ic2 Flashcards Preview

cissp-ac > ic2 > Flashcards

Flashcards in ic2 Deck (59):

A standard that outlines how countermeasures can be developed to control spurious electrical signals that radiate from electrical equipment. Equipment that needs to be highly secure should prevent or control this type of radiation and adhere to this standard



Integrity model that allows access controls that can change dynamically depending on the actions of a user. It ensures that conflict of interest is protected.

The Brewer and Nash


Organizations usually have various types of recovery plans. This plan specifically establishes personnel safety and evacuation procedures. As a general principle, human life is given the highest priority in the event of a disaster.

a. Business resumption plan
b. The Occupant emergency plan

The Occupant emergency plan


It is similar to a technique used in residential homes where certain gadgets can be configured to turn lighting on or off at pre-determined times. This gives the illusion that the house is occupied. The same technique is used in companies and security guards can configure the times that lights turn on and off.

a. Standby lighting
b. Controlled lighting

a. Standby lighting


Once a disaster strikes, Interim operations kick in. These include emergency responses and situational assessments. This is then followed by alternate operations during which recovery and restoration operations are performed. This then allows the company to recover back to normal operations.

a. Disaster, Interim operations, Alternate operations, Normal operations
b. Disaster, Backup operations, Salvage operations, Normal operations

a. Disaster, Interim operations, Alternate operations, Normal operations


An Internet Service Provider adds a large generator and battery bank to its infrastructure. Which of the following needs to be added to the list of operational procedures?

a. Monthly testing of the generator and annual testing of the batteries
b. Annual testing of the generator and monthly testing of the Batteries
c. Annual testing of the generator and the batteries
d. Monthly testing of the generator and the batteries

d. Monthly testing of the generator and the batteries


Senior management plans to implement a security policy that outlines what can and cannot be done with employees' e-mail for monitoring purposes and to address privacy issues. What would such a security policy be called?

a. Organizational
b. Issue-specific

b .Issue-specific policies are also called functional implementing policies. They address specific issues that management feels needs more explanation and attention.


Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances?

a. Guidelines
b. Procedures

a. Guidelines


Non-enforced password management on servers and workstations would be defined as a:

a. Risk
b. Vulnerability

b. Vulnerability


Information such as data that is critical to a company needs to be properly identified and classified. In general, what are the guidelines to classify data?

a. Classify all data irrespective of the format it exists in (paper, digital, audio, video)
b. Classify only data that is digital in nature and exists on the company servers, desktops and all computers in the company.

a. Classify all data irrespective of the format it exists in (paper, digital, audio, video)


In a secure network, personnel play a key role in the maintenance and promotion of security procedures. Which of the following roles is responsible for ensuring that the company complies with software license agreements?

a. Process owner
b. Product-line manager

b. Product-line manager


Once risk assessment of a company is performed, threats and vulnerabilities are identified and the total / residual risk is determined. Which of the following is not one of the ways in which risk is handled?

a. Risk Avoidance
b. Risk Inference

b. Risk Inference - Risk Inference is not a valid way to handle Risk. Risks are usually dealt with in four ways - risk mitigation, risk avoidance, risk transference and risk acceptance.


Which of the following statements is not true with respect to the relationships between threat, vulnerability, exposure, countermeasure and risk?

a. A countermeasure can mitigate a vulnerability.
b. A vulnerability can expose a system to possible damage

a. A countermeasure can mitigate a vulnerability.

A countermeasure usually mitigates a risk and not a vulnerability. A vulnerability is just the potential possibility that a risk may occur.


With regard to finding a network address, ______________ knows the IP address and broadcasts to find the matching MAC address; whereas _______________ knows the MAC address and broadcasts to find the matching IP address.




Security policies can be categorized as regulatory, advisory or informative. What is true of an advisory policy?

a. An advisory policy cannot be enforced.
b. An advisory policy may describe the consequences of not abiding by the rules and procedures.

b. An advisory policy may describe the consequences of not abiding by the rules and procedures.


A Microsoft Exchange email server uses the X.400 protocol internally to exchange email with Outlook clients within the network. What standard protocol does it use to send mail to other servers on the Internet?
a. POP3
b. X.400



How would you distinguish S-HTTP from HTTPS?
a. S-HTTP is SSL over HTTP whereas HTTPS uses encryption.
b. HTTPS is used to protect the communication channel between two computers while S-HTTP protects a message that is sent from one computer to another.

b. HTTPS is used to protect the communication channel between two computers while S-HTTP protects a message that is sent from one computer to another.

Although both HTTPS and S-HTTP sound very similar, they are different in that, HTTPS is used to protect the communication channel between two computers while S-HTTP protects a message that is sent from one computer to the other.


Kerberos is a very effective authentication mechanism. One of its weaknesses is that:
a. The encryption processes are based on passwords and traditional password-cracking attacks can compromise the system.
b. The ticket-granting ticket granted by the Ticket Granting Server to a requesting resource is susceptible to interception.

a. The encryption processes are based on passwords and traditional password-cracking attacks can compromise the system.

Although Kerberos is by itself a very robust authentication mechanism, its weak link lies in the fact that it uses passwords for encryption and these can be subject to traditional attacks.


Which of the following locations would be the least useful in keeping a copy of a business continuity and disaster recovery plan?
a. The BCP coordinator's home.
b. Back up Location
c. Primary Location

c. Primary Location

Among the choices listed, the primary facility is the least effective for storage of the business continuity and disaster recovery plans. This is because in case of a disaster striking the facility, it may not be possible to retrieve the plans. The other choices, including keeping a copy of the plan in the BCP coordinator's home will serve the purpose.


Data on a server has been compromised due to a hack into the system. A forensic investigator needs to copy the data on a hard disk on the server. Which of these will be the first step to be performed as part of the process?

a. Ensure that a bit-level copy is performed sector by sector, using a specialized tool.
b. Ensure that the new media into which the hard disk is being copied is properly purged.

a. Ensure that a bit-level copy is performed sector by sector, using a specialized tool

Among the given choices, the first step to be performed is to purge the new media completely before copying the hard disk contents. There have been instances where the media has contained prior information and was considered inadmissible in courts.


Jeremy is hired by a publicly traded company to perform SOX compliance checking. Which of the following accurately describes this work?
a. Internal Audit
b. External Audit

a. Internal Audit

An internal auditor works for the organization. While some auditors can also perform penetration testing, it is usually not their main job function.


What type of iris lens would typically be used in an area that has fixed lighting?

a. Manual
b. Automatic

a. Manual

Closed-circuit TV (CCTV) systems have many components, which include cameras, transmitters, receivers, recording systems, and monitors. The camera used in a CCTV system has many characteristics that need to be taken into account. One of these characteristics is the lens. There are two kinds of irises used in camera lenses in CCTV systems - automatic and manual. Manual lenses would be used in areas with fixed lighting and automatic lenses are used in areas where the light changes from time to time.


In which security mode can users access all data once they have proper clearances and comply with certain other requirements?

a. Dedicated security mode
b. Multilevel security Mode

a. Dedicated mode

In dedicated security mode, once a user has the necessary clearances, he/she can access all data. This is in contrast to the other modes where users can only access some of the data subject to approvals.


A token device is a handheld device that can be used to authenticate a user in a synchronous or asynchronous manner. What mechanism does an asynchronous token-generating method employ?

a. Counter based mechanism
b. Challenge/response mechanism
c. Accept/Reject mechanism
d. Start/Stop mechanism

b. Challenge/response mechanism

In an asynchronous token method, the device uses a challenge/response scheme whereby it authenticates a user. The authentication server sends the user a random value (a challenge). This value is entered by the user into the token device which returns an encrypted value. This value is entered by the user and sent to the authentication server for authentication.


In access control terminology, an account username is _________ and the password is _________.

a. Authorization, Identification
b. Identification, Authentication
c. Authentication, Authorization
d. Accountability, Authentication

b. Identification, Authentication

Identification ensures that a subject is the entity that it claims to be. This is achieved by use of a username, or account number. Authentication ensures that an additional credential such as a password or PIN number matches previously stored values for the subject.


When IPSec is used in transport mode, what is the only part of the message that is encrypted?

a. Payload
b. Authentication Header
c. Routing Header
c. Symmetric Public Payload

a. Payload

When IPSec is used in transport mode, only the payload of the message is encrypted.


Which of the following memory technologies is most commonly DRAM used to store computer BIOS microcode?

a. ROM
c. RAM


Electrically Erasable Programmable Read Only Memory is a non-volatile storage technology that can be "flashed" with reprogramming and updates. It is used to store the BIOS on most modern computer systems.


