Raul is reviewing one of the new services that his company is looking to deploy next month. He is concerned that the fields on the website that interact with the database might be vulnerable to a Structured Query Language (SQL) injection attack. Which of the following would he use to determine if there is an SQL vulnerability? A. Network vulnerability scanner B. Network discovery scanner C. Port scanner D. Web vulnerability scanner

D. Web vulnerability scanner Explanation: Web vulnerability scanners are special-purpose tools that scour web applications for known vulnerabilities. Attackers often try to exploit the complexity of websites through attacks like Structured Query Language (SQL) injection in order to further their goals.

A legal document used to protect an organization's sensitive information and signed by its employees is MOST LIKELY called what? A. Terms and conditions B. Noncompete agreement C. Nondisclosure agreement D. Work commencement

C. Nondisclosure agreement Explanation: Organizations often require a nondisclosure agreement (NDA) to be signed by an employee prior to giving them access to sensitive information. The nondisclosure agreement reinforces trust between the organization and the employee. The nondisclosure agreement ensures that confidential materials and ideas used by the organization are not disclosed to third parties without consent.

Effective incident response management is handled in several steps or phases. Which of the following is performed just after the "detection" phase after an incident has occurred? A. Reporting B. Mitigation C. Recovery D. Response

D. Response Explanation: Effective incident response management is handled in several steps or phases. There are seven steps outlined in the CISSP CIB: Detection Response Mitigation Reporting Recovery Remediation Lessons learned

Barbed wire adds what to a perimeter defense? A. Detection B. Ownership C. Deterrence D. ccess control

C. Deterrence Explanation: The threat of harm from barbs on the wire is considered a deterrent to bypassing the perimeter. Fences should be at least eight feet tall with barbed wire at the top for adequate deterrence.

The IDEAL software development model has how many phases? A. 5 B. 8 C. 7 D. 9

A. 5 Explanation: The IDEAL software development model has 5 phases. The phases are as follows: Initiating Diagnosing Establishing Acting Learning

Brandon is a disgruntled employee who decides he will build a back door into an in-house developed piece of software. A few months later, Brandon’s employment is terminated, and he decides to attack the organization using the back door he built. Brandon’s former employer hires a forensic team to investigate the origin of the attack. They identify the in-house developed application, but there is no record of how the back door was introduced. Of the following, what technique or control would have MOST LIKELY allowed Brandon’s former employer to identify Brandon as the person who introduced the back door? A. Split knowledge controls B. Configuration change management C. External connection monitoring D. Versioning

D. Versioning Explanation: Code versioning forces developers to document each revision or change in a codebase. All changes are tracked and saved. Organizations should use code versioning to review changes made to code or roll changes back if needed. Common examples of code version control software are GIT and SVN.

Jennifer receives a document with the word “CONFIDENTIAL” stamped on it. Of the following, what BEST describes the process of stamping the document? A. Media Categorization B. Marking/Labeling C. Data Normalization D. Data Classification

B. Marking/Labeling Explanation: Marking and Labeling is when the classification level is physically added to the document or media. Marking helps ensure individuals protect information and media while in their position. Classification is incorrect because it is the process of defining the sensitivity of the media. Data Normalization and Media Categorization are not applicable in this scenario.

When discussing risk analysis, which of the following is the likelihood of an exploit? A. Threat B. Vulnerability C. Risk D. Safeguard

C. Risk Explanation: When quantifying risk, it can be defined as the possibility or likelihood that a vulnerability will be exploited. Risk is viewed as the possibility that something could happen to damage, destroy, or disclose data or other resources. Risk assessment and management are used to reduce risk. Before any security policies are made, risk must always be defined and assessed within the organization.

Which form of evidence is offered by witnesses who give oral testimony based on their observation of a crime? A. Conclusive evidence B. Corroborative evidence C. Direct evidence D. Circumstantial evidence

C. Direct evidence Explanation: Direct evidence may come from witnesses who give oral testimony based on their observations. Direct evidence cannot be hearsay, which is second-hand testimony. Conclusive evidence is incorrect because it is irrefutable and cannot be contradicted. Circumstantial evidence is incorrect because it can prove an intermediate fact used to assume another fact. Corroborative evidence is incorrect because it is used to prove an idea or point that cannot stand on its own.

