Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > 6 - Operations Security > Flashcards

6 - Operations Security Flashcards

1
Q
  1. Which of the following is not an important aspect of the new employee hiring process?a. Background screeningb. Drug testingc. Non-disclosure agreementsd. Exit interview
A

D: The exit interview is part of the termination process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which of the following is considered the lowest level of privilege?a. Read onlyb. Read-Write c. Change accessd. Need to know
A

A: Read only is the lowest privilege level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. The first step in hiring a new employee is what?a. Screening candidatesb. Creating the job descriptionc. Signing non-disclosure agreementsd. Background verification
A

B: The first step in hiring a new employee is the creation of a job description. Without a job description there is no clear understanding of who is needed and the work tasks they will be required to perform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. What type of security controls are used to encourage compliance with other security controls?a. directiveb. recoveryc. applicationd. transaction
A

A: Directive or deterrent controls are used to encourage compliance with other security controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. The Orange Book defines two types of assurance. Which of the following are they?a. Life cycle and Developmentb. Operational and Life cyclec. Development and Improvementd. Functional and Efficiency
A

B: The Orange book defines Operational and Life Cycle assurance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. Operations security is primarily concerned with?a. Protecting assets from threatsb. Establishing audit trailsc. Classifying subjectsd. Managing personnel security awareness
A

A: Operations security is primarily concerned with protecting assets from threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. The security practice of ensuring that no one individual has complete control or access over a system’s security mechanism is known as?a. Principle of least privilegeb. Separation of dutiesc. Job rotationd. Role based access control
A

B: The security practice of ensuring that no one individual as complete control or access over a system’s security mechanism is known as separation of duties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. What is trusted recovery?a. A storage system that ensures the security of backup setsb. An element in disaster recovery planning where the restoration of backups is assigned to a trusted team of security professionalsc. A process that ensures a system’s security is not violated when it encounters a failure requiring a restorationd. An automatic process that restores the most recent backup to a system when a security fault is encountered.
A

C: Trusted recovery is a process that ensures a system’s security is not violated when it encounters a failure requiring a restoration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. Which of the following is not a safeguard against collusion?a. Rotation of dutiesb. Trusted recoveryc. Separation of dutiesd. Auditing
A

B: Trusted recovery is not a safeguard against collusion. It is a safeguard against failure states encountered by the OS or software which prevents the system from restarting into an insecure state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. What is the primary goal of configuration or change management?a. enable rollback to a previous system stateb. duplicate changes on multiple systemsc. prevent changes from diminishing securityd. informing users of changes
A

C: The primary goal of configuration or change management is to ensure that security is not diminished.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What is the primary purpose of mandatory vacations?a. Job rotationb. Background checkingc. Testing recovery plansd. Auditing
A

D: Mandatory vacations are used to perform auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. When an automated trusted recovery is performed, what must happen?a. All corrupted system files must be restoredb. All suspect data is flagged for inspectionc. A system administrator is required to regain a secured stated. The system must restore itself to a secure state
A

D: When an automated trusted recovery is performed, the system must restore itself to a secure state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. What is the goal of configuration change management?a. To ensure that all changes to the system do not diminish securityb. To control who performs changes to the security systemc. To track all changes to the security systemd. To automate the distribution of widespread security changes throughout a network
A

A: The primary goal of configuration change management is to ensure that all changes to the system do not diminish security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. Which of the following is not true about configuration change management?a. Ensures that rolling back to a previous state by removing changes is possibleb. Simplifies the process of rolling out security changes throughout an organizationc. Is required by TCSEC certified B2, B3, and A1 systemsd. All changes must be documented
A

B: Configuration change management is not a distribution mechanism.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. The ability to easily audit and inspect the work tasks of an employee is made possible by?a. Separation of dutiesb. Exit interviewsc. Mandatory vacationsd. Background checks
A

C: Mandatory vacations allow for job auditing to ensure compliance with security policy and laws.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Which of the following is not a form of monitoring?a. Biometric enrollmentb. port scanningc. Intrusion detectiond. penetration testing
A

