SP7 - P/E > P/E 3 > Flashcards

P/E 3 Flashcards

(251 cards)

Study These Flashcards
1
Q
  1. Which of the following is not a valid means to improve the security offered by password authentication?

A. Enabling account lockout controls
B. Enforcing a password policy
C. Using password-verification tools and password-cracking tools against your password database file
D. Allowing users to reuse the same password

A

Answer: D

Preventing password reuse by tracking password history increases security but allowing users to reuse the same password does not increase security. You can also improve password security by enabling account lockout controls, enforcing a password policy, and using password verification tools to check the strength of existing passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. What provides data for re-creating the history of an event, intrusion, or system failure?

A. Security policies
B. Log files
C. Audit reports
D. Business continuity planning

A

Answer: B

Log files provide an audit trail for re-creating the history of an event, intrusion, or system failure. An audit trail includes log files and can reconstruct an event, extract information about an incident, and prove or disprove culpability. Security policies are documents that define security requirements for an organization. An audit report includes details gleaned from log files. Business continuity planning occurs before an event, such as a disaster, in an attempt to reduce the impact of the event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. What category of malicious software includes rogue antivirus software?

A. Logic bombs
B. Worms
C. Trojan horses
D. Spyware

A

Answer: C

Rogue antivirus software is an example of a Trojan horse. Users are tricked into installing it, and once installed, it steals sensitive information and/or prompts the user for payment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. What is the most important aspect of a biometric device?

A. Accuracy
B. Acceptability
C. Enrollment time
D. Invasiveness

A

Answer: A

The most important aspect of a biometric factor is its accuracy. If a biometric factor is not accurate, it may allow unauthorized users into a system. Acceptability by users, the amount of time it takes to enroll, and the invasiveness of the biometric device are additional considerations but not as important as its accuracy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. In areas where technical controls cannot be used to prevent virus infections, what should be used to prevent them?

A. Security baselines
B. Awareness training
C. Traffic filtering
D. Network design

A

Answer: B

Educating users is an important part of preventing virus infections and works with technical controls such as antivirus software. Security baselines provide a secure starting point for a system as a technical control. Traffic filtering is another technical control that can block viruses. Network design can be used to control the flow of traffic as a technical control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What standard governs the creation of digital certificates used in the public key infrastructure?

A. FIPS 180-2
B. S/MIME
C. X.509
D. 802.1x

A

Answer: C

X.509 defines a common format for digital certificates containing certification of a public encryption key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What is the final stage in the life cycle of backup media, occurring after or as a means of sanitization?

A. Degaussing
B. Destruction
C. Declassification
D. Defenestration

A

Answer: B

Destruction is the final stage in the life cycle of backup media. Destruction should occur after proper sanitization or as a means of sanitization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Security mechanisms, tools, and practices that deter and mitigate malicious activity and events are what type of control?

A. Preventive control
B. Directive control
C. Corrective control
D. Recovery control

A

Answer: A

Preventive controls are the actual mechanisms by which malicious acts and activities are reduced or prevented entirely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Beth is looking through web server logs and finds form input that looks like this:

13>SCRIPT>alert(‘Enter your password’)>/SCRIPT>

What type of attack has she likely discovered?

A. XSS
B. SQL injection
C. XSRF
D. TOCTTOU

A

Answer: A

The use of the tag is a telltale sign of a cross-site scripting (XSS) attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. What security flaw conveys information by writing data to a common storage area where another process can read it?

A. Covert timing channel
B. Buffer overflow
C. Covert storage channel
D. Maintenance hook

A

Answer: C

A covert storage channel conveys information by writing data to a common storage area where another process can read it. Storing data in such a way introduces a security flaw that allows unauthorized users to access the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. APTs are most closely related to what type of attack category?

A. Military attacks
B. Thrill attacks
C. Grudge attacks
D. Insider attacks

A

Answer: A

Advanced persistent threats (APTs) are often associated with government and military actors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is a divestiture?

A. Asset or employee reduction
B. A distribution of profits to shareholders
C. A release of documentation to the public
D. A transmission of data to law enforcement during an investigation

A

Answer: A

A divestiture is an asset or employee reduction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. There are generally three forms of governance within an enterprise organization, all of which have common goals, such as to ensure continued growth and expansion over time and to maintain resiliency to threats and the market. Which of the following is not one of these common forms of governance?

A. IT
B. Facility
C. Corporate
D. Security

A

Answer: B

The three common forms of governance are IT, corporate, and security. Facility is not usually considered a form of governance, or it is already contained within one of the other three.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What form of attack is always possible when using a non-802.1x implementation of a wireless network?

A. Password guessing
B. Encryption cracking
C. IV interception
D. Packet replay attacks

A

Answer: A

Password guessing is always a potential attack if a wireless network is not otherwise using some other form of authentication, typically accessed via 802.1x.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What is the preparation of storage media by overwriting with unclassified data for later reuse or redistribution?

A. Erasure
B. Clearing
C. Purging
D. Sanitization

A

Answer: B

Clearing is a method of sufficiently deleting data on media that will be reused in the same secured environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. What is a secret agreement between parties to commit a criminal act against an organization or third party?

A. Collision
B. Confusion
C. Collusion
D. Contusion

A

Answer: C

Collusion is the act of two or more parties conspiring to commit a crime against another party or organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. What type of processing makes use of a multithreading technique at the operating system level?

A. Symmetric multiprocessing
B. Multitasking
C. Multiprogramming
D. Massively parallel processing

A

Answer: A

Symmetric multiprocessing systems implement multithreading techniques at the operating system level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. Of the following, what best explains the motivation for using a preventive access control?

A. To discourage violation of security policies
B. To stop unwanted or unauthorized activity from occurring
C. To discover unwanted or unauthorized activity
D. To restore systems to normal after an unwanted or unauthorized activity has occurred

A

Answer: B

The essence of a preventive access is to prevent or stop unwanted or unauthorized activity from occurring. Option A defines a deterrent access control, option C defines a detective access control, and option D defines a corrective access control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. The University of Outer Mongolia runs a web application that processes student tuition payments via credit card and is subject to PCI DSS. The university does not wish to perform web vulnerability scans on a regular basis because they consider them too time-consuming. What technology may they put in place that eliminates the PCI DSS requirement for recurring web vulnerability scans?

A. Web application firewall
B. Intrusion prevention system
C. Network vulnerability scanner
D. None. There is no exception to the recurring web vulnerability scan requirement.

A

Answer: A

PCI DSS allows organizations to choose between performing annual web vulnerability assessment tests or installing a web application firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. In what type of software testing does the tester not have access to the code?

A. White box
B. Black box
C. Gray box
D. Static

A

Answer: B

Black-box testing examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output. Black-box testers do not have access to the internal code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. Which conceptual security model offers the best preventive protection against viral infection and outbreak?

A. ISO/OSI reference model
B. Concentric circle
C. Operations security triple
D. CIA Triad

A

Answer: B

A concentric circle security model represents the best practice known as defense in depth, a layered approach to protecting IT infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. What is access?

A. Functions of an object
B. Information flow from objects to subjects
C. Unrestricted admittance of subjects on a system
D. Administration of ACLs

A

Answer: B

Access is the transfer of information from an object to a subject. An object is a passive resource that does not have functions. Access is not unrestricted. Access control includes more than administration of access control lists (ACLs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. Which of the following increases vulnerabilities related to viruses?

A. Length of time the system is operating
B. The classification level of the primary user
C. Installation of software
D. Use of roaming profiles

A

Answer: C

As more software is installed, more vulnerabilities are added to the system, thus adding more avenues of attack for viruses. How long a system operates, the classification level of the user, or the use of roaming profiles does not increase vulnerabilities related to viruses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. What is the act of searching for unauthorized modems known as?

