Mixed

Question 1

Best way to minimize impact of DDoS

Answer 1

use firewall to identify and deny traffic to addresses

Question 2

Main reason to measure impact of unplanned interruption

Answer 2

Provides insight into critical business processes

Question 3

When to use digital signatures instead of Message Auth Code

Answer 3

When must be known that sender is the only one who made changes to doc

Question 4

Distinctive characteristic of network tunneling process

Answer 4

encapsulation of packets

Question 5

In what sec. mode is a system operating when 2 or more classification levels are processed and not all users have clearance for all data handled by system

Answer 5

Multi-Level

Question 6

Primary reason for Code Obfuscation

Answer 6

increases diff. of reverse engineering

Question 7

Which is a security service not defined in ISO 7498-2 Security Architecture model

Answer 7

Availability

Question 8

Why are audit trails important

Answer 8

They provide individual accountability

Question 9

Primary components of effective security program

Answer 9

People, Processes, Technology

Question 10

Access Control attack used against a remote user’s callback

Answer 10

Call forwarding

Question 11

Major Weakness of PPTP

Answer 11

Encryption key derived from User’s Password

Question 12

BCP project scope identification includes

Answer 12

BIA, also most CRUCIAL factor for DRP

Question 13

With 802.11B wireless, which tech protects users from each other

Answer 13

Firewall on each device/computer

Question 14

Stack overflow that crashes TCP/IP service daemon can result in serious security breach because

Answer 14

process is executed by a privileged entity

Question 15

ISO 27001 complements…

Answer 15

17799

Question 16

17799 is evolution of

Answer 16

7799

Question 17

Activation of virus attached in email is avoided by

Answer 17

configuring client to not automatically open attachments

Question 18

Crypto attack that uses execution times and cryptographic device power requirement

Answer 18

Differential

Question 19

Main reason to use IPsec in tunnel mode is

Answer 19

protect entire IP packet

Question 20

Design phase in Software Development Life Cycle (SDLC) includes all but:

Answer 20

Developing maintenance and operations manual

Question 21

Which EAL within Common Criteria provides security assurance “methodically tested and checked” ?

Answer 21

EAL 3

Question 22

Which attack will a Network-Based IDS detect

Answer 22

Phone Book File attack from a browser using SSL

Question 23

Term that defines what security properties of a product is evaluated in Common Criteria evaluation is:

Answer 23

Security Target

Question 24

Regularly scheduled check of network cards in promiscuous mode is a countermeasure for:

Answer 24

Sniffer

Question 25

Basic foundation of Privacy Management process is

Answer 25

Organizational Governance

Question 26

Reconnaissance phase of penetration testing employs:

Answer 26

Social engineering

Question 27

Risk analysis based on historical costs and probability of a thread and is measured in cost to the organization is:

Answer 27

quantitative method

Question 28

In a computer forensics investigation involving a HD, examiner should keep a log including:

Answer 28

timestamps of files on the media

Question 29

Which of the following is a weakness of both statystical anomaly detection and pattern matching:

Answer 29

lack of a learning model

Question 30

In addition to providing audit trail auditors can use, loggin provides:

Answer 30

backout and recovery information

Question 31

Which approach to IPsec key exchange is protocol of choice of IETF (Internet engineering task force)

Answer 31

ISAKMP

Question 32

Patch management life cycle begins with:

Answer 32

developing a baseline software inventory management system

Question 33

Not a fundamental component (question) of Regulatory Security Policy

Answer 33

WHY it is to be done

Question 34

Important aspect of computer ethics program involves consideration of

Answer 34

Regulatory Requirements

Question 35

Commonly used technique by covert Channel is

Answer 35

tunneling

Question 36

Class of threat associated with manual or automated process

Answer 36

operational

Question 37

Provides a minimum level of security acceptable for an environment

Answer 37

Baseline

Question 38

Formal Security Policy Model is one that:

Answer 38

is a mathematically precise statement of a security policy

Question 39

Inner workings of a buffer overflow attack:

Answer 39

Program fails to check buffer size limits before storing data

Question 40

Expert systems differ from other AI programs because

Answer 40

need to encode domain-dependant knowledge of the everyday practitioner and using it to solves problem

Question 41

Mitigation strategy that falls in certification framework for application development security

Answer 41

waiver authorization

Question 42

Financial transaction digitally signed, what method can be used to prevent the transaction from being done again

Answer 42

Include timestamp on the message

Question 43

Operates at the media layer and is an attempt by an intruder to inject packets in a conversation

Answer 43

Real-Time Transport Protocol (RTP) hijacking

Question 44

Birthday attack can be used to:

Answer 44

find Hash Collisions

Question 45

Could be used to encrypt network traffic streaming between two offices

Answer 45

IPsec AH (Authentication Header) tunnel

Question 46

Valid reason to propose two-factor auth for Remote Access

Answer 46

More vulnerable and requires better authentication

Question 47

Implementation of a positive security model on a firewall allows:

Answer 47

all defined legitimate traffic and denies everything else

Question 48

Main advantage of positive security model

Answer 48

New or Unknown attackes are more easily prevented

Question 49

IPsec provides security to traffic at what point in transmission?