Which of the following is not a countermeasure to eavesdropping

a. Use of routers
b .Encryption of network traffic
c. Traffic padding
c. Rerouting of information

a. Use of routers

Eavesdropping is the act of intercepting and viewing unauthorized information that is being transmitted over the network. Use of routers will not prevent this activity.


An information systems security professional enforces separation of duties with the intention of reducing frauds and errors. However, this results in inflexible operations. What could the professional do to ease things?

a. Implement static separation of duties
b. Implement conditional separation of duties
c. Implement job rotation instead
d. Implement dynamic separation of duties

c. Implement dynamic separation of duties

Dynamic separation of duties allows for flexibility in operations. Static separation of duties results in rigid policies. Job rotation will not help and conditional separation of duties is not a valid type of separation of duties.


Which of the following is NOT useful for Encryption?

a. AES
b. Digital Signature Algorithm
c. RSA
d. DES

a. Digital Signature Algorithm

DSA, based upon the Digital Signature Standards created by NIST, can not be used for encryption. The other options can be used for encryption.


Which of the following uses asymmetric-key encryption?

a. RC4
b. Diffie-Hellman
c. 3DES
d. DES

b. Diffie-Hellman

Diffie-Hellman is the only public key exchange asymmetric encryption technology. All the other choices listed are pre-shared key or synchronous.


A contractor assigned to work on a critical application introduced certain pieces of code that he planned to exploit at a later time. How can such activity be detected?

a. By thoroughly testing the code.
b. By implementing a structured code walkthrough process.
c. By implementing an IDS
d. By doing a thorough background check on the contractor prior to hire

b. By implementing a structured code walkthrough process.

Such types of activities are difficult to catch since they are at the programming level. A code review is the only way in which they can be caught.


Full hard drive encryption on laptops mitigates some of the risk of loss or theft of the unit. Under what security realm is this classified?

a. Host Security
b. Network Security
c. Data Security
d. Application Security

c. Data Security

The goal of hard drive encryption is to protect the data and this is classified as data security. This does not protect the host itself.


A covert channel is a way in which an entity can get information in an unauthorized manner. The number of covert channels that can be considered acceptable depends on the assurance rating that the system has. Which of these will have the least number of covert channels?

a. EAL0
b. EAL6
c. EAL3
d. EAL1

b. EAL6

The higher the assurance level, the better the protection. Hence a system with a rating of EAL6 will have a lesser number of covert channels compared to the other values listed. EAL0 doesn't exist.


The Information Technology Security Evaluation Criteria (ITSEC) is a single standard for evaluating security attributes of computer systems. Which of the following regions uses this?

a. United States only
b. Europe only
c. United States and Canada
d. United States and Europe

b. Europe only

The ITSEC is used in European countries. The United States uses the Orange book. However, most countries have started migrating towards Common Criteria.


An operating system has many protection mechanisms to ensure that processes that are running do not negatively affect each other or other components. One such mechanism is a protection ring. The ring architecture is dictated by:

a. The security mode
b. The processor
c. The operating system
d. The processor and the operating system

d. The processor and the operating system

The ring architecture that a system uses, is dependent on the processor and the operating system. This is also the reason that an operating system designed for one platform (chip) do not work with another.


On which layer of the OSI model does a network router operate?

a. Physical
b. Network
c. Data Link

b . Network

A router is a network layer device that only forwards directed traffic. Broadcasts are not forwarded.


A firewall is essentially a special-purpose type of device. Which of the following could be used to describe a firewall?

a. Repeater
b. Bridge
c. Router

c. Router

A firewall is a router with packet inspection and filtering capabilities. In fact, many routers have optional features that may be installed to transform them into firewalls.


Which layer of the OSI model is responsible for interfacing between the network stack and the application?

a. Application Layer
b. Session Layer
c. Transport Layer

a. Application Layer

The application layer does not refer to the end application itself but refers to the interface between the OSI network stack and that application. It is the topmost layer and interfaces with the system and applications.


What type of interference can be caused by fluorescent lights that are commonly found in office buildings?

a. Electrostatic discharge
b. Radio modulation
c. Radio frequency interference
d. Intermodulation

c. Radio frequency interference

Radio frequency interference (RFI) can be caused by devices that produces radio waves and is commonly caused by fluorescent lights in buildings. Shielded cabling and proper placement of cables are ways to help prevent interference due to fluorescent lighting.


