All 8 Domains Flashcards by Josh Selkirk

Within the realm of IT security , which of the following combinations best defines risk?

A. Threat coupled with a breach
B. Threat coupled with a vulnerability
C. Vulnerability coupled with an attack
D. Threat coupled with a breach of security

How well did you know this?

Not at all

Perfectly

When determining the value of an intangible asset which is the BEST approach?

A. Determine the physical storage costs and multiply by the expected life of the company
B. With the assistance of a finance accounting professional determine how much profit the asset has returned
C. Review the depreciation of the intangible asset over the past three years
D. Use the historical acquisition or development cost of the intangible asset

How well did you know this?

Not at all

Perfectly

Qualitative risk assessment is earmarked by which of the following?

A. Ease of implementation and it can be completed by personnel with a limited understanding of the risk assessment process
B. Can be completed by personnel with a limited understanding of the risk assessment process and uses detailed metrics used for calculation of risk
C. Detailed metrics used for calculation of risk and ease of implementation
D. Can be completed by personnel with a limited understanding of the risk assessment process and detailed metrics used for the calculation of risk.

How well did you know this?

Not at all

Perfectly

Single loss expectancy (SLE) is calculated by using:

A. Asset value and annualized rate of occurrence (ARO)B. Asset value, local annual frequency estimate (LAFE), and standard annual frequency estimate (SAFE)
C. Asset value and exposure factor
D. Local annual frequency estimate and annualized rate of occurrence

C*The formula for calculating SLE is SLE = asset value (in $) X exposure factor (loss in successful threat exploit, as %).

How well did you know this?

Not at all

Perfectly

Consideration for which type of risk assessment to perform includes all of the following:

A. Culture of the organization, likelihood of exposure and budget
B. Budget, capabilities of resources and likelihood of exposure
C. Capabilities of resources, likelihood of exposure and budget
D. Culture of the organization, budget, capabilities and resources

How well did you know this?

Not at all

Perfectly

Security awareness training includes:

A. Legislated security compliance objectives
B. Security roles and responsibilities for staff
C. The high-level outcome of vulnerability assessments
D. Specialized curriculum assignments, coursework and an accredited institution

How well did you know this?

Not at all

Perfectly

What is the minimum and customary practice of responsible protection of assets that affects a community or societal norm?

A. Due diligence
B. Risk mitigation
C. Asset protection
D. Due care

How well did you know this?

Not at all

Perfectly

Effective security management:

A. Achieves security at the lowest cost
B. Reduces risk to an acceptable level
C. Prioritizes security for new products
D. Installs patches in a timely manner

How well did you know this?

Not at all

Perfectly

Availability makes information accessible by protecting from:

A. Denial of services, fires, floods, hurricanes, and unauthorized transactions
B. Fires, floods, hurricanes, unauthorized transactions and unreadable backup tapes
C. Unauthorized transactions, fires, floods, hurricanes and unreadable backup tapes
D. Denial of services, fires floods, and hurricanes and unreadable backup tapes.

How well did you know this?

Not at all

Perfectly

Which phrase best defines a business continuity/disaster recover plan?

A. A set of plans for preventing a disaster.
B. An approved set of preparations and sufficient procedures for responding to a disaster.
C. A set of preparations and procedures for responding to a disaster without management approval.
D. The adequate preparations and procedures for the continuation of all organization functions.

How well did you know this?

Not at all

Perfectly

Which of the following steps should be performed first in a business impact analysis (BIA)?

A. Identify all business units within an organization
B. Evaluate the impact of disruptive events
C. Estimate the Recovery Time Objectives (RTO)
D. Evaluate the criticality of business functions

How well did you know this?

Not at all

Perfectly

Tactical security plans are BEST used to:

A. Establish high-level security policies
B. Enable enterprise/entity-wide security management
C. Reduce downtime
D. Deploy new security technology

How well did you know this?

Not at all

Perfectly

Who is accountable for implementing information security?

A. Everyone
B. Senior management
C. Security officer
D. Data owners

How well did you know this?

Not at all

Perfectly

Security is likely to be most expensive when addressed in which phase?

A. Design
B. Rapid prototyping
C. Testing
D. Implementation

How well did you know this?

Not at all

Perfectly

Information systems auditors help the organization:

A. Mitigate compliance issues
B. Establish an effective control environment
C. Identify control gaps
D. Address information technology for financial statements

How well did you know this?

Not at all

Perfectly

The Facilitated Risk Analysis Process (FRAP)

A. makes a base assumption that a broad risk assessment is the most efficient way to determine risk in a system, business segment, application or process.
B. makes a base assumption that a narrow risk assessment is the most efficient way to determine risk in a system, business segment, application or process.
C. makes a base assumption that a narrow risk assessment is the least efficient way to determine risk in a system, business segment, application or process.
D. makes a base assumption that a broad risk assessment is the least efficient way to determine risk in a system, business segment, application or process.

How well did you know this?

Not at all

Perfectly

Setting clear security roles has the following benefits:

A. Establishes personal accountability, reduces cross-training requirements and reduces departmental turf battles
B. Enables continuous improvement, reduces cross-training requirements and reduces departmental turf battles
C. Establishes personal accountability, establishes continuous improvement and reduces turf battles
D. Reduces departmental turf battles, Reduces cross-training requirements and establishes personal accountability

How well did you know this?

Not at all

Perfectly

Well-written security program policies are BEST reviewed:

A. At least annually or at pre-determined organization changes
B. After major project implementations
C. When applications or operating systems are updated
D. When procedures need to be modified

How well did you know this?

Not at all

Perfectly

An organization will conduct a risk assessment to evaluate

A. Threats to its assets, vulnerabilities not present in the environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on the organization, the residual risk
B. Threats to its assets, vulnerabilities present in the environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on another organization, the residual risk
C. Threats to its assets, vulnerabilities present in the environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on the organization, the residual risk
D. threats to its assets, vulnerabilities present in the environment, the likelihood that a threat will be realized by taking advantage of an exposure, the impact that the exposure being realized will have on the organization, the total risk

How well did you know this?