The only cryptography known to be impossible to crack, when correctly implemented, is known as what? A. One-time pad B. Vigenère cipher C. Quantum encryption D. Elliptic curve

A. One-time pad Explanation: Gilbert Vernam invented the one-time pad (OTP) in 1917. One-time pad requires a completely random key that is the same length as the message. Each bit of the message and the key are exclusive-OR (XOR) together. The resulting ciphertext is considered unbreakable as long as the key remains secure. For a one-time pad to be implemented correctly, keys cannot be reused and must truly be random. One-Time pad requirements: Keys must be genuinely random values Keys can only be used one time Keys must be exchanged securely The sender and receiver must keep the keys secure The key must be the same length as the message. Quantum encryption is incorrect because it is different from traditional cryptographic systems in that it relies more on physics than classical mathematics and may be cracked. Elliptic curve is incorrect because it is a form of cryptography based on the algebraic structure of elliptic curves and can be broken. Vigenère cipher was developed in France in 1553 and uses Caesar ciphers with different shift values. A keyword is used to create the shift values.

Pocket Prep Flashcards by keegz Whodis?

Which of the following BEST describes CCTV?

A. A terminal server used access by a thin client
B. A real time protocol encryption algorithm
C. The command and control traffic of a transient virus
D. Internal security camera system

D. Internal security camera system

Explanation:
Internal security camera system

CCTV stands for closed-circuit television. It’s more commonly referred to as security cameras and is used for physical security. CCTV is used in data centers for security monitoring or in the workplace to protect against theft and vandalism.

How well did you know this?

Not at all

Perfectly

An attacker attempts to break into a building by cutting the padlock off the roof’s access hatch but is unable to access anything because the door leading to the hatch is locked from the inside. This event is BEST described as what?

A. A violation of policy
B. Security failure
C. Data breach
D. Security incident

D. Security incident

Explanation:
A security incident is any event that negatively impacts an organization’s security posture or may lead to the eventual disclosure of sensitive information. This term is sometimes used synonymously with data breach; however, a data breach is an event that results in the disclosure of sensitive information. All data breaches are security incidents, but not all security incidents are data breaches.

How well did you know this?

Not at all

Perfectly

Of the following, what is the MOST essential to ensure referential integrity?
A. Candidate key is equal to a valid primary key of a parent table
B. Foreign key is equal to a valid primary key of the same table
C. Foreign key is equal to a valid primary key of a parent table
D. Candidate key is equal to a valid primary key of the same table

C. Foreign key is equal to a valid primary key of a parent table

Explanation:
Referential integrity requires that the foreign key be equal to a valid primary key of a different table. A foreign key is a value that references the primary key of a tuple in a different table. The primary key is a unique value for each tuple in a table. There can be no tuples with duplicate primary keys.

How well did you know this?

Not at all

Perfectly

An organization must consider all possible weaknesses and potential attack points when designing an information security program. Of the following, what BEST describes the process of identifying, understanding, and categorizing potential threats?

A. Asset valuation
B. Threat modeling
C. Business impact analysis
D. Vulnerability analysis

B. Threat modeling

Explanation:
In order to ensure the highest level of security, organizations must identify possible threats to the organization’s systems. This is done through threat modeling. Threat modeling refers to the process of identifying, understanding, and categorizing potential threats. The goal of threat modeling is to identify a potential list of threats and analyze those threats.

How well did you know this?

Not at all

Perfectly

When an organization chooses to spend resources to reduce risk to an acceptable level, what response has the organization chosen?

A. Risk mitigation
B. Risk avoidance
C. Risk acceptance
D. Risk deterrence

A. Risk mitigation

Explanation:
Risk mitigation is when the risk is reduced to an acceptable level aligned with the organization’s risk appetite. It is never possible to eliminate all risk. When risk mitigation is more expensive than if the risk is realized, an organization should either document and accept the risk or rethink their mitigation strategy.

How well did you know this?

