P/E 1 Flashcards

Question

25. Which of the following is the type of antivirus response function that removes the malicious code but leaves damage unrepaired? A. Cleaning B. Removal C. Stealth D. Polymorphism

Answer 1

Answer: B Removal removes the malicious code but does not repair the damage caused by it. Cleaning not only removes the code, but it also repairs any damage the code has caused.

Answer 2

Answer: D A directory service is a centralized database of resources, such as a phone directory, made available to the network.

Answer 3

Answer: B The Digital Signature Algorithm (as specified in FIPS 186-2) is the only one of the algorithms listed here that supports true digital signatures, providing integrity verification and nonrepudiation. HMAC allows for the authentication of message digests but supports only integrity verification. MD5 and SHA-1 are message digest creation algorithms and can be used in the generation of digital signatures but provide no guarantees of integrity or nonrepudiation in and of themselves.

Answer 4

Answer: D The Payment Card Industry Data Security Standard (PCI DSS) places contractual obligations on merchants and service providers to ensure the security of cardholder information.

Answer 5

Answer: C Long cable lengths can often be supplemented through the use of repeaters or concentrators. A repeater is just a signal amplification device.

Answer 6

Answer: C Dynamic Host Configuration Protocol (DHCP) uses port 68 for client request broadcast and port 67 for server point-to-point response.

Answer 7

Answer: C A side benefit of risk analysis is a complete and detailed valuation of all assets. None of the other options is an element or benefit of risk analysis.

Answer 8

Answer: A In transport mode, the IP packet data is encrypted, but the header of the packet is not.

Answer 9

Answer: B Voice over IP (VoIP), which transmits voice communications through an IP network, introduces network-specific vulnerabilities to voice communications.

Answer 10

Answer: B Auditing is the process by which online activities of user accounts and processes are tracked and recorded.

Answer 11

Answer: A Accountability is the ultimate goal of a process started by identification.

Answer 12

Answer: D Compensation access control is deployed to provide various options to existing controls to help enforce and support a security policy.

Answer 13

Answer: C In the man-in-the-middle attack, a malicious individual sits between two communicating parties and intercepts all communications (including the setup of the cryptographic session).

Answer 14

Answer: C A brute-force attack is an attempt to discover passwords for user accounts by systematically attempting every possible combination of letters, numbers, and symbols.

Answer 15

Answer: A The Authentication Header provides assurances of message integrity and nonrepudiation.

Answer 16

Answer: C Detective access control is deployed to discover unwanted or unauthorized activity.

Answer 17

Answer: D Authorization ensures that a requested activity or access to an object is possible given the rights and privileges assigned to an authenticated identity.

Answer 18

Answer: A The atomicity of database transactions requires transaction execution in an all-or-nothing fashion. If any part of the transaction fails, the entire transaction is rolled back.

Answer 19

Answer: A Recovery access control is deployed to repair or restore resources, functions, and capabilities after a violation of security policies.

Answer 20

Answer: B Qualitative risk analysis does not employ complex formulas and calculations. Scenario discussions and simple value assignments are used to evaluate risk, incidents, losses, and safeguards.

Answer 21

Answer: C When an intruder is detected by an IDS, they are transferred to a padded cell. The transfer of the intruder into a padded cell is performed automatically, without informing the intruder that the change has occurred. The padded cell is unknown to the intruder before the attack, so it cannot serve as an enticement or entrapment. Padded cells are used to detain intruders, not to detect vulnerabilities.

Answer 22

Answer: C A hash total is a checksum used to verify the integrity of a transmission.

Answer 23

Answer: A Cryptographic salt values are added to the passwords in password files before hashing to defeat rainbow table and dictionary attacks.

Answer 24

Answer: B The smurf attack depends on ping packets, which are implemented by the Internet Control Message Protocol (ICMP).

Answer 25

Answer: C The principle of availability implies that network services, communications, and access control mechanisms are functional and allow authorized users to gain authorized access.

Answer 26

Answer: A An ACL is based on an object and includes a list of subjects that are granted access. A capability table is focused on a subject and includes a list of objects the subject can access. Roles and accounts are examples of subjects and may be included in an ACL, but they aren't the focus.

Answer 27

Answer: B The data owner is the person who has final corporate responsibility for the protection and storage of data. Owners may be liable for negligence if they fail to perform due diligence in establishing and enforcing security policy to protect and sustain sensitive data.

Answer 28

Answer: D In a teardrop attack, an attacker fragments traffic in such a way that data packets cannot be put together. A zero day exploit refers to an attack using vulnerabilities that are unknown to others. Spamming refers to sending massive quantities of unsolicited email. A distributed denial of service (DDoS) attack is an attack on a single system from multiple sources.

Answer 29

Answer: C The SaaS service model provides services such as email available via a web browser. IaaS provides the infrastructure (such as servers) and PaaS provides a platform (such as an operating system and application installed on a server). Public is a deployment method, not service model.

Answer 30

Answer: B Top secret is the highest security classification for a government/military organization.

Answer 31

Answer: D The Vernam cipher, or one-time pad, is not practical for use on an automated basis. DES and 2DES are no longer considered secure cryptosystems. 3DES is a strong cryptosystem appropriate for use.

Answer 32

Answer: D 802.11n can use the 2.4 GHz and 5 GHz frequencies. The 2.4 GHz frequency is also used by 802.11g and 802.11b.

Answer 33

Answer: B The gateway is a network device (or service) that works at the Application layer. However, an Application layer gateway is a very specific type of component. It serves as a protocol translation tool. For example, an IP-to-IPX gateway takes inbound communications from TCP/IP and translates them over to IPX/SPX for outbound transmission.

Answer 34

Answer: D The maximum allowed ping packet size is 65,536 bytes. To engage in a ping-of-death attack, an attacker must send a packet that exceeds this maximum. Therefore, the smallest packet that might result in a successful attack would be 65,537 bytes.

Answer 35

Answer: C SSL uses port 443 to transmit encrypted web traffic over TCP connections.

Answer 36

Answer: D A host-based IDS watches for questionable activity on a single computer system. A network-based IDS watches for questionable activity being performed over the network medium, can be made invisible to users, and is ineffective on switched networks.

Answer 37

Answer: C To make the determination of whether the safeguard is financially equitable, use the following countermeasure cost/benefit equation: (ALE before countermeasure – ALE after implementing the countermeasure) – annual cost of countermeasure = value of the countermeasure to the company.

Answer 38

Answer: C Rainbow tables use an iterative series of precomputed password hashes as an alternative to sequential guessing or dictionary-based lookup attacks against authentication mechanisms.

Answer 39

Answer: B The first step toward granting a user access is for them to claim an identity (identification). That is followed by verifying credentials (authentication), then by granting authority (authorization), and finally by monitoring activity (auditing).

Answer 40

Answer: D In a replay attack, the malicious individual intercepts an encrypted message between two parties (often a request for authentication) and then later replays the captured message to open a new session.

Answer 41

Answer: A The Internet Security Association and Key Management Protocol (ISAKMP) provides background security support services for IPSec, including managing security associations.

Answer 42

Answer: A Criminal investigations typically follow the "beyond a reasonable doubt" standard of evidence.

Answer 43

Answer: B Nessus is a network vulnerability scanning tool that searches systems for known vulnerabilities.

Answer 44

Answer: D The Data Manipulation Language is a subset of SQL containing the commands used to interact with data.

Answer 45

Answer: A The principle of least privilege restricts user privileges to what they need and no more. Users do not have a need to log onto any computer in the network. A policy used to implement the principle of least privilege can restrict users to a single computer, restrict access to files, and restrict access to backups.

Answer 46

Answer: B Following rules for strong password generation is not a direct defense against social engineering attacks.

Answer 47

Answer: A Without object integrity, confidentiality cannot be maintained. In fact, integrity and confidentiality depend on one another.

Answer 48

Answer: A Ethernet is a shared media LAN technology. That means it allows numerous devices to communicate over the same medium but requires that each device take turns communicating and perform collision detection and avoidance.

Answer 49

Answer: A Identification occurs when a user professes an identity with a login ID. The combination of the login ID and the password provide authentication. Auditing provides accountability. Users are granted authorization to access resources based on their proven identities.

Answer 50

Answer: A The Authentication Header (AH) provides assurances of message integrity and nonrepudiation.

Answer 51

Answer: D Identification is the process by which a subject professes an identity and accountability is initiated.

Answer 52

Answer: B Companion viruses use filenames that mimic the filenames of legitimate system files.

Answer 53

Answer: B Secure Shell (SSH) provides secure replacements for a number of common Internet utilities.

Answer 54

Answer: A Process confinement allows a process to read from and write to only certain memory locations and resources.

Answer 55

Answer: B The password combined with the username provides authentication. The username by itself provides identification. Logging and auditing of user actions provide accountability. Authorization refers to granting users access to resources based on their proven identities.

Answer 56

Answer: B S-RPC is an authentication service and is simply a means to prevent unauthorized execution of code on remote systems.

Answer 57

Answer: A The 169.254.x.x range is usually employed by the Microsoft APIPA response to failed DHCP services.

Answer 58

Answer: B Monitoring the activities of subjects and objects, as well as of core system functions that maintain the operating environment and the security mechanisms, helps establish accountability on the system.

Answer 59

Answer: D Wired Equivalent Privacy (WEP) technology is notoriously insecure and vulnerable to eavesdropping attacks.

Answer 60

Answer: B Internet email must comply with X.400.

Answer 61

Answer: D Blowfish has a maximum key length of 448 bits.

Answer 62

Answer: D NAT does not allow initiations from external entities. Therefore, allowing external initiations is not a benefit. The benefit is that NAT does not allow them.

Answer 63

Answer: D When information is collected about your activities online without your consent, it is known as a violation of privacy.

Answer 64

Answer: D In a teardrop attack, an attacker exploits a bug in operating systems. The bug exists in the routines used to reassemble (that is, resequence) fragmented packets. An attacker sends numerous specially formatted fragmented packets to the victim, which causes the system to freeze or crash.

Answer 65

Answer: C Nondiscretionary access control enables the enforcement of systemwide restrictions that override object-specific access control.

Answer 66

Answer: B The primary concern in any business continuity or disaster recovery effort is ensuring personal safety for everyone involved.

Answer 67

Answer: A;B;C IDSs watch for violations of confidentiality, integrity, and availability. Attacks recognized by IDSs can come from external connections (such as the Internet or partner networks), viruses, malicious code, trusted internal subjects attempting to perform unauthorized activities, and unauthorized access attempts from trusted locations.

Answer 68

Answer: C The security management task in which critical, significant, and sensitive work tasks are divided among several individual administrators or high-level operators is separation of duties.

Answer 69

Answer: C A knowledge-based IDS is effective only against known attack methods, which is its primary drawback.

Answer 70

Answer: C The spiral model uses multiple iterations of the waterfall model, so it is considered a meta-model.

Answer 71

Answer: B Triple DES (3DES) requires either two or three DES keys to generate an effective key strength of 168 bits, triple the strength of standard DES's 56-bit key.

Answer 72

Answer: B Control Objectives for Information and Related Technology (COBIT) is a documented set of best IT security practices crafted by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI).

Answer 73

Answer: C A PVC reestablishes a link using the same basic parameters or virtual pathway each time it connects. SVCs use unique settings each time. Bandwidth on demand links can be either PVCs or SVCs. CSU/DSU is not a packet-switching technology.

Answer 74

Answer: B A switch console port exists only on a switch; a cell phone cannot be used to access such ports.

Answer 75

Answer: A A drawback of classification schemes, especially as implemented via a mandatory access control concept, is that they require significant administration for a large organization.

Answer 76

Answer: B Denial of service attacks seek to shut down or stifle network response and congest traffic so that legitimate data cannot be handled in a timely fashion.

Answer 77

Answer: D A service-level agreement may require you to meet the business continuity objectives of your customers.

Answer 78

Answer: B The BSoD stops all processing when a critical failure occurs in Windows. This is an example of a fail-secure approach.

Answer 79

Answer: C The filename extension .txt is normally used to describe text files, which do not contain executable code.

Answer 80

Answer: D DIFFERENCE()is not a valid aggregate function. COUNT(), MIN(), and SUM()are aggregate functions specified in SQL.

Answer 81

Answer: A A smurf attack occurs when an amplifying server or network is used to flood a victim with useless data.

Answer 82

Answer: A The SYN packet is first sent from the initiating host to the destination host. The destination host then responds with a SYN/ACK packet. The initiating host sends an ACK packet, and the connection is then established.

Answer 83

Answer: D Deterrent access control is deployed to discourage violation of security policies.

Answer 84

Answer: D Tunneling is generally an inefficient means of communicating because all protocols include their own error detection, error handling, acknowledgment, and session management features, and using more than one protocol at a time just compounds the overhead required to communicate a single message.

Answer 85

Answer: C Vulnerability scanners are used to test a system for known security vulnerabilities and weaknesses. They are not active detection tools for intrusion, they offer no form of enticement, and they do not configure system security. In addition to testing a system for security weaknesses, they produce evaluation reports and make recommendations.

Answer 86

Answer: B VPN protocols—specifically PPTP, L2F, and L2TP—function at the Data Link layer (layer 2).

Answer 87

Answer: C Civil investigations typically follow the "preponderance of the evidence" standard.

Answer 88

Answer: B Dictionary word lists are precompiled lists of common passwords and their permutations and serve as the foundation for a dictionary attack on accounts.

Answer 89

Answer: B The recipient of a message encrypted using asymmetric cryptography decrypts it with their own private key.

Answer 90

Answer: C The .NET Framework includes the Common Language Interface to support multiple programming languages.

Answer 91

Answer: D Providing for nonrepudiation is not a reason for data classification.

Answer 92

Answer: B The Goguen-Meseguer model is based on predetermining the set or domain of objects that a subject can access. The set or domain is a list of those objects that a subject can access. This model is based on automation theory and domain separation. This means subjects are able to perform only predetermined actions against predetermined objects.

Answer 93

Answer: A When audit trails legally prove accountability, then you also reap the benefit of nonrepudiation.

Answer 94

Answer: B People are the weakest link in a security chain.

Answer 95

Answer: D SYN flood attacks are targeted at the standard three-way handshake process used by TCP/IP to initiate communication sessions.

Answer 96

Answer: B Processing screens the collected information to perform a "rough cut" of irrelevant information, reducing the amount of information requiring detailed screening.

Answer 97

Answer: D Overutilizing a hardware component presents the most serious threat to availability from this list of options. The other options are unlikely to threaten availability.

Answer 98

Answer: D Confidentiality is the principle that objects are not disclosed to unauthorized subjects.

Answer 99

Answer: D The spiral model of project management does not directly relate to configuration management. Configuration management is about managing change that could result in reduced security.

Answer 100

Answer: A Firewalls are unable to filter on encrypted traffic within a VPN, which is a drawback. VPNs can cross firewalls. Firewalls do not have to always block outbound VPN connections. Firewalls usually only minimally affect the throughput of a VPN and then only when filtering is possible.

Answer 101

Answer: D The Application layer is also known as layer 7. The Session layer is layer 5, the Network layer is layer 3, and the Physical layer is layer 1.

Answer 102

Answer: D Zero-knowledge proofs confirm that an individual possesses certain factual knowledge without revealing the knowledge.

Answer 103

Answer: B Using unauthorized software makes the IT environment more vulnerable to virus infections. Email is the most common means of virus distribution, but the virus code must still be executed to work.

Answer 104

Answer: C Role-based access control uses a well-defined collection of named job roles to endow each one with specific permissions, thereby seeking to ensure that users who occupy such roles can access what they need to get their jobs done.

Answer 105

Answer: B The sender of a message uses their own private key to create a digital signature.

Answer 106

Answer: C A data object is called a datagram or a packet in the Network layer. It is called a PDU in layers 5 through 7. It is called a segment in the Transport layer and a frame in the Data Link layer.

Answer 107

Answer: B Spoofing is the replacement of valid source and destination IP and port addresses with false ones. It is often used in DoS attacks but is not considered a DoS attack itself. Flooding, smurf, and ping of death are all DoS attacks.

Answer 108

Answer: B Data classifications provide strong protection against the loss of confidentiality and are the best choice of the available answers. Data labels and proper data handling are based on first identifying data classifications. Data degaussing methods apply only to magnetic media.

Answer 109

Answer: D Corrective access control is deployed to restore systems to normal after an unwanted or unauthorized activity has occurred.

Answer 110

Answer: A A behavior-based intrusion detection system (IDS) can be labeled an expert system or a pseudo-artificial intelligence system because it can learn and make assumptions about events. In other words, the IDS can act like a human expert by evaluating current events against known events.

Answer 111

Answer: B The number of keys required to fully implement asymmetric encryption is computed using the formula 2n. In this case 2 * 8 = 16.

Answer 112

Answer: B Packet switching has variable delays; circuit switching has fixed known delays.

Answer 113

Answer: C Compartmentalized environments require specific security clearances over compartments or domains instead of objects.

Answer 114

Answer: D Client source ports are dynamic ports (i.e., randomly selected port number between 1024–65,535) for most Application layer protocols, including secure web communications (i.e., HTTPS).

Answer 115

Answer: C CHAP is a security protocol that automatically performs reauthentication of the client system throughout the connected session in order to detect session hijacking.

Answer 116

Answer: C Something you have, something you are, and something you know are representative forms of authentication factors.

Answer 117

Answer: C Option C is not an example of protecting integrity; it is the principle of availability.

Answer 118

Answer: A A covert channel is any method that is used to secretly pass data and that is not normally used for communication. All the other options describe normal communication channels.

Answer 119

Answer: D A Security Information and Event Management (SIEM) system is the best tool to search through large log files looking for intrusion-related events. A text editor requires manually looking at logs. Vulnerability scanners and password crackers are not used to search through log files looking for intrusions.

Answer 120

Answer: C Risk is the likelihood that any specific threat will exploit a specific vulnerability to cause harm to an asset.

Answer 121

Answer: D WPA2 replaces TKIP (used by the original WPA) with AES cryptography.

Answer 122

Answer: A Steganographers use images and other large files to mask the presence of secret information.

Answer 123

Answer: C Asymmetric cryptography requires 2*n keys to allow all parties to communicate.

Answer 124

Answer: D Privileged accounts (such as administrator accounts) are granted the most access and should be a primary focus in an access review audit. Regular user and auditor accounts don't have as many rights and permissions as privileged accounts and are not as important to audit.

Answer 125

Answer: C Biometric authentication devices represent a Type 3 (something you have) authentication factor.

Answer 126

Answer: A A static packet-filtering firewall filters traffic by examining data from a message header.

Answer 127

Answer: B The five elements of AAA services in order are identification, authentication, authorization, auditing, and accounting. Availability is not part of AAA services, but it is part of the CIA triad.

Answer 128

Answer: A Polyinstantiation includes multiple records in a table with the same primary key. Each record is designed for users of a specific security clearance level.

Answer 129

Answer: C An ECC-RSA 160-bit key is the equivalent of an RSA 1,024-bit key.

Answer 130

Answer: D DNS uses a hierarchical model to organize data, with root name servers representing the top-level domains and authority distributed hierarchically to child servers.

Answer 131

Answer: C Strong passwords are the weakest form of authentication from the given answers. One-time passwords are stronger than static passwords. Biometric methods such as retina scans are stronger than passwords.

Answer 132

Answer: C Discretionary access control permits the owner or creator of an object to control and define its accessibility because the owner has full control by default.

Answer 133

Answer: D Cloud service providers offer Infrastructure-as-a-Service options that are ideal backup sites.

Answer 134

Answer: B The output of a hash function must be a fixed length.

Answer 135

Answer: B Honeynets are entire networks created to serve as a snare for intruders. They look and act like legitimate networks, but they are 100 percent fake. Honeynets tempt intruders with seemingly vulnerable systems with attractive artificial data.

Answer 136

Answer: B Awareness must be established before actual training can take place.

Answer 137

Answer: A The approach to security management must be a top-down approach to be effective. Upper or senior management is responsible for initiating and defining policies for the organization. Security policies provide direction for the lower levels of the organization's hierarchy. It is the responsibility of middle management to flesh out the security policy into standards, baselines, guidelines, and procedures. It is the responsibility of the operational managers or security professionals to implement the configurations prescribed in the security management documentation. It is the responsibility of the end users to comply with all security policies of the organization.

Answer 138

Answer: B The cardinality of a database table is the number of records (or rows) in that table.

Answer 139

Answer: A A directive control is a security tool used to guide the security implementation of an organization.

Answer 140

Answer: D IT staff may perform security assessments to evaluate the security of their systems and applications. Audits must be performed by internal or external auditors who are independent of the IT organization. Criminal investigations must be performed by certified law enforcement personnel.

Answer 141

Answer: B Frequency Hopping Spread Spectrum (FHSS) was an early implementation of the spread spectrum concept. However, instead of sending data in a parallel fashion, it transmits data in a series while constantly changing the frequency in use.

Answer 142

Answer: B One definition of privacy is freedom from being observed, monitored, or examined without consent or knowledge.

Answer 143

Answer: C TLS uses port 443 to generate secure client-server web connections.

Answer 144

Answer: B The primary purpose of change management is to allow management to review all changes. However, it is true that the overall goal of change management is to prevent unwanted reductions to security.

Answer 145

Answer: C Public relations staff are generally not included in business continuity planning efforts. They would have significant involvement in disaster recovery.

Answer 146

Answer: A Role-based access control restricts access to roles by grouping subjects (such as users). Groups are assigned privileges but privileges aren't grouped in roles. Programs aren't grouped in roles. Objects such as files are often grouped within folders, but objects are not assigned as roles.

Answer 147

Answer: A Web servers should expose ports 80 and/or 443 to the world to support HTTP and/or HTTPS connections. Port 22, used by SSH, and port 1433, used by SQL Server databases, should not normally be publicly exposed.

Answer 148

Answer: C VPNs do not provide or guarantee availability.

Answer 149

Answer: B Job descriptions are essential to user and personnel security. Only when it's based on a job description does a background check have true meaning. Without a job description, auditing and monitoring cannot determine when a user performs tasks outside of their assigned work. Without a job description, administrators do not know what level of access to assign via DAC.

Answer 150

Answer: C Integrity protection is not about stopping all change but preventing unwanted, unintended, and malicious change as well as ensuring the retention of correct information.

Answer 151

Answer: C The receiver's name is not a necessary component of a digital certificate.

Answer 152

Answer: C In a typical penetration testing scenario, the ultimate goal is to expose, inventory, and report any findings of vulnerability or weakness on the network.

Answer 153

Answer: C SELECT()is not an aggregate function but an SQL command. MAX()is an aggregate function that selects the maximum value from a set. SUM()is an aggregate function that adds values together. AVG()is an aggregate function that determines the mathematical average of a series of values.

Answer 154

Answer: C Spoofing grants the attacker the ability to hide their identity through misdirection. It is therefore involved in most attacks.

Answer 155

Answer: B Security mechanisms are needed within an operating system because software is not trusted.

Answer 156

Answer: C Macro viruses use scripting languages such as Visual Basic for Applications.

Answer 157

Answer: A Marking (or labeling) media is the best choice of the available answers to protect against mishandling media. When properly marked, personnel are more likely to handle media properly. Purging and sanitizing methods remove sensitive information but do not protect against mishandling. Data retention refers to how long an organization keeps the data, not how it handles the data.

Answer 158

Answer: B Integrity is one of the CIA Triad principles; the other two are confidentiality and availability.

Answer 159

Answer: B In a discussion of high-speed telco links or network carrier services, fault tolerance means to have redundant connections.

Answer 160

Answer: C Availability has the most avenues or vectors of attack and compromise. Availability can be affected by damaging the resource, compromising the resource host, interfering with communications, or attacking the client.

Answer 161

Answer: D The single quote character (') is an essential part of a SQL injection attack and should never be allowed in user input in a database-driven application.

Answer 162

Answer: C Strong password choices should be neither predictable nor deterministic, should be of sufficient length and strength, and should be periodically changed and enforced against best security practices by automated means.

Answer 163

Answer: C The tunneling process prevents security control devices from blocking or dropping the communication because such devices don't know what the contents of the packets actually are.

Answer 164

Answer: C IPSec is not designed to function naked over a dial-up segment. IPSec must be encapsulated to transmit across a dial-up link; often it is encased in L2TP for this.

Answer 165

Answer: A A parallel run is a type of new system deployment testing where the new system and the old system are run in parallel.

Answer 166

Answer: B Areas in a 500-year flood plain should expect flooding once every 500 years.

Answer 167

Answer: B Rijndael requires 11 rounds of encryption when used with 192-bit cryptographic keys.

Answer 168

Answer: A An IDS automates the inspection of audit logs and real-time system events to detect abnormal activity. IDSs are generally used to detect intrusion attempts, but they can also be employed to detect system failures or rate overall performance.

Answer 169

Answer: C Cold sites contain basic infrastructure but do not have any computing facilities active.

Answer 170

Answer: A An initialization vector (IV) is a random bit string (a nonce) that is the same length as the block size that is XORed with the message. IVs are used to create a unique cipher text every time the same message is encrypted with the same key.

Answer 171

Answer: B Nondedicated leased lines offer the least assurance of communication because they require a link to be established before communication can take place. If all circuits for that connection type are currently in use, a connection will not be established, thus no communications.

Answer 172

Answer: A A virtual private network (VPN) is simply a communication tunnel that provides point-to-point transmission of both authentication and data traffic over an intermediary network.

Answer 173

Answer: C Without senior management support, no security effort can succeed.

Answer 174

Answer: C A database column contains the data corresponding to a single attribute for all records in the table.

Answer 175

Answer: C Declassification is required once an asset no longer warrants or needs the protection of its currently assigned classification or sensitivity level.

Answer 176

Answer: B In many cases, a buffer overflow attack will involve specially crafted, typically oversized inputs in an attempt to overwrite critical application data and disrupt or redirect program execution flow.

Answer 177

Answer: A;B;C;D Malicious code may infect almost any platform, including Windows PCs and servers, MacBooks, and embedded devices.

Answer 178

Answer: A Rule-based access control defines specific functions for access to requested objects.

Answer 179

Answer: C A detective control is a security mechanism used to verify whether the directive and preventive controls have been successful.

Answer 180

Answer: A Hybrid environments combine both hierarchical and compartmentalized environments so that security levels have subcompartments.

Answer 181

Answer: B Data mining uses mathematical approaches to analyze data, searching for patterns that predict future activity.

Answer 182

Answer: B Access control provides security through confidentiality, integrity, and accountability.

Answer 183

Answer: D UDP is a simplex protocol at the Transport layer.

Answer 184

Answer: C As a general rule of thumb, security policies (as well as standards, guidelines, and procedures) should not address specific individuals. Instead of assigning tasks and responsibilities to a person, they should be defined for a role. Then these defined roles are assigned to individuals as a job description or an assigned work task. The assignment of a role to a person is not part of the security policy documentation. Rather, that activity is a function of administrative control or personnel management. Thus, a security policy does not define who is to do what but rather what must be done by the various roles within the security infrastructure.

Answer 185

Answer: C In Cipher Block Chaining (CBC) mode, each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.

Answer 186

Answer: B In a TOC/TOU attack, the attacker is racing with the legitimate process to replace the object before it is used.

Answer 187

Answer: D The risk analysis equations—specifically, the ALE and the cost/benefit equation—produce results that are primarily used to prioritize security efforts. The largest values should be addressed and resolved first. The values are not directly used to obtain insurance or assign responsibility, and they're not realistic enough to be used as actual cost/loss expectations.

Answer 188

Answer: B Intrusion prevention systems (IPSs) pick up where intrusion detection systems (IDSs) leave off by actively denying any illicit traffic patterns they detect.

Answer 189

Answer: C The largest acceptable size for an ICMP packet is 65,536 bits.

Answer 190

Answer: C Cat 5e offers 1000 Mbps (or 1 Gbps) throughput and is primarily used in Ethernet networks.

Answer 191

Answer: B The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) amended HIPAA to include new regulations related to data breach notification and the compliance requirements of covered entity business associates.

Answer 192

Answer: D A gateway connects networks that are using different network protocols.

Answer 193

Answer: D Secure Sockets Layer (SSL) is an encryption protocol developed by Netscape to protect the communications between a web server and a web browser.

Answer 194

Answer: A Authentication Header (AH) provides authentication, integrity, and nonrepudiation.

Answer 195

Answer: B During the deencapsulation procedure, the Data Link layer strips its information and sends the message up to the Network layer.

Answer 196

Answer: C If a security mechanism offers integrity, then it offers a high level of confidence that data, objects, and resources are unaltered from their original protected state.

Answer 197

Answer: C The AES/Rijndael algorithm is capable of operating with 128-, 192-, or 256-bit keys. The algorithm uses a block size equal to the length of the key.

Answer 198

Answer: D Authentication is the process of verifying or testing that a claimed identity is valid.

Answer 199

Answer: C In an XSS attack, the attacker includes the "SCRIPT" tag in reflected input to execute a script on the client system.

Answer 200

Answer: B C++ and other compiled languages are third generation programming languages.

Answer 201

Answer: A All user applications, regardless of the security permissions assigned to the user, execute in user mode. Supervisory mode, kernel mode, and privileged mode are all terms that describe the mode used by the processor to execute instructions that originate from the operating system.

Answer 202

Answer: C Network Address Translation (NAT) is a mechanism for converting the internal IP addresses found in packet headers into public IP addresses for transmission over the Internet.

Answer 203

Answer: A VLAN hopping is a switch security issue, not a VoIP security issue. Caller ID falsification, vishing, and SPIT (spam over Internet telephony) are VoIP security concerns.

Answer 204

Answer: C Tunnel mode VPNs are used to connect networks to networks or networks to hosts. Transport mode is used to connect hosts to hosts. Host , server , client , terminal , and domain controller are all synonyms.

Answer 205

Answer: D The annualized loss expectancy can be calculated using asset value * exposure factor * annualized rate of occurrence. It can also be calculated using single loss expectancy * annualized rate of occurrence.

Answer 206

Answer: B Although all electronic devices emit some unwanted emanations, CRT monitors are the devices most susceptible to this threat (at least from this list of options).

Answer 207

Answer: C The concept of "Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world" is related to availability, not integrity.

Answer 208

Answer: C The sender of a message uses the recipient's public key to encrypt it.

Answer 209

Answer: B Coordinated attacks between several cooperative machines using traffic in an illegitimate way are a distributed denial of service attack.

Answer 210

Answer: C A separate key is required for each pair of users who want to communicate privately. In a group of six users, this would require a total of 15 secret keys.

Answer 211

Answer: B In a smurf attack, the attacker sends a single forged packet bearing a source address corresponding to the victim machine.

Answer 212

Answer: D Typical biometric authentication systems represent mechanisms that can mostly perform real-time analysis of biometric authentication factors without involving personal health factors.

Answer 213

Answer: D Asynchronous transfer mode (ATM) is a cell-switching technology rather than a packet-switching technology.

Answer 214

Answer: A The private IP addresses defined in RFC 1918 are 10.0.0.0 to 10.255.255.255 (a full Class A range), 172.16.0.0 to 172.31.255.255 (16 Class B ranges), and 192.168.0.0 to 192.168.255.255 (255 Class C ranges).

Answer 215

Answer: B VBScript is the only example of an interpreted language listed. C++, Java, and Fortran are compiled languages.

Answer 216

Answer: D The primary means by which fax communications can be secured is to use encryption.

Answer 217

Answer: B In a hierarchical environment, the various classification labels are assigned in an ordered structure from low security to medium security to high security.

Answer 218

Answer: B The Federal Sentencing Guidelines released in 1991 formalized the prudent man rule, which requires senior executives to take personal responsibility for ensuring the due care that ordinary, prudent individuals would exercise in the same situation.

Answer 219

Answer: C Clustering (aka key clustering) is a weakness in cryptography where a plain-text message generates identical cipher-text messages using the same algorithm but different keys.

Answer 220

Answer: A Preventive access control is deployed to stop unwanted or unauthorized activity from occurring.

Answer 221

Answer: A Avoid combining policies, standards, baselines, guidelines, and procedures in a single document. Each of these structures must exist as a separate entity because each performs a different specialized function.

Answer 222

Answer: B You should never conduct a formal or informal penetration test against any company without the advanced knowledge and express consent of management.

Answer 223

Answer: D The offset value for the fourth fragment would be the sum of the lengths of the preceding three fragments. In this case, each of those fragments would be 1,500 bytes, leaving the fourth fragment with an offset value of 4,500 bytes.

Answer 224

Answer: C In a hijack attack, which is an offshoot of a man-in-the-middle attack, a malicious user is positioned between a client and server and then interrupts the session and takes it over.

Answer 225

Answer: A Attenuation is the loss of signal strength and integrity over distance on a cable.

Answer 226

Answer: C A process can function or operate as a subject or object. In fact, many elements within an IT environment, including users, can be subjects or objects in different access control situations.

P/E 1 Flashcards

(250 cards)