Question1: Which technique can be used to make an encryption scheme more resistant to a known plaintext attack?
Question2: The most prevalent cause of computer center fires is which of the following?
Question3: Which UTP cable category is rated for 16 Mbps?
Question4: DRAG DROP
Place the following information classification steps in sequential order.

Question5: Which of the following is considered the last line defense in regard to a Governance, Risk managements, and compliance (GRC) program?
Question6: Which of the following protocols is designed to send individual messages securely?
Question7: What is one disadvantage of content-dependent protection of information?
Question8: How often should an independent review of the security controls be
performed, according to OMB Circular A-130?
Question9: Which of the following is less likely to be included in the change control sub-phase of the maintenance phase of a software product?
Question10: Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions?
Question11: Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test?
Question12: Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel?
Question13: Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?
Question14: Which International Organization for Standardization standard is commonly referred to as the 'common criteria'?
Question15: Which access model is most appropriate for companies with a high employee turnover?
Question16: In a wireless General Packet Radio Services (GPRS) Virtual Private
Network (VPN) application, which of the following security protocols is commonly used?
Question17: Under intellectual property law what would you call information that companies keep secret to give them an advantage over their competitors?
Question18: Which step of the Risk Management Framework (RMF) identifies the initial set of baseline security controls?
Question19: Which one of the following should be employed to protect data against undetected corruption?
Question20: Which of the following is the simplest type of firewall?
Question21: Which of the following is NOT a specific loss criteria that should be considered while developing a BIA?
Question22: DRAG DROP
Place in order, from BEST (1) to WORST (4), the following methods to reduce the risk of data remanence on magnetic media.

Question23: Operations Security seeks to primarily protect against which of the following?
Question24: Frame-relay uses a public switched network to provide:
Question25: Which book of the Rainbow series addresses the Trusted Network
Interpretation (TNI)?
Question26: Which of the following is an ip address that is private (i.e. reserved for internal networks, and not a valid address to use on the internet)?
Question27: What BEST describes the National Security Agency-developed
Capstone?
Question28: What determines the level of security of a combination lock?
Question29: An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?
Question30: Which of the following would assist in intrusion detection?
Question31: ____________ is the means by which the ability to do something with a computer resource is explicitly enabled or restricted.
Question32: Which choice below represents an application or system demonstrating
a need for a high level of confidentiality protection and controls?
Question33: Directive controls are a form of change management policy and procedures. Which of the following subsections are recommended as part of the change management process?
Question34: Order the below steps to create an effective vulnerability management process.

Question35: Which of the following statements regarding an off-site information processing facility is TRUE?
Question36: A proxy firewall operates at what layer of the Open System Interconnection (OSI) model?
Question37: Which of the following is not a property of the Rijndael block cipher algorithm?
Question38: What does the simple integrity axiom mean in the Biba model?
Question39: Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings?
Question40: Which of the following cloud deployment model can be shared by several organizations?
Question41: Which Security and Audit Framework has been adopted by some organizations working towards Sarbanes
- Oxley Section 404 compliance?
Question42: Which of the following method is recommended by security professional to PERMANENTLY erase sensitive data on magnetic media?
Question43: Which of the following statements pertaining to air conditioning for an information processing facility is correct?
Question44: What size is an MD5 message digest (hash)?
Question45: You've decided to authenticate the source who initiated a particular transfer while ensuring integrity of the data being transferred. You can do this by:
Question46: RAID levels 3 and 5 run:
Question47: Which of the following secures web transactions at the Transport Layer?
Question48: Mandatory Access Controls (MAC) are based on:
Question49: When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called?
Question50: A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?
Question51: Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding". What does this mean?
Question52: Drag and Drop Question
Given a file containing ordered number, i.e. "123456789," match each of the following redundant Array of independent Disks (RAID) levels to the corresponding visual representation visual representation. Note: P() = parity.
Drag each level to the appropriate place on the diagram.

Question53: When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?
Question54: Which of the following is considered the PRIMARY security issue associated with encrypted e-mail messages?
Question55: A smart card represents:
Question56: What is NOT an authentication method within IKE and IPsec?
Question57: Why are mobile devices something difficult to investigate in a forensic examinition?
Question58: For an organization considering two-factor authentication for secure network access, which of the following is MOST secure?
Question59: You have been approached by one of your clients . They are interested in doing some security re-engineering . The client is looking at various information security models. It is a highly secure environment where data at high classifications cannot be leaked to subjects at lower classifications . Of primary concern to them, is the identification of potential covert channel. As an Information Security Professional , which model would you recommend to the client?
Question60: Which of the following is the most costly countermeasure to reducing physical security risks?
Question61: Making sure that the data has not been changed unintentionally, due to an accident or malice is:
Question62: Which of the following would present the higher annualized loss expectancy (ALE)?