Which of the following choices is not a basic principle used to help protect against threats to data integrity?

a. Separation of duties
b. Repudiation
c. Rotation of duties
d. Need-to-know

b. Repudiation

Repudiation does not protect against threats to integrity. Repudiation refers to sending a message and then denying that you sent it. Digital signatures are used to provide a non-repudiation service, which prevents the sender from denying that they sent the message.


When managing risks, which of the following statements is true?

a. Risk Management provides complete security.
b. Risk Management should be outsourced whenever possible to professionals in the Risk Management industry.
c. Risk Management cannot mitigate risk in any way, it is merely an exercise to become aware of existing or possible risks.
d. Risks are best managed with a layered approach, sometimes called defense-in-depth.

d. Risks are best managed with a layered approach, sometimes called defense-in-depth.

Risk Management is just that - management of risk. Risks cannot be completely eliminated. Hence, risks are best managed by a layered approach.


Java uses a security scheme to prevent an applet from having undue access to the rest of the system. What is this called?

a. Ivory Tower
b. Sandboxing
c. Browser-level
d. Safe-mode


Sandboxing constructs a walled, virtual environment to execute foreign code. In theory, an applet cannot pass commands directly to the underlying system, but it is instead abstracted away by the virtual layer.


A software application development project had already proceeded into the design phase when it was discovered that security aspects had not been taken into consideration. What should be done to address this?

a. Prepare the necessary security guidelines and checklists so that they can be used in the build/coding phase.
b. Prepare necessary test plans so that security aspects are properly taken care during Integration testing.
c. Restart the design phase and include security as part of this phase.
d. Revisit the requirements phase to incorporate security requirements and ensure that these are input to the design phase.

d. Revisit the requirements phase to incorporate security requirements and ensure that these are input to the design phase.

Security needs to be built into a software application development project right from the requirements phase. If this has been missed out, the requirements phase needs to be revisited and reworked to address this gap.


In order for security plans to be effective, the time-period for which they must be designed is at least:

a. Three years.
b. Ten years.
c. One year.
d. Six months.

a. Three years.

Security plans should be designed to be useful for at least three years. If not, it means that sufficient thought has not gone into its creation and it needs to be revisited.


Certain audit standards required that records be maintained for 3 years. In order to comply with these standards, what is the recommended duration for which data should be maintained?

a. 4 years
b. 6 years
c. 1 year
d. Exactly 3 years

d. Exactly 3 years

As a general principle, audit data should not be kept any longer than required since it can otherwise consume massive amounts of storage. Hence it is advised to maintain records for exactly 3 years in this case.


Jen would like to have more control over VPN connections made to her corporate network. Additionally, she would like to save effort and money by eliminating costly VPN client licenses. Which technology would be the best solution?

b. IPSec VPN
c. IPSec / L2TP VPN


SSL VPNs make use of common web browsers and allow users to access applications in the organization's network. Back-end databases can also be accessed with the help of plug-ins. This approach is more cost-effective than the VPN using IPSec.


Which of these is not an example of a physical control?

a. Subnets
b. Building location
c. External lights
d. Data backups


Subnets are an example of technical controls. Subnetting allows you to logically break up a network into segments. The other choices of external lighting, data backups, and physical location of the building are physical controls.


The Computer Emergency Response Team (CERT) has an advisory that companies should use legal banners that pop up when employees log in. What would be the purpose of such banners?

a. Using such legal banners absolves the company from any legal action in case of security violations.
b. They permit personal information of the employee to be captured and used by the company.
c. They will prevent employees from violating security policies.
d. They can be used to strengthen a case against an employee in case of a security violation.

d. They can be used to strengthen a case against an employee in case of a security violation

Such banners strengthen the legal case against an employee in case he/she is found to have violated security policies. This is because the company can show that the employee had acknowledged the security policy and given permission to be monitored. The other choices are not valid.


What network device can you implement between end systems on a network to reduce the possibility of sniffing and monitoring attacks by potential intruders?

a. Gateways
b. Routers
c. Switches
d. Firewalls

c. Switches

Switches are used on networks to connect end systems to the network. Switches create a virtual private connection between two communicating end systems on a network. Therefore, data packets are not flooded throughout the network where they could be easily sniffed and monitored. They are sent directly from end system to end system on the network.


Which of the following is NOT a step in contingency Planning?

a. Testing and Implementation
b. Identifying Critical Business Functions
c. Estimating Potential Disasters
d. Identifying Resources and Systems that Support critical Business Functions

a. Testing and Implementation

Testing can only be done after a plan is implemented; it is not a part of designing one. The other choices listed are logical steps in contingency planning.


A bank's rating was lowered post an audit by the Federal Deposit Insurance Corporation (FDIC). Lack of proper administrative controls in the IS department was cited as a key non-conformance. Which of the following would NOT be the Board of Directors' primary response?

a. Hire an Internal IT Auditor into the Risk Management Department
b. Approve an Information Security Program
c. Hire an Internal Auditor into the IS Department
d. Approve a plan to create a procedural manual for the IS department.

c. Hire an Internal Auditor into the IS Department

Auditing is a technical control, however, the question is specifically focused around administrative controls. Hiring an auditor in the IS department is not really a solution to the problem.


All computer users at a government agency must meet the following requirements: clearance, documented formal access, and the need to know. This is what type of security operations mode?

a. Privileged security mode
b. Dedicated security mode
c. Directive mode
d .Trusted mode

b. Dedicated security mode, specified in DOD Directive 5200.28, is an operational mode in which all users have clearance or authorization, documented formal access approval, and a need to know the information stored on the system. Dedicated security mode can be implemented with a single or multiple data classification levels.


The property manager of an office building is installing a new video surveillance system in all public areas. What is the best type of camera lens to be used in the building's lobby area?

a. Telephoto
b. Auto iris lens
c. Long focal length
d. Short focal length

d. Short focal length lenses provide a wide angle view of an area, which is ideal in an open area such as a lobby. Long focal length lenses provide a very narrow view, which is more appropriate for small areas such as entry/ exit points.


Nora has embedded a video and photos of her most recent vacation on her social networking page. The video and photos are actually hosted on two other websites. Which of the following allows Nora to share on her social networking page?

a. XML
b. OLE
c. API

c. APIs, or application programming interfaces, enable two different applications to seamlessly integrate together without either application needing to know much about how the other application works. In this example, APIs enable Nora to share photos and videos on a social networking page, but APIs can also be used to extend functionality or customize off-the-shelf software such as email or finance applications.


Of which of the following would a Nigerian email scam best be categorized?

a. Computer is incidental crime
b. Computer targeted crime
c. Wire tapping
d. Computer assisted crime

a. A computer is incidental crime is a crime in which a computer is used, but another computer is not attacked, nor is electronic data illegally accessed. In the case of an email scam, the crime that is attempted is fraud. The email is simply the vehicle for the scammers' request for money or banking information. These types of scams were carried out through postal correspondence before the rise of email, and could still be conducted by means of pen, paper, envelope, and stamp; thus the computer is simply an incidental mechanism in the crime.


Which of the following is the most accurate and secure form of biometric recognition?

a. Iris scanning
b. Retinal scanning
c. Vascular patterns
d. Fingerprints

b. Retinal scanning offers low false positive rates, and false negative rates of close to zero. It also has a very small base of outliers, those users who are unable to be enrolled in the system. Further is much more difficult to defeat this type of system than other types of biometric readers, including iris scanning.


The lock on a storage facility uses an electronic keypad for access code entry. What additional security components should be implemented with this?

a. Solenoid mechanism and adequate area lighting
b. Entry delay and badge reader
c. Mantrap and egress control
d. Keypad shield and battery backup

d. When using electronic cipher locks, it is highly recommended that the keypad be shielded from view by anyone but the immediate user, to prevent unauthorized users from shoulder surfing key codes. These types of locks should also be connected to a battery backup to ensure continuous operation of the lock during power outages.


Immediately after a significant earthquake, the manager of an IT group begins to assess which of his team members were able to evacuate, to determine if any of his staff may have been trapped in the basement data center. Because the security policy requires employees to badge in and out of the data center, the manager is able to check logs to determine which employees were in the data center at the time of the quake and which ones had badged out prior to that time. What is this system feature called? .

a. Turnstiling
b. Anti-passback
c. Location logging
d. Badging out

b. Anti-passback features require users to provide badges, PINs, or other authentication device every time a user enters and exits specified portals. If an employee fails to badge-out of a restricted area, he or she will be prohibited from re-entering that secured area without administrative intervention. This is a countermeasure against users sharing badges, PINs, etc.