Not at all

Perfectly

When mapping the Open Systems Interconnection (OSI) model layers to the Transmission Control Protocol/Internet Protocol (TCP/IP) model, what is the Network layer’s equivalent in the TCP/IP model?

A. The Internet layer
B. The Link layer
C. The Transport layer
D. The Application layer

A. The Internet layer

Explanation:
The Network layer in the Open Systems Interconnection (OSI) model is called the Internet layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) model.

The Internet layer is the second layer of the TCP/IP model and is represented in descending sequence as the second layer from the bottom. Internet Protocol (IP) contains addressing information that enables packets to be routed. Internet protocol (IP) is part of the TCP/IP model. The TCP/IP model and the OSI model differ because the TCP/IP model consists of only four layers rather than seven. The four TCP/IP model layers are Network Access or Link, Internet, Transport, and Application.

How well did you know this?

Not at all

Perfectly

Of the following, which BEST describes The Open Group Architecture Framework (TOGAF)?

A. An open standard used to maintain compatibility between different software types
B. A series of controls that an organization must meet to maintain compliance with various regulations
C. An enterprise architecture development methodology
D. A framework used to develop a security program within an organization

C. An enterprise architecture development methodology

Explanation:
The Open Group Architecture Framework (TOGAF) is a standard that helps organizations design, plan, implement, and govern information technology architecture. TOGAF uses the Architecture Development Method (ADM) to create architectures for business, data, applications, and technology.

How well did you know this?

Not at all

Perfectly

Access control addresses the relationship between subjects and objects. Of the following, which is TRUE about a subject?

A. It is an active entity that interacts with passive objects
B. It is always an individual user account
C. It is a passive entity that provides information to the active entity
D. It can modify objects without authorization

A. It is an active entity that interacts with passive objects

Explanation:
By most definitions, a subject is an active entity on a system. This is anything that is actively interacting with the system, including users, processes, or automated programs. Access control regulates access between subjects and objects. An objects is a passive entity that provides information.

How well did you know this?

Not at all

Perfectly

What encryption type supports the ability to perform computations on its encrypted data fields that yield accurate computational results when the resulting output is decrypted?

A. Homomorphic
B. MD5
C. Metamorphic
D. Polymorphic

A. Homomorphic

Explanation:
Homomorphic encryption is a unique type of encryption which supports the ability to perform computations on its encrypted data fields. When the resulting output is decrypted, it will yield accurate computational results that are identical to what would’ve been obtained if the same computations had been performed on the unencrypted data.

Polymorphic and metamorphic refer to self-modifying virus types, while MD5 refers to a deprecated but common hash function.

How well did you know this?

Not at all

Perfectly

A cipher lock uses which of the following?

A.Keypad
B. Key token
C. Physical key
D. Encrypted keys

A.Keypad

Explanation:
A cipher lock is characterized by a keypad, requiring a specific numerical sequence on the keypad to unlock an entrance. Keypads are used in data centers or even within restricted areas to add an extra level of security.

How well did you know this?

Not at all

Perfectly

Using the Open Systems Interconnection (OSI) model, which layer is the Data Link layer?

A. 1
B. 2
C. 3
D. 4

B. 2

Explanation:
The Data Link layer is the second layer and is represented in descending sequence as the second-lowest layer. Data is passed from the highest layer (application; layer 7) downward through each layer to the lowest layer. The seven layers include the following:

Application (Layer 7)
Presentation (Layer 6)
Session (Layer 5)
Transport (Layer 4)
Network (Layer 3)
Data Link (Layer 2)
Physical (Layer 1)

How well did you know this?

Not at all

Perfectly

Which of the following file content types could be compromised by a rainbow table?

A. Memory dumps
B. Account permissions
C. System logs
D. Hashed passwords

D. Hashed passwords

Explanation:
A rainbow table contains precomputed hash values that correlate to possible password combinations, enabling an attacker in possession of a hashed password file to crack plaintext passwords. Rainbow tables can be defeated through the use of cryptographic salts, which add a random value to the end of each password before it is hashed.

Account permissions, system logs, and memory dumps would not be compromised by a rainbow table.