A. Dumpster diving
B. Espionage
C. System auditing
D. War dialing

A

Answer: D

War dialing is the act of searching for unauthorized modems that will accept inbound calls on an otherwise secure network in an attempt to gain access. Dumpster diving is searching through trash for information. Espionage is the act of collecting information against a competitor or foreign government. System auditing is used to assess the effectiveness of security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
25. What is the frequency of an IT infrastructure security audit or security review based on? A. Asset value B. Administrator discretion C. Risk D. Level of realized threats
Answer: C The frequency of an IT infrastructure security audit or security review is based on risk. You must establish the existence of sufficient risk to warrant the expense of, and interruption caused by, a security audit on a more or less frequent basis. Asset value and threats are a part of risk but are not the whole picture, and assessments are not performed based only on either of these. A high-value asset with a low level of threats doesn't present a high risk. Similarly, a low-value asset with a high level of threats doesn't present a high risk. The decision to perform an audit isn't usually relegated to an administrator.
26
26. Which one of the following techniques takes the concept of process isolation and applies it to hardware controls? A. Layering B. Abstraction C. Data hiding D. Hardware segmentation
Answer: D Hardware segmentation is similar to process isolation in purpose. It prevents the access of information that belongs to a different process/security level.
27
27. What is a well-known synonym for defense in depth? A. Confidentiality-Integrity-Accountability B. Bastion server C. Layered security D. Biometric authentication
Answer: C Defense in depth is also known as layered security. The motivation for layered security comes from the benefits that accrue from establishing multiple layers or levels of access controls to provide defense in depth from security threats. If one layer fails or is bypassed, defenses at other layers kick in to provide additional protection.
28
28. What element of quantitative risk analysis judges the frequency of compromise of a threat? A. SLE B. EF C. AV D. ARO
Answer: D The ARO (annualized rate of occurrence) is the element of quantitative risk analysis that judges the frequency of compromise of a threat.
29
29. Your manager is concerned that the business impact assessment recently completed by the BCP team doesn't adequately take into account the loss of goodwill among customers that might result from a particular type of disaster. Where should items like this be addressed? A. Continuity strategy B. Quantitative analysis C. Likelihood assessment D. Qualitative analysis
Answer: D The qualitative analysis portion of the business impact assessment (BIA) allows you to introduce intangible concerns, such as loss of customer goodwill, into the BIA planning process.
30
30. What security services are provided by Kerberos for authentication traffic? A. Availability and nonrepudiation B. Confidentiality and nonrepudiation C. Confidentiality and integrity D. Availability and authorization
Answer: C Kerberos provides confidentiality and integrity protection security services for authentication traffic using symmetric cryptography to encrypt tickets sent over the network to prove identification and provide authentication. The security services provide by Kerberos are not directly related to availability or nonrepudiation.
31
31. Which essential element of an audit report is not considered to be a basic concept of the audit? A. Purpose of the audit B. Recommendations of the auditor C. Scope of the audit D. Results of the audit
Answer: B Recommendations of the auditor are not considered basic and essential concepts to be included in an audit report. Key elements of an audit report include the purpose, scope, and results of the audit.
32
32. The process by which media is prepared for irrevocable destruction to ensure no chance of data recovery goes by what name? A. Degaussing B. Sterilization C. Declassification D. Sanitization
Answer: D Sanitization is the process of wiping storage media clean in preparation for disposal or destruction. It ensures that data cannot be recovered by any means from destroyed or discarded media.
33
33. What strategy basically consists of multiple layers of antivirus, malware, and spyware protection distributed throughout a given network environment? A. CIA Triad B. Concentric circle C. Operations security triple D. Separation of duties
Answer: B A concentric circle security model comprises several mutually independent security applications, processes, or services that operate toward a single common goal.
34
34. What security mode allows systems to process information at more than one level of security even when all users do not have appropriate clearances? A. Dedicated B. Multilevel C. Compartmented D. System high
Answer: B Multilevel security systems can process information at different levels even when all system users do not have the required security clearance to access all information processed by the system.
35
35. What process state can be dependent on peripherals? A. Ready B. Waiting C. Running D. Supervisory
Answer: B The waiting state is a process state that depends on peripherals as the processes pause execution until the conclusion of some requested activity, such as peripheral activity.
36
36. What sort of intruder is actually one of the "good guys" doing good things for your network security? A. Unethical hacker B. Ethical hacker C. System cracker D. Malicious user
Answer: B Ethical hackers are those trained in responsible network security methodology, with a philosophy toward nondestructive and nonintrusive testing.
37
37. What phase of a business impact assessment calculates the ARO for a given risk scenario? A. Risk identification B. Likelihood assessment C. Impact assessment D. Resource prioritization
Answer: B The annualized rate of occurrence (ARO) is a measure of how many times a risk might materialize in a typical year. It is a measure of risk likelihood.
38
38. Which of the following is not an effective countermeasure against inappropriate content being hosted or distributed over a secured network? A. Activity logging B. Content filtering C. Intrusion detection system D. Penalties for violations
Answer: C An intrusion detection system is designed to detect intrusions and is not a countermeasure against inappropriate content by internal users. However, activity logging, content filtering, and policies that include penalties for violations can all be used as countermeasures for inappropriate content.
39
39. Which of the following statements is not true? A. VLANs are created by switches. B. A subnet is created by a router. C. Multilayer switches can allow cross-VLAN communications by providing a routing function. D. The assignment of an IP address and subnet mask defines a subnet.
Answer: B A subnet is not created by a router; a subnet is created through the assignment of an IP address and a subnet mask. Routers only manage traffic between subnets.
40
40. Which security principle involves the knowledge and possession of sensitive material as an aspect of one's occupation? A. Principle of least privilege B. Separation of duties C. Need to know D. As-needed basis
Answer: C The need-to-know policy operates on the basis that any given system user should be granted access only to portions of sensitive information or materials necessary to perform some task.
41
41. What would an administrator use to ensure systems have required patches? A. Patch management system B. Patch scanner C. Penetration tester D. Fuzz tester
Answer: A A patch management system ensures that systems have required patches. In addition to deploying patches, it would also check the systems to verify they accepted the patches. There is no such thing as a patch scanner. A penetration test will attempt to exploit a vulnerability, but it can be intrusive and cause an outage so it isn't appropriate in this scenario. A fuzz tester sends random data to a system to check for vulnerabilities but doesn't test for patches.
42
42. How does an API user typically authenticate to use the API? A. Password B. API key C. Cookie D. Two-factor authentication
Answer: B API keys are passed with each API call to authenticate the API user.
43
43. When possible, operations controls should be _____. A. Simple B. Administrative C. Preventive D. Transparent
Answer: D When possible, operations controls should be invisible, or transparent, to users. This keeps users from feeling hampered by security and reduces their knowledge of the overall security scheme, thus further restricting the likelihood that users will violate system security deliberately.
44
44. Which one of the following terms can be used to describe RAM memory? A. Secondary B. Sequential C. Nonvolatile D. Random
Answer: D Random access memory (RAM) is accessed in a random, rather than a sequential, fashion.
45
45. What is layering? A. Deploying multiple security mechanisms in parallel B. Deploying multiple security mechanisms in a series C. Requiring identification and authentication before authorization D. Deploying multiple firewalls around the perimeter of a network
Answer: B Layering is the deployment of multiple security mechanisms in a series.
46
46. What networking device can be used to create digital network segments that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices? A. Router B. Switch C. Proxy D. Gateway
Answer: B A switch is a networking device that can be used to create digital network segments (i.e., VLANs) that can be altered as needed by adjusting the settings internal to the device rather than on end-point devices. A router connects disparate networks rather than creating network segments.
47
47. Which of the following is true about Kerberos? A. It uses symmetric key cryptography. B. It uses asymmetric key cryptography. C. It uses public key cryptography. D. It requires a PKI.
Answer: A Kerberos uses symmetric key cryptography. It does not use asymmetric or public key cryptography, and it does not require public key infrastructure (PKI).
48
48. When an intruder gains unauthorized access to a facility by asking an employee to hold open a door because their arms are full of packages, this is known as what type of attack? A. Tailgating B. Masquerading C. Impersonation D. Piggybacking
Answer: D Piggybacking is following someone through a secured gate or doorway without being identified or authorized personally.
49
49. Which security mode provides the most granular control over resources and users? A. Dedicated B. System high C. Compartmented D. Multilevel
Answer: B System high mode provides the most granular control over resources and users because it enforces clearances, requires need to know, and allows the processing of only single sensitivity levels. All the other levels either do not have unique need to know between users (dedicated), allow multiple levels of data processing (compartmented), or allow a wide number of users with varying clearance (multilevel).
50
50. A team that initially knows nothing about its target before performing a security analysis is known as what? A. Absolute knowledge B. Partial knowledge C. Zero knowledge D. Infinite knowledge
Answer: C Zero-knowledge teams possess only primary information about an organization during a security assessment or penetration test.
51
51. Which one of the following addressing schemes uses a value stored in one of the CPU's registers combined with an instruction operand to determine the correct memory location to access? A. Direct addressing B. Immediate addressing C. Base+Offset addressing D. Indirect addressing
Answer: C Base+Offset addressing uses a value stored in one of the CPU's registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to the value and retrieves the operand from that computed memory location.
52
52. Which of the following is not an element defined under the Clark-Wilson model? A. Constrained data item B. Transformation procedures C. Redundant commit statement D. Integrity verification procedure
Answer: C A redundant commit statement is not associated with the Clark-Wilson model; it is instead an element in database replication. The Clark-Wilson model does define constrained data item, transformation procedures, and integrity verification procedure.
53
53. What security principle states that a thorough understanding of a system's operational details is not necessary for most routine activities? A. Process isolation B. Abstraction C. Monitoring D. Hardware segmentation
Answer: B Abstraction states that a detailed understanding of lower system levels is not a necessary requirement for working at higher levels.
54
54. The Clark-Wilson access model is also called a(n) ___________________ interface model. A. Encrypted B. Triple C. Restricted D. Unrestricted
Answer: C The Clark-Wilson model can also be described as a restricted interface model because it uses classification-based restrictions to offer subject-specific functions and information. Subjects at one classification level will see a specific set of data and obtain access to a related set of functions, while another subject at a different classification level will see a different dataset and obtain access to a different set of functions.
55
55. A person who illicitly gains the trust or credentials from a trusted party has committed what criminal act? A. Espionage B. Sabotage C. Reverse engineering D. Social engineering
Answer: D Social engineering is an attempt to deceive an insider into performing questionable actions on behalf of some unauthorized outsider.