Question63: Which of the following security models does NOT concern itself with the flow of data?
Question64: When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED?
Question65: What is a security requirement that is unique to Compartmented Mode Workstations (CMW)?
Question66: If an internal database holds a number of printers in every department and this equals the total number of printers for the whole organization recorded elsewhere in the database, it is an example of:
Question67: Which of the following is the biggest concern with firewall security?
Question68: Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) only provides which of the following?
Question69: Which of the following BEST describes the purpose of the security functional requirements of Common Criteria?
Question70: To be admissible in court, computer evidence must be which of the following?
Question71: What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?
Question72: The quality of finger prints is crucial to maintain the necessary:
Question73: To ensure dependable and secure logging, all computers must have their clock synchronized to:
Question74: Why do buffer overflows happen? What is the main cause?
Question75: Which of the following methods protects Personally Identifiable Information (PII) by use of a full replacement of the data element?
Question76: Identity Management solutions include such technologies as Directories services, Single
Sign-On and Web Access management. There are many reasons for management to choose an identity management solution.
Which of the following is a key management challenge regarding identity management solutions?
Question77: What is the maximum allowable key size of the Rijndael encryption algorithm?
Question78: A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws.
Which of the following is the PRIMARY motivation for the policy?
Question79: Which answer best describes a computer software attack that takes advantage of a previously unpublished vulnerability?
Question80: The type of authorized interactions a subject can have with an object is
Question81: In biometric identification systems, the parts of the body conveniently available for identification are:
Question82: A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?
Question83: The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?
Question84: What is Dumpster Diving?
Question85: Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution?
Question86: Which of the following is used to create parity information?
Question87: Which of the following type of lock uses a numeric keypad or dial to gain entry?
Question88: Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel?
Question89: Regarding risk reduction, which of the following answers is BEST defined by the process of giving only just enough access to information necessary for them to perform their job functions?
Question90: What attribute is included in a X.509-certificate?
Question91: Which of the following MUST a security policy include to be effective within an organization?
Question92: Which choice below BEST describes the difference between the System
Owner and the Information Owner?
Question93: In an object-oriented system, the situation wherein objects with a common name respond differently to a common set of operations is called:
Question94: Which of the following is NOT considered an element of a backup alternative?
Question95: Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?
Question96: Which of the following is not an Orange book-defined life cycle assurance requirement?
Question97: In an organization, an Information Technology security function should:
Question98: Crime Prevention Through Environmental Design (CPTED) is a discipline that:
Question99: Which of the following is a weakness of both statistical anomaly detection and pattern matching?
Question100: What is called an attack where the attacker spoofs the source IP address in an ICMP
ECHO broadcast packet so it seems to have originated at the victim's system, in order to flood it with REPLY packets?
Question101: Law enforcement officials in the United States, up until passage of the
Patriot Act (see Question 9), had extensive restrictions on search and
seizure as established in the Fourth Amendment to the U.S. Constitution.
These restrictions are still, essentially, more severe than those on private citizens, who are not agents of a government entity. Thus, internal investigators in an organization or private investigators are not subject to the same restrictions as government officials. Private individuals are not normally held to the same standards regarding search and seizure since they are not conducting an unconstitutional government search.
However, there are certain exceptions where the Fourth Amendment
applies to private citizens if they act as agents of the government/police.
Which of the following is NOT one of these exceptions?
Question102: In general, servers that are facing the Internet should be placed in a demilitarized zone (DMZ). What is MAIN purpose of the DMZ?
Question103: RAID Software can run faster in the operating system because neither use the hardware- level parity drives by?
Question104: Which of the following statements pertaining to Kerberos is TRUE?
Question105: Which access control would a lattice-based access control be an example of?
Question106: Which is a property of a circuit-switched network as opposed to a packetswitched
network?
Question107: Which of the following wraps the decryption key of a full disk encryption implementation and ties the hard disk drive to a particular device?
Question108: Application Layer Firewalls operate at the:
Question109: What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?
Question110: The computations involved in selecting keys and in enciphering data are complex, and are not practical for manual use. However, using mathematical properties of modular arithmetic and a method known as "_________________," RSA is quite feasible for computer use.
Question111: When developing a business case for updating a security program, the security program owner MUST do which of the following?
Question112: Which of the following is the PRIMARY benefit of a formalized information classification program?
Question113: You are using an open source packet analyzer called Wireshark and are sifting through the various conversations to see if anything appears to be out of order.
You are observing a UDP conversation between a host and a router. It was a file transfer between the two on port 69. What protocol was used here to conduct the file transfer?
Question114: Which of the following is best defined as an administrative declaration by a designated authority that an information system is approved to operate in a particular security configuration with a prescribed set of safeguards?
Question115: The standard server port number for HTTP is which of the following?
Question116: In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?
Question117: Which one of the following describes a reference monitor?
Question118: An internal Service Level Agreement (SLA) covering security is signed by senior managers and is in place. When should compliance to the SLA be reviewed to ensure that a good security posture is being delivered?
Question119: Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest?
Question120: Which of the following BEST mitigates a replay attack against a system using identity federation and Security Assertion Markup Language (SAML) implementation?
Question121: An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?
Question122: What mechanism does a system use to compare the security labels of a subject and an object?
Question123: What is the maximum key size for the RC5 algorithm?
Question124: Which of the following statements regarding trade secrets is FALSE?
Question125: The standard server port number for HTTP is which of the following?
Question126: In the access control matrix, the rows are:
Question127: A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?
Question128: Which is NOT a property of Fiber Optic cabling?
Question129: Which statement below is accurate about Evaluation Assurance Levels
(EALs) in the Common Criteria (CC)?
Question130: Making sure that only those who are supposed to access the data can access is which of the following?
Question131: What is NOT true of a star-wired topology?
Question132: Secure Sockets Layer (SSL) encryption protects
Question133: In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network?
Question134: Which of the following is not a compensating measure for access violations?
Question135: Security categorization of a new system takes place during which phase of the Systems Development Life Cycle (SDLC)?
Question136: Degaussing is used to clear data from all of the following media except:
Question137: Which of the following would BEST describe the role directly responsible for data within an organization?
Question138: Which of the following biometrics methods provides the HIGHEST accuracy and is LEAST accepted by users?
Question139: What is the MOST critical piece to disaster recovery and continuity planning?
Question140: The steps of an access control model should follow which logical flow:
Question141: Which one of the following can NOT typically be accomplished using a Man-in-the-middle attack?
Question142: Which entity of the US legal system makes common laws?
Question143: What is the PRIMARY role of a scrum master in agile development?
Question144: Which of the following provides effective management assurance for a Wireless Local Area
Network (WLAN)?
Question145: Which of the following is the final phase of the identity and access provisioning lifecycle?
Question146: Immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length (up to two kilometers in some cases) is?
Question147: A large corporation is locking for a solution to automate access based on where on request is coming from, who the user is, what device they are connecting with, and what time of day they are attempting this access. What type of solution would suit their needs?
Question148: This type of backup management provides a continuous on-line backup by using optical or tape "jukeboxes," similar to WORMs (Write Once, Read Many):
Question149: Which of the following is NOT a disadvantage of Single Sign On (SSO)?
Question150: Which of the following would be defined as an absence of safeguard that could be exploited?
Question151: Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?
Question152: Which of the following keys has the SHORTEST lifespan?
Question153: The environment that must be protected includes all personnel, equipment, data, communication devices, power supply and wiring. The necessary level of protection depends on the value of the data, the computer systems, and the company assets within the facility. The value of these items can be determined by what type of analysis?
Question154: What is the PRIMARY purpose of auditing, as it relates to the security review cycle?
Question155: Which choice below would NOT be considered a benefit of employing
incident-handling capability?
Question156: Which of the following is NOT considered a natural disaster?
Question157: Which access control model was proposed for enforcing access control in government and military applications?
Question158: Which of the following should NOT normally be allowed through a firewall?
Question159: Which category of law is also referenced as a Tort law?
Question160: Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?
Question161: Which one of the following can be identified when exceptions occur using operations security detective controls?
Question162: Which attack defines a piece of code that is inserted into software to trigger a malicious function?
Question163: A common Limitation of information classification systems is the INABILITY to
Question164: What is the key size of the International Data Encryption Algorithm (IDEA)?
Question165: Which of the following IEEE standards defines the token ring media access method?
Question166: What is the name for a substitution cipher that shifts the alphabet by 13 places?
Question167: What is one way to mitigate the risk of security flaws in custom software?
Question168: A new worm has been released on the Internet. After investigation, you have not been able to determine if you are at risk of exposure. Management is concerned as they have heard that a number of their counterparts are being affected by the worm. How could you determine if you are at risk?
Question169: Which of the following is the MOST important aspect relating to employee termination?
Question170: Which of the following is needed for System Accountability?
Question171: What is the term commonly used to refer to a technique of authenticating one machine to another by forging packets from a trusted source?
Question172: Which of the following violates identity and access management best practices?
Question173: Which of the following embodies all the detailed actions that personnel are required to follow?
Question174: An acceptable biometric throughput rate is:
Question175: Which is not one of the primary goals of BIA?
Question176: Which of the following does not apply to system-generated passwords?
Question177: When designing a vulnerability test, which one of the following is likely to give the BEST indication of what components currently operate on the network?
Question178: Which of the following is the primary advantage of segmenting Virtual Machines (VM) using physical networks?
Question179: What is called the probability that a threat to an information system will materialize?
Question180: In biometrics, a good measure of performance of a system is the:
Question181: A group of organizations follows the same access standards and practices. One manages the verification and due diligence processes for the others. For a user to access a resource from one of the organizations, a check is made to see if that user has been certified. Which Federated Identity Management (FIM) process is this an example of?
Question182: Which of the following are the advantages of using passphrase?
Question183: The type of discretionary access control that is based on an individual's identity is called:
Question184: What does the * (star) integrity axiom mean in the Biba model?
Question185: The termination of selected, non-critical processing when a hardware or software failure occurs and is detected is referred to as:
Question186: Which of the following methods MOST efficiently manages user accounts when using a third-party cloud-based application and directory solution?
Question187: Which of the following provides enterprise management with a prioritized list of time-critical business processes, and estimates a recovery time objective for each of the time critical processes and the components of the enterprise that support those processess?
Question188: Which of the following is true about digital certificate?
Question189: Which of the following would present the highert annualized loss expectancy (ALE)?

Question190: A computer system that employs the necessary hardware and software
assurance measures to enable it to process multiple levels of classified or
sensitive information is called a:
Question191: Business Associates
Question192: Which one of the following is a security issue related to aggregation in a database?
Question193: When two different keys encrypt a plaintext message into the same
ciphertext, this situation is known as:
Question194: Which of the following MUST be scalable to address security concerns raised by the integration of third- party identity services?
Question195: To what does logon abuse refer?
Question196: Which of the following is not a two-factor authentication mechanism?
Question197: In a PKI infrastructure where are list of revoked certificates stored?
Question198: Which of the following is a transaction redundancy implementation?
Question199: Password management falls into which control category?
Question200: From a security perspective, which of the following is a best practice to configure a Domain Name Service (DNS) system?
Question201: Which of the following RAID levels is not used in practice and was quickly superseded by the more flexible levels?
Question202: The fact that a network-based IDS reviews packets payload and headers enable which of the following?
Question203: What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests?
Question204: One important tool of computer forensics is the disk image backup. The
disk image backup is:
Question205: Which of the following testing method examines the functionality of an application without peering into its internal structure or knowing the details of it's internals?
Question206: What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?
Question207: A cryptographic algorithm is also known as:
Question208: What is the MOST important consideration from a data security perspective when an organization plans to relocate?
Question209: Which of the following is the key requirement for test results when implementing forensic procedures?
Question210: In order to avoid mishandling of media or information, you should consider using:
Question211: Match the functional roles in an external audit to their responsibilities.
Drag each role on the left to its corresponding responsibility on the right.
Select and Place:

Question212: In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate involvement with the risk being evaluated?
Question213: Which of the following risk handling technique involves the practice of passing on the risk to another entity, such as an insurance company?
Question214: Qualitative loss resulting from the business interruption does NOT usually include:
Question215: Enigma was:
Question216: Notifying the appropriate parties to take action in order to determine the extent of the severity of an incident and to remediate the incident's effects is part of:
Question217: Prior to a live disaster test, which of the following is most important?
Question218: Identify the component that MOST likely lacks digital accountability related to information access.
Click on the correct device in the image below.

Question219: You are comparing host based IDS with network based ID. Which of the following will you consider as an obvious disadvantage of host based IDS?
Question220: In the context of legal proceedings and trial practice, discovery refers to:
Question221: What is it called when a computer uses more than one CPU in parallel to execute instructions?
Question222: When implementing a data classification program, why is it important to avoid too much granularity?
Question223: Which protocol is used to send email?
Question224: In finger scan technology,
Question225: Which of the following operates at the Network Layer of the Open System Interconnection (OSI) model?
Question226: What is used to hide data from unauthorized users by allowing a relation in a database to contain multiple tuples with the same primary keys with each instance distinguished by a security level?
Question227: Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?
Question228: When designing a networked Information System (IS) where there will be several different types of individual access, what is the FIRST step that should be taken to ensure all access control requirements are addressed?
Question229: Within the company, desktop clients receive Internet Protocol (IP) address over Dynamic Host Configuration Protocol (DHCP).
Which of the following represents a valid measure to help protect the network against unauthorized access?
Question230: The Clark-Wilson Integrity Model (d. Clark, d. Wilson, A Comparison
of Commercial and Military Computer Security Policies, Proceedings of
the 1987 IEEE Computer Society Symposium on Research in Security and
Privacy, Los Alamitos, CA, IEEE Computer Society Press, 1987) focuses on what two concepts?
Question231: How should a doorway of a manned facility with automatic locks be configured?
Question232: A business continuity plan is an example of which of the following?
Question233: How do the Information Labels of Compartmented Mode Workstation differ from the
Sensitivity Levels of B3 evaluated systems?
Question234: Which of the following methods of providing telecommunications continuity involves the use of an alternative media?
Question235: What does CSMA stand for?
Question236: Which of the following encryption types is used in Hash Message Authentication Code (HMAC) for key distribution?
Question237: Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed. What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications?
Question238: In most security protocols that support authentication, integrity and confidentiality,
Question239: This backup method must be made regardless of whether Differential or Incremental methods are used.
Question240: Which of the following statements pertaining to software testing is incorrect?
Question241: Which of the following is NOT a known type of Message Authentication Code (MAC)?
Question242: For a given hash function H, to prevent substitution of a message M1 for
a message M2, it is necessary that:
Question243: Order the below steps to create an effective vulnerability management process.

Question244: At which layer of ISO/OSI does the fiber optics work?
Question245: What is the main concern with single sign-on?
Question246: Who should direct short-term recovery actions immediately following a disaster?
Question247: A group of processes that share access to the same resources is called:
Question248: Which choice is NOT an accurate description of C.I.A.?
Question249: What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at?
Question250: Which choice below is NOT considered an information classification role?
Question251: Data which is properly secured and can be described with terms like genuine or not corrupted from the original refers to data that has a high level of what?
Question252: The confidentiality of alcohol and drug abuse patient records maintained by this program is protected by federal law and regulations. Generally, the program may not say to a person outside the program that a patient attends the program, or disclose any information identifying a patient as an alcohol or drug abuser even if:
Question253: Which of the following RAID levels is not used in practice and was quickly superseded by the more flexible levels?
Question254: The Orange Book requires auditing mechanisms for any systems evaluated at which of the following levels?
Question255: In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
Question256: Why are computer generated documents not considered reliable?
Question257: Physical assets defined in an organization's Business Impact Analysis (BIA) could include which of the following?
Question258: Are there penalties under HIPAA?
Question259: What is the BEST answer pertaining to the difference between the Session and Transport layers of the OSI model?
Question260: Which choice below is the BEST description of operational assurance?
Question261: Which of the following statements pertaining to using Kerberos without any extension is FALSE?
Question262: Refer to the information below to answer the question.
An organization has hired an information security officer to lead their security department. The officer has adequate people resources but is lacking the other necessary components to have an effective security program. There are numerous initiatives requiring security involvement.
Which of the following is considered the MOST important priority for the information security officer?
Question263: Which of the following statements pertaining to firewalls is incorrect?
Question264: Which of the following is NOT a symmetric key algorithm?
Question265: Which of the following is an effective control in preventing electronic cloning of Radio Frequency Identification (RFID) based access cards?
Question266: In the Information Flow Model, what relates two versions of the same object?
Question267: Operations Security seeks to primarily protect against which of the following?
Question268: By examining the "state" and "context" of the incoming data packets, it helps to track the protocols that are considered "connectionless", such as UDP-based applications and
Remote Procedure Calls (RPC). This type of firewall system is used in?
Question269: Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number?
Question270: How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of the risk?
Question271: What does it mean to say that sensitivity labels are "incomparable"?
Question272: What are cognitive passwords?
Question273: Which term below BEST describes the concept of least privilege?
Question274: A business impact assessment is one element in business continuity planning. What are the three primary goals of a BIA?
Question275: The typical computer fraudsters are usually persons with which of the following characteristics?
Question276: Which property ensures that only the intended recipient can access the data and nobody else?
Question277: A user has infected a computer with malware by connecting a Universal Serial Bus (USB) storage device.
Which of the following is MOST effective to mitigate future infections?
Question278: The main approach to obtaining the true biometric information from a
collected sample of an individual's physiological or behavioral
characteristics is:
Question279: A chemical plan wants to upgrade the Industrial Control System (ICS) to transmit data using Ethernet instead of RS422. The project manager wants to simplify administration and maintenance by utilizing the office network infrastructure and staff to implement this upgrade.
Which of the following is the GREATEST impact on security for the network?
Question280: In Identity Management (IdM), when is the verification stage performed?
Question281: What is electronic vaulting?
Question282: Which of the following is the MOST relevant risk indicator after a penetration test?
Question283: The RSA Algorithm uses which mathematical concept as the basis of its encryption?
Question284: Which of the following answer BEST relates to the type of risk analysis that involves committees, interviews, opinions and subjective input from staff?
Question285: Which security access policy contains fixed security attributes that are used by the system to determine a user's access to a file or object?
Question286: Which of the following command line tools can be used in the reconnaisance phase of a network vulnerability assessment?
Question287: Acryptographic attack in which portions of the ciphertext are selected for
trial decryption while having access to the corresponding decrypted
plaintext is known as what type of attack?
Question288: A security professional is assessing the risk in an application and does not take into account any mitigating or compensating controls. This type of risk rating is an example of which of the following?
Question289: Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?
Question290: Business Impact Analysis (BIA) is about
Question291: Which of the following should be performed by an operator?
Question292: Which of the following statements pertaining to IPSec is incorrect?
Question293: A database administrator is asked by a high-ranking member of management to perform specific changes to the accounting system database. The administrator is specifically instructed to not track or evidence the change in a ticket. Which of the following is the BEST course of action?
Question294: Which of the following actions should be taken by a security professional when a mission critical computer network attack is suspected?
Question295: What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access?
Question296: Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?
Question297: A business has implemented Payment Card Industry Data Security Standard (PCI-DSS) compliant handheld credit card processing on their Wireless Local Area Network (WLAN) topology. The network team partitioned the WLAN to create a private segment for credit card processing using a firewall to control device access and route traffic to the card processor on the Internet. What components are in the scope of PCI-DSS?
Question298: Java is not:
Question299: An engineer in a software company has created a virus creation tool. The tool can generate thousands of polymorphic viruses. The engineer is planning to use the tool in a controlled environment to test the company's next generation virus scanning software. Which would BEST describe the behavior of the engineer and why?
Question300: What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
Question301: Which of the following is NOT a component of IPSec?
Question302: What is the MOST important step during forensic analysis when trying to learn the purpose of an unknown application?
Question303: Which of the following is NOT an encryption algorithm?
Question304: What is the most secure way to dispose of information on a CD-ROM?
Question305: Which of the following statements pertaining to VPN protocol standards is false?
Question306: The US department of Health, Education and Welfare developed a list of fair information practices focused on privacy of individually, personal indentifiable information. Which one of the following is incorrect?
Question307: Business Continuity and Disaster Recovery Planning (Primarily) addresses the:
Question308: Which of the following is a NOT a guideline necessary to enhance security in the critical Heating Ventilation Air Conditioning (HVAC) aspect of facility operations?
Question309: Which one of these statements about the key elements of a good configuration process is NOT true?
Question310: Which one of the following is NOT a check for Input or Information Accuracy in Software
Development security?
Question311: Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design?
Question312: What is the simple security property of which one of the following
models is described as:
A user has access to a client company's information, c, if and only if for
all other information, o, that the user can read, either x(c) z (o) or x(c)
= x (o), where x(c) is the client's company and z (o) is the competitors
of x(c).
Question313: In which phase of the System Development Lifecycle (SDLC) is Security Accreditation Obtained?
Question314: Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?
Question315: Which of the following statements pertaining to air conditioning for an information processing facility is TRUE?
Question316: According to the Orange Book, which security level is the first to require trusted recovery?
Question317: Which choices below are commonly accepted definitions for a
disaster? Select three.
Question318: Which International Organization for Standardization standard is commonly referred to as the 'common criteria'?
Question319: Compared with hardware cryptography, software cryptography is generally
Question320: What is an advantage of Elliptic Curve Cryptography (ECC)?
Question321: Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?
Question322: A Differential backup process will:
Question323: Which one of the following is an advantage of an effective release control strategy form a configuration control standpoint?
Question324: What is the PRIMARY reason that reciprocal agreements between independent organizations for backup processing capability are seldom used?
Question325: Which of the following is needed to securely distribute symmetric cryptographic keys?
Question326: An organization publishes and periodically updates its employee policies in a file on their intranet. Which of the following is a PRIMARY security concern?
Question327: The privacy provisions of the federal law, the Health Insurance Portability and Accountability Act of 1996 (HIPAA),
Question328: Which of the following refers to a US Government program that reduces
or eliminates emanations from electronic equipment?
Question329: The implementation of which features of an identity management system reduces costs and administration overhead while improving audit and accountability?
Question330: From a cryptographic perspective, the service of non-repudiation includes which of the following features?
Question331: Which of the following is an example of an active attack?
Question332: Which of the following is NOT a symmetric key algorithm?
Question333: Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used)?
Question334: A public key algorithm that does both encryption and digital signature is which of the following?
Question335: Which of the following statements pertaining to the Trusted Computer System Evaluation
Criteria (TCSEC) is incorrect?
Question336: Which of the following is NOT a media viability control used to protect the viability of data storage media?
Question337: Which one of the following considerations has the LEAST impact when considering transmission security?
Question338: A portion of a VigenEre cipher square is given below using five (1, 2, 14,
16, 22) of the possible 26 alphabets. Using the key word bow, which of
the following is the encryption of the word advance using the
VigenEre cipher?
Exhibit:

Question339: A group of independent servers, which are managed as a single system, that provides higher availability, easier manageability, and greater scalability is:
Question340: If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation. This implementation is sometimes called a:
Question341: Another type of artificial intelligence technology involves genetic
algorithms. Genetic algorithms are part of the general class known as:
Question342: Which of the following statements is incorrect?
Question343: Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect?
Question344: Which one the following is NOT one of the three major parts of the
Common Criteria (CC)?
Question345: Which of the following countermeasures would be the most appropriate to prevent possible intrusion or damage from wardialing attacks?
Question346: What is the company benefit, in terms of risk, for people taking a vacation of a specified minimum length?
Question347: Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?
Question348: Which statement below is accurate about the concept of Object Reuse?
Question349: What are the three conditions that must be met by the reference monitor?
Question350: Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?
Question351: What should be the INITIAL response to Intrusion Detection System/Intrusion Prevention System (IDS/IPS) alerts?
Question352: Which of the following is the MOST important consideration when developing a Disaster Recovery Plan (DRP)?
Question353: Which of the following are the three classifications of RAID identified by the RAID Advisory Board?
Question354: What is the BEST approach for controlling access to highly sensitive information when employees have the same level of security clearance?
Question355: Which of the following is NOT part of the Kerberos authentication protocol?
Question356: Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle?
Question357: Attributes that characterize an attack are stored for reference using which of the following Intrusion Detection System (IDS)?
Question358: As per the Orange Book, what are two types of system assurance?
Question359: Which of the following is a disadvantage of a memory only card?
Question360: Which RAID level concept is considered more expensive and is applied to servers to create what is commonly known as server fault tolerance?
Question361: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
Which of the following will MOST likely allow the organization to keep risk at an acceptable level?
Question362: Which of the following are additional terms used to describe knowledge-based IDS and behavior-based IDS?
Question363: What is the role of IKE within the IPsec protocol:
Question364: Address Resolution Protocol (ARP) interrogates the network by sending out a?
Question365: Which of the following is not a method to protect objects and the data within the objects?
Question366: Which of the following command line tools can be used in the reconnaissance phase of a network vulnerability assessment?
Question367: Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network?
Question368: Which of the following is a reason to institute output controls?
Question369: Which Hyper Text Markup Language 5 (HTML5) option presents a security challenge for network data leakage prevention and/or monitoring?
Question370: Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request?
Question371: Which of the following is an example of an asymmetric key algorithm?
Question372: Which Orange book security rating introduces security labels?
Question373: What can be defined as a digital certificate that binds a set of descriptive data items, other than a public key, either directly to a subject name or to the identifier of another certificate that is a public-key certificate?
Question374: Which of the following is typically NOT a consideration in the design of passwords?
Question375: Which of the following remote access authentication systems is the MOST robust?
Question376: Which type of fire extinguisher is most appropriate for a digital information processing facility?
Question377: Which of the following would BEST describe the role directly responsible for data within an organization?
Question378: Why do certificate Authorities (CA) add value to the security of electronic commerce transactions?
Question379: Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?
Question380: How can an individual/person BEST be identified or authenticated to prevent local masquerading attacks?
Question381: Which of the following provides the MOST secure method for Network Access Control (NAC)?
Question382: Match the name of access control model with its associated restriction.
Drag each access control model to its appropriate restriction access on the right.

Question383: Which of the following would best describe a cold backup site?
Question384: In which of the following programs is it MOST important to include the collection of security process data?
Question385: Which of the following embodies all the detailed actions that personnel are required to follow?
Question386: Which of the following is currently the most recommended water system for a computer room?
Question387: Why is lexical obfuscation in software development discouraged by many organizations?
Question388: Which of the following MUST be part of a contract to support electronic discovery of data
stored in a cloud environment?
Question389: Which of the following adds end-to-end security inside a Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) connection?
Question390: Which type of password token involves time synchronization?
Question391: Which of the following is a MAJOR consideration in implementing a Voice over IP (VoIP) network?
Question392: Which of the following items is NOT primarily used to ensure integrity?
Question393: Drag and Drop Question
Match the level of evaluation to the correct common criteria (CC) assurance level.
Drag each level of evaluation on the left to is corresponding CC assurance level on the right

Question394: The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept:
Question395: Which of the following provide network redundancy in a local network environment?
Question396: Which of the following is not an example of an operational control?
Question397: Which of the following concerning the Rijndael block cipher algorithm is false?
Question398: Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?
Question399: When in the Software Development Life Cycle (SDLC) MUST software security functional requirements be defined?
Question400: The British Standard 7799/ISO Standard 17799 discusses cryptographic
policies. It states, An organization should develop a policy on its use of cryptographic controls for protection of its information . . . . When developing a policy, the following should be considered: (Which of the following items would most likely NOT be listed?)
Question401: Which of the following are required components for implementing software configuration management systems?
Question402: Which of the following would be used to implement Mandatory Access Control (MAC)?
Question403: Match the objectives to the assessment questions in the governance domain of Software Assurance Maturity Model (SAMM).

Question404: What uses a key of the same length as the message where each bit or character from the plaintext is encrypted by a modular addition?
Question405: Which is NOT a packet-switched technology?
Question406: Which of the following is an operating system security architecture that provides flexible support for security policies?
Question407: Attack trees are MOST useful for which of the following?
Question408: Of the various types of "Hackers" that exist, the ones who are not worried about being caught and spending time in jail and have a total disregard for the law or police force, are labeled as what type of hackers?
Question409: Which of the following are Systems Engineering Life Cycle (SELC) Technical Processes?
Question410: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as?
Question411: Which of the following is the MOST difficult to enforce when using cloud computing?
Question412: The IP address, 178.22.90.1, is considered to be in which class of
address?
Question413: A Denial of Service (DoS) attack on a syslog server exploits weakness in which of the following protocols?
Question414: A minimal implementation of endpoint security includes which of the following?
Question415: Which layer defines how packets are routed between end systems?
Question416: Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet?
Question417: The use of private and public encryption keys is fundamental in the implementation of which of the following?
Question418: Which choice below is NOT an element of BCP plan approval and implementation?
Question419: What would you call a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates.
Question420: The Object Request Architecture (ORA) is a high-level framework for a
distributed environment. It consists of four components. Which of the
following items is NOT one of those components?
Question421: A new Chief Information Officer (CIO) created a group to write a data retention policy based on applicable laws. Which of the following is the PRIMARY motivation for the policy?
Question422: Frame relay uses a public switched network to provide:
Question423: Which of the following is the MOST effective practice in managing user accounts when an employee is terminated?
Question424: Which of the following is not appropriate in addressing object reuse?
Question425: Which of the following ensures that security is not breached when a system crash or other system failure occurs?
Question426: Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions would have no bearing on the inadmissibility of audit logs and audit trails in a court of law?
Question427: Multi-threaded applications are more at risk than single-threaded applications to
Question428: In which of the following security models is the subject's clearance compared to the object's classification such that specific rules can be applied to control how the subject-to-object interactions take place?
Question429: What is the best way for mutual authentication of devices belonging to the same organization?
Question430: Which of the following is typically NOT a consideration in the design of
passwords?
Question431: What is the correct order of steps in an information security assessment?
Place the information security assessment steps on the left next to the numbered boxes on the right in the correct order.

Question432: Which of the following is considered best practice for preventing e-mail spoofing?
Question433: When comparing host based IDS with network based ID, which of the following is an obvious advantage?
Question434: In the Open System Interconnection (OSI) model, which layer is responsible for the transmission of binary data over a communications network?
Question435: During the risk assessment phase of the project the CISO discovered that a college within the University is collecting Protected Health Information (PHI) data via an application that was developed in-house. The college collecting this data is fully aware of the regulations for Health Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan. Drag the remaining BC\DR phases to the appropriate corresponding location.

Question436: A brownout can be defined as a:
Question437: Which of the following is the key requirement for test results when implementing forensic procedures?
Question438: Which of the following term BEST describes a weakness that could potentially be exploited?
Question439: Which of the following statements pertaining to software testing is incorrect?
Question440: Which of the following is not an EPA-approved replacement for Halon?
Question441: You are using an open source packet analyzer called Wireshark and are sifting through the various conversations to see if anything appears to be out of order.
You are observing a UDP conversation between a host and a router. It was a file transfer between the two on port 69. What protocol was used here to conduct the file transfer?
Question442: Which of the following is an initial consideration when developing an information security management system (ISMS)?
Question443: Why are coaxial cables called "coaxial"?
Question444: A security professional should ensure that clients support which secondary algorithm for digital signatures when a Secure Multipurpose Internet Mail Extension (S/MIME) is used?
Question445: Which Orange book security rating is the FIRST to be concerned with covert channels?
Question446: Frame relay and X.25 networks are part of which of the following?
Question447: Which of the following provides the MOST protection against data theft of sensitive information when a laptop is stolen?
Question448: In which situation would TEMPEST risks and technologies be of MOST interest?
Question449: Who is responsible for providing reports to the senior management on the effectiveness of the security controls?
Question450: What security procedure forces an operator into collusion with an operator of a different category to have access to unauthorized data?
Question451: How many rounds are used by DES?
Question452: Researchers have recently developed a tool that imitates a 14 year old on the Internet. The authors developed a "Chatter Bot" that mimics conversation and treats the dissemination of personal information as the goal to determine if the other participant in the conversation is a pedophile.
The tool engages people in conversation and uses artificial intelligence to check for inappropriate questions by the unsuspecting human. If the human types too many suggestive responses to the "artificial" 14 year old, the tool then notifies the police.
From a legal perpective, what is the greatest legal challenge to the use of this tool?
Question453: Which of the following items is NOT a component of a knowledgebased
system (KBS)?
Question454: What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?
Question455: Which of the following statements is TRUE regarding equivalence class testing?
Question456: Which of the following is the BEST method to assess the effectiveness of an organization's vulnerability management program?
Question457: The primary service provided by Kerberos is which of the following?
Question458: The information security staff's participation in which of the following system development life cycle phases provides maximum benefit to the organization?
Question459: In fault-tolerant systems, what do rollback capabilities permit?
Question460: Contracts and agreements are often times unenforceable or hard to enforce in which of the following alternate facility recovery agreement?
Question461: Which of the following protocols operates at the session layer (layer 5)?
Question462: Which of the following is an example of two-factor authentication?
Question463: Although code using a specific program language may not be susceptible to a buffer overflow attack,
Question464: An organization adopts a new firewall hardening standard. How can the security professional verify that the technical staff correct implemented the new standard?
Question465: An organization publishes and periodically updates its employee policies in a file on their intranet.
Which of the following is a PRIMARY security concern?
Question466: An electrical device (AC or DC) which can generate coercive magnetic force for the purpose of reducing magnetic flux density to zero on storage media or other magnetic media is called:
Question467: The FIRST step in building a firewall is to
Question468: During a business impact analysis it is concluded that a system has maximum tolerable downtime of 2 hours. What would this system be classified as?
Question469: Which one of the following affects the classification of data?
Question470: Data remanence refers to which of the following?
Question471: Keeping in mind that these are objectives that are provided for information only within the CBK as they only apply to the committee and not to the individuals. Which of the following statements pertaining to the (ISC)2 Code of Ethics is incorrect?
Question472: Kerberos depends upon what encryption method?
Question473: Which of the following media sanitization techniques is MOST likely to be effective for an organization using public cloud services?
Question474: Which of the following statements pertaining to dealing with the media after a disaster occurred and disturbed the organization's activities is incorrect?
Question475: Java is not:
Question476: In which layer of the OSI Model are connection-oriented protocols located in the TCP/IP suite of protocols?
Question477: What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access?
Question478: Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of:
Question479: Which standard below does NOT specify fiber optic cabling as its
physical media?
Question480: Which of the following is NOT a true statement about Network Address
Translation (NAT)?
Question481: Which of the following biometrics devices has the highs Crossover Error Rate (CER)?
Question482: Refer to the information below to answer the question.
An organization experiencing a negative financial impact is forced to reduce budgets and the number of Information Technology (IT) operations staff performing basic logical access security administration functions. Security processes have been tightly integrated into normal IT operations and are not separate and distinct roles.
When determining appropriate resource allocation, which of the following is MOST important to monitor?
Question483: What is the motivation for use of the Online Certificate Status Protocol (OCSP)?
Question484: What is the main purpose of Corporate Security Policy?
Question485: Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?
Question486: Data which is properly secured and can be described with terms like genuine or not corrupted from the original refers to data that has a high level of what?
Question487: Which of the following can be defined as THE unique attribute used as a unique identifier within a given table to identify a tuple?
Question488: Which of the following MUST a security policy include to be effective within an organization?
Question489: Which BEST describes a tool (i.e. keyfob, calculator, memory card or smart card) used to supply dynamic passwords?
Question490: Which of the following provides the minimum set of privileges required to perform a job function and restricts the user to a domain with the required privileges?
Question491: Which of the following is a strategy of grouping requirements in developing a security test and Evolution (ST&E)?
Question492: Which choice below is the BEST description of the criticality prioritization
goal of the Business Impact Assessment (BIA) process?
Question493: Which of the following methodologies is appropriate for planning and controlling activities and resources in a system project?
Question494: If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist?
Question495: A Differential backup process will:
Question496: Sensor is:
Question497: What Service Organization Controls (SOC) report can be freely distributed and used by customers to gain confidence in a service organization's systems?
Question498: Which of the following is covered under Crime Insurance Policy Coverage?
Question499: A software security engineer is developing a black box-based test plan that will measure the system's reaction to incorrect or illegal inputs or unexpected operational errors and situations. Match the functional testing techniques on the left with the correct input parameters on the right.

Question500: Which of the following is the MOST effective preventative method to identify security flaws in software?
Question501: A client has reviewed a vulnerability assessment report and has stated it is Inaccurate. The client states that the vulnerabilities listed are not valid because the host's Operating System (OS) was not properly detected.
Where in the vulnerability assessment process did the erra MOST likely occur?
Question502: If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist?
Question503: Which of the following phases of a system development life-cycle is most concerned with establishing a good security policy as the foundation for design?
Question504: Refer to the information below to answer the question.
A large, multinational organization has decided to outsource a portion of their Information Technology (IT) organization to a third-party provider's facility. This provider will be responsible for the design, development, testing, and support of several critical, customer-based applications used by the organization.
What additional considerations are there if the third party is located in a different country?
Question505: Which of the following will you consider as most secure?
Question506: Which of the following is NOT a characteristic of a host-based intrusion detection system?
Question507: Retaining system logs for six months or longer can be valuable for what activities?
Question508: A Business Impact Analysis (BIA) does not:
Question509: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

Which of the following is true according to the star property (*property)?
Question510: In Business Continuity Planning (BCP), what is the importance of documenting business processes?
Question511: The BEST method to mitigate the risk of a dictionary attack on a system is to
Question512: Refer to the information below to answer the question.
In a Multilevel Security (MLS) system, the following sensitivity labels are used in increasing levels of sensitivity: restricted, confidential, secret, top secret. Table A lists the clearance levels for four users, while Table B lists the security classes of four different files.

In a Bell-LaPadula system, which user has the MOST restrictions when writing data to any of the four files?
Question513: Which layer of the Open system Interconnect (OSI) model is responsible for secure data transfer between applications, flow control, and error detection and correction?
Question514: Which type of attack involves the altering of a systems Address Resolution Protocol (ARP) table so that it contains incorrect IP to MAC address mappings?
Question515: Of the various types of "Hackers" that exist, the ones who are not worried about being caught and spending time in jail and have a total disregard for the law or police force, are labeled as what type of hackers?
Question516: What assesses potential loss that could be caused by a disaster?
Question517: What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours?
Question518: The definition A mark used in the sale or advertising of services to
identify the services of one person and distinguish them from the
services of others refers to a:
Question519: Which of the following is a key principle in the evolution of computer
crime laws in many countries?
Question520: What IDS approach relies on a database of known attacks?
Question521: Which of the following is a process within a Systems Engineering Life Cycle (SELC) stage?
Question522: What capability would typically be included in a commercially available software package designed for access control?
Question523: Which of the following is NOT a security characteristic we need to consider while choosing a biometric identification system?
Question524: As per the Orange Book, what are two types of system assurance?
Question525: Which of the following represents the GREATEST risk to data confidentiality?
Question526: When writing security assessment procedures, what is the MAIN purpose of the test outputs and reports?
Question527: Which of the following service is not provided by a public key infrastructure (PKI)?
Question528: Who should NOT have access to the log files?
Question529: What part of an access control matrix shows capabilities that one user
has to multiple resources?
Question530: Given a file containing ordered number, i.e. "123456789," match each of the following redundant Array of independent Disks (RAID) levels to the corresponding visual representation visual representation. Note: P() = parity.
Drag each level to the appropriate place on the diagram.

Question531: Which choice below most accurately describes a business impact
analysis (BIA)?
Question532: In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.
Question533: Which of the following is used to create and delete views and relations within tables?
Question534: Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop-down ceiling. This area is referred to as the:
Question535: What is the best way for mutual authentication of devices belonging to the same organization?
Question536: Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys. This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session- by-session basis?
Question537: What is the second phase of Public Key Infrastructure (PKI) key/certificate life-cycle management?
Question538: What principle requires corporate officers to institute appropriate
protections regarding the corporate intellectual property?
Question539: A back door into a network refers to what?
Question540: What is the primary goal of setting up a honey pot?
Question541: Which utility below can create a server-spoofing attack?
Question542: Which of the following rules is less likely to support the concept of least privilege?
Question543: Similarity between all recovery plans is:
Question544: Which choice below is a role of the Information Systems Security
Officer?
Question545: The Number Field Sieve (NFS) is a:
Question546: When it comes to magnetic media sanitization, what difference can be made between clearing and purging information?
Question547: Which of the following protocols does not operate at the data link layer (layer 2)?
Question548: Activity to baseline, tailor, and scope security controls tikes place dring which National Institute of Standards and Technology (NIST) Risk Management Framework (RMF) step?
Question549: Which of the following focuses on the basic features and architecture of a system?
Question550: Which is NOT a packet-switched technology?
Question551: Which of the following is not a defined maturity level within the Software Capability Maturity Model?
Question552: Which of the following BEST describes Recovery Time Objective (RTO)?
Question553: How fast is private key cryptography compared to public key cryptography?
Question554: Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE?
Question555: Which of the following is the MOST important action regarding authentication?
Question556: Which one of the following, if embedded within the ciphertext, will decrease the likelihood of a message being replayed?
Question557: Context-dependent control uses which of the following to make decisions?
Question558: Which of the following is an ip address that is private? (i.e. reserved for internal networks, and not a valid address to use on the Internet)?
Question559: Which of the following is the proper lifecycle of evidence?
Question560: Frame relay and X.25 networks are part of which of the following?
Question561: How is authentication implemented in GSM?
Question562: Which of the following service is not provided by a public key infrastructure (PKI)?
Question563: Which of the following attack could be avoided by creating more security awareness in the organization and provide adequate security knowledge to all employees?
Question564: Which choice below BEST describes the type of control that a firewall
exerts on a network infrastructure?
Question565: What would be the MOST cost effective solution for a Disaster Recovery (DR) site given that the organization's systems cannot be unavailable for more than 24 hours?
Question566: During an IS audit, auditor has observed that authentication and authorization steps are split into two functions and there is a possibility to force the authorization step to be completed before the authentication step. Which of the following technique an attacker could user to force authorization step before authentication?
Question567: Which IEEE standard defines wireless networking in the 5GHz band with speeds of up to 54 Mbps?
Question568: Which statement is NOT true about the SOCKS protocol?
Question569: Which of the following encryption algorithms does NOT deal with discrete logarithms?
Question570: When building a data center, site location and construction factors that increase the level of vulnerability to physical threats include
Question571: Which statement accurately describes the difference between 802.11b
WLAN ad hoc and infrastructure modes?
Question572: Who would be the BEST person to approve an organizations information security policy?
Question573: Which of the following European Union (EU) principles pertaining to the protection of information on private individuals is incorrect?
Question574: Communications and network security relates to transmission of which of the following?
Question575: Smart cards are an example of which type of control?
Question576: Which choice below is NOT an accurate statement about the visibility of
IT security policy?
Question577: This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence. What is the name of this type of evidence?
Question578: Which of the following is a symmetric encryption algorithm?
Question579: What is the primary purpose of using redundant array of inexpensive disks (RAID) level zero?
Question580: Change management policies and procedures belong to which of the following types of controls?
Question581: What is the name for a substitution cipher that shifts the alphabet by 13 places?
Question582: What is a common mistake in records retention?
Question583: Which type of fire extinguishing method contains standing water in the
pipe, and therefore generally does not enable a manual shutdown of
systems before discharge?
Question584: Which risk management methodology uses the exposure factor multiplied by the asset value to determine its outcome?
Question585: Which of the following is a characteristic of a decision support system (DSS)?
Question586: Which of the following are computer investigation issues? S
Question587: What is a disaster recovery plan for a company's computer system usually focused on?
Question588: Hierarchical Storage Management (HSM) is commonly employed in:
Question589: Which one of the following network attacks takes advantages of weaknesses in the fragment reassembly functionality of the TCP/IP protocol stack?
Question590: How often should logging be run?
Question591: Degaussing is used to clear data from all of the following medias except:
Question592: The core component of Role Based Access Control (RBAC) must be constructed of defined data elements.
Which elements are required?
Question593: What is RAD?
Question594: Like the Kerberos protocol, SESAME is also subject to which of the following?
Question595: Single Sign-on (SSO) is characterized by which of the following advantages?
Question596: The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?
Question597: What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests?
Question598: Several analysis methods can be employed by an IDS, each with its own strengths and weaknesses, and their applicability to any given situation should be carefully considered. There are two basic IDS analysis methods that exists. Which of the basic method is more prone to false positive?
Question599: Why MUST a Kerberos server be well protected from unauthorized access?
Question600: The two categories of the policy of separation of duty are:
Question601: At which of the OSI/ISO model layer is IP implemented?
Question602: Which of the following statements relating to the Biba security model is FALSE?
Question603: When planning for disaster recovery it is important to know a chain of command should one or more people become missing, incapacitated or otherwise not available to lead the organization.
Which of the following terms BEST describes this process?
Question604: Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and its sensitivity level?
Question605: The recording of events with a closed-circuit TV camera is considered a:
Question606: The Kennedy-Kassebaum Act is also known as:
Question607: What is a method in an object-oriented system?
Question608: Which of the following is not a responsibility of a database administrator?
Question609: Which of the following are WELL KNOWN PORTS assigned by the IANA?
Question610: Which choice below is NOT a generally accepted benefit of security
awareness, training, and education?
Question611: A security architect plans to reference a Mandatory Access Control (MAC) model for implementation. This indicates that which of the following properties are being prioritized?
Question612: By carefully aligning the pins in the lock, which of the following defines the opening of a mechanical lock without the proper key?
Question613: When logging on to a workstation, the log-on process should:
Question614: What is a Covered Entity? The term "Covered Entity" is defined in 160.103 of the regulation.
Question615: Which of the following does NOT concern itself with key management?
Question616: Users require access rights that allow them to view the average salary of groups of employees. Which control would prevent the users from obtaining an individual employee's salary?
Question617: Which one of the following authentication mechanisms creates a problem for mobile users?
Question618: Qualitative loss resulting from the business interruption does not include:
Question619: Which of the following was not designed to be a proprietary encryption algorithm?
Question620: Which of the following is the MOST important element of change management documentation?
Question621: Who is responsible for setting user clearances to computer-based information?
Question622: An input validation and exception handling vulnerability has been discovered on a critical web-based system. Which of the following is MOST suited to quickly implement a control?
Question623: What security model is dependant on security labels?
Question624: Data remanence refers to which of the following?
Question625: A system administration office desires to implement the following rules:
- An administrator that is designated as a skill level 3, with 5 years
of experience, is allowed to perform system backups, upgrades, and
local administration.
- An administrator that is designated as a skill level 5, with 10 years of experience, is permitted to perform all actions related to system administration.
Which of the following access control methods MUST be implemented to achieve this goal?
Question626: Which choice below is an accurate statement about standards?
Question627: In developing an emergency or recovery plan, which choice below
would NOT be considered a short-term objective?
Question628: Which OSI/ISO layer defines how to address the physical devices on the network?
Question629: Which of the following could elicit a Denial of Service (DoS) attack against a credential management system?
Question630: What is the MOST critical factor to achieve the goals of a security program?
Question631: Sandra is studying for her CISSP exam. Sandra has come to you for help and wants to know what the last step in the change control process is?
Question632: Which of the following is the PRIMARY risk with using open source software in a commercial software construction?
Question633: In terms of the order of effectiveness, which of the following technologies is the least effective?
Question634: Health Care Providers, however,
Question635: Configuration Management controls what?
Question636: What should happen when an emergency change to a system must be performed?
Question637: Which of the following is not a detective technical control?
Question638: Which of the following categories of hackers poses the greatest threat?
Question639: What is the main issue with media reuse?
Question640: Which of the following is a communication mechanism that enables direct conversation between two applications?
Question641: Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of?
Question642: The European Union (EU) has enacted a Conditional Access Directive
(CAD) that addresses which of the following?
Question643: Which one of the following security technologies provides safeguards for authentication before securely sending information to a web server?
Question644: The RSA Algorithm uses which mathematical concept as the basis of its encryption?
Question645: What is the Biba security model concerned with?
Question646: What is the RESULT of a hash algorithm being applied to a message?
Question647: Which Orange book security rating is the FIRST to be concerned with covert channels?
Question648: copyright provides protection for which of the following?
Question649: Which of the following security controls might force an operator into collusion with personnel assigned organizationally within a different function in order to gain access to unauthorized data?
Question650: Which of the following is not a part of risk analysis?
Question651: Who can best decide what are the adequate technical security controls in a computer-based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level?
Question652: The type of access control that is used in local, dynamic situations where subjects have the ability to specify what resources certain users can access is called:
Question653: Due to system constraints, a group of system administrators must share a high-level access set of credentials.
Which of the following would be
Question654: Which of the following is a reasonable response from the intrusion detection system when it detects Internet Protocol (IP) packets where the IP source address is the same as the IP destination address?
Question655: RAID Level 1 is commonly called which of the following?
Question656: Why is planning in Disaster Recovery (DR) an interactive process?
Question657: which of the following is a Hashing Algorithm?
Question658: Which of the following proves or disproves a specific act though oral testimony based on information gathered through the witness's five senses?
Question659: Which of the following is the best reason for the use of an automated risk analysis tool?
Question660: Which of the following is the FIRST step during digital identity provisioning?
Question661: At a MINIMUM, a formal review of any Disaster Recovery Plan (DRP) should be conducted
Question662: Which of the following encryption algorithms does not deal with discrete logarithms?
Question663: Which type of risk assessment is the formula ALE = ARO x SLE used for?
Question664: Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection?
Question665: Crime Prevention Through Environmental Design (CPTED) is a discipline that:
Question666: Hierarchical Storage Management (HSM) is commonly employed in:
Question667: Once evidence is seized, a law enforcement officer should emphasize which of the following?
Question668: Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support?
Question669: What does "residual risk" mean?
Question670: The PRIMARY outcome of a certification process is that it provides documented
Question671: Which IEEE standard defines wireless networking in the 5GHz band with
speeds of up to 54 Mbps?
Question672: Related to information security, the guarantee that the message sent is the message received with the assurance that the message was not intentionally or unintentionally altered is an example of which of the following?
Question673: Which security model uses an access control triple and also require separation of duty?
Question674: Which of the following statements pertaining to quantitative risk analysis is NOT true?
Question675: A message can be encrypted and digitally signed, which provides _______________
Question676: Which of the following is NOT true about IPSec Tunnel mode?
Question677: What is the percentage of valid subjects that are falsely rejected by a Biometric Authentication system called?
Question678: A disadvantage of an application filtering firewall is that it can lead to
Question679: Which type of control below is NOT an example of a physical security access control?
Question680: Which of the following BEST describes how access to a system is granted to federated user accounts?
Question681: Which of the following is BEST suited for exchanging authentication and authorization messages in a multi- party decentralized environment?
Question682: Who can best decide what are the adequate technical security controls in a computer- based application system in regards to the protection of the data being used, the criticality of the data, and it's sensitivity level?
Question683: The design review for an application has been completed and is ready for release. What technique should an organization use to assure application integrity?
Question684: From an asset security perspective, what is the BEST countermeasure to prevent data theft due to data remanence when a sensitive data storage media is no longer needed?
Question685: A security engineer is designing a Customer Relationship Management (CRM) application for a third-party vendor. In which phase of the System Development Life Cycle (SDLC) will it be MOST beneficial to conduct a data sensitivity assessment?
Question686: Which Web Services Security (WS-Security) specification maintains a single authenticated identity across multiple dissimilar environments? Click on the correct specification in the image below.

Question687: Of the three types of alternate sites: hot, warm or cold, which is BEST described by the following facility description?
-Configured and functional facility
-Available with a few hours
-Requires constant maintenance
-
Is expensive to maintain
Question688: In what LAN topology do all the transmissions of the network travel the full length of cable and are received by all other stations?
Question689: Which of the following is NOT an attack against operations?
Question690: Once an intrusion into your organizations information system has been detected, which of the following actions should be performed first?
Question691: What is necessary for a subject to have write access to an object in a Multi-Level Security Policy?
Question692: What is called the access protection system that limits connections by calling back the number of a previously authorized location?
Question693: What should an auditor do when conducting a periodic audit on media retention?
Question694: Why do buffer overflows happen? What is the main cause?
Question695: Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes?
Question696: Which of the following is often implemented by a one-for-one disk to disk ratio?
Question697: Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with:
Question698: Which of the following statements pertaining to firewalls is incorrect?
Question699: Which of the following is NOT true of the Kerberos protocol?