A: Biometric enrollment is not a form of monitoring. Biometric enrollment is often a determining factor in whether or not a biometric identification or authenticating device will be accepted by the user community. If enrollment takes longer than minutes, most users will be unwilling to use it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q
  1. The act of examining traffic patterns rather than the contents of packets is known as?a. Transaction processingb. Trend analysisc. Sniffingd. Port scanning
A

B: Trend or traffic analysis is the examination of traffic patterns rather than packet contents.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q
  1. Security controls should be _________ to the authorized user.a. obstructiveb. accessiblec. transparentd. inhibiting
A

C: Security controls should be transparent to the authorized user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q
  1. When no single person has total control over a system’s security mechanisms, this is called?a. split knowledgeb. rotation of dutiesc. mandatory vacationsd. strong access controls
A

A: Split knowledge is when no single person has total control over a system’s security mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q
  1. Another term for a security control that employees split knowledge is?a. mandatory vacationsb. separation of dutiesc. rotation of dutiesd. background checks
A

B: Separation of duties is a split-knowledge security control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q
  1. The security mechanism that requires that users have the minimum amount of access that is absolutely required by their job tasks and that they have that access for the shortest amount of time is known as?a. due diligenceb. two-man controlsc. least privileged. rotation of duties
A

C: Least privilege is a security mechanism that requires that users have the minimum amount of access that is absolutely required by their job tasks and that they have that access for the shortest amount of time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. The top priority of configuration or change control management is?a. prevent changes from diminishing securityb. analyze the effects of changes on a systemc. provide a means to track and audit changes to a systemd. ensure formalized testing of all system changes
A

A: The top priority of configuration or change control management is to prevent changes from diminishing security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q
  1. Which of the following is not one of the five generally recognized procedural steps to implement configuration or change control management?a. Implementing the changeb. Applying to introduce a changec. Updating the security policyd. Cataloging the intended change
A

C: Since changes are not supposed to alter the security environment, there should be no need to change or alter the security policy. Therefore Updating the security policy is not one of the five generally recognized procedural steps to implement configuration or change control management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q
  1. Which of the following is not an element of operational assurance as defined by the Orange Book?a. system architectureb. covert channel analysisc. security testingd. trusted recovery
A

C: Security testing, design specification and testing, configuration management, and trusted distribution are all elements of Life cycle assurance as defined by the Orange book.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q
  1. Which of the following is not an element of life cycle assurance as defined by the Orange Book?a. design specification and testingb. configuration managementc. trusted distribution d. system architecture
A

D: System architecture, system integrity, covert channel analysis, trusted facility management, and trusted recovery are all elements of operational assurance as defined by the Orange book.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q
  1. _________________ controls focus on day to day activities for the protection of IT and the support of the security policy.a. Procedural securityb. Oversight securityc. Operations securityd. Physical security
A

C: Operations security controls focus on day to day activities for the protection of IT and the support of the security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q
  1. What type of resources need not be included in the resource protection scheme for the organization?a. hardware resourcesb. software resourcesc. data resourcesd. transitive resources
A

D: Transitive resources, those provided by other organizations, need not be included in the resource protection scheme for an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q
  1. Which of the following is not a common requirement for maintaining security while hardware undergoes maintenance or repair?a. recertification of security labelb. trusted offsite techniciansc. bonded escortsd. accredited supervision
A

A: Recertification may be necessary after a repair, but it is not an element of the actual maintenance and repair process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q
  1. Which of the following is an example of a split knowledge security control?a. mandatory vacationsb. auditingc. rotation of dutiesd. two-man control
A

D: Two-man controls are a form of split-knowledge control that requires two users to work in unison to complete some privileged action.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q
  1. What is the purpose of trusted recovery?a. to ensure that security is not breached during a system failureb. to maintain the accreditation of a systemc. to guarantee that files can be restored from backup mediad. to provide a means to return to the primary site after a disaster occurs
A

A: The purpose of trusted recovery is to ensure that security is not breached during a system failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q
  1. Which of the following is not an element of trusted recovery?a. rebooting into a single user modeb. revalidating the trusted computer basec. recovering all file systems that were active at the time of failured. verifying the integrity of system level security critical files
A

