CISSP certification: Full 125 question practice test #4 - test 2 (Anthony Today)

Question 1

Which historical type of encryption involved the sender switching letters a certain number of spots forwards or back in the alphabet, with the receiver doing the same in the opposite direction?

A. Spartan Scytale
B. Vigenere cipher
C. Caesar cipher
D. Bazeries

Answer 1

C. Caesar cipher

Explanation:
Caesar Cipher (Substitution) - Done by switching letters a certain numbers of spots in the alphabet. “Pass the exam" moved 3 back would be “Mxpp qeb buxj.”

Question 2

In our authentication process we are wanting to add a pseudo random number to ensure old data is not replayed. Which of these would we add?

A. Salting
B. Clipping levels
C. Nonce
D. Key-streching

Answer 2

C. Nonce

Explanation:
Nonce: (arbitrary number that may only be used once). It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks. They can also be useful as initialization vectors and in cryptographic hash function.

Question 3

What would a distance vector routing protocol use to determine the BEST route to a certain destination?

A. The best bandwidth to the destination
B. The aggregated payload and the bandwidth
C. Least hops to the destination
D. The path it used last time it sent data to that destination

Answer 3

C. Least hops to the destination

Explanation:
Distance vector routing protocols: Only focuses on how far the destination is in Hops (how many routers in between here and there). Does not care about bandwidth, it just uses the shortest path.

Question 4

Looking at our information security governance, who would approve and sign off on our policies?

A. Senior management
B. The IT Teams
C. IT Security
D. IT management

Answer 4

A. Senior management

Explanation:
Policies are mandatory, they are high level and non-specific. They are contain “Patches, updates, strong encryption”, but they will not be specific to “OS, encryption type, vendor technology”. They are approved and often written by senior management.

Question 5

In which type of software testing do we progressively test larger and larger groups of software components until the software works as a whole?

A. Reference checking
B. Integration testing
C. Penetration testing
D. Unit testing

Answer 5

B. Integration testing

Explanation:
Integration testing: Seeks to verify the interfaces between components against a software design. Integration testing works to expose defects in the interfaces and interaction between integrated components/modules. Progressively larger groups of software components are tested until the software works as a system.

Question 6

We have realized our current use of magnetic stripe ID cards is not matching the security profile senior management wants. What could we use on the cards in addition to the magnetic stripe to make them smart cards?

A. UV printing
B. RFID Chip
C. Holograms
D. RFII Chip

Answer 6

B. RFID Chip|

Explanation:
Smart Cards and tokens (contact or contactless): They contain a computer circuit using an ICC (Integrated Circuit Chip).

Question 7

As part of our Business Continuity Plan (BCP) and its sub plans we want to ensure we are redundant. Which of these is something we want to be redundant on?

A. Internet connections
B. People
C. Power
D. All of the above

Answer 7

D. All of the above

Explanation:
We want layers of redundancy, just like we have defense in depth. We want power, internet, path, hardware, system, backup, people, etc. redundancy.

Question 8

We are wanting to hire outside penetration testers. Who in our organization would set the goals for the penetration test?

A. IT security leadership
B. IT security team
C. IT leadership
D. Senior management

Answer 8

D. Senior management

Explanation:
Penetration Testing (Pen Testing), often called Ethical Hacking. Test if the vulnerabilities are exploitable. An authorized simulated attack on our organization that looks for security weaknesses, potentially gaining access to the systems, buildings and data. Senior management set the goals for the Pen testing. Why are we doing it? What are we trying to achieve? They have to sign off on it.

Question 9

There are many risks in today’s increasing complex IT world, how we deal with them should be part of an overarching strategy. We could for instance be risk neutral or averse. Who would decide our organization’s risk appetite?

A. The IT security team
B. Senior management
C. The IT leadership team
D. Rules and regulations

Answer 9

B. Senior management

Explanation:
Governance – This is C-level Executives (Not you). Stakeholder needs, conditions and options are evaluated to define: Balanced agreed-upon enterprise objectives to be achieved. Setting direction through prioritization and decision making. Monitoring performance and compliance against agreed-upon direction and objectives. Risk appetite – Aggressive, neutral, adverse.

Question 10

We are wanting to strengthen our detective access controls. Which of these could be something we would want to implement?

A. Patches
B. Encryption
C. IDS
D. Backups

Answer 10

C. IDS

Explanation:
Detective: Controls that detect during or after an attack – IDS, CCTV, Alarms, anti-virus.

Question 11

Which process are we using when we approve alterations to our environment?

A. Project management
B. Patch management
C. Implementation management
D. Change management

Answer 11

D. Change management

Explanation:
Change Management: Often called change control, a formalized process on how we handle changes to our environments. If done right we will have full documentation, understanding and we communicate changes to appropriate parties. The change review board should be comprised of both IT and other operational units from the organization, we may consider impacts on IT, but we are there to serve the organization, they need to understand how it will impact them and raise concerns if they have any. A change is proposed to the change board, they research to understand the full impact of the change. The person or group submitting the change should clearly explain the reasons for the change, the pro’s and con’s of implementing and not implementing, any changes to systems and processes they know about and in general aide and support the board with as much information as needed.

Question 12

As an IT Security professional, you are expected to perform your due diligence. What does this mean?

A. Continue the security practices of your company
B. Do what is right in the situation and your job. Act on the knowledge
C. Apply patches annually
D. Researching and acquiring the knowledge to do your job right

Answer 12

D. Researching and acquiring the knowledge to do your job right

Explanation:
Due Diligence – The research to build the IT Security architecture of your organization. Best practices and common protection mechanisms. Research of new systems before implementing.

Question 13

When we are using VoIP for our phone calls, which protocol does it use to transmit data?

A. UDP
B. RDP
C. DHCP
D. TCP

Answer 13

A. UDP

Explanation:
VoIP (Voice over Internet Protocol): The digital information is packetized, and transmitted using UDP IP packets over a packet-switched network.

Question 14

We are restoring services and applications back from our DR site to our original site after a security incident. Which applications would we move back FIRST?

A. Least critical
B. The least resource intensive
C. Most critical
D. The most resource intensive

Answer 14

A. Least critical

Explanation:
The BCP team has sub-teams responsible for rescue, recovery and salvage in the event of a disaster or disruption. Salvage team (failback): Responsible for returning our full infrastructure, staff and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.

Question 15

Why would we want to keep a positive pressure in our data center?

A. To get contaminants in
B. We wouldnt, we would keep a neutral pressure
C. The keep contaminants out
D. We wouldnt we would keep a negative pressure

Answer 15

C. The keep contaminants out

Explanation:
In our data center we want to keep a positive pressure to keep contaminants out, this can be dust particles that can set of particle sensors and release FM200 or another fire suppressant gas.

Question 16

We are already using usernames and passwords online. Which of these could be something else we would add to get multifactor authentication?

A. Single-use password
B. Security questions
C. Challenge response
D. PINs

Answer 16

A. Single-use password

Explanation:
Single-use passwords are possession factors, you don’t remember them you have them on a piece of paper or on a token, we have multifactor authentication with the username, password and single-use password.

