EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network?

Question2: Which answer BEST describes information access permissions where, unless the user is specifically given access to certain data they are denied any access by default?

Question3: What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?

Question4: Which of the following cable types is limited in length to 185 meters?

Question5: Qualitative loss resulting from the business interruption does NOT usually include:

Question6: Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID card that she uses to digitally sign and encrypt emails in the PKI.
What happens to the certificates contained on the smart card after the security officer takes appropriate action?

Question7: To understand the 'whys' in crime, many times it is necessary to understand MOM. Which of the following is not a component of MOM?

Question8: Considerations of privacy, invasiveness, and psychological and physical comfort when using the system are important elements for which of the following?

Question9: What is the BEST answer pertaining to the difference between the Session and Transport layers of the OSI model?

Question10: Which of the following is the MOST important aspect relating to employee termination?

Question11: What is a common problem when using vibration detection devices for perimeter control?

Question12: Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext?

Question13: What is the RESULT of a hash algorithm being applied to a message?

Question14: Hierarchical Storage Management (HSM) is commonly employed in:

Question15: The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following?

Question16: Which layer deals with Media Access Control (MAC) addresses?

Question17: The International Organization for Standardization / Open Systems Interconnection (ISO/OSI) Layer 7 does NOT include which of the following?

Question18: Which of the following BEST describes an exploit?

Question19: What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters?

Question20: Within Crime prevention through Environmental Design (CPTED) the concept of territoriality is BEST described as:

Question21: What is the verification that the user's claimed identity is valid called and is usually implemented through a user password at log-on time?

Question22: Organizations should not view disaster recovery as which of the following?

Question23: Which of the following protocols that provide integrity and authentication for IPSec, can also provide non- repudiation in IPSec?

Question24: What is the role of IKE within the IPsec protocol?

Question25: Which of the following can be defined as a unique identifier in the table that unambiguously points to an individual tuple or record in the table?

Question26: Which of the following questions is LEAST likely to help in assessing controls covering audit trails?

Question27: An intranet is an Internet-like logical network that uses:

Question28: Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following?

Question29: Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?

Question30: In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?

Question31: Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling.
This area is referred to as the:

Question32: The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:

Question33: Which layer of the DoD TCP/IP model controls the communication flow between hosts?

Question34: What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

Question35: Which of the following answers presents the MOST significant threat to network based IDS or IPS systems?

Question36: In biometrics, "one-to-many" search against database of stored biometric images is done in:

Question37: Which of the following is NOT a common weakness of packet filtering firewalls?

Question38: Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire?

Question39: Which of the following is NOT a true statement regarding the implementation of the 3DES modes?

Question40: What are the three FUNDAMENTAL principles of security?

Question41: Which of the following represents the best programming?

Question42: Guards are appropriate whenever the function required by the security program involves which of the following?

Question43: Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced.
Which of the following is NOT a component that achieves this type of security?

Question44: At what stage of the applications development process should the security department become involved?

Question45: Which of the following teams should be included in an organization's contingency plan?

Question46: During the initial stage of configuration of your firewall, which of the following rules appearing in an Internet firewall policy is inappropriate?

Question47: Which of the following would not correspond to the number of primary keys values found in a table in a relational database?

Question48: What physical characteristic does a retinal scan biometric device measure?

Question49: At which of the basic phases of the System Development Life Cycle are security requirements formalized?

Question50: Operations Security seeks to PRIMARILY protect against which of the following?

Question51: Which Orange book security rating introduces security labels?

Question52: Which of the following is responsible for MOST of the security issues?

Question53: Which of the following encryption algorithms does NOT deal with discrete logarithms?

Question54: The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts?

Question55: The security of a computer application is MOST effective and economical in which of the following cases?

Question56: What is the proper term to refer to a single unit of IP data?

Question57: Which of the following NAT firewall translation modes allows a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts?

Question58: Which of the following can BEST eliminate dial-up access through a Remote Access Server as a hacking vector?

Question59: Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange?

Question60: What is a trusted shell?

Question61: Which of the following is used to create parity information?

Question62: An intranet provides more security and control than which of the following:

Question63: An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as:

Question64: Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?

Question65: Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test?

Question66: Which of the following would MOST likely ensure that a system development project meets business objectives?

Question67: Which of the following is the MOST secure firewall implementation?

Question68: Which of the following statements pertaining to using Kerberos without any extension is FALSE?

Question69: Which layer of the TCP/IP protocol model would BEST correspond to the OSI/ISO model's network layer?

Question70: Which of the following would best describe secondary evidence?

Question71: Which of the following logical access exposures involvers changing data before, or as it is entered into the computer?

Question72: In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class C network?

Question73: The "vulnerability of a facility" to damage or attack may be assessed by all of the following EXCEPT:

Question74: When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence:

Question75: What level of assurance for a digital certificate verifies a user's name, address, social security number, and other information against a credit bureau database?

Question76: Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network. Within which OSI/ISO layer is RPC implemented?

Question77: The standard server port number for HTTP is which of the following?

Question78: Which of the following statements pertaining to IPSec NOT true?

Question79: When referring to the data structures of a packet, the term Protocol Data Unit (PDU) is used, what is the proper term to refer to a single unit of TCP data at the transport layer?

Question80: The US-EU Safe Harbor process has been created to address which of the following?

Question81: Secure Sockets Layer (SSL) is very heavily used for protecting which of the following?

Question82: In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected?

Question83: Who is responsible for providing reports to the senior management on the effectiveness of the security controls?

Question84: Which xDSL flavor, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance?

Question85: Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?

Question86: Looking at the choices below, which ones would be the most suitable protocols/tools for securing e-mail?

Question87: Which backup method usually resets the archive bit on the files after they have been backed up?

Question88: Like the Kerberos protocol, SESAME is also subject to which of the following?

Question89: Which of the following statements pertaining to software testing is incorrect?

Question90: The BEST technique to authenticate to a system is to:

Question91: Which of the following is the most critical item from a disaster recovery point of view?

Question92: External consistency ensures that the data stored in the database is:

Question93: IT security measures should:

Question94: Which of the following is NOT a type of motion detector?

Question95: Which of the following is NOT a precaution you can take to reduce static electricity?

Question96: An access control policy for a bank teller is an example of the implementation of which of the following?

Question97: What is defined as the rules for communicating between computers on a Local Area Network (LAN)?

Question98: Legacy single sign on (SSO) is:

Question99: Which of the following BEST describes Configuration Management controls?

Question100: Domain Name Service is a distributed database system that is used to map:

Question101: Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?

Question102: Keeping in mind that these are objectives that are provided for information only within the CBK as they only
2
apply to the committee and not to the individuals. Which of the following statements pertaining to the (ISC) Code of Ethics is NOT true?

Question103: In which of the following models are Subjects and Objects identified and the permissions applied to each subject/object combination are specified? Such a model can be used to quickly summarize what permissions a subject has for various system objects.

Question104: Which of the following is NOT a correct notation for an IPv6 address?

Question105: For which areas of the enterprise are business continuity plans required?

Question106: What is called an event or activity that has the potential to cause harm to the information systems or networks?

Question107: Which of the following answers is directly related to providing High Availability to your users?

Question108: Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users?

Question109: Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location?

Question110: What would BEST define a covert channel?

Question111: The viewing of recorded events after the fact using a closed-circuit TV camera is considered a

Question112: To mitigate the risk of fire in your new data center, you plan to implement a heat-activated fire detector.
Your requirement is to have the earliest warning possible of a fire outbreak. Which type of sensor would you select and where would you place it?

Question113: Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?

Question114: Frame relay and X.25 networks are part of which of the following?

Question115: Which cable technology refers to the CAT3 and CAT5 categories?

Question116: The older coaxial cable has been widely replaced with twisted pair, which is extremely easy to work with, inexpensive, and also resistant to multiple host failure at once, especially when used in one of the following topology:

Question117: When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?

Question118: In the Bell-LaPadula model, the *-property (Star-property) is also called:

Question119: Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?

Question120: In a Public Key Infrastructure, how are public keys published?

Question121: What works as an E-mail message transfer agent?

Question122: Which of the following effectively doubles the amount of hard drives needed but also provides redundancy?

Question123: Which RAID implementation is commonly called mirroring?

Question124: Which of following is NOT a service provided by AAA servers (Radius, TACACS and DIAMETER)?

Question125: What is the main focus of the Bell-LaPadula security model?

Question126: What security problem is most likely to exist if an operating system permits objects to be used sequentially by multiple users without forcing a refresh of the objects?

Question127: What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility?

Question128: Which one of the following represents an ALE calculation?

Question129: Another example of Computer Incident Response Team (CIRT) activities is:

Question130: In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained?

Question131: Which of the following is needed for System Accountability?

Question132: Which of the following security-focused protocols has confidentiality services operating at a layer different from the others?

Question133: Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control?

Question134: What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?

Question135: Which of the following keys has the SHORTEST lifespan?

Question136: Who first described the DoD multilevel military security policy in abstract, formal terms?

Question137: Which of the following is NOT a known type of Message Authentication Code (MAC)?

Question138: The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels?

Question139: Which of the following statements pertaining to fire suppression systems is TRUE?

Question140: Which one of these statements about the key elements of a good configuration process is NOT true?

Question141: Which of the following is covered under Crime Insurance Policy Coverage?

Question142: Which of the following statements pertaining to RAID technologies is incorrect?

Question143: In regards to relational database operations using the Structure Query Language (SQL), which of the following is a value that can be bound to a placeholder declared within an SQL statement?

Question144: Which service usually runs on port 25?

Question145: Once evidence is seized, a law enforcement officer should emphasize which of the following?

Question146: Under intellectual property law what would you call information that companies keep secret to give them an advantage over their competitors?

Question147: Which access control model achieves data integrity through well-formed transactions and separation of duties?

Question148: Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?

Question149: Which of the following statements pertaining to a Criticality Survey is incorrect?

Question150: What does the simple security (ss) property mean in the Bell-LaPadula model?

Question151: Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient when properly implemented?

Question152: Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet?

Question153: According to Requirement 3 of the Payment Card Industry's Data Security Standard (PCI DSS) there is a requirement to "protect stored cardholder data." Which of the following items cannot be stored by the merchant?

Question154: Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system?

Question155: What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization?

Question156: What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets?

Question157: The control of communications test equipment should be clearly addressed by security policy for which of the following reasons?

Question158: Why would a database be denormalized?

Question159: Which of the following is related to physical security and is NOT considered a technical control?

Question160: What is the BEST definition of SQL injection?

Question161: What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?

Question162: Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?

Question163: Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

Question164: What is defined as inference of information from other, intermediate, relevant facts?

Question165: Which of the following control is intended to discourage a potential attacker?

Question166: What is NOT true with pre shared key authentication within IKE / IPsec protocol?

Question167: Which of the following teams should NOT be included in an organization's contingency plan?

Question168: In what LAN topology do all the transmissions of the network travel the full length of cable and are received by all other stations?

Question169: Which of the following is the BIGGEST concern with firewall security?

Question170: When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as:

Question171: This baseline sets certain thresholds for specific errors or mistakes allowed and the amount of these occurrences that can take place before it is considered suspicious?

Question172: Which of the following remote access authentication systems is the MOST robust?

Question173: This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I?

Question174: When companies come together to work in an integrated manner such as extranets, special care must be taken to ensure that each party promises to provide the necessary level of protection, liability and responsibility. These aspects should be defined in the contracts that each party signs. What describes this type of liability?

Question175: Smart cards are an example of which type of control?

Question176: Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to:

Question177: Which must bear the primary responsibility for determining the level of protection needed for information systems resources?

Question178: Behavioral-based systems are also known as?

Question179: Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?

Question180: How should a doorway of a manned facility with automatic locks be configured?

Question181: What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month?

Question182: Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences?

Question183: Which of the following would be the BEST criterion to consider in determining the classification of an information asset?

Question184: What is the main problem of the renewal of a root CA certificate?

Question185: Communications and network security relates to transmission of which of the following?

Question186: What allows a relation to contain multiple rows with a same primary key?

Question187: Which of the following is the most important consideration in locating an alternate computing facility during the development of a disaster recovery plan?

Question188: The Loki attack exploits a covert channel using which network protocol?

Question189: The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?

Question190: Which of the following statements pertaining to message digests is NOT true?

Question191: Which of the following statements pertaining to Kerberos is TRUE?

Question192: Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the:

Question193: Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users?

Question194: Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?

Question195: Which of the following exemplifies proper separation of duties?

Question196: The RSA algorithm is an example of what type of cryptography?

Question197: Which of the following is NOT true of Secure Sockets Layer (SSL)?

Question198: Which of the following protects Kerberos against replay attacks?

Question199: Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length?

Question200: The main risks that physical security components combat are all of the following EXCEPT:

Question201: A business continuity plan is an example of which of the following?

Question202: When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first?

Question203: The IP header contains a protocol field. If this field contains the value of 1, what type of data is contained within the IP datagram?

Question204: Which of the following best describes signature-based detection?

Question205: Who should direct short-term recovery actions immediately following a disaster?

Question206: Which of the following is NOT a technique used to perform a penetration test?

Question207: In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

Question208: A security analyst asks you to look at the traffic he has gathered, and you find several Push flags within the capture. It seems the packets are sent to an unknown Internet Address (IP) that is not in your network from one of your own IP addresses which is a financial database that is critical and must remain up and running
24x7. This traffic was noticed in the middle of the day. What would be the best course of action to follow?

Question209: Which of the following are the three classifications of RAID identified by the RAID Advisory Board?

Question210: Who is ultimately responsible for the security of computer based information systems within an organization?

Question211: Under United States law, an investigator's notebook may be used in court in which of the following scenarios?

Question212: Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for:

Question213: What is Kerberos?

Question214: Which of the following is NOT a disadvantage of symmetric cryptography when compared with asymmetric ciphers?

Question215: Which OSI/ISO layer defines how to address the physical devices on the network?

Question216: Which of the following is NOT a factor related to Access Control?

Question217: Kerberos can prevent which one of the following attacks?

Question218: Which of the following specifically addresses cyber-attacks against an organization's IT systems?

Question219: A site that is owned by the company and mirrors the original production site is referred to as a _______?

Question220: Which Security and Audit Framework has been adopted by some organizations working towards Sarbanes
- Oxley Section 404 compliance?

Question221: Which of the following services is provided by S-RPC?

Question222: What do the ILOVEYOU and Melissa virus attacks have in common?

Question223: Which of the following is NOT a disadvantage of Single Sign On (SSO)?

Question224: Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement?

Question225: Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit?

Question226: Readable is to unreadable just as plain text is to:

Question227: Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate?

Question228: Which of the following statements pertaining to IPSec is NOT true?

Question229: Which of the following statements pertaining to biometrics is FALSE?

Question230: Logical or technical controls involve the restriction of access to systems and the protection of information.
Which of the following statements pertaining to these types of controls is TRUE?

Question231: Which access control model would a lattice-based access control model be an example of?

Question232: While using IPsec, the ESP and AH protocols both provide integrity services. However, when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service.
Which of the items below would affects the use of AH and it´s Integrity Check Value (ICV) the MOST?

Question233: Which of the following would constitute the BEST example of a password to use for access to a system by a network administrator?

Question234: What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected?

Question235: Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged?

Question236: Which of the following is TRUE about Kerberos?

Question237: A virus is a program that can replicate itself on a system but not necessarily spread itself by network connections.
What is malware that can spread itself over open network connections?

Question238: Debbie from finance called to tell you that she downloaded and installed a free wallpaper program that sets the wallpaper on her computer to match the current weather outside but now her computer runs slowly and the disk drive activity light is always on. You take a closer look and when you do a simple port scan to see which ports are open on her computer, you notice that TCP/80 is open. You point a web browser at her computer's IP Address and port and see a site selling prescription drugs.
Apart from the wallpaper changing software, what did Debbie install without her knowledge?

Question239: Business Continuity Planning (BCP) is not defined as a preparation that facilitates:

Question240: During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?

Question241: The Secure Hash Algorithm (SHA-1) creates:

Question242: Which answer BEST describes a secure cryptoprocessor that can be used to store cryptographic keys, passwords or certificates in a component located on the motherboard of a computer?

Question243: The first step in the implementation of the contingency plan is to perform:

Question244: What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed.

Question245: Which of the following statements pertaining to the Bell-LaPadula model is TRUE if you are NOT making use of the strong star property?

Question246: Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications?

Question247: Which of the following is the most reliable authentication method for remote access?

Question248: Which of the following statements relating to Distributed Computing Environment (DCE) is FALSE?

Question249: Which of the following items is a benefit of cold sites?

Question250: Which of the following is currently the most recommended water system for a computer room?

Question251: Which of the following is NOT a component of IPSec?

Question252: A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source and destination port for the:

Question253: A persistent collection of interrelated data items can be defined as which of the following?

Question254: What is a password called that is the same for each log-on session?

Question255: A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:

Question256: Which of the following is NOT appropriate in addressing object reuse?

Question257: Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)?

Question258: Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?

Question259: Which type of control is concerned with avoiding occurrences of risks?

Question260: In order to be able to successfully prosecute an intruder:

Question261: Which of the following was designed to support multiple network types over the same serial link?

Question262: You are a criminal hacker and have infiltrated a corporate network via a compromised host and a misconfigured firewall. You find many targets inside the network but all appear to be hardened except for one. It has several notable vulnerable services and it therefore seems out of place with an otherwise secured network. (Except for the misconfigured firewall, of course)
What is it that you are likely seeing here?

Question263: Risk analysis is MOST useful when applied during which phase of the system development process?

Question264: Which of the following backup methods makes a complete backup of every file on the server every time it is run?

Question265: Which of the following cloud deployment model can be shared by several organizations?

Question266: Which of the following would be used to implement Mandatory Access Control (MAC)?

Question267: The steps of an access control model should follow which logical flow:

Question268: Which of the following does NOT concern itself with key management?

Question269: In what way could Java applets pose a security threat?

Question270: A one-way hash provides which of the following?

Question271: Which conceptual approach to intrusion detection system is the MOST common?

Question272: What is the effective key size of DES?

Question273: Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup?

Question274: What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?

Question275: Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel?

Question276: Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?

Question277: Sam is the security Manager of a financial institute. Senior management has requested he performs a risk analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has observed that for a few of the risks, the cost benefit analysis shows that risk mitigation cost (countermeasures, controls, or safeguard) is more than the potential lost that could be incurred. What kind of a strategy should Sam recommend to the senior management to treat these risks?

Question278: Which of the following statements pertaining to packet filtering NOT true?

Question279: What is the percentage of invalid subjects that are falsely accepted by a Biometric authentication system called?

Question280: Suppose you are a domain administrator and are choosing an employee to carry out backups. Which access control method would be BEST for this scenario?

Question281: Java is not:

Question282: Which of the following is the best reason for the use of an automated risk analysis tool?

Question283: What kind of certificate is used to validate a user identity?

Question284: Which of the following would BEST classify as a management control?

Question285: What is the minimum static charge able to cause disk drive data loss?

Question286: What security model is dependent on security labels?

Question287: Which key agreement scheme uses implicit signatures?

Question288: In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected?

Question289: Which type of risk assessment is the formula ALE = ARO x SLE used for?

Question290: Which of the following is implemented through scripts or smart agents that replay the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services?

Question291: What is the main concern with single sign-on?

Question292: Data which is properly secured and can be described with terms like genuine or not corrupted from the original refers to data that has a high level of what?

Question293: What is NOT true about a one-way hashing function?

Question294: Which of the following components are considered part of the Trusted Computing Base?

Question295: Fault tolerance countermeasures are designed to combat threats to which of the following?

Question296: Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees?

Question297: Which one of the following is NOT one of the outcomes of a vulnerability assessment?

Question298: Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer?

Question299: The Domain Name System (DNS) is a global network of:

Question300: The Diffie-Hellman algorithm is primarily used to provide which of the following?

Question301: While referring to physical security, what does positive pressurization means?

Question302: Kerberos depends upon what encryption method?

Question303: When backing up an applications system's data, which of the following is a key question to be answered first?

Question304: In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?

Question305: Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?

Question306: Which is NOT a suitable method for distributing certificate revocation information?

Question307: What is the most secure way to dispose of information on a CD-ROM?

Question308: The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or authenticated by a biometric system. Acceptable throughput rates are in the range of:

Question309: Examples of types of physical access controls include all EXCEPT which of the following?

Question310: At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?

Question311: Which of the following is NOT an example of a block cipher?

Question312: The Widget Company decided to take their company public and while they were in the process of doing so had an external auditor come and look at their company. As part of the external audit they brought in a technology expert, who incidentally was a new CISSP. The auditor's expert asked to see their last risk analysis from the technology manager. The technology manager did not get back to him for a few days and then the Chief Financial Officer gave the auditors a 2 page risk assessment that was signed by both the Chief Financial Officer and the Technology Manager. While reviewing it, the auditor noticed that only parts of their financial data were being backed up on site and nowhere else; the Chief Financial Officer accepted the risk of only partial financial data being backed up with no off-site copies available.
Who owns the risk with regards to the data that is being backed up and where it is stored?

Question313: Of the seven types of Access Control Categories, which is described as such?
Designed to specify rules of acceptable behavior in the organization.
Example: Policy stating that employees may not spend time on social media websites

Question314: Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?

Question315: What does the directive of the European Union on Electronic Signatures deal with?

Question316: What is the greatest danger from DHCP?

Question317: Which of the following security controls is intended to bring an environment back to regular operation?

Question318: The most prevalent cause of computer center fires is which of the following?

Question319: Which of the following is TRUE about digital certificate?

Question320: Business Continuity Planning (BCP) is defined as a preparation that facilitates:

Question321: An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:

Question322: Sensitivity labels are an example of what application control type?

Question323: In order to enable users to perform tasks and duties without having to go through extra steps, it is important that the security controls and mechanisms that are in place have a degree of?

Question324: Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival?

Question325: 2
Which of the following is the most important ISC Code of Ethics Canons?

Question326: The copyright law ("original works of authorship") protects the right of the owner in all of the following except?

Question327: Which of the following would be LESS likely to prevent an employee from reporting an incident?

Question328: Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)?

Question329: Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks?

Question330: What are the components of an object's sensitivity label?

Question331: Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?

Question332: Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and its sensitivity level?

Question333: Access Control techniques do NOT include which of the following?

Question334: Which of the following tools is NOT likely to be used by a hacker?

Question335: Which type of password token involves time synchronization?

Question336: Related to information security, availability is the opposite of which of the following?

Question337: Which of the following is BEST practice to employ in order to reduce the risk of collusion?

Question338: In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the BEST choice below.

Question339: The Clipper Chip utilizes which concept in public key cryptography?

Question340: The type of discretionary access control (DAC) that is based on an individual's identity is also called:

Question341: What does "System Integrity" mean?

Question342: What is the primary difference between FTP and TFTP?

Question343: Which of the following stripes the data and the parity information at the block level across all the drives in the set?

Question344: Which access model is most appropriate for companies with a high employee turnover?

Question345: Which of the following computer recovery sites is the least expensive and the most difficult to test?

Question346: Knowledge-based Intrusion Detection Systems (IDS) are more common than:

Question347: Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?

Question348: What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?

Question349: During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first?

Question350: What are the four domains that make up CobiT?

Question351: What size is an MD5 message digest (hash)?

Question352: Which security model uses an access control triple and also requires separation of duty?

Question353: Which of the following would be true about Static password tokens?

Question354: An application layer firewall is also called a:

Question355: Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires?

Question356: The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to:

Question357: A message can be encrypted and digitally signed, which provides:

Question358: Which of the following are required for Life-Cycle Assurance?

Question359: Which of the following monitors network traffic in real time?

Question360: Which access control model provides upper and lower bounds of access capabilities for a subject?

Question361: Which of the following is most concerned with personnel security?

Question362: Which of the following is NOT a property of the Rijndael block cipher algorithm?

Question363: Good security is built on which of the following concept?

Question364: Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?

Question365: 2
The ISC Code of Ethics does not include which of the following behaviors for a CISSP:

Question366: Which of the following cloud deployment model is provisioned for open use by the general public?

Question367: Which of the following is NOT a countermeasure to traffic analysis?

Question368: Why does compiled code pose more of a security risk than interpreted code?

Question369: Ding Ltd. is a firm specialized in intellectual property business. A new video streaming application needs to be installed for the purpose of conducting the annual awareness program as per the firm security program.
The application will stream internally copyrighted computer based training videos. The requirements for the application installation are to use a single server, low cost technologies, high performance and no high availability capacities.
In regards to storage technology, what is the most suitable configuration for the server hard drives?

Question370: Which of the following services is NOT provided by the digital signature standard (DSS)?

Question371: Single Sign-on (SSO) is characterized by which of the following advantages?

Question372: Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)?

Question373: Which of the following is one of the oldest and most common problem in software development that is still very prevalent today?

Question374: Which of the following is NOT an example of preventive control?

Question375: Which of the following risk handling technique involves the practice of passing on the risk to another entity, such as an insurance company?

Question376: Which of the following is NOT a system-sensing wireless proximity card?

Question377: The ideal operating humidity range is defined as 40 percent to 60 percent. High humidity (greater than 60 percent) can produce what type of problem on computer parts?

Question378: RAID levels 3 and 5 run:

Question379: What is the main issue with media reuse?

Question380: Which of the following is a reasonable response from the Intrusion Detection System (IDS) when it detects Internet Protocol (IP) packets where the IP source address and port is the same as the destination IP address and port?

Question381: Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection?

Question382: All hosts on an IP network have a logical ID called a(n):

Question383: Which RAID Level often implements a one-for-one disk to disk ratio?

Question384: Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?

Question385: What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as "what each must bring" and joined together when getting access or decrypting a file. Each of which does not reveal the other.

Question386: Frame relay uses a public switched network to provide:

Question387: Which of the following is BEST at defeating frequency analysis?

Question388: Which of the following is NOT a common category/classification of threat to an IT system?

Question389: The object-relational and object-oriented models are better suited to managing complex data such as required for which of the following?

Question390: A DMZ is located:

Question391: Which of the following answers BEST indicates the most important part of a data backup plan?

Question392: Researchers have recently developed a tool that imitates a 14-year-old on the Internet.
The authors developed a "Chatter Bot" that mimics conversation and treats the dissemination of personal information as the goal to determine if the other participant in the conversation is a pedophile. The tool engages people in conversation and uses artificial intelligence to check for inappropriate questions by the unsuspecting human. If the human types too many suggestive responses to the "artificial" 14-year-old, the tool then notifies the police. From a legal perspective, what is the greatest legal challenge to the use of this tool?

Question393: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as?

Question394: Compared to RSA, which of the following is true of Elliptic Curve Cryptography (ECC)?

Question395: What is the most effective means of determining that controls are functioning properly within an operating system?

Question396: Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean?

Question397: Controls are implemented to:

Question398: Which of the following should NOT normally be allowed through a firewall?

Question399: What is the main purpose of Corporate Security Policy?

Question400: Which of the following LAN devices only operates at the physical layer of the OSI/ISO model?

Question401: How many rounds are used by DES?

Question402: What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources?

Question403: View the image below and identify the attack

Question404: Which of the following backup sites is the most effective for disaster recovery?

Question405: What is RAD?

Question406: How many layers are defined within the US Department of Defense (DoD) TCP/IP Model?

Question407: What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?

Question408: Preservation of confidentiality within information systems requires that the information is not disclosed to:

Question409: What would you call a network security control deployed in line to detects, alerts, and takes action when a possible intrusion is detected.

Question410: Which of the following choices is NOT normally part of the questions that would be asked in regards to an organization's information security policy?

Question411: Which of the following is TRUE of two-factor authentication?

Question412: Which of the following is given the responsibility of the maintenance and protection of the data?

Question413: Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number?

Question414: Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?

Question415: Which RAID level concept is considered more expensive and is applied to servers to create what is commonly known as server fault tolerance?

Question416: Which of the following is NOT a basic component of security architecture?

Question417: The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following?

Question418: Organizations should consider which of the following first before allowing external access to their LANs via the Internet?

Question419: A confidential number used as an authentication factor to verify a user's identity is called a:

Question420: What does the simple integrity axiom mean in the Biba model?

Question421: Which of the following is NOT a Generally Accepted System Security Principle (GASSP)?

Question422: What can be described as a measure of the magnitude of loss or impact on the value of an asset?

Question423: Passwords can be required to change monthly, quarterly, or at other intervals:

Question424: How can an individual/person BEST be identified or authenticated to prevent local masquerading attacks?

Question425: In what way can violation of clipping levels assist in violation tracking and analysis?

Question426: Which type of fire extinguisher is MOST appropriate for a digital information processing facility?

Question427: To be admissible in court, computer evidence must be which of the following?

Question428: Which of the following modes of DES is MOST likely used for Database Encryption?

Question429: Which of the following cloud computing service model is a provision model in which an organization outsources the equipment used to support operations, including storage, hardware, servers and networking components?

Question430: Which protocol's primary function is to facilitate file and directory transfer between two machines?

Question431: In the statement below, fill in the blank: Law enforcement agencies must get a warrant to search and seize an individual's property, as stated in the _____ Amendment.

Question432: Which of the following Common Data Network Services allocates computing power resources among workstations with some shared resources centralized on a server?

Question433: In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?

Question434: Which of the following is NOT part of the Kerberos authentication protocol?

Question435: A momentary high voltage is a:

Question436: What is the percentage of valid subjects that are falsely rejected by a Biometric Authentication system called?

Question437: The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is NOT one of these areas?

Question438: What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.

Question439: Which of the following does NOT apply to system-generated passwords?

Question440: Under what conditions would the use of a "Class C" hand-held fire extinguisher be preferable to the use of a "Class A" hand-held fire extinguisher?

Question441: Which of the following is the BEST way to detect software license violations?

Question442: Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks?

Question443: What does the * (star) property mean in the Bell-LaPadula model?

Question444: What is the primary goal of setting up a honey pot?

Question445: Which of the following statements relating to the Biba security model is FALSE?

Question446: In discretionary access environments, which of the following entities is authorized to grant information access to other people?

Question447: A business impact assessment is one element in business continuity planning. What are the three primary goals of a BIA?

Question448: Which of the following service is not provided by a public key infrastructure (PKI)?

Question449: Which of the following fire extinguishing systems incorporating a detection system is currently the most recommended water system for a computer room?

Question450: In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use:

Question451: Which of the following is biggest factor that makes Computer Crimes possible?

Question452: Which of the following is an issue with signature-based intrusion detection systems?

Question453: Normalizing data within a database could include all or some of the following except which one?

Question454: Which of the following is NOT a property of a one-way hash function?

Question455: Which of the following questions is less likely to help in assessing physical and environmental protection?

Question456: Which of the following floors would be MOST appropriate to locate information processing facilities in a 6- stories building?

Question457: When should a post-mortem review meeting be held after an intrusion has been properly taken care of?

Question458: A code, as is pertains to cryptography:

Question459: The primary service provided by Kerberos is which of the following?

Question460: Which of the following offers security to wireless communications?

Question461: Which of the following is a true statement pertaining to memory addressing?

Question462: Which of the following best allows risk management results to be used knowledgeably?

Question463: Which of the following is NOT an advantage that TACACS+ has over TACACS?

Question464: In access control terms, the word "dominate" refers to which of the following?

Question465: What is it called when a computer uses more than one CPU in parallel to execute instructions?

Question466: Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?

Question467: Which of the following issues is not addressed by digital signatures?

Question468: Which of the following would best define a digital envelope?

Question469: Matches between which of the following are important because they represent references from one relation to another and establish the connections among these relations?

Question470: What is the maximum allowable key size of the Rijndael encryption algorithm?

Question471: You are using an open source packet analyzer called Wireshark and are sifting through the various conversations to see if anything appears to be out of order.
You are observing a UDP conversation between a host and a router. It was a file transfer between the two on port 69. What protocol was used here to conduct the file transfer?

Question472: Which of the following provides enterprise management with a prioritized list of time-critical business processes, and estimates a recovery time objective for each of the time critical processes and the components of the enterprise that support those processes?

Question473: What is the appropriate role of the security analyst in the application system development or acquisition project?

Question474: What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team?

Question475: Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions?

Question476: Which device acting as a translator is used to connect two networks or applications from Layer 4 up to Layer 7 of the ISO/OSI Model?

Question477: Which backup type run at regular intervals would take the least time to complete?

Question478: Which of the following is BEST provided by symmetric cryptography?

Question479: What security model implies a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects?

Question480: Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?

Question481: Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users?

Question482: A momentary power outage is a:

Question483: Which of the following statements pertaining to firewalls NOT true?

Question484: Which of the following is NOT true concerning Application Control?

Question485: Which of the following protocols does not operate at the data link layer (layer 2)?

Question486: One purpose of a security awareness program is to modify:

Question487: When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court?

Question488: Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)?

Question489: Which of the following algorithms does NOT provide hashing?

Question490: A deviation from an organization-wide security policy requires which of the following?

Question491: Which of the following is NOT a two-factor authentication mechanism?

Question492: In which of the following phases of system development life cycle (SDLC) is contingency planning most important?

Question493: With SQL Relational databases where is the actual data stored?

Question494: Cryptography does NOT help in:

Question495: Which of the following methods of providing telecommunications continuity involves the use of an alternative media?

Question496: Which of the following is more suitable for a hardware implementation?

Question497: In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in?

Question498: The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server in which of the following scenarios?

Question499: Which of the following ensures that security is NOT breached when a system crash or other system failure occurs?

Question500: Which of the following is NOT a characteristic of a host-based intrusion detection system?

Question501: Individual accountability does not include which of the following?

Question502: The DMZ does not normally contain:

Question503: Making sure that the data has not been changed unintentionally, due to an accident or malice is:

Question504: Which of the following testing method examines internal structure or working of an application?

Question505: Which of the following statements pertaining to biometrics is FALSE?

Question506: Which of the following is the MOST secure form of triple-DES encryption?

Question507: A 'Pseudo flaw' is which of the following?

Question508: Which layer defines how packets are routed between end systems?

Question509: Proxies work by transferring a copy of each accepted data packet from one network to another, thereby masking the:

Question510: Which expert system operating mode allows determining if a given hypothesis is valid?

Question511: During an IS audit, one of your auditors has observed that some of the critical servers in your organization can be accessed ONLY by using a shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach?

Question512: All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would Be considered an essential element of the BIA but an important topic to include within the BCP plan?

Question513: Which of the following is NOT a critical security aspect of Operations Controls?

Question514: Which of the following cloud deployment model operates solely for an organization?

Question515: What is a security policy?

Question516: Which of the following transmission media would NOT be affected by cross talk or interference?

Question517: How many bits compose an IPv6 address?

Question518: Which of the following defines the software that maintains and provides access to the database?

Question519: Which of the following choices describe a condition when RAM and Secondary storage are used together?

Question520: Which of the following can be used as a covert channel?

Question521: Asynchronous Communication transfers data by sending:

Question522: Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality?

Question523: Which of the following is not a form of passive attack?

Question524: The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?

Question525: Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?

Question526: Another name for a VPN is a:

Question527: Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key.

Question528: Which of the following characteristics pertaining to databases is NOT true?

Question529: Which property ensures that only the intended recipient can access the data and nobody else?

Question530: Which of the following defines when RAID separates the data into multiple units and stores it on multiple disks?

Question531: Who is responsible for initiating corrective measures and capabilities used when there are security violations?

Question532: Which of the following statements pertaining to the trusted computing base (TCB) is false?

Question533: Which of the following is not a DES mode of operation?

Question534: In the UTP category rating, the tighter the wind:

Question535: Which of the following is the WEAKEST authentication mechanism?

Question536: Which of the following is the preferred way to suppress an electrical fire in an information center?

Question537: A Packet Filtering Firewall system is considered a:

Question538: Which of the following does not address Database Management Systems (DBMS) Security?

Question539: Which of the following is not a physical control for physical security?

Question540: Which of the following questions is LESS likely to help in assessing physical access controls?

Question541: With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance?

Question542: Which of the following would be an example of the BEST password?

Question543: Which of the following IEEE standards defines the token ring media access method?

Question544: Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?

Question545: What are the three MOST important functions that Digital Signatures perform?

Question546: Why would anomaly detection IDSs often generate a large number of false positives?

Question547: What is the percentage at which the False Rejection Rate equals the False Acceptance Rate called?

Question548: In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated?

Question549: The typical computer fraudsters are usually persons with which of the following characteristics?

Question550: When considering an IT System Development Life-cycle, security should be:

Question551: After a company is out of an emergency state, what should be moved back to the original site first?

Question552: What does "residual risk" mean?

Question553: 2
Which of the following statements is not listed within the 4 canons of the (ISC) Code of Ethics?

Question554: Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography.

Question555: Which of the following is NOT a preventive login control?

Question556: You wish to make use of "port knocking" technologies. How can you BEST explain this?

Question557: RAID Level 1 is commonly called which of the following?

Question558: Which of the following is MOST appropriate to notify an internal user that session monitoring is being conducted?

Question559: In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy.
The access controls may be based on:

Question560: Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the:

Question561: Which of the following access control models requires defining classification for objects?

Question562: The Internet Architecture Board (IAB) characterizes which of the following as unethical behavior for Internet users?

Question563: Which of the following is a LAN transmission method?

Question564: In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network?

Question565: Which of the following backup method must be made regardless of whether Differential or Incremental methods are used?

Question566: Phreakers are hackers who specialize in telephone fraud. What type of telephone fraud/attack makes use of a device that generates tones to simulate inserting coins in pay phones, thus fooling the system into completing free calls?

Question567: An X.509 public key certificate with the key usage attribute "non-repudiation" can be used for which of the following?

Question568: What is a sequence of characters that is usually longer than the allotted number for a password called?

Question569: What is a limitation of TCP Wrappers?

Question570: Which of the following describes a technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind?

Question571: In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process?

Question572: Which access control model is BEST suited in an environment where a high security level is required and where it is desired that only the administrator grants access control?

Question573: Which of the following was NOT designed to be a proprietary encryption algorithm?

Question574: Application Layer Firewalls operate at the:

Question575: Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit?

Question576: You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals.
One day you receive a laptop and are part of a two-man team responsible for examining it together.
However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch.
What critical step in forensic evidence have you forgotten?

Question577: Which of the following is NOT a responsibility of an information (data) owner?

Question578: Which layer of the TCP/IP protocol model defines the IP datagram and handles the routing of data across networks?

Question579: Which of the following embodies all the detailed actions that personnel are required to follow?

Question580: When referring to the Cloud Computing Service models. What would you call a service model where the consumer does not manage or control the underlying cloud infrastructure including networks, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application hosting environment?

Question581: The Computer Security Policy Model the Orange Book is based on is which of the following?

Question582: Which of the following statements pertaining to disaster recovery planning is incorrect?

Question583: RAID Level 1 mirrors the data from one disk or set of disks using which of the following techniques?

Question584: In the physical security context, a security door equipped with an electronic lock configured to ignore the unlock signals sent from the building emergency access control system in the event of an issue (fire, intrusion, power failure) would be in which of the following configuration?

Question585: When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called?

Question586: Which of the following binds a subject name to a public key value?

Question587: Which of the following statements pertaining to secure information processing facilities is NOT true?

Question588: Which of the following statements pertaining to VPN protocol standards is false?

Question589: Which of the following biometric devices offers the LOWEST CER?

Question590: Which of the following is a problem regarding computer investigation issues?

Question591: Which of the following RAID levels is not used in practice and was quickly superseded by the more flexible levels?

Question592: The owner of a system should have the confidence that the system will behave according to its specifications. This is termed as:

Question593: Who developed one of the first mathematical models of a multilevel-security computer system?

Question594: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of:

Question595: Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exist.
Which of the basic method is more prone to false positive?

Question596: What enables users to validate each other's certificate when they are certified under different certification hierarchies?

Question597: Crime Prevention Through Environmental Design (CPTED) is a discipline that:

Question598: When attempting to establish liability, which of the following would be described as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation?

Question599: In Mandatory Access Control, sensitivity labels attached to objects contain what information?

Question600: Which of the following BEST defines add-on security?

Question601: Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?

Question602: You have been tasked to develop an effective information classification program. Which one of the following steps should be performed FIRST?

Question603: Which authentication technique BEST protects against hijacking?

Question604: During a test of a disaster recovery plan the IT systems are concurrently set up at the alternate site. The results are compared to the results of regular processing at the original site. What kind of testing has taken place?

Question605: Which disaster recovery plan test involves functional representatives meeting to review the plan in detail?

Question606: If an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its information system from the Internet:

Question607: Which of the following Common Data Network Services is used to print documents to a shared printer or a print queue/spooler?

Question608: Which of the following is the SIMPLEST type of firewall?

Question609: Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address?

Question610: The description of the database is called a schema. The schema is defined by which of the following?

Question611: When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?

Question612: Which of the following BEST describes a function relying on a shared secret key that is used along with a hashing algorithm to verify the integrity of the communication content as well as the sender?

Question613: Computer-generated evidence is considered:

Question614: The Data Encryption Algorithm performs how many rounds of substitution and permutation?

Question615: If an internal database holds a number of printers in every department and this equals the total number of printers for the whole organization recorded elsewhere in the database, it is an example of:

Question616: How should a risk be handled when the cost of the countermeasure outweighs the cost of the risk?

Question617: Which of the following access control models is based on sensitivity labels?

Question618: In a dry pipe system, there is no water standing in the pipe - it is being held back by what type of valve?

Question619: The MAIN issue with Level 1 of RAID is which of the following?

Question620: Which port does the Post Office Protocol Version 3 (POP3) make use of?

Question621: Which of the following is not an EPA-approved replacement for Halon?

Question622: Where in a PKI infrastructure is a list of revoked certificates stored?

Question623: Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense?

Question624: Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request?

Question625: Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system?

Question626: To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up:

Question627: Which of the following is TRUE of network security?

Question628: Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers?

Question629: What refers to legitimate users accessing networked services that would normally be restricted to them?

Question630: A server cluster looks like a:

Question631: Which access control method allows the data owner (the person who created the file) to control access to the information they own?

Question632: The scope and focus of the Business continuity plan development depends most on:

Question633: Which of the following is a class A fire?

Question634: Which of the following controls related to physical security is NOT an administrative control?

Question635: The DES algorithm is an example of what type of cryptography?

Question636: Which of the following plan provides procedures for sustaining essential business operations while recovering from significant disruption?

Question637: The Information Technology Security Evaluation Criteria (ITSEC) was written to address which of the following that the Orange Book did not address?

Question638: What is the difference between the OCSP (Online Certificate Status Protocol) and a Certificate Revocation List (CRL)?

Question639: Which of the following standards concerns digital certificates?

Question640: In IPSec, if the communication is to be gateway-to-gateway or host-to-gateway:

Question641: Mark's manager has tasked him with researching an intrusion detection system for a new dispatching center. Mark identifies the top five products and compares their ratings.
Which of the following is the evaluation criteria most in use today for these types of purposes?

Question642: Regarding risk reduction, which of the following answers is BEST defined by the process of giving only just enough access to information necessary for them to perform their job functions?

Question643: Which of the following attack includes social engineering, link manipulation or web site forgery techniques?

Question644: Which of the following is NOT a VPN communications protocol standard?

Question645: A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?

Question646: What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?

Question647: You are an information systems security officer at a mid-sized business and are called upon to investigate a threat conveyed in an email from one employee to another.
You gather the evidence from both the email server transaction logs and from the computers of the two individuals involved in the incident and prepare an executive summary.
You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn't send the email in question.
What concept of PKI - Public Key Infrastructure will implicate the sender?

Question648: A prolonged electrical power supply that is below normal voltage is a:

Question649: Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions would have no bearing on the inadmissibility of audit logs and audit trails in a court of law?

Question650: According to the Orange Book, which security level is the first to require a system to protect against covert timing channels?

Question651: You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by:

Question652: Business Impact Analysis (BIA) is about:

Question653: A server farm consisting of multiple similar servers seen as a single IP address from users interacting with the group of servers is an example of which of the following?

Question654: Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes?

Question655: Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media?

Question656: Which of the following BEST ensures accountability of users for the actions taken within a system or domain?

Question657: Electrical systems are the lifeblood of computer operations. The continued supply of clean, steady power is required to maintain the proper personnel environment as well as to sustain data operations. Which of the following is not an element that can threaten power systems?

Question658: Which of the following is a proximity identification device that does not require action by the user and works by responding with an access code to signals transmitted by a reader?

Question659: Which of the following provides coordinated procedures for minimizing loss of life, injury, and property damage in response to a physical threat?

Question660: Which of the following is an example of an active attack?

Question661: During which phase of an IT system life cycle are security requirements developed?

Question662: A Differential backup process will:

Question663: What is electronic vaulting?

Question664: Which of the following is an important part of database design that ensures that attributes in a table depend only on the primary key?

Question665: Devices that supply power when the commercial utility power system fails are called which of the following?

Question666: Which term BEST describes a practice used to detect fraud for users or a user by forcing them to be away from the workplace for a while?

Question667: Which of the following will a Business Impact Analysis NOT identify?

Question668: How many bits is the address space reserved for the source IP address within an IPv6 header?

Question669: What is used to protect programs from all unauthorized modification or executional interference?

Question670: Which of the following statements is TRUE about data encryption as a method of protecting data?

Question671: Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?

Question672: Why would a memory dump be admissible as evidence in court?

Question673: An incremental backup process

Question674: The Diffie-Hellman algorithm is used for:

Question675: What does the Clark-Wilson security model focus on?

Question676: A network-based vulnerability assessment is a type of test also referred to as:

Question677: Which of the following would best describe the difference between white-box testing and black-box testing?

Question678: What is the difference between Access Control Lists (ACLs) and Capability Tables?

Question679: In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:

Question680: A circuit level proxy is ____________ when compared to an application level proxy.

Question681: In an organization, an Information Technology security function should:

Question682: Of the three types of alternate sites: hot, warm or cold, which is BEST described by the following facility description?
Configured and functional facility

Available with a few hours

Requires constant maintenance

Is expensive to maintain

Question683: A contingency plan should address:

Question684: What is called the probability that a threat to an information system will materialize?

Question685: Identity Management solutions include such technologies as Directories services, Single Sign-On and Web Access management. There are many reasons for management to choose an identity management solution.
Which of the following is a key management challenge regarding identity management solutions?

Question686: Which of the following statements do not apply to a hot site?

Question687: Which of the following attacks could capture network user passwords?

Question688: Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?

Question689: Which of the following is BEST defined as a physical control?

Question690: Which protocol is used to send email?

Question691: Which of the following is NOT a technical control?

Question692: Which type of control is concerned with restoring controls?

Question693: Which of the following statements is MOST accurate regarding a digital signature?

Question694: Which of the following is NOT an administrative control?

Question695: 2
Regarding codes of ethics covered within the ISC CBK, within which of them is the phrase "Discourage unsafe practice" found?

Question696: Which of the following Orange Book ratings represents the highest level of trust?

Question697: What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values?

Question698: Which of the following statements pertaining to link encryption is FALSE?

Question699: A weakness or lack of a safeguard, which may be exploited by a threat, causing harm to the information systems or networks is called:

Question700: A hardware RAID implementation is usually:

Question701: Which of the following is true of biometrics?

Question702: Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation?

Question703: How would nonrepudiation be BEST classified as?

Question704: Which of the following is NOT an example of an asymmetric key algorithm?

Question705: When submitting a passphrase for authentication, the passphrase is converted into:

Question706: Which of the following issues is NOT addressed by Kerberos?

Question707: What category of law deals with regulatory standards that regulate performance and conduct? Government agencies create these standards, which are usually applied to companies and individuals within those companies?

Question708: Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets?

Question709: Which Orange book security rating is the FIRST to be concerned with covert channels?

Question710: What is the PRIMARY use of a password?

Question711: Which of the following security models does NOT concern itself with the flow of data?

Question712: For maximum security design, what type of fence is most effective and cost-effective method (Foot is being used as measurement unit below)?

Question713: When planning for disaster recovery it is important to know a chain of command should one or more people become missing, incapacitated or otherwise available to lead the organization.
Which of the following terms BEST describes this process?

Question714: What is the name for a substitution cipher that shifts the alphabet by 13 places?

Question715: Which of the following virus types changes some of its characteristics as it spreads?

Question716: Which one of the following factors is NOT one on which Authentication is based?

Question717: According to private sector data classification levels, how would salary levels and medical information be classified?

Question718: Which of the following statements pertaining to key management is NOT true?

Question719: Which of the following is not a one-way hashing algorithm?

Question720: Which of the following statements pertaining to packet switching is NOT true?

Question721: Which element must computer evidence have to be admissible in court?

Question722: Which of the following statements pertaining to air conditioning for an information processing facility is TRUE?

Question723: Which of the following statements pertaining to stream ciphers is TRUE?

Question724: What is a characteristic of using the Electronic Code Book mode of DES encryption?

Question725: Which of the following is NOT a security goal for remote access?

Question726: Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court?

Question727: Which of the following concerning the Rijndael block cipher algorithm is NOT true?

Question728: Which of the following is a transaction redundancy implementation?

Question729: Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?

Question730: Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions?

Question731: What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?

Question732: Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on?

Question733: Which of the following server contingency solutions offers the highest availability?

Question734: Who is responsible for implementing user clearances in computer-based information systems at the B3 level of the TCSEC rating?

Question735: Which of the following statements pertaining to Kerberos is TRUE?

Question736: Which of the following are well known ports assigned by the IANA?

Question737: Which of the following steps is NOT one of the eight detailed steps of a Business Impact Assessment (BIA)?

Question738: Which of the following allows two computers to coordinate in executing software?

Question739: Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both?

Question740: In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:

Question741: What can be defined as a data structure that enumerates digital certificates that were issued to CAs but have been invalidated by their issuer prior to when they were scheduled to expire?

Question742: What kind of encryption is realized in the S/MIME-standard?

Question743: How often should a Business Continuity Plan be reviewed?

Question744: The primary purpose for using one-way hashing of user passwords within a password file is which of the following?

Question745: Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design?

Question746: When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED?

Question747: Which of the following represents the rows of the table in a relational database?

Question748: Computer security should be first and foremost which of the following?

Question749: You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the
"Urgent Pointer" field of a TCP packet. This is only 16 bits which isn't much but it concerns you because:

Question750: A prolonged complete loss of electric power is a:

Question751: Which of the following are the steps usually followed in the development of documents such as security policy, standards and procedures?

Question752: Complete the following sentence. A message can be encrypted, which provides:

Question753: Which of the following statements pertaining to ethical hacking is NOT true?

Question754: In regards to the query function of relational database operations, which of the following represent implementation procedures that correspond to each of the low-level operations in the query?

Question755: Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect?

Question756: Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?

Question757: What is a decrease in amplitude as a signal propagates along a transmission medium BEST known as?

Question758: Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?

Question759: The Orange Book is founded upon which security policy model?

Question760: What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable?

Question761: In Synchronous dynamic password tokens:

Question762: RAID level 10 is created by combining which of the following?

Question763: Which of the following questions is LESS likely to help in assessing identification and authentication controls?

Question764: Which of the following is LESS likely to be used today in creating a Virtual Private Network?

Question765: What is the process that RAID Level 0 uses as it creates one large disk by using several disks?

Question766: Which software development model is actually a meta-model that incorporates a number of the software development models?

Question767: This type of backup management provides a continuous on-line backup by using optical or tape
"jukeboxes," similar to WORMs (Write Once, Read Many):

Question768: What is the MOST critical piece to disaster recovery and continuity planning?

Question769: Which of the following items is NOT primarily used to ensure integrity?

Question770: Which of the following is considered the weakest link in a security system?

Question771: Which of the following type of lock uses a numeric keypad or dial to gain entry?

Question772: Which of the following security control is intended to avoid an incident from occurring?

Question773: In a known plaintext attack, the cryptanalyst has knowledge of which of the following?

Question774: Making sure that only those who are supposed to access the data can access is which of the following?

Question775: Java follows which security model:

Question776: Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN?

Question777: Which of the following is NOT an encryption algorithm?

Question778: Which of the following places the Orange Book classifications in order from MOST secure to LEAST secure?

Question779: When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason?

Question780: During a business impact analysis it is concluded that a system has maximum tolerable downtime of 2 hours. What would this system be classified as?

Question781: Which of the following translates source code one command at a time for execution on a computer?

Question782: Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?

Question783: Which of the following is true about a "dry pipe" sprinkler system?

Question784: What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?

Question785: Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?

Question786: At what Orange Book evaluation levels are design specification and verification FIRST required?

Question787: Which access control model was proposed for enforcing access control in government and military applications?

Question788: What protocol is used on the Local Area Network (LAN) to obtain an IP address from its known MAC address?

Question789: A smart Card that has two chips with the Capability of utilizing both Contact and Contactless formats is called:

Question790: Which of the following can prevent hijacking of a web session?

Question791: What would you call the process that takes advantages of the security provided by a transmission protocol by carrying one protocol over another?

Question792: The Logical Link Control sub-layer is a part of which of the following?

Question793: Which of the following is the lowest TCSEC class wherein the systems must support separate operator and system administrator roles?

Question794: In which LAN transmission method is a source packet copied and sent to specific multiple destinations but not ALL of the destinations on the network?

Question795: What is the primary role of smartcards in a PKI?

Question796: Which of the following biometric parameters are better suited for authentication use over a long period of time?

Question797: Which of the following is an advantage of proxies?

Question798: Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:

Question799: In biometric identification systems, the parts of the body conveniently available for identification are:

Question800: The US department of Health, Education and Welfare developed a list of fair information practices focused on privacy of individually, personal identifiable information. Which one of the following is incorrect?

Question801: Which of the following items is NOT a benefit of cold sites?

Question802: In the CIA triad, what does the letter A stand for?

Question803: What is the maximum key size for the RC5 algorithm?

Question804: What is Dumpster Diving?

Question805: Which of the following answers BEST describes the Bell La-Padula model of storage and access control of classified information?

Question806: Which RAID implementation stripes data and parity at block level across all the drives?

Question807: Which of the following statements regarding an off-site information processing facility is TRUE?

Question808: What IDS approach relies on a database of known attacks?

Question809: Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part?

Question810: Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces?

Question811: The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of:

Question812: Which of the following groups represents the leading source of computer crime losses?

Question813: Which of the following represents a relation, which is the basis of a relational database?

Question814: Covert Channel Analysis is FIRST introduced at what level of the TCSEC rating?

Question815: Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions?

Question816: Pervasive Computing and Mobile Computing Devices have to sacrifice certain functions. Which statement concerning those devices is false.

Question817: In which mode of DES, will a block of plaintext and a key always give the same ciphertext?

Question818: Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?

Question819: Which of the following is NOT a transaction redundancy implementation?

Question820: What is the key size of the International Data Encryption Algorithm (IDEA)?

Question821: Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

Question822: Which of the following protocols offers native encryption?

Question823: Which of the following best describes the Secure Electronic Transaction (SET) protocol?

Question824: What is called the number of columns in a table?

Question825: Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:

Question826: A Differential backup process:

Question827: If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a:

Question828: When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is known as?

Question829: The main issue with RAID Level 1 is that the one-for-one ratio is:

Question830: What kind of encryption technology does SSL utilize?

Question831: What mechanism does a system use to compare the security labels of a subject and an object?

Question832: SMTP can best be described as:

Question833: Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it?

Question834: It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security?

Question835: Which of the following is NOT a media viability control used to protect the viability of data storage media?

Question836: What can be defined as an event that could cause harm to the information systems?

Question837: Complete the following sentence. A message can be encrypted, which provides:

Question838: According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles?

Question839: Which of the following access control techniques BEST gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure?

Question840: A demilitarized zone is:

Question841: What does it mean to say that sensitivity labels are "incomparable"?

Question842: Which of the following activities would not be included in the contingency planning process phase?

Question843: Which security model introduces access to objects only through programs?

Question844: Which access control model is also called Non-Discretionary Access Control (NDAC)?

Question845: To be in compliance with the Montreal Protocol, which of the following options can be taken to refill a Halon flooding system in the event that Halon is fully discharged in the computer room?

Question846: Within the legal domain what rule is concerned with the legality of how the evidence was gathered?

Question847: A system file that has been patched numerous times becomes infected with a virus. The anti-virus software warns that disinfecting the file may damage it.
What course of action should be taken?

Question848: You have been approached by one of your clients. They are interested in doing some security re- engineering. The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications. Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional, which model would you recommend to the client?

Question849: An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?

Question850: When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass:

Question851: FIPS-140 is a standard for the security of which of the following?

Question852: Which of the following is TRUE about link encryption?

Question853: In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class A network?

Question854: Who vouches for the binding between the data items in a digital certificate?

Question855: Which of the following is NOT a preventive operational control?

Question856: The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?

Question857: What can be BEST defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment?

Question858: In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering two questions:

Question859: When RAID runs as part of the operating system on the file server, it is an example of a:

Question860: Which of the following is NOT part of user provisioning?

Question861: Which of the following rules is LEAST likely to support the concept of least privilege?

Question862: Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following?

Question863: Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings?

Question864: Which of the following services relies on UDP?

Question865: During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?

Question866: Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes?

Question867: What is surreptitious transfer of information from a higher classification compartment to a lower classification compartment without going through the formal communication channels?

Question868: Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?

Question869: What is NOT included in a data dictionary?

Question870: Which of the following should be performed by an operator?

Question871: What attack involves the perpetrator sending spoofed packet(s) which contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host?

Question872: Within the context of the CBK, which of the following provides a MINIMUM level of security ACCEPTABLE for an environment?

Question873: The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept:

Question874: Complete the following sentence. A digital signature is a:

Question875: Which of the following should NOT be performed by an operator?

Question876: Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

Question877: The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:

Question878: 2
According to ISC , what should be the fire rating for the internal walls of an information processing facility?

Question879: Controlling access to information systems and associated networks is necessary for the preservation of their:

Question880: Which of the following best defines a Computer Security Incident Response Team (CSIRT)?

Question881: Which of the following is a fraud detection method whereby employees are moved from position to position?

Question882: Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except:

Question883: A shared resource matrix is a technique commonly used to locate:

Question884: What is used to bind a document to its creation at a particular time?

Question885: What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent?

Question886: In an SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?

Question887: What is the access protection system that limits connections by calling back the number of a previously authorized location called?

Question888: The end result of implementing the principle of least privilege means which of the following?

Question889: Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is NOT true?

Question890: Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes?

Question891: The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?

Question892: Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple?

Question893: Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet?

Question894: The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?

Question895: The MOST common threat that impacts a business's ability to function normally is:

Question896: Which Orange Book evaluation level is described as "Verified Design"?

Question897: Which division of the Orange Book deals with discretionary protection (need-to-know)?

Question898: Prior to a live disaster test also called a Full Interruption test, which of the following is most important?

Question899: Which of the following is NOT an asymmetric key algorithm?

Question900: Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to certify a product or system.

Question901: Which approach to a security program ensures people responsible for protecting the company's assets are driving the program?

Question902: When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address?

Question903: If an employee's computer has been used by a fraudulent employee to commit a crime, the hard disk may be seized as evidence and once the investigation is complete it would follow the normal steps of the Evidence Life Cycle. In such case, the Evidence life cycle would not include which of the following steps listed below?

Question904: Which encryption algorithm is BEST suited for communication with handheld wireless devices?

Question905: What can best be defined as high-level statements, beliefs, goals and objectives?

Question906: Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options?

Question907: An Ethernet address is composed of how many bits?

Question908: Which of the following statements pertaining to access control is FALSE?

Question909: Which one of the following is usually not a benefit resulting from the use of firewalls?

Question910: Which of the following computer crime is MORE often associated with INSIDERS?

Question911: What type of key would you find within a browser's list of trusted root CAs?

Question912: Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions?

Question913: Which of the following is a Microsoft technology for communication among software components distributed across networked computers?

Question914: The act of requiring two of the three factors to be used in the authentication process refers to:

Question915: In Operations Security trusted paths provide:

Question916: In the context of Biometric authentication, there is a quick way to compare the accuracy of devices. In general, the devices that have the lowest value would be the most accurate. Which of the following would be used to compare accuracy of devices?

Question917: What would you call an attack where an attacker can influence the state of the resource between check and use?
This attack can happen with shared resources such as files, memory, or even variables in multithreaded programs. This can cause the software to perform invalid actions when the resource is in an unexpected state. The steps followed by this attack are usually the following: the software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Question918: Unshielded Twisted Pair cabling is a:

Question919: How do you distinguish between a bridge and a router?

Question920: The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called:

Question921: Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?

Question922: Which of the following is NOT an example of a detective control?

Question923: An employee ensures all cables are shielded, builds concrete walls that extend from the true floor to the true ceiling and installs a white noise generator. What attack is the employee trying to protect against?

Question924: In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols?

Question925: Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys? This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?

Question926: At which layer of ISO/OSI does the fiber optics work?

Question927: Which of the following algorithms is used today for encryption in PGP?

Question928: Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?

Question929: A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include?

Question930: Which of the following is a symmetric encryption algorithm?

Question931: Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data?

Question932: Which of the following is NOT defined in the Internet Architecture Board (IAB) Ethics and the Internet (RFC
1087) as unacceptable and unethical activity?

Question933: PGP uses which of the following to encrypt data?

Question934: What is the three-way handshake sequence used to initiate TCP connections?

Question935: What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests?

Question936: Which of the following best describes the purpose of debugging programs?

Question937: Which type of security control is also known as "Logical" control?

Question938: Related to information security, confidentiality is the opposite of which of the following?

Question939: What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects?

Question940: Which of the following is an advantage of prototyping?

Question941: Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?

Question942: If your property Insurance has Replacement Cost Valuation (RCV) clause your damaged property will be compensated:

Question943: Which of the following is from the Internet Architecture Board (IAB) Ethics and the Internet (RFC 1087)?

Question944: Which of the following Kerberos components holds all users' and services' cryptographic keys?

Question945: Which of the following protocols is designed to send individual messages securely?

Question946: What is the primary role of cross certification?

Question947: Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of?

Question948: Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors?

Question949: The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something:

Question950: Which of the following statements regarding trade secrets is FALSE?

Question951: What are user interfaces that limit the functions that can be selected by a user called?

Question952: Which of the following can best define the "revocation request grace period"?

Question953: Which of the following asymmetric encryption algorithms is based on the difficulty of factoring LARGE numbers?

Question954: There is no way to completely abolish or avoid risks, you can only manage them. A risk free environment does not exist. If you have risks that have been identified, understood and evaluated to be acceptable in order to conduct business operations. What is this this approach to risk management called?

Question955: Which of the following is an advantage of a qualitative over a quantitative risk analysis?

Question956: The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?

Question957: Examine the following characteristics and identify which answer best indicates the likely cause of this behavior:
Core operating system files are hidden

Backdoor access for attackers to return

Permissions changing on key files

A suspicious device driver

Encryption applied to certain files without explanation

Logfiles being wiped

Question958: Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)?

Question959: Which of the following best describes remote journaling?

Question960: Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?

Question961: CobiT was developed from the COSO framework. Which of the choices below best describe the COSO's main objectives and purpose?

Question962: Which of the following is the correct set of assurance requirements for EAL 5?

Question963: Which of the following is NOT a common backup method?

Question964: Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)?

Question965: Which of the following is required in order to provide accountability?

Question966: An Architecture where there are more than two execution domains or privilege levels is called:

Question967: What is the PRIMARY purpose of using redundant array of inexpensive disks (RAID) level zero?

Question968: What is called the formal acceptance of the adequacy of a system's overall security by the management?

Question969: Which of the following statements pertaining to software testing approaches is correct?

Question970: A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is:

Question971: Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of:

Question972: Which of the following is NOT a common integrity goal?

Question973: What is the purpose of Trusted Distribution?

Question974: Which of the following statements is NOT true of IPSec Transport mode?

Question975: Which of the following is an example of discretionary access control?

Question976: What is considered the MOST important type of error to avoid for a biometric access control system?

Question977: Which of the following term BEST describes a weakness that could potentially be exploited?

Question978: Which BEST describes a tool (i.e. keyfob, calculator, memory card or smart card) used to supply dynamic passwords?

Question979: Which of the following is a drawback of fiber optic cables?

Question980: Which of the following determines that the product developed meets the projects goals?

Question981: Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix?

Question982: Which of the following can best be defined as a key recovery technique for storing knowledge of a cryptographic key by encrypting it with another key and ensuring that only certain third parties can perform the decryption operation to retrieve the stored key?

Question983: Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms?

Question984: Valuable paper insurance coverage does cover damage to which of the following?

Question985: What is the Biba security model concerned with?

Question986: What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores into an array, the attacker sends a spoofed icmp echo request to each of those addresses in series and starts again. The spoofed IP address used by the attacker as the source of the packets is the target/ victim IP address.

Question987: Which one of the following is NOT a check for Input or Information Accuracy in Software Development security?

Question988: Of the multiple methods of handling risks which we must undertake to carry out business operations, which one involves using controls to reduce the risk?

Question989: Which of the following cloud computing service model provides a way to rent operating systems, storage and network capacity over the Internet?

Question990: Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of its internals?

Question991: Which of the following should be allowed through a firewall to easy communication and usage by users?

Question992: Which of the following answer BEST relates to the type of risk analysis that involves committees, interviews, opinions and subjective input from staff?

Question993: One of the following statements about the differences between PPTP and L2TP is NOT true

Question994: Which of the following statements pertaining to block ciphers is NOT true?

Question995: Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?

Question996: Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards?

Question997: Which of the following can be defined as the set of allowable values that an attribute can take?

Question998: Which of the following would be the best reason for separating the test and development environments?

Question999: An effective information security policy should NOT have which of the following characteristic?

Question1000: What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?

Question1001: Which of the following results in the most devastating business interruptions?

Question1002: What is the MOST critical characteristic of a biometric identifying system?

Question1003: Failure of a contingency plan is usually:

Question1004: Under what conditions would the use of a Class C fire extinguisher be preferable to a Class A extinguisher?

Question1005: Which of the following offers confidentiality to an e-mail message?

Question1006: A periodic review of user account management should NOT determine:

Question1007: An attack that involves a fraudster tricking a user into making inappropriate security decisions is known as:

Question1008: A DMZ is also known as a:

Question1009: At which of the Orange Book evaluation levels is configuration management required?

Question1010: An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n):

Question1011: Which of the following is not a property of the Rijndael block cipher algorithm?

Question1012: Which of the following are additional access control objectives?

Question1013: The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis?

Question1014: Buffer overflow and boundary condition errors are subsets of which of the following?

Question1015: The major objective of system configuration management is which of the following?

Question1016: What algorithm has been selected as the AES algorithm, replacing the DES algorithm?

Question1017: What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?

Question1018: Which Orange book security rating introduces the object reuse protection?

Question1019: Why does fiber optic communication technology have significant security advantage over other transmission technology?

Question1020: Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?

Question1021: Virus scanning and content inspection of S/MIME encrypted e-mail without doing any further processing is:

Question1022: What attribute is included in a X.509-certificate?

Question1023: Which backup method is used if backup time is critical and tape space is at an extreme premium?

Question1024: A prolonged power supply that is below normal voltage is a:

Question1025: What key size is used by the Clipper Chip?

Question1026: Which of the following describes a computer processing architecture in which a language compiler or pre- processor breaks program instructions down into basic operations that can be performed by the processor at the same time?

Question1027: This OSI layer has a service that negotiates transfer syntax and translates data to and from the transfer syntax for users, which may represent data using different syntaxes. At which of the following layers would you find such service?

Question1028: Which of the following ensures that a TCB is designed, developed, and maintained with formally controlled standards that enforces protection at each stage in the system's life cycle?

Question1029: What setup should an administrator use for regularly testing the strength of user passwords?

Question1030: Which of the following is NOT a proper component of Media Viability Controls?

Question1031: Which of the following protocols operates at the session layer (layer 5)?

Question1032: Which of the following is an advantage of using a high-level programming language?

Question1033: A Business Continuity Plan should be tested:

Question1034: Which is the last line of defense in a physical security sense?

Question1035: You are a security consultant who is required to perform penetration testing on a client's network. During penetration testing, you are required to use a compromised system to attack other systems on the network to avoid network restrictions like firewalls.
Which method would you use in this scenario:

Question1036: You are a manager for a large international bank and periodically move employees between positions in your department. What is this process called?

Question1037: RADIUS incorporates which of the following services?

Question1038: Which of the following represents the columns of the table in a relational database?

Question1039: Why do buffer overflows happen? What is the main cause?

Question1040: Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems?

Question1041: In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices?

Question1042: Which of the following would be best suited to oversee the development of an information security policy?

Question1043: John is the product manager for an information system. His product has undergone under security review by an IS auditor. John has decided to apply appropriate security controls to reduce the security risks suggested by an IS auditor. Which of the following technique is used by John to treat the identified risk provided by an IS auditor?

Question1044: Which of the following is a NOT a guideline necessary to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations?

Question1045: Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing?

Question1046: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?

Question1047: Which of the following access control models introduces user security clearance and data classification?

Question1048: Which of the following is NOT a specific loss criteria that should be considered while developing a BIA?

Question1049: What are the four basic elements of Fire?

Question1050: What is the highest amount a company should spend annually on countermeasures for protecting an asset valued at $1,000,000 from a threat that has an annualized rate of occurrence (ARO) of once every five years and an exposure factor (EF) of 30%?

Question1051: One drawback of Application Level Firewall is that it reduces network performance due to the fact that it must analyze every packet and:

Question1052: What layer of the OSI/ISO model does Point-to-point tunneling protocol (PPTP) work at?

Question1053: Which of the following is often the GREATEST challenge of distributed computing solutions?

Question1054: Related to information security, integrity is the opposite of which of the following?

Question1055: Which of the following is a large hardware/software backup system that uses the RAID technology?

Question1056: Which one of the following authentication mechanisms creates a problem for mobile users?

Question1057: Which of the following security models introduced the idea of mutual exclusivity which generates dynamically changing permissions?

Question1058: The Orange Book describes four hierarchical levels to categorize security systems. Which of the following levels require mandatory protection?

Question1059: Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent.
The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that:

Question1060: What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?

Question1061: Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other?

Question1062: Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?

Question1063: What are cognitive passwords?

Question1064: Which of the following protects a password from eavesdroppers and supports the encryption of communication?

Question1065: What is the length of an MD5 message digest?

Question1066: Which International Organization for Standardization standard is commonly referred to as the 'common criteria'?

Question1067: At which temperature does damage start occurring to magnetic media?

Question1068: A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:

Question1069: Business Continuity and Disaster Recovery Planning (Primarily) addresses the:

Question1070: Address Resolution Protocol (ARP) interrogates the network by sending out a?

Question1071: Critical areas should be lighted:

Question1072: Which of the following is NOT a way to secure a wireless network?

Question1073: A host-based IDS is resident on which of the following?

Question1074: Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses?

Question1075: A database view is the results of which of the following operations?

Question1076: Which of the following algorithms is a stream cipher?

Question1077: What is the goal of the Maintenance phase in a common development process of a security policy?

Question1078: Which of the following questions is LESS likely to help in assessing controls over hardware and software maintenance?

Question1079: Which of the following is the most costly countermeasure to reducing physical security risks?

Question1080: This type of supporting evidence is used to help prove an idea or a point, however it cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence?

Question1081: Which of the following is NOT a form of detective technical control?

Question1082: Who should measure the effectiveness of Information System security related controls in an organization?

Question1083: Which of the following is NOT a security characteristic we need to consider while choosing a biometric identification system?

Question1084: In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?

Question1085: What is the MOST important step in business continuity planning?

Question1086: What is the difference between Advisory and Regulatory security policies?

Question1087: What can be defined as secret communications where the very existence of the message is hidden?

Question1088: Which of the following would BEST describe a Concealment cipher?

Question1089: What Cloud Deployment model consist of a cloud infrastructure provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units)? Such deployment model may be owned, managed, and operated by the organization, a third party, or some Combination of them, and it may exist on or off premises.

Question1090: Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used?

Question1091: Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic?

Question1092: What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

Question1093: Which of the following is NOT an example of an operational control?

Question1094: Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)?

Question1095: Which of the following was the FIRST mathematical model of a multilevel security policy used to define the concepts of a security state and mode of access, and to outline rules of access?

Question1096: How many bits is the effective length of the key of the Data Encryption Standard algorithm?

Question1097: Which of the following is a class C fire?

Question1098: Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

Question1099: At which OSI layer does SSL reside in?

Question1100: Which of the following best describes what would be expected at a "hot site"?

Question1101: SQL commands do not include which of the following?

Question1102: Which type of password provides maximum security because a new password is required for each new log-on?

Question1103: Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?

Question1104: This is a common security issue that is extremely hard to control in large environments. It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill. What BEST describes this scenario?

Question1105: Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:

Question1106: Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used)?

Question1107: Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA?

Question1108: You have been tasked with developing a Business Continuity Plan/Disaster Recovery (BCP/DR) plan. After several months of researching the various areas of the organization, you are ready to present the plan to Senior Management.
During the presentation meeting, the plan that you have dutifully created is not received positively. Senior Management is convinced that they need to enact your plan, nor are they prepared to invest any money in the plan.
What is the BEST reason, as to why Senior Management is not willing to enact your plan?

Question1109: Which of the following is often implemented by a one-for-one disk to disk ratio?

Question1110: Which of the following is used in database information security to hide information?

Question1111: Which of the following service is a distributed database that translate host name to IP address to IP address to host name?

Question1112: What is the MAIN objective of proper separation of duties?

Question1113: Of the various types of "Hackers" that exist, the ones who are not worried about being caught and spending time in jail and have a total disregard for the law or police force, are labeled as what type of hackers?

Question1114: Which of the following backup methods is most appropriate for off-site archiving?

Question1115: Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?

Question1116: Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?

Question1117: Which common backup method is the fastest on a daily basis?

Question1118: What is an error called that causes a system to be vulnerable because of the environment in which it is installed?

Question1119: Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)?

Question1120: ICMP and IGMP belong to which layer of the OSI model?

Question1121: Public key infrastructure (PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.
This infrastructure is based upon which of the following Standard?

Question1122: Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?

Question1123: Which of the following is NOT true of the Kerberos protocol?

Question1124: Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations?

Question1125: In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server?

Question1126: Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?

Question1127: What would BEST define risk management?

Question1128: Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard?

Question1129: Which Orange Book evaluation level is described as "Structured Protection"?

Question1130: Packet Filtering Firewalls can also enable access for:

Question1131: Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test?

Question1132: Which of the following is NOT true about IPSec Tunnel mode?

Question1133: Which of the following is NOT a symmetric key algorithm?

Question1134: Which of the following statements pertaining to protection rings is false?

Question1135: There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?

Question1136: Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing.
Which of following assure the Target of Evaluation (or TOE) is methodically designed, tested and reviewed?

Question1137: Which of the following statements pertaining to Secure Sockets Layer (SSL) is FALSE?

Question1138: Which of the following is most appropriate to notify an external user that session monitoring is being conducted?

Question1139: What algorithm was DES derived from?

Question1140: Which of the following media is MOST resistant to tapping?

Question1141: Within the realm of IT security, which of the following combinations best defines risk?

Question1142: What is the name of the FIRST mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?

Question1143: Which of the following is NOT a component of an Operations Security "triples"?

Question1144: Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server?

Question1145: In a database management system (DBMS), what is the "cardinality"?

Question1146: What is the essential difference between a self-audit and an independent audit?

Question1147: Which of the following statements pertaining to disaster recovery is incorrect?

Question1148: Which of the following is most relevant to determining the maximum effective cost of access control?

Question1149: Which of the following Common Data Network Services is used to share data files and subdirectories on file servers?

Question1150: Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control?

Question1151: The preliminary steps to security planning include all of the following EXCEPT which of the following?

Question1152: What is the Maximum Tolerable Downtime (MTD)?

Question1153: Which of the following is not a defined maturity level within the Software Capability Maturity Model?

Question1154: Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection?

Question1155: A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence?

Question1156: Tim is a network administrator of Acme Inc. He is responsible for configuring the network devices. John the new security manager reviews the configuration of the Firewall configured by Tim and identifies an issue.
This specific firewall is configured in failover mode with another firewall. A sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used by Tim while configuring the firewalls.
Which of the following should be used by Tim to ensure that no one can eavesdrop on the communication?

Question1157: Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided?

Question1158: The criteria for evaluating the legal requirements for implementing safeguards is to evaluate the cost (C) of instituting the protection versus the estimated loss (L) resulting from the exploitation of the corresponding vulnerability. Therefore, a legal liability may exists when:

Question1159: Which of the following media is MOST resistant to EMI interference?

Question1160: What does the * (star) integrity axiom mean in the Biba model?

Question1161: In Mandatory Access Control, sensitivity labels attached to object contain what information?

Question1162: Which answer BEST describes a computer software attack that takes advantage of a previously unpublished vulnerability?

Question1163: Which of the following is most affected by denial-of-service (DoS) attacks?

Question1164: Which of the following would best describe certificate path validation?

Question1165: Cryptography does NOT concern itself with which of the following choices?

Question1166: Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect?

Question1167: What assesses potential loss that could be caused by a disaster?

Question1168: What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple tuples with the same primary keys with each instance distinguished by a security level?

Question1169: Which of the following is not an element of a relational database model?

Question1170: Which one of the following is used to provide authentication and confidentiality for e-mail messages?

Question1171: Crackers today are MOST often motivated by their desire to:

Question1172: Of the following, which multiple access method for computer networks does 802.11 Wireless Local Area Network use?

Question1173: Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with:

Question1174: Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized?

Question1175: Password management falls into which control category?

Question1176: The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as
"_________________," RSA is quite feasible for computer use.

Question1177: How is Annualized Loss Expectancy (ALE) derived from a threat?

Question1178: Ensuring least privilege does NOT require:

Question1179: Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?

Question1180: As per the Orange Book, what are two types of system assurance?

Question1181: Which of the following control helps to identify an incident's activities and potentially an intruder?

Question1182: This type of control is used to ensure that transactions are properly entered into the system once.
Elements of this type of control may include counting data and time stamping it with the date it was entered or edited?

Question1183: What is the PRIMARY goal of incident handling?

Question1184: In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided?

Question1185: What can be defined as a momentary low voltage?

Question1186: Which of the following recovery plan test results would be most useful to management?

Question1187: The fact that a network-based IDS reviews packets payload and headers enables which of the following?

Question1188: Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network?

Question1189: Which of the following biometric devices has the lowest user acceptance level?

Question1190: Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?

Question1191: For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship.
IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos.
An unscrupulous fruit shipper, the "Association of Private Fruit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship
"S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?

Question1192: What is a hot-site facility?

Question1193: The Open Web Application Security Project (OWASP) Top Ten list of risks during the past several years.
The following items have been on the list for many years. What of the choices below represent threats that have been at the top of the list for many years?

Question1194: Which fire class can water be most appropriate for?

Question1195: Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product?

Question1196: Risk reduction in a system development life-cycle should be applied:

Question1197: Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following?

Question1198: How often should tests and disaster recovery drills be performed?

Question1199: Which of the following pairings uses technology to enforce access control policies?

Question1200: Which of the following refers to the data left on the media after the media has been erased?

Question1201: What can be defined as: It confirms that users' needs have been met by the supplied solution?

Question1202: Which of the following control pairings include: organizational policies and procedures, pre-employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?

Question1203: Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses?

Question1204: Which of the following are the two commonly defined types of covert channels?

Question1205: Which of the following is used to create and modify the structure of your tables and other objects in the database?

Question1206: A packet containing a long string of NOP's followed by a command is usually indicative of what?

Question1207: Which backup method does not reset the archive bit on files that are backed up?

Question1208: Which of the following access control models requires security clearance for subjects?

Question1209: Which of the following is NOT an example of corrective control?

Question1210: Attributable data should be:

Question1211: At which of the OSI/ISO model layer is IP implemented?

Question1212: Which of the following computer recovery sites is only partially equipped with processing equipment?

Question1213: One of the following assertions is NOT a characteristic of Internet Protocol Security (IPSec)

Question1214: There are basic goals of Cryptography. Which of the following most benefits from the process of encryption?

Question1215: The BIGGEST difference between System High Security Mode and Dedicated Security Mode is:

Question1216: An Intrusion Detection System (IDS) is what type of control?

Question1217: Which of the following statements pertaining to a security policy is NOT true?

Question1218: What is one disadvantage of content-dependent protection of information?

Question1219: Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited?

Question1220: Which of the following is not classified as "Security and Audit Frameworks and Methodologies"?

Question1221: Why are coaxial cables called "coaxial"?

Question1222: What is NOT an authentication method within IKE and IPsec?

Question1223: System reliability is increased by:

Question1224: Which of the following steps should be one of the FIRST steps performed in a Business Impact Analysis (BIA)?

Question1225: Tim's day to day responsibilities include monitoring health of devices on the network. He uses a Network Monitoring System supporting SNMP to monitor the devices for any anomalies or high traffic passing through the interfaces.
Which of the protocols would be BEST to use if some of the requirements are to prevent easy disclosure of the SNMP strings and authentication of the source of the packets?

Question1226: Which of the following tools is less likely to be used by a hacker?

Question1227: Which type of attack would a competitive intelligence attack best classify as?

Question1228: Which of the following is not a method to protect objects and the data within the objects?

Question1229: If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on:

Question1230: The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB
[Trusted Computing Base]." This statement is the formal requirement for:

Question1231: A public key algorithm that does both encryption and digital signature is which of the following?

Question1232: Which of the following is the primary security feature of a proxy server?

Question1233: In regards to information classification what is the main responsibility of information (data) owner?

Question1234: MOST access violations are:

Question1235: Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access?

Question1236: Step-by-step instructions used to satisfy control requirements are called a:

Question1237: Which of the following usually provides reliable, real-time information without consuming network or host resources?

Question1238: Which of the following is a not a preventative control?

Question1239: Which of the following is a Hashing Algorithm?

Question1240: The RSA Algorithm uses which mathematical concept as the basis of its encryption?

Question1241: What is the maximum number of different keys that can be used when encrypting with Triple DES?

Question1242: Due care is not related to:

Question1243: Which of the following statements pertaining to quantitative risk analysis is NOT true?

Question1244: Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?

Question1245: In a security context what are database views used for?

Question1246: Degaussing is used to clear data from all of the following media except:

Question1247: Which of the following encryption methods is known to be unbreakable?

Question1248: What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access?

Question1249: What is the 802.11 standard related to?

Question1250: The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level while level
4 is usually implemented at which of the following?

Question1251: Which of the following would NOT violate the Due Diligence concept?

Question1252: The exact requirements for the admissibility of evidence vary across legal systems and between different cases (e.g., criminal versus tort). At a more generic level, evidence should have some probative value, be relevant to the case at hand, and meet the following criteria which are often called the five rules of evidence:

Question1253: Which of the following biometrics devices has the highest Crossover Error Rate (CER)?

Question1254: Making sure that the data is accessible when and where it is needed is which of the following?

Question1255: Which of the following statements do apply to a hot site?

Question1256: Of the following, which is a specific loss criteria that should be considered while developing a BIA?

Question1257: Which of the following models does NOT include data integrity or conflict of interest?

Question1258: Many approaches to Knowledge Discovery in Databases (KDD) are used to identify valid and useful patterns in data. This is an evolving field of study that includes a variety of automated analysis solutions such as Data Mining. Which of the following is not an approach used by KDD?

Question1259: Which security model uses division of operations into different parts and requires different users to perform each part?

Question1260: Kerberos is vulnerable to replay in which of the following circumstances?

Question1261: In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?

Question1262: The ISO/IEC 27001:2005 is a standard for:

Question1263: Whose role is it to assign classification level to information?

Question1264: Network-based Intrusion Detection systems:

Question1265: Which of the following is commonly used for retrofitting multilevel security to a database management system?

Question1266: A prolonged high voltage is a:

Question1267: Which of the following focuses on sustaining an organization's business functions during and after a disruption?

Question1268: Which of the following answers is the BEST example of Risk Transference?

Question1269: The authenticator within Kerberos provides a requested service to the client after validating which of the following?

Question1270: Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support?

Question1271: Which of the following is addressed by Kerberos?

Question1272: Configuration Management is a requirement for the following level(s) of the Orange Book?

Question1273: Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these items listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following?

Question1274: What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?

Question1275: Who should DECIDE how a company should approach security and what security measures should be implemented?

Question1276: Which of the following categories of hackers poses the greatest threat?

Question1277: Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated?

Question1278: The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram?

Question1279: Which category of law is also referenced as a Tort law?

Question1280: Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?

Question1281: Which of the following is TRUE related to network sniffing?

Question1282: Detective/Technical measures:

Question1283: Which of the following would describe a type of biometric error refers to as FASLE rejection rate?

Question1284: Which of the following describes a logical form of separation used by secure computing systems?

Question1285: Communications devices must operate:

Question1286: If an organization were to monitor their employees' e-mail, it should not:

Question1287: Which of the following is NOT a part of a risk analysis?

Question1288: Business rules can be enforced within a database through the use of

Question1289: Which of the following questions is less likely to help in assessing an organization's contingency planning controls?

Question1290: Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following database type?

Question1291: A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?

Question1292: Which of the following establishes the minimal national standards for certifying and accrediting national security systems?

Question1293: In the context of access control, locks, gates, guards are examples of which of the following?

Question1294: What is an IP routing table?

Question1295: Which Network Address Translation (NAT) is the MOST convenient and secure solution?

Question1296: The basic language of modems and dial-up remote access systems is:

Question1297: Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?

Question1298: Which of the following DoD Model layer provides non-repudiation services?