be allowed through a firewall? SNMP
461-Which of the following NAT firewall translation modes allows a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts? Dynamic translation
462-Which of the following NAT firewall translation modes offers no protection from hacking attacks to an
internal host using this functionality? Static translation
463-Which of the following is the primary security feature of a proxy server? Content filtering
464-Which of the following is an advantage of proxies? Proxies provide a single point of access, control, and logging.
465-Which of the following packets should NOT be dropped at a firewall protecting an organization’s internal
network? Outbound packets with an external destination IP address
466-Why does fiber optic communication technology have significant security advantage over other
transmission technology? Interception of data traffic is more difficult.
467-Another name for a VPN is a: tunnel
468-Which one of the following is used to provide authentication and confidentiality for e-mail messages? PGP
469-Which of the following media is MOST resistant to EMI interference? fiber optic
470-Which of the following is NOT a way to secure a wireless network? Give AP’s descriptive names
471-Behavioral-based systems are also known as? Profile-based systems
472-This OSI layer has a service that negotiates transfer syntax and translates data to and from the transfer syntax for users, which may represent data using different syntaxes. At which of the following layers would you find such service? Presentation
473-At which layer of ISO/OSI does the fiber optics work? Physical layer
474-What is Dumpster Diving? Running through another person’s garbage for discarded document, information and other various items that could be used against that person or company
475-You wish to make use of “port knocking” technologies. How can you BEST explain this? Port knocking is where the client will attempt to connect to a predefined set of ports to identify him as an authorized client.
476-You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you’re seeing a series of bits placed in the “Urgent Pointer” field of a TCP packet. This is only 16 bits which isn’t much but it concerns you because:
This could be a sign of covert channeling in bank network communications and should be investigated.
477-What would you call the process that takes advantages of the security provided by a transmission protocol by carrying one protocol over another? Tunneling
478-At which OSI layer does SSL reside in? Transport
479-What is the BEST answer pertaining to the difference between the Session and Transport layers of the OSI model?
The Transport layer sets up communication between computer systems, while the Session layer sets up connections between applications.
480-Which of the following protocols offers native encryption? IPSEC, SSH, SSL, TLS
481-Of the following, which multiple access method for computer networks does 802.11 Wireless Local Area Network use?
CSMA/CA
482-Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer? LLC and MAC; IEEE 802.2 and 802.3
483-Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings? ARP table poisoning
484-What is the three way handshake sequence used to initiate TCP connections? SYN, SYN/ACK, ACK
485-You are using an open source packet analyzer called Wireshark and are sifting through the various conversations to see if anything appears to be out of order. You are observing a UDP conversation between a host and a router. It was a file transfer between the two on port 69. What protocol was used here to conduct the file transfer? TFTP
486-What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores into an array, the attacker sends a spoofed icmp echo request to each of those addresses in series and starts again. The spoofed IP address used by the attacker as the source of the packets is the target/victim IP address. Smurf Attack
487-View the image below and identify the attack DDoS
488-How many bits is the address space reserved for the source IP address within an IPv6 header? 128
489-Which of the following service is a distributed database that translate host name to IP address to IP address to host name? DNS
490-Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords,etc? Pharming
491-Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server? SSL
492-Asynchronous Communication transfers data by sending: bits of data sequentially in irregular timing patterns
493-Which of the following Common Data Network Services allocates computing power resources among workstations with some shared resources centralized on a server? Client/Server services
494-The Domain Name System (DNS) is a global network of: servers that provide these Domain Name Services.
495-An Ethernet address is composed of how many bits? 48-bit address
496-Which of the following is NOT a component of IPSec? Key Distribution Center
3333333333333333333333333333333333333333333333333333333333333333333333333
497-Which one of the following represents an ALE calculation? single loss expectancy x annualized rate of occurrence.
498-The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?
Test equipment can be used to browse information passing on a network.
499-In discretionary access environments, which of the following entities is authorized to grant information access to other people?
Data Owner
500-Which of the following groups represents the leading source of computer crime losses? Employees
501-Which of the following is the best reason for the use of an automated risk analysis tool? Information gathering would be minimized and expedited due to the amount of information already built into the tool.
502-Who is ultimately responsible for the security of computer based information systems within an organization?
The management team.
503-The major objective of system configuration management is which of the following? system stability.
504-Who should measure the effectiveness of Information System security related controls in an organization? The systems auditor
505-A deviation from an organization-wide security policy requires which of the following? Risk Acceptance
506-Which must bear the primary responsibility for determining the level of protection needed for information systems resources?
Senior Management
507-Within the realm of IT security, which of the following combinations best defines risk? Threat coupled with a vulnerability
508-Which of the following is considered the weakest link in a security system? People
509-The ISO/IEC 27001:2005 is a standard for: Information Security Management System
510-What would be the Annualized Rate of Occurrence (ARO) of the threat “user input error”, in the case where a company employs 100 data entry clerks and every one of them makes one input error each month? 1200
511-How is Annualized Loss Expectancy (ALE) derived from a threat? SLE x ARO
512-What does “residual risk” mean? The security risk that remains after controls have been implemented
513-Preservation of confidentiality within information systems requires that the information is not disclosed to:
Unauthorized persons or processes.
514-Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?
Prevention of the modification of information by authorized users.
515-What is called an event or activity that has the potential to cause harm to the information systems or networks? Threat
516-A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called a? Vulnerability
517-What is called the probability that a threat to an information system will materialize? Risk
518-Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used? Physical, technical, and administrative
519-Which of the following would be best suited to oversee the development of an information security policy? Security Officers
520-Which of the following is the MOST important aspect relating to employee termination?
The appropriate company staff are notified about the termination
521-Making sure that only those who are supposed to access the data can access is which of the following? confidentiality
522-Related to information security, confidentiality is the opposite of which of the following? disclosure
523-Related to information security, integrity is the opposite of which of the following? alteration
524-Making sure that the data is accessible when and where it is needed is which of the following? availability
525-Related to information security, availability is the opposite of which of the following? destruction
526-Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following? Confidentiality
527-Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following? integrity
528-One of these statements about the key elements of a good configuration process is NOT true
Control modifications to system hardware in order to prevent resource changes
529-Which of the following is NOT an administrative control? Logical access control mechanisms
530-Which of the following is NOT a technical control? Monitoring for physical intrusion
531-Which of the following is BEST defined as a physical control? Fencing
532-Which of the following would NOT violate the Due Diligence concept?
Latest security patches for servers being installed as per the Patch Management process
533-Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited? A vulnerability
534-Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability? A risk
535-Which approach to a security program ensures people responsible for protecting the company’s assets are DRIVING the program?
The top-down approach
536-Which of the following is NOT a part of a risk analysis? Choose the best countermeasure
537-How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of the risk? Accept the risk
538-Which of the following is given the responsibility of the maintenance and protection of the data? Data custodian
539-Who should DECIDE how a company should approach security and what security measures should be implemented?
Senior management
540-Which of the following is responsible for MOST of the security issues? Personnel
541-What are the three FUNDAMENTAL principles of security? Confidentiality, integrity and availability
542-What would BEST define risk management? The process of reducing risk to an acceptable level
543-Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment? A baseline
544-According to private sector data classification levels,how would salary levels and medical information be classified?Confidential.
545-Which of the following would be the best criterion to consider in determining the classification of an information asset? Value
546-Which of the following is not a responsibility of an information (data) owner?
Running regular backups and periodically testing the validity of the backup data
547-Which of the following embodies all the detailed actions that personnel are required to follow? Procedures
548-Who is responsible for providing reports to the senior management on the effectiveness of the security controls?
Information systems auditors
549-What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%? $60,000
550-Which of the following statements pertaining to quantitative risk analysis is false? It requires little experience to apply
551-Which property ensures that only the intended recipient can access the data and nobody else? Confidentiality
Making sure that the data has not been changed unintentionally, due to an accident or malice is: Integrity.
552-Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures? initiation, evaluation, development, approval, publication, implementation, and maintenance
553-What is the goal of the Maintenance phase in a common development process of a security policy? A. to
to review the document on the specified review date
554-What is the difference between Advisory and Regulatory security policies?
Advisory policies are not mandated. Regulatory policies must be implemented.
555-In regards to information classification what is the main responsibility of information (data) owner?
determining the data sensitivity or classification level
556-What is the main purpose of Corporate Security Policy?
To communicate management’s intentions in regards to information security
557-Which of the following is not a component of a Operations Security “triples”? Risk
558-The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)? Vulnerability
559-In the CIA triad, what does the letter A stand for? Availability
560-Controls are implemented to: mitigate risk and reduce the potential for loss
561-What can be described as a measure of the magnitude of loss or impact on the value of an asset? Exposure factor
562-Computer security should be first and foremost which of the following: Be cost-effective
563-Which of the following best allows risk management results to be used knowledgeably? An uncertainty analysis
564-Who is responsible for initiating corrective measures and capabilities used when there are security
violations? Management
565-What can best be defined as high-level statements, beliefs, goals and objectives? Policies
566-In an organization, an Information Technology security function should:
Be lead by a Chief Security Officer and report directly to the CEO
567-IT security measures should: Be tailored to meet organizational security goals.
568-What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment? Threat analysis
569-Which of the following is NOT a common integrity goal? Prevent paths that could lead to inappropriate disclosure.
570-Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data? System and information owners
571-Which of the following is an advantage of a qualitative over a quantitative risk analysis?
It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities.
572-An effective information security policy should not have which of the following characteristic?
Be designed with a short- to mid-term focus
573-Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization’s information security policy? What are the actions that need to be performed in case of a disaster?
574-The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as? Availability
575-Which of the following would best classify as a management control? Review of security controls
576-What can be defined as an event that could cause harm to the information systems? A threat
577-Which of the following statements pertaining to a security policy is incorrect?
It specifies how hardware and software should be used throughout the organization.
578-Which of the following best defines add-on security?
Protection mechanisms implemented after an information system has become operational.
579-The preliminary steps to security planning include all of the following EXCEPT which of the following?