Question 17

When someone is using a fake ID, it is an attack on which type of authentication?

A. Type 3
B. Type 4
C. Type 2
D. Type 1

Answer 17

C. Type 2

Explanation:
Something you have - Type 2 Authentication (ID, Passport, Smart Card, Token, cookie on PC etc.).

Question 18

If we have 100 users in our organization that are all needing to communicate securely with each other, would symmetric or asymmetric encryption use the highest number of encryption keys?

A. They would use the same number of keys
B. We would need more information to be able to tell
C. Asymmetric
D. Symmetric

Answer 18

D. Symmetric

Explanation:
Symmetric would use 4950 keys (100x(100-1))/2, asymmetric uses 2 keys per person so 200 keys.

Question 19

Which type of black-box testing would we submit random malformed data as inputs into the software?

A. Fuzz testing
B. Dynamic testing
C. Static testing
D. Synthetic transaction testing

Answer 19

A. Fuzz testing

Explanation:
Fuzzing (Fuzz testing): Testing that provides a lot of different malformed inputs to try to cause unauthorized access or for the application to enter unpredictable state or crash. If the program crashes or hangs the fuzz test failed. The Fuzz tester can enter values into the script or use pre-compiled random or specific values.

Question 20

Jane is talking to a friend and is explaining what digital signatures do. Which of these could be something that she tells her friend is one of the MAIN reasons we use digital signatures?

A. Integrity
B. Availability
C. Authentication
D. Confidentiality

Answer 20

A. Integrity

Explanation:
Digital Signatures: Provides Integrity and Non-Repudiation.

Question 21

You can MOST LIKELY be held liable when you display which of these?

A. Negligence
B. Due Care
C, Remorse
D. Due diligence

Answer 21

A. Negligence

Explanation:
Negligence (and Gross Negligence) is the opposite of Due Care. If a system under your control is compromised and you can prove you did your Due Care you are most likely not liable. If a system under your control is compromised and you did NOT perform Due Care you are most likely liable.

Question 22

Which type of audit could we use to ensure our employees are following our policies?

A. Review Management
B. White Box testing
C. Review user logs
D. Self reviews

Answer 22

C. Review user logs

Explanation:
We would want to review user logs to see if they are following our policies.

Question 23

Bob is telling the senior leadership team about how we use RAID. The CFO wants to know what that is an abbreviation of.

A. Reversed Array of Inexpensive Disks
B. Recursive Array of Independent Disks
C. Redundant Array of Inexpensive Disks
D. Real Array of Inexpensive Disks

Answer 23

C. Redundant Array of Inexpensive Disks

Explanation:
Redundant Array of Independent Disks (RAID): Comes in 2 basic forms, disk mirroring and disk striping. Disk mirroring: Writing the same data across multiple hard disks, this is slower, the RAID controller has to write all data twice. Uses at least 2 times as many disks for the same data storage, needs at least 2 disks. Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

Question 24

Our organization is considering different types of intellectual protection options. Which of these is something that can be patented?

A. Logos
B. Software
C. Inventions
D. Public Domain (CC0) photos

Answer 24

C. Inventions

Explanation:
Patents: Protects inventions for 20 years (normally) – Cryptography algorithms can be patented. Inventions must be:Novel (New idea no one has had before). Useful (It is actually possible to use and it is useful to someone). Nonobvious (Inventive work involved).

Question 25

We are upgrading our documentation on the switch best practices we use in our organization.

Which of these should NOT be something you would find on that documentation?

A. Put all ports in specific VLANs
B. Use MAC sticky on ports
C. Make all ports trunk ports
D. Shut unused ports down

Answer 25

C. Make all ports trunk ports

Explanation:
Good switch security includes shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports. Making all ports trunk ports is a bad idea.

Question 26

In implementing type 1 authentication, we could implement which of these? (Select all that apply).

A. Passwords
B. PINs
C. Tokens
D. Pass phrases
E. One-time passwords
F. Biometrics

Answer 26

A. Passwords
B. PINs
D. Pass phrases

Explanation:
Something you know - Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. The subject uses these to authenticate their identity, if they know the secret, they must be who they say they are. This is the most commonly used form of authentication, and a password is the most common knowledge factor. The user is required to prove knowledge of a secret to authenticate.

Question 27

When Bob’s workstation is requesting a new IP address from the Dynamic Host Configuration Protocol (DHCP) server, which well-known port would the DHCP client use?

A. 67
B. 22
C. 23
D. 68

Answer 27

D. 68

Explanation:
DHCP uses UDP Port 67 for the DHCP Server and UDP Port 68 for the Client.

Question 28

Jane is working on strengthening our preventative controls. What could she look at to do that?

A. IDS
B. Drug Tests
C. Backups
D. Patches

Answer 28

B. Drug Tests

Explanation:
Preventative: Prevents action from happening – Least Privilege, Drug Tests, IPS, Firewalls, Encryption.

Question 29

When collecting personal information about our employees and customers, how much should we collect?

A. Everything they enter as well as everything we can find online
B. Nothing
C. The least amount possible for us to do what we need to do
D. As much as possible

Answer 29

C. The least amount possible for us to do what we need to do

Explanation:
When collecting personal data we need to collect just enough to do what we need to and no more, a majority of countries in the world has laws with verbiage to this effect.

Question 30

In our data roles and responsibilities, the business owner is responsible for which of these?

A. Be trained in the policies, procedures and standards
B. Perform the backups and restores
C. Assign the sensitivity labels and backup frequency of the data
D. Make the policies, procedures and standards that govern our data security

Answer 30

D. Make the policies, procedures and standards that govern our data security

Explanation:
Mission/Business Owner: Senior executives make the policies that govern our data security.

Question 31

If we are wanting to implement a governance standard and control framework focused on IT service management, which of these should we implement?

A. COBIT
B. ITIL
C. COSO
D. FRAP

Answer 31

B. ITIL

Explanation:
ITIL (Information Technology Infrastructure Library) focuses on ITSM (IT Service Management).

Question 32

If an attacker is using Distributed Denial Of Service (DDOS) attacks, which part of the CIA triad is the attacker targeting?

A. Authentication
B. Integrity
C. Confidentiality
D. Availability

Answer 32

D. Availability

Explanation:
Availability threats:
Malicious attacks Distributed Denial Of Service (DDOS), Physical, System compromise, Staff). To mitigate this we use redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (Redundant Array of Independent Disks (RAID)), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more.

Question 33

If we are using the Graham Denning model, which of these is NOT something a subject can execute on an object?

A. Transfer access
B. Read subject
C. Create subject
D. Delete access

Answer 33

B. Read subject

Explanation:
Graham-Denning Model – uses Objects, Subjects, and Rules. It does not use read subjects, it has 8 rules that a specific subject can execute on an object are: Transfer Access. Grant Access. Delete Access. Read Object. Create Object. Destroy Object. Create Subject. Destroy Subject.

Question 34

After a disaster, which team would be working on returning us to our primary facility, or getting a new site up?