How well did you know this?

Not at all

Perfectly

Reviewing recorded events from a CCTV is an example of what kind of security control?

A. Deterrent
B. Detective
C. Corrective
D. Recovery

B. Detective

Explanation:
Detective controls identify security violations after they have occurred, or they provide information about the violation as part of an investigation. An intrusion detection system is a technical detective control, and a motion detector is a physical detective control. Note that both an intrusion detection system and a motion detector include the word “detect,” which is a good clue. Reviewing logs or an audit trail after an incident is an administrative detective control. Use of the CCTV itself is a preventative measure, but reviewing the footage captured on CCTV is primarily for detection purposes, and it is categorized as a “detective device” in the physical security classification. CCTV cameras are standard security measures to deter theft and capture any threats in action.

Deterrent controls attempt to discourage someone from taking a specific action. A high fence with lights at night is a physical deterrent control. A strict security policy stating severe consequences for employees if it is violated is an example of an administrative deterrent control. A proxy server that redirects a user to a warning page when a user attempts to access a restricted site is an example of a technical deterrent control.

Corrective controls attempt to modify the environment after an incident to return it to normal. Antivirus software that quarantines a virus is an example of a technical corrective control. A fire extinguisher is an example of a physical corrective control.

Recovery controls provide methods to recover from an incident.

How well did you know this?

Not at all

Perfectly

An encrypted message is BEST called what?

A. Encryption output
B. Ciphertext
C. Plaintext
D. Cryptograph

B. Ciphertext

Explanation:
When a message is encrypted, it’s considered ciphertext. Ciphertext is the result of running encryption algorithms on a plaintext message, making it unreadable. Ciphertext must remain unreadable unless it is decrypted using the decryption key.

How well did you know this?

Not at all

Perfectly

Using the Open Systems Interconnection (OSI) model, which layer contains the Network?

A. 1
B. 3
C. 2
D. 4

B. 3

Explanation:
The Network is in the third layer of the Open Systems Interconnection (OSI) model. The Network layer contains protocols like Internet Protocol (IP) and Internetwork Packet Exchange (IPX)

The seven layers in descending sequence are:

7) Application
6) Presentation
5) Session
4) Transport
3) Network
2) Data Link
1) Physical

How well did you know this?

Not at all

Perfectly

What physical lock uses a keypad?

A. Disk detainer lock
B. Cipher lock
C. Tumbler lock
D. Warded lock

B. Cipher lock

How well did you know this?

Not at all

Perfectly

Which of the following is the MOST thorough and secure method of removing data from a hard drive with a spinning platter?

A. Irradiation
B. Erasing
C. Remanence
D. Destruction

D. Destruction

Explanation:
Destruction is the most thorough way to ensure data cannot be recovered, since it leaves the media and data unreadable and unrecoverable.

Erasing is one of the weakest ways to sanitize data, since it only breaks the link to the data, leaving the data easily recoverable. Remanence is not a sanitization method but is the data that is left over after sanitization. Irradiation may damage media, but will not destroy it.

How well did you know this?

Not at all

Perfectly

The U.S. Department of Defense organizes its security classifications into which of the following?

A. Public, Confidential, Secret, Top Secret, and Sealed
B. Open, Closed, and Sealed
C. Open, Sensitive but Unclassified, Secret, and Top Secret
D. Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret

D. Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret

Explanation:
The U.S. Department of Defense organizes its security into five principal classes, including Unclassified, Sensitive but Unclassified, Confidential, Secret, and Top Secret. Individuals are then awarded classification levels based on this system to grant and restrict access. Access is given on a need-to-know basis.

How well did you know this?

Not at all

Perfectly

Nora is a penetration tester who has been hired to assess an organization’s campus. She finds CAD drawings classified as Sensitive. She discovers that two of the drawings are for the same part and, when combined, should be classified as Confidential.

This process is MOST LIKELY known as what?

A. Aggregation
B. Deducing
C. Mining
D. Collection

A. Aggregation

Explanation:
When discussing classification labels, data aggregation means that data classified at a higher level can be inferred by combining data at a lower classification level.

How well did you know this?

Not at all

Perfectly

Of the following alarms, which would be considered the MOST critical for a CISSP to ensure function properly?

A. Heartbeat alarms
B. Intrusion alarms
C. Fire alarms
D. Component failure alarms

C. Fire alarms

Explanation:
Fire alarms provide an audible sound if a fire is detected. Human safety is always considered the highest priority.

Intrusion alarms are incorrect because they do not ensure human safety as much as fire alarms do. Heartbeat alarms is incorrect because they monitor servers or security systems and do not impact human safety. Component failure alarms is incorrect because they monitor a server’s components like a power supply. They do not impact human safety.

How well did you know this?

Not at all

Perfectly

Kerberos is an authentication protocol that employs the use of what?

A. Asymmetric encryption
B. Tickets
C. Tokens
D. Biometrics

B. Tickets

Explanation:
Kerberos uses a series of tickets to authenticate users/clients and provide access to network resources. Using Kerberos, clients obtain tickets from the key distribution center (KDC) and present these tickets to network resources when access requests are made. Kerberos uses symmetric encryption like the Advanced Encryption Standard (AES) to secure and verify the ticket’s authenticity.

How well did you know this?

Not at all

Perfectly

Martina is testing a new application that her company is developing. She is trying a testing technique that posts thousands of different inputs into the software to determine its limits and potential flaws. What form of testing is this?

A. Fuzz testing
B. Interface testing
C. Misuse case testing
D. Static testing

A. Fuzz testing

Explanation:
Fuzz testing is a technique used to find flaws or vulnerabilities by sending randomly generated or specially crafted inputs into the software. There are two types of fuzzers: mutation (dumb) fuzzers, and generational (Intelligent) fuzzers. Mutation fuzzers mutate input to create fuzzed input. Generational fuzzers create fuzzed input based on what type of program is being fuzzed.

How well did you know this?

Not at all

Perfectly

When using a Redundant Array of Independent Disks (RAID), which RAID level will always reduce your raw capacity by 50%?

A. 1
B. 0
C. 5
D. 6

A. 1

Explanation:
RAID-1 is also known as mirroring. Data is written to two drives at once. If one drive fails, the other drive still has all the data. RAID-1 requires that you lose 50% of your total raw storage.

RAID levels:

RAID-0 - Data is striped between a set of drives without parity. This increases your risk of data loss. If one drive fails, the entire RAID will fail; however, it increases your usable storage and writes speed.
RAID-1 - Data is mirrored between two identical drives. This provides redundancy. However, your usable storage is reduced by 50% of your total storage.
RAID-5 - Data is striped between a set of drives, but parity is also written to each drive. This allows for a single drive to fail without causing the RAID to fail. This provides redundancy, but your usable storage is reduced by one drive worth of storage.
RAID-6 - Similar to RAID-5, however, two sets of parity are written to each drive. This allows for two drives to fail without causing the RAID to fail. This provides redundancy, but your usable storage is reduced by two drives worth of storage.

How well did you know this?

Not at all

Perfectly

When a risk is considered more costly to address than to allow it to be realized, what type of response should be chosen?

A. Risk deterrence
B. Risk transfer
C. Risk avoidance
D. Risk acceptance

D. Risk acceptance

Explanation:
When risk mitigation is more expensive than if the risk is realized, an organization should document and accept the risk or rethink their mitigation strategy. Risk acceptance does not mean choosing to ignore the risk but, rather, concluding that doing something about the risk is more costly than the risk itself.

How well did you know this?

Not at all

Perfectly

Which phase of patch management will MOST LIKELY use the change management process? A. Patch deployment B. Patch approval C. Patch evaluation D. Patch testing

B. Patch approval Explanation: Patch approval uses the change management process once patches are tested and approved for deployment. The approval process ensures that all affected organizations are aware of the changes and possible performance issues due to changes.

Which type of network discovery scan opens a full connection with a remote system on a specific port? A. Xmas scan B. TCP SYN scan C. TCP connect scan D. TCP ACK scan

C. TCP connect scan Explanation: Transmission control protocol (TCP) connect scanning opens a full connection, meaning that the scanner replies with an ACK to complete the TCP three-way handshake. This type of scan is usually selected when the user does not have privileges to run half-open scans. TCP SYN scan is incorrect because it is a half-open scan and only sends a packet with the SYN flag set. TCP ACK scan is incorrect because it is also a half-open scan and only sends a packet with the ACK flag set. Xmas scan is incorrect because it does not open a full connection and, instead, sends a packet with the FIN, PSH, and URG flags set.

Which of the following is NOT a valid database key? A. Candidate key B. Foreign key C. Record key D. Primary key

C. Record key Explanation: The following are keys that you will find in a database: Candidate key - This key can be used to identify any record. Primary key - This key is a unique value for each tuple in a table. Foreign key - This key is a value that references the primary key of a tuple in a different table. Record key is a fabricated term.

Which of the following components of a computer is MOST LIKELY to make calculations using logic gates? A. Registers B. Arithmetic logic unit (ALU) C. Random Access Memory (RAM) D. Central processing unit (CPU)

B. Arithmetic logic unit (ALU) Explanation: The arithmetic logic unit (ALU) is a series of physical circuits that perform bitwise operations on binary numbers. The circuits are built using logic gates made from transistors. Central processing unit (CPU) is incorrect because it is made up of the ALU and registers. Registers is incorrect because they are temporary storage for instruction sets to be processed by the ALU. Random Access Memory (RAM) is incorrect because it stores application instructions and outputs from the CPU/ALU.

According to the Transmission Control Protocol/Internet Protocol (TCP/IP) model, which layer is the Internet layer? A. 2 B. 3 C. 1 D. 4

A. 2 Explanation: The Internet layer is the second layer of the TCP/IP model and is represented in descending sequence as the second layer from the bottom. Internet Protocol (IP) contains addressing information that enables packets to be routed and is part of the TCP/IP model. The TCP/IP model and the OSI model differ because the TCP/IP model consists of only four layers rather than seven. The four TCP/IP model layers are Network Access or Link, Internet, Transport, and Application.

Tina is an accountant for a financial institution and has been committing fraud for years by secretly skimming money from unused budgets. Of the following, what detective control could Tina's organization have implemented to discover her fraud? A. Split knowledge B. Mandatory vacations C. M of N control D. Separation of duties

B. Mandatory vacations Explanation: Mandatory vacations are used to detect fraud within an organization. Employees who commit fraud often do not take vacations to minimize other employees' chances of discovering their fraud. Mandatory vacation length is recommended for a minimum of two weeks to be considered effective. Separation of duties, split knowledge, and M of N control are incorrect because they are preventative controls.

Without using a hypervisor, a word processor wanting to save a file would need to access which CPU ring? A. Ring 0 B. Ring 3 C. Ring 1 D. Ring 2

B. Ring 3 Explanation: User applications, including word processors, reside in Ring 3, the least secure and trusted of the rings. Applications (3) Hardware Drivers (2) Operating System (1) Kernel (0) As protection layer numbers decrease, a higher level of security is required.

A brute-force attack has a virtually 100% success rate; it just depends on the time it takes to guess a password. Of the following, which BEST helps to prevent brute-force attacks? A. Lockout policy on user accounts B. Storing passwords using a SHA-3 hash C. Salting passwords D. Password encryption

A. Lockout policy on user accounts Explanation: Account lockout controls help prevent brute-force attacks. They lock the account for a period of time after incorrect passwords are entered too many times. Account lockouts typically use clipping levels that ignore some user errors but take action after a threshold is reached.

Of the following, which entity is statistically MOST LIKELY to be a cybersecurity threat? A. An outside hacker B. A government C. A rival organization D. A disgruntled employee

D. A disgruntled employee Explanation: Most industries agree that one of the most significant threats a company faces is from its own employees. For this reason, companies should employ principles like segregation of duties, split knowledge, and least privileged.

Of the following, what protocol is used with IPsec? A. EAP B. CHAP C. IKE D. TLS

C. IKE Explanation: Internet key exchange (IKE) is used to negotiate parameters and ultimately establish security associations (SAs) for IPsec. IKE operates in two phases. Phase 1: Negotiates a single bi-directional SA by exchanging a generated secret key using the Diffie-Hellman key exchange. Phase 2: Negotiates unidirectional SAs using the SA established during phase 1.

Which of the following is NOT protected by a trademark? A. Recipe B. Phrase C. Slogans D. Logos

A. Recipe Explanation: Trademarks protect brand identity, including slogans, logos, phrases, or combinations that represent the company or brand identity. A recipe cannot be trademarked and would be protected under trade secret law.

This type of control is used to verify a communication pathway is active by periodically or continuously checking it with a signal and can be used to prevent intruders from circumventing an alarm system, or it can trigger a high availability (HA) event: A. A heartbeat sensor B. A keep-alive sensor C. A tamper sensor D. A syslog aggregator

A. A heartbeat sensor Explanation: The heartbeat sensor is used as a communication pathway that tests a target's signal periodically. It provides monitoring for connections to servers or security systems. For instance, if the door lock cable is cut, the test signal will fail, and personnel is alerted to the issue. Heartbeat sensors are also used to trigger high availability (HA) events on servers or network equipment. For example, if a server detects that its neighbor is no longer active, it will take over and provide failover.

Access control addresses the relationship between subjects and objects. Of the following, which is TRUE about objects? A. They are active entities that provide information to a passive entity B. They are passive entities that provide information C. When authorized, they can modify entities D. They are active entities that access a passive entity

B. They are passive entities that provide information Explanation: An object is a passive entity that provides information to active subjects. Some examples of objects include files, databases, computers, programs, processes, printers, and storage media.

Which of the following is LEAST LIKELY to be the audience of a security audit report? A. Third parties B. Board of directors C. Government regulators D. Functional management

D. Functional management Explanation: Unlike security assessments, security audits are generally performed by an external group to prevent conflicts of interest. The audience of a security audit report would be people outside of the company's day-to-day operations, such as the board of directors, government regulators, or third parties.

When discussing multi-factor authentication (MFA), what method uses something you know and something you have? A. One-time pad B. Retina Scans C. Public key infrastructure (PKI) D. Smart cards

D. Smart cards Explanation: Smart cards are credit card-sized devices that contain a microprocessor. The smart card typically contains an encrypted private key issued through a public key infrastructure (PKI) system that the authenticating environment trusts. When the smart card is inserted into a reader, the user must enter a PIN before the smart card releases the private key. Smart cards used by the U.S. government are known as common access cards (CACs). The "something you know" is the PIN. The "something you have" is the smart card. Retina scans is incorrect because it’s something you are. One-time pad is incorrect because it is not a form of multi-factor authentication (MFA); it is an encryption technique. Public key infrastructure (PKI) is incorrect because it is not a standalone MFA method.

According to the Open Systems Interconnection (OSI) model, which layer is the Application layer? A. 6 B. 5 C. 7 D. 8

C. 7 Explanation: The Application layer is the seventh layer of the Open Systems Interconnection (OSI) model and is represented in descending sequence as the topmost layer. The Application layer is the graphical presentation and interface between the device and the user. Examples of Application layer protocols include HTTP, FTP, SMTP, and SNMP.

Certain characters within website form inputs (e.g., ') are being converted into their HTML character entity reference equivalents (e.g., &apos), prior to processing. What web application security technique is being applied? A. Output encoding B. Input validation C. Cross-site scripting D. Request forgery

A. Output encoding Explanation: The conversion of certain characters within website form inputs (e.g., ') into their HTML character entity reference equivalents (e.g., &apos) prior to processing is an example of output encoding. Output encoding is an application security technique used to ensure that certain characters within form inputs are processed as data and not potentially misinterpreted as programming syntax (which could be used to inject malicious code, if processed). Input validation is an application security technique used to ensure that actual input is aligned to the input expected for a particular field, before it is processed. Such validation does not just consider field type (e.g., that a date field follows the structure and format of a date mm-dd-yyyy) but also field data (e.g., the lack of strings such as "1=1" and "

Pocket Prep Flashcards

(143 cards)