Establish a security audit function
580-Step-by-step instructions used to satisfy control requirements is called a: procedure
581-One purpose of a security awareness program is to modify:
employee’s attitudes and behaviors towards enterprise’s security posture
582-Whose role is it to assign classification level to information? Owner
583-Which type of security control is also known as “Logical” control? Technical
584-What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels? Covert Channel
585-The owner of a system should have the confidence that the system will behave according to its specifications. This is termed as :
Assurance
586-Which of the following is best practice to employ in order to reduce the risk of collusion? Job Rotation
587-Which of the following is not classified as a “Security and Audit Frameworks and Methodologies” Bell LaPadula
588-Which Security and Audit Framework has been adopted by some organizations working towards Sarbanes–Oxley Section 404 compliance? Committee of Sponsoring Organizations of the Treadway Commission (COSO)
589-The Widget company decided to take their company public and while they were in the process of doing so had an external auditor come and look at their company. As part of the external audit they brought in an technology expert, who incidentally was a new CISSP. The auditor’s expert asked to see their last risk analysis from the technology manager. The technology manager did not get back to him for a few days and then the Chief Financial Officer gave the auditors a 2 page risk assesment that was signed by both the
Chief Financial Officer and the Technology Manager. While reviewing it, the auditor noticed that only parts of their financial data were being backed up on site and no where else; the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available. Who owns the risk with regards to the data that is being backed up and where it is stored?
Only the Chief Financial Officer
590-Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to certify a product or system.
Protection Profile, Target of Evaluation, Security Target
591-What are the four domains that make up CobiT?
Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate
592-CobiT was developed from the COSO framework. Which of the choices below best describe the COSO’s main objectives and purpose?COSO main purpose is to help ensure fraudulent financial reporting cannot take place in an organization
593-Which of the following answers is the BEST example of Risk Transference? Insuranc
594-Which of the following answer BEST relates to the type of risk analysis that involves committees, interviews, opinions and subjective input from staff? Qualitative Risk Analysis
595-Regarding risk reduction, which of the following answers is BEST defined by the process of giving only just enough access to information necessary for them to perform their job functions? Least Privilege Principle
596-Which term BEST describes a practice used to detect fraud for users or a user by forcing them to be away from the workplace for a while? Mandatory Vacation
597-Which of the following is a fraud detection method whereby employees are moved from position to position? Job Rotation
598-Which answer BEST describes information access permissions where, unless the user is specifically given access to certain data they are denied any access by default? Implicit Deny
599-Which of the following activities would not be included in the contingency planning process phase?
Development of test procedures
600-In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated? Avoidance
601-Of the multiple methods of handling risks which we must undertake to carry out business operations, which one involves using controls to reduce the risk? Mitigation
602-There is no way to completely abolish or avoid risks, you can only manage them. A risk free environment does not exist. If you have risks that have been identified, understood and evaluated to be acceptable in order to conduct business operations. What is this this approach to risk management called? Risk Acceptance
603-John is the product manager for an information system. His product has undergone under security review
by an IS auditor. John has decided to apply appropriate security controls to reduce the security risks
suggested by an IS auditor. Which of the following technique is used by John to treat the identified risk
provided by an IS auditor? Risk Mitigation
604-Sam is the security Manager of an financial institute. Senior management has requested he performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. What kind of a strategy should Sam recommend to the senior management to treat these risks? Risk Acceptance
605-Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized?
Risk Avoidance
606-Which of the following risk handling technique involves the practice of passing on the risk to another entity, such as an insurance company? Risk transfer
607-Which of the following security control is intended to bring environment back to regular operation? Recovery
608-Which of the following is NOT an example of a detective control? Backup data restore
609-Which type of risk assessment is the formula ALE = ARO x SLE used for? Quantitative Analysis
610-Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users? Confidentiality
611-What does “System Integrity” mean?
Hardware and firmware have undergone periodic testing to verify that they are functioning properly.
612-In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm. Trojan horse.
613-The security of a computer application is most effective and economical in which of the following cases?
The system is originally designed to provide the necessary security.
614-Which of the following virus types changes some of its characteristics as it spreads? Polymorphic
615-Which of the following is commonly used for retrofitting multilevel security to a database management system?
trusted front-end.
616-Which of the following is an advantage of using a high-level programming language? It enforces coding standards
617-In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected? The transactions should be written to a report and reviewed
618-Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it’s sensitivity level? Data or Information Owner
619-A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle? acceptance phase
620-Which of the following is often the greatest challenge of distributed computing solutions? security
621-What is the appropriate role of the security analyst in the application system development or acquisition project?
control evaluator & consultant
622-The information security staff’s participation in which of the following system development life cycle phases provides maximum benefit to the organization? in parallel with every phase throughout the project
623-Operations Security seeks to primarily protect against which of the following? asset threats
624-A ‘Pseudo flaw’ is which of the following?
An apparent loophole deliberately implanted in an operating system program as a trap for intruders.
625-With SQL Relational databases where is the actual data stored? Tables
626-Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes? The Software Capability Maturity Model (CMM)
627-Which of the following determines that the product developed meets the projects goals? validation
628-Which of the following is the act of performing tests and evaluations to test a system’s security level to see if it complies with the design specifications and security requirements? Verification
629-Which of the following is one of the oldest and most common problem in software development that is still very prevalent today?
Buffer Overflow
630-Which of the following is NOT true concerning Application Control?
It is non-transparent to the endpoint applications so changes are needed to the applications and databases involved
631-The object-relational and object-oriented models are better suited to managing complex data such as required for which of the following? computer-aided design and imaging.
632-Which of the following is not an element of a relational database model?
Security structures called referential validation within tables
633-A persistent collection of interrelated data items can be defined as which of the following? database
634-The description of the database is called a schema. The schema is defined by which of the following?
Data Definition Language (DDL).
635-Which of the following defines the software that maintains and provides access to the database?
database management system (DBMS)
636-Which of the following represents a relation, which is the basis of a relational database? Two-dimensional table
637-Which of the following represents the rows of the table in a relational database? records or tuples
638-Which of the following can be defined as the set of allowable values that an attribute can take? domain of a relation
639-Which of the following can be defined as a unique identifier in the table that unambiguously points to an individual tuple or record in the table? primary key
640-Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple?
primary key
641-Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation?
foreign key
642-Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following? primary key
643-Matches between which of the following are important because they represent references from one relation to another and establish the connections among these relations? foreign key to primary key
644-A database view is the results of which of the following operations? Join, Project, and Select.
645-In regards to the query function of relational database operations, which of the following represent implementation procedures that correspond to each of the low-level operations in the query? query plan
646-In regards to relational database operations using the Structure Query Language (SQL), which of the
following is a value that can be bound to a placeholder declared within an SQL statement? A bind value
647-Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server? Bind variables
648-Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key? Normalization
649-Normalizing data within a database could includes all or some of the following except which one?
Eliminating duplicate key fields by putting them into separate tables.
650-Which of the following is used to create and modify the structure of your tables and other objects in the database?
SQL Data Definition Language (DDL)
651-SQL commands do not include which of the following? Add, Relist
652-Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following database type? Object-Oriented Data Bases (OODB)
653-With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance? Object-Oriented Data Bases (OODB)
654-Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both?
object-relational database
655-What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple tuples with the same primary keys with each instance distinguished by a security level? Polyinstantiation
656-Which of the following translates source code one command at a time for execution on a computer? An interpreter
657-Which of the following is a Microsoft technology for communication among software components distributed across networked computers? DCOM
658-Which of the following statements relating to Distributed Computing Environment (DCE) is FALSE?
It provides the same functionality as DCOM, but it is more proprietary than DCOM.
659-Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?
Polymorphic viruses
660-Why would a database be denormalized? To increase processing efficiency
661-Risk analysis is MOST useful when applied during which phase of the system development process?
Project initiation and Planning
662-Which of the following would MOST likely ensure that a system development project meets business objectives?
User involvement in system specification and acceptance
663-What is RAD? A development methodology
664-Which of the following best describes the purpose of debugging programs?
To ensure that program coding flaws are detected and corrected.
665-Which of the following would best describe the difference between white-box testing and black- box testing?
White-box testing examines the program internal logical structure
666-Which of the following is a not a preventative control?
Run a source comparison program between control and current source periodically.
667-Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data? Test environment using sanitized live workloads data.
668-Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users?
Inadequate user participation in defining the system’s requirements.
669-Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate?
The project will fail to meet business and user needs.
670-Which of the following is an advantage of prototyping? Prototype systems can provide significant time and cost savings.
671-Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?
DSS emphasizes flexibility in the decision making approach of users.
672-Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing?
Errors in critical modules are detected earlier
673-Which of the following would be the best reason for separating the test and development environments?
To control the stability of the test environment.
674-Why do buffer overflows happen? What is the main cause? Because of improper parameter checking within the application
675-What is called the number of columns in a table? Degree
676-Which of the following would not correspond to the number of primary keys values found in a table in a relational database? Degree
677-Which of the following represents the best programming? High cohesion, low coupling
678-Java is not Architecture Specific
679-In which of the following phases of system development life cycle (SDLC) is contingency planning most important? Initiation
680-Buffer overflow and boundary condition errors are subsets of which of the following? Input validation errors.
681-Which of the following does not address Database Management Systems (DBMS) Security? Cell suppression
682-During which phase of an IT system life cycle are security requirements developed? Functional design analysis and Planning
683-Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design? Initiation
684-When considering an IT System Development Life-cycle, security should be:
Treated as an integral part of the overall system design.
685-Risk reduction in a system development life-cycle should be applied: Equally to all phases.
686-Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions? Operation/Maintenance
687-What can be defined as: It confirms that users’ needs have been met by the supplied solution? Acceptance
688-Which of the following statements pertaining to software testing is incorrect?
Testing should be performed with live data to cover all possible situations.
689-Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors? Regression testing
690-Which of the following statements pertaining to software testing approaches is correct?
The test plan and results should be retained as part of the system’s permanent documentation.
691-Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems? Security testing
692-Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?
Software plans and requirements
693-Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options? Product design
694-In a database management system (DBMS), what is the “cardinality?” The number of rows in a relation.
695-At which of the basic phases of the System Development Life Cycle are security requirements formalized?
Functional Requirements Definition
696-Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product? Estimating the cost of the changes requested
697-Sensitivity labels are an example of what application control type? Preventive security controls
698-What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?
