EMT Practice Test

1. Question Content...


Question List

Question1: Which access control model is also called Non Discretionary Access Control (NDAC)?

Question2: This type of supporting evidence is used to help prove an idea or a point, however It cannot stand on its own, it is used as a supplementary tool to help prove a primary piece of evidence.
What is the name of this type of evidence?

Question3: Which of the following is true about Kerberos?

Question4: What are the three performance measurements used in biometrics?<br>(Choose three)

Question5: Which of the following statements pertaining to Asynchronous Transfer Mode (ATM) is false?

Question6: Which of the following computer design approaches is based on the fact that in earlier technologies, the instruction fetch was the longest part of the cycle?

Question7: Select three ways to deal with risk.

Question8: ______________ is a vendor neutral authorization and authentication protocol used by Windows
2000.

Question9: The IP header contains a protocol field.
If this field contains the value of 17, what type of data is contained within the ip datagram?

Question10: For which areas of the enterprise are business continuity plans required?

Question11: Which of the following is not a component of a Operations Security "triples"?

Question12: Which of the following choices describe a condition when RAM and Secondary storage are used together?

Question13: What is a limitation of TCP Wrappers?

Question14: The Logical Link Control sub-layer is a part of which of the following?

Question15: Which of the following is not one of the three goals of Integrity addressed by the Clark-Wilson model?

Question16: Because ordinary cable introduces a toxic hazard in the event of fire, special cabling is required in a separate area provided for air circulation for heating, ventilation, and air-conditioning (sometimes referred to as HVAC) and typically provided in the space between the structural ceiling and a drop- down ceiling.
This area is referred to as the:

Question17: Which of the following does not address Database Management Systems (DBMS) Security?

Question18: Which of the following backup method must be made regardless of whether Differential or Incremental methods are used?

Question19: In a known plaintext attack, the cryptanalyst has knowledge of which of the following?

Question20: Which of the following remote access authentication systems is the most robust?

Question21: Which of the following statements pertaining to ethical hacking is incorrect?

Question22: In a SSL session between a client and a server, who is responsible for generating the master secret that will be used as a seed to generate the symmetric keys that will be used during the session?

Question23: Which of the following is NOT a valid reason to use external penetration service firms rather than corporate resources?

Question24: In order to use L0pht, the ___________ must be exported from Windows NT.

Question25: Heuristic scanning in antivirus software is designed to catch 100% of all known and unknownvirus technologies.

Question26: A business continuity plan is an example of which of the following?

Question27: A systems ability to identify a particular individual, track their actions, and monitor their behavior is known as:

Question28: What attribute is included in a X.509-certificate?

Question29: Which of the following category of UTP cables is specified to be able to handle gigabit Ethernet (1 Gbps) according to the EIA/TIA-568-B standards?

Question30: Some Unix systems use a very simple cipher called _________.

Question31: Which one of the following is used to provide authentication and confidentiality for e-mail messages?

Question32: The security of a computer application is most effective and economical in which of the following cases?

Question33: If an organization were to monitor their employees' e-mail, it should not:

Question34: Which of the following enables the person responsible for contingency planning to focus risk management efforts and resources in a prioritized manner only on the identified risks?

Question35: A Packet Filtering Firewall system is considered a:

Question36: Which of the following would provide the BEST stress testing environment taking under consideration and avoiding possible data exposure and leaks of sensitive data?

Question37: Which of the following best corresponds to the type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location?

Question38: Which of the following is the act of performing tests and evaluations to test a system's security level to see if it complies with the design specifications and security requirements?

Question39: Which authentication technique best protects against hijacking?

Question40: It is a violation of the "separation of duties" principle when which of the following individuals access the software on systems implementing security?

Question41: In biometric identification systems, at the beginning, it was soon apparent that truly positive identification could only be based on :

Question42: A ___________ is a program that can be useful in preventing cookies and Java applets from accessing a system.

Question43: DES - Data Encryption standard has a 128 bit key and is very difficult to break.

Question44: Controls like guards and general steps to maintain building security, securing of server rooms or laptops, the protection of cables, and usage of magnetic switches on doors and windows are some of the examples of:

Question45: Which of the following statements pertaining to Secure Sockets Layer (SSL) is false?

Question46: Which of the following is an unintended communication path that is NOT protected by the system's normal security mechanisms?

Question47: In which of the following model are Subjects and Objects identified and the permissions applied to each subject/object combination are specified.
Such a model can be used to quickly summarize what permissions a subject has for various system objects.

Question48: Which backup method is additive because the time and tape space required for each night's backup grows during the week as it copies the day's changed files and the previous days' changed files up to the last full backup?

Question49: What can be defined as a list of subjects along with their access rights that are authorized to access a specific object?

Question50: The change control process:

Question51: Which of the following issues is not addressed by digital signatures?

Question52: Configuration Management controls what?

Question53: What is the essential difference between a self-audit and an independent audit?

Question54: What is called an attack in which an attacker floods a system with connection requests but does not respond when the target system replies to those requests?

Question55: What is the main characteristic of a bastion host?

Question56: Which of the following statements pertaining to quantitative risk analysis is false?

Question57: Which of the following are additional access control objectives?

Question58: Which xDSL flavour can deliver up to 52 Mbps downstream over a single copper twisted pair?

Question59: All of the following can be considered essential business functions that should be identified when creating a Business Impact Analysis (BIA) except one.
Which of the following would not be considered an essential element of the BIA but an important TOPIC to include within the BCP plan:

Question60: Which of the following Kerberos components holds all users' and services' cryptographic keys?

Question61: The absence of a safeguard, or a weakness in a system that may possibly be exploited is called a(n)?

Question62: Which of the following choices describe a Challenge-response tokens generation?

Question63: Which of the following transmission media would NOT be affected by cross talk or interference?

Question64: Which access control model enables the OWNER of the resource to specify what subjects can access specific resources based on their identity?