B: The TCB is not re-validated by the trusted recovery process. Instead, the trusted recovery process relied upon the TCB to provide its capability of returning the system to a secure state after a failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q
  1. One of the most important aspects of configuration or change control management is?a. updated new employee training materialsb. revising the organization’s security policyc. compliance with due care requirementsd. the ability to rollback changes to a previous state
A

D: One of the most important aspects of configuration or change control management is the ability to rollback changes to a previous state.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q
  1. Which of the following TCSEC rating levels does not require configuration and change control management?a. C2b. A1c. B2d. B3
A

A: C does not require configuration and change control management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q
  1. Administrative controls for personnel security should include all but which of the following?a. background checksb. enrollment in biometric authentication systemsc. mandatory vacationsd. job action warnings
A

B: Enrollment in biometric authentication systems is a logical or technical control for personnel security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q
  1. Which of the following is not one of the three hierarchical types of trusted recovery as defined by the Common Criteria?a. automated recovery without undo lossb. manual recoveryc. asynchronous assisted recoveryd. automated recovery
A

C: The Common Criteria does not define a type of trusted recovery named asynchronous assisted recovery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q
  1. Which of the following is not a primary function of configuration or change control management?a. provide a means to track and audit changes to a systemb. ensure formalized testing of all system changesc. analyze the effects of changes on a systemd. keep users from learning about changes to a system
A

D: A primary function of configuration or change control management is to keep users informed of system changes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q
  1. _____________ operations should be restricted to authorized individuals who’s work tasks specifically require greater than normal capabilities.a. privilegedb. backupc. Internet clientd. productivity software
A

A: Privileged operations should be restricted to authorized individuals whose work tasks specifically require greater than normal capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q
  1. What is the primary goal of media security controls?a. control inventory of backup mediab. prevent loss or disclosure of sensitive data while it is stored on removable mediac. maintain chain of custody information just in case media must be used in a legal actiond. prevent users from accessing removable media
A

B: The primary goal of media security controls is to prevent loss or disclosure of sensitive data while it is stored on removable media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q
  1. Which of the following is not considered an element of maintaining media security controls?a. loggingb. chain of custodyc. deploying security guardsd. inventory management
A

C: Deploying security guard is not an element of maintaining media security controls. Security guards are used to provide physical access control to facilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q
  1. Maintenance accounts are considered a threat to security since they may be used as an access means for unauthorized individuals. What are maintenance accounts?a. any account that has administrative level privilegesb. supervisory level factory installed accountsc. accounts used by hardware repair technicians that are created and maintained by your IT staffd. those administrators involved in the daily support of user accounts and access
A

B: Maintenance accounts are supervisory level factory installed accounts. These accounts should be disabled or be assigned strong passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q
  1. Which of the following is not a valid countermeasure against the unauthorized use of maintenance accounts?a. change passwordb. disable accountsc. network traffic loggingd. maintain physical access control over devices
A

C: Network traffic logging is not an effective or valid countermeasure against the unauthorized use of maintenance accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q
  1. Which of the following is not considered an operational security software control?a. software testingb. safe software media storagec. backup controlsd. diagnostic port controls
A

D: Diagnostic port controls are physical security controls for hardware, not software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q
  1. Which of the following is not considered a monitoring technique?a. Intrusion Detectionb. Probingc. Passwordsd. Dumpster Diving
A

C: Passwords are access controls, not monitoring techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q
  1. Which of the following is not considered a monitoring technique?a. Penetration Testingb. Demon (war) Dialingc. Sniffingd. Use of packet filters.
A

D: Packet filters are an access control mechanism, not a monitoring technique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q
  1. Which of the following is not considered a monitoring technique?a. Biometricsb. Scanningc. Violation Analysisd. Social Engineering
A

A: Biometrics are an identification or authentication technique, not a monitoring technique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q
  1. Monitoring should begin after all but which of the following is completed?a. user logonb. application installationc. system configurationd. operating system patching
A

A: Monitoring should already be enabled before users begin logging on to the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q
  1. Monitoring should focus on all but which of the following?a. violation trackingb. violation resolutionc. violation processingd. violation analysis
A

B: Monitoring is not directly concerned with the resolution of violations. That is a secondary result of the monitoring process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q
  1. Which of the following is most concerned with personnel security? a. Management controlsb. Operational controlsc. Technical controlsd. Human resources controls
A