Aggregation
699-Which expert system operating mode allows determining if a given hypothesis is valid? Backward chaining
700-Why does compiled code pose more of a security risk than interpreted code?
Because malicious code can be embedded in compiled code and be difficult to detect.
701-Which of the following is not a defined maturity level within the Software Capability Maturity Model? Oriented
702-Which software development model is actually a meta-model that incorporates a number of the software
development models? The Spiral mode
703-Which of the following is used in database information security to hide information? Polyinstantiation
704-Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated? The Software Capability Maturity Model
705-Which of the following characteristics pertaining to databases is not true? Justifications must exist for normalized data.
706-Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it? Aggregation
707-At what stage of the applications development process should the security department become involved?
During requirements development
708-What is one disadvantage of content-dependent protection of information? It increases processing overhead
709-In what way could Java applets pose a security threat?
Executables from the Internet may attempt an intentional attack when they are downloaded on a client system.
710-A system file that has been patched numerous times becomes infected with a virus. The anti- virus software warns that disinfecting the file may damage it. What course of action should be taken?
Restore an uninfected version of the patched file from backup media
711-For competitive reasons, the customers of a large shipping company called the “Integrated International Secure Shipping Containers Corporation” (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other’s cargos. An unscrupulous fruit shipper, the “Association of Private Fuit Exporters, Limited” (APFEL) wants to learn whether or not a competitor, the “Fruit Is Good Corporation” (FIGCO), is shipping pineapples on the ship “S.S. Cruise Pacific” (S.S. CP). APFEL can’t simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can’t be sure whether or not FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that prevented APFEL from reading FIGCO’s cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?
Simple Security Property and Polyinstantiation
712-A shared resource matrix is a technique commonly used to locate: Covert channels
713-What is NOT included in a data dictionary? Structured Query Language
714-In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained?
Testing and evaluation control
715-Java follows which security model: Sand box
716-What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels? Covert Channel
717-Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and useful patterns in data. This is an evolving field of study that includes a variety of automated analysis solutions such as Data Mining. Which of the following is not an approach used by KDD? Oriented
718-Business rules can be enforced within a database through the use of Views
719-What is the BEST definition of SQL injection. SQL injection is an input validation problem.
720-What allows a relation to contain multiple rows with a same primary key? Polyinstantiation
721-The Open Web Application Security Project (OWASP) Top Ten list of risks during the past several years. The following items have been on the list for many year. What of the choices below represent threats that have been at the top of the list for many years?
SQL injection and Cross Site Scripting attacks
722-Which one of the following is NOT a check for Input or Information Accuracy in Software Development security? Review check
723-What would you call an attack where an attacker can influence the state of the resource between check and use?TOCTOU attack
724-A virus is a program that can replicate itself on a system but not necessarily spread itself by network connections.
What is malware that can spread itself over open network connections? Worm
725-the wallpaper on her computer to match the current weather outside but now her computer runs slowly and the disk drive activity light is always on. You take a closer look and when you do a simple port scan to see which ports are open on her computer, you notice that TCP/80 is open. You point a web browser at her computer’s IP Address and port and see a site selling prescription drugs.
Apart from the wallpaper changing software, what did Debbie … from finance install without her knowledge? Trojan horse
726-Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?
Web Applications
727-Examine the following characteristics and identify which answer best indicates the likely cause of this behavior:
– Core operating system files are hidden
– Backdoor access for attackers to return
– Permissions changing on key files
– A suspicious device driver
– Encryption applied to certain files without explanation
– Logfiles being wiped
Kernel-mode Rootkit
728-Which of the following attack includes social engineering, link manipulation or web site forgery techniques?
Phishing
729-Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees? Phishing
730-Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?
Initial, Managed, Defined, Quantitatively managed, optimized
44444444444444444444444444444444444444444444444444444444
731-Which of the following is true about Kerberos? It depends upon symmetric ciphers.
732-The RSA algorithm is an example of what type of cryptography? Asymmetric Key.
733-Kerberos depends upon what encryption method? Secret Key cryptography.
734-The DES algorithm is an example of what type of cryptography? Secret Key
735-Which of the following encryption methods is known to be unbreakable? One-time pads.
736-What algorithm was DES derived from? Brooks-Aldeman.
737-What is a characteristic of using the Electronic Code Book mode of DES encryption?
A given block of plaintext and a given key will always produce the same ciphertext.
738-Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?
Use of public key encryption to secure a secret key, and message encryption using the secret key.
739-Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient’s “public” key in order to get confidentiality of the data being sent. The recipients use their own “private” key to decrypt the information. The “Infrastructure” of this methodology ensures that:
The recipient’s identity can be positively verified by the sender
740-Which of the following DoD Model layer provides non-repudiation services? application layer.
741-Which of the following statements is true about data encryption as a method of protecting data? A. It
It requires careful key management
742-Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?
Elliptic Curve Cryptography (ECC)
743-How many bits is the effective length of the key of the Data Encryption Standard algorithm? 56
744-The primary purpose for using one-way hashing of user passwords within a password file is which of the following?
It prevents an unauthorized person from reading the password.
745-Which of the following issues is not addressed by digital signatures? denial-of-service
746-Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack? The use of session keys.
747-The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
64 bit blocks with a 64 bit total key length
748-PGP uses which of the following to encrypt data? A symmetric encryption algorithm
749-A public key algorithm that does both encryption and digital signature is which of the following? RSA
750-Which of the following is NOT true of Secure Sockets Layer (SSL)? By convention it uses ‘s-http://’ instead of ‘http://’.
751-There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following? public-key certificates
752-Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard?
Rijndael
753-Compared to RSA, which of the following is true of Elliptic Curve Cryptography(ECC)?
It is believed to require shorter keys for equivalent security
754-What are the three most important functions that Digital Signatures perform? Integrity, Authentication and Nonrepudiation
755-Which of the following protocols that provide integrity and authentication for IPSec, can also provide nonrepudiation in IPSec?
Authentication Header (AH)
756-Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet? Secure Electronic Transaction (SET)
757-Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext? known plaintext
758-Which of the following is NOT a true statement regarding the implementaton of the 3DES modes? DES-EEE1 uses one key
759-Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography. Diffie_Hellmann
760-Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on? Caesar
761-In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
both the plaintext and the associated ciphertext of several messages
762-What is the length of an MD5 message digest? 128 bits
763-The Secure Hash Algorithm (SHA-1) creates: a fixed length message digest from a variable length input message
764-The RSA Algorithm uses which mathematical concept as the basis of its encryption? Two large prime numbers
765-The Clipper Chip utilizes which concept in public key cryptography? Key Escrow
766-Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?
IPsec and L2TP
767-What is the role of IKE within the IPsec protocol? peer authentication and key exchange
768-In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed? Phase 1
769-What is NOT an authentication method within IKE and IPsec? CHAP
770-What is NOT true with pre shared key authentication within IKE / IPsec protocol?
Needs a Public Key Infrastructure (PKI) to work
771-n a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?
Top Level CA
772-What is the primary role of cross certification? Creating trust between different PKIs
773-What kind of encryption is realized in the S/MIME-standard? Public key based, hybrid encryption scheme
774-What is the main problem of the renewal of a root CA certificate?
It requires the authentic distribution of the new root CA certificate to all PKI participants
775-Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is: Not possible
776-What attribute is included in a X.509-certificate? Distinguished name of the subject
777-Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA? PKCS#1
778-What is the primary role of smartcards in a PKI?Tamper resistant, mobile storage and application of private keys of the users
779-What kind of certificate is used to validate a user identity? Public key certificate
780-What does the directive of the European Union on Electronic Signatures deal with? Non repudiation
781-A X.509 public key certificate with the key usage attribute “non repudiation” can be used for which of the following?
verifying signed messages
782-Which of the following would best describe certificate path validation?
Verification of the validity of all certificates of the certificate chain to the root certificate
783-FIPS-140 is a standard for the security of which of the following? Hardware and software cryptographic modules
784-Which of the following can best define the “revocation request grace period”?
Time period between the arrival of a revocation request and the publication of the revocation information
785-Which is NOT a suitable method for distributing certificate revocation information? CA revocation mailing list
786-Which of the following is true about digital certificate?
Electronic credential proving that the person the certificate was issued to is who they claim to be
787-What kind of Encryption technology does SSL utilize? Hybrid (both Symmetric and Asymmetric)
788-What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed? One-way hash
789-Which of the following is NOT an asymmetric key algorithm? Data Encryption System (DES)
790-Which of the following is NOT a symmetric key algorithm? Digital Signature Standard (DSS)
791-Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS?
RSA
792-The Diffie-Hellman algorithm is primarily used to provide which of the following? Key Agreement
793-Which protocol makes USE of an electronic wallet on a customer’s PC and sends encrypted credit card information to merchant’s Web server, which digitally signs it and sends it on to its processing bank? SET (Secure Electronic Transaction)
794-Which of the following algorithms does NOT provide hashing? RC4
795-In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process?
Ciphertext-only attack
796-Which encryption algorithm is BEST suited for communication with handheld wireless devices?
ECC (Elliptic Curve Cryptosystem)
797-Which of the following keys has the SHORTEST lifespan? Session key
798-What is the RESULT of a hash algorithm being applied to a message? A message digest
799-Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose? message integrity.
800-Which of the following services is NOT provided by the digital signature standard (DSS)? Encryption
801-What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext? Key clustering
802-Which of the following is true about link encryption? This mode does not provide protection if anyone of the nodes along the transmission path is compromised.
803-What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition? One-time pad
804-What can be defined as secret communications where the very existence of the message is hidden? Steganography
805-What is the maximum number of different keys that can be used when encrypting with Triple DES? 3
806-What algorithm has been selected as the AES algorithm, replacing the DES algorithm? Rijndael
807-Which of the following is a symmetric encryption algorithm? RC5
808-Which of the following is NOT a property of the Rijndael block cipher algorithm? Maximum key size is 512 bits
809-Which of the following is not a property of the Rijndael block cipher algorithm?
It operates on 64-bit plaintext blocks and uses a 128 bit key.