56
56. Which of the following is not a valid reason why log files should be protected? A. Log files can be used to reconstruct events leading up to an incident. B. Attackers may try to erase their activity during or after an attack. C. Unprotected log files cannot be used as evidence. D. Log files include information on why an attack occurred.
Answer: D Log files include information on what happened, when and where it happened, who was involved, and sometimes how, but they do not include why an attack occurred; they do not include the motivation of an attacker. Log files should be protected because they can be used to reconstruct events, attackers may try to modify them, and unprotected logs cannot be used as evidence.
57
57. Which type of intrusion detection system (IDS) can be considered an expert system? A. Host-based B. Network-based C. Knowledge-based D. Behavior-based
Answer: D A behavior-based IDS can be labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events. A knowledge-based IDS uses a database of known attack methods to detect attacks. Both host-based and network-based systems can be either knowledge-based, behavior-based, or a combination of both.
58
58. What form of data sampling examines only errors that occur above some specified threshold level? A. Sampling B. Summarizing C. Clipping D. Accounting
Answer: C Clipping levels are widely used in the process of auditing events to establish a baseline of system or user activity that is considered routine activity.
59
59. Why should an enterprise network implement endpoint security? A. To provide sufficient security on each individual host. B. Centralized security mechanisms are too expensive. C. Network security safeguards do not provide any protection for hosts. D. Hardware security options are ineffective against software exploits.
Answer: A Endpoint security is implemented in order to provide sufficient security on each individual host, rather than relying on network-based security only.
60
60. Which one of the following is not one of the canons of the (ISC)2 code of ethics? A. Act honorably, honestly, justly, responsibly, and legally. B. Advance and protect the profession. C. Preserve the integrity of the CISSP exam. D. Provide diligent and competent service to principals.
Answer: C The code of ethics does not explicitly mention the CISSP exam.
61
61. Which of the following security models is most often used for general commercial applications? A. Brewer and Nash model B. Biba model C. Bell-LaPadula model D. Clark-Wilson model
Answer: D Of the four models mentioned, Biba and Clark-Wilson are most commonly used for commercial applications because both focus on data integrity. Of these two, Clark-Wilson offers more control and does a better job of maintaining integrity, so it's used most often for commercial applications. Bell-LaPadula is used most often for military applications. Brewer and Nash applies only to datasets (usually within database management systems) where conflict-of-interest classes prevent subjects from accessing more than one dataset that might lead to a conflict-of-interest situation.
62
62. What technique is the most effective means of protecting against XSS attacks? A. Acceptance testing B. Code review C. Firewall rules D. Input validation
Answer: D Input validation protects against a wide variety of web-based attacks, including XSS.
63
63. You are designing a contract management system and need to be able to prove to a court that the individual who sent in a contract actually sent the message and that it was not forged. What cryptographic goal are you trying to achieve? A. Nonrepudiation B. Confidentiality C. Integrity D. Authentication
Answer: A The cryptographic goal of nonrepudiation ensures that you can prove to an uninvolved third party that a message originated with the purported sender.
64
64. What encryption algorithm does the WPA-2 protocol use to protect wireless networks? A. DES B. 3DES C. AES D. TKIP
Answer: C WPA-2 uses AES encryption, replacing the TKIP encryption used by WPA.
65
65. What form of security planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans? A. Strategic B. Operational C. Administrative D. Tactical
Answer: D Tactical planning is designed to focus on timeframes of approximately one year and may include scheduling of tasks, assignment of responsibilities, hiring plans, maintenance plans, and even acquisition plans.
66
66. If the user has the ability to define object access, what type of controls are you using? A. Discretionary controls B. Mandatory controls C. Audited controls D. Remote controls
Answer: A Discretionary controls give the subject (user) some ability to define the objects to access. This access control mechanism ensures that the owner or creator of an object controls and defines the access other subjects have to that object.
67
67. What is the purpose of a security impact analysis in the context of change management? A. To approve changes B. To reject changes C. To identify changes D. To review changes
Answer: D A security impact analysis reviews change requests and evaluates them for potential negative impacts. All changes aren't necessarily approved or rejected. The analysis doesn't attempt to identify changes.
68
68. Which of the following can be used securely even when no preexisting secure form of communication exists between the two parties? A. AES B. RSA C. IDEA D. RC5
Answer: B RSA is an example of asymmetric cryptography, which does not require a preexisting relationship to provide a secure mechanism for data exchange. Two individuals can begin communicating securely from the moment they start communicating.
69
69. How is accountability maintained for individual subjects? A. Paper trails B. Audit trails C. Compliance checks D. Penetration tests
Answer: B Audit trails are the means through which individuals are held accountable for their actions and any events or occurrences they cause.
70
70. In a(n) ___________ system, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment. A. Trusted B. Authorized C. Available D. Baseline
Answer: A In a trusted system, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
71
71. What is the first action that you should take when responding to an information security incident? A. Isolate and contain. B. Gather evidence. C. Report. D. Restore service.
Answer: A The first priority in incident response is to prevent further damage by isolating affected systems and containing the threat.
72
72. A screen scraper tool can be used to? A. Remove fingerprints from glass screens B. Capture keystrokes C. Remove advertisements from web pages D. Extract data from XML/HMTL-formatted data automatically
Answer: D A screen scraper tool is used to automatically extract standardized formatted data, such as XML and HTML, from human-friendly output. This tool is often used to extract results from web search engines.
73
73. Generally, a privacy policy is designed to protect what? A. A user's privacy B. The public's freedom C. Intellectual property D. A company's right to audit
Answer: D The purpose of a privacy policy is to inform users where they do and do not have privacy for the primary benefit of the protection of the company's right to audit and monitor user activity.
74
74. What form of security control is used to guide the implementation of an organization? A. Directive control B. Detective control C. Corrective control D. Preventive control
Answer: A Directive controls are the means by which an organizational security policy is governed at the logical level.
75
75. What basic access control mechanism is being used when all access is blocked unless a statement allows the access? A. Constrained interface B. Access control matrix C. Explicit deny D. Implicit deny
Answer: D An implicit deny mechanism will block all access that is not explicitly allowed. A constrained interface reduces what is viewable to a user and an access control matrix identifies subjects and objects, and they both employ an implicit deny philosophy, but the question doesn't describe them. An explicit deny philosophy requires a separate rule to deny specific access.
76
76. The Bell-LaPadula access control model was designed to protect what aspect of security? A. Confidentiality B. Integrity C. Accessibility D. Authentication
Answer: A The Bell-LaPadula model is focused on maintaining the confidentiality of objects. Bell-LaPadula does not address the aspects of object integrity or availability.
77
77. Which of the following terms correctly describes all three of the following protocols: IPX/SPX, AppleTalk, and NetBEUI? A. Routable protocols B. Non-IP protocols C. Layer 2 protocols D. Stateful protocols
Answer: B IPX/SPX, AppleTalk, and NetBEUI are examples of non-IP protocols.
78
78. Which of the following encryption packages provides full disk encryption and is built into Microsoft Windows? A. TrueCrypt B. PGP C. EFS D. BitLocker
Answer: D BitLocker is the full disk encryption package provided by Microsoft as a Windows component. EFS, while a component of Windows, does not provide full disk encryption. TrueCrypt and PGP are not Microsoft products.
79
79. Which one of the following business impact assessment (BIA) tasks should be performed last? A. Risk identification B. Resource prioritization C. Impact assessment D. Likelihood assessment
Answer: B Resource prioritization is the final step of the business impact assessment (BIA) process.
80
80. Bob just received a message from Alice encrypted with the RSA algorithm. What key should he use to decrypt it? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key
Answer: D Bob decrypts any messages he receives using his own private key.
81
81. Most of the higher-order security models, such as Bell-LaPadula and Biba, are based on which of the following? A. Take-Grant model B. State machine model C. Brewer and Nash model D. Clark Wilson model
Answer: B Most higher-order security models, such as Bell-LaPadula and Biba, are based on the state machine model (as well as the information flow and noninterference models).
82
82. What technology allows for phone conversations to occur over an existing TCP/IP network and Internet connection? A. IPSec B. VoIP C. SSH D. TLS
Answer: B VoIP (Voice over IP) allows for phone conversations to occur over an existing TCP/IP network and Internet connection.
83
83. A security mechanism that verifies the effectiveness of directive and preventive controls is itself what type of control? A. Corrective control B. Directive control C. Deceptive control D. Detective control
Answer: D Detective controls are, as the name suggests, mechanisms and means through which the effectiveness of preventive controls is verified.
84
84. What term describes a secure channel for the TCB to communicate with the rest of the system? A. Trusted path B. Covert channel C. Overt channel D. IPSec session
Answer: A A trusted path is a channel established with strict standards to allow necessary communication without exposing the TCB to security vulnerabilities.
85
85. Which of the following means of cache poisoning relates to the relationship between a MAC address and an IP address? A. HOSTS file poisoning B. Caching server poisoning C. Internet files cache poisoning D. ARP poisoning
Answer: D ARP performs the resolution of and maintains the local cache of mappings between MAC addresses and IP addresses. Thus, ARP poisoning affects the MAC to IP relationship. HOSTS file poisoning and caching server poisoning are DNS attacks, thus exploiting the relationship between FQDNs and IP addresses. Internet file cache poisoning is the planting of false code or other data in a browser's file history.
86
86. Which of the following is not a common component of third-party governance? A. Document exchange and review B. Full interruption testing C. Onsite assessment D. Process/policy review
Answer: B Third-party governance typically includes onsite assessment, document exchange and review, and process/policy review. Full interruption testing is more often associated with DRP.
87
87. The Goguen-Meseguer model is an ________ model based on predetermining the set or domain—a list of objects that a subject can access. A. Integrity B. Confidentiality C. Non-interference D. Availability
Answer: A The Goguen-Meseguer model is an integrity model based on predetermining the set or domain—a list of objects that a subject can access.
88
88. Which of the following is not typically a technique employed by software designers to ensure that a program does only what is required and nothing more? A. Confinement B. Bounds C. Isolation D. Throughput
Answer: D Although throughput is an important factor in supporting availability, it is not a key technique employed by software designers to ensure that software does only what is required and nothing more.
89
89. What type of chip often stores the firmware used by printers and other hardware devices? A. ROM B. PROM C. EPROM D. EEPROM
Answer: D The BIOS firmware is normally stored on an EEPROM chip to allow for "flash" updates when the BIOS needs revision.
90
90. The _______ plan is a midterm plan developed to provide more details on accomplishing the goals set forth in the ______ plan. A. Tactical, strategic B. Operational, strategic C. Strategic, operational D. Tactical, operation
Answer: A The tactical plan is a midterm plan developed to provide more details on accomplishing the goals set forth in the strategic plan.
91
91. Which one of the following business impact assessment variables is used to quantify the frequency with which a specific event is expected to occur over the course of a year? A. AV B. SLE C. ARO D. MTD