Not at all

Perfectly

A security policy which will remain relevant and meaningful over time includes the following:

A. Directive words such as shall, must, or will, technical specifications and is short in length
B. Defined policy development process, short in length and contains directive words such as shall, must or will
C. Short in length, technical specifications and contains directive words such as shall, must or will
D. Directive words such as shall, must, or will, defined policy development process and is short in length

How well did you know this?

Not at all

Perfectly

The ability of one person in the finance department to add vendors to the vendor database and subsequently pay the vendor violates which concept?

A. A well-formed transaction
B. Separation of duties
C. Least privilege
D. Data sensitivity level

How well did you know this?

Not at all

Perfectly

Collusion is best mitigated by:

A. Job rotation
B. Data classification
C. Defining job sensitivity level
D. Least privilege

How well did you know this?

Not at all

Perfectly

Data access decisions are best made by:

A. User managers
B. Data owners
C. Senior management
D. Application developer

How well did you know this?

Not at all

Perfectly

Which of the following statements BEST describes the extent to which an organization should address business continuity or disaster recovery planning?

A. Continuity planning is a significant organizational issue and should include all parts or functions of the company.
B. Continuity planning is a significant technology issue and the recovery of technology should be its primary focus.
C. Continuity planning is required only where there is complexity in voice and data communications.
D. Continuity planning is a significant management issue and should include the primary functions specified by management.

How well did you know this?

Not at all

Perfectly

25. Business impact analysis is performed to BEST identify: A. The impacts of a threat to the organization operations. B. The exposures to loss to the organization. C. The impacts of a risk on the organization. D. The cost efficient way to eliminate threats.

26. During the risk analysis phase of the planning, which of the following actions could BEST manage threats or mitigate the effects of an event? A. Modifying the exercise scenario. B. Developing recovery procedures. C. Increasing reliance on key individuals D. Implementing procedural controls

27. The BEST reason to implement additional controls or safeguards is to: A. deter or remove the risk. B. identify and eliminate the threat. C. reduce the impact of the threat D. identify the risk and the threat.

28. Which of the following statements BEST describes organization impact analysis? A. Risk analysis and organization impact analysis are two different terms describing the same project effort. B. A organization impact analysis calculates the probability of disruptions to the organization. C. A organization impact analysis is critical to development of a business continuity plan. D. A organization impact analysis establishes the effect of disruptions on the organization.

29. The term "disaster recovery" refers to the recovery of: A. organization operations. B. technology environment. C. manufacturing environment. D. personnel environments.

30. Which of the following terms BEST describes the effort to determine the consequences of disruptions that could result from a disaster? A. Business impact analysis. B. Risk analysis. C. Risk assessment. D. Project problem definition

31. The elements of risk are as follows: A. Natural disasters and manmade disasters B. Threats, assets and mitigating controls C. Risk and business impact analysis D. business impact analysis and mitigating controls

32. Which of the following methods is not acceptable for exercising the business continuity plan? A. Table-top exercise. B. Call exercise. C. Simulated exercise. D. Halting a production application or function.

33. Which of the following is the primary desired result of any well-planned business continuity exercise? A. Identifies plan strengths and weaknesses. B. Satisfies management requirements. C. Complies with auditor's requirements. D. Maintains shareholder confidence

34. A business continuity plan is best updated and maintained: A. Annually or when requested by auditors. B. Only when new versions of software are deployed. C. Only when new hardware is deployed. D. During the configuration and change management process.

35. Which of the following is MOST important for successful business continuity? A. Senior leadership support. B. Strong technical support staff. C. Extensive wide are network infrastructure. D. An integrated incident response team.

36. A service's recovery point objective is zero. Which approach BEST ensures the requirement is met? A. RAID 6 with a hot site alternative. B. RAID 0 with a warm site alternative C. RAID 0 with a cold site alternative D. RAID 6 with a reciprocal agreement.

37. The (ISC)2 code of ethics resolves conflicts between canons by: A. there can never be conflicts between canons. B. working through adjudication. C. the order of the canons. D. vetting all canon conflicts through the board of directors.

1. In the event of a security incident, one of the primary objectives of the operations staff is to ensure that: A. the attackers are detected and stopped. B. there is minimal disruption to the organization's mission. C. appropriate documentation about the event is maintained as chain of evidence. D. the affected systems are immediately shut off to limit the impact.

2. Good data management practices include: A. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data. B. Data quality procedures at some stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, ongoing data audit to monitor the use and asses effectiveness of management practices and the integrity of existing data. C. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to discussed data management practices, ongoing data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data. D. Data quality procedures at all stages of the data management process, verification and validation of accuracy of the data, adherence to agreed upon data management practices, intermittent data audit to monitor the use and assess effectiveness of management practices and the integrity of existing data.

3. Issues to be considered by the security practitioner when establishing a data policy include: A. Cost, Due Care and Due Diligence, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process. B. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Future Law & Policy Requirements, Policy and Process. C. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Procedure. D. Cost, Ownership and Custodianship, Privacy, Liability, Sensitivity, Existing Law & Policy Requirements, Policy and Process.

4. The information owner typically has the following responsibilities: A. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be archived. B. Determine the impact the information has on the mission of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed. C. Determine the impact the information has on the policies of the organization, understand the replacement cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should not be released, know when the information is inaccurate or no longer needed and should be destroyed. D. Determine the impact the information has on the mission of the organization, understand the creation cost of the information, determine who in the organization or outside of it has a need for the information and under what circumstances the information should be released, know when the information is inaccurate or no longer needed and should be destroyed.

5. QA/QC mechanisms are designed to prevent data contamination, which occurs when a process or event introduces either of which two fundamental types of errors into a dataset: (choose TWO) A. Errors of commission B. Errors of insertion C. Errors of omission D. Errors of creation

A, C

6. Some typical responsibilities of a data custodian may include: (Choose ALL that apply) A. Adherence to appropriate and relevant data policy and data ownership guidelines. B. Ensuring accessibility to appropriate users, maintaining appropriate levels of dataset security. C. Fundamental dataset maintenance, including but not limited to data storage and archiving. D. Assurance of quality and validation of any additions to a dataset, including periodic audits to assure ongoing data integrity.

A, B, C, and D

7. The objectives of data documentation are to : (Choose ALL that apply) A. Ensure the longevity of data and their re-use for multiple purposes B. Ensure that data users understand the content context and limitations of datasets C. Facilitate the confidentiality of datasets D. Facilitate the interoperability of datasets and data exchange

A, B, and D

8. Benefits of data standards include: A. more efficient data management, decreased data sharing, higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources. B. more efficient data management, increased data sharing, higher quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information resources. C. more efficient data management, increased data sharing, medium quality data, improved data consistency, decreased data integration, better understanding of data, improved documentation of information resources. D. more efficient data management, increased data sharing, highest quality data, improved data consistency, increased data integration, better understanding of data, improved documentation of information metadata.

9. When classifying data, the security practitioner needs to determine the following aspects of the policy: (Choose ALL that apply) A. who has access to the data B. What methods should be used to dispose of the data C. how the data is secured D. whether the data needs to be encrypted

A, B, C, and D

10. The major benefit of information classification is to: A. map out the computing ecosystem B. identify the threats and vulnerabilities C. determine the software baseline D. identify the appropriate level of protection needs

11. When sensitive information is no longer critical but still within the scope of a record retention policy , that information is BEST: A. Destroyed B. Re-categorized C. Degaussed D. Released

12. What are the FOUR phases of the equipment lifecycle? A. Defining requirements, acquiring and implementing, operations and maintenance, disposal and decommission. B. Acquiring requirements, defining and implementing, operations and maintenance, disposal and decommission. C. Defining requirements, acquiring and maintaining, implementing and operating, disposal and decommission. D. Defining requirements, acquiring and implementing, operations and decommission, maintenance and disposal.

13. Which of the following BEST determines the employment suitability of an individual? A. Job rank or title B. Partnership with the security team C. Role D. Background investigation

14. The best way to ensure that there is no data remnants of sensitive information that was once stored on a DVD-R media is by A. Deletion B. Degaussing C. Destruction D. overwriting

15. Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue? A. Incident management B. Problem management C. Change management D. Configuration management

16. Before applying a software update to production systems, it is MOST important that: A. Full disclosure information about the threat that the patch addresses is available B. The patching process is documented C. The production systems are backed up D. An independent third party attests the validity of the patch

1. A holistic lifecycle for developing security architecture that begins with assessing business requirements and subsequently creating a ‘chain of traceability’ through phases of strategy, concept, design, implementation and metrics is characteristic of which of the following frameworks? A. Zachman B. SABSA C. ISO 27000 D. TOGAF

2. While an Enterprise Security Architecture (ESA) can be applied in many different ways, it is focused on a few key goals. Identify the proper listing of the goals for the ESA: A. It represents a simple, long term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a fixed approach to current and future threats and also the needs of peripheral functions B. It represents a simple, long term view of control, it provides a unified vision for common security controls, it leverages new technology investments, it provides a flexible approach to current and future threats and also the needs of core functions C. It represents a complex, short term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a flexible approach to current and future threats and also the needs of core functions. D. It represents a simple, long term view of control, it provides a unified vision for common security controls, it leverages existing technology investments, it provides a flexible approach to current and future threats and also the needs of core functions

3. Which of the following can BEST be used to capture detailed security requirements? A. Threat modeling, covert channels, and data classification B. Data classification, risk assessments, and covert channels C. Risk assessments, covert channels, and threat modeling D. Threat modeling, data classification, and risk assessments

4. Which of the following security standards is internationally recognized as the standards for sound security practices and is focused on the standardization and certification of an organization’s Information Security Management System (ISMS)? A. ISO 15408 B. ISO 27001 C. ISO 9001 D. ISO 9146

5. Which of the following describes the rules that need to be implemented to ensure that the security requirements are met? A. Security kernel B. Security policy C. Security model D. Security reference monitor

6. A two-dimensional grouping of individual subjects into groups or roles and granting access to groups to objects is an example of which of the following types of models? A. Multilevel lattice B. State machine C. Non-interference D. Matrix-based

7. Which of the following models ensures that a subject with clearance level of ‘Secret’ has the ability to write only to objects classified as ‘Secret’ or ‘Top Secret’ but is prevented from writing information classified as ‘Public’? A. Biba-Integrity B. Clark-Wilson C. Brewer-Nash D. Bell-LaPadula

8. Which of the following is unique to the Biba Integrity Model? A. Simple property B. \* (star) property C. Invocation property D. Strong \* property

9. Which of the following models is BEST considered in a shared data-hosting environment so that the data of one customer is not disclosed to a competitor or other customers sharing that hosted environment? A. Brewer-Nash B. Clark-Wilson C. Bell-LaPadula D. Lipner

10. Which of the following security models is primarily concerned with how the subjects and objects are created and how subjects are assigned rights or privileges? A. Bell-LaPadula B. Biba-Integrity C. Chinese Wall D. Graham-Denning

11. Which of the following ISO standards provides the evaluation criteria that can be used to evaluate security requirements of different products with different functions? A. 15408 B. 27000 C. 9100 D. 27002

12. In the Common Criteria, the common set of functional and assurance requirements for a category of vendor products deployed in a particular type of environment are known as: A. Protection Profiles B. Security Target C. Trusted Computing Base D. Ring Protection

13. Which of the following evaluation assurance level that is formally verified, designed and tested is expected for high risk situation? A. EAL 1 B. EAL 3 C. EAL 5 D. EAL 7

14. Formal acceptance of an evaluated system by management is known as: A. Certification B. Accreditation C. Validation D. Verification

15. Which stage of the Capability Maturity Model (CMM) is characterized by having organizational processes that are proactive? A. Initial B. Managed C. Defined D. Optimizing

16. Which of the following BEST provides a method of quantifying risks associated with information technology when validating the abilities of new security controls and countermeasures to address the identified risks? A. Threat/risk assessment B. Penetration testing C. Vulnerability assessment D. Data classification

17. The TCSEC identifies two types of covert channels, what are they? (Choose TWO) A. Storage B. Boundary C. Timing D. Monitoring

A|C

18. Which of the following is the main reason for security concerns in mobile computing devices? A. The 3G/4G protocols are inherently insecure B. Lower processing power C. Hackers are targeting mobile devices D. The lack of anti-virus software.

19. In decentralized environments device drivers that enable the OS to control and communicate with hardware need to be securely designed, developed and deployed because they are: A. Typically installed by end-users and granted access to the supervisor state B. Typically installed by administrators and granted access to user mode state C. Typically installed by software without human interaction. D. Integrated as part of the operating system.

20. A system administrator grants rights to a group of individuals called “Accounting” instead of granting rights to each individual. This is an example of which of the following security mechanisms? A. Layering B. Data hiding C. Cryptographic protections D. Abstraction

21. Asymmetric key cryptography is used for the following: A. Encryption of data, Access Control, Steganography B. Steganography, Access control, Nonrepudiation C. Nonrepudiation, Steganography, Encryption of Data D. Encryption of Data, Nonrepudiation, Access Control

22. Which of the following supports asymmetric key cryptography? A. Diffie-Hellman B. Rijndael C. Blowfish D. SHA-256

23. What is an important disadvantage of using a public key algorithm compared to a symmetric algorithm? A. A symmetric algorithm provides better access control. B. A symmetric algorithm is a faster process. C. A symmetric algorithm provides nonrepudiation of delivery. D. A symmetric algorithm is more difficult to implement.

24. When a user needs to provide message integrity, what option is BEST? A. Send a digital signature of the message to the recipient B. Encrypt the message with a symmetric algorithm and send it C. Encrypt the message with a private key so the recipient can decrypt it with the corresponding public key D. Create a checksum, append it to the message, encrypt the message, and then send to recipient

25. A Certificate Authority (CA) provides which benefits to a user? A. Protection of public keys of all users B. History of symmetric keys C. Proof of nonrepudiation of origin D. Validation that a public key is associated with a particular user

26. What is the output length of a RIPEMD-160 hash? A. 160 bits B. 150 bits C. 128 bits D. 104 bits

27. ANSI X9.17 is concerned primarily with: A. Protection and secrecy of keys B. Financial records and retention of encrypted data C. Formalizing a key hierarchy D. The lifespan of key-encrypting keys (KKMs)

28. When a certificate is revoked, what is the proper procedure? A. Setting new key expiry dates B. Updating the certificate revocation list C. Removal of the private key from all directories D. Notification to all employees of revoked keys

29. Which is true about link encryption? A. Link encryption is advised for high-risk environments, provides better traffic flow confidentiality, and encrypts routing information. B. Link encryption is often used for Frame Relay or satellite links, is advised for high-risk environments and provides better traffic flow confidentiality. C. Link encryption encrypts routing information, is often used for Frame Relay or satellite links, and provides traffic flow confidentiality. D. Link encryption provides better traffic flow confidentiality, is advised for high-risk environments and provides better traffic flow confidentiality

30. NIST identifies three service models that represent different types of cloud services available, what are they? A. Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (Paas) B. Security as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a service (PaaS) C. Software as a Service (SaaS), Integrity as a Service (IaaS) and Platform as a Service (Paas) D. Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Process as a Service (Paas)

31. The process used in most block ciphers to increase their strength is: A. Diffusion B. Confusion C. Step function D. SP-network

32. Which of the following BEST describes fundamental methods of encrypting data: A. Substitution and transposition B. 3DES and PGP C. Symmetric and asymmetric D. DES and AES

33. Cryptography supports all of the core principles of information security except? A. Availability B. Confidentiality C. Integrity D. Authenticity

34. A way to defeat frequency analysis as a method to determine the key, is to use: A. Substitution ciphers B. Transposition ciphers C. Polyalphabetic ciphers D. Inversion ciphers

35. The running key cipher is based on: A. Modular arithmetic B. XOR mathematics C. Factoring D. Exponentiation

36. The only cipher system said to be unbreakable by brute force is: A. AES B. DES C. One-time pad D. Triple DES

37. The main types of implementation attacks include: (Choose ALL that apply) A. Fault analysis B. Known plaintext C. Probing D. Linear

A|C

38. Which is the BEST choice for implementing encryption on a smart card? A. Blowfish B. Elliptic Curve Cryptography C. TwoFish D. Quantum Cryptography

39. An e-mail with a document attachment from a known individual is received with a digital signature. The e-mail client is unable to validate the signature. What is the BEST course of action? A. Open the attachment to determine if the signature is valid. B. Determine why the signature can’t be validated prior to opening the attachment. C. Delete the e-mail D. Forward the e-mail to another address with a new signature.

40. The vast majority of Virtual Private Networks use: A. SSL/TLS and IPSec. B. El Gamal and DES. C. 3DES and Blowfish D. TwoFish and IDEA.

1. In the OSI reference model, on which layer can Ethernet (IEEE 802.3) A. Layer 1 - Physical layer B. Layer 2 - Data-link layer C. Layer 3 - Network layer D. Layer 4 - Transport layer

2. A customer wants to keep cost to a minimum and has only ordered a single static IP address from the ISP. Which of the following must be configured on the router to allow for all the computers to share the same public IP address? A. VLANs B. PoE C. PAT D. VPN

3. Users are reporting that some Internet websites Are not accessible anymore. Which of the following will allow the network administrator to quickly isolate the remote router that is causing the network communication issue, so that the problem can be reported to the appropriate responsible party? A. Ping B. Protocol analyzer C. Tracert D. Dig

4. Ann installs a new Wireless Access Point (WAP) and users are able to connect to it. However, once connected, users cannot access the Internet. Which of the following is the MOST likely cause of the problem? A. The signal strength has been degraded and latency is increasing hop count. B. An incorrect subnet mask has been entered in the WAP configuration. C. The signal strength has been degraded and packets are being lost. D. Users have specified the wrong encryption type and packets are being rejected.

5. What is the optimal placement for network-based intrusion detection systems (NIDS)? A. On the network perimeter, to alert the network administrator of all suspicious traffic B. On network segments with business-critical systems (e.g., demilitarized zones (DMZs) and on certain intranet segments) C. At the network operations center (NOC) D. At an external service provider

6. Which of the following end-point devices would MOST likely be considered part of a converged IP network? A. file server, IP phone, security camera B. IP phone, thermostat, cypher lock C. security camera, cypher lock, IP phone D. thermostat, file server cypher lock

7. Network upgrades have been completed and the WINS server was shutdown. It was decided that NetBIOS network traffic will no longer be permitted. Which of the following will accomplish this objective? A. Content filtering B. Port filtering C. MAC filtering D. IP filtering

8. Which of the following devices should be part of a network’s perimeter defense? A. A boundary router, A firewall, A proxy Server B. A firewall, A proxy server, A host based intrusion detection system (HIDS) C. A proxy server, A host based intrusion detection system (HIDS), A firewall D. A host based intrusion detection system (HIDS), A firewall, A boundary router

9. Which of the following is a principal security risk of wireless LAN’s A. Lack of physical access control B. Demonstrably insecure standards C. Implementation weaknesses D. War driving

10. Which of the following is a path vector routing protocol? A. RIP B. EIGRP C. OSPF/IS-IS D. BGP

11. It can be said that IPSec: A. Provides mechanisms for authentication and encryption. B. provides mechanisms for nonrepudiation. C. will only be deployed with IPv6. D. Only authenticates clients against a server.

12. A security Event Management (SEM) service performs the following function: A. Gathers firewall logs for archiving B. Aggregates logs from security devices and application servers looking for suspicious activity C. Reviews access controls logs on servers and physical entry points to match user system authorization with physical access permissions D. Coordination software for security conferences and seminars.

13. Which of the following is the principal weakness of DNS (Domain Name System)? A. Lack of authentication of servers, and thereby authenticity of records B. Its latency, which enables insertion of records between the time when a record has expired and when it is refreshed C. The fact that it is a simple, distributed, hierarchical database instead of a singular, relational one, thereby giving rise to the possibility of inconsistencies going undetected for a certain amount of time D. The fact that addresses in e-mail can be spoofed without checking their validity in DNS, caused by the fact that DNS addresses are not digitally signed

14. Which of the following statements about open e-mail relays is incorrect? A. An open e-mail relay is a server that forwards e-mail from domains other than the ones it serves. B. Open e-mail relays are a principal tool for distribution of spam. C. Using a blacklist of open e-mail relays provides a secure way for an e-mail administrator to identify open mail relays and filter spam. D. An open e-mail relay is widely considered a sign of bad system administration.

15. A botnet can be characterized as: A. An network used solely for internal communications B. An automatic security alerting tool for corporate networks C. A group of dispersed, compromised machines controlled remotely for illicit reasons. D. A type of virus

16. During a disaster recovery test, several billing representatives need to be temporarily setup to take payments from customers. It has been determined that this will need to occur over a wireless network, with security being enforced where possible. Which of the following configurations should be used in this scenario? A. WPA2, SSID enabled and 802.11 n. B. WEP, SSID enabled, and 802.11b. C. WEP, SSID disabled, and 802.11g. D. WPA2, SSID disabled, and 802.11a.

17. Which xDSL flavor delivers both downstream and upstream speeds of 1.544 MBps over two copper twisted pairs? A. HDSL B. SDSL C. ADSL D. VDSL

18. A new installation requires a network in a heavy manufacturing area with substantial amounts of electromagnetic radiation and power fluctuations. Which media is best suited for this environment if little traffic degradation is tolerated? A. Coax cable B. Wireless C. Shielded twisted pair D. Fiber

19. Multi-layer protocols such as Modbus used in industrial control systems… A. often have their own encryptions and security like IPv6 B. are used in modern routers as a routing interface control C. are often insecure by their very nature as they were not designed to natively operate over today’s IP networks D. Have largely been retired and replaced with newer protocols such as IPv6 and NetBIOS

20. Frame Relay and X.25 networks are part of which of the following? A. Circuit-switched services B. Cell-switched services C. Packet-switched services D. Dedicated digital services

1. Authentication is… A. the assertion of a unique identity for a person or system. B. the process of verifying the identity of the user. C. the process of defining the specific resources a user needs and determining the type of access to those resources the user may have. D. the assertion by management that the user should be given access to a system.

2. Which best describes access controls? A. Access controls are a collection of technical controls that permit access to authorized users, systems, and applications. B. Access controls help protect against threats and vulnerabilities by reducing exposure to unauthorized activities and providing access to information and systems to only those who have been approved. C. Access control is the employment of encryption solutions to protect authentication information during log-on. D. Access controls help protect against vulnerabilities by controlling unauthorized access to systems and information by employees, partners, and customers.

3. _______ requires that a user or process be granted access to only those resources necessary to perform assigned functions. A. Discretionary access control B. Separation of duties C. Least privilege D. Rotation of duties

4. What are the seven main categories of access control? A. Detective, corrective monitoring, logging, recovery, classification, and directive B. Directive, deterrent, preventative, detective, corrective, compensating, and recovery C. Authorization, identification, factor, corrective privilege, detective, and directive D. Identification, authentication, authorization, detective, corrective, recovery, and directive

5. What are the three types of access control? A. Administrative, physical, and technical B. Identification, authentication, and authorization C. Mandatory, discretionary, and least privilege D. Access management, and monitoring

6. What are types of failures in biometric identification systems? (Choose ALL that apply) A. False reject B. False positive C. False accept D. False negative

A|C

7. What best describes two-factor authentication? A. A hard token and a smart card B. A user name and a PIN C. A password and a PIN D. A PIN and a hard token

8. A potential vulnerability of the Kerberos authentication server is A. Single point of failure B. Asymmetric key compromise C. Use of dynamic passwords D. Limited lifetimes for authentication credentials

9. In mandatory access control the system controls access and the owner determines… A. Validation B. Need to know C. Consensus D. Verification

10. Which is the least significant issue when considering biometrics? A. Resistance to counterfeiting B. Technology type C. User acceptance D. Reliability and accuracy

11. Which is a fundamental disadvantage of biometrics? A. Revoking credentials B. Encryption C. Communications D. Placement

12. Role-based access control A. Is unique to mandatory access control B. Is independent of owner input C. Is based on user job functions D. Can be compromised by inheritance

13. Identity management is A. Another name for access controls B. A set of technologies and processes intended to offer greater efficiency in the management of a diverse user and technical environment C. A set of technologies and processes focused on the provisioning and decommissioning of user credentials D. A set of technologies and processes used to establish trust relationships with disparate systems

14. A disadvantage of single sign-on is A. Consistent time-out enforcement across platforms B. A compromised password exposes all authorized resources C. Use of multiple passwords to remember D. Password change control

15. Which of the following is incorrect when considering privilege management? A. Privileges associated with each system, service, or application, and the defined roles within the organization to which they are needed, should be identified and clearly documented. B. Privileges should be managed based on least privilege. Only rights required to perform a job should be provided to a user, group, or role. C. An authorization process and a record of all privileges allocated should be maintained. Privileges should not be granted until the authorization process is complete and validated. D. Any privileges that are needed for intermittent job functions should be assigned to multiple user accounts, as opposed to those for normal system activity related to the job function.

16. The Identity and Access Provisioning Lifecycle is made up of which phases? (Choose ALL that apply) A. Review B. Developing C. Provisioning D. Revocation

A|C|D

17. When reviewing user entitlement the security professional must be MOST aware of… A. Identity management and disaster recovery capability B. Business or organizational processes and access aggregation C. The organizational tenure of the user requesting entitlement D. Automated processes which grant users access to resources

18. A guard dog patrolling the perimeter of a data center is what type of a control? A. Recovery B. Administrative C. Logical D. Physical

1. Real User Monitoring (RUM) is an approach to Web monitoring that? A. Aims to capture and analyze select transactions of every user of a website or application. B. Aims to capture and analyze every transaction of every user of a website or application. C. Aims to capture and analyze every transaction of select users of a website or application. D. Aims to capture and analyze select transactions of select users of a website or application.

2. Synthetic performance monitoring, sometimes called proactive monitoring, involves? A. Having external agents run scripted transactions against a web application. B. Having internal agents run scripted transactions against a web application. C. Having external agents run batch jobs against a web application. D. Having internal agents run batch jobs against a web application.

3. Most security vulnerabilities are caused by one? (Choose ALL that apply) A. Bad programming patterns B. Misconfiguration of security infrastructures C. Functional bugs in security infrastructures D. Design flaws in the documented processes

A|B|C

4.When selecting a security testing method or tool, the security practitioner needs to consider many different things, such as: A. Culture of the organization and likelihood of exposure B. Local annual frequency estimate (LAFE), and standard annual frequency estimate (SAFE) C. Security roles and responsibilities for staff D. Attack surface and supported technologies

5. In the development stages where an application is not yet sufficiently mature enough to be able to be placed into a test environment, which of the following techniques are applicable: (Choose ALL that apply) A. Static Source Code Analysis and Manual Code Review B. Dynamic Source Code Analysis and Automatic Code Review C. Static Binary Code Analysis and Manual Binary Review D. Dynamic Binary Code Analysis and Static Binary Review

A|C

6. Software testing tenets include: (Choose Two) A. Testers and coders use the same tools B. There is independence from coding C. The expected test outcome is unknown D. A successful test is one that finds an error

B|D

7. Common Structural coverage metrics include: (Choose ALL that apply) A. Statement Coverage B. Path Coverage C. Asset Coverage D. Dynamic Coverage

A|B

8. What are the two main testing strategies in software testing? A. Positive and Dynamic B. Static and Negative C. Known and Recursive D. Negative and Positive

9. What is the reason that an Information Security Continuous Monitoring (ISCM) program is established? A. To monitor information in accordance with dynamic metrics, utilizing information readily available in part through implemented security controls B. To collect information in accordance with pre-established metrics, utilizing information readily available in part through implemented security controls C. To collect information in accordance with pre-established metrics, utilizing information readily available in part through planned security controls D. To analyze information in accordance with test metrics, utilizing information readily available in part through implemented security controls

10. The process for developing an ISCM strategy and implementing an ISC M program is? A. Define, analyze, implement, establish, respond, review and update B. Analyze, implement, define, establish, respond, review and update C. Define, establish, implement, analyze, respond, review and update D. Implement, define, establish, analyze, respond, review and update

11. The NIST document that discusses the Information Security Continuous Monitoring (ISCM) program is? A. NIST SP 800-121 B. NIST SP 800-65 C. NIST SP 800-53 D. NIST SP 800-137

12. A Service Organization Control (SOC) Report commonly covers a… A. 6 month period B. 12 month period C. 18 month period D. 9 month period

1. Assuming a working IDS is in place, which of the following groups is BEST capable of stealing sensitive information due to the absence of system auditing? A. Malicious software (malware) B. Hacker or cracker C. Disgruntled employee D. Auditors

2. Which of the following provides controlled and un-intercepted interfaces into privileged user functions? A. Ring protection B. Anti-malware C. Maintenance hooks D. Trusted paths

3. The doors of a data center spring open in the event of a fire. This is an example of… A. Fail-safe B. Fail-secure C. Fail-proof D. Fail-closed

4. Which of the following ensures constant redundancy and fault-tolerance? A. Cold spare B. Warm spare C. Hot spare D. Archives

5. If speed is preferred over resilience, which of the following RAID configuration is the most suited? A. RAID 0 B. RAID 1 C. RAID 5 D. RAID 10

6. Updating records in multiple locations or copying an entire database on to a remote location as a means to ensure the appropriate levels of fault-tolerance and redundancy is known as… A. Data mirroring B. Shadowing C. Backup D. Archiving

7. When the backup window is not long enough to backup all of the data and the restoration of backup must be as fast as possible. Which of the following type of high-availability backup strategy is BEST? A. Full B. Incremental C. Differential D. Increase the backup window so a full backup can be performed

8. At a restricted facility, visitors are requested to provide identification and verified against a pre-approved list by the guard at the front gate before being let in. This is an example of checking for… A. Least privilege B. Separation of duties C. Fail-safe D. Psychological acceptability

9. When sensitive information is no longer critical but still within scope of a record retention policy, that information is BEST… A. Destroyed B. Re-categorized C. Degaussed D. Released

10. Which of the following BEST determines access and suitability of an individual? A. Job rank or title B. Partnership with the security team C. Role D. Background investigation

11. Which of the following can help with ensuring that only the needed logs are collected for monitoring? A. Clipping level B. Aggregation C. XML Parsing D. Inference

12. The main difference between a Security Event Information Management (SEIM) system and a log management system is that SEIM systems are useful for log collection, collation, and analysis… A. In real time B. For historical purposes C. For admissibility in court D. In discerning patterns

13. The best way to ensure that there is no data remnant of sensitive information that was once stored on a DVD-R media is by… A. Deletion B. Degaussing C. Destruction D. Overwriting

14. Which of the following processes is concerned with not only identifying the root cause but also addressing the underlying issue? A. Incident management B. Problem management C. Change management D. Configuration management

15. Before applying a software update to production systems, it is MOST important that… A. Full disclosure information about the threat that the patch addresses is available B. The patching process is documented C. The production systems are backed up D. An independent third party attests the validity of the patch

16. Computer forensics is the marriage of computer science, information technology, and engineering with… A. Law B. Information systems C. Analytical thought D. The scientific method

17. What principal allows an investigator to identify aspects of the person responsible for a crime when, whenever committing a crime, the perpetrator leaves traces while stealing assets? A. Meyer’s principal of legal impunity B. Criminalistic principals C. IOCE/Group of 8 Nations principals for computer forensics D. Locard’s principle of exchange

18. Which of the following is part of the five rules of evidence? A. Be authentic, be redundant and be admissible. B. Be complete, be authentic and be admissible. C. Be complete, be redundant and be authentic. D. Be redundant, be admissible and be complete

19. What is not mentioned as a phase of an incident response? A. Documentation B. Prosecution C. Containment D. Investigation

20. Which BEST emphasizes the abstract concepts of law and is influenced by the writings of legal scholars and academics. A. Criminal law B. Civil law C. Religious law D. Administrative law

21. Which of the following are computer forensics guidelines? A. IOCE, MOM and SWGDE. B. MOM, SWGDE and IOCE. C. IOCE, SWGDE and ACPO. D. ACPO, MOM and IOCE.

22. Triage encompasses which of the following incident response sub-phases? A. Collection, transport, testimony B. Traceback, feedback, loopback C. Detection, identification, notification D. Confidentiality, integrity, availability

23. The integrity of a forensic bit stream image is determined by: A. Comparing hash totals to the original source B. Keeping good notes C. Taking pictures D. Encrypted keys

24. When dealing with digital evidence, the crime scene: A. Must never be altered B. Must be completely reproducible in a court of law C. Must exist in only one country D. Must have the least amount of contamination that is possible

25. When outsourcing IT systems… A. all regulatory and compliance requirements must be passed on to the provider. B. the outsourcing organization is free from compliance obligations. C. the outsourced IT systems are free from compliance obligations. D. the provider is free from compliance obligations.

26. When dealing with digital evidence, the chain of custody: A. Must never be altered B. Must be completely reproducible in a court of law C. Must exist in only one country D. Must follow a formal documented process

27. To ensure proper forensics action when needed, an incident response program must: A. avoid conflicts of interest by ensuring organization legal council is not part of the process. B. routinely create forensic images of all desktops and servers. C. only promote closed incidents to law enforcement. D. treat every incident as though it may be a crime.

28. A hard drive is recovered from a submerged vehicle. The drive is needed for a court case. What is the best approach to pull information off the drive? A. Wait for the drive to dry and then install it in a desktop and attempt to retrieve the information via normal operating system commands. B. Place the drive in a forensic oven to dry it and then use a degausser to remove any residual humidity prior to installing the drive in a laptop and using the OS to pull off information. C. While the drive is still wet use a forensic bit to bit copy program to ensure the drive is preserved in its “native” state. D. Contact a professional data recovery organization, explain the situation and request they pull a forensic image.

29. To successfully complete a vulnerability assessment, it is critical that protection systems are well understood through: A. Threat definition, target identification and facility characterization B. Threat definition, conflict control and facility characterization C. Risk assessment, threat identification and incident review D. Threat identification, vulnerability appraisal and access review

30. The strategy of forming layers of protection around an asset or facility is known as: A. Secured Perimeter B. Defense-in-Depth C. Reinforced Barrier Deterrent D. Reasonable Asset Protection

31. The key to a successful physical protection system is the integration of: A. people, procedures, and equipment B. technology, risk assessment, and human interaction C. protecting, offsetting, and transferring risk D. detection, deterrence, and response

32. For safety considerations in perimeter areas such as parking lots or garages what is the advised lighting? A. 3 fc B. 5 fc C. 7 fc D. 10 fc

33. What would be the most appropriate interior sensor used for a building that has windows along the ground floor? A. infrared glass-break sensor B. ultrasonic glass-break sensors C. acoustic/shock glass-break sensors D. volumetric sensors

34. Which of the following BEST describe three separate functions of CCTV? A. surveillance, deterrence, and evidentiary archives B. intrusion detection, detainment and response C. optical scanning, infrared beaming and lighting D. monitoring, white balancing and inspection

35. What is the BEST means of protecting the physical devices associated with the alarm system? A. Tamper protection B. Target hardening C. Security design D. UL 2050

1. The key objective of application security is to ensure… A. that the software is hacker proof B. the confidentiality, integrity and availability of data C. accountability of software and user activity D. prevent data theft

2. For an application security program to be effective within an organization, it is critical to… A. identify regulatory and compliance requirements. B. educate the software development organization the impact of insecure programming. C. develop the security policy that can be enforced. D. properly test all the software that is developed by your organization for security vulnerabilities.

3. Which of the following architectures states: “There is no inherent difference between data and programming representations in computer memory” which can lead to injection attacks, characterized by executing data as instructions. A. Von Neumann B. Linus’ Law C. Clark and Wilson D. Bell LaPadula

4. An important characteristic of bytecode is that it… A. has increased secure inherently due to sandboxing B. manages memory operations automatically C. is more difficult to reverse engineer D. is faster than interpreted languages

5. Two cooperating processes that simultaneously compete for a shared resource, in such a way that they violate the system’s security policy, is commonly known as… A. Covert channel B. Denial of Service C. Overt channel D. Object reuse

6. An organization has a website with a guest book feature, where visitors to the web site can input their names and comments about the organization. Each time the guest book web page loads, a message box is prompted with the message “You have been P0wnd” followed by redirection to a different website. Analysis reveals that the no input validation or output encoding is being performed in the web application. This is the basis for the following type of attack? A. Denial of Service B. Cross-site Scripting (XSS) C. Malicious File Execution D. Injection Flaws

7. The art of influencing people to divulge sensitive information about themselves or their organization by either coercion or masquerading as a valid entity is known as… A. Dumpster diving B. Shoulder surfing C. Phishing D. Social engineering

8. An organization’s server audit logs indicate that an employee that was terminated in the morning was still able to access certain sensitive resources on his system, on the internal network, that afternoon. The logs indicate that the employee had logged on successfully before he was terminated but there is no record of him logging off before he was terminated. This is an example of what type of attack? A. Time of Check/Time of Use (TOC/TOU) B. Logic Bomb C. Remote-Access Trojans (RATS) D. Phishing

9. The most effective defense against a buffer overflow attack is… A. disallow dynamic construction of queries B. bounds checking C. encode the output D. forced garbage collection

10. It is extremely important that as one follows a software development project, security activities are performed… A. before release to production, so that the project is not delayed B. if a vulnerability is detected in your software C. in each stage of the life cycle D. When management mandates it

11. Software Acquisition (SwA) can be organized around the major phases of a generic acquisition process. The major phases are: A. Planning, contracting, monitoring and acceptance, follow on B. Contracting, planning, monitoring and acceptance, follow on C. Planning, contracting, monitoring and certification, follow on D. Planning, contracting, monitoring and accreditation, follow on

12. Who can ensure and enforce the separation of duties by ensuring that programmers don’t have access to production code? A. Operations personnel B. Software librarian C. Management D. Quality assurance personnel

13. Technical evaluation of assurance to ensure that security requirements have been met is known as? A. Accreditation B. Certification C. Validation D. Verification

14. Defect prevention rather than defect removal is characteristic of which of the following software development methodologies? A. Computer Aided Software Engineering (CASE) B. Spiral C. Waterfall D. Cleanroom

15. A security protection mechanism in which untrusted code, which is not signed, is restricted from accessing system resources is known as? A. Sandboxing B. Non-repudiation C. Separation of Duties D. Obfuscation

16. A program that does not reproduce itself but pretends to be performing a legitimate action, while performing malicious operations in the background is the characteristic of which of the following? A. Worms B. Trapdoor C. Virus D. Trojan

17. A plot to take insignificant pennies from a user’s bank account and move them to the attacker’s bank account is an example of … A. Social Engineering B. Salami Scam C. Pranks D. Hoaxes

18. Role-based access control to protect confidentiality of data in databases can be achieved by which of the following? A. Views B. Encryption C. Hashing D. Masking

19. The two most dangerous types of attacks against databases containing disparate non-sensitive information are… A. Injection and scripting B. Session hijacking and cookie poisoning C. Aggregation and inference D. Bypassing authentication and insecure cryptography

20. A property that ensures only valid or legal transactions that do not violate any user-defined integrity constraints in DBMS technologies is known as? A. Atomicity B. Consistency C. Isolation D. Durability

21. Expert systems are comprised of a knowledge base comprising modeled human experience and which of the following? A. Inference engine B. Statistical models C. Neural networks D. Roles

22. The best defense against session hijacking and man-in-the-middle (MITM) attacks is to use the following in the development of your software? A. Unique and random identification B. Use prepared statements and procedures C. Database views D. Encryption

All 8 Domains Flashcards

(200 cards)