B: Personnel security always have to deal more with Operational controls, they provide the guidelines and the correct procedures to implement the different operations, which maintains security. Management controls are used mainly by management. Technical controls deal with system security. Human resources control deal with organizational controls, not always related to security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q
  1. When a removable media is labeled with a security classification, which of the following is true?a. Only users with the same or lower clearance can use the removable media.b. The removable media can only store data that is lower than the labeled clearance level.c. Availability is maintained through classification labeling of removable media.d. The removable media must be protected under the same restrictions as data with the same classification.
A

D: This is a true statement. The removable media must be protected under the same restrictions as data with the same classification.

50
Q
  1. At the end of the useful lifetime of a removable media with a high security classification level, what should occur?a. it should be incineratedb. it should be purged for re-usec. it should be cleaned for use in any security domaind. it should be stored in a retention vault
A

A: At the end of the useful lifetime of a removable media with a high security classification level, that media should be destroyed, such as by incineration.

51
Q
  1. Without _________________ there is no security.a. removable media usage controlsb. physical access controlsc. access control listsd. firewalls
A

B: Without physical access controls there is no security.

52
Q
  1. The purpose of audit trails is to?a. detect normal activityb. test system securityc. validate trustd. recreate events
A

D: The purpose of audit trails is to recreate events.

53
Q
  1. The goal of audit trails is to?a. check compliance with security policyb. evaluate the cost effectiveness of safeguardsc. provide a risk analysis treatment of an environmentd. keep security administrators busy
A

A: The goal of audit trails is to check compliance with security policy.

54
Q
  1. The first activity that must be performed when employing penetration testing to test the effectiveness of your security perimeter is to?a. develop an attack planb. obtain management approvalc. collect the attack toolsd. produce a results report
A

B: Obtaining management approval is always the first step when using penetration testing.

55
Q
  1. What is a clipping level?a. The point at which a monitoring device is unable to process further data due to saturationb. The point at which normal activity is distinguished from abnormalc. The point at which a device experiences a power surge and thus an operational failured. The rate at which a firewalls access ports are scanned when under attack
A

B: The clipping level is the point at which normal activity is distinguished from abnormal.

56
Q
  1. When an activity crosses or exceeds the clipping level, what occurs?a. access is deniedb. the intruder is moved to a padded cellc. a violation report is generatedd. the firewall disables further communications
A

C: When the clipping level is exceeded a violation report is generated.

57
Q
  1. Clipping levels are useful for detecting all but which of the following?a. repetitive mistakesb. individuals exceeding their authorized privilegesc. serious intrusion attemptsd. slow low-volume attacks
A

D: Slow low-volume attacks are typically not detected through the use of clipping levels. Slow low-volume attacks are lost in the bulk of normal expected activity.

58
Q
  1. The final step in penetration testing is?a. deploying new safeguardsb. performing risk analysisc. reporting findingsd. exploiting discovered vulnerabilities
A

C: The final step in penetration testing is reporting findings.

59
Q
  1. An audit log should contain all but which of the following?a. time and data of violationb. location (physical or logical) of incidentc. what event violated the security policyd. biometric profile of the offending user account
A

D: An audit log will not contain the biometric profiles for individuals, those are stored in the security database. Only the user account name or ID number will appear in the audit log.

60
Q
  1. Which of the following is not considered an important security issue related to audit trails?a. purging of audit mediab. retention and protection of audit mediac. protection against alterationd. support of availability of audit media
A

A: Purging of audit media should be avoided. Audit details should be retained for historical comparisons.

61
Q
  1. Violating the confidentiality of sensitive data is what type of inappropriate activity?a. abuse of privilegesb. waste of corporate resourcesc. inappropriate contentd. vandalism
A

A: Violating the confidentiality of sensitive data is an abuse of privileges.

62
Q
  1. Which of the following is not a computer crime even if it results in a serious financial loss to your organization?a. fraudb. input error or omissionc. eavesdroppingd. war dialing
A

B: An input error or omission is not a computer crime even if it results in a serious financial loss to your organization. It is simply an unwanted activity.

