EMT Practice Test

1. Question Content...


Question List

Question1: You are the Network Administrator for a college. You watch a large number of people (some not even students) going in and out of areas with campus computers (libraries, computer labs, etc.). You have had a problem with laptops being stolen. What is the most cost effective method to prevent this?

Question2: Which of the following statutes is enacted in the U.S., which prohibits creditors from collecting data from applicants, such as national origin, caste, religion etc?

Question3: Ned is the program manager for his organization and he's considering some new materials for his program. He and his team have never worked with these materials before and he wants to ask the vendor for some additional information, a demon, and even some samples. What type of a document should Ned send to the vendor?

Question4: SIMULATION
Fill in the blank with an appropriate phrase.______________ is used to provide security mechanisms for the storage, processing, and transfer of data.

Question5: Which of the following statements is related with the first law of OPSEC?

Question6: Which of the following are the process steps of OPSEC? Each correct answer represents a part of the solution. Choose all that apply.

Question7: Which of the following protocols is used with a tunneling protocol to provide security?

Question8: Which of the following sections come under the ISO/IEC 27002 standard?

Question9: Which of the following roles is responsible for review and risk analysis of all contracts on a regular basis?

Question10: SIMULATION
Fill in the blank with an appropriate phrase.________ An is an intensive application of the OPSEC process to an existing operation or activity by a multidiscipline team of experts.

Question11: Which of the following statements reflect the 'Code of Ethics Canons' in the '(ISC)2 Code of Ethics'? Each correct answer represents a complete solution. Choose all that apply.

Question12: You are documenting your organization's change control procedures for project management. What portion of the change control process oversees features and functions of the product scope?

Question13: Change Management is used to ensure that standardized methods and procedures are used for efficient handling of all changes. Who decides the category of a change?

Question14: Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Question15: Which of the following statements are true about a hot site? Each correct answer represents a complete solution. Choose all that apply.

Question16: Which of the following security models deal only with integrity? Each correct answer represents a complete solution. Choose two.

Question17: What course of action can be taken by a party if the current negotiations fail and an agreement cannot be reached?

Question18: Which of the following penetration testing phases involves reconnaissance or data gathering?

Question19: Which of the following security models focuses on data confidentiality and controlled access to classified information?

Question20: Which of the following are examples of physical controls used to prevent unauthorized access to sensitive materials?

Question21: Management has asked you to perform a risk audit and report back on the results. Bonny, a project team member asks you what a risk audit is. What do you tell Bonny?

Question22: An organization monitors the hard disks of its employees' computers from time to time. Which policy does this pertain to?

Question23: The incident response team has turned the evidence over to the forensic team. Now, it is the time to begin looking for the ways to improve the incident response process for next time. What are the typical areas for improvement? Each correct answer represents a complete solution. Choose all that apply.

Question24: What is a stakeholder analysis chart?

Question25: Which of the following fields of management focuses on establishing and maintaining consistency of a system's or product's performance and its functional and physical attributes with its requirements, design, and operational information throughout its life?

Question26: Your project has several risks that may cause serious financial impact should they happen. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like for you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

Question27: You work as a Web Administrator for Perfect World Inc. The company is planning to host an E-commerce Web site. You are required to design a security plan for it. Client computers with different operating systems will access the Web server. How will you configure the Web server so that it is secure and only authenticated users are able to access it? Each correct answer represents a part of the solution. Choose two.

Question28: Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

Question29: Which of the following acts is a specialized privacy bill that affects any educational institution to accept any form of funding from the federal government?

Question30: Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.

Question31: In which of the following alternative processing sites is the backup facility maintained in a constant order, with a full complement of servers, workstations, and communication links ready to assume the primary operations responsibility?

Question32: James works as a security manager for SoftTech Inc. He has been working on the continuous process improvement and on the ordinal scale for measuring the maturity of the organization involved in the software processes. According to James, which of the following maturity levels of software CMM focuses on the continuous process improvement?

Question33: Which of the following options is an approach to restricting system access to authorized users?

