6 - Operations Security Flashcards
(122 cards)
1
Q
- Which of the following is not an important aspect of the new employee hiring process?a. Background screeningb. Drug testingc. Non-disclosure agreementsd. Exit interview
A
D: The exit interview is part of the termination process.
2
Q
- Which of the following is considered the lowest level of privilege?a. Read onlyb. Read-Write c. Change accessd. Need to know
A
A: Read only is the lowest privilege level.
3
Q
- The first step in hiring a new employee is what?a. Screening candidatesb. Creating the job descriptionc. Signing non-disclosure agreementsd. Background verification
A
B: The first step in hiring a new employee is the creation of a job description. Without a job description there is no clear understanding of who is needed and the work tasks they will be required to perform.
4
Q
- What type of security controls are used to encourage compliance with other security controls?a. directiveb. recoveryc. applicationd. transaction
A
A: Directive or deterrent controls are used to encourage compliance with other security controls.
5
Q
- The Orange Book defines two types of assurance. Which of the following are they?a. Life cycle and Developmentb. Operational and Life cyclec. Development and Improvementd. Functional and Efficiency
A
B: The Orange book defines Operational and Life Cycle assurance.
6
Q
- Operations security is primarily concerned with?a. Protecting assets from threatsb. Establishing audit trailsc. Classifying subjectsd. Managing personnel security awareness
A
A: Operations security is primarily concerned with protecting assets from threats.
7
Q
- The security practice of ensuring that no one individual has complete control or access over a system’s security mechanism is known as?a. Principle of least privilegeb. Separation of dutiesc. Job rotationd. Role based access control
A
B: The security practice of ensuring that no one individual as complete control or access over a system’s security mechanism is known as separation of duties.
8
Q
- What is trusted recovery?a. A storage system that ensures the security of backup setsb. An element in disaster recovery planning where the restoration of backups is assigned to a trusted team of security professionalsc. A process that ensures a system’s security is not violated when it encounters a failure requiring a restorationd. An automatic process that restores the most recent backup to a system when a security fault is encountered.
A
C: Trusted recovery is a process that ensures a system’s security is not violated when it encounters a failure requiring a restoration.
9
Q
- Which of the following is not a safeguard against collusion?a. Rotation of dutiesb. Trusted recoveryc. Separation of dutiesd. Auditing
A
B: Trusted recovery is not a safeguard against collusion. It is a safeguard against failure states encountered by the OS or software which prevents the system from restarting into an insecure state.
10
Q
- What is the primary goal of configuration or change management?a. enable rollback to a previous system stateb. duplicate changes on multiple systemsc. prevent changes from diminishing securityd. informing users of changes
A
C: The primary goal of configuration or change management is to ensure that security is not diminished.
11
Q
- What is the primary purpose of mandatory vacations?a. Job rotationb. Background checkingc. Testing recovery plansd. Auditing
A
D: Mandatory vacations are used to perform auditing.
12
Q
- When an automated trusted recovery is performed, what must happen?a. All corrupted system files must be restoredb. All suspect data is flagged for inspectionc. A system administrator is required to regain a secured stated. The system must restore itself to a secure state
A
D: When an automated trusted recovery is performed, the system must restore itself to a secure state.
13
Q
- What is the goal of configuration change management?a. To ensure that all changes to the system do not diminish securityb. To control who performs changes to the security systemc. To track all changes to the security systemd. To automate the distribution of widespread security changes throughout a network
A
A: The primary goal of configuration change management is to ensure that all changes to the system do not diminish security.
14
Q
- Which of the following is not true about configuration change management?a. Ensures that rolling back to a previous state by removing changes is possibleb. Simplifies the process of rolling out security changes throughout an organizationc. Is required by TCSEC certified B2, B3, and A1 systemsd. All changes must be documented
A
B: Configuration change management is not a distribution mechanism.
15
Q
- The ability to easily audit and inspect the work tasks of an employee is made possible by?a. Separation of dutiesb. Exit interviewsc. Mandatory vacationsd. Background checks
A
C: Mandatory vacations allow for job auditing to ensure compliance with security policy and laws.
16
Q
- Which of the following is not a form of monitoring?a. Biometric enrollmentb. port scanningc. Intrusion detectiond. penetration testing
A
A: Biometric enrollment is not a form of monitoring. Biometric enrollment is often a determining factor in whether or not a biometric identification or authenticating device will be accepted by the user community. If enrollment takes longer than minutes, most users will be unwilling to use it.
17
Q
- The act of examining traffic patterns rather than the contents of packets is known as?a. Transaction processingb. Trend analysisc. Sniffingd. Port scanning
A
B: Trend or traffic analysis is the examination of traffic patterns rather than packet contents.
18
Q
- Security controls should be _________ to the authorized user.a. obstructiveb. accessiblec. transparentd. inhibiting
A
C: Security controls should be transparent to the authorized user.
19
Q
- When no single person has total control over a system’s security mechanisms, this is called?a. split knowledgeb. rotation of dutiesc. mandatory vacationsd. strong access controls
A
A: Split knowledge is when no single person has total control over a system’s security mechanisms.
20
Q
- Another term for a security control that employees split knowledge is?a. mandatory vacationsb. separation of dutiesc. rotation of dutiesd. background checks
A
B: Separation of duties is a split-knowledge security control.
21
Q
- The security mechanism that requires that users have the minimum amount of access that is absolutely required by their job tasks and that they have that access for the shortest amount of time is known as?a. due diligenceb. two-man controlsc. least privileged. rotation of duties
A
C: Least privilege is a security mechanism that requires that users have the minimum amount of access that is absolutely required by their job tasks and that they have that access for the shortest amount of time.
22
Q
- The top priority of configuration or change control management is?a. prevent changes from diminishing securityb. analyze the effects of changes on a systemc. provide a means to track and audit changes to a systemd. ensure formalized testing of all system changes
A
A: The top priority of configuration or change control management is to prevent changes from diminishing security.
23
Q
- Which of the following is not one of the five generally recognized procedural steps to implement configuration or change control management?a. Implementing the changeb. Applying to introduce a changec. Updating the security policyd. Cataloging the intended change
A
C: Since changes are not supposed to alter the security environment, there should be no need to change or alter the security policy. Therefore Updating the security policy is not one of the five generally recognized procedural steps to implement configuration or change control management.
24
Q
- Which of the following is not an element of operational assurance as defined by the Orange Book?a. system architectureb. covert channel analysisc. security testingd. trusted recovery
A
C: Security testing, design specification and testing, configuration management, and trusted distribution are all elements of Life cycle assurance as defined by the Orange book.
25
25. Which of the following is not an element of life cycle assurance as defined by the Orange Book? a. design specification and testing b. configuration management c. trusted distribution d. system architecture
D: System architecture, system integrity, covert channel analysis, trusted facility management, and trusted recovery are all elements of operational assurance as defined by the Orange book.
26
26. _________________ controls focus on day to day activities for the protection of IT and the support of the security policy. a. Procedural security b. Oversight security c. Operations security d. Physical security
C: Operations security controls focus on day to day activities for the protection of IT and the support of the security policy.
27
27. What type of resources need not be included in the resource protection scheme for the organization? a. hardware resources b. software resources c. data resources d. transitive resources
D: Transitive resources, those provided by other organizations, need not be included in the resource protection scheme for an organization.
28
28. Which of the following is not a common requirement for maintaining security while hardware undergoes maintenance or repair? a. recertification of security label b. trusted offsite technicians c. bonded escorts d. accredited supervision
A: Recertification may be necessary after a repair, but it is not an element of the actual maintenance and repair process.
29
29. Which of the following is an example of a split knowledge security control? a. mandatory vacations b. auditing c. rotation of duties d. two-man control
D: Two-man controls are a form of split-knowledge control that requires two users to work in unison to complete some privileged action.
30
30. What is the purpose of trusted recovery? a. to ensure that security is not breached during a system failure b. to maintain the accreditation of a system c. to guarantee that files can be restored from backup media d. to provide a means to return to the primary site after a disaster occurs
A: The purpose of trusted recovery is to ensure that security is not breached during a system failure.
31
31. Which of the following is not an element of trusted recovery? a. rebooting into a single user mode b. revalidating the trusted computer base c. recovering all file systems that were active at the time of failure d. verifying the integrity of system level security critical files
B: The TCB is not re-validated by the trusted recovery process. Instead, the trusted recovery process relied upon the TCB to provide its capability of returning the system to a secure state after a failure.
32
32. One of the most important aspects of configuration or change control management is? a. updated new employee training materials b. revising the organization's security policy c. compliance with due care requirements d. the ability to rollback changes to a previous state
D: One of the most important aspects of configuration or change control management is the ability to rollback changes to a previous state.
33
33. Which of the following TCSEC rating levels does not require configuration and change control management? a. C2 b. A1 c. B2 d. B3
A: C does not require configuration and change control management.
34
34. Administrative controls for personnel security should include all but which of the following? a. background checks b. enrollment in biometric authentication systems c. mandatory vacations d. job action warnings
B: Enrollment in biometric authentication systems is a logical or technical control for personnel security.
35
35. Which of the following is not one of the three hierarchical types of trusted recovery as defined by the Common Criteria? a. automated recovery without undo loss b. manual recovery c. asynchronous assisted recovery d. automated recovery
C: The Common Criteria does not define a type of trusted recovery named asynchronous assisted recovery.
36
36. Which of the following is not a primary function of configuration or change control management? a. provide a means to track and audit changes to a system b. ensure formalized testing of all system changes c. analyze the effects of changes on a system d. keep users from learning about changes to a system
D: A primary function of configuration or change control management is to keep users informed of system changes.
37
37. _____________ operations should be restricted to authorized individuals who's work tasks specifically require greater than normal capabilities. a. privileged b. backup c. Internet client d. productivity software
A: Privileged operations should be restricted to authorized individuals whose work tasks specifically require greater than normal capabilities.
38
38. What is the primary goal of media security controls? a. control inventory of backup media b. prevent loss or disclosure of sensitive data while it is stored on removable media c. maintain chain of custody information just in case media must be used in a legal action d. prevent users from accessing removable media
B: The primary goal of media security controls is to prevent loss or disclosure of sensitive data while it is stored on removable media.
39
39. Which of the following is not considered an element of maintaining media security controls? a. logging b. chain of custody c. deploying security guards d. inventory management
C: Deploying security guard is not an element of maintaining media security controls. Security guards are used to provide physical access control to facilities.
40
40. Maintenance accounts are considered a threat to security since they may be used as an access means for unauthorized individuals. What are maintenance accounts? a. any account that has administrative level privileges b. supervisory level factory installed accounts c. accounts used by hardware repair technicians that are created and maintained by your IT staff d. those administrators involved in the daily support of user accounts and access
B: Maintenance accounts are supervisory level factory installed accounts. These accounts should be disabled or be assigned strong passwords.
41
41. Which of the following is not a valid countermeasure against the unauthorized use of maintenance accounts? a. change password b. disable accounts c. network traffic logging d. maintain physical access control over devices
C: Network traffic logging is not an effective or valid countermeasure against the unauthorized use of maintenance accounts.
42
42. Which of the following is not considered an operational security software control? a. software testing b. safe software media storage c. backup controls d. diagnostic port controls
D: Diagnostic port controls are physical security controls for hardware, not software.
43
43. Which of the following is not considered a monitoring technique? a. Intrusion Detection b. Probing c. Passwords d. Dumpster Diving
C: Passwords are access controls, not monitoring techniques.
44
44. Which of the following is not considered a monitoring technique? a. Penetration Testing b. Demon (war) Dialing c. Sniffing d. Use of packet filters.
D: Packet filters are an access control mechanism, not a monitoring technique.
45
45. Which of the following is not considered a monitoring technique? a. Biometrics b. Scanning c. Violation Analysis d. Social Engineering
A: Biometrics are an identification or authentication technique, not a monitoring technique.
46
46. Monitoring should begin after all but which of the following is completed? a. user logon b. application installation c. system configuration d. operating system patching
A: Monitoring should already be enabled before users begin logging on to the system.
47
47. Monitoring should focus on all but which of the following? a. violation tracking b. violation resolution c. violation processing d. violation analysis
B: Monitoring is not directly concerned with the resolution of violations. That is a secondary result of the monitoring process.
48
48. Which of the following is most concerned with personnel security? a. Management controls b. Operational controls c. Technical controls d. Human resources controls
B: Personnel security always have to deal more with Operational controls, they provide the guidelines and the correct procedures to implement the different operations, which maintains security. Management controls are used mainly by management. Technical controls deal with system security. Human resources control deal with organizational controls, not always related to security.
49
49. When a removable media is labeled with a security classification, which of the following is true? a. Only users with the same or lower clearance can use the removable media. b. The removable media can only store data that is lower than the labeled clearance level. c. Availability is maintained through classification labeling of removable media. d. The removable media must be protected under the same restrictions as data with the same classification.
D: This is a true statement. The removable media must be protected under the same restrictions as data with the same classification.
50
50. At the end of the useful lifetime of a removable media with a high security classification level, what should occur? a. it should be incinerated b. it should be purged for re-use c. it should be cleaned for use in any security domain d. it should be stored in a retention vault
A: At the end of the useful lifetime of a removable media with a high security classification level, that media should be destroyed, such as by incineration.
51
51. Without _________________ there is no security. a. removable media usage controls b. physical access controls c. access control lists d. firewalls
B: Without physical access controls there is no security.
52
52. The purpose of audit trails is to? a. detect normal activity b. test system security c. validate trust d. recreate events
D: The purpose of audit trails is to recreate events.
53
53. The goal of audit trails is to? a. check compliance with security policy b. evaluate the cost effectiveness of safeguards c. provide a risk analysis treatment of an environment d. keep security administrators busy
A: The goal of audit trails is to check compliance with security policy.
54
54. The first activity that must be performed when employing penetration testing to test the effectiveness of your security perimeter is to? a. develop an attack plan b. obtain management approval c. collect the attack tools d. produce a results report
B: Obtaining management approval is always the first step when using penetration testing.
55
55. What is a clipping level? a. The point at which a monitoring device is unable to process further data due to saturation b. The point at which normal activity is distinguished from abnormal c. The point at which a device experiences a power surge and thus an operational failure d. The rate at which a firewalls access ports are scanned when under attack
B: The clipping level is the point at which normal activity is distinguished from abnormal.
56
56. When an activity crosses or exceeds the clipping level, what occurs? a. access is denied b. the intruder is moved to a padded cell c. a violation report is generated d. the firewall disables further communications
C: When the clipping level is exceeded a violation report is generated.
57
57. Clipping levels are useful for detecting all but which of the following? a. repetitive mistakes b. individuals exceeding their authorized privileges c. serious intrusion attempts d. slow low-volume attacks
D: Slow low-volume attacks are typically not detected through the use of clipping levels. Slow low-volume attacks are lost in the bulk of normal expected activity.
58
58. The final step in penetration testing is? a. deploying new safeguards b. performing risk analysis c. reporting findings d. exploiting discovered vulnerabilities
C: The final step in penetration testing is reporting findings.
59
59. An audit log should contain all but which of the following? a. time and data of violation b. location (physical or logical) of incident c. what event violated the security policy d. biometric profile of the offending user account
D: An audit log will not contain the biometric profiles for individuals, those are stored in the security database. Only the user account name or ID number will appear in the audit log.
60
60. Which of the following is not considered an important security issue related to audit trails? a. purging of audit media b. retention and protection of audit media c. protection against alteration d. support of availability of audit media
A: Purging of audit media should be avoided. Audit details should be retained for historical comparisons.
61
61. Violating the confidentiality of sensitive data is what type of inappropriate activity? a. abuse of privileges b. waste of corporate resources c. inappropriate content d. vandalism
A: Violating the confidentiality of sensitive data is an abuse of privileges.
62
62. Which of the following is not a computer crime even if it results in a serious financial loss to your organization? a. fraud b. input error or omission c. eavesdropping d. war dialing
B: An input error or omission is not a computer crime even if it results in a serious financial loss to your organization. It is simply an unwanted activity.
63
63. Which of the following is an example of piggybacking? a. cutting through a wire fence b. re-transmitting intercepted packets c. passing through a door opened by another person who used a key d. decrypting the content of secured communication sessions
C: Passing through a door opened by another person who used a key is an example of piggybacking.
64
64. Which of the following is not a countermeasure to traffic or trend analysis? a. message padding b. transmission of noise c. covert channel analysis d. encrypting individual messages
D: Encrypting individual messages is not an effective countermeasure to traffic or trend analysis.
65
65. The goal of penetration testing is? a. altering the security policy b. placing blame for security violations c. evaluate the existing security protection d. tricking management into purchasing new security solutions
C: The goal of penetration testing is to evaluate the existing security protection.
66
66. If you want to discover how much data can be learned about your environment from external users, your penetration attack team should have ____ knowledge. a. partial b. disclosed c. full d. zero
D: A penetration attack team with zero knowledge will be able to clearly demonstrate how much information can be discovered about your environment from the outside.
67
67. Which of the following is not considered a standard step or element in the process of penetration testing? a. safeguard tuning b. discovery c. enumeration d. exploitation
A: Safeguard tuning is not an element of penetration testing.
68
68. When performing a penetration attack on your own system, which of the following activities would not be performed during the discovery phase? a. foot printing b. social engineering c. scavenging d. dumpster diving
B: Social engineering requires some level of data already known in order to be effective. Social engineering usually takes place in the enumeration, vulnerability mapping, or exploitation phases of penetration testing.
69
69. What is the purpose of interim reports by security auditors? a. used to communicate regarding items that need immediate attention b. used to keep the length of the final report to a minimum c. used to provide process reports to management d. used to request additional clarifications on audit objectives
A: The purposed of interim reports is to communicate regarding items that need immediate attention.
70
70. Oral reports can be used instead of written reports for which of the following? a. findings report b. interim reports c. final report d. objectives definition report
B: Oral reports can be used for interim reports only.
71
71. What is the purpose of the exit conference? a. place blame for security deficiencies b. recommendation of countermeasures c. discuss issues with all relevant and effected parties d. rebuttal of auditing objectives
C: The purpose of the exit conference is to discuss issues with all relevant and effected parties.
72
72. Which of the following identifies the goals of auditing? a. problem identification and object identification b. problem identification and problem resolution c. problem identification and risk evaluation d. problem identification and safeguard Selection
B: The goals of auditing are problem identification and problem resolution.
73
73. Which of the following is used to locate significant information within audit trails? a. scavenging b. data diddling c. data mining d. random access
C: Data mining is used to locate significant information within audit trails.
74
74. Reviews and evaluations of the security solutions of an environment are often performed by? a. senior management b. end users c. the risk assessment team d. external consultants
D: External consultants, specifically analysis or auditors, are commonly used to perform reviews and evaluations of the security solutions of an environment.
75
75. Once auditing discovers a problem, what is the next step? a. countermeasure Selection b. problem management c. risk analysis d. security policy modification
B: Once a problem is discovered through auditing, the next step is problem management.
76
76. Which of the following is not a primary goal of problem management? a. reduce failures to a reasonable level b. prevent re-occurrence of discovered problems c. maintain cost effectiveness of countermeasures d. mitigate negative impact of problems
C: Maintaining the cost effectiveness of countermeasures is a secondary goal of problem management. In many cases it is an automatic benefit of the risk analysis aspect of problem management.
77
77. Which of the following is not considered an inappropriate activity? a. viewing political content while at work b. using company resources to sell personal items on eBay c. accessing resources for which you have no legitimate work task requirements d. consuming all of the bandwidth of a WAN connection performing a required data transfer
D: Performing a work task is always an appropriate activity, even if the results are not always acceptable.
78
78. Which of the following is not considered a browsing attack? a. viewing another user's files b. shoulder surfing c. going through someone's trash d. extracting data from a purged media.
D: Extracting data from purged media is a scavenging attack, not a browsing attack.
79
79. When an intruder enters through a secured doorway by tagging along with an authorized user, this is known as? a. Social engineering b. Spoofing c. Piggybacking d. Eavesdropping
C: When an intruder enters through a secured doorway by tagging along with an authorized user this is known as piggybacking.
80
80. When should the final report from an auditor be issued? a. After interim reports b. During the exit conference c. At the beginning of the auditing process d. After the exit conference
D: The final report should be issued after the exit conference.
81
81. Who is ultimately responsible for implementing the changes recommended in the findings report from an external auditor? a. senior management b. end users c. internal auditors d. system managers
A: Senior management is responsible for the selection and delegation of implementation of the changes recommended in the findings report from an external auditor.
82
82. Traffic or trend analysis is primarily concerned with? a. the amount of data traveling to another system b. the content of network packets c. the application used in a communication d. the user account and password associated with a communication session
A: Traffic or trend analysis is primarily concerned with the amount of data traveling to another system.
83
83. Initial program load vulnerabilities include all but which of the following? a. booting from a CD b. turning off the power c. using alternate boot menu d. accessing CMOS
B: IPL vulnerabilities do not include removing power from a system.
84
84. Which of the following is not true in regards to superzap? a. it can bypass system security mechanisms b. is not easily detected c. its use is usually logged by the system d. used to recovery from system freezes
C: Superzap is usually not logged by the system because it by passes the auditing capabilities, as well as the access controls of the system.
85
85. Countermeasures against traffic or trend analysis include all but which of the following? a. Message padding b. Noise transmission c. Encrypting transmitted messages d. Analyzing covert channel usage
C: The encryption of message traffic will not alter the traffic patterns themselves that is the focus of traffic or trend analysis.
86
86. Improving employee motivation and job satisfaction is a countermeasure against all but which of the following attacks? a. Disgruntled employees b. Collusion c. Sabotage d. Violation of non disclosure agreement
C: Sabotage requires additional countermeasures, such as monitoring, physical controls, preventative controls, etc.
87
87. Trusted recovery is concerned with all but which of the following conditions? a. Hot swapping of a failed RAID member drive b. System reboot c. Emergency system restart d. Cold system boot
A: Trusted recovery is not concerned with the hot swapping of a failed RAID member drive.
88
88. The most important aspect of security controls is? a. The need to be transparent to the user b. They must be simple c. They should be obvious to the user d. They can be circumvented by a superzap tool
A: Security controls need to be transparent to the user.
89
89. Which of the following is not an immediate goal of auditing? a. Identifying IT events b. Preventing attacks c. Recording information about problems d. Maintaining a historical record of IT activities
B: Preventing attacks is an indirect goal of auditing. Auditing itself offers no direct means to prevent attacks.
90
90. Which of the following is not an auditing technique used to protect your IT environment? a. Intrusion Detection System b. Port scanning c. Dumpster diving d. Packet sniffing
C: Dumpster diving is rarely if ever used as a means to improve security of an organization, most often it is used as a data gathering mission for an attack.
91
91. An audit trail should include all but which of the following elements? a. Information about the date and time of the violation b. Information pinpointing the origin or source of the attack, intrusion, or violation c. The user account under which the violation was perpetrated d. The cost of the loss imposed by the violation
D: The cost of the loss is not an element recorded in the audit trail. That issue is determined by a asset valuation and risk analysis.
92
92. Which of the following is not considered a threat to operational security? a. Responding to hostile customers via e-mail b. Conducting private business on the company's IT infrastructure c. Distributing sexually charged material to coworkers d. Revealing the contexts of sensitive documents to users outside the realm of need-to-know
A: This is not directly considered a threat to operational security. Unfortunately, hostile customers are a fact of doing business.
93
93. Monitoring the patterns of packets transmitted over a network or a communications link without knowing the contents of those packets is known as? a. Packet sniffing b. Trend analysis c. Man-in-the-middle attack d. Teardrop attack
B: Monitoring the patterns of packets transmitted over a network or a communications link without knowing the contents of those packets is known as trend or traffic analysis.
94
94. The data that can be accessed on an erased media is known as? a. Private data b. Residual logistical data c. Covert channel data d. Data remanence
D: Data remaining on an erased media is known as data remanence.
95
95. Which of the following is not a form of auditing that can be used to gather information about your environment for an intrusion attack attempt? a. Social engineering b. Packet sniffing c. Port scanning d. Intrusion Detection System
D: An IDS is typically within the private network and inaccessible to external users and therefore cannot serve as a data gathering source for an attempted intrusion attack. IDS is vulnerable as a source of data about an organization after an intrusion is successful.
96
96. Before it can be performed against you by a malicious attacker, what should you use against your IT infrastructure first? a. Penetration testing b. Social engineering c. Dumpster diving d. War dialing
A: You should perform penetration testing against your own IT infrastructure before an attacker. If you discover a fault, you can fix it. If an attacker discovers a fault, they may exploit it.
97
97. Violation analysis employs a technique that detects abnormal levels of activity that have exceeded what? a. Saturation point b. Clipping level c. Quota level d. Tuple
B: A clipping level is a baseline of normal activity used to discern abnormal or malicious activity when that baseline is crossed or exceeded.
98
98. Which of the following is not a typical activity that causes a violation report to be created? a. Repetitive mistakes that exceed the clipping level b. Users who attempt to exceed their access or privileges c. Several users performing normal work tasks that consume significant system resources without exceeding a clipping level d. Patterns of intrusion attempts
C: This activity will not produce a violation report.
99
99. The main categories of access control does not include? a. Administrative access control b. Logical access control c. Random access control d. Physical access control
C: Random access control. Random access control is a distractor. Access control categories are Logical access control, Technical access control, Physical access control and Administrative access control.
100
100. The discloser of confidential information to another employee by the action of that employee viewing your system's screen or keyboard is known as? a. Shoulder surfing b. Social engineering c. Espionage d. Enticement
A: Shoulder surfing is the act of disclosing confidential information to another employee by the action of that employee viewing your system's screen or keyboard.
101
101. The ability of a system to terminate applications and services that attempt invalid or security violating activities is known as? a. Fail-over b. Trusted recovery c. Trusted computer base d. Fail-safe
D: The ability of a system to terminate applications and services that attempt invalid or security violating activities is known as fail-safe.
102
102. Which of the following activities most strongly encourages users to comply with security polices? a. Awareness training b. Separation of duties c. Principle of least privilege d. Activity monitoring
D: Activity monitoring most strongly encourages users to comply with security polices
103
103. Session hijacking can not be accomplished by which of the following? a. Spoofing IP addresses b. Juggernaut c. Hunt d. Smurf
D: Smurf is a denial of service attack.
104
104. Which backup method offers the fastest means to restore a failed system with minimal data loss? a. Daily copy backups b. A weekly full backup with daily incremental backups c. A weekly full backup with daily differential backups d. Only weekly full backups
C: A weekly full backup with daily differential backups offers the fastest restore path, only two tapes needed, and provides for the least amount of data loss, only up to hours of lost changes.
105
105. Which of the following is often compromised into supporting spamming? a. E-mail clients b. Relay agents c. SNMP servers d. IP routing tables
B: Relay agents are often exploited into distributing spam, sometimes known as SMTP relay agents.
106
106. An attack that re-routes packets by altering network addresses in the routing table or DNS system is known as? a. Masquerading b. Spoofing c. Hijacking d. Superzapping
C: Hijacking is an attack that re-routes packets by altering network addresses in the routing table or DNS system.
107
107. Which of the following cannot be used to block access at the perimeter of a network? a. Firewall b. Router c. IDS d. Proxy server
C: IDS will detect network perimeter access, but it does not block access.
108
108. Which of the following is not considered a serious issue with network sniffers in regards to violating network security? a. Their ability to decode the content of captured packets b. Their ability to use an extended buffer c. Their ability to edit packets and re-transmit them d. Their ability to view all traffic on a wire
B: This is not a serious security threat of network sniffers when used by an attacker. However, the ability of a network sniffer to save a captured buffer to the hard drive is a serious security threat.
109
109. The documents of a formalized security structure are examples of what type of security control? a. Corrective b. Preventative c. Directive d. Detective
C: The documents of a formalized security structure, such as policies, standards, guidelines, and procedures, are examples of directive security controls.
110
110. An attack that employs default accounts and settings on newly installed devices, OS’s, or software is known as? a. Keyboard attacks b. Maintenance Account attacks c. Laboratory attacks d. Initial Program Load attacks.
B: Maintenance Account attacks employ default accounts and settings on newly installed devices, OS’s, or software.
111
111. What is the first and most important step in performing vulnerability testing or ethical hacking? a. Deploying security measures b. Backing up the network c. Scanning for vulnerabilities d. Obtaining senior management approval
D: The first and most important step in performing vulnerability testing or ethical hacking is obtaining senior management approval.
112
112. The cyber crime that involves the gathering of data from various sources including the IT infrastructure itself as well as physical evidence within the facility is known as? a. Scavenging b. Dumpster diving c. Social engineering d. Data diddling
A: Scavenging is the cyber crime that involves the gathering of data from various sources including the IT infrastructure itself as well as physical evidence within the facility.
113
113. Which of the following is not a useful activity to improve perimeter security? a. Disable service banners b. Update anti-virus software c. Disable unnecessary ports d. Use public IP addresses inside the network
D: Using public IP addresses inside the network does not improve perimeter security, it actually makes intrusions and attacks easier.
114
114. A RAID array is an example of what type of security control? a. Detective b. Recovery c. Administrative d. Physical
B: RAID is an example of a recovery control, since RAID offers fault-tolerance and can continue functioning with the loss of a single drive member.
115
115. Which of the following is not a vulnerability scanning tool? a. SATAN b. Tracert c. Nessus d. Nmap
B: Tracert is used to view the hops between two systems, it is not a vulnerability scanning tool.
116
116. What is system fingerprinting? a. A tool used by security administrators to examine the state of security on their networks b. A process of testing the security mechanisms of a network c. A method of gathering information about a network to be used in an intrusion or attack attempt d. A biometric device that provides authentication for remote networks
C: System fingerprinting is a method of gathering information about a network to be used in an intrusion or attack attempt.
117
117. Which of the following is the primary countermeasure to session hijacking? a. IPSec AH b. Proxy servers c. Strong passwords d. Intrusion detection system
A: IPSec's Authentication Header mode is the primary countermeasure to session hijacking.
118
118. TCP wrappers is useful for what? a. Protecting against port scanning b. Securing Internet communications c. Blocking VPN eavesdropping d. Preventing spoofing
A: TCP wrappers is a tool that is used as a protection against port scanning.
119
119. Which form of IT communications is the most vulnerable to spoofing? a. Telnet b. FTP c. Web d. E-mail
D: E-mail is the most vulnerable communication means to spoofing.
120
120. Verifying the sequence numbers on filed departmental financial reports is what form of control? a. Detective b. Preventative c. Corrective d. Recovery
A: Verifying the sequence numbers on filed departmental financial reports is a detective control.
121
121. Brute force and dictionary are forms of what? a. Denial of service attacks b. Password attacks c. Social engineering attacks d. Trend analysis attacks
B: Brute force and dictionary are forms of password attacks.
122
122. Countermeasures to a dictionary attack includes all but which of the following? a. Strong password policy b. Use of non-keyboard characters c. Firewall deployment d. Account lockout
C: Firewalls do not protect against dictionary password attacks.