Answer: C The annualized rate of occurrence (ARO) measures the frequency with which a specific event is expected to occur over the course of a year.
92
92. What type of electrical component serves as the primary building block for static RAM chips? A. Capacitor B. Resistor C. Flip-flop D. Translator
Answer: C Static RAM chips are built using a number of flip-flop transistors that retain their charge without requiring constant refreshing.
93
93. What processor operating mode is designed to protect users from accidentally damaging the system through the execution of poorly designed code? A. User mode B. Privileged mode C. System mode D. Kernel mode
Answer: A User mode is the basic mode used by the CPU when executing user instructions. It enables only a portion of the full CPU instruction set.
94
94. What type of threat is often sponsored by a government? A. Whaling B. Spear-phishing C. Advanced persistent threat D. Rogueware
Answer: C An advanced persistent threat (APT) refers to a group of attackers working together who are highly motivated, skilled, and patient and are often sponsored by a government. Whaling is a phishing attack that focuses on high-level executives and spear-phishing is a targeted phishing attack, but neither is commonly sponsored by a government. Rogueware is software that appears as free antivirus software but is actually malicious.
95
95. What is the vulnerability or feature of a PBX system that allows for an external entity to piggyback onto the PBX system and make long-distance calls without being charged for the tolls? A. Black box B. DTMF C. Vishing D. Remote dialing
Answer: D Remote dialing (aka hoteling) is the vulnerability or feature of a PBX system that allows for an external entity to piggyback onto the PBX system and make long-distance calls without being charged for the tolls.
96
96. What can you use to ensure that users create strong passwords and do not reuse passwords? A. Password length B. Password complexity C. Password history D. Password policy
Answer: D A password policy can ensure that users create strong passwords of sufficient length and complexity. Password policies can also track password history and prevent users from reusing passwords.
97
97. What notion grants users only the access they need to complete their jobs tasks? A. Due diligence B. CIA Triad C. Principle of least privilege D. Due care
Answer: C Granting users limited access only to those applications, functions, processes, or services necessary to fulfill their tasks is the principle of least privilege.
98
98. What is an attempt to vigorously exercise the security constraints and parameters of a network, often using any means necessary? A. Ethical hacking B. Penetration testing C. War dialing D. Brute force
Answer: B Penetration testing is the process of exercising, validating, and verifying the state of security on a network.
99
99. How many new cryptographic keys must be generated when a user is removed from an already-functioning public key encryption system? A. Zero B. One C. Two D. All keys
Answer: A The removal of a user from a public key cryptosystem does not require the generation of any new keys. A message merely needs to be sent to all participants revoking the former user's key pair.
100
100. Spamming attacks occur when numerous unsolicited messages are sent to a victim. Because enough data is sent to the victim to prevent legitimate activity, it is also known as what? A. Sniffing B. Denial of service C. Brute-force attack D. Buffer overflow attack
Answer: B A spamming attack (sending massive amounts of unsolicited email) can be used as a type of denial-of-service attack. It doesn't use eavesdropping methods, so it isn't sniffing. Brute-force methods attempt to crack passwords. Buffer overflow attacks send strings of data to a system in an attempt to cause it to fail.
101
101. What process would you utilize to sufficiently delete any existing data on a magnetic storage volume for reuse in questionably secure environments? A. Cleansing B. Sanitizing C. Purging D. Sterilizing
Answer: C Purging is used to sufficiently cleanse remnants of data on a magnetic storage drive so that it can be reused in unsecure environments.
102
102. What is the name of the security standard that was specifically designed as a replacement for SSL? A. SSH B. IPSec C. TLS D. SHTTP
Answer: C TLS (Transport Layer Security) was specifically designed as a replacement for SSL.
103
103. Exercising reasonable care to protect the interests and assets of an organization through a formalized security structure (policies, standards, guidelines, and so on) is better known as what? A. Due care B. Due notice C. Due diligence D. Due indifference
Answer: A Due care is the notion of preserving and protecting assets and interests for a given organization as exercised through a formalized security structure comprising baselines, guidelines, policies, procedures, and rules.
104
104. The Roscommon Rangers baseball team is concerned about the risk that a storm might result in the cancellation of a baseball game. There is a 30 percent chance that the storm will occur, and if it does, the team must refund all single-game tickets because the game cannot be rescheduled. Season ticket holders will not receive a refund and account for 20 percent of ticket sales. The ticket sales for the game are $1.5 million. What is the exposure factor in this scenario? A. 20 percent B. 30 percent C. 70 percent D. 80 percent
Answer: D The exposure factor is the amount of the asset that is at risk. In this case, the 80 percent of the tickets that are single-game sales must be refunded, so the exposure factor is 80 percent of the game's revenue.
105
105. Of the following, what can mitigate the success of a sniffing attack? A. Using rainbow tables B. Salting passwords C. Using access reviews D. Using encrypted passwords
Answer: D Encrypted passwords (and one-time passwords) can reduce the success of a sniffing attack. Rainbow tables are used by attackers to crack hashed passwords. Salting passwords helps reduce the success rate of rainbow tables. Access reviews help ensure that an organization is using practices that support the security policy.
106
106. What is record retention? A. The act of deleting and purging records and important information B. The act of creating and modifying records and important information C. The act of storing and maintaining records and important information D. The act of sharing and distributing records and important information
Answer: C Storing and maintaining vital records and crucial information is instrumental to record retention.
107
107. What is a hardware-imposed network segmentation that requires a routing function to support intersegment communications otherwise known as? A. Subnet B. DMZ C. VLAN D. Extranet
Answer: C A VLAN (virtual LAN) is a hardware-imposed network segmentation created by switches that requires a routing function to support communication between different segments.
108
108. What type of cipher replaces each character in a message with an alternate value to achieve confidentiality? A. Stream cipher B. Transposition cipher C. Block cipher D. Substitution cipher
Answer: D Substitution ciphers actually replace the characters in a message with different values.
109
109. Name the collection of processes used to prepare media so that classified data cannot be recovered before, during, and after final destruction. A. Cleansing B. Clearing C. Degaussing D. Sanitization
Answer: D Sanitization is any number of processes that prepare media for destruction.
110
110. Which of the following is not a reason why using passwords alone is a poor security mechanism? A. When possible, users choose easy-to-remember passwords that are easy to guess or crack. B. Randomly generated passwords are hard to remember, and thus many users write them down. C. Short passwords can be discovered quickly in brute-force attacks only when used against a stolen password database file. D. Passwords can be stolen through many means, including observation, recording and playback, and security database theft.
Answer: C Brute-force attacks can be used against password database files and system logon prompts, not only database files. Weaknesses with passwords include users choosing easy-to-remember passwords, users writing down complex passwords, and the ability to steal passwords with other methods.
111
111. Ricky receives an encrypted message from Flo that uses an asymmetric encryption algorithm. What key should he use to decrypt the message? A. Flo's public key B. Flo's private key C. Ricky's public key D. Ricky's private key
Answer: D Ricky uses his own private key to decrypt the message that Flo encrypted with Ricky's public key.
112
112. What can detect creeping privileges? A. Account provisioning B. Disabling an account C. Account review D. Account revocation
Answer: C Account reviews can detect instances of creeping privileges or excessive privileges. Account provisioning grants privileges. Disabling an account ensures it isn't used, and account revocation deletes the account.
113
113. Which system state operation mode has the most restricted access to resources? A. User mode B. Privileged mode C. System mode D. Kernel mode
Answer: A User mode is the most restricted system mode.
114
114. What type of memory uses space on a drive to simulate RAM? A. Virtual memory B. Virtual storage C. Real memory D. Real storage
Answer: A Virtual memory uses drive space to simulate memory when programs require more memory than is physically available.
115
115. Which method of storage preparation is the least secure against recovery attempts or laboratory attacks? A. Clearing B. Purging C. Declassification D. Erasing
Answer: D Erasing media is simply performing a delete operation against a file, a selection of files, or the entire media.
116
116. Which of the following is the least acceptable form of biometric device? A. Iris scan B. Retina scan C. Fingerprint D. Facial geometry
Answer: B Of the options listed, a retina scan is the least accepted biometric device because it requires users to position their face on a cup reader that blows air into the eye and can reveal personal health issues. An iris scan can be read from a distance and doesn't reveal medical information. Additionally, fingerprints and facial geometry scans do not reveal medical information and are less invasive.
117
117. Monitoring can be used to perform all but which of the following? A. Detect asset values B. Detect malicious actions by subjects C. Detect attempted intrusions D. Detect system failures
Answer: A Monitoring is not used to detect asset values. Monitoring can help detect malicious actions, attempted intrusions, and system failures.
118
118. Any process, mechanism, or tool that guides an organizational security implementation is what type of control? A. Administrative control B. Corrective control C. Directive control D. Detective control
Answer: C Directive controls guide an organizational security implementation and as such are control statements.
119
119. Which one of the following is not a function supported by PEM? A. Disclosure protection B. Originator authenticity C. Traffic flow confidentiality D. Message integrity
Answer: C Privacy Enhanced Mail (PEM) does not provide traffic flow confidentiality.
120
120. Which of the following does not usually represent a timeframe of increased risk and vulnerability to an organization, such as information disclosure, data loss, and unplanned downtime? A. Layoffs B. Awareness training C. Acquisitions D. Mergers
Answer: B Awareness training typically reduces risk and vulnerability.
121
121. What tool uses precomputed hashes to crack password hashes stored in a password file? A. Brute force B. Rainbow table C. Replay attack D. Steganography
Answer: B The rainbow table contains precomputed hashes of common passwords and is used to crack hashes stored in password files.
122
122. Which of the following is not considered a type of auditing activity? A. Recording of event data B. Data reduction C. Log analysis D. Deployment of countermeasures
Answer: D Deployment of countermeasures is not considered a type of auditing activity but is instead an attempt to prevent security problems. Auditing includes recording event data in logs, using data reduction methods to extract meaningful data, and analyzing logs.
123
123. Which of the following is not a benefit of VLANs? A. Traffic isolation B. Data/traffic encryption C. Traffic management D. Reduced vulnerability to sniffers
Answer: B VLANs do not impose encryption on data or traffic. Encrypted traffic can occur within a VLAN, but encryption is not imposed by the VLAN.
124
124. Using a network packet sniffer, you intercept a communication. After examining the IP packet's header, you notice that the flag byte has the binary value of 00000100. What does this indicate? A. A flooding attack is occurring. B. A new session is being initiated. C. A reset has been transmitted. D. A custom-crafted IP packet is being broadcast.
Answer: C The flag value of 00000100 indicates a RST, or reset flag, has been transmitted. This is not necessarily an indication of malicious activity.
125
125. What Clark-Wilson model feature helps protect against insider attacks by restricting the amount of authority any user possesses? A. Simple integrity property B. Time of use C. Need to know D. Separation of duties
Answer: D The Clark-Wilson model enforces separation of duties to further protect the integrity of data. This model employs limited interfaces or programs to control and maintain object integrity.
126
126. Spoofing is primarily used to perform what activity? A. Send large amounts of data to a victim B. Cause a buffer overflow C. Hide the identity of an attacker through misdirection D. Steal user account names and passwords