Question34: Which of the following are the ways of sending secure e-mail messages over the Internet? Each correct answer represents a complete solution. Choose two.

Question35: Which of the following evidences are the collection of facts that, when considered together, can be used to infer a conclusion about the malicious activity/person?

Question36: Which of the following involves changing data prior to or during input to a computer in an effort to commit fraud?

Question37: A Web-based credit card company had collected financial and personal details of Mark before issuing him a credit card. The company has now provided Mark's financial and personal details to another company.
Which of the following Internet laws has the credit card issuing company violated?

Question38: Which of the following is a set of exclusive rights granted by a state to an inventor or his assignee for a fixed period of time in exchange for the disclosure of an invention?

Question39: Mark works as a security manager for SofTech Inc. He is working in a partially equipped office space which contains some of the system hardware, software, telecommunications, and power sources. In which of the following types of office sites is he working?

Question40: Which of the following methods for identifying appropriate BIA interviewees' includes examining the organizational chart of the enterprise to understand the functional positions?

Question41: Which of the following is the correct order of digital investigations Standard Operating Procedure (SOP)?

Question42: Which of the following plans is documented and organized for emergency response, backup operations, and recovery maintained by an activity as part of its security program that will ensure the availability of critical resources and facilitates the continuity of operations in an emergency situation?

Question43: Shoulder surfing is a type of in-person attack in which the attacker gathers information about the premises of an organization. This attack is often performed by looking surreptitiously at the keyboard of an employee's computer while he is typing in his password at any access point such as a terminal/Web site.
Which of the following is violated in a shoulder surfing attack?

Question44: Which of the following authentication protocols provides support for a wide range of authentication methods, such as smart cards and certificates?

Question45: Which of the following issues are addressed by the change control phase in the maintenance phase of the life cycle models? Each correct answer represents a complete solution. Choose all that apply.

Question46: Which of the following access control models are used in the commercial sector? Each correct answer represents a complete solution. Choose two.

Question47: Which of the following methods can be helpful to eliminate social engineering threat? Each correct answer represents a complete solution. Choose three.

Question48: Which of the following governance bodies provides management, operational and technical controls to satisfy security requirements?

Question49: Which of the following is a documentation of guidelines that are used to create archival copies of important data?

Question50: SIMULATION
Fill in the blank with an appropriate word. _________ are used in information security to formalize security policies.

Question51: Software Development Life Cycle (SDLC) is a logical process used by programmers to develop software.
Which of the following SDLC phases meets the audit objectives defined below: System and data are validated. System meets all user requirements. System meets all control requirements.

Question52: Which of the following types of cyber stalking damage the reputation of their victim and turn other people against them by setting up their own Websites, blogs or user pages for this purpose?

Question53: You are the project manager of the HJK Project for your organization. You and the project team have created risk responses for many of the risk events in the project. Where should you document the proposed responses and the current status of all identified risks?

Question54: Joseph works as a Software Developer for Web Tech Inc. He wants to protect the algorithms and the techniques of programming that he uses in developing an application. Which of the following laws are used to protect a part of software?

Question55: Which of the following representatives of incident response team takes forensic backups of the systems that are the focus of the incident?

Question56: Eric is the project manager of the NQQ Project and has hired the ZAS Corporation to complete part of the project work for Eric's organization. Due to a change request the ZAS Corporation is no longer needed on the project even though they have completed nearly all of the project work. Is Eric's organization liable to pay the ZAS Corporation for the work they have completed so far on the project?

Question57: Which of the following recovery plans includes specific strategies and actions to deal with specific variances to assumptions resulting in a particular security problem, emergency, or state of affairs?

Question58: Which of the following processes is described in the statement below? "It is the process of implementing risk response plans, tracking identified risks, monitoring residual risk, identifying new risks, and evaluating risk process effectiveness throughout the project."

Question59: Which of the following protocols are used to provide secure communication between a client and a server over the Internet? Each correct answer represents a part of the solution. Choose two.

Question60: Which of the following terms related to risk management represents the estimated frequency at which a threat is expected to occur?

Question61: You work as a Product manager for Marioiss Inc. You have been tasked to start a project for securing the network of your company. You want to employ configuration management to efficiently manage the procedures of the project. What will be the benefits of employing configuration management for completing this project? Each correct answer represents a complete solution. Choose all that apply.

Question62: Your project team has identified a project risk that must be responded to. The risk has been recorded in the risk register and the project team has been discussing potential risk responses for the risk event. The event is not likely to happen for several months but the probability of the event is high. Which one of the following is a valid response to the identified risk event?

Question63: You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. Which of the following ideas will you consider the best when conducting a security awareness campaign?

Question64: Part of your change management plan details what should happen in the change control system for your project. Theresa, a junior project manager, asks what the configuration management activities are for scope changes. You tell her that all of the following are valid configuration management activities except for which one?

Question65: Which of the following roles is used to ensure that the confidentiality, integrity, and availability of the services are maintained to the levels approved on the Service Level Agreement (SLA)?

Question66: Which of the following enables an inventor to legally enforce his right to exclude others from using his invention?

Question67: Which of the following is a process that identifies critical information to determine if friendly actions can be observed by adversary intelligence systems?

Question68: Which of the following laws enacted in United States makes it illegal for an Internet Service Provider (ISP) to allow child pornography to exist on Web sites?

Question69: NIST Special Publication 800-50 is a security awareness program. It is designed for those people who are currently working in the information technology field and want information on security policies. Which of the following are some of its critical steps? Each correct answer represents a complete solution. Choose two.

Question70: You work as a Network Administrator for ABC Inc. The company uses a secure wireless network. John complains to you that his computer is not working properly. What type of security audit do you need to conduct to resolve the problem?

Question71: Which of the following statements about Due Care policy is true?

Question72: Which of the following Acts enacted in United States allows the FBI to issue National Security Letters (NSLs) to Internet service providers (ISPs) ordering them to disclose records about their customers?

Question73: John works as a security manager for Soft Tech Inc. He is working with his team on the disaster recovery management plan. One of his team members has a doubt related to the most cost effective DRP testing plan. According to you, which of the following disaster recovery testing plans is the most cost-effective and efficient way to identify areas of overlap in the plan before conducting more demanding training exercises?

Question74: Which of the following can be done over telephone lines, e-mail, instant messaging, and any other method of communication considered private.

Question75: Which of the following statements reflect the 'Code of Ethics Preamble' in the '(ISC)2 Code of Ethics'?
Each correct answer represents a complete solution. Choose all that apply.

Question76: How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?

Question77: The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes. Which of the following are Change Management terminologies? Each correct answer represents a part of the solution. Choose three.

Question78: Which of the following persons is responsible for testing and verifying whether the security policy is properly implemented, and the derived security solutions are adequate or not?

Question79: Which of the following response teams aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large?

Question80: Which of the following is the default port for Secure Shell (SSH)?

Question81: Which of the following is the default port for Simple Network Management Protocol (SNMP)?

Question82: Which of the following divisions of the Trusted Computer System Evaluation Criteria (TCSEC) is based on the Mandatory Access Control (MAC) policy?

Question83: Which of the following subphases are defined in the maintenance phase of the life cycle models?

Question84: Which of the following plans provides procedures for recovering business operations immediately following a disaster?

Question85: Which of the following sites are similar to the hot site facilities, with the exception that they are completely dedicated, self-developed recovery facilities?

Question86: You are a project manager of a large construction project. Within the project you are working with several vendors to complete different phases of the construction. Your client has asked that you arrange for some of the materials a vendor is to install next week in the project to be changed. According to the change management plan what subsystem will need to manage this change request?

Question87: Your company is covered under a liability insurance policy, which provides various liability coverage for information security risks, including any physical damage of assets, hacking attacks, etc. Which of the following risk management techniques is your company using?

Question88: Which of the following administrative policy controls is usually associated with government classifications of materials and the clearances of individuals to access those materials?

Question89: You work as a project manager for SoftTech Inc. A threat with a dollar value of $150,000 is expected to happen in your project and the frequency of threat occurrence per year is 0.001. What will be the annualized loss expectancy in your project?

Question90: You are the Network Administrator for a software company. Due to the nature of your company's business, you have a significant number of highly computer savvy users. However, you have still decided to limit each user access to only those resources required for their job, rather than give wider access to the technical users (such as tech support and software engineering personnel). What is this an example of?

Question91: Which of the following contract types is described in the statement below? "This contract type provides no incentive for the contractor to control costs and hence is rarely utilized."

Question92: Which of the following is a name, symbol, or slogan with which a product is identified?

Question93: Which of the following SDLC phases consists of the given security controls. Misuse Case Modeling Security Design and Architecture Review Threat and Risk Modeling Security Requirements and Test Cases Generation

Question94: Which of the following types of agreement creates a confidential relationship between the parties to protect any type of confidential and proprietary information or a trade secret?

Question95: In which of the following mechanisms does an authority, within limitations, specify what objects can be accessed by a subject?

Question96: You work as a Senior Marketing Manger for Umbrella Inc. You find out that some of the software applications on the systems were malfunctioning and also you were not able to access your remote desktop session. You suspected that some malicious attack was performed on the network of the company. You immediately called the incident response team to handle the situation who enquired the Network Administrator to acquire all relevant information regarding the malfunctioning. The Network Administrator informed the incident response team that he was reviewing the security of the network which caused all these problems. Incident response team announced that this was a controlled event not an incident. Which of the following steps of an incident handling process was performed by the incident response team?

Question97: You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?

Question98: SIMULATION
Fill in the blank with an appropriate phrase. _______is a branch of forensic science pertaining to legal evidence found in computers and digital storage media.

Question99: Which of the following can be prevented by an organization using job rotation and separation of duties policies?

Question100: Which of the following 'Code of Ethics Canons' of the '(ISC)2 Code of Ethics' states to act honorably, honestly, justly, responsibly and legally?

Question101: Which of the following is used to back up forensic evidences or data folders from the network or locally attached hard disk drives?

Question102: Which of the following is the best method to stop vulnerability attacks on a Web server?

Question103: Which of the following BCP teams is the first responder and deals with the immediate effects of the disaster?

Question104: Which of the following backup sites takes the longest recovery time?

Question105: Which of the following are the common roles with regard to data in an information classification program?
Each correct answer represents a complete solution. Choose all that apply.

Question106: You are the program manager for your project. You are working with the project managers regarding the procurement processes for their projects. You have ruled out one particular contract type because it is considered too risky for the program. Which one of the following contract types is usually considered to be the most dangerous for the buyer?

Question107: Which of the following processes provides a standard set of activities, general tasks, and a management structure to certify and accredit systems, which maintain the information assurance and the security posture of a system or site?

Question108: Which of the following refers to an information security document that is used in the United States Department of Defense (DoD) to describe and accredit networks and systems?

Question109: Which of the following signatures watches for the connection attempts to well-known, frequently attacked ports?

Question110: Which of the following statements is true about auditing?

Question111: What are the purposes of audit records on an information system? Each correct answer represents a complete solution. Choose two.

Question112: Configuration Management (CM) is an Information Technology Infrastructure Library (ITIL) IT Service Management (ITSM) process. Configuration Management is used for which of the following? 1.To account for all IT assets 2.To provide precise information support to other ITIL disciplines 3.To provide a solid base only for Incident and Problem Management 4.To verify configuration records and correct any exceptions

Question113: Which of the following attacks can be mitigated by providing proper training to the employees in an organization?

Question114: Which of the following are the responsibilities of a custodian with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

Question115: Tomas is the project manager of the QWS Project and is worried that the project stakeholders will want to change the project scope frequently. His fear is based on the many open issues in the project and how the resolution of the issues may lead to additional project changes. On what document are Tomas and the stakeholders working in this scenario?

Question116: Which of the following documents is described in the statement below? "It is developed along with all processes of the risk management. It contains the results of the qualitative risk analysis, quantitative risk analysis, and risk response planning."

Question117: Against which of the following does SSH provide protection? Each correct answer represents a complete solution. Choose two.

Question118: Which of the following plans is designed to protect critical business processes from natural or man-made failures or disasters and the resultant loss of capital due to the unavailability of normal business processes?

Question119: Which of the following is a process of monitoring data packets that travel across a network?

Question120: You are the project manager for TTX project. You have to procure some electronics gadgets for the project. A relative of yours is in the retail business of those gadgets. He approaches you for your favor to get the order. This is the situation of ____.

Question121: You are responsible for network and information security at a metropolitan police station. The most important concern is that unauthorized parties are not able to access data. What is this called?

Question122: Which of the following statements are true about security risks? Each correct answer represents a complete solution. Choose three.

Question123: You are the project manager of the GHE Project. You have identified the following risks with the characteristics as shown in the following figure:

How much capital should the project set aside for the risk contingency reserve?

Question124: You are the project manager of the NGQQ Project for your company. To help you communicate project status to your stakeholders, you are going to create a stakeholder register. All of the following information should be included in the stakeholder register except for which one?

Question125: Which of the following deals is a binding agreement between two or more persons that is enforceable by law?

Question126: Which of the following statements best describes the consequences of the disaster recovery plan test?

Question127: Which of the following steps are generally followed in computer forensic examinations? Each correct answer represents a complete solution. Choose three.

Question128: Which of the following security controls will you use for the deployment phase of the SDLC to build secure software? Each correct answer represents a complete solution. Choose all that apply.

Question129: Which of the following concepts represent the three fundamental principles of information security? Each correct answer represents a complete solution. Choose three.

Question130: SIMULATION
Fill in the blank with an appropriate phrase.________ models address specifications, requirements, and design, verification and validation, and maintenance activities.

Question131: Which of the following policies helps reduce the potential damage from the actions of one person?

Question132: You work as the project manager for Bluewell Inc. You are working on NGQQ Project for your company.
You have completed the risk analysis processes for the risk events. You and the project team have created risk responses for most of the identified project risks. Which of the following risk response planning techniques will you use to shift the impact of a threat to a third party, together with the responses?

Question133: You are advising a school district on disaster recovery plans. In case a disaster affects the main IT centers for the district they will need to be able to work from an alternate location. However, budget is an issue.
Which of the following is most appropriate for this client?

Question134: Mark works as a security manager for SoftTech Inc. He is performing a security awareness program. To be successful in performing the awareness program, he should take into account the needs and current levels of training and understanding of the employees and audience. There are five key ways, which Mark should keep in mind while performing this activity. Current level of computer usage What the audience really wants to learn How receptive the audience is to the security program How to gain acceptance Who might be a possible ally Which of the following activities is performed in this security awareness process?

Question135: You are an Incident manager in Orangesect.Inc. You have been tasked to set up a new extension of your enterprise. The networking, to be done in the new extension, requires different types of cables and an appropriate policy that will be decided by you. Which of the following stages in the Incident handling process involves your decision making?

Question136: Which of the following processes is a structured approach to transitioning individuals, teams, and organizations from a current state to a desired future state?

Question137: What component of the change management system is responsible for evaluating, testing, and documenting changes created to the project scope?

Question138: You have created a team of HR Managers and Project Managers for Blue Well Inc. The team will concentrate on hiring some new employees for the company and improving the organization's overall security by turning employees among numerous job positions. Which of the following steps will you perform to accomplish the task?

Question139: Rachael is the project manager for a large project in her organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do. What can Rachael do in this instance?

Question140: Which of the following laws or acts, formed in Australia, enforces prohibition against cyber stalking?

Question141: John is a black hat hacker. FBI arrested him while performing some email scams. Under which of the following US laws will john be charged?

Question142: Rick is the project manager for TTM project. He is in the process of procuring services from vendors. He makes a contract with a vendor in which he precisely specify the services to be procured, and any changes to the procurement specification will increase the costs to the buyer. Which type of contract is this?

Question143: Which of the following is NOT a valid maturity level of the Software Capability Maturity Model (CMM)?

Question144: Sarah has created a site on which she publishes a copyrighted material. She is ignorant that she is infringing copyright. Is she guilty under copyright laws?

Question145: A contract cannot have provisions for which one of the following?

Question146: Which of the following terms describes a repudiation of a contract that occurs before the time when performance is due?

Question147: Which of the following liabilities is a third-party liability in which an individual may be responsible for an action by another party?

Question148: You work as the Senior Project manager in Dotcoiss Inc. Your company has started a software project using configuration management and has completed 70% of it. You need to ensure that the network infrastructure devices and networking standards used in this project are installed in accordance with the requirements of its detailed project design documentation. Which of the following procedures will you employ to accomplish the task?

Question149: Which of the following statements about system hardening are true? Each correct answer represents a complete solution. Choose two.

Question150: Which of the following types of activities can be audited for security? Each correct answer represents a complete solution. Choose three.

Question151: Which of the following BCP teams handles financial arrangement, public relations, and media inquiries in the time of disaster recovery?

Question152: Which of the following Acts enacted in United States amends Civil Rights Act of 1964, providing technical changes affecting the length of time allowed to challenge unlawful seniority provisions, to sue the federal government for discrimination and to bring age discrimination claims?

Question153: Which of the following laws is defined as the Law of Nations or the legal norms that has developed through the customary exchanges between states over time, whether based on diplomacy or aggression?

Question154: Which of the following laws is the first to implement penalties for the creator of viruses, worms, and other types of malicious code that causes harm to the computer systems?

Question155: Which of the following processes is used by remote users to make a secure connection to internal resources after establishing an Internet connection?

Question156: Which of the following anti-child pornography organizations helps local communities to create programs and develop strategies to investigate child exploitation?

Question157: You are the project manager of the HJK project for your organization. You and the project team have created risk responses for many of the risk events in the project. A teaming agreement is an example of what risk response?

Question158: You work as a security manager for SoftTech Inc. You along with your team are doing the disaster recovery for your project. Which of the following steps are performed by you for secure recovery based on the extent of the disaster and the organization's recovery ability? Each correct answer represents a part of the solution. Choose three.

Question159: Walter is the project manager of a large construction project. He'll be working with several vendors on the project. Vendors will be providing materials and labor for several parts of the project. Some of the works in the project are very dangerous so Walter has implemented safety requirements for all of the vendors and his own project team. Stakeholders for the project have added new requirements, which have caused new risks in the project. A vendor has identified a new risk that could affect the project if it comes into fruition.
Walter agrees with the vendor and has updated the risk register and created potential risk responses to mitigate the risk. What should Walter also update in this scenario considering the risk event?

Question160: Which of the following are examples of administrative controls that involve all levels of employees within an organization and determine which users have access to what resources and information? Each correct answer represents a complete solution. Choose three.

Question161: Which of the following is generally practiced by the police or any other recognized governmental authority?

Question162: Which of the following steps is the initial step in developing an information security strategy?

Question163: Which of the following is a variant with regard to Configuration Management?

Question164: How many change control systems are there in project management?

Question165: Mark is the project manager of the NHQ project in Spartech Inc. The project has an asset valued at
$195,000 and is subjected to an exposure factor of 35 percent. What will be the Single Loss Expectancy of the project?

Question166: Which of the following terms refers to a mechanism which proves that the sender really sent a particular message?

Question167: Which of the following test methods has the objective to test the IT system from the viewpoint of a threat- source and to identify potential failures in the IT system protection schemes?

Question168: Which of the following security models dictates that subjects can only access objects through applications?

Question169: In which of the following SDLC phases is the system's security features configured and enabled, the system is tested and installed or fielded, and the system is authorized for processing?

Question170: Which of the following rated systems of the Orange book has mandatory protection of the TCB?

Question171: Which of the following are the goals of risk management? Each correct answer represents a complete solution. Choose three.

Question172: Which of the following elements of BCP process includes the areas of plan implementation, plan testing, and ongoing plan maintenance, and also involves defining and documenting the continuity strategy?

Question173: SIMULATION
Fill in the blank with an appropriate phrase.___________ is the process of using a strategy and plan of what patches should be applied to which systems at a specified time. Correct

Question174: You work as the Network Administrator for a defense contractor. Your company works with sensitive materials and all IT personnel have at least a secret level clearance. You are still concerned that one individual could perhaps compromise the network (intentionally or unintentionally) by setting up improper or unauthorized remote access. What is the best way to avoid this problem?

Question175: Which of the following ports is the default port for Layer 2 Tunneling Protocol (L2TP) ?

Question176: Which of the following rate systems of the Orange book has no security controls?

Question177: Peter works as a Computer Hacking Forensic Investigator. He has been called by an organization to conduct a seminar to give necessary information related to sexual harassment within the work place. Peter started with the definition and types of sexual harassment. He then wants to convey that it is important that records of the sexual harassment incidents should be maintained, which helps in further legal prosecution.
Which of the following data should be recorded in this documentation? Each correct answer represents a complete solution. Choose all that apply.

Question178: You company suspects an employee of sending unauthorized emails to competitors. These emails are alleged to contain confidential company dat a. Which of the following is the most important step for you to take in preserving the chain of custody?

Question179: Which of the following statements best explains how encryption works on the Internet?

Question180: Which of the following is a documentation of guidelines that computer forensics experts use to handle evidences?

Question181: Which of the following are the responsibilities of the owner with regard to data in an information classification program? Each correct answer represents a complete solution. Choose three.

Question182: Which of the following access control models uses a predefined set of access privileges for an object of a system?

Question183: Which of the following are known as the three laws of OPSEC? Each correct answer represents a part of the solution. Choose three.

Question184: Which of the following statements about Hypertext Transfer Protocol Secure (HTTPS) are true? Each correct answer represents a complete solution. Choose two.

Question185: Which of the following refers to the ability to ensure that the data is not modified or tampered with?

Question186: You work as a security manager for SoftTech Inc. You are conducting a security awareness campaign for your employees. One of the employees of your organization asks you the purpose of the security awareness, training and education program. What will be your answer?

Question187: Which of the following are the types of access controls? Each correct answer represents a complete solution. Choose three.

Question188: Which of the following strategies is used to minimize the effects of a disruptive event on a company, and is created to prevent interruptions to normal business activity?

Question189: Which of the following are the examples of administrative controls? Each correct answer represents a complete solution. Choose all that apply.

Question190: You work as a Forensic Investigator. Which of the following rules will you follow while working on a case?
Each correct answer represents a part of the solution. Choose all that apply.

Question191: Which of the following architecturally related vulnerabilities is a hardware or software mechanism, which was installed to permit system maintenance and to bypass the system's security protections?

Question192: Which of the following types of evidence is considered as the best evidence?

Question193: Which of the following is the process performed between organizations that have unique hardware or software that cannot be maintained at a hot or warm site?

Question194: Which of the following statements about the availability concept of Information security management is true?

Question195: Which of the following is a formula, practice, process, design, instrument, pattern, or compilation of information which is not generally known, but by which a business can obtain an economic advantage over its competitors?

Question196: Which of the following needs to be documented to preserve evidences for presentation in court?

Question197: Which of the following BCP teams provides clerical support to the other teams and serves as a message center for the user-recovery site?

Question198: Which of the following tools works by using standard set of MS-DOS commands and can create an MD5 hash of an entire drive, partition, or selected files?

Question199: Which of the following analysis provides a foundation for measuring investment of time, money and human resources required to achieve a particular outcome?

Question200: SIMULATION
Fill in the blank with the appropriate phrase. ____________ is the ability to record and report on the configuration baselines associated with each configuration item at any moment of time.

Question201: Which of the following statements is related with the second law of OPSEC?