Answer 49

At perimeter if IPsec is enabled on Firewall or Router

Question 50

SYN attack can be determined by observing

Answer 50

Spoofed source IP address

Question 51

NOT a characteristic of an IDS

Answer 51

Determines the source of incoming packets

Question 52

As part of BCP, two characteristics of a business task or function MUST be identified:

Answer 52

Result and requirement

Question 53

Primary consideration when a shared device is used to store data outside with an outsourced organization:

Answer 53

Minimize risk of data loss due to device failure through volume partitioning

Question 54

Organizational Security Policy (OSP) is

Answer 54

a High-Level management document to inform all users on the goals and constraints on using a system

Question 55

Primary benefit of hierarchical storage management system is:

Answer 55

Use of less expensive storage media for infrequently accessed data

Question 56

Benefits of IPsec include:

Answer 56

Access control, Connectionless integrity and Rejection of replayed packets (NOT Data Destination Authentication)

Question 57

Principal difference between OpenPGP and S/MIME

Answer 57

Method of key exchange is different between OPGP and SMIME

Question 58

Organizational Security Program is completed by:

Answer 58

Establishing a methodology for resolving discovered problems

Question 59

Common Criteria defines security controls in these categories:

Answer 59

Functional and Assurance

Question 60

Inbound traffic pattern that indicates voice network being hacked

Answer 60

High number of short duration calls

Question 61

Encryption to avoid traffic analysis would be based on:

Answer 61

hop-by-hop

Question 62

DB with physicians and researchers pose what challenge to developer:

Answer 62

Provide general information without revealing details

Question 63

Crypto pseudorandom key generation is best described as:

Answer 63

Calculation of a key using a seed value and a deterministic algorithm

Question 64

Information retention policy should be clearly defined to all employees to protect company from:

Answer 64

discovery issues

Question 65

in Bell-Lapadula, system state is secure if access mode from subject to object is in accordance to:

Answer 65

Specific security policy

Question 66

When significant changes to system occur during maintenance phase of SDLC, what is required:

Answer 66

Recertification of sensitive applications and periodic risk analysis

Question 67

In web application logs, a “request has succeeded” code is:

Answer 67

200

Question 68

OSI layer 1

Answer 68

Physical - point to point data connection

Question 69

OSI layer 2

Answer 69

Data link - point to point data connection (reliable)

Question 70

OSI layer 3

Answer 70

Network - addressing, routing, datagram delivery

Question 71

OSI layer 4

Answer 71

Transport - reliable packet delivery betweek Point to point in network, TCP-IP (connected session)

Question 72

OSI ayer 5

Answer 72

Session - interhost comm, session management between apps

Question 73

OSI layer 6

Answer 73

Presentation - data representation, encryption - decryption, conversion of machine dependent to machine independent data

Question 74

OSI layer 7

Answer 74

Application - Network process to application

Question 75

DSSS

Answer 75

Direct sequence spread spectrum

Question 76

FHSS

Answer 76

Frequency Hopping Spread Spectrum - rapidly changing freq.

Question 77

OFDM

Answer 77

Orthogonal Frequency division multiplexing - high bandwidth spling in many low bandwidth transmissions

Question 78

FDMA

Answer 78

Frequency Division Multiple Access - analog cell

Question 79

TDMA

Answer 79

Time division multiple access - digital cell, two bands for each call

Question 80

CDMA

Answer 80

10x DSSS bandwidth

Question 81

UMTS

Answer 81

3GPP cell tech

Question 82

War Dialing

Answer 82

Dial entire range of numbers to identify lines connected to modems

Question 83

Rogue model vulnerability

Answer 83

Modem connection without knowledge or authorization from organization

Question 84

SONET/SDH

Answer 84

fiber-optic net (MAN is typically based on that)

Question 85

VAN

Answer 85

Value Added Network - between organizations typically

Question 86

IGMP

Answer 86

Used to manage multicasting groups

Question 87

Switches

Answer 87

Forward frames only to the specified MAC

Question 88

Miltiplexor

Answer 88

Combines several signals into one data stream

Question 89

WPA

Answer 89

uses RC4 with 128-bit keys with TKIP

Question 90

TKIP

Answer 90

Temporal Key Integrity Protocol

Question 91

WPA2

Answer 91

uses AES and CCMP (Counter-mode/CBC-MAC protocol), supports EAP framework

Question 92

Blue Jacking

Answer 92

anonymous message displayed on device

Question 93

Blue bug attack

Answer 93

initiate calls from victim’s phone

Question 94

ARP

Answer 94

Address resolution protocol (resolve layer 3 IP with Layer 2 MAC)

Question 95

PAP

Answer 95

Password authentication protocol (not as secure as CHAP)

Question 96

CHAP

Answer 96

Challenge Handshake Authentication Protocol - password sent as a one-way MD5 hash, challenge includes nonce

Question 97

Nonce

Answer 97

Parameter that varies with time, or number used once.

Question 98

EAP

Answer 98

Extensible Authentication Protocol

Question 99

EAP-TLS

Answer 99

Both client and server mutually authenticate over TLS with certificate

Question 100

EAP-TTLS

Answer 100

less secure than TLS, certificate presented to client only

Question 101

EAP-PEAP

Answer 101

less secure than TLS

Question 102

Eavesdropping

Answer 102

discover user identities by sniffing authentication traffic

Question 103

War Driving

Answer 103

driving around area trying to find Wireless APs

Question 104

Layer 3

Answer 104

IP devices (NAC, PCs, etc…)

Question 105

PPTP

Answer 105

Point to Point tunneling protocol, derives encryption from user password

Question 106

SSH

Answer 106

Protects integrity of comm and supports strong AUTH.

Question 107

SSH2

Answer 107

Improved integrity and more digital certs types

Question 108

IPSec

Answer 108

IP Security, provides encryption and AUTH

Question 109

AH

Answer 109

Authentication Header - guarantees identity of sending node

Question 110

ESP

Answer 110

Encapsulating Security Payload - encrypts IP packet for confidentiality and integrity

Question 111

IKE

Answer 111

Internet Key Exchange for IPSec

Question 112

Ping of Death

Answer 112

based on misconfigured ICMP packet that is 64k, host may crash if improperly patched

Question 113

traceRT exploit

Answer 113

helps map victim network

Question 114

Smurf attack

Answer 114

ICM echo request with spoofed source address of victim to a network’s broadcast address, victim overwhelmed by echo replies

Question 115

Teardrop attack

Answer 115

ip frags are constructed by attacker to create a negative number for host when it reconstructs packet. IP stack can crash

Question 116

TCP Ports

Answer 116

0-1023, Well-known. 1024-49151, Registered ports. 49152-65535, Dynamic or private.

Question 117

UDP

Answer 117

User Datagram Protocol - no handshake, no error detection

Question 118

SYN scanning

Answer 118

scanning method that doesn’t complete handshake process, sometimes undetectable, not logged

Question 119

Session Hijacking

Answer 119

(Man in the middle) - Unauthorized insertion of packets in a data stream. App layer protection can mitigate.

Question 120

Remote Procedure Call

Answer 120

Executes objects across hosts.

Question 121

TACACS+

Answer 121

Separates AUTH and AUTOR, unlike Radius, IETF STD

Question 122

LDAP

Answer 122

directory based on X.500, weak AUTH unless over SSL

Question 123

NIS+ (Unix)

Answer 123

AUTH and AUTOR, better than NIS

Question 124

CIFS/SMB

Answer 124

File sharing protocol in WIN

Question 125

AES

Answer 125

Rijndael algorithm

Question 126

Clipper chip

Answer 126

Key Escrow

Question 127

XOR

Answer 127

Stream cipher/encryption algorithm

Question 128

DES

Answer 128

Data Encryption Standard - Symm., 56-bit, uses private key for encryption

Question 129

Reference monitor requires:

Answer 129

Isolation, Completeness, Verifiability

Question 130

RSA

Answer 130

uses public key for encryption, based on difficulty of factoring large numbers, Asymmetric.

Question 131

PGP

Answer 131

Pretty good privacy - doesn’t use a hierarchical trust model. Symm. key and public key crypto. Web of Trust. Provides Confidentiality, Integrity, Authenticity.

Question 132

SOCKS Gateway

Answer 132

Circuit-level firewall

Question 133

in SDLC, waterfall model assumes that:

Answer 133

each step can be completed and finalized without any effect from the later stages that may require rework

Question 134

elements of a TCV that implement reference monitor concept

Answer 134

Protection rings

Question 135

Percentage of loss a realized threat could have:

Answer 135

Exposure Factor (EF)

Question 136

Malware that is self-contained, no need to be part of another computer program to propagate

Answer 136

Worm

Question 137

CA can revoke a certificate when:

Answer 137

Certificate owner’s private key is compromised

Question 138

protocol - eWallet, encrypted credit card info sent to merchant then DigiSigned and sent to bank

Answer 138

SET

Question 139

Cryptanalytic attack with least amount of info

Answer 139

Ciphertext-only

Question 140

Public Key algo. are:

Answer 140

1-10K slower than secret key algo.

Question 141

Kerberos protected from replay attacks by:

Answer 141

Time Stamps

Question 142

Diffie-Hellman

Answer 142

Key Exchange

Question 143

Digital Signature

Answer 143

Sender encrypts a message digest with his private key