A. Rescue team
B. Recovery team
C. Planning team
D. Salvage team

Answer 34

D. Salvage team

Explanation:
Salvage team (failback): Responsible for returning our full infrastructure, staff and operations to our primary site or a new facility if the old site was destroyed. We get the least critical systems up first, we want to ensure the new sites is ready and stable before moving the critical systems back.

Question 35

What would an IT Security professional’s role be when we talk about patching systems?

A. Everything
B. Apply them
C. Nothing
D. Review them

Answer 35

D. Review them

Explanation:
The security team would review the patches and approve them before the server team applies them.

Question 36

When an attacker has obtained our sensitive data, and chooses to disclose it on a website, which leg of the CIA triad would be MOST affected?

A. Availability
B. Integrity
C. Authentication
D. Confidentiality

Answer 36

D. Confidentiality

Explanation:
Disclosure is the opposite of confidentiality someone not authorized getting access to your information.

Question 37

In our access control implementations, we are wanting to ensure the accountability of our users. Which of these could be something we could use for that?

A. A password
B. Their username
C. Role based access control
D. Non-repudiation

Answer 37

D. Non-repudiation

Explanation:
Accountability (often referred to as Auditing): Trace an Action to a Subjects Identity. Proves who performed given action, it provides non-repudiation. Group or shared accounts are never OK, they have zero accountability. Uses audit trails and logs, to associate a subject with its actions.

Question 38

Which of these would NOT be an acceptable form of dealing with remanence?

A. Degaussing
B. Disk sredding
C. Overwriting
D. Deleting files

Answer 38

D. Deleting files

Explanation:
Deleting a file just removes it from the table; everything is still recoverable.

Question 39

In a relational database, what is the parent table’s primary key seen as in the child table?

A. Foreign key
B. Primary key
C. Reference key
D. Secondary key

Answer 39

A. Foreign key

Explanation:
Foreign key: They are in relational databases the matching primary key of a parent database table. It is always the primary key in the local DB. Seen from the child table the child key is the primary key and the foreign key is the primary key of the parent table.

Question 40

What would happen if we are using a Bus topology in our LAN design, and a cable breaks?

A. Nothing the traffic just moves the other way
B. Traffic stops at the break
C. Nothing all nodes are connected to the switch by themselves
D. The traffic is redirected

Answer 40

B. Traffic stops at the break

Explanation:
Bus: All nodes are connected in a line, each node inspects traffic and passes it along. Not very stable, a single break in the cable will break the signal to all nodes past that point, including communication between nodes way past the break. Faulty NICs (Network Interface Card) can also break the chain.

Question 41

When we implement VLANs, what would that do?

A. Prevent users from accessing the internet
B. Segments a switch into multiple separate logical networks
C. Divides a switch into equally large portions for each VLAN
D. Shows a network administrator the traffic on his network

Answer 41

B. Segments a switch into multiple separate logical networks

Explanation:
VLAN (Virtual LAN) is a broadcast domain that is partitioned and isolated at layer 2. Specific ports on a switch is assigned to a certain VLAN. It allows networks and devices that must be kept separate to share the same physical devices without interacting, for simplicity, security, traffic management, and/or cost reduction.

Question 42

We want to protect against rainbow tables by implementing salting. What are rainbow tables made up of?

A. Pre-arranged lists of full words and numbers
B. Pre-made list of matching biometrics and passwords
C. Pre-made list of matching passwords and hashes using salts
D. Pre-made list of matching passwords and hashes

Answer 42

D. Pre-made list of matching passwords and hashes |

Explanation:
Rainbow tables attacks: Pre-made list of plaintext and matching ciphertext. Often Passwords and matching Hashes a table can have 1,000,000’s of pairs.

Question 43

We are getting 50 old spinning disk hard drives. What would we use on the damaged ones to ensure there is NO data remanence, but needed the drive to stay intact?

A. Format
B. Degauss
C. Overwrite
D. Shred

Answer 43

B. Degauss

Explanation
Degaussing should ensure no data remanence, we can’t overwrite or format a damaged drive, and shredding would not leave the drive intact.

Question 44

We are having problems with the electricity in the area, where we have one of our data centers. What is happening when a brownout occurs?

A. We have a short loss of power
B. We have a long high voltage period
C. We have a long loss of power
D. We have a long low voltage period

Answer 44

D. We have a long low voltage period

Explanation:
Power Fluctuation Terms: Brownout - Long low voltage.

Question 45

Prime number factorization is an example of what?

A. One way functions
B. Shared key encryption
C. Symmetric encryption
D. Two way functions

Answer 45

A. One way functions

Explanation:
Prime Number Factorization: Factoring large Prime numbers using a one-way factorization - It is easy to multiply 2 numbers, but hard to discern the 2 numbers multiplied from the result.

Question 46

In object-oriented databases, the objects can have different attributes. Which of them would define the behavior of an object?

A. Classes
B. Schemas
C. Methods
D. Attributes

Answer 46

C. Methods

Explanation:
Methods: Defines the behavior of an object and are what was formally called procedures or functions. Objects contain both executable code and data.

Question 47

Which of these could be a countermeasure we can use to detect a software keylogger?

A. They are not detectable
B. We could see unauthorized access to certain files
C. Physical inspection of the system
D. Look at which programs are running on the system

Answer 47

D. Look at which programs are running on the system

Explanation:
keylogging (Keystroke logging): A keylogger is added to the users computer and it records every keystroke the user enters. Software, a program installed on the computer. The computer is often compromised by a trojan, where the payload is the keylogger or a backdoor. The keylogger calls home or uploads the keystrokes to a server at regular intervals.

Question 48

Which of these is not really a methodology, but describes the phases of the software development lifecycle?

A. SDLC
B. Agile
C. RAD
D. Waterfall

Answer 48

A. SDLC

Explanation:
SDLC (Software Development Life Cycle): The SDLC is not really a methodology, but a description of the phases in the life cycle of software development. These phases are (in general), investigation, analysis, design, build, test, implement, maintenance and support (and disposal).

Question 49

We have asked a vendor to use a source code escrow What could be a reason we would do that?

A. So we can get the source code if we have software errors
B. So we can get the source code if they fail to maintain and update the code
C. So we can view the source code when we want to
D. So we can get the source code if we want to break the contract we have with them, because we have found a cheaper alternative

Answer 49

B. So we can get the source code if they fail to maintain and update the code

Explanation:
Source code escrow: The deposit of the source code of software with a third party escrow agent. Escrow is typically requested by a party licensing software (the licensee), to ensure maintenance of the software instead of abandonment or orphaning. The software source code is released to the licensee if the licensor files for bankruptcy or otherwise fails to maintain and update the software as promised in the software license agreement.

Question 50

If we are doing a vulnerability scan, it would normally show us all these, EXCEPT which?

A. Malware
B. The OSs used by the systems
C. Systems on the network
D. Open ports

Answer 50

A. Malware

Explanation:
A vulnerability scanner tool is used to scan a network or system for a list of predefined vulnerabilities such as system misconfiguration, outdated software, or a lack of patching, they will not detect viruses or malware unless it has opened ports that shouldn’t be and even then it would just list the port as open. It is very important to understand the output from a vulnerability scan, they can be 100’s of pages for some systems, and how do the vulnerabilities map to Threats and Risks (Risk = Threat x Vulnerability).

Question 51

What is something that could make evidence inadmissible in court?

A. Complete chain of custody
B. Enticement
C. Alterations to the data
D. Taking a bit level copy of the compromised hard drive, hashing both drives, hashes are identical. Do forensics on the copy drive, hash after forensics is identical too

Answer 51

C. Alterations to the data

Explanation:
Altering the data makes it inadmissible, this is similar to planting evidence at the crime scene.

Question 52

Which authentication method would use something you are expected to have?

A. Type 2
B. Type 3
C. Type 0
D. Type 1

Answer 52

A. Type 2

Explanation:
Something you have - Type 2 Authentication: ID, passport, smart card, token, cookie on PC, these are called Possession factors. The subject uses these to authenticate their identity, if they have the item, they must be who they say they are.

Question 53

When we have our employees insert a card into a reader, it is using which type of technology?

A. Contactless cards
B. HOTP Tokens
C. Magnetic Stripe
D. Contact Cards

Answer 53

D. Contact Cards

Explanation:
Contact Cards - Inserted into a machine to be read. This can be credit cards you insert into the chip reader or the DOD CAC (Common Access Card).

Question 54

We are considering how we should protect our intellectual property. Which of these do you need to apply for to be protected? (Select all that apply).

A. Trade Secrets
B. Copyright
C. Patents
D. Trademarks

Answer 54

C. Patents
D. Trademarks

Explanation:
Trademarks and patents are both something you need to apply for. Copyright is automatically granted and trade secrets are not granted since it is just you telling no-one about your secret formula or product.

Question 55

If we have mantraps in our environment, what should they do?

A. Fail shut
B. Prevent exit always
C. Prevent exit in an emergency
D. Fail open

Answer 55

D. Fail open

Explanation:
Mantraps should be designed to allow safe evacuation in case of an emergency. (Remember that people are more important to protect than stuff.)

Question 56

We have just upgraded our wireless access points throughout our organization. What would you answer if you were asked, “Which frequency does 802.11-g use?”

A. 3.7GHz
B. 5GHz
C. 2.4GHz
D. 20MHz

Answer 56

C. 2.4GHz

Explanation:
802.11g has 54 Mbit/s throughput using the 2.4 GHz band.

Question 57

As technology progresses or flaws are found in the symmetric algorithms, we stop using that encryption. Which of these symmetric encryption types are no longer considered secure?

A. AES
B. 3DES K1
C. Twofish
D. 3DES K3

Answer 57

D. 3DES K3

Explanation:
3DES (Triple DES) K3 (keymode3) – Same key 3 times, just as insecure as DES (encrypt/decrypt/encrypt).

Question 58

Jane is leading a software development team. She is using the spiral model for this project, which of these is NOT one of the phases?

A. Planning
B. Engineering
C. Risk analysis
D. Initiation

Answer 58

D. Initiation

Explanation:
The spiral model: A risk-driven process model generator for software projects. The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A software project repeatedly passes through these phases in iterations (called Spirals in this model). The baseline spiral, starting in the planning phase, requirements are gathered and risk is assessed. Each subsequent spirals builds on the baseline spiral.

Question 59

In our software testing we are using synthetic transactions. What is a key characteristic of those?

A. They simulate real traffic
B. They test the code without executing it
C. They are real traffic
D. They execute the code and inputs malformed information

Answer 59

A. They simulate real traffic

Explanation:
Synthetic Transactions/monitoring - Building scripts or tools that simulate normal user activity in an application.

Question 60

If we are using object-oriented analysis and design (OOAD), when would we apply the constraints to the conceptual model?

A. OOA
B. OOD
C. OOR
D. OOM

Answer 60

B. OOD

Explanation:
OOD (Object-oriented design):The developer applies the constraints to the conceptual model produced in object-oriented analysis. Such constraints could include the hardware and software platforms, the performance requirements, persistent storage and transaction, usability of the system, and limitations imposed by budgets and time. Concepts in the analysis model which is technology independent, are mapped onto implementing classes and interfaces resulting in a model of the how the system is to be built on specific technologies. Important topics during OOD also include the design of software architectures by applying architectural patterns and design patterns with object-oriented design principles.

Question 61

As part of a management level training class we are teaching all staff with manager or director in their title about basic IT Security. We are covering the CIA triad, which of these attacks focuses on compromising our confidentiality?

A. Malware
B. Social Engineering
C. Wireless Jamming
D. All of these

Answer 61

B. Social Engineering

Explanation:
Confidentiality we use: Encryption for data at rest (for instance AES256), full disk encryption. Secure transport protocols for data in motion. (SSL, TLS or IPSEC). Best practices for data in use - clean desk, no shoulder surfing, screen view angle protector, PC locking (automatic and when leaving).Strong passwords, multi factor authentication, masking, access control, need-to-know, least privilege. Threats: Attacks on your encryption (cryptanalysis). Social engineering. Keyloggers (software/hardware), cameras, Steganography. Man-in-the-middle attacks.

Question 62

We are in a court of law and the proof must be “beyond a reasonable doubt”, which type of court are we in?

A. Probation Court
B. Criminal Court
C. Administrative Court
D. Civil Court

Answer 62

B. Criminal Court

Explanation:
Criminal Law: “Society” is the victim and proof must be “beyond a reasonable doubt”. Incarceration, Death and Financial fines to “Punish and Deter”.

Question 63

Looking at US legacy internet speeds, a T3 connection would bundle T1 connections. What was the speed of a T3 internet connection?

A. 44.736MBPS
B. 34.368Mbps
C. 2.048 Mbps
D. 1.544Mbps

Answer 63

A. 44.736MBPS

Explanation:
T3 (US): 28 bundled T1 lines, creating a dedicated 44.736 Mbps circuit.

Question 64

Bob is doing cleanups of one of our databases. He has found foreign keys that do not match the primary key. Which type of integrity error is this?

A. Referential
B. Foreign
C. Entity
D. Semantic

Answer 64

A. Referential

Explanation:
Referential integrity: When every foreign key in a secondary table matches a primary key in the parent table. It is broken if not all foreign keys match the primary key.

Question 65

Trying to convert a very old frame relay connection we have to a remote office; you are asked to include a list of the abbreviations you have used and what they stand for. Which of these would you add to that list? (Select all that apply).

A. PVC (Permanent Virtual Circuit) 
B. SVC (Switched Virtual Circuit) 
C. PSC (Permanent Switched Circuit) 
D. DLCI (Data Link Connection Identifiers) 
E. SON (Synchronous Optical Networking)

Answer 65

A. PVC (Permanent Virtual Circuit)
B. SVC (Switched Virtual Circuit)
D. DLCI (Data Link Connection Identifiers)

Explanation:
Frame Relay is a Packet-Switching L2 protocol, it has no error recovery and only focus on speed. Higher level protocols can provide that if needed. PVC (Permanent Virtual Circuit): Always up, ready to transmit data. Form logical end-to-end links mapped over a physical network. SVC (Switched Virtual Circuit): Calls up when it needs to transmit data and closes the call when it is done. Uses DLCI (Data Link Connection Identifiers) to identify the virtual connection, this way the receiving end knows which connection an information frame belongs to.

Question 66

In Agile XP software development, we would normally do all of these, EXCEPT which?

A. Expect changing requirements
B. Unit testing of all code
C. Programming pairs
D. Use short 1-2 week development cycles (sprints)

Answer 66

D. Use short 1-2 week development cycles (sprints)

Explanation:
XP (Extreme programming): Intended to improve software quality and responsiveness to changing customer requirements. Uses advocates frequent releases in short development cycles, intended to improve productivity and introduce checkpoints at which new customer requirements can be adopted. XP uses: Programming in pairs or doing extensive code review. Unit testing of all code. Avoiding programming of features until they are actually needed. Flat management structure. Code simplicity and clarity. Expecting changes in the customer’s requirements as time passes and the problem is better understood. Frequent communication with the customer and among programmers.

Question 67

For a certain system, our backup policy is doing full monthly backups and differential weekly backups. All backups are started at Sunday midnight. We are thinking about changing it to no more than 48 hours of data loss and restores with only 2 tapes. What would we need to do what?

A. Differential backups every 2 days
B. Incremental daily backups
C. Full backups every 2 days
D. Incremental backups every 2 days

Answer 67

A. Differential backups every 2 days

Explanation:
To only use 2 tapes we would need full and differential, to keep the maximum loss at 48 hours we need backups every 2 days.

Question 68

An attacker, using social engineering, could use all of these EXCEPT which?

A. Spear fishing
B. Whale phishing
C. Authority
D. Consensus

Answer 68

A. Spear fishing

Explanation:
While spear phishing is social engineering, spearfishing is not.

Question 69

Which of these file transfer protocols would use the TLS and SSL protocols?

A. TFTP
B. SFTP
C. FTP
D. FTPS

Answer 69

D. FTPS

Explanation:
FTPS (FTP Secure) - Uses TLS and SSL to add security to FTP.

Question 70

Which of these would be COMMON attacks focused on compromising our availability?

A. All of these
B. Distributed Denial of Service (DDoS)
C. Viruses
D. Social Engineering

Answer 70

B. Distributed Denial of Service (DDoS)

Explanation:
For data availability we use:
IPS/IDS. Patch Management. Redundancy on Hardware Power (Multiple Power Supplies/UPS’/Generators), Disks (Redundant Array of Independent Disks (RAID)), Traffic paths (Network Design), HVAC, Staff, HA (high availability) and much more. SLAs — How high uptime to we want (99.9%?) – (ROI) Threats: Malicious attacks Distributed Denial Of Service (DDOS) ,physical, system compromise, staff, wireless jamming). Application failures (errors in the code). Component failure (hardware).

Question 71

When we have a system requiring users to reauthenticate every hour, what is that system using?

A. Reverse Proxy
B. Multifactor Authentication
C. Single Factor Authentication
D. Continuous Authentication

Answer 71

D. Continuous Authentication

Explanation:
Continuous authentication can either prompt the user to login every hour or monitor things like keystroke patterns which analyze typing rhythm, mouse movement, etc. this would be compared against a user baseline.

Question 72

As part of our Disaster Recovery Plan (DRP), we are building our secondary data center 100 miles (160 km.) from our primary data center. With which of these secondary sites would we MOST LIKELY be back up and running on our critical applications within 3 hours? (Select all that apply).

A. Redundant Site
B. Cold Site
C. Warm Site
D. Hot Site

Answer 72

A. Redundant Site
D. Hot Site

Explanation:
Redundant site: Complete identical site to our production site, receives a real time copy of our data. If our main site is down the redundant site will automatically have all traffic fail over to the redundant site. Hot site: Similar to the redundant site, but only houses critical applications and systems, often on lower spec’d systems. We may have to manually fail traffic over, but a full switch can take an hour or less. Warm sites would take 4-24+ hours, cold sites can take weeks.

Question 73

In which operating systems can an attacker elevate their privileges to gain root or administrator privileges?

A. Windows
B. Linux
C. MacOS
D. All of these

Answer 73

D. All of these

Explanation:
It is possible for attackers to elevate their privileges in any of the listed Oss.

Question 74

Our board of directors has decided our data integrity is the most important to our organization. Which of these could we implement to prove we have data integrity?

A. Redundant hardware
B. None of these
C. Hashes
D. Multifactor authentication

Answer 74

C. Hashes

Explanation:
Hashing ensures the data was not altered, proving the integrity of the data.

Question 75

Which of these rotary based encryption machines was NOT known to have been broken while it was in active use?

A. Purple
B. SIGABA
C. Enigma
D. PRAAS

Answer 75

B. SIGABA

Explanation:
SIGABA: A rotor machine used by the United States throughout World War II and into the 1950s, similar to the Enigma. It was more complex, and was built after examining the weaknesses of the Enigma. No successful cryptanalysis of the machine during its service lifetime is publicly known. It used 3x 5 sets of rotors.

Question 76

When an attacker is using intimidation and threats, it is a type of?

A. Alteration Testing
B. Social Engineering
C. Referential Testing
D. Penetration Testing

Answer 76

B. Social Engineering

Explanation:
Social engineering uses people skills to bypass security controls. Can be used in a combination with many other attacks, especially client-side attacks or physical tests. Attacks are often more successful if they use one or more of these approaches: Authority , intimidation, consensus, scarcity, urgency or familiarity.

Question 77

Our main facility has been hit with a complete power outage and we need to set up a temporary command and control center. What would we be deploying?

A. Disaster Recovery Plan (DRP)
B. Continuity of Operations Plan (COOP)
C. Emergency Operations Center (EOC)
D. Emergency Operations Outline (EOO)

Answer 77

C. Emergency Operations Center (EOC)

Explanation:
EOC (Emergency Operations Center): A central temporary command and control facility responsible for our emergency management, or disaster management functions at a strategic level during an emergency. It ensuring the continuity of operation of our organization. We place the EOC in a secure location if the disaster is impacting a larger area.

Question 78

Why do we NOT use full backups for all backups?

A. It would make restores use more tapes
B. Full doesnt clear the archive bit
C. The backup time can take too long
D. The restore time can be too long

Answer 78

C. The backup time can take too long

Explanation:
Full backup: This backs everything up, the entire database (most often), or the system. A full backup clears the all archive bits. Dependent on the size of the data we may do infrequent full backups, with large datasets it can take many hours for a full backup.

Question 79

Which of these hashing algorithms is still considered secure and collision-free?

A. MD5
B. SHA1
C. RIPEMD160
D. MD6

Answer 79

C. RIPEMD160

Explanation:
RIPEMD160: Redesigned, fixing flaws of RIPEMD. 160 bit hashes. Not widely used. Considered secure. MD5 (Message Digest 5): 128bit Fixed-Length hash, used very widely until a flaw was found making it possible to produce collisions in a reasonable amount of time. While not a chosen-text collision, it is still a collision. MD6 (Message Digest 6): Was not used for very long; was supposed to replace MD5, but SHA2/3 were better. It was in the running for the SHA3 race, but withdrawn due to flaws. SHA1 (Secure Hash Algorithm 1): 160 bit Hash Value. Found to have weak collision avoidance, but still commonly used.

Question 80

Which of these would we use to prove the forensics evidence we are presenting in court is authentic?

A. Message digests
B. Asymmetric encryption
C. Symmetric encryption
D. PKI

Answer 80

A. Message digests

Explanation:
Evidence Integrity – It is vital the evidences integrity can not be questioned, we do this with hashes. Any forensics is done on copies and never the originals, we check hash on both original and copy before and after the forensics. Chain of Custody – Chain of custody form, this is done to prove the integrity of the data. No tampering was done. Who handled it? When did they handle it? What did they do with it? Where did they handle it?

Question 81

Where would be somewhere we would have data at rest?

A. Traversing our network or the internet
B. In memory
C. On our storage devices
D. In a unsecured box

Answer 81

C. On our storage devices

Explanation:
Data at Rest (Stored Data): This is data on Disks, Tapes, CDs/DVDs, USB Sticks. We use disk encryption (full/partial), USB encryption, tape encryption (avoid CDs/DVDs). Encryption can be Hardware or Software Encryption.

Question 82

We have acquired another company in our line of business. We notice they are using WEP for their wireless access point. WEP is considered which of these?

A. Unsecure
B. Secure
C. The preferred encryption type of wireless
D. Preconfigured as standard for most wireless access points shipped today

Answer 82

A. Unsecure

Explanation:
WEP (Wired Equivalent Privacy) protocol, early 802.11 wireless security (1997). No longer secure, should not be used. Attackers can break any WEP key in a few minutes.

Question 83

In the US government’s data classification scheme, what would data “if disclosed, could cause serious damage to national security”, be classified as?

A. Top Secret
B. Unclassified
C. Confidential
D. Secret

Answer 83

D. Secret

Explanation:
Secret information is information that, if compromised, could cause serious damage to national security.

Question 84

We have hired a penetration tester, and she has been given partial knowledge of our organization and infrastructure. Which access level would that emulate?

A. A senior executive
B. An administrator
C. A manager
D. A normal employee

Answer 84

D. A normal employee

Explanation:
Gray (Grey) box (Partial Knowledge) Pen testing: The attacker has limited knowledge; is a normal user, vendor, or someone with limited environment knowledge.

Question 85

We have 2 redundant UPSes in our data center. All our servers are connected to both. The load on UPS #1 is 45% and the load on UPS #2 is 65%. What will happen if UPS #1 crashes?

A. The servers will run on UPS#1’s battery
B. UPS#2 will shut down to prevent damage, since the load is %110
C. UPS 2 will take over
D. UPS #2 will run at 110% until UPS #1 is back up

Answer 85

B. UPS#2 will shut down to prevent damage, since the load is %110

Explanation:
UPS #2 would shut down to prevent damage to itself. Redundant UPSes should never have a shared load over 90%

Question 86

Which of these is something that does NOT belong in our data retention policy?

A. Which data do we keep?
B. How to restore safely from backup tape
C. How long do we keep the data
D. Where do we keep the backup data?

Answer 86

B. How to restore safely from backup tape

Explanation:
How to restore would be covered by a DRP or a walkthrough, the retention policy would only deal with what, how long, where and similar topics.

Question 87

What could be something we could implement to mitigate broken authentication and session management (OWASP A2)?

A. Remove default passwords and usernames

C. Data type limitations
D. Captcha

Answer 87

B. Random session IDs

Explanation:
A2 Broken Authentication and Session Management. Sessions do not expire or they take too long to expire. Session IDs are predictable. 001, 002, 003, 004, etc. Tokens, Session ID’s, Passwords, etc. are kept in plaintext.

Question 88

In which form of software testing do we test the connections between the different systems and components?

A. Fuzz testing
B. Interface testing
C. User acceptance testing
D. Static testing

Answer 88

B. Interface testing

Explanation:
Interface Testing – testing of all interfaces exposed by the application.

Question 89

After a security audit we need to mitigate Security misconfiguration (OWASP A5). What could be something we would implement?

A. Remove default passwords and usernames
B. Centralized implementation
C. Implement all websites to be HTTPS
D. Random session IDs

Answer 89

A. Remove default passwords and usernames

Explanation:
A5 Security Misconfiguration. Databases configured wrong. Not removing out of the box default access and settings. Keeping default usernames and passwords. OS, Webserver, DBMS, applications. etc. not patched and up to date. Unnecessary features are enabled or installed; this could be open ports, services, pages, accounts, privileges, etc.

Question 90

Our organization is spending a lot of money and time to train staff in proper safety for data in use. Where would we find data in use?

A. Switch
B. Firewall
C. Desktop
D. Router

Answer 90

C. Desktop

Explanation:
Data in Use: (We are actively using the files/data, it can’t be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.

Question 91

Which of these is a TRUE about hybrid encryption?

A. All of these
B, It uses private and public keys to share a symmetric session key
C. It does not use a shared key
D. It is the strongest per bit

Answer 91

B, It uses private and public keys to share a symmetric session key

Explanation:
Hybrid Encryption: Uses Asymmetric encryption to share a Symmetric Key (session key). We use the security over an unsecure media from Asymmetric for the initial exchange and we use the speed and higher security of the Symmetric for the actual data transfer. The Asymmetric Encryption may send a new session key ever so often to ensure security.

Question 92

After our CEO has had issues getting her finger printer reader to recognize her fingerprint, she is wanting us to lower the sensitivity on the readers. What could be a NEGATIVE side effect of doing what she is asking us to do?

A. True accepts
B. True rejects
C. False accepts
D. False rejects

Answer 92

C. False accepts

Explanation:
FAR (False accept rate) Type 2 error: Unauthorized user is granted access. This is a very serious error.

Question 93

Bob is applying patches to one of our systems, before he does that, he wants a backup he can revert to if things go wrong. Which type of backup should he use?

A. Differential backup
B. Incremental backup
C. Copy backup
D. Full backup

Answer 93

C. Copy backup

Explanation:
Copy backup: This is a full backup with one important difference, it does not clear the archive bit. Often used before we do system updates, patches and similar upgrades. We do not want to mess up the backup cycle, but we want to be able to revert to a previous good copy if something goes wrong.

Question 94

Which of these protocols provides mutual authentication?

A. Kerberos
B. LDAP
C. Diameter
D. Radius

Answer 94

A. Kerberos

Explanation:
Kerberos: Authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to each other in a secure manner. It is based on a client–server model and it provides mutual authentication both the user and the server verify each other’s identity. Messages are protected against eavesdropping and replay attacks. Builds on symmetric keys and requires a trusted third party, and can optionally use PKI during certain phases of authentication. Uses UDP port 88 by default, used in Active Directory from Windows 2000 and onwards, and many Unix OS’.

Question 95

Which process would we use if we want to upgrade the software we use on a regular schedule?

A. Change management
B. Project management
C. Patch management
D. Staff management

Answer 95

C. Patch management

Explanation:
Patch Management: To keep our network secure we need to apply patches on a regular basis. Whenever a vulnerability is discovered the software producer should release a patch to fix it. Microsoft for instance have “Patch Tuesday” (2nd Tuesday of the month). They release all their patches for that month. If critical vulnerabilities are discovered they push those patches outside of the Tuesday. Most organizations give the patches a few weeks to be reviews and then implement them in their environment.

Question 96

Which of these is a COMMON attack on our data “in use”?

A. All of these
B. Eavesdropping
C. Shoulder surfing
D. Cryptanalysis

Answer 96

C. Shoulder surfing

Explanation:
Data in Use: (We are actively using the files/data, it can’t be encrypted). Use good practices: Clean Desk policy, Print Policy, Allow no ‘Shoulder Surfing’, maybe the use of view angle privacy screen for monitors, locking computer screen when leaving workstation.

Question 97

If we are using magnetic stripe ID cards and we are wanting to add additional security measures, which of these could we implement for visual inspection and have it be the MOST secure?

A. Picture of the user
B. Embedded hologram
C. Protected Health Information (PHI)
D. Name, title and department

Answer 97

B. Embedded hologram

Explanation:
Embedded holograms on IDs are much harder to replicate than pictures and other things that can be printed on the card. We would never have Protected Health Information (PHI) on an ID card.

Question 98

After a security incident, our legal counsel presents the logs from the time of the attack in court. They constitute which type of evidence?

A. Direct evidence
B. Circumstantial evidence
C. Secondary evidence
D. Real evidence

Answer 98

C. Secondary evidence

Explanation:
Secondary Evidence – This is common in cases involving IT. Logs and documents from the systems are considered secondary evidence.

Question 99

In which type of access control model would your access to data be determined by your job title?

A. Rule-Based Access Control (RUBAC)
B. Role-based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Discretionary Access Control (DAC)

Answer 99

B. Role-based Access Control (RBAC)

Explanation:
RBAC (Role Based Access Control): Often used when Integrity is most important. Policy neutral access control mechanism defined around roles and privileges. A role is assigned permissions, and subjects in that role are added to the group, if they move to another position they are moved to the permissions group for that position.

Question 100

We have updated our old Business Continuity Plan (BCP) and the new one is approved and ready. What should we do next?

A. Distribute the new ones and destroy the old ones
B. Distribute the new ones and keep them side by side with the old ones
C. Put them on the intranet so employees can access them, but nothing else
D. Put them on the intranet and tell employees to only use the new one

Answer 100

A. Distribute the new ones and destroy the old ones

Explanation:
The plans needs to be continually updated, it is an iterative process. Plans should be reviews and updated at least every 12 month. When we update the plans older copies are retrieved and destroyed, and current versions are distributed

Question 101

We have had issues with employees adding wireless access points in areas of our organization where the wireless coverage is bad. What could be something we could implement, as part of a larger strategy, to stop that from happening again?

A. Opening all ports on our switches
B. Hiding our SSID
C. Port security
D. Changing the SSIDs on our wireless access points every week

Answer 101

C. Port security

Explanation:
Good switch security can help with rogue access points, we would shut down unused ports, add mac-sticky and hardcode if ports are access or trunk ports.

Question 102

You are discussing 4th generation programming languages with a colleague. Which of these are 4th generation languages? (Select all that apply).

A. Cobol
B. SQL
C. Java
D. PHP
E. Perl

Answer 102

B. SQL
D. PHP
E. Perl

Explanation:
4th Generation languages (4GL): Fourth-generation languages are designed to reduce programming effort and the time it takes to develop software, resulting in a reduction in the cost of software development. Increases the efficiency by automating the creation of machine code. Often uses a GUI, drag and drop, and then generating the code, often used for websites, databases and reports. 4th Generation languages include ColdFusion, Progress 4GL, SQL, PHP, Perl, etc. Java and Cobol are 3rd generation languages.

Question 103

DES is very easy to break today. To remedy the problems with DES, 3DES was developed. Which of these is TRUE about 3DES K1?

A. It is 128-bit block cipher with 128, 192 or 256-bit keys
B. It is a 64-bit block cipher with a 112-bit key strength
C. It is a 64-bit block cipher with a 128-bit key strength
D. It is a 64-bit block cipher, with 56-bit keys

Answer 103

B. It is a 64-bit block cipher with a 112-bit key strength

Explanation:
3 DES (Triple DES): Was developed to extend life of DES systems while getting ready for AES. Symmetric – 64-bit block cipher – 56-bit key, 16 rounds of encryption, uses Fistel. 3 rounds of DES vs 1. K1 (keymode1) – 3 different keys with a key length of 168-bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the effective security it provides is only 112-bits.

Question 104

What would we do during the e-discovery process?

A. Make sure we keep data long enough in our retention policies for us to fulfill the legal requirements for our state and sector
B. Delete data that has been requested if the retention period has expired
C. Discover all the electronic files we have in our organization
D. Ensure we keep data preserved and safe, even if it is past the data’s retention period

Answer 104

D. Ensure we keep data preserved and safe, even if it is past the data’s retention period

Explanation:
e-Discovery or Discovery of electronically stored information (ESI) is the process of producing all relevant documentation to our legal council, who will then present it in court or external attorneys in a legal proceeding. We need to ensure data is kept past the retention date if it could be relevant to the case.

Question 105

We keep our backup data for as long as the information is usable or if we are required to by law, standards, or regulations. What is this an example of?

A. Proper data storage
B. Proper data handling
C. Proper data retention
D. Proper data encryption

Answer 105

C. Proper data retention

Explanation:
Data Retention: Data should not be kept beyond the period of usefulness or beyond the legal requirements (whichever is greater).

Question 106

If we are looking at our backups, what order would they be in if they were rated by which takes the longest to the shortest amount of time?

A. Differential > Full > Incremental
B. Full > Differential > Copy
C. Full > Differential > Incremental
D. Full > Incremental > Differential

Answer 106

C. Full > Differential > Incremental

Explanation:
Full backups take the longest (same time as copy), differential take second most time and incremental the least amount of time.

Question 107

In our identity and access management, we are talking about the IAAA model.

Which of these is NOT one of the A’s of that model?

Authorization
B. Auditing
C. Authentication
D. Availability

Answer 107

D. Availability

Explanation:
IAAA is Identification and Authentication, Authorization and Accountability (also called auditing). Availability is part of the CIA triad not IAAA.

Question 108

Jane has been working on our servers and she is adding striping with no parity to the Redundant Array of Independent Disks (RAID) configuration. Why does she do that?

A. To be able to rebuild data from a lost disk
B. To prevent attackers from accessing the real data
C. As part of our backup strategy
D. Faster write speed

Answer 108

D. Faster write speed

Explanation:
Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

Question 109

The original Enigma machine was broken by the Polish in 1939. How many rotors did the Enigma use at the end of the Second World War?

A. 3
B. 10
C. 5
D. 4

Answer 109

D. 4

Explanation:
Enigma - Rotary based. Was 3 rotors early on, which was broken, so the Germans added 1 rotor, making it much harder. Breaking the Enigma was responsible for ending the war early and saving millions of lives.

Question 110

We have been using hashing with salting for our passwords for some years. One of our executives has just heard about the CIA triad and asks, “Which leg of the CIA triad does that support?”. What do you answer?

A. Confidentiality
B. Integrity
C. None of these
D. Availability

Answer 110

B. Integrity

Explanation:
System and data integrity, we use: Cryptography, check sums (This could be CRC), message Digests also known as a hash (This could be MD5, SHA1 or SHA2), digital signatures – non-repudiation. access control.

Question 111

We are using full monthly and incremental daily backups done at midnight. If a system is lost at 20:00 (8PM), how much data would we lose?

A. 40 hours
B. Depends on when the backup finished
C. 18 hours
D. 20 hours

Answer 111

D. 20 hours

Explanation:
We would lose 20 hours of data, the backup takes an inventory at midnight, it doesn’t matter when it finishes, files changed after midnight would not be backed up.

Question 112

A disgruntled employee in our organization is trying to break administrator passwords using dictionary attacks. How would he do that?

A. He uses full words often with numbers at the end
B. He has software installed on a computer that records all keystrokes
C. He uses the entire key space
D. He uses precomplied hashes to compare the password hash to

Answer 112

A. He uses full words often with numbers at the end

Explanation:
Dictionary attacks: Based on a pre-arranged listing, often dictionary words. Often succeed because people choose short passwords that are ordinary words and numbers at the end.

Question 113

After we have applied a patch to our software, which type of test should we use?

A. Regression testing
B. Integration testing
C. Referential testing
D. Misuse testing

Answer 113

A. Regression testing

Explanation:
Regression testing: Finding defects after a major code change has occurred. Looks for software regressions, as degraded or lost features, including old bugs that have come back.

Question 114

Who is responsible for the day to day IT operations of our organization?

A. The CFO
B. The CSO
C. The CIO
D. The CEO

Answer 114

C. The CIO

Explanation:
The Chief Information Officer oversees and is responsible for the day to day technology operations of an organization.

Question 115

df

Question 116

To allow our employees to exit in the case on an emergency, we would want to fix the broken turnstiles first. The gate, the broken camera and the broken fence does not hinder employee evacuation.

A. Star
B. Tree
C. Mesh
D. Ring

Answer 116

A. Star

Explanation:
ARCNET (Attached Resource Computer Network): Used network tokens for traffic, no collisions. Used a Star topology. 2.5Mbps.

Question 117

In a security audit, we are looking at the authentication protocols we use. Which of these uses a key-distribution center?

A. LDAP
B. Radius
C. Diameter
D. Kerberos

Answer 117

D. Kerberos

Explanation:
Kerberos: Authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to each other in a secure manner. It uses an AS (Authentication Server), a TGS (ticket-granting server) which are part the KDC (Key distribution center).

Question 118

You are explaining how we always use Redundant Array of Independent Disks (RAID) on our servers. What do you answer when you get asked, “Why do you use RAID ?”

A. Fault tolerance and backup
B. Redundancy only
C. Fault tolerance and speed
D. Backup

Answer 118

C. Fault tolerance and speed

Explanation:
Redundant Array of Independent Disks (RAID) is used for read/write speed and redundancy, what you get is dependent on RAID type you chose. Comes in 2 basic forms, disk mirroring and disk striping. Disk mirroring: Writing the same data across multiple hard disks, this is slower, the RAID controller has to write all data twice. Uses at least 2 times as many disks for the same data storage, needs at least 2 disks. Disk striping: Writing the data simultaneously across multiple disks providing higher write speed. Uses at least 2 disks, and in itself does not provide redundancy. We use parity with striping for the redundancy, often by XOR, if we use parity for redundancy we need at least 3 disks.

Question 119

When our data is in use, we must choose different types of countermeasures to ensure our data is safe. Which of these is a COMMON attack against data in use?

A. Screen scrapers
B. MITM
C. BCP
D. Stealing unencrypted laptops

Answer 119

A. Screen scrapers

Explanation:
Screen scrapers take a screenshot/scrape of a monitor every so often (or continually), any data displayed on the screen would be captured.

Question 120

Jane is using relational databases. Which of these would be a TRUE statement if she is talking about tuple values?

A. Represent values attributed to that instance
B. Are unique
C. Lists the persons SSN
D. Represents one entity

Answer 120

D. Represents one entity

Explanation:
Relational model: Organizes data into one or more tables (or relations) of columns and rows, with a unique key identifying each row. Rows are also called records or tuples. Each table/relation represents one entity type.

Question 121

In our data center, we want to ensure proper air circulation. Where would our servers normally pull the air in from?

A. Air ducts
B. Sub-flooring
C. Cold isles
D. Hot isles

Answer 121

C. Cold isles

Explanation:
In a well-designed data center we want air to be pulled into the equipment from the cold isles and pushed out in the warm isles. Servers, switches and other rackable equipment are built with air intake and exhaust facing the hot and cold aisles. Servers have intake in the back and exhaust in the front and switches are often reserved.

Question 122

Bob is looking at GUI builders for an upcoming project. Which type of methodology is Bob MOST LIKELY going to use?

A. Agile
B. Spiral
C. RAD
D. Prototyping

Answer 122

C. RAD

Explanation:
RAD (Rapid Application Development): Puts an emphasize adaptability and the necessity of adjusting requirements in response to knowledge gained as the project progresses. Prototypes are often used in addition to or sometimes even in place of design specifications. Very suited for developing software that is driven by user interface requirements. GUI builders are often called rapid application development tools.

Question 123

When authenticating against our access control systems, you are using your passphrase. Which type of authentication are you using?

A. A knowledge factor
B. A biometric factor
C. A location factor
D. A possession factor

Answer 123

A. A knowledge factor

Explanation:
Something you know - Type 1 Authentication: Passwords, pass phrase, PIN etc., also called Knowledge factors. The subject uses these to authenticate their identity, if they know the secret, they must be who they say they are. This is the most commonly used form of authentication, and a password is the most common knowledge factor.

Question 124

Jane is talking to a clinical director and she mentions we would use one of our SANs for an implementation we are doing for the director. What does the abbreviation SAN mean in this case?

A. Segment area network
B. Storage area network
C. Switch area network
D. Server area network

Answer 124

B. Storage area network

Explanation:
SAN (Storage Area Network) protocols provides a cost-effective ways that uses existing network infrastructure technologies and protocols to connect servers to storage. A SAN allows block-level file access across a network, it acts like an attached hard drive.

Question 125

In a penetration test, we are giving the tester detailed knowledge of our environments. Which type of penetration testing is she performing?

A. Gray box
B. White box
C. Full box
D. Black box

Answer 125

B. White box

Explanation: 
White box (Crystal/Clear) Pen testing: (Full Knowledge): The attacker has knowledge of the internal network and access to it like a privileged employee would. Normally Administrator access employee with full knowledge of our environment.