Question65: There are 5 classes of IP addresses available, but only 3 classes are in common use today, identify the three: (Choose three)

Question66: Which of the following refers to the data left on the media after the media has been erased?

Question67: The National Institute of Standards and Technology (NIST) standard pertaining to perimeter protection states that critical areas should be illuminated up to?

Question68: Why would a memory dump be admissible as evidence in court?

Question69: A server cluster looks like a:

Question70: Which of the following can be defined as the process of rerunning a portion of the test scenario or test plan to ensure that changes or corrections have not introduced new errors?

Question71: How often should virus definition downloads and system virus scans be completed?

Question72: Crackers today are MOST often motivated by their desire to:

Question73: Why do buffer overflows happen?
What is the main cause?

Question74: Which of the following statements pertaining to software testing approaches is correct?

Question75: Which of the following ASYMMETRIC encryption algorithms is based on the difficulty of FACTORING LARGE NUMBERS?

Question76: Which of the following terms can be described as the process to conceal data into another file or media in a practice known as security through obscurity?

Question77: An effective information security policy should not have which of the following characteristic?

Question78: Cryptography does not concern itself with which of the following choices?

Question79: How should a risk be HANDLED when the cost of the countermeasure OUTWEIGHS the cost of the risk?

Question80: When you update records in multiple locations or you make a copy of the whole database at a remote location as a way to achieve the proper level of fault-tolerance and redundancy, it is knows as?

Question81: Which of the following is not a logical control when implementing logical access security?

Question82: What can be defined as an event that could cause harm to the information systems?

Question83: Which of the following is NOT a symmetric key algorithm?

Question84: Companies can now be sued for privacy violations just as easily as they can be sued for security compromises.

Question85: ______________ relates to the concept of protecting data from unauthorized users.

Question86: Which one of the following represents an ALE calculation?

Question87: If a sender is unable to deny having sent an electronic transmission, this concept is known as___________________

Question88: The NT password cracking program L0pht is capable of pulling passwords from the registry?

Question89: Which of the following is an advantage in using a bottom-up versus a top-down approach to software testing?

Question90: Password management falls into which control category?

Question91: Which of the following is NOT a common category/classification of threat to an IT system?

Question92: In the past, many companies had been hesitant to report computer crimes.

Question93: What is also known as 10Base5?

Question94: Which of the following is needed for System Accountability?

Question95: Which of the following best describes signature-based detection?

Question96: All hosts on an IP network have a logical ID called a(n):

Question97: RSA has all of the following characteristics except?

Question98: Which access model is most appropriate for companies with a high employee turnover?

Question99: Of the reasons why a Disaster Recovery plan gets outdated, which of the following is not true?

Question100: Which one of these formulas is used in Quantitative risk analysis?

Question101: When a station communicates on the network for the first time, which of the following protocol would search for and find the Internet Protocol (IP) address that matches with a known Ethernet address?

Question102: Which TCSEC level is labeled Controlled Access Protection?

Question103: The ___________ protocol converts IP addresses (logical) to MAC Addresses (physical)

Question104: Which of the following Operation Security controls is intended to prevent unauthorized intruders from internally or externally accessing the system, and to lower the amount and impact of unintentional errors that are entering the system?

Question105: Who is responsible for initiating corrective measures and capabilities used when there are security violations?

Question106: A channel within a computer system or network that is designed for the authorized transfer of information is identified as a(n)?

Question107: FTP, TFTP, SNMP, and SMTP are provided at what level of the Open Systems Interconnect (OSI) Reference Model?

Question108: Which of the following type of traffic can easily be filtered with a stateful packet filter by enforcing the context or state of the request?

Question109: Only key members of the staff need to be educated in disaster recovery procedures.

Question110: Which security model uses division of operations into different parts and requires different users to perform each part?

Question111: Which of the following can best define the "revocation request grace period"?

Question112: Although they are accused of being one in the same, hackers and crackers are two distinctly different groups with different goals pertaining to computers.

Question113: Which of the following outlined how senior management are responsible for the computer and information security decisions that they make and what actually took place within their organizations?

Question114: Which OSI/ISO layer does a SOCKS server operate at?

Question115: Which of the following is the most complete disaster recovery plan test type, to be performed after successfully completing the Parallel test?

Question116: Which of the following biometric devices has the lowest user acceptance level?

Question117: Kerberos can prevent which one of the following attacks?

Question118: Which of the following monitors network traffic in real time?

Question119: Which of the following server contingency solutions offers the highest availability?

Question120: Which auditing practice relates to the controlling of hardware, software, firmware, and documentation to insure it has not been improperly modified?

Question121: Risk analysis is MOST useful when applied during which phase of the system development process?

Question122: What mechanism automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters?

Question123: Proxies works by transferring a copy of each accepted data packet from one network to another, thereby masking the:

Question124: RADIUS incorporates which of the following services?

Question125: Degaussing is used to clear data from all of the following medias except:

Question126: What can be described as an imaginary line that separates the trusted components of the TCB from those elements that are NOT trusted?

Question127: Which SSL version offers client-side authentication?

Question128: Which of the following will a Business Impact Analysis NOT identify?

Question129: In the statement below, fill in the blank:
Law enforcement agencies must get a warrant to search and seize an individual's property, as stated in the _____ Amendment.

Question130: To meet SSCP certification requirements a candidate must _______ and __________. (Choose two)

Question131: Which of the following access control models requires security clearance for subjects?

Question132: Which of the following statements pertaining to disaster recovery planning is incorrect?

Question133: What is RAD?

Question134: Which of the following would assist the most in Host Based intrusion detection?

Question135: Which of the following statements pertaining to a security policy is incorrect?

Question136: Which of the following is the WEAKEST authentication mechanism?

Question137: In telephony different types of connections are being used.
The connection from the phone company's branch office to local customers is referred to as which of the following choices?

Question138: Countermeasures have three main objectives, what are they? (Choose all that apply)

Question139: Which of the following addresses a portion of the primary memory by specifying the actual address of the memory location?

Question140: If any server in the cluster crashes, processing continues transparently, however, the cluster suffers some performance degradation.
This implementation is sometimes called a:

Question141: In a hierarchical PKI the highest CA is regularly called Root CA, it is also referred to by which one of the following term?

Question142: While using IPsec, the ESP and AH protocols both provides integrity services.
However when using AH, some special attention needs to be paid if one of the peers uses NAT for address translation service.
Which of the items below would affects the use of AH and it's Integrity Check Value (ICV) the most?

Question143: Public Key Infrastructure (PKI) uses asymmetric key encryption between parties.
The originator encrypts information using the intended recipient's "public" key in order to get confidentiality of the data being sent.
The recipients use their own "private" key to decrypt the information.
The "Infrastructure" of this methodology ensures that:

Question144: Which of the following is used by RADIUS for communication between clients and servers?

Question145: Volatile memory is referred to as ROM.

Question146: In the DoD accreditation process a __________ is the formal entity which ensures that information systems meet a certain criteria for secure operation. Once approved these machines are certified to operate with a set of listed safeguards.

Question147: What security control provides a method to insure that a transaction did or did not occur?

Question148: Secure Sockets Layer (SSL) is very heavily used for protecting which of the following?

Question149: Which of the following statements pertaining to stream ciphers is correct?

Question150: Which of the following control pairings include: organizational policies and procedures, pre- employment background checks, strict hiring practices, employment agreements, employee termination procedures, vacation scheduling, labeling of sensitive materials, increased supervision, security awareness training, behavior awareness, and sign-up procedures to obtain access to information systems and networks?

Question151: Identification and authentication are the keystones of most access control systems.
Identification establishes:

Question152: Which of the following focuses on sustaining an organization's business functions during and after a disruption?

Question153: This type of backup management provides a continuous on-line backup by using optical or tape
"jukeboxes," similar to WORMs (Write Once, Read Many):

Question154: Which of the following is best defined as a circumstance in which a collection of information items is required to be classified at a higher security level than any of the individual items that comprise it?

Question155: Which of the following is not a two-factor authentication mechanism?

Question156: The term "principle of least privilege" is best as:

Question157: Remote Procedure Call (RPC) is a protocol that one program can use to request a service from a program located in another computer in a network.
Within which OSI/ISO layer is RPC implemented?

Question158: The ability to adjust access control to the exact amount of permission necessary is called
______________.

Question159: The first step in the implementation of the contingency plan is to perform:

Question160: Why should batch files and scripts be stored in a protected area?

Question161: Overloading or congesting a system's resources so that it is unable to provide required services is referred to as:

Question162: What is the 802.11 standard related to?

Question163: What ISO/OSI layer do switches primarily operate at? Do take note that this question makes reference to a plain vanilla switch and not one of the smart switches that is available on the market today.

Question164: Which type of attack involves hijacking a session between a host and a target by predicting the target's choice of an initial TCP sequence number?

Question165: Which of the following offers security to wireless communications?

Question166: Which of the following describes the major disadvantage of many Single Sign-On (SSO) implementations?

Question167: Which type of algorithm is considered to have the highest strength per bit of key length of any of the asymmetric algorithms?

Question168: Which of the following LAN topologies offers the highest availability?

Question169: What would be the name of a Logical or Virtual Table dynamically generated to restrict the information a user can access in a database?

Question170: Which of the following is NOT a defined ISO basic task related to network management?

Question171: Which one of the following authentication mechanisms creates a problem for mobile users?

Question172: Telnet and rlogin use which protocol?

Question173: Prior to a live disaster test also called a Full Interruption test, which of the following is most important?

Question174: Symmetric = private key = secret ________ = public key = shared

Question175: There are ______ available service ports

Question176: An attack initiated by an entity that is authorized to access system resources but uses them in a way not approved by those who granted the authorization is known as a(n):

Question177: Which disaster recovery plan test involves functional representatives meeting to review the plan in detail?

Question178: The scope and focus of the Business continuity plan development depends most on:

Question179: In the Bell-LaPadula model, the Star-property is also called:

Question180: Which of the following centralized access control mechanisms is the least appropriate for mobile workers accessing the corporate network over analog lines?

Question181: During the salvage of the Local Area Network and Servers, which of the following steps would normally be performed first?

Question182: Which type of firewall can be used to track connectionless protocols such as UDP and RPC?

Question183: What is called an exception to the search warrant requirement that allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the evidence is deemed imminent?

Question184: What Orange Book security rating is reserved for systems that have been evaluated but fail to meet the criteria and requirements of the higher divisions?

Question185: Computer security should be first and foremost which of the following:

Question186: The ability to identify and audit a user and his / her actions is known as ____________.

Question187: Which of the following service is not provided by a public key infrastructure (PKI)?

Question188: Which of the following would be true about Static password tokens?

Question189: A 'Pseudo flaw' is which of the following?

Question190: What is called the probability that a threat to an information system will materialize?

Question191: Today, privacy violations are almost as serious as security violations?

Question192: Select the major difference(s) between block and stream ciphers. (Choose all that apply)

Question193: Upon which of the following ISO/OSI layers does network address translation operate?

Question194: The Internet service that converts www.soundbodyworks.com to 216.230.195.151 is known as

Question195: What would be the Annualized Rate of Occurrence (ARO) of the threat "user input error", in the case where a company employs 100 data entry clerks and every one of them makes one input error each month?

Question196: Which of the following access control models introduces user security clearance and data classification?

Question197: Organizations should consider which of the following first before allowing external access to their LANs via the Internet?

Question198: Which of the following is not an element of a business continuity plan?

Question199: Detective/Technical measures:

Question200: What can best be described as an abstract machine which must mediate all access to subjects to objects?

Question201: Which port does the Post Office Protocol Version 3 (POP3) make use of?

Question202: What is the main characteristic of a multi-homed host?

Question203: The primary service provided by Kerberos is which of the following?

Question204: An access system that grants users only those rights necessary for them to perform their work is operating on which security principle?

Question205: Which of the following security-focused protocols has confidentiality services operating at a layer different from the others?

Question206: Which of the following is a LAN transmission method?

Question207: What is NOT an authentication method within IKE and IPsec?

Question208: Which of the following are REGISTERED PORTS as defined by IANA ?

Question209: The Orange Book is founded upon which security policy model?

Question210: Which division of the Orange Book deals with discretionary protection (need-to-know)?

Question211: In which of the following phases of system development life cycle (SDLC) is contingency planning most important?

Question212: What does the (star) integrity axiom mean in the Biba model?

Question213: Which of the following statements pertaining to biometrics is false?

Question214: Which of the following is defined as an Internet, IPsec, key-establishment protocol, partly based on OAKLEY, that is intended for putting in place authenticated keying material for use with ISAKMP and for other security associations?

Question215: What kind of certificate is used to validate a user identity?

Question216: What prevents a process from accessing another process' data?

Question217: Which of the following are suitable protocols for securing VPN connections at the lower layers of the OSI model?

Question218: Which of the following is the BEST way to detect software license violations?

Question219: Which type of attack involves the alteration of a packet at the IP level to convince a system that it is communicating with a known entity in order to gain access to a system?

Question220: In the process of gathering evidence from a computer attack, a system administrator took a series of actions which are listed below.
Can you identify which one of these actions has compromised the whole evidence collection process?

Question221: HTTP, FTP, SMTP reside at which layer of the OSI model?

Question222: Who should DECIDE how a company should approach security and what security measures should be implemented?

Question223: Masquerading is synonymous with __________.

Question224: Which of the following best describes the purpose of debugging programs?

Question225: Which of the following recovery plan test results would be most useful to management?

Question226: Which of the following is an extension to Network Address Translation that permits multiple devices providing services on a local area network (LAN) to be mapped to a single public IP address?

Question227: The Telecommunications Security Domain of information security is also concerned with the prevention and detection of the misuse or abuse of systems, which poses a threat to the tenets of:

Question228: What would BEST define a covert channel?

Question229: Passfilt.dll enforces which of the following? (Choose all that apply)

Question230: The Data Encryption Standard (DES) encryption algorithm has which of the following characteristics?

Question231: Within the realm of IT security, which of the following combinations best defines risk?

Question232: Which of the following is an issue with signature-based intrusion detection systems?

Question233: In Mandatory Access Control, sensitivity labels attached to object contain what information?

Question234: Which of the following teams should NOT be included in an organization's contingency plan?

Question235: Which of the following biometric devices offers the LOWEST CER?

Question236: In what way can violation clipping levels assist in violation tracking and analysis?

Question237: Which of the following IEEE standards defines the token ring media access method?

Question238: Which type of attack involves impersonating a user or a system?

Question239: Which of the following are WELL KNOWN PORTS assigned by the IANA?

Question240: Virus scanning and content inspection of SMIME encrypted e-mail without doing any further processing is:

Question241: Communications and network security relates to transmission of which of the following?

Question242: Which of the following can best be defined as a cryptanalysis technique in which the analyst tries to determine the key from knowledge of some plaintext-ciphertext pairs?

Question243: Which layer of the TCP/IP protocol model would best correspond to the OSI/ISO model's network layer?

Question244: Which of the following is more suitable for a hardware implementation?

Question245: This type of attack is generally most applicable to public-key cryptosystems, what type of attack am I ?

Question246: A circuit level proxy is ___________________ when compared to an application level proxy.

Question247: PGP uses which of the following to encrypt data?

Question248: Like the Kerberos protocol, SESAME is also subject to which of the following?

Question249: Which of the following concerning the Rijndael block cipher algorithm is false?

Question250: Which of the following DoS attacks use ICMP? (Choose two)

Question251: What is the proper term to refer to a single unit of IP data?

Question252: Which element must computer evidence have to be admissible in court?

Question253: When preparing a business continuity plan, who of the following is responsible for identifying and prioritizing time-critical systems?

Question254: Which of the following is a not a preventative control?

Question255: Which of the following reviews system and event logs to detect attacks on the host and determine if the attack was successful?

Question256: Layer 4 of the OSI model corresponds to which layer of the DoD model?

Question257: Preservation of confidentiality within information systems requires that the information is not disclosed to:

Question258: How are memory cards and smart cards different?

Question259: The fact that a network-based IDS reviews packets payload and headers enable which of the following?

Question260: Which of the following was designed to support multiple network types over the same serial link?

Question261: Which of the following is considered the LEAST secure?

Question262: Which of the following should NOT normally be allowed through a firewall?

Question263: Which of the following would constitute the best example of a password to use for access to a system by a network administrator?

Question264: Transport Layer Security (TLS) is a two-layered socket layer security protocol that contains the TLS Record Protocol and the::

Question265: In Discretionary Access Control the subject has authority, within certain limitations,

Question266: A prolonged complete loss of electric power is a:

Question267: Pin, Password, Passphrases, Tokens, smart cards, and biometric devices are all items that can be used for Authentication.
When one of these item listed above in conjunction with a second factor to validate authentication, it provides robust authentication of the individual by practicing which of the following?

Question268: Which of the following computer recovery sites is the least expensive and the most difficult to test?

Question269: Application Layer Firewalls operate at the:

Question270: A ___________ is a program that poses as a useful or legitimate program, but turns out to be malicious code.

Question271: Which of the following phases of a software development life cycle normally incorporates the security specifications, determines access controls, and evaluates encryption options?

Question272: Which software development model is actually a meta-model that incorporates a number of the software development models?

Question273: In the context of Biometric authentication, what is a quick way to compare the accuracy of devices.
In general, the device that have the lowest value would be the most accurate.
Which of the following would be used to compare accuracy of devices?

Question274: Is the person who is attempting to log on really who they say they are? What form of access control does this questions stem from?

Question275: Which of the following is NOT an asymmetric key algorithm?

Question276: Which of the following is true about link encryption?

Question277: _______ and ________ are the primary controls of most access control systems.<br>(Choose two)

Question278: Which of the following is NOT a common integrity goal?

Question279: What is the role of IKE within the IPsec protocol?

Question280: Which of the following embodies all the detailed actions that personnel are required to follow?

Question281: Which of the following can best eliminate dial-up access through a Remote Access Server as a hacking vector?

Question282: Which of the following is a telecommunication device that translates data from digital to analog form and back to digital?

Question283: The __________ is the most dangerous part of a virus program.

Question284: Which of the following attacks could capture network user passwords?

Question285: Which of the following statements pertaining to VPN protocol standards is false?

Question286: What does RADIUS stand for?

Question287: ___________________ is responsible for creating security policies and for communicating those policies to system users.

Question288: Which of the following are NOT a countermeasure to traffic analysis?

Question289: What kind of Encryption technology does SSL utilize?

Question290: Which of the following questions is less likely to help in assessing an organization's contingency planning controls?

Question291: Which of the following is true about link encryption?

Question292: What is the main difference between a logic bomb and a stealth virus? (Choose all that apply)

Question293: Which of the following protects a password from eavesdroppers and supports the encryption of communication?

Question294: Tripwire is a ___________________-

Question295: Which of the following is based on the premise that the quality of a software product is a direct function of the quality of its associated software development and maintenance processes?

Question296: The Clipper Chip utilizes which concept in public key cryptography?

Question297: Which of the following models does NOT include data integrity or conflict of interest?

Question298: Which of the following statements pertaining to packet filtering is incorrect?

Question299: Each data packet is assigned the IP address of the sender and the IP address of the:

Question300: Which cable technology refers to the CAT3 and CAT5 categories?

Question301: Which type of encryption is considered to be unbreakable if the stream is truly random and is as large as the plaintext and never reused in whole or part?

Question302: Which of the following test makes sure the modified or new system includes appropriate access controls and does not introduce any security holes that might compromise other systems?

Question303: Accounting, __________, and ____________ are the AAAs of information security.

Question304: What distinguishes a hacker / cracker from a phreak?

Question305: Which of the following standards concerns digital certificates?

Question306: Which protocol makes USE of an electronic wallet on a customer's PC and sends encrypted credit card information to merchant's Web server, which digitally signs it and sends it on to its processing bank?

Question307: Risk mitigation and risk reduction controls for providing information security are classified within three main categories, which of the following are being used?

Question308: Which of the following is NOT a technical control?

Question309: Which of the following best ensures accountability of users for the actions taken within a system or domain?

Question310: In biometrics, "one-to-many" search against database of stored biometric images is done in:

Question311: TCPWrappers is an example of which type of security tool?

Question312: A business continuity plan should list and prioritize the services that need to be brought back after a disaster strikes.
Which of the following services is more likely to be of primary concern in the context of you're your Disaster Recovery Plan would include?

Question313: Secure Shell (SSH-2) supports authentication, compression, confidentiality, and integrity, SSH is commonly used as a secure alternative to all of the following protocols below except:

Question314: What is called the formal acceptance of the adequacy of a system's overall security by the management?

Question315: As per the Orange Book, what are two types of system assurance?

Question316: How can an individual/person best be identified or authenticated to prevent local masquarading attacks?

Question317: In computing what is the name of a non-self-replicating type of malware program containing malicious code that appears to have some useful purpose but also contains code that has a malicious or harmful purpose imbedded in it, when executed, carries out actions that are unknown to the person installing it, typically causing loss or theft of data, and possible system harm.

Question318: Which of the following is true of network security?

Question319: Which of the following services relies on UDP?

Question320: AH - Authentication Header is used in what industry standard protocol?

Question321: Which of the following is not a property of the Rijndael block cipher algorithm?

Question322: Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT) by ensuring the message comes from its claimed originator and that it has not been altered in transmission?

Question323: The IP header contains a protocol field. If this field contains the value of 2, what type of data is contained within the IP datagram?

Question324: Which of the following is NOT a VPN communications protocol standard?

Question325: Which of the following would be the MOST serious risk where a systems development life cycle methodology is inadequate?

Question326: A public key algorithm that does both encryption and digital signature is which of the following?

Question327: What can best be defined as the detailed examination and testing of the security features of an IT system or product to ensure that they work correctly and effectively and do not show any logical vulnerabilities, such as evaluation criteria?

Question328: When referring to a computer crime investigation, which of the following would be the MOST important step required in order to preserve and maintain a proper chain of custody of evidence:

Question329: Which of the following is a method of multiplexing data where a communication channel is divided into an arbitrary number of variable bit-rate digital channels or data streams.
This method allocates bandwidth dynamically to physical channels having information to transmit?

Question330: In the course of responding to and handling an incident, you work on determining the root cause of the incident. In which step are you in?

Question331: Which of the following are NT Audit events? (Choose all that apply)

Question332: What attack involves the perpetrator sending spoofed packet(s) wich contains the same destination and source IP address as the remote host, the same port for the source and destination, having the SYN flag, and targeting any open ports that are open on the remote host?

Question333: Which of the following is NOT part of the Kerberos authentication protocol?

Question334: Which common backup method is the fastest on a daily basis?

Question335: What is the maximum length of cable that can be used for a twisted-pair, Category 5 10Base-T cable?

Question336: Which of the following access control techniques best gives the security officers the ability to specify and enforce enterprise-specific security policies in a way that maps naturally to an organization's structure?

Question337: Another example of Computer Incident Response Team (CIRT) activities is:

Question338: Which of the following is a cryptographic protocol and infrastructure developed to send encrypted credit card numbers over the Internet?

Question339: When compiling a risk assessment report, which of the following items should be included?
(Choose all that apply)

Question340: Which of the following items is NOT a benefit of cold sites?

Question341: An intrusion detection system is an example of what type of countermeasure?

Question342: Which of the following binds a subject name to a public key value?

Question343: Which layer of the DoD TCP/IP model controls the communication flow between hosts?

Question344: Which of the following protocols operates at the session layer (layer 5)?

Question345: What is NOT an authentication method within IKE and IPsec?

Question346: Which of the following elements is NOT included in a Public Key Infrastructure (PKI)?

Question347: How often should a Business Continuity Plan be reviewed?

Question348: Most access violations are:

Question349: Which of the following would be MOST important to guarantee that the computer evidence will be admissible in court?

Question350: A host-based IDS is resident on which of the following?

Question351: When should a post-mortem review meeting be held after an intrusion has been properly taken care of?

Question352: Which of the following can be best defined as computing techniques for inseparably embedding unobtrusive marks or labels as bits in digital data and for detecting or extracting the marks later?

Question353: Which of the following is immune to the effects of electromagnetic interference (EMI) and therefore has a much longer effective usable length?

Question354: Of the protocols list, which one is connection oriented?

Question355: Which of the following statements pertaining to disaster recovery is incorrect?

Question356: What assesses potential loss that could be caused by a disaster?

Question357: Which of the following pairings uses technology to enforce access control policies?

Question358: Which of the following statements pertaining to PPTP (Point-to-Point Tunneling Protocol) is incorrect?

Question359: Who should direct short-term recovery actions immediately following a disaster?

Question360: What is the primary role of smartcards in a PKI?

Question361: What can a packet filtering firewall also be called?

Question362: Which of the following is not an encryption algorithm?

Question363: A copy of evidence or oral description of its contents; which is not as reliable as best evidence is what type of evidence?

Question364: Which of the following is most likely to be useful in detecting intrusions?

Question365: A variation of the application layer firewall is called a:

Question366: Which of the following statements pertaining to link encryption is false?

Question367: How many bits of a MAC address uniquely identify a vendor, as provided by the IEEE?

Question368: A timely review of system access audit records would be an example of which of the basic security functions?

Question369: When gathering digital evidence it is very important to do the following: (Choose all that apply)

Question370: Which must bear the primary responsibility for determining the level of protection needed for information systems resources?

Question371: How would an IP spoofing attack be best classified?

Question372: A Wide Area Network (WAN) is basically everything outside of:

Question373: What is the primary difference between FTP and TFTP?

Question374: Inference attacks involve ___________________________.

Question375: Layer 4 in the DoD model overlaps with which layer(s) of the OSI model?

Question376: Encapsulating Security Payload (ESP) provides some of the services of Authentication Headers (AH), but it is primarily designed to provide:

Question377: Only law enforcement personnel are qualified to do computer forensic investigations.

Question378: Media that is the target of an investigation should be copied on to:

Question379: What are called user interfaces that limit the functions that can be selected by a user?

Question380: What is a TFTP server most useful for?

Question381: What ensures that the control mechanisms correctly implement the security policy for the entire life cycle of an information system?

Question382: A deviation from an organization-wide security policy requires which of the following?

Question383: Which of the following protocols that provide integrity and authentication for IPSec, can also provide non-repudiation in IPSec?

Question384: Information Security policies should be __________________? (Choose all that apply)

Question385: What is one disadvantage of content-dependent protection of information?

Question386: Public keys are used for ___________ messages and private keys are used for __________ messages.

Question387: Which of the following would MOST likely ensure that a system development project meets business objectives?

Question388: What is the PRIMARY use of a password?

Question389: In addition to the Legal Department, with what company function must the collection of physical evidence be coordinated if an employee is suspected?

Question390: Which of the following is not a security goal for remote access?

Question391: Which of the following results in the most devastating business interruptions?

Question392: Which of the following statements pertaining to access control is false?

Question393: A DMZ is also known as a

Question394: A code, as is pertains to cryptography:

Question395: Spoofing is a sophisticated technique of authenticating one computer to another by forging IP packets from a trusted source address(True / False)

Question396: Which of the following is less likely to accompany a contingency plan, either within the plan itself or in the form of an appendix?

Question397: What is used to protect programs from all unauthorized modification or executional interference?

Question398: What are the main goals of an information security program? (Choose all that apply)

Question399: Kerberos depends upon what encryption method?

Question400: Which of the following is not a DES mode of operation?

Question401: ___________ programs decrease the number of security incidents, educate users about procedures, and can potentially reduce losses.

Question402: Which of the following are additional terms used to describe knowledge-based IDS and behavior based IDS?

Question403: Which of the following statements pertaining to packet switching is incorrect?

Question404: In biometrics, the "one-to-one" search used to verify claim to an identity made by a person is considered:

Question405: ___________________ is ultimately responsible for security and privacy violations.

Question406: The three classic ways of authenticating yourself to the computer security software are by something you know, by something you have, and by something:

Question407: Valuable paper insurance coverage does not cover damage to which of the following?

Question408: If an employee's computer has been used by a fraudulent employee to commit a crime, the hard disk may be seized as evidence and once the investigation is complete it would follow the normal steps of the Evidence Life Cycle.
In such case, the Evidence life cycle would not include which of the following steps listed below?

Question409: Which of the following is a tool often used to reduce the risk to a local area network (LAN) that has external connections by filtering Ingress and Egress traffic?

Question410: Which expert system operating mode allows determining if a given hypothesis is valid?

Question411: A central authority determines what subjects can have access to certain objects based on the organizational security policy is called:

Question412: Which of the following is the core of fiber optic cables made of?

Question413: Corporate networks are safer if an end user connects through a VPN connection?

Question414: The Diffie-Hellman algorithm is used for:

Question415: Password crackers fall into two broad categories. What are they?<br>(Choose two)

Question416: What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?

Question417: Flooding network ports is an example of which type of attack?

Question418: What type of software can be used to prevent, detect (and possibly correct) malicious activities on a system?

Question419: What layer of the OSI/ISO model does Point-to-point tunnelling protocol (PPTP) work at?

Question420: For maximum security design, what type of fence is most effective and cost-effective method (Foot are being used as measurement unit below)?

Question421: Which of the following biometric characteristics cannot be used to uniquely authenticate an individual's identity?

Question422: Computer-generated evidence is considered:

Question423: A potential problem related to the physical installation of the Iris Scanner in regards to the usage of the iris pattern within a biometric system is:

Question424: Which xDSL flavour delivers both downstream and upstream speeds of 1.544 Mbps over two copper twisted pairs?

Question425: As a result of a risk assessment, your security manager has determined that your organization needs to implement an intrusion detection system that can detect unknown attacks and can watch for unusual traffic behavior, such as a new service appearing on the network.
What type of intrusion detection system would you select?

Question426: What type of cable is used with 100Base-TX Fast Ethernet?

Question427: What happens if this registry value is set to 1?
HKLM\System\CurrentControlSet\Control\Lsa\CrashonAuditFail

Question428: Accreditation grants permission to operate a system freely since all risk has been eliminated.

Question429: Which of the following security mode of operation does NOT require all users to have the clearance for all information processed on the system?

Question430: Which backup method copies only files that have changed since the last full backup, but does not clear the archive bit?

Question431: Total risk is defined as:

Question432: Which of the following forms of authentication would most likely apply a digital signature algorithm to every bit of data that is sent from the claimant to the verifier?

Question433: _________ is the act of a user professing an identity to a system.

Question434: Technical controls such as encryption and access control can be built into the operating system, be software applications, or can be supplemental hardware/software units.
Such controls, also known as logical controls, represent which pairing?

Question435: Who of the following is responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of IT systems and data?

Question436: Which of the following keys has the SHORTEST lifespan?

Question437: Which of the following is a token-passing scheme like token ring that also has a second ring that remains dormant until an error condition is detected on the primary ring?

Question438: What is the difference between Access Control Lists (ACLs) and Capability Tables?

Question439: The Trusted Computer Security Evaluation Criteria book (TCSEC) is also referred to as:

Question440: What is used to bind a document to its creation at a particular time?

Question441: Why would anomaly detection IDSs often generate a large number of false positives?

Question442: Which of the following is an advantage of prototyping?

Question443: Which of the following is true related to network sniffing?

Question444: Which of the following virus types changes some of its characteristics as it spreads?

Question445: Information security policies are a ___________________.

Question446: Which of the following is NOT an advantage that TACACS+ has over TACACS?

Question447: To protect and/or restore lost, corrupted, or deleted information, thereby preserving the data integrity and availability is the purpose of:

Question448: A momentary power outage is a:

Question449: What is the name of the protocol use to set up and manage Security Associations (SA) for IP Security (IPSec)?

Question450: Which of the following is used to interrupt the opportunity to use or perform collusion to subvert operation for fraudulent purposes?

Question451: Which of the following statements pertaining to disk mirroring is incorrect?

Question452: Which of the following best describes remote journaling?

Question453: Which of the following ports does NOT normally need to be open for a mail server to operate?

Question454: Which of the following is NOT a transaction redundancy implementation?

Question455: Why are coaxial cables called "coaxial"?

Question456: Which security model introduces access to objects only through programs?

Question457: An Intrusion Detection System (IDS) is what type of control?

Question458: Which of the following statements pertaining to a Criticality Survey is incorrect?

Question459: Which of the following is not a preventive operational control?

Question460: ______________ is a Unix security scanning tool developed at Texas A&M university.

Question461: During the testing of the business continuity plan (BCP), which of the following methods of results analysis provides the BEST assurance that the plan is workable?

Question462: Which of the following statements pertaining to message digests is incorrect?

Question463: Which of the following is most relevant to determining the maximum effective cost of access control?

Question464: Which of the following is defined as the most recent point in time to which data must be synchronized without adversely affecting the organization (financial or operational impacts)?

Question465: Which of the following statements pertaining to link encryption is false?

Question466: Once evidence is seized, a law enforcement officer should emphasize which of the following?

Question467: A type of virus that resides in a Word or Excel document is called a ___________ virus?

Question468: Which of the following classes is defined in the TCSEC (Orange Book) as discretionary protection?

Question469: A contingency plan should address:

Question470: Frame relay uses a public switched network to provide:

Question471: In order to ensure the privacy and integrity of the data, connections between firewalls over public networks should use:

Question472: What can be defined as an abstract machine that mediates all access to objects by subjects to ensure that subjects have the necessary access rights and to protect objects from unauthorized access?

Question473: Which of the following describes a technique in which a number of processor units are employed in a single computer system to increase the performance of the system in its application environment above the performance of a single processor of the same kind?

Question474: Identifying specific attempts to penetrate systems is the function of the _______________.

Question475: One of the following assertions is NOT a characteristic of Internet Protocol Security (IPsec)

Question476: What is the RESULT of a hash algorithm being applied to a message ?

Question477: Which of the following is NOT an example of an operational control?

Question478: What are the three FUNDAMENTAL principles of security?

Question479: A trusted system does NOT involve which of the following?

Question480: Which of the following is a disadvantage of a statistical anomaly-based intrusion detection system?

Question481: Which of the following is an IP address that is private (i.e. reserved for internal networks, and not a valid address to use on the Internet)?

Question482: Which of the following is an advantage of a qualitative over a quantitative risk analysis?

Question483: Which of the following algorithms does NOT provide hashing?

Question484: The basic language of modems and dial-up remote access systems is:

Question485: As telnet is widely know to be insecure, one time passwords (OPIE) offer a great alternative.
After a user logs on remotely, OPIE will issue a challenge. What two elements will thi challenge contain?( Choose two)

Question486: What does the directive of the European Union on Electronic Signatures deal with?

Question487: What can be defined as a value computed with a cryptographic algorithm and appended to a data object in such a way that any recipient of the data can use the signature to verify the data's origin and integrity?

Question488: What is the PRIMARY reason to maintain the chain of custody on evidence that has been collected?

Question489: What works as an E-mail message transfer agent?

Question490: Which of the following is not a preventive login control?

Question491: What type of attack involves IP spoofing, ICMP ECHO and a bounce site?

Question492: Which of the following firewall rules found on a firewall installed between an organization's internal network and the Internet would present the greatest danger to the internal network?

Question493: Which of the following would be best suited to oversee the development of an information security policy?

Question494: Packet Filtering Firewalls can also enable access for:

Question495: The IP header contains a protocol field. If this field contains the value of 51, what type of data is contained within the ip datagram?

Question496: Which IPSec operational mode encrypts the entire data packet (including header and data) into an IPSec packet?

Question497: When we encrypt or decrypt data there is a basic operation involving ones and zeros where they are compared in a process that looks something like this:
0101 0001 Plain text
0111 0011 Key stream
0010 0010 Output
What is this cryptographic operation called?

Question498: Which of the following technologies has been developed to support TCP/IP networking over low- speed serial interfaces?

Question499: Which of the following is a CHARACTERISTIC of a decision support system (DSS) in regards to Threats and Risks Analysis?

Question500: In an online transaction processing system (OLTP), which of the following actions should be taken when erroneous or invalid transactions are detected?

Question501: A timely review of system access audit records would be an example of which of the basic security functions?

Question502: Define the term tuple.

Question503: Which of the following protocols is not implemented at the Internet layer of the TCP/IP protocol model?

Question504: What can be best defined as the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment?

Question505: Business Continuity and Disaster Recovery Planning (Primarily) addresses the:

Question506: Which of the following protocols does not operate at the data link layer (layer 2)?

Question507: What is the main concern with single sign-on?

Question508: In this type of attack, the intruder re-routes data traffic from a network device to a personal machine.
This diversion allows an attacker to gain access to critical resources and user credentials, such as passwords, and to gain unauthorized access to critical systems of an organization.
Pick the best choice below.

Question509: How is Annualized Loss Expectancy (ALE) derived from a threat?

Question510: The Data Encryption Algorithm performs how many rounds of substitution and permutation?

Question511: So far, no one has been able to crack the IDEA algorithm with Brute Force.

Question512: Which of the following is the FIRST step in protecting data's confidentiality?

Question513: Kerberos uses asymmetric encryption.(True / False)

Question514: EDI (Electronic Data Interchange) differs from e-Commerce in that ___________________.

Question515: Examples of types of physical access controls include all EXCEPT which of the following?

Question516: Asynchronous Communication transfers data by sending:

Question517: What is the maximum allowable key size of the Rijndael encryption algorithm?

Question518: What enables users to validate each other's certificate when they are certified under different certification hierarchies?

Question519: Passwords should be changed every ________ days at a minimum. 90 days is the recommended minimum, but some resources will tell you that 30-60 days is ideal.

Question520: What refers to legitimate users accessing networked services that would normally be restricted to them?

Question521: Which xDSL flavour, appropriate for home or small offices, delivers more bandwidth downstream than upstream and over longer distance?

Question522: Which three things must be considered for the design, planning, and implementation of access control mechanisms? (Choose three)

Question523: What is the most correct choice below when talking about the steps to resume normal operation at the primary site after the green light has been given by the salvage team?

Question524: How would nonrepudiation be best classified as?

Question525: To control access by a subject (an active entity such as individual or process) to an object (a passive entity such as a file) involves setting up:

Question526: Which of the following is NOT a property of the Rijndael block cipher algorithm?

Question527: SMTP can best be described as:

Question528: Which of the following is not a disadvantage of symmetric cryptography when compared with Asymmetric Ciphers?

Question529: Sending an ICMP packet greater than 64Kb is an example of what type of attack?

Question530: Which of the following is the simplest type of firewall ?

Question531: Controls provide accountability for individuals who are accessing sensitive information.
This accountability is accomplished:

Question532: Which of the following is used to find the Media Access Control address (MAC) that matches with a known Internet Protocol (IP) address?

Question533: Related to information security, confidentiality is the opposite of which of the following?

Question534: Which of the following is an example of a passive attack?

Question535: Risk can be totally eliminated through planning, control, procedures, and insurance.<br>(True / False)

Question536: Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys.
This protocol establishes a long-term key once, and then requires no prior communication in order to establish or exchange keys on a session-by-session basis?

Question537: Within the legal domain what rule is concerned with the legality of how the evidence was gathered ?

Question538: What is the maximum key size for the RC5 algorithm?

Question539: Similar to Secure Shell (SSH-2), Secure Sockets Layer (SSL) uses symmetric encryption for encrypting the bulk of the data being sent over the session and it uses asymmetric or public key cryptography for:

Question540: What is the name of the first mathematical model of a multi-level security policy used to define the concept of a secure state, the modes of access, and rules for granting access?

Question541: What are the two most critical aspects of risk analysis? (Choose two)

Question542: What is the main purpose of Corporate Security Policy?

Question543: The Computer Security Policy Model the Orange Book is based on is which of the following?

Question544: What is the name of the third party authority that vouches for the binding between the data items in a digital certificate?

Question545: The act of intercepting the first message in a public key exchange and substituting a bogus key for the original key is an example of which style of attack?

Question546: Which of the following is NOT an advantage that TACACS+ has over TACACS?

Question547: Which of the following is addressed by Kerberos?

Question548: Step-by-step instructions used to satisfy control requirements is called a: