CISSP certification: Full 125 question practice test #4 - test 2 (Anthony Today) Flashcards
(125 cards)
1
Q
Which historical type of encryption involved the sender switching letters a certain number of spots forwards or back in the alphabet, with the receiver doing the same in the opposite direction?
A. Spartan Scytale
B. Vigenere cipher
C. Caesar cipher
D. Bazeries
A
C. Caesar cipher
Explanation: Caesar Cipher (Substitution) - Done by switching letters a certain numbers of spots in the alphabet. “Pass the exam" moved 3 back would be “Mxpp qeb buxj.”
2
Q
In our authentication process we are wanting to add a pseudo random number to ensure old data is not replayed. Which of these would we add?
A. Salting
B. Clipping levels
C. Nonce
D. Key-streching
A
C. Nonce
Explanation:
Nonce: (arbitrary number that may only be used once). It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. They can also be useful as initialization vectors and in cryptographic hash function.
3
Q
What would a distance vector routing protocol use to determine the BEST route to a certain destination?
A. The best bandwidth to the destination
B. The aggregated payload and the bandwidth
C. Least hops to the destination
D. The path it used last time it sent data to that destination
A
C. Least hops to the destination
Explanation:
Distance vector routing protocols: Only focuses on how far the destination is in Hops (how many routers in between here and there). Does not care about bandwidth, it just uses the shortest path.
4
Q
Looking at our information security governance, who would approve and sign off on our policies?
A. Senior management
B. The IT Teams
C. IT Security
D. IT management
A
A. Senior management
Explanation:
Policies are mandatory, they are high level and non-specific. They are contain “Patches, updates, strong encryption”, but they will not be specific to “OS, encryption type, vendor technology”. They are approved and often written by senior management.
5
Q
In which type of software testing do we progressively test larger and larger groups of software components until the software works as a whole?
A. Reference checking
B. Integration testing
C. Penetration testing
D. Unit testing
A
B. Integration testing
Explanation:
Integration testing: Seeks to verify the interfaces between components against a software design. Integration testing works to expose defects in the interfaces and interaction between integrated components/modules. Progressively larger groups of software components are tested until the software works as a system.
6
Q
We have realized our current use of magnetic stripe ID cards is not matching the security profile senior management wants. What could we use on the cards in addition to the magnetic stripe to make them smart cards?
A. UV printing
B. RFID Chip
C. Holograms
D. RFII Chip
A
B. RFID Chip|
Explanation:
Smart Cards and tokens (contact or contactless): They contain a computer circuit using an ICC (Integrated Circuit Chip).
7
Q
As part of our Business Continuity Plan (BCP) and its sub plans we want to ensure we are redundant. Which of these is something we want to be redundant on?
A. Internet connections
B. People
C. Power
D. All of the above
A
D. All of the above
Explanation:
We want layers of redundancy, just like we have defense in depth. We want power, internet, path, hardware, system, backup, people, etc. redundancy.
8
Q
We are wanting to hire outside penetration testers. Who in our organization would set the goals for the penetration test?
A. IT security leadership
B. IT security team
C. IT leadership
D. Senior management
A
D. Senior management
Explanation: Penetration Testing (Pen Testing), often called Ethical Hacking. Test if the vulnerabilities are exploitable. An authorized simulated attack on our organization that looks for security weaknesses, potentially gaining access to the systems, buildings and data. Senior management set the goals for the Pen testing. Why are we doing it? What are we trying to achieve? They have to sign off on it.
9
Q
There are many risks in today’s increasing complex IT world, how we deal with them should be part of an overarching strategy. We could for instance be risk neutral or averse. Who would decide our organization’s risk appetite?
A. The IT security team
B. Senior management
C. The IT leadership team
D. Rules and regulations
A
B. Senior management
Explanation:
Governance – This is C-level Executives (Not you). Stakeholder needs, conditions and options are evaluated to define: Balanced agreed-upon enterprise objectives to be achieved. Setting direction through prioritization and decision making. Monitoring performance and compliance against agreed-upon direction and objectives. Risk appetite – Aggressive, neutral, adverse.
10
Q
We are wanting to strengthen our detective access controls. Which of these could be something we would want to implement?
A. Patches
B. Encryption
C. IDS
D. Backups
A
C. IDS
Explanation:
Detective: Controls that detect during or after an attack – IDS, CCTV, Alarms, anti-virus.
11
Q
Which process are we using when we approve alterations to our environment?
A. Project management
B. Patch management
C. Implementation management
D. Change management
A
D. Change management
Explanation:
Change Management: Often called change control, a formalized process on how we handle changes to our environments. If done right we will have full documentation, understanding and we communicate changes to appropriate parties. The change review board should be comprised of both IT and other operational units from the organization, we may consider impacts on IT, but we are there to serve the organization, they need to understand how it will impact them and raise concerns if they have any. A change is proposed to the change board, they research to understand the full impact of the change. The person or group submitting the change should clearly explain the reasons for the change, the pro’s and con’s of implementing and not implementing, any changes to systems and processes they know about and in general aide and support the board with as much information as needed.
12
Q
As an IT Security professional, you are expected to perform your due diligence. What does this mean?
A. Continue the security practices of your company
B. Do what is right in the situation and your job. Act on the knowledge
C. Apply patches annually
D. Researching and acquiring the knowledge to do your job right
A
D. Researching and acquiring the knowledge to do your job right
Explanation:
Due Diligence – The research to build the IT Security architecture of your organization. Best practices and common protection mechanisms. Research of new systems before implementing.
13
Q
When we are using VoIP for our phone calls, which protocol does it use to transmit data?
A. UDP
B. RDP
C. DHCP
D. TCP
A
A. UDP
Explanation:
VoIP (Voice over Internet Protocol): The digital information is packetized, and transmitted using UDP IP packets over a packet-switched network.
14
Q
We are restoring services and applications back from our DR site to our original site after a security incident. Which applications would we move back FIRST?
A. Least critical
B. The least resource intensive
C. Most critical
D. The most resource intensive
A
A. Least critical
Explanation:
The BCP team has sub-teams responsible for rescue, recovery and salvage in the event of a disaster or disruption. Salvage team (failback): Responsible for returning our full infrastructure, staff and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.
15
Q
Why would we want to keep a positive pressure in our data center?
A. To get contaminants in
B. We wouldnt, we would keep a neutral pressure
C. The keep contaminants out
D. We wouldnt we would keep a negative pressure
A
C. The keep contaminants out
Explanation:
In our data center we want to keep a positive pressure to keep contaminants out, this can be dust particles that can set of particle sensors and release FM200 or another fire suppressant gas.
16
Q
We are already using usernames and passwords online. Which of these could be something else we would add to get multifactor authentication?
A. Single-use password
B. Security questions
C. Challenge response
D. PINs
A
A. Single-use password
Explanation:
Single-use passwords are possession factors, you don’t remember them you have them on a piece of paper or on a token, we have multifactor authentication with the username, password and single-use password.
17
Q
When someone is using a fake ID, it is an attack on which type of authentication?
A. Type 3
B. Type 4
C. Type 2
D. Type 1
A
C. Type 2
Explanation:
Something you have - Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.).
18
Q
If we have 100 users in our organization that are all needing to communicate securely with each other, would symmetric or asymmetric encryption use the highest number of encryption keys?
A. They would use the same number of keys
B. We would need more information to be able to tell
C. Asymmetric
D. Symmetric
A
D. Symmetric
Explanation:
Symmetric would use 4950 keys (100x(100-1))/2, asymmetric uses 2 keys per person so 200 keys.
19
Q
Which type of black-box testing would we submit random malformed data as inputs into the software?
A. Fuzz testing
B. Dynamic testing
C. Static testing
D. Synthetic transaction testing
A
A. Fuzz testing
Explanation:
Fuzzing (Fuzz testing): Testing that provides a lot of different malformed inputs to try to cause unauthorized access or for the application to enter unpredictable state or crash. If the program crashes or hangs the fuzz test failed. The Fuzz tester can enter values into the script or use pre-compiled random or specific values.
20
Q
Jane is talking to a friend and is explaining what digital signatures do. Which of these could be something that she tells her friend is one of the MAIN reasons we use digital signatures?
A. Integrity
B. Availability
C. Authentication
D. Confidentiality
A
A. Integrity
Explanation:
Digital Signatures: Provides Integrity and Non-Repudiation.
21
Q
You can MOST LIKELY be held liable when you display which of these?
A. Negligence
B. Due Care
C, Remorse
D. Due diligence
A
A. Negligence
Explanation:
Negligence (and Gross Negligence) is the opposite of Due Care. If a system under your control is compromised and you can prove you did your Due Care you are most likely not liable. If a system under your control is compromised and you did NOT perform Due Care you are most likely liable.
22
Q
Which type of audit could we use to ensure our employees are following our policies?
A. Review Management
B. White Box testing
C. Review user logs
D. Self reviews
A
C. Review user logs
Explanation:
We would want to review user logs to see if they are following our policies.
23
Q
Bob is telling the senior leadership team about how we use RAID. The CFO wants to know what that is an abbreviation of.
A. Reversed Array of Inexpensive Disks
B. Recursive Array of Independent Disks
C. Redundant Array of Inexpensive Disks
D. Real Array of Inexpensive Disks
A
C. Redundant Array of Inexpensive Disks
Explanation:
Redundant Array of Independent Disks (RAID): Comes in 2 basic forms, disk mirroring and disk striping. Disk mirroring: Writing the same data across multiple hard disks, this is slower, the RAID controller has to write all data twice. Uses at least 2 times as many disks for the same data storage, needs at least 2 disks. Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.
24
Q
Our organization is considering different types of intellectual protection options. Which of these is something that can be patented?
A. Logos
B. Software
C. Inventions
D. Public Domain (CC0) photos
A
C. Inventions
Explanation:
Patents: Protects inventions for 20 years (normally) – Cryptography algorithms can be patented. Inventions must be:Novel (New idea no one has had before). Useful (It is actually possible to use and it is useful to someone). Nonobvious (Inventive work involved).
25
We are upgrading our documentation on the switch best practices we use in our organization.
Which of these should NOT be something you would find on that documentation?
A. Put all ports in specific VLANs
B. Use MAC sticky on ports
C. Make all ports trunk ports
D. Shut unused ports down
C. Make all ports trunk ports
Explanation:
Good switch security includes shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports. Making all ports trunk ports is a bad idea.
26
In implementing type 1 authentication, we could implement which of these? (Select all that apply).
```
A. Passwords
B. PINs
C. Tokens
D. Pass phrases
E. One-time passwords
F. Biometrics
```
A. Passwords
B. PINs
D. Pass phrases
Explanation:
Something you know - Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. The subject uses these to authenticate their identity, if they know the secret, they must be who they say they are. This is the most commonly used form of authentication, and a password is the most common knowledge factor. The user is required to prove knowledge of a secret to authenticate.
27
When Bob's workstation is requesting a new IP address from the Dynamic Host Configuration Protocol (DHCP) server, which well-known port would the DHCP client use?
A. 67
B. 22
C. 23
D. 68
D. 68
Explanation:
DHCP uses UDP Port 67 for the DHCP Server and UDP Port 68 for the Client.
28
Jane is working on strengthening our preventative controls. What could she look at to do that?
A. IDS
B. Drug Tests
C. Backups
D. Patches
B. Drug Tests
Explanation:
Preventative: Prevents action from happening – Least Privilege, Drug Tests, IPS, Firewalls, Encryption.
29
When collecting personal information about our employees and customers, how much should we collect?
A. Everything they enter as well as everything we can find online
B. Nothing
C. The least amount possible for us to do what we need to do
D. As much as possible
C. The least amount possible for us to do what we need to do
Explanation:
When collecting personal data we need to collect just enough to do what we need to and no more, a majority of countries in the world has laws with verbiage to this effect.
30
In our data roles and responsibilities, the business owner is responsible for which of these?
A. Be trained in the policies, procedures and standards
B. Perform the backups and restores
C. Assign the sensitivity labels and backup frequency of the data
D. Make the policies, procedures and standards that govern our data security
D. Make the policies, procedures and standards that govern our data security
Explanation:
Mission/Business Owner: Senior executives make the policies that govern our data security.
31
If we are wanting to implement a governance standard and control framework focused on IT service management, which of these should we implement?
A. COBIT
B. ITIL
C. COSO
D. FRAP
B. ITIL
Explanation:
ITIL (Information Technology Infrastructure Library) focuses on ITSM (IT Service Management).
32
If an attacker is using Distributed Denial Of Service (DDOS) attacks, which part of the CIA triad is the attacker targeting?
A. Authentication
B. Integrity
C. Confidentiality
D. Availability
D. Availability
Explanation:
Availability threats:
Malicious attacks Distributed Denial Of Service (DDOS), Physical, System compromise, Staff). To mitigate this we use redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (Redundant Array of Independent Disks (RAID)), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more.
33
If we are using the Graham Denning model, which of these is NOT something a subject can execute on an object?
A. Transfer access
B. Read subject
C. Create subject
D. Delete access
B. Read subject
Explanation:
Graham-Denning Model – uses Objects, Subjects, and Rules. It does not use read subjects, it has 8 rules that a specific subject can execute on an object are: Transfer Access. Grant Access. Delete Access. Read Object. Create Object. Destroy Object. Create Subject. Destroy Subject.
34
After a disaster, which team would be working on returning us to our primary facility, or getting a new site up?
A. Rescue team
B. Recovery team
C. Planning team
D. Salvage team
D. Salvage team
```
Explanation:
Salvage team (failback): Responsible for returning our full infrastructure, staff and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.
```
35
What would an IT Security professional’s role be when we talk about patching systems?
A. Everything
B. Apply them
C. Nothing
D. Review them
D. Review them
Explanation:
The security team would review the patches and approve them before the server team applies them.
36
When an attacker has obtained our sensitive data, and chooses to disclose it on a website, which leg of the CIA triad would be MOST affected?
A. Availability
B. Integrity
C. Authentication
D. Confidentiality
D. Confidentiality
Explanation:
Disclosure is the opposite of confidentiality someone not authorized getting access to your information.
37
In our access control implementations, we are wanting to ensure the accountability of our users. Which of these could be something we could use for that?
A. A password
B. Their username
C. Role based access control
D. Non-repudiation
D. Non-repudiation
Explanation:
Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity. Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability. Uses audit trails and logs, to associate a subject with its actions.
38
Which of these would NOT be an acceptable form of dealing with remanence?
A. Degaussing
B. Disk sredding
C. Overwriting
D. Deleting files
D. Deleting files
Explanation:
Deleting a file just removes it from the table; everything is still recoverable.
39
In a relational database, what is the parent table's primary key seen as in the child table?
A. Foreign key
B. Primary key
C. Reference key
D. Secondary key
A. Foreign key
Explanation:
Foreign key: They are in relational databases the matching primary key of a parent database table. It is always the primary key in the local DB. Seen from the child table the child key is the primary key and the foreign key is the primary key of the parent table.
40
What would happen if we are using a Bus topology in our LAN design, and a cable breaks?
A. Nothing the traffic just moves the other way
B. Traffic stops at the break
C. Nothing all nodes are connected to the switch by themselves
D. The traffic is redirected
B. Traffic stops at the break
Explanation:
Bus: All nodes are connected in a line, each node inspects traffic and passes it along. Not very stable, a single break in the cable will break the signal to all nodes past that point, including communication between nodes way past the break. Faulty NICs (Network Interface Card) can also break the chain.
41
When we implement VLANs, what would that do?
A. Prevent users from accessing the internet
B. Segments a switch into multiple separate logical networks
C. Divides a switch into equally large portions for each VLAN
D. Shows a network administrator the traffic on his network
B. Segments a switch into multiple separate logical networks
Explanation:
VLAN (Virtual LAN) is a broadcast domain that is partitioned and isolated at layer 2. Specific ports on a switch is assigned to a certain VLAN. It allows networks and devices that must be kept separate to share the same physical devices without interacting, for simplicity, security, traffic management, and/or cost reduction.
42
We want to protect against rainbow tables by implementing salting. What are rainbow tables made up of?
A. Pre-arranged lists of full words and numbers
B. Pre-made list of matching biometrics and passwords
C. Pre-made list of matching passwords and hashes using salts
D. Pre-made list of matching passwords and hashes
D. Pre-made list of matching passwords and hashes |
Explanation:
Rainbow tables attacks: Pre-made list of plaintext and matching ciphertext. Often Passwords and matching Hashes a table can have 1,000,000's of pairs.
43
We are getting 50 old spinning disk hard drives. What would we use on the damaged ones to ensure there is NO data remanence, but needed the drive to stay intact?
A. Format
B. Degauss
C. Overwrite
D. Shred
B. Degauss
Explanation
Degaussing should ensure no data remanence, we can't overwrite or format a damaged drive, and shredding would not leave the drive intact.
44
We are having problems with the electricity in the area, where we have one of our data centers. What is happening when a brownout occurs?
A. We have a short loss of power
B. We have a long high voltage period
C. We have a long loss of power
D. We have a long low voltage period
D. We have a long low voltage period
Explanation:
Power Fluctuation Terms: Brownout - Long low voltage.
45
Prime number factorization is an example of what?
A. One way functions
B. Shared key encryption
C. Symmetric encryption
D. Two way functions
A. One way functions
Explanation:
Prime Number Factorization: Factoring large Prime numbers using a one-way factorization - It is easy to multiply 2 numbers, but hard to discern the 2 numbers multiplied from the result.
46
In object-oriented databases, the objects can have different attributes. Which of them would define the behavior of an object?
A. Classes
B. Schemas
C. Methods
D. Attributes
C. Methods
Explanation:
Methods: Defines the behavior of an object and are what was formally called procedures or functions. Objects contain both executable code and data.
47
Which of these could be a countermeasure we can use to detect a software keylogger?
A. They are not detectable
B. We could see unauthorized access to certain files
C. Physical inspection of the system
D. Look at which programs are running on the system
D. Look at which programs are running on the system
Explanation:
keylogging (Keystroke logging): A keylogger is added to the users computer and it records every keystroke the user enters. Software, a program installed on the computer. The computer is often compromised by a trojan, where the payload is the keylogger or a backdoor. The keylogger calls home or uploads the keystrokes to a server at regular intervals.
48
Which of these is not really a methodology, but describes the phases of the software development lifecycle?
A. SDLC
B. Agile
C. RAD
D. Waterfall
A. SDLC
Explanation:
SDLC (Software Development Life Cycle): The SDLC is not really a methodology, but a description of the phases in the life cycle of software development. These phases are (in general), investigation, analysis, design, build, test, implement, maintenance and support (and disposal).
49
We have asked a vendor to use a source code escrow What could be a reason we would do that?
A. So we can get the source code if we have software errors
B. So we can get the source code if they fail to maintain and update the code
C. So we can view the source code when we want to
D. So we can get the source code if we want to break the contract we have with them, because we have found a cheaper alternative
B. So we can get the source code if they fail to maintain and update the code
Explanation:
Source code escrow: The deposit of the source code of software with a third party escrow agent. Escrow is typically requested by a party licensing software (the licensee), to ensure maintenance of the software instead of abandonment or orphaning. The software source code is released to the licensee if the licensor files for bankruptcy or otherwise fails to maintain and update the software as promised in the software license agreement.
50
If we are doing a vulnerability scan, it would normally show us all these, EXCEPT which?
A. Malware
B. The OSs used by the systems
C. Systems on the network
D. Open ports
A. Malware
Explanation:
A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching, they will not detect viruses or malware unless it has opened ports that shouldn't be and even then it would just list the port as open. It is very important to understand the output from a vulnerability scan, they can be 100's of pages for some systems, and how do the vulnerabilities map to Threats and Risks (Risk = Threat x Vulnerability).
51
What is something that could make evidence inadmissible in court?
A. Complete chain of custody
B. Enticement
C. Alterations to the data
D. Taking a bit level copy of the compromised hard drive, hashing both drives, hashes are identical. Do forensics on the copy drive, hash after forensics is identical too
C. Alterations to the data
Explanation:
Altering the data makes it inadmissible, this is similar to planting evidence at the crime scene.
52
Which authentication method would use something you are expected to have?
A. Type 2
B. Type 3
C. Type 0
D. Type 1
A. Type 2
Explanation:
Something you have - Type 2 Authentication: ID, passport, smart card, token, cookie on PC, these are called Possession factors. The subject uses these to authenticate their identity, if they have the item, they must be who they say they are.
53
When we have our employees insert a card into a reader, it is using which type of technology?
A. Contactless cards
B. HOTP Tokens
C. Magnetic Stripe
D. Contact Cards
D. Contact Cards
Explanation:
Contact Cards - Inserted into a machine to be read. This can be credit cards you insert into the chip reader or the DOD CAC (Common Access Card).
54
We are considering how we should protect our intellectual property. Which of these do you need to apply for to be protected? (Select all that apply).
A. Trade Secrets
B. Copyright
C. Patents
D. Trademarks
C. Patents
D. Trademarks
Explanation:
Trademarks and patents are both something you need to apply for. Copyright is automatically granted and trade secrets are not granted since it is just you telling no-one about your secret formula or product.
55
If we have mantraps in our environment, what should they do?
A. Fail shut
B. Prevent exit always
C. Prevent exit in an emergency
D. Fail open
D. Fail open
Explanation:
Mantraps should be designed to allow safe evacuation in case of an emergency. (Remember that people are more important to protect than stuff.)
56
We have just upgraded our wireless access points throughout our organization. What would you answer if you were asked, "Which frequency does 802.11-g use?"
A. 3.7GHz
B. 5GHz
C. 2.4GHz
D. 20MHz
C. 2.4GHz
Explanation:
802.11g has 54 Mbit/s throughput using the 2.4 GHz band.
57
As technology progresses or flaws are found in the symmetric algorithms, we stop using that encryption. Which of these symmetric encryption types are no longer considered secure?
A. AES
B. 3DES K1
C. Twofish
D. 3DES K3
D. 3DES K3
Explanation:
3DES (Triple DES) K3 (keymode3) – Same key 3 times, just as insecure as DES (encrypt/decrypt/encrypt).
58
Jane is leading a software development team. She is using the spiral model for this project, which of these is NOT one of the phases?
A. Planning
B. Engineering
C. Risk analysis
D. Initiation
D. Initiation
Explanation:
The spiral model: A risk-driven process model generator for software projects. The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A software project repeatedly passes through these phases in iterations (called Spirals in this model). The baseline spiral, starting in the planning phase, requirements are gathered and risk is assessed. Each subsequent spirals builds on the baseline spiral.
59
In our software testing we are using synthetic transactions. What is a key characteristic of those?
A. They simulate real traffic
B. They test the code without executing it
C. They are real traffic
D. They execute the code and inputs malformed information
A. They simulate real traffic
Explanation:
Synthetic Transactions/monitoring - Building scripts or tools that simulate normal user activity in an application.
60
If we are using object-oriented analysis and design (OOAD), when would we apply the constraints to the conceptual model?
A. OOA
B. OOD
C. OOR
D. OOM
B. OOD
Explanation:
OOD (Object-oriented design):The developer applies the constraints to the conceptual model produced in object-oriented analysis. Such constraints could include the hardware and software platforms, the performance requirements, persistent storage and transaction, usability of the system, and limitations imposed by budgets and time. Concepts in the analysis model which is technology independent, are mapped onto implementing classes and interfaces resulting in a model of the how the system is to be built on specific technologies. Important topics during OOD also include the design of software architectures by applying architectural patterns and design patterns with object-oriented design principles.
61
As part of a management level training class we are teaching all staff with manager or director in their title about basic IT Security. We are covering the CIA triad, which of these attacks focuses on compromising our confidentiality?
A. Malware
B. Social Engineering
C. Wireless Jamming
D. All of these
B. Social Engineering
Explanation:
Confidentiality we use: Encryption for data at rest (for instance AES256), full disk encryption. Secure transport protocols for data in motion. (SSL, TLS or IPSEC). Best practices for data in use - clean desk, no shoulder surfing, screen view angle protector, PC locking (automatic and when leaving).Strong passwords, multi factor authentication, masking, access control, need-to-know, least privilege. Threats: Attacks on your encryption (cryptanalysis). Social engineering. Keyloggers (software/hardware), cameras, Steganography. Man-in-the-middle attacks.
62
We are in a court of law and the proof must be "beyond a reasonable doubt", which type of court are we in?
A. Probation Court
B. Criminal Court
C. Administrative Court
D. Civil Court
B. Criminal Court
Explanation:
Criminal Law: “Society” is the victim and proof must be “beyond a reasonable doubt”. Incarceration, Death and Financial fines to “Punish and Deter”.
63
Looking at US legacy internet speeds, a T3 connection would bundle T1 connections. What was the speed of a T3 internet connection?
A. 44.736MBPS
B. 34.368Mbps
C. 2.048 Mbps
D. 1.544Mbps
A. 44.736MBPS
Explanation:
T3 (US): 28 bundled T1 lines, creating a dedicated 44.736 Mbps circuit.
64
Bob is doing cleanups of one of our databases. He has found foreign keys that do not match the primary key. Which type of integrity error is this?
A. Referential
B. Foreign
C. Entity
D. Semantic
A. Referential
Explanation:
Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key.
65
Trying to convert a very old frame relay connection we have to a remote office; you are asked to include a list of the abbreviations you have used and what they stand for. Which of these would you add to that list? (Select all that apply).
```
A. PVC (Permanent Virtual Circuit)
B. SVC (Switched Virtual Circuit)
C. PSC (Permanent Switched Circuit)
D. DLCI (Data Link Connection Identifiers)
E. SON (Synchronous Optical Networking)
```
A. PVC (Permanent Virtual Circuit)
B. SVC (Switched Virtual Circuit)
D. DLCI (Data Link Connection Identifiers)
Explanation:
Frame Relay is a Packet-Switching L2 protocol, it has no error recovery and only focus on speed. Higher level protocols can provide that if needed. PVC (Permanent Virtual Circuit): Always up, ready to transmit data. Form logical end-to-end links mapped over a physical network. SVC (Switched Virtual Circuit): Calls up when it needs to transmit data and closes the call when it is done. Uses DLCI (Data Link Connection Identifiers) to identify the virtual connection, this way the receiving end knows which connection an information frame belongs to.
66
In Agile XP software development, we would normally do all of these, EXCEPT which?
A. Expect changing requirements
B. Unit testing of all code
C. Programming pairs
D. Use short 1-2 week development cycles (sprints)
D. Use short 1-2 week development cycles (sprints)
Explanation:
XP (Extreme programming): Intended to improve software quality and responsiveness to changing customer requirements. Uses advocates frequent releases in short development cycles, intended to improve productivity and introduce checkpoints at which new customer requirements can be adopted. XP uses: Programming in pairs or doing extensive code review. Unit testing of all code. Avoiding programming of features until they are actually needed. Flat management structure. Code simplicity and clarity. Expecting changes in the customer's requirements as time passes and the problem is better understood. Frequent communication with the customer and among programmers.
67
For a certain system, our backup policy is doing full monthly backups and differential weekly backups. All backups are started at Sunday midnight. We are thinking about changing it to no more than 48 hours of data loss and restores with only 2 tapes. What would we need to do what?
A. Differential backups every 2 days
B. Incremental daily backups
C. Full backups every 2 days
D. Incremental backups every 2 days
A. Differential backups every 2 days
Explanation:
To only use 2 tapes we would need full and differential, to keep the maximum loss at 48 hours we need backups every 2 days.
68
An attacker, using social engineering, could use all of these EXCEPT which?
A. Spear fishing
B. Whale phishing
C. Authority
D. Consensus
A. Spear fishing
Explanation:
While spear phishing is social engineering, spearfishing is not.
69
Which of these file transfer protocols would use the TLS and SSL protocols?
A. TFTP
B. SFTP
C. FTP
D. FTPS
D. FTPS
Explanation:
FTPS (FTP Secure) - Uses TLS and SSL to add security to FTP.
70
Which of these would be COMMON attacks focused on compromising our availability?
A. All of these
B. Distributed Denial of Service (DDoS)
C. Viruses
D. Social Engineering
B. Distributed Denial of Service (DDoS)
Explanation:
For data availability we use:
IPS/IDS. Patch Management. Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (Redundant Array of Independent Disks (RAID)), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more. SLAs — How high uptime to we want (99.9%?) – (ROI) Threats: Malicious attacks Distributed Denial Of Service (DDOS) ,physical, system compromise, staff, wireless jamming). Application failures (errors in the code). Component failure (hardware).
71
When we have a system requiring users to reauthenticate every hour, what is that system using?
A. Reverse Proxy
B. Multifactor Authentication
C. Single Factor Authentication
D. Continuous Authentication
D. Continuous Authentication
Explanation:
Continuous authentication can either prompt the user to login every hour or monitor things like keystroke patterns which analyze typing rhythm, mouse movement, etc. this would be compared against a user baseline.
72
As part of our Disaster Recovery Plan (DRP), we are building our secondary data center 100 miles (160 km.) from our primary data center. With which of these secondary sites would we MOST LIKELY be back up and running on our critical applications within 3 hours? (Select all that apply).
A. Redundant Site
B. Cold Site
C. Warm Site
D. Hot Site
A. Redundant Site
D. Hot Site
Explanation:
Redundant site: Complete identical site to our production site, receives a real time copy of our data. If our main site is down the redundant site will automatically have all traffic fail over to the redundant site. Hot site: Similar to the redundant site, but only houses critical applications and systems, often on lower spec’d systems. We may have to manually fail traffic over, but a full switch can take an hour or less. Warm sites would take 4-24+ hours, cold sites can take weeks.
73
In which operating systems can an attacker elevate their privileges to gain root or administrator privileges?
A. Windows
B. Linux
C. MacOS
D. All of these
D. All of these
Explanation:
It is possible for attackers to elevate their privileges in any of the listed Oss.
74
Our board of directors has decided our data integrity is the most important to our organization. Which of these could we implement to prove we have data integrity?
A. Redundant hardware
B. None of these
C. Hashes
D. Multifactor authentication
C. Hashes
Explanation:
Hashing ensures the data was not altered, proving the integrity of the data.
75
Which of these rotary based encryption machines was NOT known to have been broken while it was in active use?
A. Purple
B. SIGABA
C. Enigma
D. PRAAS
B. SIGABA
Explanation:
SIGABA: A rotor machine used by the United States throughout World War II and into the 1950s, similar to the Enigma. It was more complex, and was built after examining the weaknesses of the Enigma. No successful cryptanalysis of the machine during its service lifetime is publicly known. It used 3x 5 sets of rotors.
76
When an attacker is using intimidation and threats, it is a type of?
A. Alteration Testing
B. Social Engineering
C. Referential Testing
D. Penetration Testing
B. Social Engineering
Explanation:
Social engineering uses people skills to bypass security controls. Can be used in a combination with many other attacks, especially client-side attacks or physical tests. Attacks are often more successful if they use one or more of these approaches: Authority , intimidation, consensus, scarcity, urgency or familiarity.
77
Our main facility has been hit with a complete power outage and we need to set up a temporary command and control center. What would we be deploying?
A. Disaster Recovery Plan (DRP)
B. Continuity of Operations Plan (COOP)
C. Emergency Operations Center (EOC)
D. Emergency Operations Outline (EOO)
C. Emergency Operations Center (EOC)
Explanation:
EOC (Emergency Operations Center): A central temporary command and control facility responsible for our emergency management, or disaster management functions at a strategic level during an emergency. It ensuring the continuity of operation of our organization. We place the EOC in a secure location if the disaster is impacting a larger area.
78
Why do we NOT use full backups for all backups?
A. It would make restores use more tapes
B. Full doesnt clear the archive bit
C. The backup time can take too long
D. The restore time can be too long
C. The backup time can take too long
Explanation:
Full backup: This backs everything up, the entire database (most often), or the system. A full backup clears the all archive bits. Dependent on the size of the data we may do infrequent full backups, with large datasets it can take many hours for a full backup.
79
Which of these hashing algorithms is still considered secure and collision-free?
A. MD5
B. SHA1
C. RIPEMD160
D. MD6
C. RIPEMD160
Explanation:
RIPEMD160: Redesigned, fixing flaws of RIPEMD. 160 bit hashes. Not widely used. Considered secure. MD5 (Message Digest 5): 128bit Fixed-Length hash, used very widely until a flaw was found making it possible to produce collisions in a reasonable amount of time. While not a chosen-text collision, it is still a collision. MD6 (Message Digest 6): Was not used for very long; was supposed to replace MD5, but SHA2/3 were better. It was in the running for the SHA3 race, but withdrawn due to flaws. SHA1 (Secure Hash Algorithm 1): 160 bit Hash Value. Found to have weak collision avoidance, but still commonly used.
80
Which of these would we use to prove the forensics evidence we are presenting in court is authentic?
A. Message digests
B. Asymmetric encryption
C. Symmetric encryption
D. PKI
A. Message digests
Explanation:
Evidence Integrity – It is vital the evidences integrity can not be questioned, we do this with hashes. Any forensics is done on copies and never the originals, we check hash on both original and copy before and after the forensics. Chain of Custody – Chain of custody form, this is done to prove the integrity of the data. No tampering was done. Who handled it? When did they handle it? What did they do with it? Where did they handle it?
81
Where would be somewhere we would have data at rest?
A. Traversing our network or the internet
B. In memory
C. On our storage devices
D. In a unsecured box
C. On our storage devices
Explanation:
Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption.
82
We have acquired another company in our line of business. We notice they are using WEP for their wireless access point. WEP is considered which of these?
A. Unsecure
B. Secure
C. The preferred encryption type of wireless
D. Preconfigured as standard for most wireless access points shipped today
A. Unsecure
Explanation:
WEP (Wired Equivalent Privacy) protocol, early 802.11 wireless security (1997). No longer secure, should not be used. Attackers can break any WEP key in a few minutes.
83
In the US government's data classification scheme, what would data "if disclosed, could cause serious damage to national security", be classified as?
A. Top Secret
B. Unclassified
C. Confidential
D. Secret
D. Secret
Explanation:
Secret information is information that, if compromised, could cause serious damage to national security.
84
We have hired a penetration tester, and she has been given partial knowledge of our organization and infrastructure. Which access level would that emulate?
A. A senior executive
B. An administrator
C. A manager
D. A normal employee
D. A normal employee
Explanation:
Gray (Grey) box (Partial Knowledge) Pen testing: The attacker has limited knowledge; is a normal user, vendor, or someone with limited environment knowledge.
85
We have 2 redundant UPSes in our data center. All our servers are connected to both. The load on UPS #1 is 45% and the load on UPS #2 is 65%. What will happen if UPS #1 crashes?
A. The servers will run on UPS#1's battery
B. UPS#2 will shut down to prevent damage, since the load is %110
C. UPS 2 will take over
D. UPS #2 will run at 110% until UPS #1 is back up
B. UPS#2 will shut down to prevent damage, since the load is %110
Explanation:
UPS #2 would shut down to prevent damage to itself. Redundant UPSes should never have a shared load over 90%
86
Which of these is something that does NOT belong in our data retention policy?
A. Which data do we keep?
B. How to restore safely from backup tape
C. How long do we keep the data
D. Where do we keep the backup data?
B. How to restore safely from backup tape
Explanation:
How to restore would be covered by a DRP or a walkthrough, the retention policy would only deal with what, how long, where and similar topics.
87
What could be something we could implement to mitigate broken authentication and session management (OWASP A2)?
A. Remove default passwords and usernames
C. Data type limitations
D. Captcha
B. Random session IDs
Explanation:
A2 Broken Authentication and Session Management. Sessions do not expire or they take too long to expire. Session IDs are predictable. 001, 002, 003, 004, etc. Tokens, Session ID's, Passwords, etc. are kept in plaintext.
88
In which form of software testing do we test the connections between the different systems and components?
A. Fuzz testing
B. Interface testing
C. User acceptance testing
D. Static testing
B. Interface testing
Explanation:
Interface Testing – testing of all interfaces exposed by the application.
89
After a security audit we need to mitigate Security misconfiguration (OWASP A5). What could be something we would implement?
A. Remove default passwords and usernames
B. Centralized implementation
C. Implement all websites to be HTTPS
D. Random session IDs
A. Remove default passwords and usernames
Explanation:
A5 Security Misconfiguration. Databases configured wrong. Not removing out of the box default access and settings. Keeping default usernames and passwords. OS, Webserver, DBMS, applications. etc. not patched and up to date. Unnecessary features are enabled or installed; this could be open ports, services, pages, accounts, privileges, etc.
90
Our organization is spending a lot of money and time to train staff in proper safety for data in use. Where would we find data in use?
A. Switch
B. Firewall
C. Desktop
D. Router
C. Desktop
Explanation:
Data in Use: (We are actively using the files/data, it can’t be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.
91
Which of these is a TRUE about hybrid encryption?
A. All of these
B, It uses private and public keys to share a symmetric session key
C. It does not use a shared key
D. It is the strongest per bit
B, It uses private and public keys to share a symmetric session key
Explanation:
Hybrid Encryption: Uses Asymmetric encryption to share a Symmetric Key (session key). We use the security over an unsecure media from Asymmetric for the initial exchange and we use the speed and higher security of the Symmetric for the actual data transfer. The Asymmetric Encryption may send a new session key ever so often to ensure security.
92
After our CEO has had issues getting her finger printer reader to recognize her fingerprint, she is wanting us to lower the sensitivity on the readers. What could be a NEGATIVE side effect of doing what she is asking us to do?
A. True accepts
B. True rejects
C. False accepts
D. False rejects
C. False accepts
Explanation:
FAR (False accept rate) Type 2 error: Unauthorized user is granted access. This is a very serious error.
93
Bob is applying patches to one of our systems, before he does that, he wants a backup he can revert to if things go wrong. Which type of backup should he use?
A. Differential backup
B. Incremental backup
C. Copy backup
D. Full backup
C. Copy backup
Explanation:
Copy backup: This is a full backup with one important difference, it does not clear the archive bit. Often used before we do system updates, patches and similar upgrades. We do not want to mess up the backup cycle, but we want to be able to revert to a previous good copy if something goes wrong.
94
Which of these protocols provides mutual authentication?
A. Kerberos
B. LDAP
C. Diameter
D. Radius
A. Kerberos
Explanation:
Kerberos: Authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to each other in a secure manner. It is based on a client–server model and it provides mutual authentication both the user and the server verify each other's identity. Messages are protected against eavesdropping and replay attacks. Builds on symmetric keys and requires a trusted third party, and can optionally use PKI during certain phases of authentication. Uses UDP port 88 by default, used in Active Directory from Windows 2000 and onwards, and many Unix OS’.
95
Which process would we use if we want to upgrade the software we use on a regular schedule?
A. Change management
B. Project management
C. Patch management
D. Staff management
C. Patch management
Explanation:
Patch Management: To keep our network secure we need to apply patches on a regular basis. Whenever a vulnerability is discovered the software producer should release a patch to fix it. Microsoft for instance have “Patch Tuesday” (2nd Tuesday of the month). They release all their patches for that month. If critical vulnerabilities are discovered they push those patches outside of the Tuesday. Most organizations give the patches a few weeks to be reviews and then implement them in their environment.
96
Which of these is a COMMON attack on our data "in use"?
A. All of these
B. Eavesdropping
C. Shoulder surfing
D. Cryptanalysis
C. Shoulder surfing
Explanation:
Data in Use: (We are actively using the files/data, it can’t be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.
97
If we are using magnetic stripe ID cards and we are wanting to add additional security measures, which of these could we implement for visual inspection and have it be the MOST secure?
A. Picture of the user
B. Embedded hologram
C. Protected Health Information (PHI)
D. Name, title and department
B. Embedded hologram
Explanation:
Embedded holograms on IDs are much harder to replicate than pictures and other things that can be printed on the card. We would never have Protected Health Information (PHI) on an ID card.
98
After a security incident, our legal counsel presents the logs from the time of the attack in court. They constitute which type of evidence?
A. Direct evidence
B. Circumstantial evidence
C. Secondary evidence
D. Real evidence
C. Secondary evidence
Explanation:
Secondary Evidence – This is common in cases involving IT. Logs and documents from the systems are considered secondary evidence.
99
In which type of access control model would your access to data be determined by your job title?
A. Rule-Based Access Control (RUBAC)
B. Role-based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Discretionary Access Control (DAC)
B. Role-based Access Control (RBAC)
Explanation:
RBAC (Role Based Access Control): Often used when Integrity is most important. Policy neutral access control mechanism defined around roles and privileges. A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position.
100
We have updated our old Business Continuity Plan (BCP) and the new one is approved and ready. What should we do next?
A. Distribute the new ones and destroy the old ones
B. Distribute the new ones and keep them side by side with the old ones
C. Put them on the intranet so employees can access them, but nothing else
D. Put them on the intranet and tell employees to only use the new one
A. Distribute the new ones and destroy the old ones
Explanation:
The plans needs to be continually updated, it is an iterative process. Plans should be reviews and updated at least every 12 month. When we update the plans older copies are retrieved and destroyed, and current versions are distributed
101
We have had issues with employees adding wireless access points in areas of our organization where the wireless coverage is bad. What could be something we could implement, as part of a larger strategy, to stop that from happening again?
A. Opening all ports on our switches
B. Hiding our SSID
C. Port security
D. Changing the SSIDs on our wireless access points every week
C. Port security
Explanation:
Good switch security can help with rogue access points, we would shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports.
102
You are discussing 4th generation programming languages with a colleague. Which of these are 4th generation languages? (Select all that apply).
```
A. Cobol
B. SQL
C. Java
D. PHP
E. Perl
```
B. SQL
D. PHP
E. Perl
Explanation:
4th Generation languages (4GL): Fourth-generation languages are designed to reduce programming effort and the time it takes to develop software, resulting in a reduction in the cost of software development. Increases the efficiency by automating the creation of machine code. Often uses a GUI, drag and drop, and then generating the code, often used for websites, databases and reports. 4th Generation languages include ColdFusion, Progress 4GL, SQL, PHP, Perl, etc. Java and Cobol are 3rd generation languages.
103
DES is very easy to break today. To remedy the problems with DES, 3DES was developed. Which of these is TRUE about 3DES K1?
A. It is 128-bit block cipher with 128, 192 or 256-bit keys
B. It is a 64-bit block cipher with a 112-bit key strength
C. It is a 64-bit block cipher with a 128-bit key strength
D. It is a 64-bit block cipher, with 56-bit keys
B. It is a 64-bit block cipher with a 112-bit key strength
```
Explanation:
3 DES (Triple DES): Was developed to extend life of DES systems while getting ready for AES. Symmetric – 64-bit block cipher – 56-bit key, 16 rounds of encryption, uses Fistel. 3 rounds of DES vs 1. K1 (keymode1) – 3 different keys with a key length of 168-bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the effective security it provides is only 112-bits.
```
104
What would we do during the e-discovery process?
A. Make sure we keep data long enough in our retention policies for us to fulfill the legal requirements for our state and sector
B. Delete data that has been requested if the retention period has expired
C. Discover all the electronic files we have in our organization
D. Ensure we keep data preserved and safe, even if it is past the data's retention period
D. Ensure we keep data preserved and safe, even if it is past the data's retention period
Explanation:
e-Discovery or Discovery of electronically stored information (ESI) is the process of producing all relevant documentation to our legal council, who will then present it in court or external attorneys in a legal proceeding. We need to ensure data is kept past the retention date if it could be relevant to the case.
105
We keep our backup data for as long as the information is usable or if we are required to by law, standards, or regulations. What is this an example of?
A. Proper data storage
B. Proper data handling
C. Proper data retention
D. Proper data encryption
C. Proper data retention
Explanation:
Data Retention: Data should not be kept beyond the period of usefulness or beyond the legal requirements (whichever is greater).
106
If we are looking at our backups, what order would they be in if they were rated by which takes the longest to the shortest amount of time?
A. Differential > Full > Incremental
B. Full > Differential > Copy
C. Full > Differential > Incremental
D. Full > Incremental > Differential
C. Full > Differential > Incremental
Explanation:
Full backups take the longest (same time as copy), differential take second most time and incremental the least amount of time.
107
In our identity and access management, we are talking about the IAAA model.
Which of these is NOT one of the A's of that model?
Authorization
B. Auditing
C. Authentication
D. Availability
D. Availability
Explanation:
IAAA is Identification and Authentication, Authorization and Accountability (also called auditing). Availability is part of the CIA triad not IAAA.
108
Jane has been working on our servers and she is adding striping with no parity to the Redundant Array of Independent Disks (RAID) configuration. Why does she do that?
A. To be able to rebuild data from a lost disk
B. To prevent attackers from accessing the real data
C. As part of our backup strategy
D. Faster write speed
D. Faster write speed
Explanation:
Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.
109
The original Enigma machine was broken by the Polish in 1939. How many rotors did the Enigma use at the end of the Second World War?
A. 3
B. 10
C. 5
D. 4
D. 4
Explanation:
Enigma - Rotary based. Was 3 rotors early on, which was broken, so the Germans added 1 rotor, making it much harder. Breaking the Enigma was responsible for ending the war early and saving millions of lives.
110
We have been using hashing with salting for our passwords for some years. One of our executives has just heard about the CIA triad and asks, "Which leg of the CIA triad does that support?". What do you answer?
A. Confidentiality
B. Integrity
C. None of these
D. Availability
B. Integrity
Explanation:
System and data integrity, we use: Cryptography, check sums (This could be CRC), message Digests also known as a hash (This could be MD5, SHA1 or SHA2), digital signatures – non-repudiation. access control.
111
We are using full monthly and incremental daily backups done at midnight. If a system is lost at 20:00 (8PM), how much data would we lose?
A. 40 hours
B. Depends on when the backup finished
C. 18 hours
D. 20 hours
D. 20 hours
Explanation:
We would lose 20 hours of data, the backup takes an inventory at midnight, it doesn't matter when it finishes, files changed after midnight would not be backed up.
112
A disgruntled employee in our organization is trying to break administrator passwords using dictionary attacks. How would he do that?
A. He uses full words often with numbers at the end
B. He has software installed on a computer that records all keystrokes
C. He uses the entire key space
D. He uses precomplied hashes to compare the password hash to
A. He uses full words often with numbers at the end
Explanation:
Dictionary attacks: Based on a pre-arranged listing, often dictionary words. Often succeed because people choose short passwords that are ordinary words and numbers at the end.
113
After we have applied a patch to our software, which type of test should we use?
A. Regression testing
B. Integration testing
C. Referential testing
D. Misuse testing
A. Regression testing
Explanation:
Regression testing: Finding defects after a major code change has occurred. Looks for software regressions, as degraded or lost features, including old bugs that have come back.
114
Who is responsible for the day to day IT operations of our organization?
A. The CFO
B. The CSO
C. The CIO
D. The CEO
C. The CIO
Explanation:
The Chief Information Officer oversees and is responsible for the day to day technology operations of an organization.
115
df
116
To allow our employees to exit in the case on an emergency, we would want to fix the broken turnstiles first. The gate, the broken camera and the broken fence does not hinder employee evacuation.
A. Star
B. Tree
C. Mesh
D. Ring
A. Star
Explanation:
ARCNET (Attached Resource Computer Network): Used network tokens for traffic, no collisions. Used a Star topology. 2.5Mbps.
117
In a security audit, we are looking at the authentication protocols we use. Which of these uses a key-distribution center?
A. LDAP
B. Radius
C. Diameter
D. Kerberos
D. Kerberos
Explanation:
Kerberos: Authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to each other in a secure manner. It uses an AS (Authentication Server), a TGS (ticket-granting server) which are part the KDC (Key distribution center).
118
You are explaining how we always use Redundant Array of Independent Disks (RAID) on our servers. What do you answer when you get asked, "Why do you use RAID ?"
A. Fault tolerance and backup
B. Redundancy only
C. Fault tolerance and speed
D. Backup
C. Fault tolerance and speed
Explanation:
Redundant Array of Independent Disks (RAID) is used for read/write speed and redundancy, what you get is dependent on RAID type you chose. Comes in 2 basic forms, disk mirroring and disk striping. Disk mirroring: Writing the same data across multiple hard disks, this is slower, the RAID controller has to write all data twice. Uses at least 2 times as many disks for the same data storage, needs at least 2 disks. Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.
119
When our data is in use, we must choose different types of countermeasures to ensure our data is safe. Which of these is a COMMON attack against data in use?
A. Screen scrapers
B. MITM
C. BCP
D. Stealing unencrypted laptops
A. Screen scrapers
Explanation:
Screen scrapers take a screenshot/scrape of a monitor every so often (or continually), any data displayed on the screen would be captured.
120
Jane is using relational databases. Which of these would be a TRUE statement if she is talking about tuple values?
A. Represent values attributed to that instance
B. Are unique
C. Lists the persons SSN
D. Represents one entity
D. Represents one entity
Explanation:
Relational model: Organizes data into one or more tables (or relations) of columns and rows, with a unique key identifying each row. Rows are also called records or tuples. Each table/relation represents one entity type.
121
In our data center, we want to ensure proper air circulation. Where would our servers normally pull the air in from?
A. Air ducts
B. Sub-flooring
C. Cold isles
D. Hot isles
C. Cold isles
Explanation:
In a well-designed data center we want air to be pulled into the equipment from the cold isles and pushed out in the warm isles. Servers, switches and other rackable equipment are built with air intake and exhaust facing the hot and cold aisles. Servers have intake in the back and exhaust in the front and switches are often reserved.
122
Bob is looking at GUI builders for an upcoming project. Which type of methodology is Bob MOST LIKELY going to use?
A. Agile
B. Spiral
C. RAD
D. Prototyping
C. RAD
Explanation:
RAD (Rapid Application Development): Puts an emphasize adaptability and the necessity of adjusting requirements in response to knowledge gained as the project progresses. Prototypes are often used in addition to or sometimes even in place of design specifications. Very suited for developing software that is driven by user interface requirements. GUI builders are often called rapid application development tools.
123
When authenticating against our access control systems, you are using your passphrase. Which type of authentication are you using?
A. A knowledge factor
B. A biometric factor
C. A location factor
D. A possession factor
A. A knowledge factor
Explanation:
Something you know - Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. The subject uses these to authenticate their identity, if they know the secret, they must be who they say they are. This is the most commonly used form of authentication, and a password is the most common knowledge factor.
124
Jane is talking to a clinical director and she mentions we would use one of our SANs for an implementation we are doing for the director. What does the abbreviation SAN mean in this case?
A. Segment area network
B. Storage area network
C. Switch area network
D. Server area network
B. Storage area network
Explanation:
SAN (Storage Area Network) protocols provides a cost-effective ways that uses existing network infrastructure technologies and protocols to connect servers to storage. A SAN allows block-level file access across a network, it acts like an attached hard drive.
125
In a penetration test, we are giving the tester detailed knowledge of our environments. Which type of penetration testing is she performing?
A. Gray box
B. White box
C. Full box
D. Black box
B. White box
```
Explanation:
White box (Crystal/Clear) Pen testing: (Full Knowledge): The attacker has knowledge of the internal network and access to it like a privileged employee would. Normally Administrator access employee with full knowledge of our environment.
```