63
Q
  1. Which of the following is an example of piggybacking?a. cutting through a wire fenceb. re-transmitting intercepted packets c. passing through a door opened by another person who used a keyd. decrypting the content of secured communication sessions
A

C: Passing through a door opened by another person who used a key is an example of piggybacking.

64
Q
  1. Which of the following is not a countermeasure to traffic or trend analysis?a. message paddingb. transmission of noisec. covert channel analysisd. encrypting individual messages
A

D: Encrypting individual messages is not an effective countermeasure to traffic or trend analysis.

65
Q
  1. The goal of penetration testing is?a. altering the security policyb. placing blame for security violationsc. evaluate the existing security protectiond. tricking management into purchasing new security solutions
A

C: The goal of penetration testing is to evaluate the existing security protection.

66
Q
  1. If you want to discover how much data can be learned about your environment from external users, your penetration attack team should have ____ knowledge. a. partialb. disclosedc. fulld. zero
A

D: A penetration attack team with zero knowledge will be able to clearly demonstrate how much information can be discovered about your environment from the outside.

67
Q
  1. Which of the following is not considered a standard step or element in the process of penetration testing?a. safeguard tuningb. discoveryc. enumerationd. exploitation
A

A: Safeguard tuning is not an element of penetration testing.

68
Q
  1. When performing a penetration attack on your own system, which of the following activities would not be performed during the discovery phase?a. foot printingb. social engineeringc. scavengingd. dumpster diving
A

B: Social engineering requires some level of data already known in order to be effective. Social engineering usually takes place in the enumeration, vulnerability mapping, or exploitation phases of penetration testing.

69
Q
  1. What is the purpose of interim reports by security auditors?a. used to communicate regarding items that need immediate attentionb. used to keep the length of the final report to a minimumc. used to provide process reports to managementd. used to request additional clarifications on audit objectives
A

A: The purposed of interim reports is to communicate regarding items that need immediate attention.

70
Q
  1. Oral reports can be used instead of written reports for which of the following?a. findings reportb. interim reportsc. final reportd. objectives definition report
A

B: Oral reports can be used for interim reports only.

71
Q
  1. What is the purpose of the exit conference?a. place blame for security deficienciesb. recommendation of countermeasuresc. discuss issues with all relevant and effected partiesd. rebuttal of auditing objectives
A

C: The purpose of the exit conference is to discuss issues with all relevant and effected parties.

72
Q
  1. Which of the following identifies the goals of auditing?a. problem identification and object identificationb. problem identification and problem resolutionc. problem identification and risk evaluationd. problem identification and safeguard Selection
A

B: The goals of auditing are problem identification and problem resolution.

73
Q
  1. Which of the following is used to locate significant information within audit trails?a. scavengingb. data diddlingc. data miningd. random access
A

C: Data mining is used to locate significant information within audit trails.

74
Q
  1. Reviews and evaluations of the security solutions of an environment are often performed by?a. senior managementb. end usersc. the risk assessment teamd. external consultants
A

D: External consultants, specifically analysis or auditors, are commonly used to perform reviews and evaluations of the security solutions of an environment.

75
Q
  1. Once auditing discovers a problem, what is the next step?a. countermeasure Selectionb. problem managementc. risk analysisd. security policy modification
A

B: Once a problem is discovered through auditing, the next step is problem management.

76
Q
  1. Which of the following is not a primary goal of problem management?a. reduce failures to a reasonable levelb. prevent re-occurrence of discovered problemsc. maintain cost effectiveness of countermeasuresd. mitigate negative impact of problems
A

C: Maintaining the cost effectiveness of countermeasures is a secondary goal of problem management. In many cases it is an automatic benefit of the risk analysis aspect of problem management.

77
Q
  1. Which of the following is not considered an inappropriate activity?a. viewing political content while at workb. using company resources to sell personal items on eBayc. accessing resources for which you have no legitimate work task requirementsd. consuming all of the bandwidth of a WAN connection performing a required data transfer
A

D: Performing a work task is always an appropriate activity, even if the results are not always acceptable.

78
Q
  1. Which of the following is not considered a browsing attack?a. viewing another user’s filesb. shoulder surfingc. going through someone’s trashd. extracting data from a purged media.
A

D: Extracting data from purged media is a scavenging attack, not a browsing attack.

79
Q
  1. When an intruder enters through a secured doorway by tagging along with an authorized user, this is known as?a. Social engineeringb. Spoofingc. Piggybackingd. Eavesdropping
A

C: When an intruder enters through a secured doorway by tagging along with an authorized user this is known as piggybacking.

80
Q
  1. When should the final report from an auditor be issued?a. After interim reportsb. During the exit conferencec. At the beginning of the auditing processd. After the exit conference
A

D: The final report should be issued after the exit conference.

81
Q
  1. Who is ultimately responsible for implementing the changes recommended in the findings report from an external auditor?a. senior managementb. end usersc. internal auditorsd. system managers
A

A: Senior management is responsible for the selection and delegation of implementation of the changes recommended in the findings report from an external auditor.

82
Q
  1. Traffic or trend analysis is primarily concerned with?a. the amount of data traveling to another systemb. the content of network packetsc. the application used in a communicationd. the user account and password associated with a communication session
A

A: Traffic or trend analysis is primarily concerned with the amount of data traveling to another system.

83
Q
  1. Initial program load vulnerabilities include all but which of the following?a. booting from a CDb. turning off the powerc. using alternate boot menud. accessing CMOS
A

B: IPL vulnerabilities do not include removing power from a system.

84
Q
  1. Which of the following is not true in regards to superzap?a. it can bypass system security mechanismsb. is not easily detectedc. its use is usually logged by the systemd. used to recovery from system freezes
A

C: Superzap is usually not logged by the system because it by passes the auditing capabilities, as well as the access controls of the system.

85
Q
  1. Countermeasures against traffic or trend analysis include all but which of the following?a. Message paddingb. Noise transmissionc. Encrypting transmitted messagesd. Analyzing covert channel usage
A

C: The encryption of message traffic will not alter the traffic patterns themselves that is the focus of traffic or trend analysis.

86
Q
  1. Improving employee motivation and job satisfaction is a countermeasure against all but which of the following attacks?a. Disgruntled employeesb. Collusionc. Sabotaged. Violation of non disclosure agreement
A

C: Sabotage requires additional countermeasures, such as monitoring, physical controls, preventative controls, etc.

87
Q
  1. Trusted recovery is concerned with all but which of the following conditions?a. Hot swapping of a failed RAID member driveb. System rebootc. Emergency system restartd. Cold system boot
A

A: Trusted recovery is not concerned with the hot swapping of a failed RAID member drive.

88
Q
  1. The most important aspect of security controls is?a. The need to be transparent to the userb. They must be simplec. They should be obvious to the userd. They can be circumvented by a superzap tool
A

A: Security controls need to be transparent to the user.

89
Q
  1. Which of the following is not an immediate goal of auditing?a. Identifying IT eventsb. Preventing attacksc. Recording information about problemsd. Maintaining a historical record of IT activities
A

B: Preventing attacks is an indirect goal of auditing. Auditing itself offers no direct means to prevent attacks.

90
Q
  1. Which of the following is not an auditing technique used to protect your IT environment?a. Intrusion Detection Systemb. Port scanningc. Dumpster divingd. Packet sniffing
A

C: Dumpster diving is rarely if ever used as a means to improve security of an organization, most often it is used as a data gathering mission for an attack.

91
Q
  1. An audit trail should include all but which of the following elements?a. Information about the date and time of the violationb. Information pinpointing the origin or source of the attack, intrusion, or violationc. The user account under which the violation was perpetratedd. The cost of the loss imposed by the violation
A

D: The cost of the loss is not an element recorded in the audit trail. That issue is determined by a asset valuation and risk analysis.

92
Q
  1. Which of the following is not considered a threat to operational security?a. Responding to hostile customers via e-mailb. Conducting private business on the company’s IT infrastructurec. Distributing sexually charged material to coworkersd. Revealing the contexts of sensitive documents to users outside the realm of need-to-know
A

A: This is not directly considered a threat to operational security. Unfortunately, hostile customers are a fact of doing business.

93
Q
  1. Monitoring the patterns of packets transmitted over a network or a communications link without knowing the contents of those packets is known as?a. Packet sniffingb. Trend analysisc. Man-in-the-middle attackd. Teardrop attack
A

B: Monitoring the patterns of packets transmitted over a network or a communications link without knowing the contents of those packets is known as trend or traffic analysis.

94
Q
  1. The data that can be accessed on an erased media is known as?a. Private datab. Residual logistical datac. Covert channel datad. Data remanence
A

D: Data remaining on an erased media is known as data remanence.

95
Q
  1. Which of the following is not a form of auditing that can be used to gather information about your environment for an intrusion attack attempt?a. Social engineeringb. Packet sniffingc. Port scanningd. Intrusion Detection System
A

D: An IDS is typically within the private network and inaccessible to external users and therefore cannot serve as a data gathering source for an attempted intrusion attack. IDS is vulnerable as a source of data about an organization after an intrusion is successful.

96
Q
  1. Before it can be performed against you by a malicious attacker, what should you use against your IT infrastructure first?a. Penetration testingb. Social engineeringc. Dumpster divingd. War dialing
A

A: You should perform penetration testing against your own IT infrastructure before an attacker. If you discover a fault, you can fix it. If an attacker discovers a fault, they may exploit it.

97
Q
  1. Violation analysis employs a technique that detects abnormal levels of activity that have exceeded what?a. Saturation pointb. Clipping levelc. Quota leveld. Tuple
A

B: A clipping level is a baseline of normal activity used to discern abnormal or malicious activity when that baseline is crossed or exceeded.

98
Q
  1. Which of the following is not a typical activity that causes a violation report to be created?a. Repetitive mistakes that exceed the clipping levelb. Users who attempt to exceed their access or privilegesc. Several users performing normal work tasks that consume significant system resources without exceeding a clipping leveld. Patterns of intrusion attempts
A

C: This activity will not produce a violation report.

99
Q
  1. The main categories of access control does not include?a. Administrative access controlb. Logical access controlc. Random access controld. Physical access control
A

C: Random access control. Random access control is a distractor. Access control categories are Logical access control, Technical access control, Physical access control and Administrative access control.

100
Q
  1. The discloser of confidential information to another employee by the action of that employee viewing your system’s screen or keyboard is known as?a. Shoulder surfingb. Social engineeringc. Espionaged. Enticement
A

A: Shoulder surfing is the act of disclosing confidential information to another employee by the action of that employee viewing your system’s screen or keyboard.

101
Q
  1. The ability of a system to terminate applications and services that attempt invalid or security violating activities is known as?a. Fail-overb. Trusted recoveryc. Trusted computer based. Fail-safe
A

D: The ability of a system to terminate applications and services that attempt invalid or security violating activities is known as fail-safe.

102
Q
  1. Which of the following activities most strongly encourages users to comply with security polices?a. Awareness trainingb. Separation of dutiesc. Principle of least privileged. Activity monitoring
A

D: Activity monitoring most strongly encourages users to comply with security polices

103
Q
  1. Session hijacking can not be accomplished by which of the following?a. Spoofing IP addressesb. Juggernautc. Huntd. Smurf
A

D: Smurf is a denial of service attack.

104
Q
  1. Which backup method offers the fastest means to restore a failed system with minimal data loss?a. Daily copy backupsb. A weekly full backup with daily incremental backupsc. A weekly full backup with daily differential backupsd. Only weekly full backups
A

C: A weekly full backup with daily differential backups offers the fastest restore path, only two tapes needed, and provides for the least amount of data loss, only up to hours of lost changes.

105
Q
  1. Which of the following is often compromised into supporting spamming?a. E-mail clientsb. Relay agentsc. SNMP serversd. IP routing tables
A

B: Relay agents are often exploited into distributing spam, sometimes known as SMTP relay agents.

106
Q
  1. An attack that re-routes packets by altering network addresses in the routing table or DNS system is known as?a. Masqueradingb. Spoofingc. Hijackingd. Superzapping
A

C: Hijacking is an attack that re-routes packets by altering network addresses in the routing table or DNS system.

107
Q
  1. Which of the following cannot be used to block access at the perimeter of a network?a. Firewallb. Routerc. IDSd. Proxy server
A

C: IDS will detect network perimeter access, but it does not block access.

108
Q
  1. Which of the following is not considered a serious issue with network sniffers in regards to violating network security?a. Their ability to decode the content of captured packetsb. Their ability to use an extended bufferc. Their ability to edit packets and re-transmit themd. Their ability to view all traffic on a wire
A

B: This is not a serious security threat of network sniffers when used by an attacker. However, the ability of a network sniffer to save a captured buffer to the hard drive is a serious security threat.

109
Q
  1. The documents of a formalized security structure are examples of what type of security control?a. Correctiveb. Preventativec. Directived. Detective
A

C: The documents of a formalized security structure, such as policies, standards, guidelines, and procedures, are examples of directive security controls.

110
Q
  1. An attack that employs default accounts and settings on newly installed devices, OS’s, or software is known as?a. Keyboard attacksb. Maintenance Account attacksc. Laboratory attacksd. Initial Program Load attacks.
A

B: Maintenance Account attacks employ default accounts and settings on newly installed devices, OS’s, or software.

111
Q
  1. What is the first and most important step in performing vulnerability testing or ethical hacking?a. Deploying security measuresb. Backing up the networkc. Scanning for vulnerabilitiesd. Obtaining senior management approval
A

D: The first and most important step in performing vulnerability testing or ethical hacking is obtaining senior management approval.

112
Q
  1. The cyber crime that involves the gathering of data from various sources including the IT infrastructure itself as well as physical evidence within the facility is known as?a. Scavengingb. Dumpster divingc. Social engineeringd. Data diddling
A

A: Scavenging is the cyber crime that involves the gathering of data from various sources including the IT infrastructure itself as well as physical evidence within the facility.

113
Q
  1. Which of the following is not a useful activity to improve perimeter security?a. Disable service bannersb. Update anti-virus softwarec. Disable unnecessary portsd. Use public IP addresses inside the network
A

D: Using public IP addresses inside the network does not improve perimeter security, it actually makes intrusions and attacks easier.

114
Q
  1. A RAID array is an example of what type of security control?a. Detectiveb. Recoveryc. Administratived. Physical
A

B: RAID is an example of a recovery control, since RAID offers fault-tolerance and can continue functioning with the loss of a single drive member.

115
Q
  1. Which of the following is not a vulnerability scanning tool?a. SATANb. Tracertc. Nessusd. Nmap
A

B: Tracert is used to view the hops between two systems, it is not a vulnerability scanning tool.

116
Q
  1. What is system fingerprinting?a. A tool used by security administrators to examine the state of security on their networksb. A process of testing the security mechanisms of a networkc. A method of gathering information about a network to be used in an intrusion or attack attemptd. A biometric device that provides authentication for remote networks
A

C: System fingerprinting is a method of gathering information about a network to be used in an intrusion or attack attempt.

117
Q
  1. Which of the following is the primary countermeasure to session hijacking?a. IPSec AHb. Proxy serversc. Strong passwordsd. Intrusion detection system
A

A: IPSec’s Authentication Header mode is the primary countermeasure to session hijacking.

118
Q
  1. TCP wrappers is useful for what?a. Protecting against port scanningb. Securing Internet communicationsc. Blocking VPN eavesdroppingd. Preventing spoofing
A

A: TCP wrappers is a tool that is used as a protection against port scanning.

119
Q
  1. Which form of IT communications is the most vulnerable to spoofing?a. Telnetb. FTPc. Webd. E-mail
A

D: E-mail is the most vulnerable communication means to spoofing.

120
Q
  1. Verifying the sequence numbers on filed departmental financial reports is what form of control?a. Detectiveb. Preventativec. Correctived. Recovery
A

A: Verifying the sequence numbers on filed departmental financial reports is a detective control.

121
Q
  1. Brute force and dictionary are forms of what?a. Denial of service attacksb. Password attacksc. Social engineering attacksd. Trend analysis attacks
A

B: Brute force and dictionary are forms of password attacks.

122
Q
  1. Countermeasures to a dictionary attack includes all but which of the following?a. Strong password policyb. Use of non-keyboard charactersc. Firewall deploymentd. Account lockout
A

C: Firewalls do not protect against dictionary password attacks.

CISSP (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions