EMT Practice Test

1. Question Content...


Question List

Question1: Attackers have been known to search through company trash bins in order to collect potentially useful information.
This method of attack is known as _________________.

Question2: In the CIA triad, what does the letter A stand for?

Question3: Which of the following is an attribute of polymorphic code?

Question4: Which of the following describes a technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind?

Question5: What is the primary difference between FTP and TFTP?

Question6: What is used to bind a document to its creation at a particular time?

Question7: Masquerading is synonymous with __________.

Question8: Which of the following models does NOT include data integrity or conflict of interest?

Question9: The Clipper Chip utilizes which concept in public key cryptography?

Question10: The typical computer fraudsters are usually persons with which of the following characteristics?

Question11: An attempt to break an encryption algorithm is called _____________.

Question12: Which of the following is not a preventive login control?

Question13: Which of the following is covered under Crime Insurance Policy Coverage?

Question14: Which of the following statements pertaining to using Kerberos without any extension is false?

Question15: What does the (star) integrity axiom mean in the Biba model?

Question16: Which of the following is NOT an advantage that TACACS+ has over TACACS?

Question17: What is one disadvantage of content-dependent protection of information?

Question18: Unclassified, Private, Confidential, Secret, Top Secret, and Internal Use Only are levels of
________________

Question19: Computer evidence may have a higher burden of proof. Typical challenges include, all except:

Question20: Which layer defines how packets are routed between end systems?

Question21: Which backup method copies only files that have changed since the last full backup, but does not clear the archive bit?

Question22: What does the Clark-Wilson security model focus on?

Question23: What is malware that can spread itself over open network connections?

Question24: Which of the following statements pertaining to software testing approaches is correct?

Question25: Encapsulating Security Payload (ESP) provides some of the services of Authentication Headers (AH), but it is primarily designed to provide:

Question26: Passfilt.dll enforces which of the following? (Choose all that apply)

Question27: Which of the following is TRUE regarding Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)?

Question28: What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

Question29: Which of the following should NOT be performed by an operator?

Question30: Which of the following statements is NOT true of IPSec Transport mode?

Question31: Degaussing is used to clear data from all of the following medias except:

Question32: Which of the following is a set of data processing elements that increases the performance in a computer by overlapping the steps of different instructions?

Question33: Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model?

Question34: A periodic review of user account management should not determine:

Question35: Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

Question36: In biometrics, "one-to-many" search against database of stored biometric images is done in:

Question37: Which of the following is often the greatest challenge of distributed computing solutions?

Question38: All following observations about IPSec are correct except:

Question39: The Diffie-Hellman algorithm is used for:

Question40: Which of the following is not a logical control when implementing logical access security?

Question41: What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?

Question42: Organizations should not view disaster recovery as which of the following?

Question43: The number of violations that will be accepted or forgiven before a violation record is produced is called which of the following?

Question44: What enables a workstation to boot without requiring a hard or floppy disk drive?

Question45: What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?

Question46: Which of the following LAN topologies offers the highest availability?

Question47: Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address?

Question48: Secure Electronic Transaction (SET) and Secure HTTP (S-HTTP) operate at which layer of the OSI model?

Question49: As a result of a risk assessment, your security manager has determined that your organization needs to implement an intrusion detection system that can detect unknown attacks and can watch for unusual traffic behavior, such as a new service appearing on the network.
What type of intrusion detection system would you select?

Question50: Accounting, __________, and ____________ are the AAAs of information security.

Question51: Which of the following remote access authentication systems is the most robust?

Question52: A confidential number used as an authentication factor to verify a user's identity is called a:

Question53: Only law enforcement personnel are qualified to do computer forensic investigations.

Question54: In regards to information classification what is the main responsibility of information (data) owner?

Question55: Sandra has used Ethereal, a packet sniffer, to listen in on network transmissions. She has captured several passwords. What type of attack has been performed on her network?

Question56: Which of the following protocols suite does the Internet use?

Question57: How would nonrepudiation be best classified as?

Question58: Telnet and rlogin use which protocol?

Question59: What best describes a scenario when an employee has been shaving off pennies from multiple accounts and depositing the funds into his own bank account?

Question60: ___________ programs decrease the number of security incidents, educate users about procedures, and can potentially reduce losses.

Question61: Authentication Headers (AH) and Encapsulating Security Payload (ESP) protocols are the driving force of IPSec.
Authentication Headers (AH) provides the following service except:

Question62: Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?

Question63: Examples of types of physical access controls include all EXCEPT which of the following?

Question64: Why do buffer overflows happen?
What is the main cause?

Question65: What is electronic vaulting?

Question66: Layer 4 of the OSI model corresponds to which layer of the DoD model?

Question67: Which of the following items is NOT a benefit of cold sites?

Question68: Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request?

Question69: Which of the following would best describe certificate path validation?

Question70: In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on :

Question71: Which of the following networking devices allows the connection of two or more homogeneous LANs in a simple way where they forward the traffic based on the MAC address ?

Question72: ___________________ is responsible for creating security policies and for communicating those policies to system users.

Question73: If an organization were to monitor their employees' e-mail, it should not:

Question74: What is the Maximum Tolerable Downtime (MTD)?

Question75: Why are clipping levels used?

Question76: When a possible intrusion into your organization's information system has been detected, which of the following actions should be performed first?

Question77: Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

Question78: Which of the following binds a subject name to a public key value?

Question79: Which of the following questions are least likely to help in assessing controls covering audit trails?

Question80: What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?

Question81: When considering an IT System Development Life-cycle, security should be:

Question82: In order to use L0pht, the ___________ must be exported from Windows NT.

Question83: Which of the following is NOT a compensating measure for access violations?

Question84: Which of the following is a LAN transmission method?

Question85: A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence?

Question86: When compiling a risk assessment report, which of the following items should be included?
(Choose all that apply)

Question87: If Big Texastelephone company suddenly started billing you for caller ID and call forwarding without your permission, this practice is referred to as __________________.

Question88: The IDEA algorithm (used in PGP) is _______ bits long.

Question89: Only key members of the staff need to be educated in disaster recovery procedures.

Question90: Which of the following are NOT a countermeasure to traffic analysis?

Question91: What key size is used by the Clipper Chip?

Question92: In an organization where there are frequent personnel changes, non-discretionary access control using Role Based Access Control (RBAC) is useful because:

Question93: Which access control type has a central authority that determine to what objects the subjects have access to and it is based on role or on the organizational security policy?

Question94: Which of the following groups represents the leading source of computer crime losses?

Question95: There are parallels between the trust models in Kerberos and Public Key Infrastructure (PKI).
When we compare them side by side, Kerberos tickets correspond most closely to which of the following?

Question96: What can be defined as the maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization?

Question97: Which of the following rules appearing in an Internet firewall policy is inappropriate?

Question98: A _________ is an information path that is not normally used for communication within a computer system. It is not protected by the any of the systems security mechanisms.

Question99: Which of the following algorithms is used today for encryption in PGP?

Question100: Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix?

Question101: In non-discretionary access control using Role Based Access Control (RBAC), a central authority determines what subjects can have access to certain objects based on the organizational security policy.
The access controls may be based on:

Question102: Which of the following is best at defeating frequency analysis?

Question103: Which layer of the OSI/ISO model handles physical addressing, network topology, line discipline, error notification, orderly delivery of frames, and optional flow control?

Question104: ___________, generally considered "need to know" access is given based on permissions granted to the user.

Question105: Sensitivity labels are an example of what application control type?

Question106: There are ______ available service ports

Question107: What is considered the most important type of error to avoid for a biometric access control system?

Question108: Which of the following is NOT true of the Kerberos protocol?

Question109: Which of the following is the most reliable authentication method for remote access?

Question110: Which of the following will a Business Impact Analysis NOT identify?

Question111: What is NOT an authentication method within IKE and IPsec?

Question112: What size is an MD5 message digest (hash)?

Question113: Which of the following is NOT a transaction redundancy implementation?

Question114: In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

Question115: ____________ is a file system that was poorly designed and has numerous security flaws.

Question116: Which software development model is actually a meta-model that incorporates a number of the software development models?

Question117: Which of the following statements pertaining to disk mirroring is incorrect?

Question118: Which of the following security models does NOT concern itself with the flow of data?

Question119: What is used to protect programs from all unauthorized modification or executional interference?

Question120: Qualitative loss resulting from the business interruption does NOT usually include:

Question121: Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?

Question122: A timely review of system access audit records would be an example of which of the basic security functions?

Question123: SATAN is a _____________ based tool and COPS is a ______________ based tool

Question124: Which of the following statements pertaining to firewalls is incorrect?

Question125: Which of the following would best define a digital envelope?

Question126: How are memory cards and smart cards different?

Question127: The end result of implementing the principle of least privilege means which of the following?

Question128: Which of the following is the biggest concern with firewall security?

Question129: Which of the following choices describe a Challenge-response tokens generation?

Question130: A ______________ is an electronically generated record that ties a user's ID to their public key.

Question131: Identification and authentication are the keystones of most access control systems.
Identification establishes:

Question132: Which of the following would assist the most in Host Based intrusion detection?

Question133: What is the act of obtaining information of a higher sensitivity by combining information from lower levels of sensitivity?

Question134: What is the most critical characteristic of a biometric identifying system?

Question135: Before the advent of classless addressing, the address 128.192.168.16 would have been considered part of:

Question136: An intrusion detection system is an example of what type of countermeasure?

Question137: Which of the following is most likely to be useful in detecting intrusions?

Question138: Which three things must be considered for the design, planning, and implementation of access control mechanisms? (Choose three)

Question139: What is the role of IKE within the IPsec protocol?

Question140: Which of the following would best describe the difference between white-box testing and black box testing?

Question141: Which of the following is an Internet IPsec protocol to negotiate, establish, modify, and delete security associations, and to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishment protocol, encryption algorithm, or authentication mechanism?

Question142: The SubSeven Trojan has been known to exploit which service ports?

Question143: Which of the following is NOT a factor related to Access Control?

Question144: What is called the use of technologies such as fingerprint, retina, and iris scans to authenticate the individuals requesting access to resources?

Question145: A packet containing a long string of NOP's followed by a command is usually indicative of what?

Question146: What can best be described as a domain of trust that shares a single security policy and single management?

Question147: Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of:

Question148: Which of the following statements pertaining to message digests is incorrect?

Question149: What can be defined as a momentary low voltage?

Question150: Which of the following algorithms does NOT provide hashing?

Question151: What are the main goals of an information security program? (Choose all that apply)

Question152: Which type of control is concerned with restoring controls?

Question153: Which of the following is used in database information security to hide information?

Question154: Which of the following defines session hijacking?

Question155: Which of the following would BEST be defined as an absence or weakness of safeguard that could be exploited?

Question156: Which of the following is required in order to provide accountability?

Question157: Volatile memory is referred to as ROM.

Question158: Which of the following is related to physical security and is not considered a technical control?

Question159: Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet?

Question160: L2TP is considered to be a less secure protocol than PPTP.

Question161: Step-by-step instructions used to satisfy control requirements is called a:

Question162: What can best be described as an abstract machine which must mediate all access to subjects to objects?

Question163: What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable?

Question164: What is called the type of access control where there are pairs of elements that have the least upper bound of values and greatest lower bound of values?

Question165: A contingency plan should address:

Question166: Which of the following teams should NOT be included in an organization's contingency plan?

Question167: Which of the following is less likely to be used today in creating a Virtual Private Network?

Question168: The NT password cracking program L0pht is capable of pulling passwords from the registry?

Question169: Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

Question170: Which of the following is the most reliable, secure means of removing data from magnetic storage media such as a magnetic tape, or a cassette?

Question171: In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected?

Question172: The session layer provides a logical persistent connection between peer hosts.
Which of the following is one of the modes used in the session layer to establish this connection?

Question173: PGP uses which of the following to encrypt data?

Question174: Which of the following encryption methods is known to be unbreakable?

Question175: The DES algorithm is an example of what type of cryptography?

Question176: What is the main purpose of Corporate Security Policy?

Question177: Which authentication technique best protects against hijacking?

Question178: What is the effective key size of DES?

Question179: Why are coaxial cables called "coaxial"?

Question180: When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?

Question181: When an outgoing request is made on a port number greater than 1023, this type of firewall creates an ACL to allow the incoming reply on that port to pass:

Question182: A DMZ is located:

Question183: Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing?

Question184: Under the Business Exemption Rule to the hearsay evidence, which of the following exceptions would have no bearing on the inadmissibility of audit logs and audit trails in a court of law?

Question185: Which of the following offers confidentiality to an e-mail message?

Question186: ______________ is a major component of an overall risk management program.

Question187: What is defined as the rules for communicating between computers on a Local Area Network (LAN)?

Question188: Which of the following is true about digital certificate?

Question189: Secure Shell (SSH-2) supports authentication, compression, confidentiality, and integrity, SSH is commonly used as a secure alternative to all of the following protocols below except:

Question190: A security evaluation report and an accreditation statement are produced in which of the following phases of the system development life cycle?

Question191: In order to be able to successfully prosecute an intruder:

Question192: Which of the following is NOT a common integrity goal?

Question193: Which of the following is best defined as a mode of system termination that automatically leaves system processes and components in a secure state when a failure occurs or is detected in a system?

Question194: Which of the following statements pertaining to biometrics is FALSE?

Question195: Which backup method is used if backup time is critical and tape space is at an extreme premium?

Question196: The ___________ protocol converts IP addresses (logical) to MAC Addresses (physical)

Question197: Which layer of the DoD TCP/IP model controls the communication flow between hosts?

Question198: What is the RESULT of a hash algorithm being applied to a message ?

Question199: Which of the following best describes the purpose of debugging programs?

Question200: What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent?

Question201: Which of the following choices describe a condition when RAM and Secondary storage are used together?

Question202: SMTP can best be described as:

Question203: Each data packet is assigned the IP address of the sender and the IP address of the:

Question204: Which xDSL flavour, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance?

Question205: Which of the following statements regarding an off-site information processing facility is TRUE?

Question206: Which is the last line of defense in a physical security sense?

Question207: Which of the following is responsible for MOST of the security issues?

Question208: Which of the following is currently used in conjunction with most Internet-based certificates to provide continuous authentication?

Question209: Which of the following describes a computer processing architecture in which a language compiler or pre-processor breaks program instructions down into basic operations that can be performed by the processor at the same time?

Question210: How should a doorway of a manned facility with automatic locks be configured?

Question211: Controlling access to information systems and associated networks is necessary for the preservation of their:

Question212: Which of the following is NOT a characteristic of a host-based intrusion detection system?

Question213: The Diffie-Hellman algorithm is primarily used to provide which of the following?

Question214: Encryption ciphers that use the same key to encrypt and decrypt are called?

Question215: Which expert system operating mode allows determining if a given hypothesis is valid?

Question216: Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet?

Question217: Companies can now be sued for privacy violations just as easily as they can be sued for security compromises.

Question218: Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?

Question219: Which of the following assertions is NOT true about pattern matching and anomaly detection in intrusion detection?

Question220: A deviation from an organization-wide security policy requires which of the following?

Question221: An alternative to using passwords for authentication in logical or technical access control is:

Question222: What is the primary role of smartcards in a PKI?

Question223: During which phase of an IT system life cycle are security requirements developed?

Question224: The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real threat exists are associated with:

Question225: Which of the following could be BEST defined as the likelihood of a threat agent taking advantage of a vulnerability?

Question226: MD5 is a ___________ algorithm

Question227: Which of the following can be defined as a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge-response, and arbitrary dialog sequences?

Question228: What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected?

Question229: What security principle is based on the division of job responsibilities - designed to prevent fraud?

Question230: Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use Hybrid Encryption Methods.
What does this mean?

Question231: What is called the act of a user professing an identity to a system, usually in the form of a log-on ID?

Question232: Another name for a VPN is a:

Question233: How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE?

Question234: Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?

Question235: According to the annual CSI/FBI Computer Crime report, which group commits the most computer crimes?

Question236: Which of the following is not a security goal for remote access?

Question237: Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location?

Question238: During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?

Question239: Which of the following is more suitable for a hardware implementation?

Question240: Which of the following tasks is NOT usually part of a Business Impact Analysis (BIA)?

Question241: Which of the following are NT Audit events? (Choose all that apply)

Question242: Unshielded Twisted Pair cabling is a:

Question243: In what type of attack does an attacker try, from several encrypted messages, to figure out the key used in the encryption process?

Question244: Which of the following would be LESS likely to prevent an employee from reporting an incident?

Question245: To understand the 'whys' in crime, many times it is necessary to understand MOM.
Which of the following is not a component of MOM?

Question246: The ____________ protocol sends passwords in clear text, while ____________ encrypts passwords. Both protocols are used by PPP (Point to Point Protocol) to transport IP traffic,

Question247: When a biometric system is used, which error type deals with the possibility of GRANTING access to impostors who should be REJECTED?

Question248: Secure Shell (SSH) is a strong method of performing:

Question249: Which backup type run at regular intervals would take the least time to complete?

Question250: Which of the following DoD Model layer provides non-repudiation services?

Question251: Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS?

Question252: The principle of least privilege is effective in helping prevent security breaches, however, prevention works best when applied with _______ and ______. Together, these three complete a security triad. (Choose two)

Question253: Which of the following is NOT an example of an operational control?

Question254: The term "principle of least privilege" is best as:

Question255: Which of the following protocol was used by the INITIAL version of the Terminal Access Controller Access Control System TACACS for communication between clients and servers?

Question256: Which of the following is an advantage of prototyping?

Question257: Which of the following is NOT a task normally performed by a Computer Incident Response Team (CIRT)?

Question258: What is the main concern with single sign-on?

Question259: Echo, chargen, finger, and bootp are all examples of?

Question260: Which of the following methods of providing telecommunications continuity involves the use of an alternative media?

Question261: A boot sector virus goes to work when what event takes place?

Question262: Which of the following should be emphasized during the Business Impact Analysis (BIA) considering that the BIA focus is on business processes?

Question263: The __________ is the most dangerous part of a virus program.

Question264: Flooding network ports is an example of which type of attack?

Question265: Which of the following statements pertaining to packet switching is incorrect?

Question266: Which type of password provides maximum security because a new password is required for each new log-on?

Question267: Which of the following is most appropriate to notify an external user that session monitoring is being conducted?

Question268: The difference between fraud and embezzlement is ________________-.

Question269: Memory management in TCSEC levels B3 and A1 operating systems may utilize "data hiding".
What does this mean?

Question270: Which of the following is the WEAKEST authentication mechanism?

Question271: A proxy is considered a:

Question272: In stateful inspection firewalls, packets are:

Question273: Which of the following statements pertaining to VPN protocol standards is false?

Question274: If your property Insurance has Actual Cash Valuation (ACV) clause, your damaged property will be compensated based on:

Question275: What can a packet filtering firewall also be called?

Question276: What layer of the ISO/OSI model do routers normally operate at?

Question277: Unlike like viruses and worm, __________ are bogus messages that spread via email forwarding.

Question278: What attack involves the perpetrator sending spoofed packet(s) wich contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host?

Question279: What does the directive of the European Union on Electronic Signatures deal with?

Question280: Logical or technical controls involve the restriction of access to systems and the protection of information.
Which of the following statements pertaining to these types of controls is correct?

Question281: What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests?

Question282: In order to enable users to perform tasks and duties without having to go through extra steps it is important that the security controls and mechanisms that are in place have a degree of?

Question283: Which of the following is not a one-way hashing algorithm?

Question284: Which of the following cannot be undertaken in conjunction or while computer incident handling is ongoing?

Question285: A server cluster looks like a:

Question286: The "vulnerability of a facility" to damage or attack may be assessed by all of the following except:

Question287: The RSA algorithm is an example of what type of cryptography?

Question288: Which of the following would be best suited to oversee the development of an information security policy?

Question289: Which of the following classes is the first level (lower) defined in the TCSEC (Orange Book) as mandatory protection?

Question290: When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address?

Question291: Cryptography does NOT help in:

Question292: What is the MOST critical piece to disaster recovery and continuity planning?

Question293: Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test?

Question294: Which access model is most appropriate for companies with a high employee turnover?

Question295: One purpose of a security awareness program is to modify:

Question296: What is the main focus of the Bell-LaPadula security model?

Question297: Which of the following rules is least likely to support the concept of least privilege?

Question298: Which of the following backup methods is primarily run when time and tape space permits, and is used for the system archive or baselined tape sets?

Question299: Which of the following is not an example of a block cipher?

Question300: What is a packet sniffer?

Question301: AH - Authentication Header is used in what industry standard protocol?

Question302: Whose role is it to assign classification level to information?

Question303: Which of the following is the primary reason why a user would choose a dial-up modem connection to the Internet when they have a faster, secure Internet connection through the organization's network?

Question304: Which of the following transmission media would NOT be affected by cross talk or interference?

Question305: Which of the following protocols is designed to send individual messages securely?

Question306: Computer-generated evidence is considered:

Question307: Who should measure the effectiveness of Information System security related controls in an organization?

Question308: What is the PRIMARY use of a password?

Question309: Which of the following statements pertaining to biometrics is false?

Question310: Secure Shell (SSH-2) provides all the following services except:

Question311: Which method of password cracking takes the most time and effort?

Question312: Which approach to a security program ensures people responsible for protecting the company's assets are DRIVING the program?

Question313: Which of the following is the LEAST user accepted biometric device?

Question314: The property of a system or a system resource being accessible and usable upon demand by an authorized system entity, according to performance specifications for the system is referred to as?

Question315: ___________________ is ultimately responsible for security and privacy violations.

Question316: Which of the following is not an element of a business continuity plan?

Question317: Frame relay uses a public switched network to provide:

Question318: What would be considered the biggest drawback of Host-based Intrusion Detection systems (HIDS)?

Question319: Which of the following rules pertaining to a Business Continuity Plan/Disaster Recovery Plan is incorrect?

Question320: What distinguishes a hacker / cracker from a phreak?

Question321: A prolonged high voltage is a:

Question322: Which major vendor adopted TACACS into its product line as a form of AAA architecture?

Question323: Which of the following is a not a preventative control?

Question324: What ISO/OSI layer do switches primarily operate at? Do take note that this question makes reference to a plain vanilla switch and not one of the smart switches that is available on the market today.

Question325: _____________ is the process of capturing network packets, breaking them apart, and examining the contents.

Question326: What can be defined as secret communications where the very existence of the message is hidden?

Question327: The two categories of threats are natural and ___________.

Question328: Some Unix systems use a very simple cipher called _________.

Question329: What is the most secure way to dispose of information on a CD-ROM?

Question330: Which backup method usually resets the archive bit on the files after they have been backed up?

Question331: A X.509 public key certificate with the key usage attribute "non repudiation" can be used for which of the following?

Question332: Which of the following can prevent hijacking of a web session?

Question333: Related to information security, the prevention of the intentional or unintentional unauthorized disclosure of contents is which of the following?

Question334: Controls to keep password sniffing attacks from compromising computer systems include which of the following?

Question335: Which of the following firewall rules found on a firewall installed between an organization's internal network and the Internet would present the greatest danger to the internal network?

Question336: Which of the following is NOT a common backup method?

Question337: Which of the following biometric devices offers the LOWEST CER?

Question338: Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?

Question339: Heuristic scanning in antivirus software is designed to catch 100% of all known and unknownvirus technologies.

Question340: Attributable data should be:

Question341: Which of the following packets should NOT be dropped at a firewall protecting an organization's internal network?

Question342: What is defined as the hardware, firmware and software elements of a trusted computing base that implement the reference monitor concept?

Question343: In the context of network enumeration by an outside attacker and possible Distributed Denial of Service (DDoS) attacks, which of the following firewall rules is not appropriate to protect an organization's internal network?

Question344: The Orange Book states that "Hardware and software features shall be provided that can be used to periodically validate the correct operation of the on-site hardware and firmware elements of the TCB [Trusted Computing Base]." This statement is the formal requirement for:

Question345: What is the greatest danger from DHCP?

Question346: The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of:

Question347: A common way to create fault tolerance with leased lines is to group several T1s together with an inverse multiplexer placed:

Question348: The IP header contains a protocol field.
If this field contains the value of 17, what type of data is contained within the ip datagram?

Question349: The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations or confusing an intruder about which flaws to exploit is called:

Question350: A DMZ is also known as a

Question351: Why should batch files and scripts be stored in a protected area?

Question352: What is called the access protection system that limits connections by calling back the number of a previously authorized location?

Question353: Trin00 is an example of what type of attack?

Question354: A business continuity plan is an example of which of the following?

Question355: Controls provide accountability for individuals who are accessing sensitive information.
This accountability is accomplished:

Question356: Which integrity model defines a constrained data item, an integrity verification procedure and a transformation procedure?

Question357: Preservation of confidentiality within information systems requires that the information is not disclosed to:

Question358: Which of the following would best describe secondary evidence?

Question359: Which of the following access methods is used by Ethernet?

Question360: Brute force attacks against encryption keys have increased in potency because of increased computing power.
Which of the following is often considered a good protection against the brute force cryptography attack?

Question361: What is a characteristic of using the Electronic Code Book mode of DES encryption?

Question362: Which of the following is an example of a connectionless communication protocol?

Question363: A network-based vulnerability assessment is a type of test also referred to as:

Question364: Single Sign-on (SSO) is characterized by which of the following advantages?

Question365: Which of the following protects Kerberos against replay attacks?

Question366: This is a common security issue that is extremely hard to control in large environments.
It occurs when a user has more computer rights, permissions, and access than what is required for the tasks the user needs to fulfill.
What best describes this scenario?

Question367: Which type of password token involves time synchronization?

Question368: Which of the following would be an example of the best password?

Question369: Which of the following statements pertaining to Kerberos is TRUE?

Question370: Which of the following is an advantage of a qualitative over a quantitative risk analysis?

Question371: The MOST common threat that impacts a business's ability to function normally is:

Question372: Which of the following mechanisms was created to overcome the problem of collisions that occur on wired networks when traffic is simultaneously transmitted from different nodes?

Question373: A Security Reference Monitor relates to which DoD security standard?

Question374: Identifying specific attempts to penetrate systems is the function of the _______________.

Question375: Buffer overflow and boundary condition errors are subsets of which of the following?

Question376: Which disaster recovery plan test involves functional representatives meeting to review the plan in detail?

Question377: Which of the following is NOT a property of the Rijndael block cipher algorithm?

Question378: Which of the following would constitute the best example of a password to use for access to a system by a network administrator?

Question379: Which protocol of the TCP/IP suite addresses reliable data transport?

Question380: Kerberos can prevent which one of the following attacks?

Question381: Which port does the Post Office Protocol Version 3 (POP3) make use of?

Question382: What are the three FUNDAMENTAL principles of security?

Question383: Which of the following Kerberos components holds all users' and services' cryptographic keys?

Question384: What is also known as 10Base5?

Question385: Which OSI/ISO layer is the Media Access Control (MAC) sublayer part of?

Question386: If an operating system permits shared resources such as memory to be used sequentially by multiple users/application or subjects without a refresh of the objects/memory area, what security problem is MOST likely to exist?

Question387: Which of the following is NOT a common category/classification of threat to an IT system?

Question388: What is a hot-site facility?

Question389: ________ attacks generally prevent valid authorized users from gaining access to system resources.

Question390: Which of the following control pairings include: organizational policies and procedures, pre- employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?

Question391: The type of discretionary access control (DAC) that is based on an individual's identity is also called:

Question392: Which of the following type of cryptography is used when both parties use the same key to communicate securely with each other?

Question393: The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram?

Question394: Which of the following is a large hardware/software backup system that uses the RAID technology?

Question395: Which backup method only copies files that have been recently added or changed and also leaves the archive bit unchanged?

Question396: A program that intentionally leaves a security hole or covert method of access is referred to as a
___________.

Question397: What kind of certificate is used to validate a user identity?

Question398: What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?

Question399: Which of the following is not a DES mode of operation?

Question400: Which of the following is NOT a correct notation for an IPv6 address?

Question401: The Data Encryption Algorithm performs how many rounds of substitution and permutation?

Question402: What are the two most critical aspects of risk analysis? (Choose two)

Question403: Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system?

Question404: What is the main characteristic of a multi-homed host?

Question405: Your ATM card is a form of two-factor authentication for what reason?

Question406: Complete the blanks. When using PKI, I digitally sign a message using my ______ key.
The recipient verifies my signature using my ______ key.

Question407: What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access?

Question408: Which of the following statements do not apply to a hot site?

Question409: Which of the following is the best reason for the use of an automated risk analysis tool?

Question410: A public key algorithm that does both encryption and digital signature is which of the following?

Question411: Within the legal domain what rule is concerned with the legality of how the evidence was gathered ?

Question412: The security of a computer application is most effective and economical in which of the following cases?

Question413: What can be defined as a batch process dumping backup data through communications lines to a server at an alternate location?

Question414: The Logical Link Control sub-layer is a part of which of the following?

Question415: Which of the following is considered the weakest link in a security system?

Question416: Which of the following is most appropriate to notify an internal user that session monitoring is being conducted?

Question417: BIND should be disabled on which of the following?

Question418: How often should tests and disaster recovery drills be performed?

Question419: Which of the following questions is less likely to help in assessing physical access controls?

Question420: What is the name of the third party authority that vouches for the binding between the data items in a digital certificate?

Question421: Public Key Infrastructure (PKI) uses asymmetric key encryption between parties.
The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent.
The recipients use their own "private" key to decrypt the information.
The "Infrastructure" of this methodology ensures that:

Question422: The International Standards Organization / Open Systems Interconnection (ISO/OSI) Layers does NOT have which of the following characteristics?

Question423: Which of the following best ensures accountability of users for the actions taken within a system or domain?

Question424: What is called the probability that a threat to an information system will materialize?

Question425: ___________________ viruses change the code order of the strain each time they replicate to another machine.

Question426: Which of the following statements pertaining to the maintenance of an IT contingency plan is incorrect?

Question427: In what way can violation clipping levels assist in violation tracking and analysis?

Question428: Wiretapping is an example of a passive network attack?

Question429: Corporate networks are safer if an end user connects through a VPN connection?

Question430: A password audit consists of checking for ____________?

Question431: Which of the following exemplifies proper separation of duties?

Question432: Which of the following technologies has been developed to support TCP/IP networking over low- speed serial interfaces?

Question433: While there are many different models for IT system life cycle, most contain five unique phases.
Which of the following would be the last phase?

Question434: Which of the following is most affected by denial-of-service (DOS) attacks?

Question435: At which OSI/ISO layer is an encrypted authentication between a client software package and a firewall performed?

Question436: The Reference Validation Mechanism that ensures the authorized access relationships between subjects and objects is implementing which of the following concept:

Question437: What can best be defined as the detailed examination and testing of the security features of an IT system or product to ensure that they work correctly and effectively and do not show any logical vulnerabilities, such as evaluation criteria?

Question438: Which of the following is used to find the Media Access Control address (MAC) that matches with a known Internet Protocol (IP) address?

Question439: _____________ states that users should only be given enough access to accomplish their jobs.

Question440: Related to information security, availability is the opposite of which of the following?

Question441: Which of the following is most concerned with personnel security?

Question442: The first step in the implementation of the contingency plan is to perform:

Question443: Which of the following attacks could capture network user passwords?

Question444: Of the following, which is NOT a risk assessment system?

Question445: Which one of the following is usually not a benefit resulting from the use of firewalls?

Question446: Which layer of the DoD TCP/IP Model ensures error-free delivery and packet sequencing?

Question447: Which of the following keys has the SHORTEST lifespan?

Question448: Which of the following statements pertaining to key management is incorrect?

Question449: Which of the following focuses on sustaining an organization's business functions during and after a disruption?

Question450: Who is responsible for providing reports to the senior management on the effectiveness of the security controls?

Question451: Which ISO/OSI layer establishes the communications link between individual devices over a physical link or channel?

Question452: What is the main characteristic of a bastion host?

Question453: Which of the following choice is NOT normally part of the questions that would be asked in regards to an organization's information security policy?

Question454: Which of the following is NOT a fundamental component of an alarm in an intrusion detection system?

Question455: Which of the following statements pertaining to Kerberos is false?

Question456: Which of the following would be the best criterion to consider in determining the classification of an information asset?

Question457: What security model is dependent on security labels?

Question458: Which of the following is a symmetric encryption algorithm?

Question459: The ability to identify and audit a user and his / her actions is known as ____________.

Question460: What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters?

Question461: In a known plaintext attack, the cryptanalyst has knowledge of which of the following?

Question462: Of the protocols list, which one is connection oriented?

Question463: Which of the following layers provides end-to-end data transfer service?

Question464: Which of the following biometric devices has the lowest user acceptance level?

Question465: Which of the following is the MOST important aspect relating to employee termination?

Question466: While using IPsec, the ESP and AH protocols both provides integrity services.
However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service.
Which of the items below would affects the use of AH and it's Integrity Check Value (ICV) the most?

Question467: Which conceptual approach to intrusion detection system is the most common?

Question468: Which security model introduces access to objects only through programs?

Question469: What is the primary role of cross certification?

Question470: Which of the following statements is most accurate regarding a digital signature?

Question471: A code, as is pertains to cryptography:

Question472: Once evidence is seized, a law enforcement officer should emphasize which of the following?

Question473: Under United States law, an investigator's notebook may be used in court in which of the following scenarios?

Question474: Packet Filtering Firewalls can also enable access for:

Question475: Recovery Site Strategies for the technology environment depend on how much downtime an organization can tolerate before the recovery must be completed.
What would you call a strategy where the alternate site is internal, standby ready, with all the technology and equipment necessary to run the applications?

Question476: Which of following is not a service provided by AAA servers (Radius, TACACS and DIAMETER)?

Question477: Which of the following access control models introduces user security clearance and data classification?

Question478: The fact that a network-based IDS reviews packets payload and headers enable which of the following?

Question479: Which of the following division is defined in the TCSEC (Orange Book) as minimal protection?

Question480: Which of the following best describes signature-based detection?

Question481: A Wide Area Network (WAN) is basically everything outside of:

Question482: What can best be defined as a strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall?

Question483: The Crossover Error Rate (CER) is a good measure of performance for:

Question484: Who first described the DoD multilevel military security policy in abstract, formal terms?

Question485: Which of the following tools is less likely to be used by a hacker?

Question486: In which phase of Internet Key Exchange (IKE) protocol is peer authentication performed?

Question487: The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?

Question488: What is the main difference between a Smurf and a Fraggle attack?

Question489: Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the:

Question490: Which of the following is true about Kerberos?

Question491: Authentication is based on which of the following:<br>(Choose three)

Question492: Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms?

Question493: What prevents a process from accessing another process' data?

Question494: In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified.
Such a model can be used to quickly summarize what permissions a subject has for various system objects.

Question495: Integrity = ______________

Question496: Risk reduction in a system development life-cycle should be applied:

Question497: Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?

Question498: What is called a sequence of characters that is usually longer than the allotted number for a password?

Question499: Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier?

Question500: An Intrusion Detection System (IDS) is what type of control?

Question501: What is the key size of the International Data Encryption Algorithm (IDEA)?

Question502: Which OSI/ISO layer is responsible for determining the best route for data to be transferred?

Question503: In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use:

Question504: Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?

Question505: Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams.
This method allocates bandwidth dynamically to physical channels having information to transmit?

Question506: In a Public Key Infrastructure, how are public keys published?

Question507: The main difference between MD5 and SHA is what?

Question508: Which of the following server contingency solutions offers the highest availability?

Question509: Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the::

Question510: Which of the following is NOT an asymmetric key algorithm?

Question511: Out of the steps listed below, which one is not one of the steps conducted during the Business Impact Analysis (BIA)?

Question512: In this type of attack, the intruder re-routes data traffic from a network device to a personal machine.
This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization.
Pick the best choice below.

Question513: Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?

Question514: Tripwire is a ___________________-

Question515: Which of the following is a reason to use a Firewall?

Question516: IKE - Internet Key Exchange is often used in conjunction with what security standard?

Question517: Define the term tuple.

Question518: Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?

Question519: What is the main problem of the renewal of a root CA certificate?

Question520: Unshielded Twisted Pair (UTP) cables comes in several categories.
The categories are based on:

Question521: The concept of best effort delivery is best associated with?

Question522: What is the Biba security model concerned with?

Question523: Which of the following services relies on UDP?

Question524: Which of the following is an example of a passive attack?

Question525: Crime Prevention Through Environmental Design (CPTED) is a discipline that:

Question526: The control measures that are intended to reveal the violations of security policy using software and hardware are associated with:

Question527: Related to information security, integrity is the opposite of which of the following?

Question528: The most important component of antivirus software is the _______________?

Question529: Which of the following technologies is a target of XSS or CSS (Cross-Site Scripting) attacks?

Question530: Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options?

Question531: What principle focuses on the uniqueness of separate objects that must be joined together to perform a task? It is sometimes referred to as "what each must bring" and joined together when getting access or decrypting a file. Each of which does not reveal the other?

Question532: Within the OSI model, at what layer are some of the SLIP, CSLIP, PPP control functions provided?

Question533: Which of the following is used to monitor network traffic or to monitor host audit logs in real time to determine violations of system security policy that have taken place?

Question534: Which of the following is an issue with signature-based intrusion detection systems?

Question535: Layer 4 of the OSI stack is known as:

Question536: Good security is built on which of the following concept?

Question537: Rule-Based Access Control (RuBAC) access is determined by rules.
Such rules would fit within what category of access control ?

Question538: What is defined as the manner in which the network devices are organized to facilitate communications?

Question539: Which of the following was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support?

Question540: Which of the following phases of a software development life cycle normally addresses Due Care and Due Diligence?

Question541: Which of the following statements relating to the Bell-LaPadula security model is FALSE (assuming the Strong Star property is not being used) ?

Question542: What is called a system that is capable of detecting that a fault has occurred and has the ability to correct the fault or operate around it?

Question543: The primary service provided by Kerberos is which of the following?

Question544: Which of the following statements pertaining to link encryption is false?

Question545: What is the difference between Advisory and Regulatory security policies?

Question546: In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected?

Question547: Name two types of Intrusion Detection Systems ________ and ________.

Question548: Which of the following are the two MOST common implementations of Intrusion Detection Systems?

Question549: What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?

Question550: Spoofing is a sophisticated technique of authenticating one computer to another by forging IP packets from a trusted source address(True / False)

Question551: Which layer of the OSI model handles encryption?

Question552: __________ is a tool used by network administrators to capture packets from a network.

Question553: Which of the following questions is less likely to help in assessing identification and authentication controls?

Question554: Why is infrared generally considered to be more secure to eavesdropping than multidirectional radio transmissions?

Question555: Which of the following pairings uses technology to enforce access control policies?

Question556: Which access control model would a lattice-based access control model be an example of?

Question557: A virus is considered to be "in the ______ " if it has been reported as replicating and causing harm to computers.

Question558: Which of the following IEEE standards defines the token ring media access method?

Question559: A prolonged complete loss of electric power is a:

Question560: What is a decrease in amplitude as a signal propagates along a transmission medium best known as?

Question561: Which of the following media is MOST resistant to tapping?

Question562: Which of the following is a telecommunication device that translates data from digital to analog form and back to digital?

Question563: A momentary high voltage is a:

Question564: ________ is the authoritative entity which lists port assignments

Question565: Which access control model provides upper and lower bounds of access capabilities for a subject?

Question566: Which of the following is implemented through scripts or smart agents that replays the users multiple log-ins against authentication servers to verify a user's identity which permit access to system services?

Question567: The primary purpose for using one-way hashing of user passwords within a password file is which of the following?

Question568: Who should direct short-term recovery actions immediately following a disaster?

Question569: ______________ is a vendor neutral authorization and authentication protocol used by Windows
2000.

Question570: Under the principle of culpable negligence, executives can be held liable for losses that result from computer system breaches if:

Question571: Which of the following floors would be most appropriate to locate information processing facilities in a 6-stories building?

Question572: What is called the percentage of valid subjects that are falsely rejected by a Biometric Authentication system?

Question573: In biometric identification systems, the parts of the body conveniently available for identification are:

Question574: In addition to the accuracy of the biometric systems, there are other factors that must also be considered:

Question575: __________ is the most famous Unix password cracking tool.

Question576: Which of the following biometric parameters are better suited for authentication use over a long period of time?

Question577: Which of the following phases of a system development life-cycle is most concerned with maintaining proper authentication of users and processes to ensure appropriate access control decisions?

Question578: A prolonged power supply that is below normal voltage is a:

Question579: Which of the following Intrusion Detection Systems (IDS) uses a database of attacks, known system vulnerabilities, monitoring current attempts to exploit those vulnerabilities, and then triggers an alarm if an attempt is found?

Question580: Why would a memory dump be admissible as evidence in court?

Question581: Which of the following would best classify as a management control?

Question582: Overloading or congesting a system's resources so that it is unable to provide required services is referred to as:

Question583: Which of the following is not a two-factor authentication mechanism?

Question584: Which of the following best defines add-on security?

Question585: What does RADIUS stand for?

Question586: Which of the following NAT firewall translation modes offers no protection from hacking attacks to an internal host using this functionality?

Question587: Which of the following computer crime is MORE often associated with INSIDERS?

Question588: Which of the following statements pertaining to the Bell-LaPadula is TRUE if you are NOT making use of the strong star property?

Question589: Which of the following OSI layers provides routing and related services?

Question590: When first analyzing an intrusion that has just been detected and confirming that it is a true positive, which of the following actions should be done as a first step if you wish to prosecute the attacker in court?

Question591: Which type of attack involves impersonating a user or a system?

Question592: An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?