Answer: C Spoofing grants the attacker the ability to hide their identity through misdirection and is used in many different types of attacks. Spoofing doesn't send large amounts of data to a victim. It can be used as part of a buffer overflow attack to hide the identity of the attacker but doesn't cause buffer overflows directly. If user account names and passwords are stolen, the attacker can use them to impersonate the user.
127
127. Preventing unwanted software installations are best handled by what form of control? A. Detective control B. Access control C. Directive control D. Administrative control
Answer: B Access control is the automated mechanism that can prevent or permit system changes, installations, and updates on a selective basis.
128
128. One of the most common vulnerabilities of an IT infrastructure and the hardest to protect against is the occurrence of ________. A. Errors and omissions B. Inference C. Data destruction by malicious code D. Data scavenging
Answer: A One of the most common vulnerabilities and hardest to protect against is the occurrence of errors and omissions. Inference is a technique used to gain information from a database without having full access to the database and can be protected by controlling database access. Malicious code can be blocked with up-to-date antivirus software. Data scavenging can be blocked by controlling what data is thrown in the trash.
129
129. What form of addressing is described as the memory address that is supplied to the CPU as part of the instruction but doesn't contain the actual value that the CPU is to use as an operand; instead, the memory address contains another memory address? A. Direct B. Indirect C. Immediate D. Global
Answer: B Indirect addressing occurs when the memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address.
130
130. What is the most common programmer-generated security flaw? A. TOCTTOU vulnerability B. Buffer overflow C. Inadequate control checks D. Improper logon authentication
Answer: B By far, the buffer overflow is the most common, and most avoidable, programmer-generated vulnerability.
131
131. Which one of the following BCP phases involves the largest commitment of hardware and software resources? A. BCP development B. BCP testing, training, and maintenance C. BCP evaluation D. BCP implementation
Answer: D The BCP implementation phase involves the largest commitment of hardware and software resources. The other phases are more manpower intensive.
132
132. In a typical environment, when a user creates a new file object (such as a document or image file), who is the owner of that object by default? A. Key recovery agent B. Administrator or root C. Creator D. None
Answer: C The user who creates a new object is usually the default owner of that object.
133
133. What Bell-LaPadula property protects a subject from modifying an object at a lower security level? A. No read up B. No read down C. No write up D. No write down
Answer: D The * (star) Security Property states that a subject may not write information to an object at a lower sensitivity level (no write down).
134
134. Gathering sensitive information about an organization or party, in both physical and digital form, for the purpose of ill-gotten gain or disclosure is indicative of what crime? A. Sabotage B. Social engineering C. Espionage D. Collusion
Answer: C Espionage is a criminal action to disclose or profit from illegally obtained sensitive information about an organization.
135
135. Which of the composition theories refers to the management of information flow from one system to another? A. Feedback B. Hookup C. Cascading D. Waterfall
Answer: C Cascading: Input for one system comes from the output of another system. Feedback: One system provides input to another system, which reciprocates by reversing those roles (so that system A first provides input for system B and then system B provides input to system A). Hookup: One system sends input to another system but also sends input to external entities. Waterfall: A form of project management, not related to information flow.
136
136. What feature of the TCP/IP protocol suite makes it possible for tools like Loki to bypass firewall restrictions by passing otherwise prohibited traffic across the network sentry using ICMP? A. Dynamic IP addressing B. Encapsulation C. VLSM D. Supernetting
Answer: B Encapsulation is the feature of the TCP/IP protocol suite that makes it possible for tools like Loki to bypass firewall restrictions by tunneling prohibited traffic through an alternate protocol, such as ICMP.
137
137. Which form of memory is used for long-term retention? A. Nonvolatile primary memory B. Nonvolatile secondary memory C. Volatile primary memory D. Volatile secondary memory
Answer: B Nonvolatile secondary memory is used for long-term storage. Examples of this memory type include hard drives, optical discs, and magnetic tape.
138
138. Reversing the unwanted effects of some event or occurrence (attacks, faults, and errors) is governed by what form of control? A. Administrative control B. Preventive control C. Corrective control D. Reactive control
Answer: C Corrective controls are the governing means and mechanisms that reverse and undo the undesirable effects of a given event or occurrence, such as system intrusion or component failure.
139
139. In what type of cryptographic attack does the attacker interfere with the connection establishment and then gain access to all subsequent communications? A. Man-in-the-middle attack B. Chosen plain-text attack C. Birthday attack D. Meet-in-the-middle attack
Answer: A In the man-in-the-middle attack, the attacker sits between the two communicating parties and relays messages between them. Both parties think they are communicating directly with each other.
140
140. Which of the following attacks is an attempt to test every possible combination against a security feature in order to bypass it? A. Brute-force attack B. Spoofing attack C. Dictionary attack D. Rainbow table attack
Answer: A A brute-force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols. Spoofing is pretending to be something or someone else, and it is used in a wide variety of attacks. A dictionary attack checks passwords against a database or dictionary. A rainbow table attack checks hashed values of passwords against the values stored in a rainbow table.
141
141. What can detect violations of the principle of least privilege? A. User entitlement audit B. Review of security logs C. Review of inactive accounts D. Traffic analysis
Answer: A A user entitlement audit can identify whether users have excessive privileges violating the principle of least privilege. While security logs may be used in the user entitlement audit, they would not be used alone. A review of inactive accounts is part of an access review audit, not a user entitlement audit. Traffic analysis focuses on the patterns and trends of data rather than the actual content.
142
142. You were hired to perform a business impact assessment for a company located in Southern California and are evaluating the firm's exposure to wildfires. You've determined that the value of the firm's facilities and equipment is $10,000,000. After consulting fire experts, you've determined that there is a 10 percent chance that the facility will be 75 percent destroyed by wildfire in a given year. What is the annual loss expectancy (ALE)? A. $100,000 B. $750,000 C. $7,500,000 D. $10,000,000
Answer: B The annual loss expectancy is computed by multiplying the asset value ($10,000,000) by the exposure factor (75 percent), then multiplying that (the SLE) by the ARO, in this example 10 percent, resulting in $750,000 ALE.
143
143. What type of alternate processing facility contains a full complement of computing equipment in working order but lacks current copies of data? A. Hot site B. Warm site C. Cold site D. Cloud site
Answer: B Warm sites contain all of the equipment needed to assume operations but do not maintain current data.
144
144. What is the fastest form of memory? A. L2 cache B. CPU registers C. RAM D. Flash memory
Answer: B CPU registers are the fastest form of memory.
145
145. Methodical examination and review of environmental security and regulatory compliance, and a form of directive control, is known as what? A. Penetration testing B. Compliance checking C. Auditing D. Ethical hacking
Answer: C Auditing is the periodic examination and review of a network to ensure that it meets security and regulatory compliance.
146
146. When NAC is used to manage an enterprise network, what happens to a notebook system once reconnected to the intranet after it has been out of the office for six weeks while in use by an executive on an international business trip? A. Reimaged B. Updated at next refresh cycle C. Quarantine D. User must reset their password
Answer: C NAC often operates in a pre-admission philosophy in which a system must meet all current security requirements (such as patch application and antivirus updates) before it is allowed to communicate with the network. This often means systems that are not in compliance are quarantined or otherwise involved in a captive portal strategy in order to force compliance before network access is restored.
147
147. Which of the following statements is false? A. Security governance is the collection of practices related to supporting, defining, and directing the security efforts of an organization. B. Security governance is the implementation of a security solution and a management method that are tightly interconnected. C. Security governance is an IT issue only. D. Security governance directly oversees and gets involved in all levels of security.
Answer: C Security is not and should not be treated as an IT issue only.
148
148. An organization is hosting a website that accesses resources from multiple organizations. They want users to be able to access all of the resources but only log on once. What should they use? A. Federal database for CIA B. Kerberos C. Diameter D. Federated database for SSO
Answer: D A federated database used for single sign-on (SSO) allows a user to log on once and access multiple resources. This is not called a federal database. Kerberos is an effective SSO system within a single organization but not between organizations. Diameter is a newer alternative to RADIUS used for centralized authentication.
149
149. What is the most common reaction to the loss of physical and infrastructure support? A. Deploying OS updates B. Vulnerability scanning C. Waiting for the event to expire D. Tightening of access controls
Answer: C In most cases, you must simply wait until the emergency or condition expires and things return to normal. If physical and infrastructure support is lost, such as after a catastrophe, regular activity (including deploying updates, performing scans, or tightening controls) is not possible.
150
150. Which events would generally require that the recertification of a system take place? (Choose all that apply.) A. An intrusion B. A change in configuration C. The end of the organization's fiscal year D. The passage of a specified amount of time since the last certification
Answer: B;D A system must be recertified whenever the configuration changes or a specified time has passed since the last certification.
151
151. Which of the following is not an example of a deterrent access control? A. Security policy B. Security camera C. Awareness training D. Antivirus software
Answer: D Antivirus software is not a deterrent access control, though it can be identified as a preventive, corrective, or recovery access control. Examples of deterrent access controls include security policies, cameras, awareness training, fences, locks, security badges, and guards.
152
152. The Clark-Wilson access control model was designed to protect what aspect of security? A. Confidentiality B. Integrity C. Accessibility D. Authentication
Answer: B The Clark-Wilson model is focused on maintaining the integrity of objects. Through the use of two principles—well-formed transactions and separation of duties—the Clark-Wilson model provides an effective means to protect integrity.
153
153. An entity such as an administrator or system integrator is provided access to special high-order functionality normally inaccessible to standard users. What are these entities called? A. Administrative life forms B. Privileged entities C. Powerful entities D. Administrative entities
Answer: B Privileged entities are those who are given special access to off-limits areas of the company's crucial IT infrastructure.
154
154. An employee recently accepted a job with another company and left after an amicable two-week notice. What should be done with the user's account on the last day of employment? A. No action is required B. Transfer it C. Disable it D. Delete it
Answer: C Accounts should be disabled when employees leave for any reason. Accounts are not transferred between companies. It should be deleted only after it has been determined that the account is no longer needed.
155
155. ____________________ is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements. The actual method of ____________________ may vary, but it generally involves an outside investigator or auditor. This auditor might be designated by a governing body or might be a consultant hired by the target organization. A. Third-party governance B. Risk assessment C. Security certification and accreditation D. Awareness training
Answer: A Third-party governance is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements. The actual method of third-party governance may vary, but it generally involves an outside investigator or auditor. This auditor might be designated by a governing body or might be a consultant hired by the target organization.
156
156. A ___________________ is the combination of hardware and software networking components into a single integrated entity. The resultant system allows for software control over all network functions, management, traffic shaping, address assignment, and so on. A single management console or interface can be used to oversee every aspect of the network, a task requiring physical presence at each hardware component in the past. A. Wireless network B. Virtualized network C. Private network D. VLAN network
Answer: B A virtualized network, or network virtualization, is the combination of hardware and software networking components into a single integrated entity. The resultant system allows for software control over all network functions, management, traffic shaping, address assignment, and so on. A single management console or interface can be used to oversee every aspect of the network, a task requiring physical presence at each hardware component in the past.
157
157. The Roscommon Rangers baseball team is concerned about the risk that a storm might result in the cancellation of a baseball game. There is a 30 percent chance that the storm will occur, and if it does, the team must refund all single-game tickets because the game cannot be rescheduled. Season ticket holders will not receive a refund and account for 20 percent of ticket sales. The ticket sales for the game are $1,500,000. What is the single loss expectancy in this scenario? A. $300,000 B. $1,050,000 C. $1,200,000 D. $1,500,000
Answer: C The single loss expectancy is calculated as the product of the exposure factor (80 percent) and the asset value ($1,500,000). In this example, the single loss expectancy is $1,200,000.
158
158. Alice would like to perform mutation fuzzing as part of her testing of new code moving into production. What tool would help her perform this fuzzing? A. nmap B. Metasploit C. Nessus D. Zzuf
Answer: D zzuf is a Linux tool that automates the process of mutation fuzzing.
159
159. Under what form of control are people and processes all included, managed, and controlled? A. Authoritative control B. Accessory control C. Authentic control D. Administrative control
Answer: D Administrative control takes into consideration the processes and people who operate within an organizational security policy.
160
160. When you are configuring a wireless extension to an intranet, once you've configured WPA-2 with 802.1x authentication, what additional security step could you implement in order to offer additional reliable security? A. Require a VPN B. Disable SSID broadcast C. Issue static IP addresses D. Use MAC filtering
Answer: A Requiring a VPN to access the private wired network in addition to WPA-2 and 802.1x is the only additional reliable security option.
161
161. The standard for study and control of electronic signals produced by various types of electronic hardware is known as _________. A. Eavesdropping B. TEMPEST C. SESAME D. Wiretapping
Answer: B TEMPEST is the standard that defines the study and control of electronic signals produced by various types of electronic hardware. Eavesdropping refers to using sniffing tools to capture and analyze data. SESAME is a ticket-based authentication system similar to Kerberos. Wiretapping commonly refers to monitoring phone calls.
162
162. Mechanisms that return or restore systems and processes to a normal operational state following an attack, fault, or error are what type of control? A. Reactive control B. Recovery control C. Responsive control D. Receptive control
Answer: B Recovery control indicates a direct form of control that returns systems and processes to a known good, normalized state following an intrusion, fault, or failure.
163
163. On manual review systems, failure recognition is whose primary responsibility? A. Tester or test-taker B. Client or representative C. Outsider or administrator D. Observer or auditor
Answer: D The observer or auditor of a manual review system is directly responsible for recognizing failure of that system.
164
164. Matthew is looking through web server logs and finds form input that looks like this: alan'; DELETE * FROM inventory WHERE 1 = 1; What type of attack has he likely discovered? A. XSS B. SQL Injection C. XSRF D. TOCTTOU
Answer: B The use of the single quotation mark is a telltale sign of a SQL injection attack.
165
165. Which of the following is true regarding vulnerability scanners? A. They actively scan for intrusion attempts. B. They serve as a form of enticement. C. They locate known security holes. D. They automatically reconfigure a system to a more secure state.
Answer: C Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports, which include recommendations.
166
166. _______________ is verification that each certificate in a certificate path is valid and legitimate. A. Enrollment B. Authorization C. Certificate path validation D. Spoofing
Answer: C Certificate path validation is verification that each certificate in a certificate path is valid and legitimate.
167
167. Which one of the following is not a basic requirement for the reference monitor? A. It must be tamperproof. B. The source code must be made public. C. It must always be invoked. D. It must be small enough for testing.
Answer: B There is no requirement that the reference monitor's source code be available to the public.
168
168. Which of the following could be considered PII (personally identifiable information)? A. Employer B. Phone number C. Items purchased at a store D. Favorite restaurant
Answer: B A phone number is the most PII-like information from this list. Any data point that directly or nearly directly points to an individual is PII. Any data point that itself does not point to an individual on its own is not PII. For example, the list of groceries you purchase is not PII unless that list also contains your name, credit card information, or account number.
169
169. What certificate revocation technique provides real-time certificate verification? A. Certificate revocation lists B. Revocation notification alerts C. Online Certificate Status Protocol D. Certificate Revocation System
Answer: C The Online Certificate Status Protocol (OCSP) eliminates the latency inherent in the use of certificate revocation lists by providing a means for real-time certificate verification.
170
170. Which of the following comes first? A. Accreditation B. Assurance C. Trust D. Certification
Answer: C Trust comes first. Trust is built into a system by crafting the components of security. Then assurance (in other words, reliability) is evaluated using certification and/or accreditation processes.
171
171. What stage of the SW-CMM model is characterized by formal, documented software development processes? A. Initial B. Repeatable C. Defined D. Managed
Answer: C The Defined stage of SW-CMM is characterized by the use of formal, documented software development processes.
172
172. Your company has developed a new process for processing steel. You wish to protect it as long as possible without disclosing any details of the invention. What type of intellectual property protection would be best? A. Patent B. Trademark C. Copyright D. Trade secret
Answer: D Trade secrets must be kept secret by the organization but have unlimited life. Patents would also apply to a manufacturing process, but they require public disclosure of the process and have limited duration.
173
173. Which of the following best describes an access control category that includes hiring and firing policies, data classifications and labels, and security awareness and training? A. Administrative access controls B. Technical access controls C. Logical access controls D. Physical access controls
Answer: A Administrative access controls are also referred to as management controls and include policies and procedures such as hiring and firing policies, data classifications and labels, and security awareness training. Technical and logical controls are synonymous and include hardware or software mechanisms used to manage access. Physical access controls are physical controls deployed to prevent direct contact with systems or areas within a facility.
174
174. Of the following, which provides some protection against tampering? A. Security token B. Capabilities list C. Security label D. Access matrix
Answer: C A security label is usually a permanent part of the object to which it is attached, thus providing some protection against tampering. The other options do not offer such protection.
175
175. What technique can be used to destroy all traces of data on a storage device in order to prevent the recovery of data remanence? A. Certification B. Authorization C. Sanitization D. Non-repudiation
Answer: C Sanitization (or wiping, purging, or zeroization) is a technique that can be used to destroy all traces of data on a storage device in order to prevent the recovery of data remanence.
176
176. NAT allows the use of private IP addresses for internal use while maintaining the ability to communicate with the Internet. Where are the private IP addresses defined? A. RFC 1492 B. RFC 1661 C. RFC 1918 D. RFC 3947
Answer: C NAT offers numerous benefits, including that you can use the private IP addresses defined in RFC 1918 in a private network and still be able to communicate with the Internet.
177
177. Which of the following is not a true statement in regard to DDoS attacks? A. Some DDoS attacks exploit software flaws that can be patched. B. Some DDoS attacks perform flooding for which there is no patch. C. Some DDoS attacks amplify or multiply traffic by using intermediary bound networks or by using widely distributed remote agents. D. All DDoS traffic can be traced back to the origin point and controlling hacker.
Answer: D Some DDoS traffic can be traced back to its origin, but that does not mean the origin is the hacker. DDoS attacks that use distributed remote agents or intermediary but innocent third-party networks do not provide an easy trace path back to the original controlling hacker.
178
178. What is the process of recording information about system activities and events and occurrence data? A. Accountability B. Sampling C. Clipping D. Auditing
Answer: D Auditing encompasses a wide variety of different activities, including the recording of event/occurrence data, examination of data, data reduction, the use of event/occurrence alarm triggers, and log file analysis.
179
179. Which of the following is not a segmentation of a network? A. Subnet B. VPN C. VLAN D. DMZ
Answer: B A VPN is not a network segmentation; it is a secured encapsulation tunnel. Subnets, VLANs, and a DMZ are examples of network segmentation.
180
180. An administrator wants to determine if a server is vulnerable to known attacks. Which of the following is the best tool to use for this? A. Vulnerability scanner B. Port scanner C. Sniffer D. Configuration tester
Answer: A A vulnerability scanner is the best tool of those listed to determine if a server is vulnerable to known attacks. A port scanner will identify open ports and a sniffer captures traffic, but neither will necessarily determine vulnerabilities. A configuration tester is an automated tool that checks system configuration but doesn't necessarily determine vulnerabilities.
181
181. You can return a magnetic storage device to its native "unused" state through what process? A. Sterilization B. Declassification C. Sanitation D. Degaussing
Answer: D Degaussing is the technique used to remove data from magnetic tapes with the goal of returning the tape to its original state. Hard disks that are degaussed can destroy the disk drive mechanics making the drive no longer functional but there are no guarantees that the data has actually been destroyed. The platters may be removed in a clean room from the damaged drive to a known working drive and the data could be accessed then.
182
182. What method ultimately results in the total physical destruction of storage media and includes incineration, crushing, and shredding? A. Destruction B. Declassification C. Purging D. Cleansing
Answer: A Destruction is the final stage in the life cycle of backup media. Destruction should occur after proper sanitization or as a means of sanitization.
183
183. What Biba property protects a subject from accessing an object at a lower integrity level? A. No read up B. No read down C. No write up D. No write down
Answer: B The Simple Integrity Property states that a subject cannot read an object of a lower integrity level (no read down).
184
184. Which of the following is the most difficult network segment to eavesdrop? A. WPA encrypted wireless B. Coax C. Fiber optic D. STP gigabit Ethernet
Answer: C Fiber is the most difficult network segment to eavesdrop because the act of doing so is always detectable.
185
185. Which of the following is not a security concern in relation to an organization's divestitures? A. Preventing data leakage B. Sanitization techniques C. Holding exit interviews D. Performing on-boarding
Answer: D An organization involved in divestiture has security concerns related to prevention of data leakage, using proper sanitization techniques, and holding exit interviews. Performing on-boarding is not usually related to divestiture but to acquisition.
186
186. Which of the following statements is false? A. Third-party governance is the system of oversight that may be mandated by law, regulation, industry standards, or licensing requirements. B. The actual method of third-party governance may vary but generally involves an outside investigator or auditor. C. Third-party governance focuses on verifying compliance with stated security objectives. D. Third-party governance auditors are always consultants hired by the target organization.
Answer: D Third-party governance auditors might be designated by a governing body or might be consultants hired by the target organization.
187
187. What type of mobile code was designed to have the least security risk or exposure to a system? A. CGI B. Java C. ActiveX D. JavaScript
Answer: B Security was of paramount concern during the design of the Java platform, and Sun's development team created the "sandbox" concept to place privilege restrictions on Java code. The sandbox isolates Java code objects from the rest of the operating system and enforces strict rules about the resources those objects can access.
188
188. Which of the following cryptographic attacks can be used when you have access to an encrypted message but no other information? A. Known plain-text attack B. Frequency analysis attack C. Chosen cipher-text attack D. Meet in the middle attack
Answer: B Frequency analysis may be used on encrypted messages. The other techniques listed require additional information, such as the plain text or the ability to choose the cipher text.
189
189. A team that knows substantial information about its target, including on-site hardware/software inventory and configuration details, is best described as what? A. Zero knowledge B. Infinite knowledge C. Absolute knowledge D. Partial knowledge
Answer: D Partial-knowledge teams possess a detailed account of organizational assets, including hardware and software inventory, prior to a penetration test.
190
190. Which of the following is not a goal of the change control process of configuration management? A. Implement changes in a monitored and orderly manner. B. Changes are cost effective. C. A formalized testing process is included to verify that a change produces expected results. D. All changes can be reversed.
Answer: B While most business decisions need to include cost analysis, the change control process of configuration management is not directly concerned with cost effectiveness.
191
191. Which of the following includes a record of system activity and can be used to detect security violations, software flaws, and performance problems? A. Change logs B. Security logs C. System logs D. Audit trail
Answer: D Audit trails provide a comprehensive record of system activity and can help detect a wide variety of security violations, software flaws, and performance problems. An audit trail includes a variety of logs, including change logs, security logs, and system logs, but any one of these individual logs can't detect all the issues mentioned in the question.
192
192. What security protocol has become the de facto standard used to provide secure e-commerce services? A. S/MIME B. TLS C. SET D. PGP
Answer: B TLS (Transport Layer Security), the revised replacement for SSL, has become the de facto standard used to provide secure e-commerce services. This is in spite of the attempts of several credit card companies to promote alternate options, such as Secure Electronic Transaction (SET).
193
193. What type of addressing is described by the following statements? The memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address (perhaps located on a different page). A. Indirect B. Direct C. Base+Offset D. Immediate
Answer: A Indirect addressing uses a scheme similar to direct addressing. However, the memory address supplied to the CPU as part of the instruction doesn't contain the actual value that the CPU is to use as an operand. Instead, the memory address contains another memory address (perhaps located on a different page).
194
194. Which of the following is an example of a Type 2 authentication factor? A. Something you have, such as a smart card, ATM card, token device, and memory card B. Something you are, such as fingerprints, voice print, retina pattern, iris pattern, face shape, palm topology, and hand geometry C. Something you do, such as typing a passphrase or signing your name D. Something you know, such as a password, personal identification number (PIN), lock combination, passphrase, mother's maiden name, and favorite color
Answer: A A Type 2 authentication factor is something you have, including a smart card, token device, or memory card. Type 3 authentication is something you are, and some behavioral biometrics include something you do. Type 1 authentication is something you know.
195
195. Which of the following could be considered the most secure? A. RAM B. PROM C. EEPROM D. ROM
Answer: D ROM is burned at the factory and then unchangeable. Thus, ROM is the most secure because it will always maintain its integrity.
196
196. Which form of risk assessment provides a result that is as easy to read and understand as a typical budget report? A. Qualitative B. Quantitative C. Quantum D. Reverse engineering
Answer: B Quantitative risk assessment produces a number-based result that is as easy to read and understand as a typical budget report.
197
197. Which of the following criminal acts is committed by a knowledgeable employee, or an insider? A. Sabotage B. Espionage C. Scavenging D. Dumpster diving
Answer: A Sabotage is a criminal act committed against an organization by a knowledgeable employee.
198
198. In what security mode must each user have access approval and valid need to know for all information processed by the system? A. Dedicated mode B. System high mode C. Compartmented mode D. Multilevel mode
Answer: C The scenario presented in the question describes the three characteristics of compartmented security mode.
199
199. Which of the following indicates a primary security issue related to single sign-on? A. It makes it more difficult to remember passwords. B. It risks maximum compromise if a password is discovered. C. It requires long passwords. D. It encourages excessive privileges.
Answer: B A drawback with single sign-on is that maximum unauthorized access is possible if an attacker discovers a password. Because users need to remember only one password, it makes it easier for users to remember passwords. Single sign-on does not dictate the length of passwords or encourage excessive privileges.
200
200. What process ensures that all necessary and required elements of a security solution are implemented as expected? A. Auditing B. Accounting C. Compliance checking D. Penetration testing
Answer: C Compliance checking ensures that all necessary elements of a security solution are properly deployed and functioning as expected.
201
201. VPNs are used to transport communications over an intermediary medium through the means of ______________, authentication, and encryption. A. Encapsulation B. Concatenation C. Depreciation D. Fuzzing
Answer: A VPNs are used to transport communications over an intermediary medium through the means of encapsulation (i.e., tunneling), authentication, and encryption.
202
202. Practicing the activities that maintain continued application of security protocol, policy, and procedure is also called what? A. Due notice B. Due diligence C. Due care D. Due date
Answer: B Due diligence is the action taken to apply, enforce, and perform responsibilities or rules as governed by organizational policy.
203
203. What is the first step of access control? A. Accountability logging B. ACL verification C. Subject authorization D. Subject identification
Answer: D Access controls govern subjects' access to objects and the first step in this process is identifying the subject. Accountability logging, verification of access control lists (ACLs), and authentication are not possible without a subject identity.
204
204. Alice wants to send a message to Bob using the RSA encryption algorithm. What key should she use to encrypt the message? A. Alice's public key B. Alice's private key C. Bob's public key D. Bob's private key
Answer: C If Alice wants to send a message to Bob, she should encrypt it using his public key.
205
205. If you are a government contractor, which of the following issues is of greatest concern if your IT solution includes IaaS outsourced from an international cloud service provider? A. PII privacy B. Regulation compliance C. Use of open source software D. Use of IS/ISO standard components
Answer: B Generally, regulation compliance is of greatest concern to governments, military, and government contractors when working with cloud services—especially those whose hosting infrastructure is not restricted to a single country.
206
206. You represent a United States company that wishes to seek safe harbor protection under the European Union Data Privacy Directive. Which one of the following is not one of the seven requirements you must meet for processing personal information? A. Data integrity B. Notice C. Onward Transfer D. Encryption
Answer: D The seven requirements are Notice, Choice, Onward Transfer, Access, Security, Data Integrity, and Enforcement.
207
207. Administrators often consider the relationship between assets, risk, vulnerability, and threat under what model? A. CIA Triad B. CIA Triplex C. Operations Security Tetrahedron D. Operations security triple
Answer: D The operations security triple is a conceptual security model that encompasses three concepts (assets, risk, and vulnerability) and their interdependent relationship within a structured, formalized organization.
208
208. The willful destruction of assets or elements within the IT infrastructure as a form of revenge or justification for perceived wrongdoing is known as _____. A. Espionage B. Entrapment C. Sabotage D. Permutation
Answer: C The willful destruction of assets or elements within the IT infrastructure as a form of revenge or justification for perceived wrongdoing is known as sabotage. Espionage is the gathering of information about a competitor or enemy. Entrapment occurs when someone is encouraged to do something illegal after they have indicated they will not do it. Permutation refers to rearranging or modifying something slightly.
209
209. The Brewer and Nash access model requires which of the following to operate properly? A. Properly identified subjects B. One or more datasets C. Class definitions related to conflict of interest for all datasets D. All of the above
Answer: D The Brewer and Nash model organizes datasets according to conflict-of-interest classes so that authorized users with access to any member of a conflict class will be denied access to other members of that class. Thus, all three specific ingredients mentioned—properly identified subjects, one or more datasets, and conflict class definitions for all datasets—are required for it to operate properly. This makes option D the best answer.
210
210. Which of the following wireless technologies supports multifactor authentication options? A. WEP B. TKIP C. CCMP D. WPA2
Answer: D Both WPA and WPA2 support the enterprise authentication known as 802.1x/EAP, a standard port-based network access control that ensures clients cannot communicate with a resource until proper authentication has taken place. Effectively, 802.1x is a hand-off system that allows the wireless network to leverage the existing network infrastructure's authentication services. Through the use of 802.1x, other techniques and solutions such as RADIUS, TACACS, certificates, smart cards, token devices, and biometrics can be integrated into wireless networks providing techniques for both mutual and multi-factor authentication.
211
211. What is sampling? A. The act of including elements of data in a larger body of data to construct a meaningful whole B. The act of extracting elements of data from a larger body of data to construct a meaningful whole C. The act of injecting elements of data into a larger body of data to construct a meaningful whole D. The act of exporting elements of data from a larger body of data to construct a meaningful whole
Answer: B Sampling is a form of data reduction, where elements are extracted from a larger body of information to construct a meaningful whole.
212
212. What term is used to describe the onboard memory that a CPU uses to store values on which it is operating? A. Cache B. Register C. Pipeline D. Assembly
Answer: B Registers are onboard memory locations that can be accessed by the CPU in an extremely short period of time.
213
213. Intrusion detection systems (IDSs) are capable of detecting which types of abnormal or unauthorized activities? (Choose all that apply.) A. External connection attempts B. Execution of malicious code C. Unauthorized access attempts to controlled objects D. Inappropriate use of privileges
Answer: A;B;C IDSs can detect attacks from external connection attempts, execution of malicious code, and unauthorized access attempts to controlled objects. An IDS cannot detect inappropriate use of privileges such as a malicious insider abusing their privileges.
214
214. How might you prepare a storage medium of classified material to prevent laboratory attacks? A. Degaussing B. Clearing C. Erasing D. Purging
Answer: D Purging is erasing the data so the media is not vulnerable to data remnant recovery attacks, including those classified as laboratory level.
215
215. All of the following are implications of multilayer protocols except which one? A. VLAN hopping B. Multiple encapsulation C. Filter evasion using tunneling D. Static IP addressing
Answer: D Static IP addressing is not an implication of multilayer protocols.
216
216. What is the term used to refer to the formal assignment of responsibility to an individual or group? A. Governance B. Ownership C. Take grant D. Separation of duties
Answer: B Ownership is the formal assignment of responsibility to an individual or group.
217
217. What forms of monitoring take into account the nature and flow of packets rather than the content? A. Trend analysis B. Sampling C. Clipping D. Intrusion detection
Answer: A Traffic analysis and trend analysis are forms of monitoring that examine the flow of packets rather than the actual content.
218
218. Which of the following forms of authentication provides the strongest security? A. Password and a PIN B. One-time password C. Passphrase and a smart card D. Fingerprint
Answer: C Among these options, passphrase and a smart card provide the strongest authentication security because they deliver two-factor authentication. A password and a PIN are both in the same factor. Despite the security offered by one-time passwords, a two-factor authenticator is stronger.
219
219. What technical security mechanism restricts sensitive functions to the core of a process? A. Layering B. Abstraction C. Data hiding D. Process isolation
Answer: A Layering of processes implements a structure similar to the ring model used for operating modes.
220
220. The process of extracting smaller elements from a much larger body of information to construct a meaningful summary of the whole is known as what? A. Auditing B. Sampling C. Clipping D. Accounting
Answer: B Sampling is a form of data reduction that allows an auditor to quickly determine the important issues or events from an audit trail.
221
221. Which one of the three models discussed in this book is best suited to address the confidentiality issues of military systems? A. Bell-LaPadula model B. Biba model C. Clark-Wilson model D. IPSec
Answer: A The Bell-LaPadula model addresses only the confidentiality of data and works well for military applications. This model is based on the state machine model and employs mandatory access controls and the lattice model.
222
222. What verifies a claimed identity? A. Identification B. Authentication C. Authorization D. Accountability
Answer: B Authentication is the process of verifying or testing the validity of a claimed identity. Identification is the claimed identity. Authorization grants access to resources to the proven identity, and accountability tracks access to resources.
223
223. Which one of the following is not a part of documenting the business continuity plan? A. Documentation of policies for continuity B. Historical record C. Job creation D. Identification of flaws
Answer: C BCP documentation can be an arduous task, but it should not require the creation of a new position.
224
224. Stationary and removable media storage volumes all carry an expected life span rating from the manufacturer. What property might you examine to realize this life expectancy rating? A. Mean time between errors B. Spindle speed C. Mean time between failures D. Life expectancy rating
Answer: C The mean time between failures (MTBF) rating on storage drives specifies the expected life span (or average failure rate for any drive in a given batch) for a given medium.
225
225. What type of connection needs a modem in order to support digital computer communications over an otherwise analog link? A. VoIP B. ISDN C. POTS D. Wireless
Answer: C POTS (plain old telephone system) or PSTN (public switched telephone network) requires the use of a modem to support digital computer communications over an otherwise analog link.
226
226. Which of the following will identify potential attack sources? A. Asset valuation B. Threat modeling C. Vulnerability analysis D. Advanced persistent threat
Answer: B Threat modeling is the process of identifying, understanding, and categorizing potential threats, including threats from attack sources. Asset valuation identifies the value of assets. Vulnerability analysis identifies weaknesses. An advanced persistent threat is a form of attack, often sponsored by a government.
227
227. What is the main purpose for process confinement? A. To prevent a process from executing a privileged command B. To prevent a process from writing to an unauthorized memory location C. To allow a process to execute a privileged command D. To allow a process to write into another process's memory location
Answer: B Process isolation prevents a process from reading or writing to an unauthorized memory location. This concept ensures that any behavior will affect only the memory and resources associated with the process.
228
228. Which of the following is not a form of spoofed traffic filtering? A. Block inbound packets whose source address is an internal address B. Block outbound packets whose source address is an external address C. Block outbound packets whose source address is an unassigned internal address D. Block inbound packets whose source address is on a block/black list
Answer: D Using a block list or black list is a valid form of security filtering; it is just not a form of spoofing filtering.
229
229. What form of analysis selectively views error events that cross a specified threshold? A. Sampling B. Clipping C. Averaging D. Meaning
Answer: B Clipping is a subset of sampling, which is a process of extracting data from a large body of information but with a specified cut-off point or threshold.
230
230. What type of processing enables a system to operate at more than one classification level simultaneously? A. Multiprocessing B. Single state C. Multistate D. Multithreading
Answer: C Multistate processing systems are certified to handle multiple security levels simultaneously by using specialized security mechanisms.
231
231. What type of intellectual property protection applies to the text of this book? A. Trademark B. Trade secret C. Patent D. Copyright
Answer: D Copyright law protects the rights of creators of original works of authorship, including books.
232
232. What is the maximum hash length created by the SHA-2 algorithms? A. 256 bits B. 512 bits C. 1,024 bits D. 2,048 bits
Answer: B The SHA-2 algorithms support the creation of message digests up to 512 bits long.
233
233. Among the following concepts, which element is not essential for an audit report? A. Audit purpose B. Audit scope C. Audit results D. Audit overview
Answer: D Audit overview is not essential for an audit report; the purpose, scope and results of an audit are the three primary (and necessary) elements.
234
234. Which of the following activities is not considered a valid form of penetration testing? A. Denial-of-service attacks B. Port scanning C. Distribution of malicious code D. Packet sniffing
Answer: C Distribution of malicious code will almost always result in damage or loss of assets and is not used in a penetration test. However, denial-of-service attacks, port scanning, and packet sniffing may all be included in a penetration test.
235
235. What sort of criminal act is committed when an attacker is able to intercept more than just network traffic? A. Sniffing B. Eavesdropping C. Snooping D. War dialing
Answer: B Eavesdropping is the ability to intercept network and telephony communications along with physical and electronic documents and even personal conversations.
236
236. What is the purpose of a DMZ? A. To host resources accessed by outside visitors but that are still isolated from the private network B. To encapsulate plain-text protocols with a layer of encryption C. To support the use of audio communications over an IP network D. To enable portable clients to make network links over radio waves
Answer: A A DMZ is used to host resources accessed by outside visitors but that are still isolated from the private network. A VPN is used to encapsulate plain-text protocols with a layer of encryption. VoIP is used to support the use of audio communications over an IP network. A WAP is used to enable portable clients to make network links over radio waves.
237
237. You are assessing an encryption algorithm that uses an 8-bit key. How many possible key values exist in this approach? A. 8 B. 64 C. 128 D. 256
Answer: D You can determine the number of possible keys by raising 2 to the power of the length of the key (in bits). In this case, 28=256.
238
238. What technique is commonly used by child pornographers to hide illegal images within innocent ones? A. Email encryption B. Steganography C. Nonrepudation D. Brute force
Answer: B Steganography allows hiding data within an image. Child pornographers often use it to hide illegal images within innocent ones.
239
239. What type of interface testing would identify flaws in a program's ability to interact with other programs via web services? A. Application programming interface testing B. User interface testing C. Physical interface testing D. Security interface testing
Answer: A Application programming interfaces (APIs) provide standard mechanisms for web services to interact with each other.
240
240. Why should access to pentest reports be controlled and restricted? A. They contain copies of confidential data stored on the network. B. They contain information about the vulnerabilities of the system. C. They are useful only to upper management. D. They include the details about the configuration of security controls.
Answer: B Pentest reports should be secured because they contain information about the vulnerabilities of the system and disclosure of such vulnerabilities to the wrong person could lead to security breaches. They would not normally contain confidential data from the network. They are useful to both upper management and security professionals. They would not normally include details about security control configuration.
241
241. What type of planning or security management should include acquisitions, divestitures, and oversight committees? A. Disaster recovery planning B. Security governance C. Standards and baselines D. Trusted recovery planning
Answer: B Security governance should include acquisitions, divestitures, and oversight committees.
242
242. Which one of the following is not an example of a code repository? A. Bitbucket B. GitHub C. Source Forge D. AWS
Answer: D AWS is an Infrastructure-as-a-Service provider, not a code repository.
243
243. What are the only procedures that are allowed to modify a constrained data item (CDI) in the Clark-Wilson model? A. Transformation procedures (TPs) B. Integrity verification procedure (IVP) C. Independent modification algorithm (IMA) D. Dependent modification algorithm (DMA)
Answer: A Transformation procedures (TPs) are the only procedures that are allowed to modify a CDI. The limited access to CDIs through TPs forms the backbone of the Clark-Wilson integrity model.
244
244. Which one of the following types of memory can never be written to by the end user? A. ROM B. PROM C. EPROM D. EEPROM
Answer: A Read-only memory (ROM) can be written to only one time at the factory. Users cannot modify the contents.
245
245. Searching through the refuse, remains, or leftovers from an organization or operation to discover or infer confidential information is known as ______. A. Social engineering B. Dumpster diving C. Impersonation D. Inference
Answer: B Dumpster diving is the act of searching through the refuse, remains, or leftovers from an organization or operation to discover or infer confidential information. Social engineering uses different methods to trick employees or users into giving up information, and impersonation is a social engineering tactic. Inference is a technique used to gain information from a database without having full access to the database.
246
246. What kind of attack renders the Double DES encryption algorithm no more secure than traditional DES? A. Meet in the middle B. Man in the middle C. Birthday D. Chosen cipher text
Answer: A The meet in the middle attack specifically targets encryption algorithms that use two rounds of encryption, such as Double DES.
247
247. What type of memory chip can be erased through the modulation of an electric current? A. ROM B. PROM C. EPROM D. EEPROM
Answer: D Electronically erasable programmable read-only memory (EEPROM) chips can be erased by modulating an electric current applied to the chip.
248
248. Which of the following access control techniques uses labels to identify subjects and objects? A. Discretionary access control B. Nondiscretionary access control C. Role-based access control D. Mandatory access control
Answer: D Mandatory access control uses labels to identify subjects and objects and grants access based on matching labels. Discretionary access control requires all objects to have an owner. Nondiscretionary access control provides centralized access controlled by an administrator. Role-based access control provides access based on membership within a role.
249
249. What common vulnerability has no direct countermeasure and little safeguards or validators? A. Theft B. Fraud C. Omission D. Collusion
Answer: C Both omissions and errors are difficult aspects to protect against, particularly as they deal with human and circumstantial origins.
250
250. What is the biggest risk associated with web or mobile applets? A. Having an execution-limiting sandbox B. Lower performance rates from servers C. Consumption of free memory space D. Executing code from external sources
Answer: D The biggest risk associated with web or mobile applets is executing code from external sources. The risk is running malicious or unstable code from an outside source, even if that code is signed.
251
251. An attempt to dupe personnel into performing some unauthorized activity on their behalf or reveal sensitive information to an unauthorized party is known as what? A. Social engineering B. Reverse engineering C. Eavesdropping D. Sniffing
Answer: A Social engineering is a deceptive act meant to trick personnel into revealing sensitive information or performing some unauthorized act on their behalf.
SP7 - P/E
flashcards
Decks in class (4)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions