Question1: What is the BEST answer pertaining to the difference between the Session and Transport layers of the OSI model?
Question2: The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers 6 is which of the following?
Question3: Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address?
Question4: Which of the following is the preferred way to suppress an electrical fire in an information center?
Question5: What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources?
Question6: Which model, based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes, introduced five levels with which the maturity of an organization involved in the software process is evaluated?
Question7: Which BEST describes a tool (i.e. keyfob, calculator, memory card or smart card) used to supply dynamic passwords?
Question8: Which of the following biometrics devices has the highest Crossover Error Rate (CER)?
Question9: What is the MOST important step in business continuity planning?
Question10: Which Orange book security rating introduces the object reuse protection?
Question11: Password management falls into which control category?
Question12: Individual accountability does not include which of the following?
Question13: The primary service provided by Kerberos is which of the following?
Question14: In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.
Question15: What is the most effective means of determining that controls are functioning properly within an operating system?
Question16: To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up:
Question17: Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection?
Question18: Which of the following is NOT true about IPSec Tunnel mode?
Question19: In biometrics, "one-to-many" search against database of stored biometric images is done in:
Question20: Which of the following is NOT a way to secure a wireless network?
Question21: Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?
Question22: Which of the following protects a password from eavesdroppers and supports the encryption of communication?
Question23: The high availability of multiple all-inclusive, easy-to-use hacking tools that do NOT require much technical knowledge has brought a growth in the number of which type of attackers?
Question24: Which of the following is NOT a characteristic or shortcoming of packet filtering gateways?
Question25: Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to certify a product or system.
Question26: What can be defined as a table of subjects and objects indicating what actions individual subjects can take upon individual objects?
Question27: What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected?
Question28: RAID Level 1 is commonly called which of the following?
Question29: Access Control techniques do NOT include which of the following?
Question30: Which one of the following factors is NOT one on which Authentication is based?
Question31: An Intrusion Detection System (IDS) is what type of control?
Question32: Which type of password token involves time synchronization?
Question33: SQL commands do not include which of the following?
Question34: Which is the last line of defense in a physical security sense?
Question35: Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data?
Question36: When considering an IT System Development Life-cycle, security should be:
Question37: At which layer of ISO/OSI does the fiber optics work?
Question38: A Business Continuity Plan should be tested:
Question39: The act of requiring two of the three factors to be used in the authentication process refers to:
Question40: With regard to databases, which of the following has characteristics of ease of reusing code and analysis and reduced maintenance?
Question41: Which of the following defines when RAID separates the data into multiple units and stores it on multiple disks?
Question42: In telephony different types of connections are being used. The connection from the phone company's branch office to local customers is referred to as which of the following choices?
Question43: Which of the following would be LESS likely to prevent an employee from reporting an incident?
Question44: In the context of access control, locks, gates, guards are examples of which of the following?
Question45: Which of the following specifically addresses cyber-attacks against an organization's IT systems?
Question46: When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address?
Question47: At what stage of the applications development process should the security department become involved?
Question48: Which of the following is TRUE related to network sniffing?
Question49: Which of the following is addressed by Kerberos?
Question50: Which of the following protocols would BEST mitigate threats of sniffing attacks on web application traffic?
Question51: A periodic review of user account management should NOT determine:
Question52: Of the seven types of Access Control Categories, which is described as such?
Designed to specify rules of acceptable behavior in the organization.
Example: Policy stating that employees may not spend time on social media websites
Question53: What layer of the OSI/ISO model does Point-to-point tunneling protocol (PPTP) work at?
Question54: Which of the following security control is intended to avoid an incident from occurring?
Question55: What is the appropriate role of the security analyst in the application system development or acquisition project?
Question56: Which of the following can prevent hijacking of a web session?
Question57: Which of the following services is provided by S-RPC?
Question58: Business Continuity Planning (BCP) is defined as a preparation that facilitates:
Question59: Communications devices must operate:
Question60: What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?
Question61: Which of the following is TRUE about Kerberos?
Question62: Another type of access control is lattice-based access control. In this type of control a lattice model is applied. How is this type of access control concept applied?
Question63: PGP uses which of the following to encrypt data?
Question64: What algorithm has been selected as the AES algorithm, replacing the DES algorithm?
Question65: You are part of a security staff at a highly profitable bank and each day, all traffic on the network is logged for later review. Every Friday when major deposits are made you're seeing a series of bits placed in the
"Urgent Pointer" field of a TCP packet. This is only 16 bits which isn't much but it concerns you because:
Question66: In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on physical attributes of a person. This raised the necessity of answering two questions:
Question67: Who developed one of the first mathematical models of a multilevel-security computer system?
Question68: Which Network Address Translation (NAT) is the MOST convenient and secure solution?
Question69: Which of the following attack is also known as Time of Check(TOC)/Time of Use(TOU)?
Question70: Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:
Question71: Which virus category has the capability of changing its own code, making it harder to detect by anti-virus software?
Question72: Which RAID Level often implements a one-for-one disk to disk ratio?
Question73: Which access control model is BEST suited in an environment where a high security level is required and where it is desired that only the administrator grants access control?
Question74: Which of the following choices is a valid Public Key Cryptography Standard (PKCS) addressing RSA?
Question75: During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?
Question76: If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a:
Question77: Which of the following services is provided by S-RPC?
Question78: Which of the following is an issue with signature-based intrusion detection systems?
Question79: Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet?
Question80: Of the three types of alternate sites: hot, warm or cold, which is BEST described by the following facility description?
Configured and functional facility

Available with a few hours

Requires constant maintenance

Is expensive to maintain

Question81: Which of the following would best describe certificate path validation?
Question82: When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence:
Question83: All hosts on an IP network have a logical ID called a(n):
Question84: Which is NOT a suitable method for distributing certificate revocation information?
Question85: Which layer of the TCP/IP protocol stack corresponds to the ISO/OSI Network layer (layer 3)?
Question86: Which of the following was designed as a more fault-tolerant topology than Ethernet, and very resilient when properly implemented?
Question87: Which of the following access control models requires security clearance for subjects?
Question88: Which of the following testing method examines internal structure or working of an application?
Question89: During the initial stage of configuration of your firewall, which of the following rules appearing in an Internet firewall policy is inappropriate?
Question90: Another example of Computer Incident Response Team (CIRT) activities is:
Question91: When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass:
Question92: Which security model uses an access control triple and also requires separation of duty?
Question93: This OSI layer has a service that negotiates transfer syntax and translates data to and from the transfer syntax for users, which may represent data using different syntaxes. At which of the following layers would you find such service?
Question94: Rule-Based Access Control (RuBAC) access is determined by rules. Such rules would fit within what category of access control?
Question95: What IDS approach relies on a database of known attacks?
Question96: Which of the following is an advantage of proxies?
Question97: Which of the following is NOT a security goal for remote access?
Question98: Physical security is accomplished through proper facility construction, fire and water protection, anti-theft mechanisms, intrusion detection systems, and security procedures that are adhered to and enforced.
Which of the following is NOT a component that achieves this type of security?
Question99: What is the name of a one way transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string? Such a transformation cannot be reversed.
Question100: Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix?
Question101: In which mode of DES, will a block of plaintext and a key always give the same ciphertext?
Question102: Which Orange Book evaluation level is described as "Verified Design"?
Question103: Which of the following effectively doubles the amount of hard drives needed but also provides redundancy?
Question104: Secure Sockets Layer (SSL) uses a Message Authentication Code (MAC) for what purpose?
Question105: Behavioral-based systems are also known as?
Question106: What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization?
Question107: Which security model introduces access to objects only through programs?
Question108: Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks?
Question109: What is a password called that is the same for each log-on session?
Question110: Which of the following is most appropriate to notify an external user that session monitoring is being conducted?
Question111: A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:
Question112: A business continuity plan is an example of which of the following?
Question113: Which of the following answers presents the MOST significant threat to network based IDS or IPS systems?
Question114: What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?
Question115: Which of the following issues is not addressed by digital signatures?
Question116: Which of the following is the SIMPLEST type of firewall?
Question117: Matches between which of the following are important because they represent references from one relation to another and establish the connections among these relations?
Question118: Which of the following is implemented through scripts or smart agents that replay the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services?
Question119: Which of the following protects Kerberos against replay attacks?
Question120: Kerberos is vulnerable to replay in which of the following circumstances?
Question121: Which of the following will a Business Impact Analysis NOT identify?
Question122: Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation?
Question123: Which of the following represents the rows of the table in a relational database?
Question124: Which of the following offers security to wireless communications?
Question125: Which of the following services is provided by S-RPC?
Question126: What is NOT true with pre shared key authentication within IKE / IPsec protocol?
Question127: Which of the following questions is LESS likely to help in assessing physical access controls?
Question128: What is defined as the rules for communicating between computers on a Local Area Network (LAN)?
Question129: Which access control model was proposed for enforcing access control in government and military applications?
Question130: Which of the following can BEST eliminate dial-up access through a Remote Access Server as a hacking vector?
Question131: Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?
Question132: In a stateful inspection firewall, data packets are captured by an inspection engine that is operating at the:
Question133: A DMZ is located:
Question134: Configuration Management is a requirement for the following level(s) of the Orange Book?
Question135: What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values?
Question136: Which cable technology refers to the CAT3 and CAT5 categories?
Question137: The security of a computer application is MOST effective and economical in which of the following cases?
Question138: Why do buffer overflows happen? What is the main cause?
Question139: Which of the following statements pertaining to IPSec is NOT true?
Question140: In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?
Question141: What can be BEST defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment?
Question142: For competitive reasons, the customers of a large shipping company called the "Integrated International Secure Shipping Containers Corporation" (IISSCC) like to keep private the various cargos that they ship.
IISSCC uses a secure database system based on the Bell-LaPadula access control model to keep this information private. Different information in this database is classified at different levels. For example, the time and date a ship departs is labeled Unclassified, so customers can estimate when their cargos will arrive, but the contents of all shipping containers on the ship are labeled Top Secret to keep different shippers from viewing each other's cargos.
An unscrupulous fruit shipper, the "Association of Private Fruit Exporters, Limited" (APFEL) wants to learn whether or not a competitor, the "Fruit Is Good Corporation" (FIGCO), is shipping pineapples on the ship
"S.S. Cruise Pacific" (S.S. CP). APFEL can't simply read the top secret contents in the IISSCC database because of the access model. A smart APFEL worker, however, attempts to insert a false, unclassified record in the database that says that FIGCO is shipping pineapples on the S.S. CP, reasoning that if there is already a FIGCO-pineapple-SSCP record then the insertion attempt will fail. But the attempt does not fail, so APFEL can't be sure whether or not FIGCO is shipping pineapples on the S.S. CP.
What is the name of the access control model property that prevented APFEL from reading FIGCO's cargo information? What is a secure database technique that could explain why, when the insertion attempt succeeded, APFEL was still unsure whether or not FIGCO was shipping pineapples?
Question143: Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup?
Question144: Once evidence is seized, a law enforcement officer should emphasize which of the following?
Question145: Which of the following is a Wide Area Network that was originally funded by the Department of Defense, which uses TCP/IP for data interchange?
Question146: What is the maximum number of different keys that can be used when encrypting with Triple DES?
Question147: Frame relay and X.25 networks are part of which of the following?
Question148: Which of the following would be the best reason for separating the test and development environments?
Question149: Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?
Question150: Which of the following best describes signature-based detection?
Question151: Which of the following remote access authentication systems is the MOST robust?
Question152: What are the four basic elements of Fire?
Question153: Devices that supply power when the commercial utility power system fails are called which of the following?
Question154: Which of the following services relies on UDP?
Question155: Which of the following statements pertaining to IPSec is NOT true?
Question156: Which of the following statements do apply to a hot site?
Question157: A packet containing a long string of NOP's followed by a command is usually indicative of what?
Question158: Data which is properly secured and can be described with terms like genuine or not corrupted from the original refers to data that has a high level of what?
Question159: Layer 2 of the OSI model has two sublayers. What are those sublayers, and what are two IEEE standards that describe technologies at that layer?
Question160: Which of the following can be defined as a unique identifier in the table that unambiguously points to an individual tuple or record in the table?
Question161: Of the following, which is NOT a specific loss criteria that should be considered while developing a BIA?
Question162: Which of the following does not address Database Management Systems (DBMS) Security?
Question163: What is the percentage of valid subjects that are falsely rejected by a Biometric Authentication system called?
Question164: Which of the following statements relating to the Biba security model is FALSE?
Question165: Which of the following asymmetric encryption algorithms is based on the difficulty of factoring LARGE numbers?
Question166: What is NOT an authentication method within IKE and IPsec?
Question167: What is the length of an MD5 message digest?
Question168: In the Open Systems Interconnect (OSI) Reference Model, at what level are TCP and UDP provided?
Question169: What protocol is used on the Local Area Network (LAN) to obtain an IP address from its known MAC address?
Question170: Which of the following determines that the product developed meets the projects goals?
Question171: How often should tests and disaster recovery drills be performed?
Question172: How many bits compose an IPv6 address?
Question173: Common Criteria has assurance level from EAL 1 to EAL 7 regarding the depth of design and testing.
Which of following assure the Target of Evaluation (or TOE) is methodically designed, tested and reviewed?
Question174: Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged?
Question175: In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in?
Question176: The standard server port number for HTTP is which of the following?
Question177: In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected?
Question178: You work in a police department forensics lab where you examine computers for evidence of crimes. Your work is vital to the success of the prosecution of criminals.
One day you receive a laptop and are part of a two-man team responsible for examining it together.
However, it is lunch time and after receiving the laptop you leave it on your desk and you both head out to lunch.
What critical step in forensic evidence have you forgotten?
Question179: The main issue with RAID Level 1 is that the one-for-one ratio is:
Question180: Which of the following cable types is limited in length to 185 meters?
Question181: Which of the following activities would not be included in the contingency planning process phase?
Question182: What is the 802.11 standard related to?
Question183: Which of the following identifies the encryption algorithm selected by NIST for the new Advanced Encryption Standard?
Question184: What is an error called that causes a system to be vulnerable because of the environment in which it is installed?
Question185: Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part?
Question186: Sensitivity labels are an example of what application control type?
Question187: Which access control model would a lattice-based access control model be an example of?
Question188: Which of the following IEEE standards defines the token ring media access method?
Question189: Which of the following statements pertaining to disaster recovery planning is incorrect?
Question190: What is the greatest danger from DHCP?
Question191: Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the:
Question192: What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?
Question193: What sort of attack is described by the following: An attacker has a list of broadcast addresses which it stores into an array, the attacker sends a spoofed icmp echo request to each of those addresses in series and starts again. The spoofed IP address used by the attacker as the source of the packets is the target/ victim IP address.
Question194: Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)?
Question195: Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing?
Question196: You have been tasked with developing a Business Continuity Plan/Disaster Recovery (BCP/DR) plan. After several months of researching the various areas of the organization, you are ready to present the plan to Senior Management.
During the presentation meeting, the plan that you have dutifully created is not received positively. Senior Management is convinced that they need to enact your plan, nor are they prepared to invest any money in the plan.
What is the BEST reason, as to why Senior Management is not willing to enact your plan?
Question197: Packet Filtering Firewalls can also enable access for:
Question198: Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?
Question199: Which of the following transmission media would NOT be affected by cross talk or interference?
Question200: Which of the following statements is TRUE about data encryption as a method of protecting data?
Question201: Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec. Authentication Headers (AH) provides the following service except:
Question202: Which of the following allows two computers to coordinate in executing software?
Question203: Which of the following statements pertaining to biometrics is FALSE?
Question204: What is electronic vaulting?
Question205: A host-based IDS is resident on which of the following?
Question206: Which of the following security models introduced the idea of mutual exclusivity which generates dynamically changing permissions?
Question207: Which of the following questions is LESS likely to help in assessing identification and authentication controls?
Question208: Which of the following is NOT a countermeasure to traffic analysis?
Question209: Which layer of the TCP/IP protocol model defines the IP datagram and handles the routing of data across networks?
Question210: Which of the following is used to create parity information?
Question211: Which of the following statements relating to Distributed Computing Environment (DCE) is FALSE?
Question212: Which of the following is NOT part of the Kerberos authentication protocol?
Question213: Controls provide accountability for individuals who are accessing sensitive information. This accountability is accomplished:
Question214: In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected?
Question215: Which answer BEST describes a computer software attack that takes advantage of a previously unpublished vulnerability?
Question216: What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?
Question217: Ensuring that printed reports reach proper users and that receipts are signed before releasing sensitive documents are examples of:
Question218: Which of the following questions is LEAST likely to help in assessing controls covering audit trails?
Question219: Looking at the choices below, which ones would be the most suitable protocols/tools for securing e-mail?
Question220: Which of the following DoD Model layer provides non-repudiation services?
Question221: SMTP can best be described as:
Question222: In Operations Security trusted paths provide:
Question223: Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards?
Question224: Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?
Question225: What is the access protection system that limits connections by calling back the number of a previously authorized location called?
Question226: What does "System Integrity" mean?
Question227: What is the effective key size of DES?
Question228: Detective/Technical measures:
Question229: Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it?
Question230: Which of the following are the three classifications of RAID identified by the RAID Advisory Board?
Question231: Logical or technical controls involve the restriction of access to systems and the protection of information.
Which of the following statements pertaining to these types of controls is TRUE?
Question232: Which of the following services is provided by S-RPC?
Question233: Another name for a VPN is a:
Question234: In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:
Question235: Which of the following is a symmetric encryption algorithm?
Question236: Which conceptual approach to intrusion detection system is the MOST common?
Question237: Which of the following biometric parameters are better suited for authentication use over a long period of time?
Question238: Which of the following suppresses combustion by disrupting a chemical reaction, by doing so it kills the fire?
Question239: Which of the following is NOT a VPN communications protocol standard?
Question240: Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?
Question241: The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis?
Question242: Kerberos depends upon what encryption method?
Question243: The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?
Question244: What type of key would you find within a browser's list of trusted root CAs?
Question245: The MAIN issue with Level 1 of RAID is which of the following?
Question246: Which OSI/OSI layer defines the X.24, V.35, X.21 and HSSI standard interfaces?
Question247: What is the PRIMARY purpose of using redundant array of inexpensive disks (RAID) level zero?
Question248: Which of the following statements pertaining to packet filtering is NOT true?
Question249: A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is:
Question250: Which of the following is TRUE about link encryption?
Question251: What is the main focus of the Bell-LaPadula security model?
Question252: The Logical Link Control sub-layer is a part of which of the following?
Question253: You are using an open source packet analyzer called Wireshark and are sifting through the various conversations to see if anything appears to be out of order.
You are observing a UDP conversation between a host and a router. It was a file transfer between the two on port 69. What protocol was used here to conduct the file transfer?
Question254: Which of the following Kerberos components holds all users' and services' cryptographic keys?
Question255: Which software development model is actually a meta-model that incorporates a number of the software development models?
Question256: Risk reduction in a system development life-cycle should be applied:
Question257: Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?
Question258: What is an IP routing table?
Question259: Which authentication technique BEST protects against hijacking?
Question260: Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes?
Question261: Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?
Question262: Which of the following is not an EPA-approved replacement for Halon?
Question263: In the days before CIDR (Classless Internet Domain Routing), networks were commonly organized by classes. Which of the following would have been true of a Class A network?
Question264: Legacy single sign on (SSO) is:
Question265: What is the three-way handshake sequence used to initiate TCP connections?
Question266: A persistent collection of interrelated data items can be defined as which of the following?
Question267: Which of the following tape formats can be used to backup data systems in addition to its original intended audio uses?
Question268: Which of the following is NOT a common weakness of packet filtering firewalls?
Question269: What would you call a network security control deployed in line to detects, alerts, and takes action when a possible intrusion is detected.
Question270: Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other?
Question271: What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?
Question272: What is the maximum allowable key size of the Rijndael encryption algorithm?
Question273: Which of the following is NOT a critical security aspect of Operations Controls?
Question274: Which of the following statements pertaining to access control is FALSE?
Question275: An area of the Telecommunications and Network Security domain that directly affects the Information Systems Security tenet of Availability can be defined as:
Question276: Which of the following BEST describes Configuration Management controls?
Question277: Which of the following statements pertaining to Kerberos is TRUE?
Question278: A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes. Which of the following services is more likely to be of primary concern in the context of what your Disaster Recovery Plan would include?
Question279: Which of the following services is NOT provided by the digital signature standard (DSS)?
Question280: A 'Pseudo flaw' is which of the following?
Question281: Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of its internals?
Question282: Which of the following is most affected by denial-of-service (DoS) attacks?
Question283: A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?
Question284: When planning for disaster recovery it is important to know a chain of command should one or more people become missing, incapacitated or otherwise available to lead the organization.
Which of the following terms BEST describes this process?
Question285: Business Impact Analysis (BIA) is about:
Question286: The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?
Question287: Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality?
Question288: Which of the following standards concerns digital certificates?
Question289: In regards to the query function of relational database operations, which of the following represent implementation procedures that correspond to each of the low-level operations in the query?
Question290: A packet filtering firewall looks at the data packet to get information about the source and destination addresses of an incoming packet, the protocol (TCP, UDP, or ICMP), and the source and destination port for the:
Question291: What does the Clark-Wilson security model focus on?
Question292: Which of the following is NOT a component of an Operations Security "triples"?
Question293: What is the framing specification used for transmitting digital signals at 1.544 Mbps on a T1 facility?
Question294: Which of the following services is provided by S-RPC?
Question295: Why would anomaly detection IDSs often generate a large number of false positives?
Question296: Which of the following is an advantage of using a high-level programming language?
Question297: What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable?
Question298: Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system. It does not permit management to:
Question299: What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests?
Question300: In what way could Java applets pose a security threat?
Question301: Which of the following does NOT apply to system-generated passwords?
Question302: You are an information systems security officer at a mid-sized business and are called upon to investigate a threat conveyed in an email from one employee to another.
You gather the evidence from both the email server transaction logs and from the computers of the two individuals involved in the incident and prepare an executive summary.
You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat says he didn't send the email in question.
What concept of PKI - Public Key Infrastructure will implicate the sender?
Question303: Which of the following modes of DES is MOST likely used for Database Encryption?
Question304: Which of the following encryption methods is known to be unbreakable?
Question305: What is a decrease in amplitude as a signal propagates along a transmission medium BEST known as?
Question306: Which of the following can be defined as the set of allowable values that an attribute can take?
Question307: What is the MOST critical characteristic of a biometric identifying system?
Question308: Which of the following would not correspond to the number of primary keys values found in a table in a relational database?
Question309: Which of the following is the most reliable authentication method for remote access?
Question310: The first step in the implementation of the contingency plan is to perform:
Question311: Which of the following protocols operates at the session layer (layer 5)?
Question312: What is the PRIMARY use of a password?
Question313: The RSA Algorithm uses which mathematical concept as the basis of its encryption?
Question314: The fact that a network-based IDS reviews packets payload and headers enables which of the following?
Question315: Which layer defines how packets are routed between end systems?
Question316: What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?
Question317: Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?
Question318: An X.509 public key certificate with the key usage attribute "non-repudiation" can be used for which of the following?
Question319: What is the name for a substitution cipher that shifts the alphabet by 13 places?
Question320: Which of the following should be used as a replacement for Telnet for secure remote login over an insecure network?
Question321: Organizations should consider which of the following first before allowing external access to their LANs via the Internet?
Question322: What is the RESULT of a hash algorithm being applied to a message?
Question323: Which of the following statements pertaining to firewalls is NOT true?
Question324: Which type of control is concerned with restoring controls?
Question325: This type of supporting evidence is used to help prove an idea or a point, however it cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence?
Question326: During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first?
Question327: At what stage of the applications development process should the security department become involved?
Question328: Which RAID implementation is commonly called mirroring?
Question329: Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options?
Question330: Of the following, which multiple access method for computer networks does 802.11 Wireless Local Area Network use?
Question331: The viewing of recorded events after the fact using a closed-circuit TV camera is considered a
Question332: The steps of an access control model should follow which logical flow:
Question333: Complete the following sentence. A digital signature is a:
Question334: What is a characteristic of using the Electronic Code Book mode of DES encryption?
Question335: Which of the following is NOT a preventive login control?
Question336: Knowledge-based Intrusion Detection Systems (IDS) are more common than:
Question337: Why does fiber optic communication technology have significant security advantage over other transmission technology?
Question338: Which of the following is a drawback of fiber optic cables?
Question339: Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided?
Question340: Which of the following translates source code one command at a time for execution on a computer?
Question341: Compared to RSA, which of the following is true of Elliptic Curve Cryptography (ECC)?
Question342: Which of the following monitors network traffic in real time?
Question343: Which of the following Common Data Network Services is used to send and receive email internally or externally through an email gateway device?
Question344: Which must bear the primary responsibility for determining the level of protection needed for information systems resources?
Question345: Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design?
Question346: Which of the following media is MOST resistant to tapping?
Question347: Which of the following is the BIGGEST concern with firewall security?
Question348: Which of the following is NOT a true statement regarding the implementation of the 3DES modes?
Question349: Which of the following technologies has been developed to support TCP/IP networking over low-speed serial interfaces?
Question350: Which of the following proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses?
Question351: In IPSec, if the communication is to be gateway-to-gateway or host-to-gateway:
Question352: A network-based vulnerability assessment is a type of test also referred to as:
Question353: What is the primary difference between FTP and TFTP?
Question354: Which layer of the TCP/IP protocol model would BEST correspond to the OSI/ISO model's network layer?
Question355: Which of the following is not an element of a relational database model?
Question356: Which of the following is true of biometrics?
Question357: Which type of control is concerned with avoiding occurrences of risks?
Question358: Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets?
Question359: Which Orange Book evaluation level is described as "Structured Protection"?
Question360: Physically securing backup tapes from unauthorized access is obviously a security concern and is considered a function of the:
Question361: Which of the following services is provided by S-RPC?
Question362: What is the percentage at which the False Rejection Rate equals the False Acceptance Rate called?
Question363: Frame relay uses a public switched network to provide:
Question364: Which of the following is NOT true concerning Application Control?
Question365: Which of the following models does NOT include data integrity or conflict of interest?
Question366: Normalizing data within a database could include all or some of the following except which one?
Question367: Which of the following is used in database information security to hide information?
Question368: Which of the following Common Data Network Services is used to print documents to a shared printer or a print queue/spooler?
Question369: Which of the following algorithms does NOT provide hashing?
Question370: Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?
Question371: What is the name of the FIRST mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?
Question372: Which of the following should be allowed through a firewall to easy communication and usage by users?
Question373: Which access control model provides upper and lower bounds of access capabilities for a subject?
Question374: The only difference between RAID 3 and RAID 4 is that level 3 is implemented at the byte level while level
4 is usually implemented at which of the following?
Question375: The Clipper Chip utilizes which concept in public key cryptography?
Question376: Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of?
Question377: What is the Maximum Tolerable Downtime (MTD)?
Question378: Which of the following is NOT a component of IPSec?
Question379: Which of the following is NOT true of the Kerberos protocol?
Question380: Which of the following is NOT an example of an asymmetric key algorithm?
Question381: Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length?
Question382: In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?
Question383: Which of the following protocols does not operate at the data link layer (layer 2)?
Question384: This type of control is used to ensure that transactions are properly entered into the system once.
Elements of this type of control may include counting data and time stamping it with the date it was entered or edited?
Question385: The DES algorithm is an example of what type of cryptography?
Question386: What kind of certificate is used to validate a user identity?
Question387: Which of the following Common Data Network Services is used to share data files and subdirectories on file servers?
Question388: Which of the following represents the best programming?
Question389: The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?
Question390: Which of the following virus types changes some of its characteristics as it spreads?
Question391: Which backup method is used if backup time is critical and tape space is at an extreme premium?
Question392: Who is responsible for initiating corrective measures and capabilities used when there are security violations?
Question393: Which of the following is NOT a security characteristic we need to consider while choosing a biometric identification system?
Question394: What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?
Question395: The basic language of modems and dial-up remote access systems is:
Question396: Which RAID level concept is considered more expensive and is applied to servers to create what is commonly known as server fault tolerance?
Question397: Which fire class can water be most appropriate for?
Question398: What is a sequence of characters that is usually longer than the allotted number for a password called?
Question399: Which of the following is NOT an example of an operational control?
Question400: What is the difference between Access Control Lists (ACLs) and Capability Tables?
Question401: The primary purpose for using one-way hashing of user passwords within a password file is which of the following?
Question402: Common Criteria 15408 generally outlines assurance and functional requirements through a security evaluation process concept of ______________, ____________, __________ for Evaluated Assurance Levels (EALs) to certify a product or system.
Question403: Which of the following was designed to support multiple network types over the same serial link?
Question404: Which of the following security controls is intended to bring an environment back to regular operation?
Question405: What is the minimum static charge able to cause disk drive data loss?
Question406: Which of the following is a Microsoft technology for communication among software components distributed across networked computers?
Question407: Which access control model is also called Non-Discretionary Access Control (NDAC)?
Question408: RAID level 10 is created by combining which of the following?
Question409: In a known plaintext attack, the cryptanalyst has knowledge of which of the following?
Question410: Which of the following security models does NOT concern itself with the flow of data?
Question411: In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process?
Question412: Which of the following media is MOST resistant to EMI interference?
Question413: Which of the following is commonly used for retrofitting multilevel security to a database management system?
Question414: Which of the following attack is MOSTLY performed by an attacker to steal the identity information of a user such as credit card number, passwords, etc?
Question415: When attempting to establish liability, which of the following would be described as performing the ongoing maintenance necessary to keep something in proper working order, updated, effective, or to abide by what is commonly expected in a situation?
Question416: Which of the following is TRUE about digital certificate?
Question417: At which OSI layer does SSL reside in?
Question418: What is the percentage of invalid subjects that are falsely accepted by a Biometric authentication system called?
Question419: What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent?
Question420: Complete the blanks. When using PKI, I digitally sign a message using my ______ key. The recipient verifies my signature using my ______ key.
Question421: A hardware RAID implementation is usually:
Question422: Which of the following is NOT a form of detective technical control?
Question423: Which of the following access control techniques BEST gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure?
Question424: The Computer Security Policy Model the Orange Book is based on is which of the following?
Question425: Which of the following are required for Life-Cycle Assurance?
Question426: Suppose you are a domain administrator and are choosing an employee to carry out backups. Which access control method would be BEST for this scenario?
Question427: Which security model uses division of operations into different parts and requires different users to perform each part?
Question428: What works as an E-mail message transfer agent?
Question429: The Domain Name System (DNS) is a global network of:
Question430: Which of the following was developed by the National Computer Security Center (NCSC) for the US Department of Defense?
Question431: A Packet Filtering Firewall system is considered a:
Question432: What is a hot-site facility?
Question433: Which of the following is true about a "dry pipe" sprinkler system?
Question434: How many bits is the address space reserved for the source IP address within an IPv6 header?
Question435: Which of the following is NOT a characteristic of a host-based intrusion detection system?
Question436: Which port does the Post Office Protocol Version 3 (POP3) make use of?
Question437: Which of the following is NOT a correct notation for an IPv6 address?
Question438: Which of the following is electromagnetic interference (EMI) that is noise from the radiation generated by the difference between the hot and ground wires?
Question439: The throughput rate is the rate at which individuals, once enrolled, can be processed and identified or authenticated by a biometric system. Acceptable throughput rates are in the range of:
Question440: Which of the following would be an example of the BEST password?
Question441: Public key infrastructure (PKI) consists of programs, data formats, procedures, communication protocols, security policies, and public key cryptographic mechanisms working in a comprehensive manner to enable a wide range of dispersed people to communicate in a secure and predictable fashion.
This infrastructure is based upon which of the following Standard?
Question442: Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system?
Question443: Which of the following would be true about Static password tokens?
Question444: When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court?
Question445: When two or more separate entities (usually persons) operating in concert to protect sensitive functions or information must combine their knowledge to gain access to an asset, this is known as:
Question446: View the image below and identify the attack

Question447: Which of the following are additional access control objectives?
Question448: One of the following assertions is NOT a characteristic of Internet Protocol Security (IPSec)
Question449: The Diffie-Hellman algorithm is primarily used to provide which of the following?
Question450: Which of the following is a class A fire?
Question451: Which service usually runs on port 25?
Question452: Which of the following is LESS likely to be used today in creating a Virtual Private Network?
Question453: What attack involves the perpetrator sending spoofed packet(s) which contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host?
Question454: Which of the following ciphers is a subset on which the Vigenere polyalphabetic cipher was based on?
Question455: Application Layer Firewalls operate at the:
Question456: Which of the following would constitute the BEST example of a password to use for access to a system by a network administrator?
Question457: Which of the following is currently the most recommended water system for a computer room?
Question458: Which access control method allows the data owner (the person who created the file) to control access to the information they own?
Question459: How can an individual/person BEST be identified or authenticated to prevent local masquerading attacks?
Question460: Which of the following is a class C fire?
Question461: Which of the following backup methods makes a complete backup of every file on the server every time it is run?
Question462: Which of the following is often the GREATEST challenge of distributed computing solutions?
Question463: At what stage of the applications development process should the security department become involved?
Question464: Which layer deals with Media Access Control (MAC) addresses?
Question465: Which of the following items is NOT primarily used to ensure integrity?
Question466: Which of the following best describes what would be expected at a "hot site"?
Question467: Which of the following security-focused protocols has confidentiality services operating at a layer different from the others?
Question468: The MOST common threat that impacts a business's ability to function normally is:
Question469: Which access control model is also called Non-Discretionary Access Control (NDAC)?
Question470: Which of the following is often implemented by a one-for-one disk to disk ratio?
Question471: Which layer of the DoD TCP/IP model controls the communication flow between hosts?
Question472: A server cluster looks like a:
Question473: Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test?
Question474: What is Kerberos?
Question475: Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple?
Question476: Which of the following is an advantage of proxies?
Question477: Brute force attacks against encryption keys have increased in potency because of increased computing power. Which of the following is often considered a good protection against the brute force cryptography attack?
Question478: Which of the following backup method must be made regardless of whether Differential or Incremental methods are used?
Question479: Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?
Question480: Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?
Question481: Which of the following is NOT a symmetric key algorithm?
Question482: Asynchronous Communication transfers data by sending:
Question483: An intranet provides more security and control than which of the following:
Question484: What is called the number of columns in a table?
Question485: Address Resolution Protocol (ARP) interrogates the network by sending out a?
Question486: In the UTP category rating, the tighter the wind:
Question487: Which of the following is an advantage of prototyping?
Question488: Which access control model achieves data integrity through well-formed transactions and separation of duties?
Question489: Which of the following questions is LESS likely to help in assessing controls over hardware and software maintenance?
Question490: When RAID runs as part of the operating system on the file server, it is an example of a:
Question491: What is the primary goal of setting up a honey pot?
Question492: Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel?
Question493: Which backup method usually resets the archive bit on the files after they have been backed up?
Question494: What is the Biba security model concerned with?
Question495: Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)?
Question496: Which of the following statements pertaining to biometrics is FALSE?
Question497: Which Orange book security rating introduces security labels?
Question498: This type of backup management provides a continuous on-line backup by using optical or tape
"jukeboxes," similar to WORMs (Write Once, Read Many):
Question499: Which of the following are placeholders for literal values in a Structured Query Language (SQL) query being sent to the database on a server?
Question500: Which RAID implementation is commonly called mirroring?
Question501: In what LAN topology do all the transmissions of the network travel the full length of cable and are received by all other stations?
Question502: You have been approached by one of your clients. They are interested in doing some security re- engineering. The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications. Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional, which model would you recommend to the client?
Question503: The type of discretionary access control (DAC) that is based on an individual's identity is also called:
Question504: Which one of the following is usually not a benefit resulting from the use of firewalls?
Question505: Which TCSEC (Orange Book) rating or level requires the system to clearly identify functions of the security administrator to perform security-related functions?
Question506: Which of the following is a LAN transmission method?
Question507: Which of the following BEST explains why computerized information systems frequently fail to meet the needs of users?
Question508: The description of the database is called a schema. The schema is defined by which of the following?
Question509: Java is not:
Question510: Which of the following is one of the oldest and most common problem in software development that is still very prevalent today?
Question511: According to the Orange Book, which security level is the first to require a system to protect against covert timing channels?
Question512: The three classic ways of authenticating yourself to the computer security software are: something you know, something you have, and something:
Question513: Which of the following devices enables more than one signal to be sent out simultaneously over one physical circuit?
Question514: In order to be able to successfully prosecute an intruder:
Question515: Which of the following is NOT true of Secure Sockets Layer (SSL)?
Question516: In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below. Can you identify which one of these actions has compromised the whole evidence collection process?
Question517: In the Bell-LaPadula model, the *-property (Star-property) is also called:
Question518: Which of the following computer recovery sites is only partially equipped with processing equipment?
Question519: Which of the following statements pertaining to packet switching is NOT true?
Question520: Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:
Question521: Which of the following server contingency solutions offers the highest availability?
Question522: When backing up an applications system's data, which of the following is a key question to be answered first?
Question523: Which backup method does not reset the archive bit on files that are backed up?
Question524: Which of the following answers best describes the type of penetration testing where the analyst has full knowledge of the network on which he is going to perform his test?
Question525: Which of the following is a not a preventative control?
Question526: Public Key Infrastructure (PKI) uses asymmetric key encryption between parties. The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent.
The recipients use their own "private" key to decrypt the information. The "Infrastructure" of this methodology ensures that:
Question527: Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?
Question528: The communications products and services, which ensure that the various components of a network (such as devices, protocols, and access methods) work together refers to:
Question529: Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication. When one of these items listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following?
Question530: When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first?
Question531: Which of the following is NOT true of the Kerberos protocol?
Question532: Buffer overflow and boundary condition errors are subsets of which of the following?
Question533: Which of the following statements pertaining to Kerberos is TRUE?
Question534: According to the Orange Book, which security level is the first to require a system to support separate operator and system administrator roles?
Question535: Smart cards are an example of which type of control?
Question536: What kind of encryption technology does SSL utilize?
Question537: Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings?
Question538: What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?
Question539: How many bits is the effective length of the key of the Data Encryption Standard algorithm?
Question540: Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is NOT true?
Question541: Which of the following defines the software that maintains and provides access to the database?
Question542: What does the simple integrity axiom mean in the Biba model?
Question543: Which of the following LAN devices only operates at the physical layer of the OSI/ISO model?
Question544: The exact requirements for the admissibility of evidence vary across legal systems and between different cases (e.g., criminal versus tort). At a more generic level, evidence should have some probative value, be relevant to the case at hand, and meet the following criteria which are often called the five rules of evidence:
Question545: Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers?
Question546: What physical characteristic does a retinal scan biometric device measure?
Question547: Which of the following plan provides procedures for sustaining essential business operations while recovering from significant disruption?
Question548: Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?
Question549: Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court?
Question550: Which of the following methods of providing telecommunications continuity involves the use of an alternative media?
Question551: A demilitarized zone is:
Question552: Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number?
Question553: The RSA algorithm is an example of what type of cryptography?
Question554: Which of the following answers is directly related to providing High Availability to your users?
Question555: One drawback of Application Level Firewall is that it reduces network performance due to the fact that it must analyze every packet and:
Question556: Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?
Question557: Which of the following best describes remote journaling?
Question558: Which of the following is an advantage of proxies?
Question559: Why does compiled code pose more of a security risk than interpreted code?
Question560: Which of the following keys has the SHORTEST lifespan?
Question561: An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?
Question562: Secure Sockets Layer (SSL) is very heavily used for protecting which of the following?
Question563: At what stage of the applications development process should the security department become involved?
Question564: Which of the following can best define the "revocation request grace period"?
Question565: What are user interfaces that limit the functions that can be selected by a user called?
Question566: Hierarchical Storage Management (HSM) is commonly employed in:
Question567: Which of the following statements is NOT true of IPSec Transport mode?
Question568: Which of the following protocols is designed to send individual messages securely?
Question569: Tim is a network administrator of Acme Inc. He is responsible for configuring the network devices. John the new security manager reviews the configuration of the Firewall configured by Tim and identifies an issue.
This specific firewall is configured in failover mode with another firewall. A sniffer on a PC connected to the same switch as the firewalls can decipher the credentials, used by Tim while configuring the firewalls.
Which of the following should be used by Tim to ensure that no one can eavesdrop on the communication?
Question570: Which of the following organizations PRODUCES and PUBLISHES the Federal Information Processing Standards (FIPS)?
Question571: Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support?
Question572: What is considered the MOST important type of error to avoid for a biometric access control system?
Question573: Which of the following is the marriage of object-oriented and relational technologies combining the attributes of both?
Question574: Which device acting as a translator is used to connect two networks or applications from Layer 4 up to Layer 7 of the ISO/OSI Model?
Question575: Which of the following NAT firewall translation modes allows a large group of internal clients to share a single or small group of ROUTABLE IP addresses for the purpose of hiding their identities when communicating with external hosts?
Question576: Which of the following statements pertaining to the Bell-LaPadula model is TRUE if you are NOT making use of the strong star property?
Question577: The ideal operating humidity range is defined as 40 percent to 60 percent. Low humidity (less than 40 percent) can produce what type of problem on computer parts?
Question578: The authenticator within Kerberos provides a requested service to the client after validating which of the following?
Question579: You are a security consultant who is required to perform penetration testing on a client's network. During penetration testing, you are required to use a compromised system to attack other systems on the network to avoid network restrictions like firewalls.
Which method would you use in this scenario:
Question580: Single Sign-on (SSO) is characterized by which of the following advantages?
Question581: Which of the following item would best help an organization to gain a common understanding of functions that are critical to its survival?
Question582: After a company is out of an emergency state, what should be moved back to the original site first?
Question583: Proxies work by transferring a copy of each accepted data packet from one network to another, thereby masking the:
Question584: Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?
Question585: Which of the following Common Data Network Services allocates computing power resources among workstations with some shared resources centralized on a server?
Question586: Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control?
Question587: Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used)?
Question588: What setup should an administrator use for regularly testing the strength of user passwords?
Question589: Which of the following is not a property of the Rijndael block cipher algorithm?
Question590: Which of the following statements pertaining to ethical hacking is NOT true?
Question591: Which of the following is the primary security feature of a proxy server?
Question592: Which of the following statements pertaining to software testing is incorrect?
Question593: What is called an attack where the attacker spoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets?
Question594: Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exist.
Which of the basic method is more prone to false positive?
Question595: A confidential number used as an authentication factor to verify a user's identity is called a:
Question596: What are cognitive passwords?
Question597: Which of the following are well known ports assigned by the IANA?
Question598: The BIGGEST difference between System High Security Mode and Dedicated Security Mode is:
Question599: Domain Name Service is a distributed database system that is used to map:
Question600: What kind of encryption is realized in the S/MIME-standard?
Question601: Which encryption algorithm is BEST suited for communication with handheld wireless devices?
Question602: Knowledge-based Intrusion Detection Systems (IDS) are more common than:
Question603: Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?
Question604: The object-relational and object-oriented models are better suited to managing complex data such as required for which of the following?
Question605: FIPS-140 is a standard for the security of which of the following?
Question606: Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect?
Question607: The Secure Hash Algorithm (SHA-1) creates:
Question608: The "vulnerability of a facility" to damage or attack may be assessed by all of the following EXCEPT:
Question609: Which of the following is a Hashing Algorithm?
Question610: Which expert system operating mode allows determining if a given hypothesis is valid?
Question611: The DMZ does not normally contain:
Question612: To be admissible in court, computer evidence must be which of the following?
Question613: All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one. Which of the following would Be considered an essential element of the BIA but an important topic to include within the BCP plan?
Question614: Guards are appropriate whenever the function required by the security program involves which of the following?
Question615: Which of the following statements pertaining to using Kerberos without any extension is FALSE?
Question616: Which of the following was developed as a simple mechanism for allowing simple network terminals to load their operating system from a server over the LAN?
Question617: Which of the following service is a distributed database that translate host name to IP address to IP address to host name?
Question618: Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes?
Question619: The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called:
Question620: Which of the following is NOT an asymmetric key algorithm?
Question621: Which of the following is NOT a property of the Rijndael block cipher algorithm?
Question622: Which of the following would describe a type of biometric error refers to as FASLE rejection rate?
Question623: The BEST technique to authenticate to a system is to:
Question624: Which of the following stripes the data and the parity information at the block level across all the drives in the set?
Question625: The Physical Security domain focuses on three areas that are the basis to physically protecting enterprise's resources and sensitive information. Which of the following is NOT one of these areas?
Question626: When considering all the reasons that buffer overflow vulnerabilities exist what is the real reason?
Question627: A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence?
Question628: Which one of the following is a key agreement protocol used to enable two entities to agree and generate a session key (secret key used for one session) over an insecure medium without any prior secrets or communications between the entities? The negotiated key will subsequently be used for message encryption using Symmetric Cryptography.
Question629: Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes?
Question630: Which element must computer evidence have to be admissible in court?
Question631: During a business impact analysis it is concluded that a system has maximum tolerable downtime of 2 hours. What would this system be classified as?
Question632: Operations Security seeks to PRIMARILY protect against which of the following?
Question633: What is the PRIMARY goal of incident handling?
Question634: Which of the following best describes the purpose of debugging programs?
Question635: What is the role of IKE within the IPsec protocol?
Question636: In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?
Question637: Which access model is most appropriate for companies with a high employee turnover?
Question638: You are a criminal hacker and have infiltrated a corporate network via a compromised host and a misconfigured firewall. You find many targets inside the network but all appear to be hardened except for one. It has several notable vulnerable services and it therefore seems out of place with an otherwise secured network. (Except for the misconfigured firewall, of course) What is it that you are likely seeing here?
Question639: What does the * (star) integrity axiom mean in the Biba model?
Question640: Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet?
Question641: Which of the following protection devices is used for spot protection within a few inches of the object, rather than for overall room security monitoring?
Question642: Which one of the following authentication mechanisms creates a problem for mobile users?
Question643: One of the following statements about the differences between PPTP and L2TP is NOT true
Question644: Like the Kerberos protocol, SESAME is also subject to which of the following?
Question645: You wish to make use of "port knocking" technologies. How can you BEST explain this?
Question646: Which of the following is not a defined maturity level within the Software Capability Maturity Model?
Question647: Which of the following usually provides reliable, real-time information without consuming network or host resources?
Question648: Ding Ltd. is a firm specialized in intellectual property business. A new video streaming application needs to be installed for the purpose of conducting the annual awareness program as per the firm security program.
The application will stream internally copyrighted computer based training videos. The requirements for the application installation are to use a single server, low cost technologies, high performance and no high availability capacities.
In regards to storage technology, what is the most suitable configuration for the server hard drives?
Question649: An application layer firewall is also called a:
Question650: In regards to relational database operations using the Structure Query Language (SQL), which of the following is a value that can be bound to a placeholder declared within an SQL statement?
Question651: Complex applications involving multimedia, computer aided design, video, graphics, and expert systems are more suited to which of the following database type?
Question652: Which of the following represents a relation, which is the basis of a relational database?
Question653: What is the primary role of cross certification?
Question654: What would you call the process that takes advantages of the security provided by a transmission protocol by carrying one protocol over another?
Question655: What does the * (star) property mean in the Bell-LaPadula model?
Question656: What is the verification that the user's claimed identity is valid called and is usually implemented through a user password at log-on time?
Question657: A smart Card that has two chips with the Capability of utilizing both Contact and Contactless formats is called:
Question658: A business impact assessment is one element in business continuity planning. What are the three primary goals of a BIA?
Question659: Which type of password provides maximum security because a new password is required for each new log-on?
Question660: If an organization were to deploy only one Intrusion Detection System (IDS) sensor to protect its information system from the Internet:
Question661: The International Organization for Standardization / Open Systems Interconnection (ISO/OSI) Layer 7 does NOT include which of the following?
Question662: What would you call an attack where an attacker can influence the state of the resource between check and use?
This attack can happen with shared resources such as files, memory, or even variables in multithreaded programs. This can cause the software to perform invalid actions when the resource is in an unexpected state. The steps followed by this attack are usually the following: the software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
Question663: How many layers are defined within the US Department of Defense (DoD) TCP/IP Model?
Question664: Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors?
Question665: Which one of the following is NOT one of the outcomes of a vulnerability assessment?
Question666: Why would a database be denormalized?
Question667: Suppose that you are the COMSEC - Communications Security custodian for a large, multinational corporation. Susie, from Finance approaches you in the break room saying that she lost her smart ID card that she uses to digitally sign and encrypt emails in the PKI.
What happens to the certificates contained on the smart card after the security officer takes appropriate action?
Question668: What is one disadvantage of content-dependent protection of information?
Question669: In Synchronous dynamic password tokens:
Question670: When should a post-mortem review meeting be held after an intrusion has been properly taken care of?
Question671: Which of the following protocol is PRIMARILY used to provide confidentiality in a web based application thus protecting data sent across a client machine and a server?
Question672: Which of the following is a problem regarding computer investigation issues?
Question673: A virus is a program that can replicate itself on a system but not necessarily spread itself by network connections.
What is malware that can spread itself over open network connections?
Question674: Which of the following biometric devices offers the LOWEST CER?
Question675: Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product?
Question676: Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?
Question677: There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI). When we compare them side by side, Kerberos tickets correspond most closely to which of the following?
Question678: Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions?
Question679: Which of the following is NOT a type of motion detector?
Question680: Which of the following statements pertaining to VPN protocol standards is false?
Question681: Which protocol is used to send email?
Question682: What is the main problem of the renewal of a root CA certificate?
Question683: Which of the following is NOT a technique used to perform a penetration test?
Question684: At what stage of the applications development process should the security department become involved?
Question685: The Loki attack exploits a covert channel using which network protocol?
Question686: Which of the following is an IDS that acquires data and defines a "normal" usage profile for the network or host?
Question687: A circuit level proxy is ____________ when compared to an application level proxy.
Question688: Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams. This method allocates bandwidth dynamically to physical channels having information to transmit?
Question689: Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network?
Question690: Which of the following is the most costly countermeasure to reducing physical security risks?
Question691: When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called?
Question692: Which of the following is used to create and modify the structure of your tables and other objects in the database?
Question693: Who should measure the effectiveness of Information System security related controls in an organization?
Question694: A database view is the results of which of the following operations?
Question695: The equation used to calculate the total number of symmetric keys (K) needed for a group of users (N) to communicate securely with each other is given by which of the following?
Question696: Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?
Question697: Network-based Intrusion Detection systems:
Question698: Which of the following is required in order to provide accountability?
Question699: What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?
Question700: At what stage of the applications development process should the security department become involved?
Question701: RAID levels 3 and 5 run:
Question702: RADIUS incorporates which of the following services?
Question703: Which protocol's primary function is to facilitate file and directory transfer between two machines?
Question704: What is the essential difference between a self-audit and an independent audit?
Question705: What assesses potential loss that could be caused by a disaster?
Question706: When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?
Question707: Which of the following is TRUE of two-factor authentication?
Question708: At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?
Question709: Which disaster recovery plan test involves functional representatives meeting to review the plan in detail?
Question710: When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED?
Question711: Why would a memory dump be admissible as evidence in court?
Question712: In what way can violation of clipping levels assist in violation tracking and analysis?
Question713: Unshielded Twisted Pair cabling is a:
Question714: An Ethernet address is composed of how many bits?
Question715: At which of the OSI/ISO model layer is IP implemented?
Question716: Which of the following statements pertaining to disaster recovery is incorrect?
Question717: An intranet is an Internet-like logical network that uses:
Question718: Which of the following best describes the Secure Electronic Transaction (SET) protocol?
Question719: Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units. Such controls, also known as logical controls, represent which pairing?
Question720: How would nonrepudiation be BEST classified as?
Question721: Which of the following is the WEAKEST authentication mechanism?
Question722: Which of the following is NOT an advantage that TACACS+ has over TACACS?
Question723: In this type of attack, the intruder re-routes data traffic from a network device to a personal machine. This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization. Pick the BEST choice below.
Question724: Which of the following is not a physical control for physical security?
Question725: The spare drives that replace the failed drives are usually hot swappable, meaning they can be replaced on the server in which of the following scenarios?
Question726: What security model implies a central authority that defines rules and sometimes global rules, dictating what subjects can have access to what objects?
Question727: What does the simple security (ss) property mean in the Bell-LaPadula model?
Question728: Which of the following is NOT a two-factor authentication mechanism?
Question729: What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
Question730: What is the primary role of cross certification?
Question731: Which RAID implementation stripes data and parity at block level across all the drives?
Question732: Identity Management solutions include such technologies as Directories services, Single Sign-On and Web Access management. There are many reasons for management to choose an identity management solution.
Which of the following is a key management challenge regarding identity management solutions?
Question733: The older coaxial cable has been widely replaced with twisted pair, which is extremely easy to work with, inexpensive, and also resistant to multiple host failure at once, especially when used in one of the following topology:
Question734: Communications and network security relates to transmission of which of the following?
Question735: Which of the following biometric devices has the lowest user acceptance level?
Question736: Which of the following is NOT an example of preventive control?
Question737: Which of the following are the two commonly defined types of covert channels?
Question738: A public key algorithm that does both encryption and digital signature is which of the following?
Question739: Which of following is NOT a service provided by AAA servers (Radius, TACACS and DIAMETER)?
Question740: Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems?
Question741: Which backup type run at regular intervals would take the least time to complete?
Question742: Which of the following control helps to identify an incident's activities and potentially an intruder?
Question743: Which of the following would best describe the difference between white-box testing and black-box testing?
Question744: In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use:
Question745: In biometric identification systems, the parts of the body conveniently available for identification are:
Question746: Referential Integrity requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for which of the following?
Question747: Which xDSL flavor, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance?
Question748: What is the main concern with single sign-on?
Question749: Which of the following is the MOST secure firewall implementation?
Question750: What attribute is included in a X.509-certificate?
Question751: Which OSI/ISO layer defines how to address the physical devices on the network?
Question752: What algorithm was DES derived from?
Question753: For which areas of the enterprise are business continuity plans required?
Question754: Which of the following is TRUE of network security?
Question755: In SSL/TLS protocol, what kind of authentication is supported when you establish a secure session between a client and a server?
Question756: Complete the following sentence. A message can be encrypted, which provides:
Question757: Which of the following is NOT an example of a detective control?
Question758: Which of the following is a reasonable response from the Intrusion Detection System (IDS) when it detects Internet Protocol (IP) packets where the IP source address and port is the same as the destination IP address and port?
Question759: Which of the following characteristics pertaining to databases is NOT true?
Question760: Which of the following is used to create and modify the structure of your tables and other objects in the database?
Question761: Which of the following BEST ensures accountability of users for the actions taken within a system or domain?
Question762: Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?
Question763: When submitting a passphrase for authentication, the passphrase is converted into:
Question764: In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy.
The access controls may be based on:
Question765: In the context of Biometric authentication, there is a quick way to compare the accuracy of devices. In general, the devices that have the lowest value would be the most accurate. Which of the following would be used to compare accuracy of devices?
Question766: Which of the following is NOT a disadvantage of Single Sign On (SSO)?
Question767: Which of the following should NOT normally be allowed through a firewall?
Question768: During an IS audit, one of your auditors has observed that some of the critical servers in your organization can be accessed ONLY by using a shared/common user name and password. What should be the auditor's PRIMARY concern be with this approach?
Question769: Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users?
Question770: In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols?
Question771: Which of the following teams should NOT be included in an organization's contingency plan?
Question772: Which Orange book security rating is the FIRST to be concerned with covert channels?
Question773: Which of the following offers advantages such as the ability to use stronger passwords, easier password administration, one set of credential, and faster resource access?
Question774: Where in a PKI infrastructure is a list of revoked certificates stored?
Question775: What is the process that RAID Level 0 uses as it creates one large disk by using several disks?
Question776: Which of the following is NOT a system-sensing wireless proximity card?
Question777: Which of the following answers BEST describes the Bell La-Padula model of storage and access control of classified information?
Question778: What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple tuples with the same primary keys with each instance distinguished by a security level?
Question779: Which of the following cryptographic attacks describes when the attacker has a copy of the plaintext and the corresponding ciphertext?
Question780: Which security model ensures that actions that take place at a higher security level do not affect actions that take place at a lower level?
Question781: Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms?
Question782: What is RAD?