810-What is the maximum allowable key size of the Rijndael encryption algorithm? 256 bits
811-Which of the following algorithms is used today for encryption in PGP? IDEA
812-Which of the following protects Kerberos against replay attacks? Time stamps
813-What is the name for a substitution cipher that shifts the alphabet by 13 places? ROT13 cipher
814-Which of the following standards concerns digital certificates? X.509
815-Which of the following offers security to wireless communications? WTLS
816-What is the effective key size of DES? 56 bits
817-Which of the following offers confidentiality to an e-mail message? The sender encrypting it with the receiver’s public key.
818-Which of the following is not a DES mode of operation? Input feedback
819-What size is an MD5 message digest (hash)? 128 bits
820-Which of the following service is not provided by a public key infrastructure (PKI)? Reliability
821-In a Public Key Infrastructure, how are public keys published? Through digital certificates.
822-What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as “what each must bring” and joined together when getting access or decrypting a file. Each of which does not reveal the other? Split knowledge
823-What level of assurance for a digital certificate verifies a user’s name, address, social security number, and other information against a credit bureau database? Level 2/Class 2
824-Which of the following statements pertaining to stream ciphers is correct?
A stream cipher generates what is called a keystream.
825-Which of the following statements pertaining to block ciphers is incorrect?
Plain text is encrypted with a public key and decrypted with a private key.
826-Cryptography does NOT help in: Detecting fraudulent disclosure.
827-What is used to bind a document to its creation at a particular time? Digital Timestamp
828-Which of the following is best at defeating frequency analysis? Polyalphabetic cipher
830-A code, as is pertains to cryptography Deals with linguistic units.
831-Which of the following is the most secure form of triple-DES encryption? DES-EDE3
832-Which of the following is NOT a known type of Message Authentication Code (MAC)? Signature-based MAC (SMAC)
833-What is the maximum key size for the RC5 algorithm? 2040 bits
834-Which of the following algorithms is a stream cipher? RC4
835-In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session? The client’s browser
836-Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?
PPTP is derived from L2TP.
837-Which of the following is less likely to be used today in creating a Virtual Private Network? L2F
838-Which of the following was not designed to be a proprietary encryption algorithm? Blowfish
839-Which of the following is not an encryption algorithm? SHA-1
840-What key size is used by the Clipper Chip? 80 bits
841-Which of the following would best describe a Concealment cipher?
Every X number of words within a text, is a part of the real message.
842-Which of the following is best provided by symmetric cryptography? Confidentiality
843-Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers? Speed
844-Which of the following is more suitable for a hardware implementation? Block ciphers
845-How many rounds are used by DES? 16
846-What is the key size of the International Data Encryption Algorithm (IDEA)? 128 bits
847-Which of the following is not an example of a block cipher? RC4
848-The Diffie-Hellman algorithm is used for: Key agreement
849-A one-way hash provides which of the following? Integrity
850-Which of the following is not a one-way hashing algorithm? RC4
851-Which of the following statements pertaining to key management is incorrect?
When not using the full keyspace, the key should be extremely random.
852-Which of the following statements pertaining to link encryption is false?
Information stays encrypted from one end of its journey to the other.
853-Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network? SSH
854-Cryptography does not concern itself with which of the following choices? Validation
855-Which of the following does NOT concern itself with key management? Cryptology (CRYPTO)
856-Which of the following encryption algorithms does not deal with discrete logarithms? RSA
857-Which of the following statements pertaining to message digests is incorrect?
The message digest should be calculated using at least 128 bytes of the file.
858-Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? Birthday attack
859-Which of the following elements is NOT included in a Public Key Infrastructure (PKI)? Internet Key Exchange (IKE)
860-Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission? Message Authentication Code (MAC)
861-Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?
The SSL protocol’s primary use is to authenticate the client to the server using public key cryptography
862-What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?
Internet Key Exchange (IKE)
863-Which of the following binds a subject name to a public key value? A public key infrastructure
864-What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate? An attribute certificate
865-What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire? Authority revocation list
866-Who vouches for the binding between the data items in a digital certificate? Certification authority
867-What enables users to validate each other’s certificate when they are certified under different certification hierarchies?
Cross-certification
868-Which of the following would best define a digital envelope? A message encrypted with a secret key attached with the message. The secret key is encrypted with the public key of the receiver.
869-What can be defined as a value computed with a cryptographic algorithm and appended to a data object in
such a way that any recipient of the data can use the signature to verify the data’s origin and integrity? A digital signature
870-Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later? Digital watermarking
871-Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?
Internet Security Association and Key Management Protocol (ISAKMP)
872-Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? OAKLEY
873-Which of the following is defined as an Internet, IPsec,key-establishment protocol,partly based on OAKLEY,that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?Internet Key exchange (IKE
874-Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis? Simple Key-management for Internet Protocols (SKIP)
875-Which of the following can best be defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that that only certain third parties can perform the decryption operation to retrieve the stored key? Key encapsulation
876-Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs? A known-plaintext attack
877-Which of the following is NOT a property of a one-way hash function?
It converts a message of a fixed length into a message digest of arbitrary length.
878-The Data Encryption Algorithm performs how many rounds of substitution and permutation? 16
879-Which of the following statements is most accurate regarding a digital signature?
It allows the recipient of data to prove the source and integrity of data.
880-The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as “_________________,” RSA is quite feasible for computer use. computing in Galois fields
881-Which of the following concerning the Rijndael block cipher algorithm is false?
Both block size and key length can be extended to multiples of 64 bits.
882-This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I?Chosen-Ciphertext attack
883-What is NOT true about a one-way hashing function? It provides authentication of the message
884-You’ve decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by: Having the sender encrypt the hash with his private key.
885-Which key agreement scheme uses implicit signatures ?MQV
886-While using IPsec, the ESP and AH protocols both provides integrity services. However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service. Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the most? Packet Header Source or Destination address
887-Which of the following protocols offers native encryption? IPSEC, SSH, SSL, TLS
888-What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)?
The OCSP (Online Certificate Status Protocol) provides real-time certificate checks and a Certificate Revocation List (CRL) has a delay in the updates.
889-Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic? SSL or TLS
890-What type of key would you find within a browser’s list of trusted root CA? Public key
891-In a PKI infrastructure where are list of revoked certificates stored? CRL
892-The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following? N(N 1)/
893-In which mode of DES, a block of plaintext and a key will always give the same ciphertext? Electronic Code Book (ECB)
894-Which of the following modes of DES is MOST Likely used for Database Encryption Electronic Code Book(ECB)
895-which of the following is a Hashing Algorithm? SHA
896-Complete the following sentence. A digital signature is a _hash value that has been encrypted with the senders private key
897-which of the following example is NOT an asymmetric key algorithms? Advanced Encryption Standard(AES)
898-Complete the following sentence. A message can be encrypted, which provides __________ Confidentiality
899-Amessage can be encrypted and digitally signed,which providesConfidentiality,Authentication,Non-repudiation,and Integrity
900-Public key infrastructure(PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion. This infrastructure is based upon which of the following Standard?X.509
901-What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
Trusted Platform Module (TPM)
902-Suppose that you are the COMSEC – Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID Card that she uses to digitally sign and encrypt emails in the PKI. They are added to the CRL
903-You are an information systems security officer at a mid-sized business and are called upon to investigate a threat conveyed in an email from one employee to another. You gather the evidence from both the email server transaction logs and from the computers of the two individuals involved in the incident and prepare an executive summary. You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn’t send the email in question. What concept of PKI – Public Key Infrastructure will implicate the sender? Non-repudiation
904-compared in a process that looks something like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called? Exclusive-OR
905-Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part? One Time Pad (OTP)
906-Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity? Steganography
907-Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other? Symmetric Key Cryptography
908-Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key. Private / Public
909-Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender? Message Authentication Code – MAC
910-Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer? TPM – Trusted Platform Module
911-There are basic goals of Cryptography. Which of the following most benefits from the process of encryption? Confidentiality
912-Readable is to unreadable just as plain text is to _____? Cipher Text
913-In Mandatory Access Control, sensitivity labels attached to object contain what information?
The item’s classification and category set
914-The Orange Book describes four hierarchical levels to categorize security systems. Which of the following levels require mandatory protection? A and B.
915-What mechanism does a system use to compare the security labels of a subject and an object? Reference Monitor.
916-What are the components of an object’s sensitivity label? A single classification and a Compartment Set
917-What does it mean to say that sensitivity labels are “incomparable”? Neither label contains all the categories of the other.
918-As per the Orange Book, what are two types of system assurance? Operational Assurance and Life-Cycle Assurance.
919-The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels? C2 and above.
920-Which of the following are required for Life-Cycle Assurance? Security Testing and Trusted distribution.
921-Memory management in TCSEC levels B3 and A1 operating systems may utilize “data hiding”. What does this mean?
System functions are layered, and none of the functions in a given layer can access data outside that layer.
922-The Orange Book states that “Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base].” This statement is the formal requirement for: System Integrity
923-Which of the following can be used as a covert channel? Storage and timing.
924-Covert Channel Analysis is first introduced at what level of the TCSEC rating? B2 and above.
925-At what Orange Book evaluation levels are design specification and verification first required? B1 and above.
926-Configuration Management controls what? Auditing and controlling any changes to the Trusted Computing Base.
927-At which of the Orange Book evaluation levels is configuration management required? B2 and above.
928-What is the purpose of Trusted Distribution?
To ensure that the Trusted Computing Base is not tampered with during shipment or installation
929-Which Orange Book evaluation level is described as “Verified Design”? A1.
930-Which Orange Book evaluation level is described as “Structured Protection”? B2
931-Who developed one of the first mathematical models of a multilevel-security computer system? Bell and LaPadula.
932-If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist? Disclosure of residual data
933-The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address? integrity and availability.
934-An Architecture where there are more than two execution domains or privilege levels is called: Ring Architecture.
935-Which of the following components are considered part of the Trusted Computing Base?
trusted hardware, software and firmware
936-Which of the following places the Orange Book classifications in order from most secure to least secure? A, B, C, D
937-The Orange Book is founded upon which security policy model? The Bell LaPadula Model
938-Which of the following is NOT a basic component of security architecture? Motherboard
939-Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles? B2
940-In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified. Such a model can be used to quickly summarize what permissions a subject has for various system objects.
Access Control Matrix model
941-In which of the following security models is the subject’s clearance compared to the object’s classification such that specific rules can be applied to control how the subject-to-object interactions take place? Bell-LaPadula model
942-Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection? B
943-Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection? C
944-Which of the following division is defined in the TCSEC (Orange Book) as minimal protection? Division D
945-Which of the following establishes the minimal national standards for certifying and accrediting national security systems?
NIACAP
946-Which of the following was developed by the National Computer Security Center (NCSC) for the US
Department of Defense? TCSEC
947-Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions? pipelining
948-Which of the following describes a computer processing architecture in which a language compiler or preprocessor breaks program instructions down into basic operations that can be performed by the processor at the same time?
Very-Long Instruction-Word Processor (VLIW)
949-Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location?
direct addressing
950-The steps of an access control model should follow which logical flow: Identification, authentication, authorization
951-Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing. Which of following assure the Target of Evaluation (or TOE) is methodically designed, tested and reviewed? EAL 4
952-Attributable data should be: always traced to individuals responsible for observing and recording the data
953-If an internal database holds a number of printers in every department and this equals the total number of printers for the whole organization recorded elsewhere in the database, it is an example of: Internal consistency of the information system.
954-What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values? Lattice model
955-Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used)? A subject is not allowed to read down.
956-What would BEST define a covert channel?A communication channel that allows transfer of information in a manner that violates the system’s security policy.
957-Which of the following statements relating to the Biba security model is FALSE?
Programs serve as an intermediate layer between subjects and objects.
958-Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)?
The National Institute of Standards and Technology (NIST)
959-Why do buffer overflows happen? What is the main cause? Because of improper parameter checking within the application
960-Which of the following choices describe a condition when RAM and Secondary storage are used together? Virtual storage
961-Which of the following statements pertaining to protection rings is false?They provide users with a direct access to peripherals
962-What is it called when a computer uses more than one CPU in parallel to execute instructions? Multiprocessing
963-Which of the following statements pertaining to the trusted computing base (TCB) is false?
Its enforcement of security policy is independent of parameters supplied by system administrators.
964-What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access? The Reference Monitor
965-Which of the following is not a method to protect objects and the data within the objects? Data mining
966-What is the main focus of the Bell-LaPadula security model? Confidentiality
967-Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property? It allows “write up.”
968-Which security model introduces access to objects only through programs? The Clark-Wilson model
969-Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level? The noninterference model
970-Which of the following security models does NOT concern itself with the flow of data? The noninterference model
971-Which of the following Orange Book ratings represents the highest level of trust? B2
972-What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions? D
973-Which Orange book security rating introduces the object reuse protection? B2
974-Which Orange book security rating introduces security labels? B1
975-Which Orange book security rating is the FIRST to be concerned with covert channels? B2
976-What is called the formal acceptance of the adequacy of a system’s overall security by the management? Accreditation
977-Which division of the Orange Book deals with discretionary protection (need-to-know)? C
978-What does the Clark-Wilson security model focus on? Integrity
979-What does the simple security (ss) property mean in the Bell-LaPadula model? No read up
980-What does the * (star) property mean in the Bell-LaPadula model? No write down
981-What does the * (star) integrity axiom mean in the Biba model? No write up
982-What does the simple integrity axiom mean in the Biba model? No read down
983-What is the Biba security model concerned with? Integrity
984-Which security model uses division of operations into different parts and requires different users to perform each part?
Clark-Wilson model
985-A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?
Overt channel
986-What can best be described as a domain of trust that shares a single security policy and single management? A security domain
987-Which of the following describes a technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind?
Multiprocessing
988-Who first described the DoD multilevel military security policy in abstract, formal terms? David Bell and Leonard LaPadula
989-Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle? Complex Instruction Set Computers (CISC)
990-What is used to protect programs from all unauthorized modification or executional interference? A protection domain
991-What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it? A fault-tolerant system
992-Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?
The Clark Wilson integrity model
993-What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept? A security kernel
994-According to the Orange Book, which security level is the first to require a system to protect against covert timing channels?B3
995-According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles? B2
996-In the Bell-LaPadula model, the Star-property is also called: The confinement property
997-Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards? Accreditation
998-Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system? Fail safe
999-The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept: The reference monitor
1000-What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access? Bell-LaPadula Model
1001-Which of the following models does NOT include data integrity or conflict of interest? Bell-LaPadula
1002-Which of the following describes a logical form of separation used by secure computing systems?
Processes are constrained so that each cannot access objects outside its permitted domain.
1003-What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects? Disclosure of residual data
1004-In access control terms, the word “dominate” refers to which of the following? Higher or equal to access class
1005-The biggest difference between System High Security Mode and Dedicated Security Mode is: Need-to-know
1006-For competitive reasons, the customers of a large shipping company called the “Integrated International Secure Shipping Containers Corporation” (IISSCC) like to keep private the various cargos that they ship. IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other’s cargos. An unscrupulous fruit shipper, the “Association of Private Fuit Exporters, Limited” (APFEL) wants to learn whether or not a competitor, the “Fruit Is Good Corporation” (FIGCO), is shipping pineapples on the ship “S.S. Cruise Pacific” (S.S. CP). APFEL can’t simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can’t be sure whether or not FIGCO is shipping pineapples on the S.S. CP. What is the name of the access control model property that
prevented APFEL from reading FIGCO’s cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?
Simple Security Property and Polyinstantiation
1007-What is a trusted shell? It means that someone who is working in that shell cannot “bust out of it”, and other processes cannot “bust into it”.
1008-Which security model uses an access control triple and also require separation of duty? Clark-Wilson
1009-You have been approached by one of your clients . They are interested in doing some security reengineering . The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications . Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional , which model would you recommend to the client? Information Flow Model combined with Bell Lapadula
1010-Which of the following security models introduced the idea of mutual exclusivity which generates dynamically changing permissions? Brewer & Nash
1011-Pervasive Computing and Mobile Computing Devices have to sacrifice certain functions. Which statement concerning those devices is false. In many cases, security services has been enhanced due to the lack of services available.
1012-Which International Organization for Standardization standard is commonly referred to as the ‘common criteria’? 15408
1013-What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units)? Such deployment model may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Private Cloud
1014-When referring to the Cloud Computing Service models. What would you call a service model where the consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment? Platform as a Service (PaaS)
1015-Which of the following was the first mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access, and to outline rules of access? Bell-LaPadula
1016-Which of the following is a true statement pertaining to memory addressing?The CPU uses absolute addresses. Applications use logical addresses. Relative addresses are based on a known address and an offset value.
1017-Which of the following answers BEST describes the Bell La-Padula model of storage and access control of classified information? No read up and No write down
1018-In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network? Software as a service
1019-Which of the following cloud computing service model provides a way to rent operating systems, storage and network capacity over the Internet? Platform as a service
1020-Which of the following cloud computing service model is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components? Infrastructure as a service
1021-Which of the following cloud deployment model operates solely for an organization? Private Cloud
1022-Which of the following cloud deployment model can be shared by several organizations? Community Cloud
1023-Which of the following cloud deployment model is provisioned for open use by the general public? Public Cloud
1024-Which of the following cloud deployment model is formed by the composition of two or more cloud deployment mode?
Hybrid Cloud
5555555555555555555555555555555555555555555555555555555555555555555555555
1025-Configuration Management controls what? Auditing and controlling any changes to the Trusted Computing Base.
1026-If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist? Disclosure of residual data.
1027-Operations Security seeks to primarily protect against which of the following? asset threats
1028-Which of the following components are considered part of the Trusted Computing Base?
trusted hardware, software and firmware
1029-Which of the following is NOT an example of an operational control? Auditing
1030-Degaussing is used to clear data from all of the following medias except: Read-Only Medi
1031-It is a violation of the “separation of duties” principle when which of the following individuals access the software on systems implementing security? systems programmer
1032-When backing up an applications system’s data, which of the following is a key question to be answered first?
What records to backup
1033-The number of violations that will be accepted or forgiven before a violation record is produced is called
which of the following? clipping level
1034-Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette? Degaussing
1035Which of the following is true related to network sniffingSniffers allow an attacker to monitor data passing across a network.
1036-Which of the following is NOT a technique used to perform a penetration test?traffic padding
1037-Which of the following is NOT a media viability control used to protect the viability of data storage media? clearing
1038-Which of the following are the two commonly defined types of covert channels: Storage and Timing
1039-Which of the following refers to the data left on the media after the media has been erased? remanence
1040-Which of the following ensures that security is not breached when a system crash or other system failure occurs?
trusted recovery
1041-Which of the following ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the system’s life cycle? life cycle assurance
1042-Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles? B2
1043-Which of the following are NOT a countermeasure to traffic analysis? Eavesdropping.
1044-Which of the following are the three classifications of RAID identified by the RAID Advisory Board?
Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.
1045-RAID Level 1 is commonly called which of the following? mirroring
1046-Which of the following is often implemented by a one-for-one disk to disk ratio? RAID Level 1
1047-The main issue with Level 1 of RAID is which of the following? It is very expensive.
1048-Which of the following effectively doubles the amount of hard drives needed but also provides redundancy? RAID Level 1
1049-Which of the following is used to create parity information? a hamming code
1050-The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level while level 4 is usually implemented at which of the following? block level.
1051-The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced
on the server in which of the following scenarios? system is up and running
1052-RAID level 10 is created by combining which of the following? level 0 (striping) with level 1 (mirroring).
1053-A hardware RAID implementation is usually: platform-independent.
1054-RAID levels 3 and 5 run: faster on hardware.
1055-When RAID runs as part of the operating system on the file server, it is an example of a: software implementation.
1056-A server cluster looks like a: single server from the user’s point of view.
1057-Which of the following backup methods makes a complete backup of every file on the server every time it is run?
full backup method.
1058-Which backup method usually resets the archive bit on the files after they have been backed up? Incremental backup method.
1059-Which backup method is additive because the time and tape space required for each night’s backup grows during the week as it copies the day’s changed files and the previous days’ changed files up to the last full backup? differential backup method.
1060-Which of the following backup method must be made regardless of whether Differential or Incremental methods are used?
Full Backup Method
1061-Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses?
Digital Audio Tape (DAT).
1062-This type of backup management provides a continuous on-line backup by using optical or tape “jukeboxes,” similar to WORMs (Write Once, Read Many): Hierarchical Storage Management (HSM).
1063-Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the:
Operations Security Domain.
1064-The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers? Script kiddies
1065-Which of the following computer crime is MORE often associated with INSIDERS? Data diddling
1066-Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer?
Data diddling
1067-Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident’s effects is part of: Incident Protection
1068-An Intrusion Detection System (IDS) is what type of control? A detective control.
1069-The main issue with RAID Level 1 is that the one-for-one ratio is:
very expensive, resulting in the highest cost per megabyte of data capacity.
1070Which of the following RAID levels is not used in practice and was quickly superseded by the more flexible levelsRAID Level 2
1071-Which RAID implementation is commonly called mirroring? RAID level 1
1072-What is the main objective of proper separation of duties? To ensure that no single individual can compromise a system.
1073-Which of the following is not a component of a Operations Security “triples”? Risk
1074-Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system? Preventative Controls
1075-This type of control is used to ensure that transactions are properly entered into the system once. Elements of this type of control may include counting data and time stamping it with the date it was entered or edited? Input Controls
1076-When two or more separate entities (usually persons) operating in concert to protect sensitive functions or
information must combine their knowledge to gain access to an asset, this is known as? Dual Control
1077-Configuration Management is a requirement for the following level(s) of the Orange Book? B2, B3, and A1
1078-Which of the following is NOT a proper component of Media Viability Controls? Writing
1079-In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the best choice below. Network Address Hijacking
1080-What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account? Salami techniques
1081-When attempting to establish Liability, which of the following would be describe as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation?
Due care
1082-Which of the following is not a critical security aspect of Operations Controls? Environmental controls.
1083-This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious? Clipping level
1084-In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of? Transparency
1085-Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating? Security administrators
1086-Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions? B3
1087-Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?
They use highly talented ex-hackers
1088-Which of the following statements pertaining to ethical hacking is incorrect?
Ethical hackers never use tools that have the potential of affecting servers or services.
1089-What is the essential difference between a self-audit and an independent audit? Objectivity
1090-When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?
Clearing renders information unrecoverable by a keyboard attack and purging renders information unrecoverable against laboratory attack.
1091-A periodic review of user account management should not determine: Strength of user-chosen passwords.
1092-What is the main issue with media reuse? Data remanence
1093-Which of the following should NOT be performed by an operator? Data entry
1094-Which of the following should be performed by an operator? Installing system software
1095-Which of the following is not appropriate in addressing object reuse?Deleting files on disk before reusing the space.
1096-Which of the following is not a preventive operational control? Conducting security awareness and technical training.
1097-Which of the following questions is less likely to help in assessing controls over hardware and software maintenance?
Are integrity verification programs used by applications to look for evidences of data tampering, errors, and omissions?
1098-Which of the following questions is less likely to help in assessing identification and authentication controls?
Is there a process for reporting incidents?
1099-Which of the following questions are least likely to help in assessing controls covering audit trails?
Are incidents monitored and tracked until resolved?
1100-What setup should an administrator use for regularly testing the strength of user passwords?
A standalone workstation on which the password database is copied and processed by the cracking program.
1101-Which of the following rules is least likely to support the concept of least privilege?
Only data to and from critical systems and applications should be allowed through the firewall.
1102-Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of: Output controls
1103-Which of the following is an unintended communication path that is NOT protected by the system’s normal security mechanisms? A covert channel
1104-According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles? B2
1105-What is the most effective means of determining that controls are functioning properly within an operating system?
Review of software control features and/or parameters
1106-Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes? Rotation of duties
1107-Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data? Limiting the local access of operations personnel
1108-An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called: a degausser.
1109-What is the most secure way to dispose of information on a CD-ROM? Physical destruction
1110-Fault tolerance countermeasures are designed to combat threats to which of the following? design reliability.
1111-In what way can violation clipping levels assist in violation tracking and analysis?Clipping levels set a baseline for acceptable normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred.
1112-An incremental backup process
Backs up all the files that have changed since the last full or incremental backup and sets the archive bit to 0.
1113-In Operations Security trusted paths provide: trustworthy interfaces into privileged user functions.
1114-The Loki attack exploits a covert channel using which network protocol? ICMP
1115-Of the various types of “Hackers” that exist, the ones who are not worried about being caught and spending time in jail and have a total disregard for the law or police force, are labeled as what type of hackers? Suicide Hackers
1116-A Differential backup process will Backs up data labeled with archive bit 1 and leaves the data labeled as archive bit 1
1117-Ding Ltd. is a firm specialized in intellectual property business. A new video streaming application needs to be installed for the purpose of conducting the annual awareness program as per the firm security program. The application will stream internally copyrighted computer based training videos. The requirements for the application installation are to use a single server, low cost technologies, high performance and no high availability capacities. In regards to storage technology, what is the most suitable configuration for the server hard drives? RAID O
1118-According to Requirement 3 of the Payment Card Industry’s Data Security Standard (PCI DSS) there is a requirement to “protect stored cardholder data.” Which of the following items cannot be stored by the merchant? The Card Validation Code (CVV2)
1119-Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test? White-Box Penetration Testing
1120-Which of the following answers BEST indicates the most important part of a data backup plan?
Testing the backups with restore operations
1121-Which of the following answers is directly related to providing High Availability to your users? Backup data circuits
1122-Which of the following answers presents the MOST significant threat to network based IDS or IPS systems? Encrypted Traffic
1123-Which of the following method is recommended by security professional to PERMANENTLY erase
sensitive data on magnetic media? Degaussing
1124-Which of the following best describes what would be expected at a “hot site”?
Computers, climate control, cables and peripherals
1125-Who should direct short-term recovery actions immediately following a disaster? Disaster Recovery Manager.
1126-Prior to a live disaster test also called a Full Interruption test, which of the following is most important?
Conduct of a successful Parallel Test
1127-Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes? Dependencies
1128-Which of the following recovery plan test results would be most useful to management?
list of successful and unsuccessful activities.
1129-Which of the following computer recovery sites is only partially equipped with processing equipment? warm site.
1130-Which of the following computer recovery sites is the least expensive and the most difficult to test? cold site.
1131-Which of the following is the most important consideration in locating an alternate computing facility during
the development of a disaster recovery plan? It is unlikely to be affected by the same disaster.
1132-Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement? reciprocal agreement.
1133-Organizations should not view disaster recovery as which of the following? Discretionary expense.
1134-Which of the following backup sites is the most effective for disaster recovery? Hot sites
1135-Which of the following is NOT a transaction redundancy implementation? on-site mirroring
1136-Which of the following provides enterprise management with a prioritized list of time-critical business processes, and estimates a recovery time objective for each of the time critical processes and the components of the enterprise that support those processess?
Business Impact Assessment
1137-Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA):
Notifying senior management of the start of the assessment.
1138-A site that is owned by the company and mirrors the original production site is referred to as a _______?Redundant Site
1139-Which of the following results in the most devastating business interruptions? Loss of Data
1140-Which of the following is the most critical item from a disaster recovery point of view? Data
1141-Which of the following is defined as the most recent point in time to which data must be synchronized
without adversely affecting the organization (financial or operational impacts)? Recovery Point Objective
1142-Valuable paper insurance coverage does not cover damage to which of the following? Money and Securities
1143-Which of the following is covered under Crime Insurance Policy Coverage? Money and Securities
1144-If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on:
Value of item on the date of los
1145-If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be
compensated: Based on new, comparable, or identical item for old regardless of condition of lost item
1146-What is the Maximum Tolerable Downtime (MTD)? It is maximum delay businesses can tolerate and still remain viable
1147-Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)?
Alternate site selection
1148-Which one of the following is NOT one of the outcomes of a vulnerability assessment?
Formal approval of BCP scope and initiation document
1149-The scope and focus of the Business continuity plan development depends most on: Business Impact Analysis (BIA)
1150-Which of the following items is NOT a benefit of cold sites? Quick Recovery
1151-Qualitative loss resulting from the business interruption does NOT usually include: Loss of revenue
1152-When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as? Shadowing
1153-Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications? External Hot site
1154-What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team? The least critical functions should be moved back first
1155-Business Continuity and Disaster Recovery Planning (Primarily) addresses the: Availability of the CIA triad
1156-Which of the following is used to create parity information? a hamming code
1157-Which of the following backup methods makes a complete backup of every file on the server every time it is run?
full backup method.
1158-Which of the following is a large hardware/software backup system that uses the RAID technology? Table Array.
1159-What is the MOST critical piece to disaster recovery and continuity planning? Management support
1160-During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable? Quantitatively measuring the results of the test
1161-Which of the following statements regarding an off-site information processing facility is TRUE?
It should have the same amount of physical access restrictions as the primary processing site.
1162-Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident’s effects is part of: Incident Response
1163-A server farm consisting of multiple similar servers seen as a single IP address from users interacting with the group of servers is an example of which of the following? Server clustering
1164-Which of the following is NOT a common backup method? Daily backup method
1165-Which common backup method is the fastest on a daily basis? Incremental backup method
1166-Which of the following backup methods is most appropriate for off-site archiving? Full backup method
1167-Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)? Develop a mission statement.
1168-Which of the following statements pertaining to RAID technologies is incorrect?
RAID-5 has a higher performance in read/write speeds than the other levels.
1169-Which of the following is NOT a common category/classification of threat to an IT system? Hackers
1170-Which of the following enables the person responsible for contingency planning to focus risk management
efforts and resources in a prioritized manner only on the identified risks? Risk assessment
1171-A contingency plan should address: Residual risks All answers are correct.
1172-Which of the following focuses on sustaining an organization’s business functions during and after a disruption?
Business continuity plan
1173-Which of the following specifically addresses cyber attacks against an organization’s IT systems? Incident response plan
1174-Which of the following provides coordinated procedures for minimizing loss of life, injury, and property damage in response to a physical threat? Occupant emergency plan
1175-Which of the following teams should NOT be included in an organization’s contingency plan? Tiger team
1176-Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect?
The Contingency Planning Coordinator should make sure that every employee gets an up-todate copy of the plan.
1177-Which of the following is less likely to accompany a contingency plan,either within the plan itself or in the form of an appendix?
Contact information for all personnel.
1178-Which of the following server contingency solutions offers the highest availability? Load balancing/disk replication
1179-What assesses potential loss that could be caused by a disaster? The Business Impact Analysis (BIA)
1180-Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival? A business impact analysis
1181-What can be defined as the maximum acceptable length of time that elapses before the unavailability of
the system severely affects the organization? Recovery Time Objectives (RTO)
1182-Which of the following steps should be one of the first step performed in a Business Impact Analysis (BIA)?
Identify and Prioritize Critical Organization Functions
1183-A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include?
Data/Telecomm/IS facilities
1184-During the salvage of the Local Area Network and Servers, which of the following steps would normally be
performed first? Assess damage to LAN and servers
1185-Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?
In order to facilitate recovery, a single plan should cover all locations
1186-A Business Continuity Plan should be tested: At least once a year.
1187-Which of the following statements pertaining to a Criticality Survey is incorrect?
It is implemented to gather input from all personnel that is going to be part of the recovery teams.
1188-Which disaster recovery plan test involves functional representatives meeting to review the plan in detail?
Structured walk-through test
1189-System reliability is increased by: A higher MTBF and a lower MTTR.
1190-The first step in the implementation of the contingency plan is to perform: A data backup
1191-The MOST common threat that impacts a business’s ability to function normally is: Power Outage
1192-Failure of a contingency plan is usually: A management failure
1193-Which of the following questions is less likely to help in assessing an organization’s contingency planning controls?
Is damaged media stored and/or destroyed?
1194-A business continuity plan is an example of which of the following? Corrective control
1195-When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems? Senior business unit management
1196-Which of the following statements pertaining to disaster recovery planning is incorrect?
Every organization must have a disaster recovery plan
1197-Which of the following statements do not apply to a hot site? It provides a false sense of security.
1198-What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?
Electronic vaulting
1199-Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test? Full Interruption test
1200-Which of the following statements pertaining to disaster recovery is incorrect?
When returning to the primary site, the most critical applications should be brought back first.
1201-For which areas of the enterprise are business continuity plans required? All areas of the enterprise.
1202-Which of the following will a Business Impact Analysis NOT identify? What is a hot-site facility?
1203-What is a hot-site facility? A site with pre-installed computers, raised flooring, air conditioning, telecommunications and
networking equipment, and UPS.
1204-Which of the following best describes remote journaling?
Real time transmission of copies of the entries in the journal of transactions to an alternate site
1205-All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would not be considered an essential element of the BIA but an important topic to include within the BCP plan: Public Relations
1206-Of the following, which is NOT a specific loss criteria that should be considered while developing a BIA?
Loss of skilled workers knowledge
1207-Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?
Continous auditing makes a Disaster Recovery plan irrelevant
1208-Which backup type run at regular intervals would take the least time to complete? Incremental Backup
1209-What is electronic vaulting? A transfer of bulk information to a remote central backup facility.
1210-After a company is out of an emergency state, what should be moved back to the original site first? Least critical components
1211-How often should tests and disaster recovery drills be performed? At least once a year
1212-A business impact assessment is one element in business continuity planning. What are the three primary
goals of a BIA? Criticality prioritization, downtime estimation, and resource requirements.
1213-Business Continuity Planning (BCP) is not defined as a preparation that facilitates:
the monitoring of threat activity for adjustment of technical controls
1214-During a test of a disaster recovery plan the IT systems are concurrently set up at the alternate site. The results are compared to the results of regular processing at the original site. What kind of testing has taken place? Parallel
1215-During a business impact analysis it is concluded that a system has maximum tolerable downtime of 2 hours. What would this system be classified as? Critical
1216-Business Impact Analysis (BIA) is about Supporting the mission of the organization
1217-What is the MOST important step in business continuity planning? Business Impact Analysis (BIA)
1218-You have been tasked with developing a Business Continuity Plan/Disaster Recovery (BCP/DR) plan. After several months of researching the various areas of the organization, you are ready to present the plan to Senior Management. During the presentation meeting, the plan that you have dutifully created is not received positively. Senior Management is not convinced that they need to enact your plan, nor are they prepared to invest any money in the plan. What is the BEST reason, as to why Senior Management is not willing to enact your plan? The business case was not initially made and thus did not secure their support.
1219-How often should a Business Continuity Plan be reviewed? At least once a year
1220-Mark’s manager has tasked him with researching an intrusion detection system for a new dispatching center. Mark identifies the top five products and compares their ratings. Which of the following is the evaluation criteria most in use today for these types of purposes? Common Criteria
1221-When planning for disaster recovery it is important to know a chain of command should one or more people become missing, incapacitated or otherwise not available to lead the organization. Which of the following terms BEST describes this process?
Succession Planning
1222-Of the three types of alternate sites: hot, warm or cold, which is BEST described by the following facility description?
– Configured and functional facility
– Available with a few hours
– Requires constant maintenance
– Is expensive to maintain
Hot Site
1223-Which of the following plan provides procedures for sustaining essential business operations while
recovering from significant disruption? Business Continuity Plan
6666666666666666666666666666666666666666666666666666666666666666666666666666
1224-Which of the following groups represents the leading source of computer crime losses? Employees
1225-Which of the following is biggest factor that makes Computer Crimes possible? Victim carelessness.
1226-Under United States law, an investigator’s notebook may be used in court in which of the following scenarios?
To refresh the investigators memory while testifying.
1227-In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected? Human Resources
1228-To be admissible in court, computer evidence must be which of the following? Relevant
1229-The typical computer fraudsters are usually persons with which of the following characteristics? They hold a position of trust
1230-Once evidence is seized, a law enforcement officer should emphasize which of the following? Chain of custody
1231-The ISC2 Code of Ethics does not include which of the following behaviors for a CISSP: Control
1232-Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?
System development activity
1233-Which of the following is from the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087)?
Access to and use of the Internet is a privilege and should be treated as such by all users of the systems.
1234-Which of the following is NOT defined in the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087) as unacceptable and unethical activity? uses a computer to steal
1235-Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography. Diffie_Hellmann
1236-In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?
Displayed the contents of a folder
1237-Which of the following tools is NOT likely to be used by a hacker? Tripwire
1238-Which of the following computer crime is MORE often associated with INSIDERS? Data diddling
1239-What do the ILOVEYOU and Melissa virus attacks have in common? They are both masquerading attacks.
1240-Crackers today are MOST often motivated by their desire to: Gaining Money or Financial Gains.
1241-Which of the following statements regarding trade secrets is FALSE?
The Trade Secret Law normally protects the expression of the idea of the resource.
1242-What is the PRIMARY goal of incident handling? Contain and repair any damage caused by an event.
1243-Which of the following would be LESS likely to prevent an employee from reporting an incident?
The process of reporting incidents is centralized
1244-Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations? The Federal Sentencing Guidelines of 1991.
1245-What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected?
To ensure that it will be admissible in court
1246-Which of the following logical access exposures INVOLVES CHANGING data before, or as it is entered into the computer?
Data diddling
1247-Which of the following is an example of an active attack? Scanning
1248-The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of the corresponding vulnerability. Therefore, a legal liability may exists when: (C < L) or C is less than L
1249-What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent? Exigent Circumstance Doctrine
1250-A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence?
Secondary evidence
1251-Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness’s five senses? Direct evidence.
1252-This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What best describes this scenario?
Excessive Privileges
1253-Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud/attack makes use of a device that generates tones to simulate inserting coins in pay phones, thus fooling the system into completing free calls? Red Boxes
1254-When companies come together to work in an integrated manner such as extranets, special care must be taken to ensure that each party promises to provide the necessary level of protection, liability and responsibility. These aspects should be defined in the contracts that each party signs. What describes this type of liability? Downstream liabilities
1255-This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence? Corroborative evidence
1256-Under intellectual property law what would you call information that companies keep secret to give them an advantage over their competitors? Trade Secrets
1257-Which category of law is also referenced as a Tort law? Civil law
1258-What category of law deals with regulatory standards that regulate performance and conduct? Government agencies create these standards, which are usually applied to companies and individuals within those companies? Administrative law.
1259-The copyright law (“original works of authorship”) protects the right of the owner in all of the following except? The idea itself
1260-To understand the ‘whys’ in crime, many times it is necessary to understand MOM. Which of the following is not a component of MOM? Methods
1261-In the statement below, fill in the blank: Law enforcement agencies must get a warrant to search and seize an individual’s property, as stated in the _____ Amendment. Fourth.
1262-Within the legal domain what rule is concerned with the legality of how the evidence was gathered? Exclusionary rule
1263-Computer-generated evidence is considered: Second hand evidence
1264-Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court?
The chain of custody of the evidence must show who collected, secured, controlled, handled, transported the evidence, and that it was not tampered with.
1265-Keeping in mind that these are objectives that are provided for information only within the CBK as they only apply to the committee and not to the individuals. Which of the following statements pertaining to the (ISC) 2 Code of Ethics is incorrect?
All information systems security professionals who are certified by (ISC)2 shall forbid behavior such as associating or appearing to associate with criminals or criminal behavior.
1266-Which of the following statements is not listed within the 4 canons of the (ISC)2 Code of Ethics? All information systems security professionals who are certified by (ISC)2 shall think about the social consequences of the program they write.
1267-Regarding codes of ethics covered within the ISC2 CBK, within which of them is the phrase “Discourage unsafe practice” found? (ISC)2 Code of Ethics
1268-Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect? Data collected by an organization can be used for any purpose and for as long as necessary, as long as it is never communicated outside of the organization by which it was collected
1269-Which of the following is NOT a Generally Accepted System Security Principle (GASSP)?
The conception of computer viruses and worms is unethical.
1270-Which of the following would best describe secondary evidence? A copy of a piece of evidence
1271-Why would a memory dump be admissible as evidence in court? Because it is used to identify the state of the system.
1272-Which type of attack would a competitive intelligence attack best classify as? Business attack
1273-Due care is not related to: Profit
1274-Which of the following is not a form of passive attack? Data diddling
1275-When a possible intrusion into your organization’s information system has been detected, which of the following actions should be performed first? Determine to what extent systems and data are compromised.
1276-When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court? Capture and record system information.
1277-In order to be able to successfully prosecute an intruder: A proper chain of custody of evidence has to be preserved.
1278-When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence: Verifiable documentation indicating the who, what, when, where, and how the evidence was handled should be available.
1279-When should a post-mortem review meeting be held after an intrusion has been properly taken care of?
Within the first week of completing the investigation of the intrusion.
1280-If an organization were to monitor their employees’ e-mail, it should not: Monitor only a limited number of employees.
1281-If an employee’s computer has been used by a fraudulent employee to commit a crime, the hard disk may be seized as evidence and once the investigation is complete it would follow the normal steps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which of the following steps listed below? Destruction
1282-Which of the following is a problem regarding computer investigation issues?
Computer-generated records are only considered secondary evidence, thus are not as reliable as best evidence.
1283-What is defined as inference of information from other, intermediate, relevant facts? Circumstantial evidence
1284-Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions would have no bearing on the inadmissibility of audit logs and audit trails in a court of law? Records are collected by senior or executive management.
1285-Which of the following is the BEST way to detect software license violations? Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.
1286-Which of the following categories of hackers poses the greatest threat? Disgruntled employees
1287-Which of the following best defines a Computer Security Incident Response Team (CSIRT)?
An organization that coordinates and supports the response to security incidents.
1288-Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:
They have not exercised due care protecting computing resources.
1289-The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called: enticement.
1290-Which element must computer evidence have to be admissible in court? It must be relevant.
1291-The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior for Internet users?
Wasting computer resources.
1292-A security analyst asks you to look at the traffic he has gathered, and you find several Push flags within the
capture. It seems the packets are sent to an unknown Internet Address (IP) that is not in your network from
one of your own IP addresses which is a financial database that is critical and must remain up and running
24×7. This traffic was noticed in the middle of the day. What would be the best course of action to follow?
Block the IP address at the perimeter and create a bit level copy of the database server. Run antivirus
scan on the database and add to the IPS a rule to automatically block similar traffic
1293-Block the IP address at the perimeter and create a bit level copy of the database server. Run antivirus scan on the database and add to the IPS a rule to automatically block similar traffic.
The US department of Health, Education and Welfare developed a list of fair information practices focused
on privacy of individually, personal indentifiable information. Which one of the following is incorrect?
1294-An attack that involves an fraudster tricking a user into making inappropriate security decisions is known as:Social Engineering
1295-The US-EU Safe Harbor process has been created to address which of the following?
Protection of personal data transfered between U.S and European companies
1296-What is Dumpster Diving? Running through another person’s garbage for discarded document, information and other various items that could be used against that person or company
1297-Which of the following is the most important ISC2 Code of Ethics Canons?
Protect society, the commonwealth, and the infrastructure
1298-What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units)? Such deployment model may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises. Private Cloud
1299-When referring to the Cloud Computing Service models. What would you call a service model where the consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment? Platform as a Service (PaaS)
1300-The exact requirements for the admissibility of evidence vary across legal systems and between different cases(e.g.,criminal versus tort). At a more generic level,evidence should have some probative value,be relevant to the case at hand,and meet the following criteria which are often called the five rules of evidence:It has to be authentic, accurate, complete, convincing, and Admissible.
1301-You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals. One day you receive a laptop and are part of a two man team responsible for examining it together. However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch.
What critical step in forensic evidence have you forgotten? Chain of custody
1302-Researchers have recently developed a tool that imitates a 14 year old on the Internet. The authors developed a “Chatter Bot” that mimics conversation and treats the dissemination of personal information as the goal to determine if the other participant in the conversation is a pedophile. The tool engages people in conversation and uses artificial intelligence to check for inappropriate
questions by the unsuspecting human. If the human types too many suggestive responses to the “artificial” 14 year old, the tool then notifies the police. From a legal perpective, what is the greatest legal challenge to the use of this tool? Entrapment
1303-You are a criminal hacker and have infiltrated a corporate network via a compromised host and a misconfigured firewall. You find many targets inside the network but all appear to be hardened except for one. It has several notable vulnerable services and it therefore seems out of place with an otherwise secured network. (Except for the misconfigured firewall, of course) What is it that you are likely seeing here? A Honeypot
1304-The most prevalent cause of computer center fires is which of the following? Electrical distribution systems
1305-Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?
When the fire involves electrical equipment
1306-Examples of types of physical access controls include all EXCEPT which of the following? passwords
1307-Guards are appropriate whenever the function required by the security program involves which of the following?
The use of discriminating judgment
1308-What physical characteristic does a retinal scan biometric device measure? The pattern of blood vessels at the back of the eye
1309-Which of the following is the most costly countermeasure to reducing physical security risks? Security Guards
1310-Which is the last line of defense in a physical security sense? people
1311-Devices that supply power when the commercial utility power system fails are called which of the following?
uninterruptible power supplies
1312-Which of the following is true about a”dry pipe”sprinkler system?
It reduces the likelihood of the sprinkler system pipes freezing
1313-Which of the following is a class A fire? common combustibles
1314-Which of the following is the preferred way to suppress an electrical fire in an information center? CO2
1315-What are the four basic elements of Fire? Heat, Fuel, Oxygen, and Chain Reaction
1316-Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire? Halon
1317-Which of the following is a class C fire? electrical
1318-Which of the following is NOT a system-sensing wireless proximity card? magnetically striped card
1319-Which of the following is NOT a type of motion detector? Photoelectric sensor
1320-Which of the following is NOT a precaution you can take to reduce static electricity? power line conditioning
1321-Which of the following is currently the most recommended water system for a computer room? preaction
1322-Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by
the difference between the hot and ground wires? common-mode noise
1323-The “vulnerability of a facility” to damage or attack may be assessed by all of the following except: security budget
1324-Which of the following is not an EPA-approved replacement for Halon? Bromine
1325-Which of the following is not a physical control for physical security?training
1326-Crime Prevention Through Environmental Design (CPTED) is a discipline that: Outlines how the proper design of a physical environment can reduce crime by directly affecting human behavior.
1327-The main risks that physical security components combat are all of the following EXCEPT: SYN flood
1328-A momentary power outage is a: faul
1329-A momentary high voltage is a: spike
1330-A momentary low voltage, from 1 cycle to a few seconds, is a: sag
1331-A prolonged high voltage is a: surge
1332-A prolonged complete loss of electric power is a: blackout
1333-A prolonged power supply that is below normal voltage is a: brownout
1334-While referring to Physical Security, what does Positive pressurization means?
The air goes out of a room when a door is opened and outside air does not go into the room.
1335-Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. This area is referred to as the: Plenum area
1336-Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of: Physical controls
1337-To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector. Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it?
Rate-of-rise temperature sensor installed below the raised floors
1338-Which type of fire extinguisher is most appropriate for a digital information processing facility? Type C
1339-Which of the following controls related to physical security is not an administrative control? Alarms
1340-Which of the following is related to physical security and is not considered a technical control? Locks
1341-Which of the following floors would be most appropriate to locate information processing facilities in a 6- stories building? Third floor
1342-What can be defined as a momentary low voltage? Sag
1343-Which of the following fire extinguishing systems incorporating a detection system is currently the most recommended water system for a computer room? Preaction
1344-For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)? Double fencing
1345-The viewing of recorded events after the fact using a closed-circuit TV camera is considered a Detective control
1346-Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring? Capacitance detectors
1347-The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise’s resources and sensitive information. Which of the following is not one of these areas? Countermeasures
1348-Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced. Which of the following is not a component that achieves this type of security? Integrity control mechanisms
1349-The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis? Critical-path analysis
1350-Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems? UP
1351-The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts?Corrosio
1352-In a dry pipe system, there is no water standing in the pipe – it is being held back by what type of valve? Clapper valve
1353-The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to? Illiminated at eight feet high with at least two foot-candles
1354-The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts? Static electricity
1355-Which fire class can water be most appropriate for? Class A fires
1356-Critical areas should be lighted: Eight feet high and two feet out.
1357-At which temperature does damage start occurring to magnetic media? 100 degrees Fahrenheit or 37’7 Celsius
1358-What is the minimum static charge able to cause disk drive data loss? 1500 volts
1359-What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters? An auxiliary station alarm
1360-Which of the following questions is less likely to help in assessing physical access controls?
Is the operating system configured to prevent circumvention of the security software and application controls?
1361-Which of the following questions is less likely to help in assessing physical and environmental protection? Are there processes to ensure that unauthorized individuals cannot read, copy, alter, or steal printed or electronic information?
1362-Which of the following statements pertaining to fire suppression systems is TRUE?
Water Based extinguisher are NOT an effective fire suppression method for class C (electrical) fires.
1363-How should a doorway of a manned facility with automatic locks be configured? It should be configured to be fail-safe.
1364-Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader? A transponder
1365-According to ISC2, what should be the fire rating for the internal walls of an information processing facility?
All internal walls must have a one-hour minimum fire rating, except for walls to adjacent rooms where
records such as paper and media are stored, which should have a two-hour minimum fire rating.
1366-Which of the following statements pertaining to air conditioning for an information processing facility is correct?
The AC units must be dedicated to the information processing facility
1367-Which of the following statements pertaining to secure information processing facilities is incorrect?
Windows should be protected with bars.
1368-What is a common problem when using vibration detection devices for perimeter control?
They are vulnerable to non-adversarial disturbances.
1369-Under what conditions would the use of a “Class C” hand-held fire extinguisher be preferable to the use of a “Class A” hand-held fire extinguisher? When the fire involves electrical equipment.
1370-To be in compliance with the Montreal Protocol,which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room?
Order a Non-Hydrochlorofluorocarbon compound from the manufacturer
1371-Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is best described as: Ownership
1372-In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which of the following configuration? Fail Secure
1373-Which of the following is a NOT a guideline necessary to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations?
Maintain access rosters of maintenance personnel who are not authorized to work on the system
1374-Which of the following type of lock uses a numeric keypad or dial to gain entry? Cipher lock
1375-Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users? Retina scan
Leave a reply